These options allow you to control the overall behavior of the mail server, ranging from IP binding to mail size limits. There are also options to control the use of ODBC and the INI based file system.
General #
- Primary Domain - This should be your most commonly used Domain within Ability Mail Server (e.g. mail.yourdomain.com). However, any Domain which converts to your IP address is usually acceptable. This string is used in service welcome messages and also in the 'Message-ID' field in mail headers.
- Admin Email - Most mail servers usually have an appointed administrator email address. Commonly, this is set to something like postmaster@yourdomain.com. This will be used in failure messages and also as a contact address.
- Max Mail Size - This is the maximum size limit of any mail accepted or created within the mail server. This option also overrules the equivalent Group limit, capping the maximum to this value if necessary.
- Max Account Size - This is the maximum size of any mail account within the mail server. This option also overrules the equivalent group limit, capping the maximum to this value if necessary.
- Max Simultaneous Connections Per IP - This controls the maximum number of simultaneous connections the mail server will allow per IP. This helps prevent DOS attacks which work by opening hundreds of connections, this normally results in the mail server becoming unresponsive to other clients.
- Bind to All Available IPs - This option affects any services which are set to 'Use Server Default' IP binding. If selected, those services will try to bind to all available IPs.
- Listen Only on IP(s) - This option effects any services which are set to 'Use Server Default' IP binding. If selected, all those services will try to bind to the IPs listed here. To set multiple IPs, simply separate each IP with a semi-colon (';'). It is also acceptable to specify a domain name instead of an IP.
- Initialise On Load - When the mail server first loads, this option will control whether it is initialized by default. It is recommended that you enable this option.
- Hide On Load - When the mail server first loads, this option will control whether the interface is hidden by default. In NT Service mode this option is ignored and the dialog interface (if not disabled) will always hide by default.
- Run as an NT Service - If enabled, Ability Mail Server will automatically load before the Windows login screen during boot up. This ensures that regardless of which user is logged into Windows (or even if there are no users logged in), the mail server will always be safely running.
- Start Delay (secs) - If you have enabled the 'Run as an NT Service' option, this allows you to force the NT service to delay loading and initializing. This is useful if Ability Mail Server is dependant on another service such as a database, antivirus scanner, IIS port binding etc.
- Disable Dialog Interface in NT Service Mode - If you have enabled the 'Run as an NT Service' option, this allows you to disable the normal dialog interface. This allows the application to run invisibly and therefore helps against unwanted users having access to the mail server settings. This option is only available on Windows XP and early systems as newer operating systems will not permit the interface.
Admin #
- User - If you wish to use remote admin or to secure the dialog interface with a user and password, you can provide the admin login user here.
- Password - If you wish to use remote admin or to secure the dialog interface with a user and password, you can provide the admin login password here.
- Login Required to Access Dialog Interface - If this is enabled, the normal dialog interface will require a user and password before allowing access.
- Enable Skeleton Password - This allows the administrator to set a password which will permit access to any account. To access an account with the skeleton password you must use the full email address as the user login (i.e. user@domain). Please note that this option should be used wisely as it can create a potential security risk. It may also be considered a violation of your users' privacy rights.
Anti-Hammering #
- Max Failed Login Attempts - This option affects services configured to use Anti-Hammering. This value sets the maximum allowed number of login failures. Once an IP exceeds this number within a set period of time, that IP will be blocked for a set period of time.
- Stored Failure Time-out - This option affects services configured to use Anti-Hammering. When an IP causes a login failure, this is the amount of time the failed attempt will be recorded for. Once this time has passed without any more login failures from that IP, the failed attempts count will be reset.
- Block Time - This option affects services configured to use Anti-Hammering. When an IP exceeds the 'Max Failed Login Attempts' value, it will be blocked for this amount of time. Any current connections or new connections will be disconnected and blocked during this period.
- Enable Anti-Hammering Safe IPs - If enabled, the IPs and IP ranges in the list box will be excluded from Anti-Hammering. This ensures trusted clients will not be affected by the Anti-Hammering system.
Loop Protection #
- Enable Mail Loops / Infinite Bounce Protection - This enables the mail server to automatically protect its self from mail loops and infinite bounces. Please note that this isn't a cure, but is a measure to prevent occurrences from becoming a serious problem. Any mail loops or infinite bounces found should be investigated and fixed.
- Max Similar Mails Per Day - When the number of similar mails exceed this value, additional mails will be automatically failed.
- Max Mails Per Sender / Recipient Pair Per Day - When the number of mails sent from a single sender to a single recipient exceeds this value, additional mails will be automatically failed.
- Insert First Failed Mail into Account - If set, a copy of the first failed mail in a sequence of mails will be placed in the Inbox of this account. This is useful if you want to keep a record of the failed mails for further investigation.
- When Max is Reached: Silently Delete Mail - If set, any failed mails will be silently deleted without notice.
