IceWarp Merak Mail Server

September 2002
IceWarp Software. All rights reserved.
Merak Mail Server (Aug 2002)

Table of Contents
TABLE OF CONTENTS .............................................................................................................................. 2
COPYRIGHT NOTICE ...................................................................................................................................... 5
DISCLAIMER ................................................................................................................................................. 5
LICENSE AGREEMENT .................................................................................................................................. 5
EVALUATION AND REGISTRATION ................................................................................................................ 5
OVERVIEW ................................................................................................................................................... 6
Merak Mail Server Professional.............................................................................................................. 6
CONTACT US ................................................................................................................................................ 6
1. GETTING STARTED............................................................................................................................... 7
REQUIREMENTS ............................................................................................................................................ 7
INSTALLATION .............................................................................................................................................. 7
2. CONFIGURATION .................................................................................................................................. 8
BASIC SETUP ................................................................................................................................................ 8
3. MAIN SECTION REFERENCE............................................................................................................ 12
BACKUP AND RESTORE .............................................................................................................................. 12
Configuration Restore ........................................................................................................................... 13
CONFIGURATION ADVICE ........................................................................................................................... 13
Remember!............................................................................................................................................. 13
SYSTEM ...................................................................................................................................................... 14
System Tab Server Fields ...................................................................................................................... 15
System Tab Server-State Fields ............................................................................................................. 17
System Tab Ports Fields ........................................................................................................................ 17
PROFESSIONAL ........................................................................................................................................... 18
OPTIONS ..................................................................................................................................................... 20
Options Tab Logging Fields.................................................................................................................. 21
Options Tab Other Fields...................................................................................................................... 22
Options Tab Other Fields contd........................................................................................................... 23
Options Tab Other Fields contd........................................................................................................... 25
SECURITY ................................................................................................................................................... 27
Security Tab Deny Fields ...................................................................................................................... 28
Security Tab Content Filter Fields ........................................................................................................ 28
Security Tab Tarpitting Fields............................................................................................................... 32
Security Tab Watchdog Fields............................................................................................................... 33
Security Tab Antivirus ........................................................................................................................... 34
Setting up the External Antivirus........................................................................................................... 36
DELIVERY................................................................................................................................................... 37
Delivery Tab Delivery Fields contd ..................................................................................................... 38
Delivery Tab Delivery Fields contd ..................................................................................................... 39
Delivery Tab Delivery Fields contd ..................................................................................................... 41
Bypass files ............................................................................................................................................ 42
Delivery Tab Connection Fields............................................................................................................ 42
ACCOUNTS ................................................................................................................................................. 44
Import Windows NT Users ................................................................................................................. 44
ACCOUNTS (DOMAIN) ................................................................................................................................ 45
Accounts Tab Domain Fields ................................................................................................................ 46
Accounts Tab Domain Fields contd ..................................................................................................... 47
Accounts Tab Domain Fields contd ..................................................................................................... 49
ACCOUNTS (USER) ..................................................................................................................................... 50
Accounts Tab User Fields contd .......................................................................................................... 51
Accounts Tab User Fields contd .......................................................................................................... 52
Accounts Tab User Fields contd .......................................................................................................... 53
Accounts Tab User Fields contd .......................................................................................................... 54

2
Merak Mail Server (Aug 2002)

Accounts Tab User Fields contd .......................................................................................................... 55

