Difference between revisions of "Configuration Tool"
[checked revision] | [checked revision] |
m |
Lgodesberg (talk | contribs) |
||
(5 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
__NOTOC__ | __NOTOC__ | ||
− | [[File: | + | [[File:MailStore_Gateway_Configuration_LE_EN.png|right|300px]] |
With the MailStore Gateway Configuration tool administrators can configure basic settings of the MailStore Gateway service. | With the MailStore Gateway Configuration tool administrators can configure basic settings of the MailStore Gateway service. | ||
Line 24: | Line 24: | ||
* '''Create Self-Signed Certificate'''<br/>A new self-signed certificate can be created and is automatically selected afterwards. Please note that self-signed certificates are neither trusted by other clients, which may lead to warnings on client computers, nor other servers. Therefore, self-signed certificates are suitable for testing purposes only and should be replaced once a system is used in a productions environment. | * '''Create Self-Signed Certificate'''<br/>A new self-signed certificate can be created and is automatically selected afterwards. Please note that self-signed certificates are neither trusted by other clients, which may lead to warnings on client computers, nor other servers. Therefore, self-signed certificates are suitable for testing purposes only and should be replaced once a system is used in a productions environment. | ||
* '''Import from File'''<br/>With this option certificates can be imported from ''Private Information Exchange (*.p12;*.pfx)'' files. The configuration tool will automatically import the certificates into the correct Windows certificate store. Since Private Information Exchange files are password protected, a password must be entered to start the import process. | * '''Import from File'''<br/>With this option certificates can be imported from ''Private Information Exchange (*.p12;*.pfx)'' files. The configuration tool will automatically import the certificates into the correct Windows certificate store. Since Private Information Exchange files are password protected, a password must be entered to start the import process. | ||
+ | * '''Obtain from Let's Encrypt'''<br/>Let's Encrypt is a free, automated, and open certificate authority, trusted by all major web browsers and operating systems. Please refer to [[Using Let's Encrypt Certificates]] for more details. | ||
+ | |||
+ | == Management Console Port == | ||
+ | Defines the TCP ports on which MailStore Gateway's Management Console is available. If no other web server is running on the same server, it can safely be changed to the standard HTTPS port 443. | ||
+ | |||
+ | == Let's Encrypt Port == | ||
+ | This port is used temporarily when requesting or renewing certificates from Let's Encrypt. | ||
== Log Level == | == Log Level == | ||
The ''Log Level'' defines how much information MailStore Gateway logs into its log files. The default settings is ''Information'' which should not be changed unless troubleshooting is required. | The ''Log Level'' defines how much information MailStore Gateway logs into its log files. The default settings is ''Information'' which should not be changed unless troubleshooting is required. | ||
+ | |||
+ | == RFC 3030 support == | ||
+ | Enables RFC 3030 support for inbound SMTP connections on port 25. This causes MailStore Gateway to advertise the SMTP extensions ''BINARYMIME'' and ''CHUNKING'' in its supported extensions and allows the use of the SMTP verb ''BDAT'' to accept emails with binary content (bare-line feeds) without additional content transfer encoding. This improves compatibility with inbound email servers, such as those of Microsoft 365. | ||
+ | |||
+ | ; <p class="msnote" style="color:red">'''Important notice:''' MailStore Server 24.4 or MailStore SPE 24.4 or newer are required to correctly archive emails submitted via the BDAT verb. Therefore, make sure to have updated MailStore Server or MailStore SPE ''before'' activating this option.</p> | ||
+ | |||
+ | ; <p class="msnote">'''Important notice:''' This extension is not supported in proxy mode. Since proxy mode is only activated by authentication after the SMTP EHLO command, incompatibility with clients that also support ''CHUNKING'' may occur.</br>In this case, use SMTP port 465 or 587 of the same gateway or use another gateway where this option remains disabled.</p> | ||
== Apply Configuration Changes == | == Apply Configuration Changes == |
Latest revision as of 08:51, 9 October 2024
With the MailStore Gateway Configuration tool administrators can configure basic settings of the MailStore Gateway service.
