E-mail server
=============

Technology
----------

Our mail server is installed on `mail1.pvt.confirm.ch <ssh://mail1.pvt.confirm.ch>`_ and is driven by:

* `Postfix <http://www.postfix.org/>`_ as MTA
* `Cyrus IMAP <http://www.cyrusimap.org/>`_ MDA
* `Postgrey <http://postgrey.schweikert.ch/>`_ as greylisting filter
* `SpamAssassin <https://spamassassin.apache.org/>`_ as SPAM filter
* `ClamAV <http://www.clamav.net/>`_ as anti virus engine
* `Roundcube <https://roundcube.net/>`_ as webmail client

We're using an LDAP backend for virtual domains and mailboxes.

Virtual domains
---------------

Postfix needs to know its list of own domains. These domains are managed in the following LDAP DN:

.. code-block:: none

    ou=domains,dc=confirm,dc=ch

If you've a new domain which Postfix should serve just copy an existing one and update it accordingly.

Virtual mailboxes
-----------------

Of course Postfix also needs to know about the different mailboxes / mail addresses which it is in charge of. These mailboxes are also managed in the LDAP backend.

The Base DN **for employees** is:

.. code-block:: none

    ou=users,dc=confirm,dc=ch

The Base DN **for non-employees** is:

.. code-block:: none

    ou=vmail,dc=confirm,dc=ch

The mail address of a user is defined in the ``mail`` attribute. This mail address is also the username for the login. However, you can easily add additional mail addresses by specyfing multiple ``mailAlternateAddress`` attributes.

Cyrus mailboxes
---------------

Since Cyrus 2.5 (Debian 9), the mailboxes should automatically be created on the first login.

.. hint:: 

    More about this can be found in the `Cyrus ansible role <https://gitlab.confirm.ch/confirm/infrastructure/tree/master/roles/cyrus#create-a-new-mailbox>`_.

cyradm
------

Connect to Cyrus via cyradm
~~~~~~~~~~~~~~~~~~~~~~~~~~~

If you want to manage mailboxes manually, login into `mail1.pvt.confirm.ch <ssh://mail1.pvt.confirm.ch>`_ and connect to Cyrus via ``cyradm``:

.. code-block:: bash

    cyradm -u cyrus localhost

.. hint::

    The password is stored in the :ref:`Enpass <enpass>` vault.

First steps
~~~~~~~~~~~

When logged in, you can enter ``help`` if you want to have an overview over the available commands.
To list the mailboxes, you can run the following command:

.. code::

    lm

The ``cyrus`` user is an admin user and can manage the whole Cyrus IMAP server.
However, to manage specific mailboxes, you need to give the ``cyrus`` user access to those specific mailboxes first:

.. code::

    sam user.<uid>.<folder>@confirm.ch cyrus all

Rename mailbox
~~~~~~~~~~~~~~

The rename of a complete mailbox is a bit "tricky" and involves several steps:

First you need to list all mailboxes via ``lm``, find the ones you're interested in renaming and then execute the following steps per mailbox:

.. code::

    # Give cyrus permissions to manage mailbox
    sam user.<old uid>.<folder>@confirm.ch cyrus all

    # Rename mailbox
    renm user.<old uid>.<folder>@confirm.ch user.<new uid>.<folder>@confirm.ch 

    # Give new UID permissions
    sam user.<new uid>.<folder>@confirm.ch <new uid>@confirm.ch all

    # Revoke permissions from old UID and cyrus
    sam user.<new uid>.<folder>@confirm.ch <old uid>@confirm.ch none
    sam user.<old uid>.<folder>@confirm.ch cyrus none

.. important::

    In case the new top-level mailbox isn't existing, you need to create it first by executing ``cm user.<new uid>@confirm.ch`` and ``sam user.<new uid>@confirm.ch all``.

While all subdirectories were moved automatically by Cyrus' ``renm`` command, you also need to move the files on the filesystem manually:

.. code::

    cd /var/spool/cyrus/mail/domain/c/confirm.ch/
    mv <first letter of old uid>/user/<old uid>/* <first letter of new uid>/user/<new uid>/