How can I set up the web-interface access to the server?
The server itself does not have a web-interface, but there are certain kits by third-party developers which allow adding it. Such packages usually refer to the server via the IMAP protocol. The greater part of such solutions, in order to function properly, require the Apache web-server (http://www.apache.org/) with PHP (http://www.php.net/) be installed.
Examples of such solutions are the following kits:
|Horde IMP (http://www.horde.org/imp/)
Which anti-virus programmes are supported by the server?
The server can make use of the anti-virus plug-ins suitable for The Bat! E-mail Client (http://www.ritlabs.com/en/products/thebat/plugin.php). Some plug-ins are already included in the anti-virus programmes. Not all the plug-ins function properly with the server. This may be related to the fact that the server checks for viruses many messages at once and not all the anti-virus plug-ins are capable of doing that. Among the tested and trusted plug-ins we can point out the NOD32 plug-in.
Which anti-spam solutions are supported by the server?
The server has got a built-in support for SpamAssassin (http://spamassassin.apache.org/) - one of the most powerful anti-spam solutions. SpamAssassin can be installed on the same PC where the server is running or on a standalone computer (e.g., under Unix). The server communicates with SpamAssassin via the spamd module, so it also has to be installed. Installing and, mainly, configuring it under Windows can become a difficult task to complete. You can find its detailed description at: http://wiki.apache.org/spamassassin/UsingOnWindows.
The server supports the anti-spam plug-ins suitable for The Bat (http://www.ritlabs.com/en/products/thebat/plugin.php). Some of them are bound to The Bat! and do not work with the server. Among the tested plug-ins there is the Bayes Filter Plugin.
Bayes Filter Plugin v2.0.4 for The Bat!
The "No Report Dialog Below" parameter has to be set to 0 in order to disable the on-screen messages. We recommend to set full paths to files to be sure of their location.
The statistics on the "About" tab is not refreshed at once, the differences take effect after the server restart. Probably, this had been done to increase the processing speed and therefore the information is not written into the database at once, but first is cached in memory. Since in the Configurator, unlike the server, another copy of the plug-in is loaded, the changes in statistics are not seen at once.
In order to function properly many of the anti-spam solutions require prior training. In other words, it is necessary to teach the plug-ins which messages, according to the user, are spam and which ones are not. This is needed to work out the characteristic features of such messages, so that in future it will be possible to distinguish junk and not-junk e-mails. Training should be carried out regularly as new sorts of spam-messages permanently appear. For training there are two special addresses: $SPAM and $NONSPAM to which it is necessary to send spam and not-spam messages respectively. It is necessary to authenticate in order to be able to send messages to these addresses. Another condition is that the user has to be a member of the group with the right to train the anti-spam modules.
How does one create a certificate for the server?
In order to be able to use the secure SSL/TLS connection it is necessary that the certificate is installed on the server. The sub-folder called PEMs is suitable for storing the certificate and the respective private key.
The server supports SSL/TLS with the help of the OpenSSL library (http://www.openssl.org). That is why the pem-format is used for storing certificates and private keys. This format allows keeping the certificates in plain text which is quite handy for sending them via e-mail.
It is possible to use a self-signed certificate as well as the one issued by the certifying authority. In case of the self-signed certificate it is will be necessary to add it to the list of the trusted certificates in the e-mail client; on the other hand if the certificate had been received from the certifying authority, then, most likely, it will be already trusted, because the root certificates of the certifying authorities are already in the list of the trusted certificates.
The openssl utility, as part of the OpenSSL library, will also be needed. It is possible to build the library from source codes or download a precompiled version. A Windows version can be found here: http://www.openssl.org/related/binaries.html.
First of all it is necessary to generate a private RSA key and a request for certification. First we create a .rnd file and enter random data there, this will be the basis for generating the key later. You can insert into that file any random text, the size of the file is of no importance. After that you have to execute the following from the command line:
openssl req -newkey rsa:1024 -keyout key.pem -out req.pem -config openssl.cnf
This command will create a 1024-bit private RSA key and will save it into the key.pem file. The key has to look like this:
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
While creating the key you will be prompted for a password to it. Later you will have to enter that password in the server settings.
The certification request will also be created. That request contains the description of the future certificate: Country, State/Region, City, Organisation, Department, the server's domain name, etc. While the command is executed you will be asked for the attributes of the future certificate. Do not forget to enter the server's domain name as the "Common Name" attribute. On basis of the private key from the key.pem file and data entered by the user, this command will create a request for certification and will save it into the req.pem file. The request has to look like this:
-----BEGIN CERTIFICATE REQUEST-----
-----END CERTIFICATE REQUEST-----
Now you have a private key in the key.pem file and a request for certification in the req.pem file. Make sure you save the private key in a safe place. It will be used for proper server operation over secure connections. Without the private key the certificate will become almost useless. For security reasons the certification authorities will not be able to issue you a new certificate (e.g. if the attributes have been changed) if you do not have the access to the private key.
Now it's time to send your request for certification to the certifying authority. It can be VeriSign (http://www.verisign.com) or Thawte (http://www.thawte.com).After your data has been verified you will either receive the certificate or the reason of the rejection. Then you have to put the certificate into the cert.pem file. It has to look like this:
If you need to create a self-signed certificate, then you have to execute the following from the command line:
openssl req -new -key key.pem -out cert.pem -x509 -config openssl.cnf
Such certificate is mostly used in testing purposes. It is also possible to receive test certificates at VeriSign: http://digitalid.verisign.com/test_server_ids.html (select "C2Net (Apache-SSL-US)") or at Thawte: https://www.thawte.com/cgi/server/test.exe (select "Generate an X.509v3 certificate & Use the most basic format").
By default the server looks for the private key and the certificate in the ".\PEMs\server.pem" file. It is possible to copy them into that file using a text editor or via executing this command:
copy key.pem+cert.pem server.pem
Or it is also possible to point out the necessary files in Configurator in the "Options > Security" section. It is also mandatory to enter the password for decrypting the private key.