ACCOUNTS (MAILING LIST)........................................................................................................................ 58
Creating a Mailing List ......................................................................................................................... 59
Creating a Mailing List contd .............................................................................................................. 60
Options Tab ........................................................................................................................................... 60
Add to subject ........................................................................................................................................ 60
Send to Sender....................................................................................................................................... 60
Copy to Owner....................................................................................................................................... 61
Join/Leave File ...................................................................................................................................... 61
Header File............................................................................................................................................ 61
Footer File............................................................................................................................................. 61
Moderated Mailing List / List Server..................................................................................................... 61
Deny EXPN............................................................................................................................................ 61
Max Mail Size........................................................................................................................................ 61
Members Only ....................................................................................................................................... 61
Sender of the message is the originator................................................................................................. 61
Creating a List Server ........................................................................................................................... 62
Header File............................................................................................................................................ 62
Footer File............................................................................................................................................. 62
Moderated Mailing List / List Server..................................................................................................... 63
List Server Commands : ........................................................................................................................ 63
JOIN or SUBSCRIBE ............................................................................................................................ 63
LEAVE or UNSUBSCRIBE ................................................................................................................... 63
LISTS ..................................................................................................................................................... 63
WHICH.................................................................................................................................................. 63
RECIPIENTS or REVIEW ..................................................................................................................... 63
HELP ..................................................................................................................................................... 63
ACCOUNTS (EXECUTABLES)....................................................................................................................... 65
ACCOUNTS (REMOTE ACCOUNTS).............................................................................................................. 66
Accounts Tab Remote Accounts contd ................................................................................................. 67
ACCOUNTS (STATIC ROUTES)..................................................................................................................... 69
Accounts Tab Static Routes contd ........................................................................................................ 70
ACCOUNTS (NOTIFICATION) ....................................................................................................................... 71
Accounts Tab Notification contd .......................................................................................................... 73
WEB ADMIN ............................................................................................................................................... 74
PROXY SERVER .......................................................................................................................................... 76
SECURE CONNECTIONS............................................................................................................................... 77
What does the warning mean? .............................................................................................................. 77
4. MERAK MAIL SERVER POWER PACK........................................................................................... 79
POWER PACK.............................................................................................................................................. 79
ICEWARP WEB MAIL ................................................................................................................................. 79
MERAK MAIL SERVER WEB CONFIGURATION ............................................................................................ 80
5. TUTORIALS............................................................................................................................................ 81
MAILING LIST ............................................................................................................................................. 81
Setup Tasks ............................................................................................................................................ 81
RELAYING AND THE "...WE DO NOT RELAY" MESSAGE)............................................................................... 88
SECURITY (RELAYING AND SPAM).............................................................................................................. 89
All .......................................................................................................................................................... 89
Internal Use........................................................................................................................................... 89
External Use .......................................................................................................................................... 90
Internet Service Provider .......................................................................................................................90
Internet Service Provider .......................................................................................................................90
6. LDAP ........................................................................................................................................................ 92

APPENDIX A - SETTINGS FOR COMMON ANTIVIRUS PROGRAMS .......................................... 99

McAfee VirusScan (tested 4.7.0)............................................................................................................ 99

3
Merak Mail Server (Aug 2002)

F-Prot .................................................................................................................................................. 100

Dr.Solomons (tested at 4.0.3a) ............................................................................................................ 100
AVG Antivirus (tested at 6.0)................................................................................................................100
Norton Antivirus (tested at Corporate Edition and Standard) .............................................................101
APPENDIX B - MIGRATING TO MERAK MAIL SERVER ............................................................. 102

APPENDIX C - AN OVERVIEW OF HOW MERAK MAIL SERVER WORKS ............................. 103

Services................................................................................................................................................ 103
Files & Directories .............................................................................................................................. 103
Mail Sending & Receiving ................................................................................................................... 103
APPENDIX D - DNS AND MX RECORDS............................................................................................ 105
DNS - Understanding and getting it working with your mail server................................................... 105
How does DNS work?.......................................................................................................................... 106
Types of DNS record ........................................................................................................................... 107
The MX Record.................................................................................................................................... 107
Things to Check ................................................................................................................................... 108
APPENDIX E - API................................................................................................................................... 109
THE API ................................................................................................................................................... 109
USING THE API......................................................................................................................................... 109
DELPHI ..................................................................................................................................................... 111
VB ........................................................................................................................................................... 111
Get Domain List .................................................................................................................................. 115
Loading Domains and Users ............................................................................................................... 115
Changing Settings................................................................................................................................ 116
Saving Domains and Users ................................................................................................................. 117
Creating Domains and Users .............................................................................................................. 118
APPENDIX F - USERS & DOMAINS COMMAND LINE TOOLS .................................................... 119
USERS & DOMAINS COMMAND LINE TOOLS ............................................................................................ 119
USERS USAGE .......................................................................................................................................... 119
Adding a user ...................................................................................................................................... 120
Deleting a user .................................................................................................................................... 120
Editing a user ...................................................................................................................................... 120
Listing a user ....................................................................................................................................... 120
Exporting and Importing users............................................................................................................ 120
DOMAINS USAGE ...................................................................................................................................... 121
Adding a domain ................................................................................................................................. 121
Deleting a domain ............................................................................................................................... 121
Editing a domain ................................................................................................................................. 121
Listing a domain.................................................................................................................................. 121
Exporting and Importing domains....................................................................................................... 122

4
Merak Mail Server (Aug 2002)

Copyright Notice
Copyright 2002 IceWarp Software. All rights reserved.

