Email

All the email accounts on the old mail.webarch.net and mail1.ecohost.email have now been migrated to webarch.email.

Webarch.email

webarch.email is our primary mailserver, it is running Mailcow. This server has two web interfaces, #Mailcow and #SOGo.

The Mailcow documentation includes instructions for configuring clients which you can use with the details below.

Mailcow

The Mailcow interface has two modes depending if you login as a domain administrator (for these accounts the username is a single word with no punctuation) or as a email account holder (for these accounts the username is your email address):

Mailcow domain administration

You need to login as a Mailcow domain administrator if you want to create email accounts, create aliases or reset mailbox password.

Edit mailbox password

To change the password on a mailbox, login using the administration account (this will have a username as a login not a email address) and click Configuration, Mailboxes as shown below:

Note that on narrow screens to edit button vanishes, click the tiny grey + sign to the left of the Username to get it to appear:

Then click Edit to update the mailbox account password:

Mailcow mailbox

A Mailcow mailbox can have multiple aliases and for Thunderbird all you should need to configure is your username, which is your email address, and your password (thanks to the #DNS_Settings), if you have a client that needs manual configuration following are the details you need.

Note: One client has had connectivity issues with the old SSL ports but doesn't with the new STARTTLS ports, if in doubt best ensure that your email client is updated and use the STARTTLS ports for IMAP and SMTP.

Webarch.email IMAP

IMAP (Internet Message Access Protocol) is used for reading and receiving email, you can use IMAPS (IMAP with SSL) or IMAP (IMAP with TLS), see below for the settings:

• Username: example@example.org (your email address)
• Password: XXXXXX (the password you have been provided with)
• Server: mail.webarch.email
• IMAPS:
  • Port: 993
  • Security: SSL
• IMAP:
  • Port: 143
  • Security: STARTTLS
• Authentication: username and plain text unencrypted password (there is SSL/TLS encryption at the transport level)

Webarch.email POP3

POP3 (Post Office Protocol version 3) is used for reading and receiving email, you can use POP3S (POP3 with SSL) or POP3 (POP3 with TLS), see below for the settings:

• Username: example@example.org (your email address)
• Password: XXXXXX (the password you have been provided with)
• Server: mail.webarch.email
• POP3S:
  • Port: 995
  • Security: SSL
• POP3:
  • Port: 110
  • Security: STARTTLS
• Authentication: username and plain text unencrypted password (there is SSL/TLS encryption at the transport level)

Webarch.email SMTP

SMTP (Simple Mail Transfer Protocol) is used for sending authenticated email (unauthenticated email is also received from other mail servers on port 25 using SMTP), you can use SMTPS (SMTP with SSL) or SMTP (SMTP with TLS), see below for the settings:

• Username: example@example.org (your email address)
• Password: XXXXXX (the password you have been provided with)
• Server: mail.webarch.email

SMTPS is the preferred mechanism — better compatibility with Apple/Microsoft clients and Thunderbird.

• SMTPS:
  • Port: 465
  • Security: SSL
• Authentication: username and plain text unencrypted password (there is SSL/TLS encryption at the transport level)

SMTP should only be used if you're client does not support SMTPS.

• SMTP:
  • Port: 587
  • Security: STARTTLS
• Authentication: username and plain text unencrypted password (there is SSL/TLS encryption at the transport level)

Mailcow Alias

In Mailcow two types of aliases can be created:

• Domain aliases, this is where anyone@example.org.uk and anyone-else@example.org.uk email is forwarded to anyone@example.org and anyone-else@example.org, just one alias is created for the domain name.
• Aliases, this is where someone@example.org.uk is forwarded to someoneelse@example.org.uk

SOGo

SOGo is the web based IMAP client on webarch.email and it can be accessed via the "SOGo" link at the bottom of the front page or directly via https://webarch.email/SOGo.

There is a SOGO usage FAQ list on the SOGO.nu site.

SOGo Autoresponder / Vacation Message

You can set a out of office / vacation / holiday / automatic reply / autoresponder if you login to the SOGo interface and select Preferences, Mail, Vacation.

SOGo Forwarding

You can set a email account to also forward email to another account with the option for keeping a copy locally via SOGo, select Preferences, Mail, Forwarding.

SOGo Deleting Emails

To delete multiple emails at once first click on the icon to the left of the email subject and this allows multiple email to be selected, tick the box by each email you wish to delete and then click the bin icon to move them to the Trash folder. You then need to empty the Trash folder by clicking on it, then clicking on the three dots and then clicking on Empty Trash.

SOGo Email Signature

To add or edit an email signature in SOGo, click the settings cog at the top of the left hand column, then click Mail in the left hand column, then click the IMAP Accounts tab at the top of the main column and then click the pen icon to edit the account and this will present you with a form field for a email Signature.

Spam Settings

You can change the anti-spam settings by logging it at webarch.email with your email address and scrolling down the page and clicking "Spam filter", then you can adjust the thresholds, if too many things are being classed as spam you need to increase the values from the default of 5:15, for example, move the left hand slider to the right to increase the length of the green bar to cause less email to be moved to the junk folder and decrease the size of the red bar to cause less email to be thrown away — email with a green score goes to your INBOX, email with a yellow score goes to your Junk folder and email with a red score is thrown away, you will never see it.

