Header Blogartikel 9

With the UCS Mail Server app, you can set up your very own digital post office. Postfix handles outgoing mail, Dovecot manages incoming mailboxes, and integrated tools like ClamAV and SpamAssassin keep your inbox safe from viruses and spam. The Fetchmail app adds another layer of convenience by working like a postman, fetching emails from external accounts and delivering them directly to your local system.

Email is the backbone of modern communication—and with UCS, setting up your own mail server is easier than ever. The Mail Server app gives you everything you need: Postfix for sending emails, Dovecot for managing mailboxes, and built-in tools like ClamAV and SpamAssassin to keep things secure and spam-free. Need to pull in messages from external accounts? The Fetchmail app has you covered, fetching emails from outside servers and delivering them straight to your local system.

This article walks you through how to set up mail domains, manage user accounts, block spam and viruses, and even integrate external messages—all with UCS, all simple and secure.

Ready to Roll: Installing the UCS Mail Server App

You’ll find the Mail Server app in the Univention App Center. Just click Install, follow the prompts, and you’re good to go! You can choose to set up the mail server on a UCS Primary Directory Node or another server role—it’s up to you. That said, the Primary Directory Node is optimized for frequent LDAP access, making it a strong choice. For smaller setups, though, we recommend not installing the mail server directly on a Primary Directory Node. This system is the backbone of your UCS domain, housing critical data like user accounts, groups, and SSL certificates. A Replica Directory Node is often a better fit. It stores a read-only copy of domain data and lets services work directly with the local LDAP database. Replica Directory Nodes are perfect for site-specific servers or handling resource-heavy tasks like mail servers.

Once you start the installation, UCS shows you exactly which packages are being set up or updated. These include the Dovecot IMAP service, AMaViS and ClamAV for virus protection, and Apache SpamAssassin and Postgrey to keep your inbox clean.

Postfix takes care of all mail transport on your UCS system. By default, this mail transfer agent (MTA) is set to handle only local emails—everything stays within your system. Once you install the Mail Server app, it’s ready to communicate with the outside world. Postfix checks every incoming message to ensure only emails addressed to users or aliases in your LDAP directory are delivered.

What about outgoing mail? By default, Postfix connects directly to the recipient’s domain mail server to send messages. Alternatively, you can set up a mail relay server—a kind of middleman that handles delivery for you. This option is particularly handy if you’re using the relay server from your corporate network or internet provider.

Pro tip: Check out the “Configuration of the mail server” chapter in our manual for detailed instructions on setting email size limits, configuring virus and spam filters, setting up relay hosts, enabling centralized archiving, and fine-tuning other settings like SMTP ports, quarantines, and resource limits.

Organize Your Mailroom: Configuring Domains and Addresses

The first step is to set up your mail domains using the Domain / Email module in the UMC. Think of a mail domain as its own little space where email addresses, mailing lists, and IMAP group folders are neatly organized. Postfix distinguishes between “local” and “external” domains: only emails sent to local domains—the ones you configure here—will be delivered. When naming your mail domains, stick to lowercase letters, numbers, periods, and hyphens. And don’t worry—your mail domains don’t have to match the server’s DNS domain.

To ensure your mail domain can receive emails from the outside world, you’ll need to add an MX record to your DNS settings. Think of it as a digital signpost, directing external senders to the right mail server for your domain. In most cases, your internet provider can handle this setup for you, making it a quick and painless process. Once it’s done, your mail domain is open for business, ready to receive messages from anywhere.