Windows 2K, XP, NT, 9x, ME are registered trademarks of Microsoft Corp. All other trademarks are
owned by their respective companies.

Disclaimer
The software is provided as is without warranty of any kind. To the maximum extent permitted by
applicable law, we further disclaim all warranties, including without limitation any implied warranties
of merchantability, fitness for a particular purpose, and non-infringement. The entire risk arising out
of the use or performance of the product and documentation remains with the recipient. To the
maximum extent permitted by applicable law, in no event shall we be liable for any consequential,
incidental, direct, indirect, special, punitive or other damages whatsoever (including, without
limitation, damages for loss of business profits, business interruption, loss of business information,
or other pecuniary loss) arising out of this agreement of the use of or inability to use the product,
even if the author of the product has been advised of the possibility of such damages.

License Agreement
You should carefully read the following terms and conditions before using this software. YOUR USE
OF THIS SOFTWARE INDICATES YOUR ACCEPTANCE OF THIS LICENSE AGREEMENT AND
WARRANTY.

Evaluation and Registration

This version of Merak is an expiring shareware copy. Subject to the terms below, you are hereby
licensed to use this software for evaluation purposes without charge.

If you continue using Merak Mail Server beyond a 30-day period, you are required to
register the product.

After registering, you will receive a license number with a license key which will make the program
fully registered. This key is PERSONAL and you are not allowed to distribute it further.

Provided that you verify that you are distributing the Shareware Version, you are hereby licensed to
make as many copies of as you wish, give EXACT copies of the original version to anyone and
distribute the software and documentation in its unmodified form via electronic means.

You are specifically prohibited from distributing the software and/or documentation with other
products (commercial or otherwise) without prior written permission from IceWarp Software.

5
Merak Mail Server (Aug 2002)

Overview
Merak is a fully featured, completely secured open standards-based mail server for the Windows
environment. It is a market leader and appeals to companies of all size as well as ISPs.

Merak supports the full range of SMTP/POP3/IMAP4/HTTP protocols (all of them can be SSL
secured), can be administered via a secure web connection, has functionality for Content Filtering,
Static Routing, Mailing Lists, Anti Virus, and Anti Spam / Anti Relaying features.

Quite simply Merak Mail server is a very complete mailserver system that provides everything your
company needs to manage its e-mail communications with a state of the Art Software Program that
works with existing technologies and is ready for the technologies that are coming down the road.

Important note is that a possible network of Merak mail servers could create completely secured
TCP/IP transfers using the TLS/SSL method. Merak already supports that and when
communicating with another Merak all transfers are secured and cannot be monitored.

Merak Mail Server Professional

Merak Mail Server Professional is the professional version of the mailserver. It offers support for
more than million accounts (Mailboxes) and comes bundled with IceWarp Web Mail. (IceWarp Web
Mail is a fully featured Web Based e-mail reader program that integrates fully with Merak Mail
server). The Professional version is also faster, and has more system requirements than the
standard version. It has an ODBC connectivity.

Contact Us
Please do not hesitate to contact us with your suggestions for new features. To see the latest Price
List, or Purchase the Products, please visit the website or send us e-mail at:

E-Mail [email protected]
Support [email protected]
Website http://www.icewarp.com/
Fax +1(240)5254912

6
Merak Mail Server (Aug 2002)

1. Getting Started

Requirements
In order to use Merak you need a computer with the following specifications:

Windows 2K, XP, NT, 9x, ME (all versions) for Intel based platforms.
Network environment using TCP/IP Protocol.

Installation
The software is shipped as a zip archive. To extract the files you will need a utility like Winzip or
similar http://www.winzip.com/.

If you are using a recent version of Winzip, you only need to use the Install button on the toolbar.
Otherwise extract the installation files into a temporary directory example C:\temp\merak and from
there run the Setup program.

Read the software license agreement.

Change the installation directory if required.
Use the Install button to install the software.

The software will be installed and started. Merak

Mail Server is now ready for use!

The temporary directory is now no longer needed

and can be removed. (If you used the install
feature of Winzip this is automatically done for
you)

To check your installation, open up the Merak

configuration applet from the Start Bar -> Programs
or the Control Panel.

Check that all 3 services (SMTP, POP3 and

Control) are running (green lights). If they are not
running then there is a conflict with other services
running on that machine (a typical problem is that
Microsoft SMTP server is running - this is installed
with IIS - so stop that service).