There is also the option below this to whitelist and blacklist email addresses, this is useful if an email address is sending you spam or if someones emails are classed as spam when they are not.

DNS Settings

If the DNS servers for your domain are provided by Webarchitects then we should have set the DNS up correctly for you, if you manage your own DNS then these are the settings you need for your Bind configuration file to ensure that clients such as the Thunderbird Autoconfiguration finds the webarch.email auto-configuration XML file and so forth:

; Example set of records for Bind 9
;
                      IN MX    10        mail.webarch.email.
                      IN TXT   "v=spf1 a mx include:_spf.webarch.email ~all"
autodiscover          IN CNAME           mail.webarch.email.
autoconfig            IN CNAME           mail.webarch.email.
_imap._tcp            IN SRV   0 1 143   mail.webarch.email.
_imaps._tcp           IN SRV   0 1 993   mail.webarch.email.
_pop3._tcp            IN SRV   0 1 110   mail.webarch.email.
_pop3s._tcp           IN SRV   0 1 995   mail.webarch.email.
_submission._tcp      IN SRV   0 1 587   mail.webarch.email.
_smtps._tcp           IN SRV   0 1 465   mail.webarch.email.
_sieve._tcp           IN SRV   0 1 4190  mail.webarch.email.
_autodiscover._tcp    IN SRV   0 1 443   mail.webarch.email.
_carddavs._tcp        IN SRV   0 1 443   mail.webarch.email.
_caldavs._tcp         IN SRV   0 1 443   mail.webarch.email.
_carddavs._tcp        IN TXT   "path=/SOGo/dav/"
_caldavs._tcp         IN TXT   "path=/SOGo/dav/"
;
; Contact Webarchitects for a value for the DKIM record
; NOTE that the DKIM record needs to be split after 255 characters, see https://kb.isc.org/docs/aa-00356
;20190327._domainkey   IN TXT "v=DKIM1;k=rsa;t=s;s=email;p=XXXXXXXXXXXXXXX"
; 
; DMARC settings to improve deliverability - set after DKIM is configured
; _dmarc                 IN TXT   "v=DMARC1; p=none; rua=mailto:dmarc-webarchclient-aggregate@webarchitects.coop; ruf=mailto:dmarc-webarchclient-forensics@webarchitects.coop; fo=1"

See also the Mailcow DNS configuration guide.

Mailcow Netfilter

Because email is generally used as the method for resetting all other online accounts there is a lot of potential harm that can come from your account being compromised, as it can be used as a key to get into other online services, including ones that might have saved your debit and or credit card details.

It is therefore very important to have very strong passwords on your email accounts — there are constant attacks from botnets trying to brute force access to accounts through weak passwords.

The Mailcow server at webarch.email will block the subnet of your IP address for 10 minutes if you have 10 failed logins in a 5 minute period.

You can tell that your IP address has been blocked if you can't visit https://webarch.email/ using a web browser.

If this happens to you it can indicate that you have a misconfigured client which is attempting to login using incorrect details, regrettably false positives do sometimes happen.

In the case of a false positive please check what your IP address is and contact us to request that we check the logs.

If you have a static IP address it can be whitelisted, however this isn't generally a solution as most people have dynamic IP addresses that change on a regular basis, but there are circumstances, like an office with a fixed IP address where this makes sense.

Thunderbird

Mozilla Thunderbird is a cross platform email client which is free.

The account configuration wizard in Thunderbird should be able to automatically get all the setting correct from the username / email address using the autodiscover sub-domain, as explained at MDN Web Docs:

Given the email address "fred@example.com", Thunderbird checks <https://autoconfig.example.com/mail/config-v1.1.xml?emailaddress=fred@example.com>

If you don’t like the behaviour of IMAP then Thunderbird can be configured to work like a POP3 client to delete and download emails or you can connect using POP3 over SSL on port 995, if you do this be sure to select SSL/TLS for connection security and untick “Use secure authentication”.

The Thunderbird Sieve extension can be installed for managing server side filters on incoming email (for example to filter all email from a list into a separate IMAP folder).

K-9

K-9 is a free Android email client available from F-Droid and the Google Play Store, please see the K-9 Mail page for screen shots documenting how to configure it to work with webarch.email.

Email Issues

If there are problems with email we will often ask you to forward the problematic email with all the headers, please see this guide for displaying headers for a variety of email clients.

Email Deliverability

Your email should be delivered reliably to recipients when send from Webarchitects servers, whether from the SOGo web client or via another client, such as Mozilla Thunderbird, or Microsoft Outlook. However there may situations when you find it is not delivered, or is marked as spam or lands in recipients junk email folder. Unfortunately how recipients treat email after it has been handed over to their email systems is not something that is in our control.

If your are finding that your email is being marked as spam by recipients then the most efficient and reliable way of improving its delivery, is to contact the intended recipient and get them to mark your email as "Not Junk", and add them to a "Safe SenderList". The following links show how this can be done for Office365 tenants:

• Label a message as "junk" or "not junk"
• Overview of the Junk Email Filter

There are some technical measures that Webarchitects can make to help deliverability. These are most useful in situations when your email is being forged by spammers. Webarchitects already add information to your email domain to help prevent this. However with a clear understanding of how you use your email domain we can strengthen this. For more information see the DMARC overview.