Next, assign email addresses to your users through the Users module in the UMC. UCS gives you the flexibility to create different types of email addresses, each serving a unique purpose—think of them as keys, each unlocking a specific function:

  1. Primary Email Address (the main key): Every user gets a unique primary email address, which is used for authentication with Postfix and Dovecot. This “main key” also defines their personal IMAP mailbox, which UCS sets up automatically. Just make sure the domain for the primary address is registered in UCS and enabled for the mail server.
  2. Alternative Email Addresses (multiple keys for the same box): Need to receive emails at multiple addresses? No problem. Alternative email addresses all direct messages into the same mailbox. These addresses don’t have to be unique—if two people share the same alternative address, both will receive the same messages. To enforce unique alternative addresses across your domain, set the UCR variable directory/manager/mail-address/uniqueness to true. Like primary addresses, these must also belong to a domain registered in UCS.
  3. Forwarding Addresses (keys to external mailboxes): Want to forward emails to external accounts? Forwarding addresses make it easy. You can even decide whether to keep a copy of the messages in the user’s mailbox or forward them exclusively. These addresses are incredibly flexible—they don’t have to be unique and don’t need to be part of your registered UCS mail domains.

Screenshot showing mail forwarding in mailserver in UCS

Guarding Your Mail: Virus and Malware Detection

UCS comes with built-in virus and malware protection as part of the Mail Server app. Think of it as a security guard for your inbox—every incoming and outgoing email gets a full scan before being delivered. If something suspicious shows up, the email is quarantined in /var/lib/amavis/virusmails, making it completely inaccessible to users. Recipients are notified about the blocked message, and admins can decide whether to restore or delete it for good.

Two tools handle the heavy lifting here, working together seamlessly:

  • AMaViS acts as the go-between for your mail server and the virus scanners. It processes every email, sends it to the scanners, and decides what happens next. If something looks suspicious, AMaViS automatically flags and quarantines it, taking care of the entire screening process.
  • ClamAV does the actual virus detection. It scans emails for known viruses and malware, and if it finds anything, it notifies AMaViS to quarantine or delete the email. To keep its defenses sharp, ClamAV keeps its virus definitions up to date by automatically downloading the latest signatures through the Freshclam service—free of charge.

Looking to tweak your virus scanning setup? UCS has you covered. With AMaViS, you can add other virus scanners to complement ClamAV and boost your protection. Already handling virus scanning elsewhere in your infrastructure? No problem—you can turn it off entirely by setting the UCR variable mail/antivir to no. Just don’t forget to restart Postfix and AMaViS to apply any changes.

Keeping Your Inbox Clean: How UCS Filters Out Annoying Spam

The UCS Mail Server app uses a rock-solid duo—SpamAssassin and Postgrey—to keep user inboxes clutter-free. Postgrey works as a policy server, taking on the role of a bouncer at the door. It reviews every incoming email and decides whether to let it through, block it, or take a closer look. This process, called Greylisting, follows a simple but effective principle. Imagine someone ringing your doorbell. If you don’t recognize them, you ask them to come back later. Postgrey does the same thing with unfamiliar senders. When a new sender tries to deliver an email, the server rejects it on the first attempt and waits to see if they try again. Legitimate mail servers will resend, but most spammers won’t bother. This clever system ensures unwanted messages never make it to your inbox.

If you don’t need Postgrey, you can easily turn off Greylisting. Just set the UCR variable mail/postfix/greylisting to no. In internal networks where the UCS mail server is used, Greylisting can actually cause unnecessary delays, as it doesn’t provide any extra protection in this environment.

SpamAssassin acts like a smart scanner, carefully analyzing every incoming email. It looks at sender information, format, and content, scoring the message based on suspicious features—things like certain keywords or poor encoding. The more points a message racks up, the more likely it is to be spam. Once it hits a certain threshold, SpamAssassin automatically marks the email as spam and moves it to the designated folder.