Proceed when all three services are running. (Three

green lights)

7
Merak Mail Server (Aug 2002)

2. Configuration

Basic Setup
The following steps will set some of the basic (once only) setup on the server. To begin, open the
Merak configuration applet.

1. Change the Mailserver Hostname from mail.domain.com to your own. This can be any host
name, but must not be left empty and contain spaces. It is the name with which the server
introduces itself to other mail servers. It will most likely be mail.{yourdomain.com}

2. Use the Test DNS button. If does not work enter the hostnames or IP address of at least
one DNS server in the DNS field. Make sure you read the DNS Appendix section. If you are
not sure about your DNS leave the default one. It will work. However, if you put an incorrect
one here it will not work.

The next step is to create some accounts. In this example we will assume that the mailserver is
acting for the domain icewarp.com. At the very least we want to create a default account for the
icewarp.com domain, but first we need to define the domain.

Navigate to the Accounts tab :

8
Merak Mail Server (Aug 2002)

3. Enter the name of the domain in the Name field. In our example it will be icewarp.com

4. Enter a description. Anything here.

5. Fill in a default email account for the administrator aliases of postmaster, admin,
administrator, supervisor, hostmaster. The suggested alias is admin. NB This email
address can be external, so could be a common email address for an administrator who
looks after multiple domains. Do not forget to create that account then.

6. Click on the top Save button (just above the domain information).

If you expand the domain icewarp.com your Account panel should now look like this :

9
Merak Mail Server (Aug 2002)

Now we need to add the user admin as it has been referred to as the administrator alias for
the domain. It is likely that other users would also be added at this stage.

7. Right click on the Users branch, go to Add and then onto New User.

10
Merak Mail Server (Aug 2002)

8. Enter the alias admin. The mailbox

field will auto fill to admin also.

9. Enter a password and confirm by

retyping into the confirmation field.

10. If required, enter the name of the

administrator for reference purposes.

11. This is enough information to satisfy the

basic requirements. Now click on the
Save button.

12. Make sure to test your server not to be

open relay at
http://www.abuse.net/relay.html. Simply
specify your IP address of the server
and test it.

In order to test out the mail

server you will need to setup a
new account in your mail
program.

The account type is a POP3

server.

The incoming and outgoing mail

server is the IP address of the
machine which is running Merak.
The IP address 127.0.0.1 is
always a local machine IP.

The account name and

password is the same as the
account we setup above.

The domain now has enough

setup information to be used. Try
sending mail to
[email protected]!

(Screenshot taken from

Outlook2000 - other mail
programs will differ)

11
Merak Mail Server (Aug 2002)

3. Main Section Reference

Backup and Restore

Under the File menu is an option to back up configuration data. This includes all setup, domain and
user account information plus the license key, it also includes the contents of the entire Config
directory. It is recommended to do a backup after the final configuration including your license
information.

Upon choosing the option the Backup Settings dialog box is shown. Active and Backup to file will
only be relevant if a backup is scheduled.

Click on Manual Backup, then choose a file to save the configuration information into. It is
recommended that this file is kept somewhere safe such as written to a removable media and taken
offsite regularly.

Rather than remembering to take regular backups, Merak can schedule these in. Check the Active
checkbox, enter a location and filename, then use the Schedule button. Choose the Add button to
add a new schedule, or edit the existing one.

12
Merak Mail Server (Aug 2002)

Merak comes with a comprehensive scheduler. The backups can be done at a particular time, or
time interval for certain days of the week, or between a start and end time.

Configuration Restore

Choosing the Restore option under the File Menu will prompt you for a file containing backed up
data. Once a file is chosen and opened the configuration will be restored. So use this option
carefully in order to prevent overwriting your config with an old version.

Should a server have to be rebuilt and all software freshly installed, this provides an excellent way
of retrieving all the users account information without retyping.

Also, the license key is backed up with the configuration. Therefore it is a good idea to make a
backup as soon as the product has been registered!

Configuration Advice

Every customer has different requirements and demands on a product. As creators of the product
We listen to you and improve the product constantly. Visit our website frequently, and check out the
improvements or suggest a few of your own. As a result the Merak Mail Server is one of the most
configurable and powerful on the market.

However, as the levels of configuration increase, so does the complexity and knowledge required in
such matters.

When considering Merak it is important to know your own requirements and match Merak to those.
The most common problem that we deal with is when customers enable all levels of security, make
some mistakes with the configuration and end up with a mailserver that cannot send or receive e-
mail.

