General Settings

General Settings

The basic settings section includes many basic parameters necessary for the operation of a mail server on the Internet.

1. Basic Settings.png


SSL Certificate for Mail Domain

After saving the settings of the main mail domain and the hostname of the mail server, SafeUTM creates a local certificate signed by the root (self-signed) certificate. Simultaneously with the creation of a local certificate, a request is sent to issue a Let's Encrypt certificate.

Work with certificates is carried out in the section Services -> TLS Certificates.

If you want to replace an automatically issued certificate with your own, then when uploading your own certificate chain, the CN (Common name) of the last certificate must match the domain for which the certificate is being downloaded.

To upload your certificate to the server, you can use the instructions.

Webmail

Configuring the mail web interface to work on the local and external interface of SafeUTM.


1. In order for webmail to work on the local interface, you need to activate the Webmail setting in Mail Relay -> General settings.
2. To work on the external interface, you need to create a rule in the section Services -> Reverse proxy:

Example of a rule for the domain name and IP address access:
1. Webmail.png

After creating a rule from the local network in the browser, type this in the browser: https:// x.x.x.x:8443/webmail/, where x.x.x.x is the local interface address.

From the Internet, type in the browser: https://[domain name]:8443/webmail/. For example: https://test.com:8443/webmail/

A less prioritized alternative option: from the Internet, type in the browser: https://x.x.x.x/webmail/, where x.x.x.x is the external interface address.
For example: https://66.77.88.99/webmail/

You must use HTTPS to connect.

Upon successful login, the web interface of the user's mailbox will open in the browser.
Screenshot_33.png

The web interface of the embedded mail client works with the mail server via IMAP protocol and has the following capabilities:

Setting up Mail Relay

If SafeUTM has an external IP address, a domain is registered to it, and the necessary records are configured with the registrar and provider, but you want another server to handle the sending and delivery of mail (for example, a pre-configured Exchange server in LAN), then SafeUTM can relay all incoming mail to this machine.

Before setting up the mail relay, make sure that the mail server is enabled on SafeUTM. To set up a mail relay, add an entry of this type to the Relay domains field: mydomain.com|10.20.30.40, where:

1. Setting up Mail Relay.png

When setting up a mail relay on SafeUTM, it is essential that the main SafeUTM mail domain differs from the Relay domain. For this, in the Main mail domain field in the mail server settings, you need to register a fictional domain that does not match the registered one. This way you can specify multiple Relay domains for several different servers in LAN. All mail domains must be associated with the external address of the SafeUTM server (A and MX records in the DNS zone).

With this scheme, SafeUTM will allow the mail to pass through it directly to the mail server on the local network. Along the way, emails can be checked for spam. For this, enable the appropriate services in the SafeUTM web interface.

SafeUTM will accept mail addressed only to the specified Relay domain. Any other mail will be rejected by the server, so the possibility of receiving an open mail relay during setup is excluded.