New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Roll your own while you wait
https://github.com/OfflineIMAP/offlineimap3 and rclone/borg
or
https://imapsync.lamiral.info/
That misses out on all the extra goodies though.
The idea is to give a full copy of the users domain folder from Smartermail so they could dump it on their own smartermail install and be back alive.
Making download archives isn't an option (imagine downloading a 1TB archive made up of 2GB chunks??). Instead we're planning to just do 'push' backups.
Users will provide us an S3 bucket or Gdrive setup and we'll push backups. We either overwrite the active folder, or do dated folders.
Push twice a month?
Francisco
That sounds great. Can Smartermail generate some kind of .xml or .json with the domain's config (user aliases, forwards, domain alias setup, etc) that can also be included with the domain folder dump?
SM already does that. The domain folder has everything in its own databases, so you can just drop it in, 'attach' the domain to your install in a single click, and it's good to go.
Francisco
Cranemail lifetime plan is very cost-effective and I am very satisfied with the service after one month. Thank you @NameCrane for providing such a convenient and practical service.
Having @Francisco's support gave me peace of mind.
I'm looking forward to WebDAV and rClone coming soon. Or something like nextcloud for storage.
Can tls be offered on us1.workspace.org:25? This would be nice for split domain. I see that spamexperts already offers it.
I'll do some tests, but i'm thinking we could probably add STARTTLS to port 25
Francisco
Thanks for the vote of confidence!
As am I
I think that'll be the game changer for the product.
WEBDAV is supported by rclone as well, but the hope is we get direct rclone support sooner than SM's WEBDAV support.
Francisco
Top tip for those using SpamExperts - you can set up individual reports that go to each user with release/remove/actionable links for quarantined messages at https://mx1.mxfilter.net/reportperrecipientenable.php.
These "protection reports" differ from the "Email scout reports" as the latter are a list of quarantined messages, which you still need to log into the SpamExperts domain management page to release/remove from quarantine.
Been pulling my hair out as this was set up on one of my domains but not others and the SpamExperts toolbar "protection reports" links on the left hand navbar on the SpamExperts admin page doesn't expose the protection report link. The "send now" and "domain" links don't work but but the mailbox one does after initially setting up using my link above.
Support tried their best to help but I stumbled onto the solution myself so thought I'd share!
@NameCrane
I believe you need to double-check the fraud detection system using ip2proxy.com, as it is marking my residential connection as a proxy. However, when I tried an actual SOCK5 proxy through my VPS, it does not show it as a proxy. This is regarding order 1160833474.
Thanks for the tip. What are the pros and cons of using SpamExperts? Can it introduce new privacy or security vulnerabilities for a domain name, even as it protects against others?
Nope, if anything it kinda masks your privacy since it doesn’t show the backend MX/node.
Francisco
When doing a "release and train", it means "train as not spam". Correct?
It looks like you have to specify where the reports come from. Is there a standard practice for this? Maybe "postmaster"?
Correct on training.
It should auto add reports for any new email it learns about.
The only time it doesn’t is if you’re using a catch all.
Francisco
Can the client IP and hostname be hidden on first hop of outgoing SMTP connection? Many providers do this these days for privacy.
Looks like Protection Reports are deprecated so that’s probably why they are not exposed in the menu.
https://documentation.n-able.com/spamexperts/userguide/Content/C_Domain Level/reporting/periodic-user-report.htm
They advise using "Scout Reports", accompanied by a broken link. I look forward to learning about this to ensure the quarantine is not silent. Looks like a powerful system with a learning curve.
Damn, they are exactly what I'm looking for as I wanted to manage domain users' spam centrally and it's long way round having to go to Namecrane Admin -> Spamexperts Portal manually for each domain.
Protection Reports is working fine for the domains I've set it up for so will cling on with my bare hands until it's removed
Thankyou also for link to user guide for Smartermail
Some users had concerns about privacy due to the users IP being in the email headers.
This looks to be resolved in our own testing. If others want to check that'd be awesome
Francisco
From my testing before it was leaking the rDNS of the client IP, but after checking it seems resolved. Thank you Francisco.
Good stuff!
Francisco
I am not a fan of the entire header being removed for authenticated mail, but I suppose this is acceptable. It would be nice to have confirmation in the headers that the incoming route from spamexperts mx2 in London to us1 in NV sent encrypted. With this setup the entire hop is removed. This is a concern because I know tls is not available on us1.workspace.org:25 so there is chance that incoming mails are exposed on that route. Certainly, if not using spamexperts, all incoming mail is exposed and sent in the clear such as in a split domain scenario.
Ideally for authenticated senders, the received from IP would be removed or replaced with 127.0.0.1 and the hostname would be removed or replaced with localhost or something. That way we still have record of the other bits of info.
This removes the users home ip, nothing with servers.
You used to be able to get the ip and rdns of a sender from there. Server hops are still intact.
Francisco
Not true, since the spamexperts boxes are authenticated senders that hop gets removed in this updated scheme.
It shouldn’t? My own tests showed it having us1 in the hop list.
This clear out happens at SM itself, not at the SE box.
Francisco
You must have been testing outbound mail. I am just pointing out that the header gets removed from the inbound direction when using spam experts.
I am pointing this out because you may not have noticed this in your testing.
Yes, since that's what the concern was
The issue was that emails that were sent out would have the end users IP & RDNS listed in there in the 'received from' headers. This was a privacy concern that I worked with smartermail to resolve.
As for incoming headers, let me know if that looks better
Thanks for the feedback!
Francisco
The incoming headers look better but now the privacy concern is back.
Also don't forget to turn on explicit tls for port 25 on smarter mail. The spam experts boxes already have it on.
Is the privacy concern for incoming or outgoing mail (or both)?