Remember!

Only set options where they are required.

Read the manual and understand the implications of the settings.

Backup your configuration regularly.

Only make changes one at a time.

Test Merak after making single changes. Write down the changes you are making, so that
you can go back to the prior option should a problem arise.

Follow these rules and you will have no problems.

13
Merak Mail Server (Aug 2002)

System

This is the first tab of the config applet, and shows an overview of what is happening as well as the
rudimentary settings.

The panel at the bottom shows what is happening to Merak in real-time. Current connections and
data transferred to date are shown.

By default the control panel applet connects to the localhost. If you wish to connect to a remote
Merak server use the Connect button, then enter the hostname, port, admin user and admin
password.

The admin user can be any user account which has the Administrator privilege.

14
Merak Mail Server (Aug 2002)

System Tab Server Fields

Field Description

Mailserver Hostname This specifies the name of the mail server computer. It must not
be empty. It is used when the mail server authenticates itself with
other mail servers. Typically it would be mail.{yourdomain.com}
Basically it should the host name of your mail server which has
been registered on DNS.

SMTP Relay Server If this server is not going to be sending out email directly (it may
be a small company server on dialup to the Internet which
passes mail to the ISP mail server) then it will need to relay the
mail to a server capable of sending. This field specifies the
hostname or IP address of the relay server.

You can also use the SMTP AUTHentication when relaying. The
same syntax applies to all host options in Merak. You simply
need to specify the the host name in the complete URL form:

username:password@hostname

Eg:
customer01:[email protected]

DNS If this server is to be used to send out mail itself, then it will need
to lookup DNS MX (Mail Exchange) records for external
domains. Enter the hostname or IP address for DNS server(s)
here. Separate multiple entries with a semicolon. Always use the
Test DNS button.

Make sure you read the DNS Appendix section.

Relay / Use DNS Lookup Specifies which method is to be used for mail delivery.

Server Statistics The Config program will connect to all services and the statistics
from them every 5 seconds via PIPEs.

Config\hosts.dat - Static IP domain delivery (for LAN and intranets)

A special delivery mode is available for static IP delivery inside private networks, among multiple
mail servers, when no DNS server is available.
If a hosts.dat file is found in the Config subdirectory, Merak will override the normal MX record
resolution (DNS Lookup mode) and provide a static domain to hostname/IP address mapping.
The syntax is as follows:

<domain>=<hostname>
or
<domain>=<IP address>

Example:

15
Merak Mail Server (Aug 2002)

domain1.local=mainserver
domain1.local=192.168.0.100

To restore the normal DNS Lookup mode, simply remove hosts.dat from the Config directory.

Click on the Service Settings button. This brings up the advanced service settings.

Field Description

SMTP Client The max number of simultaneous connections to another SMTP server.
Channels

POP3 Client The max number of simultaneous connections to another POP3 server when
Channels collecting mail via POP3.

SMTP / POP3 The Cache Thread specifies the maximum number of threads that can be reused
/ IMAP 4 / for new client connections. Each new connection that is accepted by the server is
Control given a separate execution thread. In order to improve performance, server
Thread Cache sockets store these threads in a cache rather than freeing them when the
connection is closed. New connections can then reuse threads from the cache,
rather than requiring the server to create a new thread every time a connection is
accepted. This can speed up the server.
Bind to IP Use this option to choose the adapters IP addresses that should be used by the
services. If this option is not used all adapters will be used. Multiple addresses
can be specified using semi-colon.

Make sure you use this option only if you know what you are doing. Do not use it
by default!!!

Disable Specifies that only the frst CPU will be used on multi CPU machines.

16
Merak Mail Server (Aug 2002)

Multiple CPU
Support

Packet Delay If the server is on a very fast connection (eg local LAN) the speed at which Merak
(Outgoing & works might impact on other services performance. Use this option only when
Incoming) you are sure you need it. You do not need with a 128k and less connection at all.

Protocol Merak is a very fast mail server and although all supported Internet protocols are
Response synchronous and work with most of the mail clients properly there are some mail
Delay clients that get confused by the speed of Merak. We are talking about Outlook
2002/XP. Microsoft made an implementation bug. If you put here 10 it will work
just fine.