- When Max is Reached: Delete Mail and Insert a Failure Notice if Possible - If set, any failed mails will be deleted and a failure notice will be inserted directly into the sender and recipients accounts if they are local. Direct insertion reduces the danger of the failure notices themselves from becoming an infinite bounce. There is also a built in limit on the number of failure notices that any one account will receive.
Advanced #
- Accounts Directory - This controls where the accounts setup files are stored. Usually there will be no need to change this path. However, if you intend to use clustering or to place the accounts on another hard drive then you will most likely have to change this path. It is perfectly legal to have this path set to a network location which is shared amongst multiple mail servers (for a typical clustering setup). For more information on using network drives, please view the Frequently Asked Questions page.
- Settings Auto-Reload Interval - This value controls how often the settings are reloaded into the mail server. If you intend to perform external manipulation of the settings or use clustering, a lower value is recommended. Please note if you're using ODBC that every time this interval passes all the users will be refreshed from the ODBC data source. If you have a large number of users (over 10000 or more) and you set this value too low, the ODBC data source or network may be put under unacceptable load. In this case, we recommend setting a higher value to reduce the frequency of ODBC data source refreshes.
- Encrypt Passwords When Saving to File or ODBC - If enabled, any password written into file or an ODBC data source will be automatically encrypted. This prevents passwords from being stored in clear text and helps protect against local password snatching attacks. However, this also means that external reading of passwords by scripts or other software will be prevented. It is therefore recommended that this option be disabled when external control of accounts and settings is being used.
- Either the 'User' or Email Address - If set, users will be able to login into any of the services using the 'User' field of the account or the full email address. In this mode, only single instances of the same user and password pair can exist.
- Only the Email Address - If set, users will only be able to login into services using the full email address. In this mode, multiple instances of the same user and password can exist.
- Perform Content Filtering First - If set, Content Filtering will be applied before Antivirus Filtering. Antivirus scanning usually takes much more processing time than Content Filtering. Therefore, it is often more efficient for the mail server to have this option set as 'expensive' virus scanning can be avoided for mails deleted by Content Filtering.
- Perform Antivirus Filtering First - If set, Antivirus Filtering will be applied before Content Filtering.
- Thread Pool Size - Each incoming connection to Ability Mail Server is handled by a separate thread (multi-threaded processing). To help improve efficiency when the server is under heavy load, these threads are pre-created and stored in a pool. This value allows you to optimize the size of the pool to gain maximum performance. Slower computers should use a lower size and faster computers should use a higher size. Please note, should the number of threads required exceed this value, the pool will increase in capacity to accommodate the demand.
- IPv4 Only - If set, the mail server will only attempt to listen on IP version 4 addresses. Additionally, DNS host address look ups will request only IPv4 results. This is the default mode and is ideal for the common IPv4 only networks.
- IPv6 Only - If set, the mail server will only attempt to listen on IP version 6 addresses. Additionally, DNS host address look ups will request only IPv6 results.
- IPv4 and IPv6 (IPv4 Preferred) - If set, the mail server will operate on both IP version 4 and 6. DNS host address look ups will favor IPv4 addresses if both types are returned.
- IPv4 and IPv6 (IPv6 Preferred) - If set, the mail server will operate on both IP version 4 and 6. DNS host address look ups will favor IPv6 addresses if both types are returned.
ODBC #
- Use File System - If set, the users.ini file will be used instead of an ODBC data source. This is the most efficient way to run the mail server and is ideal if the users are not to be managed externally.
- Use ODBC - If set, an ODBC data source will be used instead of the users.ini. This is ideal for setups which require external control of users (from scripts and other applications) and also for clustering setups. The only information stored in an ODBC data source is the minimal information required for a user to exist. This means that ODBC mode still mainly uses the normal file system with the exception that the information normally stored in the users.ini is relocated to an ODBC data source.
- Connect String - This is the connect string which will be used to connect to the ODBC data source.
- Table - This is the name of the table which will be used to store the user records.
- Domain Field - This is the field name where the domain string will be stored. The database must allow at least 100 characters for this field.
- User Field - This is the field name where the user string will be stored. The database must allow up to at least 100 characters for this field.
- Password Field - This is the field name where the password string will be stored. The database must allow at least 100 characters for this field.
- In Group Field - This is the field name where the in group string will be stored. The database must allow at least 100 characters for this field.
- Enabled Field - This is the field name where the enabled setting will be stored.
- Directory Field - This is the field name where the directory path string will be stored. The database must allow at least 255 characters for this field.
- Test Database - This will test the connect string specified to make sure that it is possible to connect to the ODBC data source.
- Create Table - If this ODBC data source does not yet have the table created, this button will connect and create the necessary table and fields. It is recommended to create your table using this button as it ensures that the correct sizes are allocated to each field.
- File System to ODBC - This allows you to append all the Users in the users.ini into the ODBC data source. This allows you to change between ODBC and File System modes without having to re-build your Users manually.
- ODBC to File System - This allows you to either overwrite or append all the Users in the ODBC data source into the users.ini. This allows you to change between ODBC and File System modes without having to re-build your Users manually.