SpamAssassin offers plenty of flexibility when it comes to customization, and with the Univention Configuration Registry (UCR), you can easily adjust settings to suit your needs. Here’s a quick rundown of the key options:

  • Email Size Limit: By default, SpamAssassin scans emails up to 300KB. Want to adjust that? Just tweak the mail/antispam/bodysizelimit UCR variable.
  • Spam Folder: Emails flagged as spam won’t land in your inbox but are moved to a separate folder, which you can name by setting the mail/dovecot/folder/Spam variable.
  • Spam Detection Threshold: Control how aggressive SpamAssassin is by adjusting the mail/antispam/requiredhits UCR variable. The default is 5, which works for most cases, but you can fine-tune it if needed. A lower number catches more spam, but be mindful of the occasional false positive.
  • Bayesian Learning: For even better accuracy, SpamAssassin uses Bayesian classification. It “learns” from your actions—moving spam to the Spam folder and legit emails to the Ham folder (set via mail/dovecot/folder/ham). UCS reviews these folders daily, tweaks the filters, and stores everything in a shared database. You can manage this daily process with the mail/antispam/learndaily UCR variable.

Pro Tip: DNS-based Blocklists (DNSBL) are a great way to stop spam before it even reaches your inbox. The mail server checks if the sender’s IP address is on a blocklist and automatically rejects suspicious messages. For more details and setup instructions, check out Chapter 14.5 in the UCS manual.

Targeted Delivery: How to Distribute Messages to Groups

Mailing lists are a simple way to share emails within a group. Each list has its own email address, and any email sent to that address will automatically be delivered to all members. In the UMC Email module, you can create mailing lists under the Mailing List object type. Just enter a name, an optional description, and the email address (the domain must be part of a managed mail domain). You can add members easily, even including external email addresses. By default, anyone can send messages to the list.

Screenshot of mailinglist in mailserver in UCS

A mail group is an efficient way to forward emails to all members of a group. The group gets its own email address, and any message sent to that address is automatically delivered to the primary email addresses of all group members—provided they have a primary email address. If not, no worries: the email will just be delivered to the members with a registered address, while others are ignored. Setting it up is easy in the Groups module under advanced settings in the UMC. Here, you’ll enter the mail group’s email address (again, the domain part must be part of a managed mail domain).

To keep things secure and control who can send to the group, here’s what you need to do: set the UCR variable mail/postfix/policy/listfilter to yes, restart Postfix, and then go into the advanced settings to specify which users or groups are allowed to send messages.

Fetchmail: Your Gateway to External Mailboxes

Sometimes emails take a little detour through an external mailbox before they finally reach you. That’s where Fetchmail comes in—think of it like your personal mailman, picking up messages from POP3 or IMAP mailboxes and delivering them straight to your UCS domain. It’s super helpful if you don’t want to expose your mail server directly to the internet. Fetchmail helps you avoid security risks, spam, and extra maintenance. Plus, it pulls in your emails while keeping them secure at your provider, so you get a clean, centralized email system inside your UCS domain.

Setting it up is simple: just install the Fetchmail app from the Univention App Center. Then, go to the advanced settings in the User module, and you’ll find everything you need to get email fetching working. In the Remote mail retrieval section, you’ll add the login info for your external mailbox: username, password, protocol (IMAP or POP3), and mail server name. Want to keep things secure? Enable encryption for the connection. You can also decide if Fetchmail should delete emails from the external server or keeps a copy.

For more advanced setups, like delivering emails to multiple recipients or tweaking header data, Fetchmail offers additional options under Remote mail retrieval (multi). Here, you can decide which domains should receive the emails or how Fetchmail should process the addresses. Fetchmail runs smoothly in the background, checking for new emails every 20 minutes—just like a reliable mailman making his rounds.

Univention Corporate Server: Your Digital Mailroom

Whether you’re managing mail domains, filtering spam, setting up virus protection, or integrating external mailboxes—Univention Corporate Server has you covered. With UCS, you can easily set up mailing lists, pull in external emails via Fetchmail, and keep your inbox clean with SpamAssassin and Postgrey, all while ensuring smooth, efficient email management.

Have you used the Mailserver and Fetchmail apps, or do you have questions about specific features? Leave a comment below or join the discussion in our Forum. We’d love to hear your feedback!

Image source: Icon created by BizzBox from flaticon.com

Use UCS Core Edition for Free!
Download now

Leave a Reply

Your email address will not be published. Required fields are marked *