The tool is started automatically during the initial installation process; it can be started manually through the corresponding desktop icon or start menu link.
E-Mail Domain
This value specifies the domain part of each MailStore Gateway mailbox email address (i.e. <mailbox-id>@<e-mail domain> ).
If MailStore Gateway should receive emails from other email servers (e.g. Microsoft Office 365, Google G Suite, etc.), the configured e-mail domain must be resolvable through DNS.
Example: If the primary domain is example.com and MailStore Gateway should receive emails, a DNS record like msgw.example.com needs to be created in the DNS zone example.com. The record must point to a public IP address on which MailStore Gateway is reachable. In MailStore Gateway the value of E-Mail Domain would be set to msgw.example.com. If MailStore Gateway is located behind a NAT router or firewall, additional configuration may be needed. Refer to Firewall Configuration for further details.
Certificate
MailStore Gateway uses TLS certificates to establish encrypted communication channels with clients and other servers.
Administrators can choose from the following options which certificate MailStore Gateway should use:
- Select from Certificate Store
A certificate can be selected from the Windows certificate store. Please note that the Personal certificate store of the computer account is used, not the store of the current Windows user. - Create Self-Signed Certificate
A new self-signed certificate can be created and is automatically selected afterwards. Please note that self-signed certificates are neither trusted by other clients, which may lead to warnings on client computers, nor other servers. Therefore, self-signed certificates are suitable for testing purposes only and should be replaced once a system is used in a productions environment. - Import from File
With this option certificates can be imported from Private Information Exchange (*.p12;*.pfx) files. The configuration tool will automatically import the certificates into the correct Windows certificate store. Since Private Information Exchange files are password protected, a password must be entered to start the import process. - Obtain from Let's Encrypt
Let's Encrypt is a free, automated, and open certificate authority, trusted by all major web browsers and operating systems. Please refer to Using Let's Encrypt Certificates for more details.
Management Console Port
Defines the TCP ports on which MailStore Gateway's Management Console is available. If no other web server is running on the same server, it can safely be changed to the standard HTTPS port 443.
Let's Encrypt Port
This port is used temporarily when requesting or renewing certificates from Let's Encrypt.
Log Level
The Log Level defines how much information MailStore Gateway logs into its log files. The default settings is Information which should not be changed unless troubleshooting is required.
RFC 3030 support
Enables RFC 3030 support for inbound SMTP connections on port 25. This causes MailStore Gateway to advertise the SMTP extensions BINARYMIME and CHUNKING in its supported extensions and allows the use of the SMTP verb BDAT to accept emails with binary content (bare-line feeds) without additional content transfer encoding. This improves compatibility with inbound email servers, such as those of Microsoft 365.
Important notice: MailStore Server 24.4 or MailStore SPE 24.4 or newer are required to correctly archive emails submitted via the BDAT verb. Therefore, make sure to have updated MailStore Server or MailStore SPE before activating this option.
Important notice: This extension is not supported in proxy mode. Since proxy mode is only activated by authentication after the SMTP EHLO command, incompatibility with clients that also support CHUNKING may occur.
In this case, use SMTP port 465 or 587 of the same gateway or use another gateway where this option remains disabled.
Apply Configuration Changes
After the configuration of MailStore Gateway has been changed, the changes must be written to the configuration file by clicking on Apply. Otherwise the changed settings will not be used when starting the MailStore Gateway service.
Starting the MailStore Gateway Service
By clicking the Start Service button, the MailStore Gateway service will be started. Changes to the configuration must be applied first, otherwise a warning is issued. This button is only available if the service is currently stopped.
Stopping the MailStore Gateway Service
By clicking the Stop Service button, the MailStore Gateway service will be stopped. Changes to the configuration can only be made while the service is stopped. This button is only available if the service is currently running.