Session Specifies the amount of time in seconds of session inactivity. If this number is
Inactivity exceeded the session will be automatically ended and timed out.
Timeout

DNS Timeout Specifies the timeout for the DNS Lookup function. If the DNS server does not
respond in this given time, the server found the DNS as not responding. The
default value is 20 seconds and can be lowered if you think your DNS server
responds in fewer seconds. You can test this with the DNS Query Tool.

Report Alias / The report alias is the alias that is added to the primary domain and is put into
Report Name the From: field when the mail system generates an automatic report such as
Undeliverable report, Disk space monitor report etc. The report name is the
name that comes before the report address.

Hide IP This option hides the IP address from the message's Received: MIME header.
Using this option no-one will be able to see the configuration of your local
network.

System Tab Server-State Fields

For each of the three services the status is showed along with start/stop control buttons. On
Windows9x platforms there is an Autostart checkbox which has the effect of starting the service
automatically on machine boot. (This functionality is standard using Windows NT/2000 Services)

System Tab Ports Fields

Each service is bound onto a TCP port number. This can be changed if need be, but the default
ports conform to Internet standards which would be required by ISPs. They work with most
installations. Do not change unless you understand what you are doing.

SMTP can have 2 listening ports. By that you can avoid your ISP's firewall blocking port 25.

17
Merak Mail Server (Aug 2002)

Professional

The whole Professional tab sheet is present only in the Professional version.

Field Description

Data This option lets you specify the type of the Merak DB that should be used. You can
Base choose from 3 different DB types:
Settings
Standard File System
Standard DB is the same as the Standard Merak version.

Professional Memory File System

Professional stores all accounts temporarily in memory and the speed is very high but
requires a large RAM.

ODBC
ODBC lets you store and access all accounts in any DB via ODBC. The DB system can
be any common DB such as MS SQL, MySQL, Oracle, MS Access, InterBase, Postgre,
Informix or any other.

Connection string contains all needed information to connect and communicate with a
DB:
DSN;username;password

18
Merak Mail Server (Aug 2002)

Eg.:
mailserver;sa;sapass

Always use the Test Connection button to find out the connection string is constructed
properly.

Sometimes you might need to tell the DB ODBC engine not to use the ODBC Cursors
or to use Magic Quotes (for MySQL). You have to create the DB.INI file in the Merak
directory. It has the following structure:
MagicQuotes=1
ODBCCursors=0
OracleSyntax=0

Note: MySQL users should use myODBC 3.51

Before using the server you need to create the tables structure in the DSN first. Use the
Create Tables button.

ODBC Settings step by step:

1. Create a System DSN in the ODBC Data Sources to connect to your DB.

2. Create the proper Connection string in the DB settings of Merak. Check with the Test
Connection button.

3. Save the settings.

4. Click the Create Tables button.

5. If successful you can import the previous Merak users by clicking the Convert To
ODBC button.

5. Press F5 to reload and you are ready to go.

Please use the Conversion buttons with caution. Conversion must be done only once to
an empty DB or empty Merak File System.

ODBC You can set the logging system so it inserts log into any DB system using ODBC. Set
Logging the connection string and create the tables.

LDAP Please, see the whole LDAP Section.

Server Server monitor lets you see the server traffic statistics, active sessions for all services
Monitor and session history. It can also let you view the session logs if logging is activated.

19
Merak Mail Server (Aug 2002)

Options

This tab lists all the options which are relevant to the operation of Merak as a whole.
The directories section specifies where Merak creates various files. The directories need not be
created in advance, Merak will create all directories as required. Also, the file path.cfg (in the Merak
directory) can be edited when needed - first line specifies where the Config directory is and the
second line specifies where the HTML directory is (for remote web admin).

Most of the text and configuration files can contain comments which is signaled by the "//" 2 slash
characters.

Field Description

Temp The Temp area is used to receive mail as it comes in. After the mail has been received
Path by Merak it is copied into the correct mailbox (or mailboxes!) and then removed from
the Temp area. This directory is automatically cleared when Merak starts up.

Mail The Mail path specifies a default directory under which the users mailboxes will be
Path created. For example, if we had a user called admin in the domain of icewarp.com then
the default directory for the admin users inbox would be
e:\merak\mail\icewarp.com\admin. This directory also contains the Outgoing queue
folder which is called Forward. This folder holds all messages to be sent out. If this
directory does not get empty there is something wrong with your internet or
configuration options.

20
Merak Mail Server (Aug 2002)

Log The Log path defines which directory logfiles are created in. These will be the
Path SMTP/POP3/IMAP4 and Control logfiles. Log files can be viewed from the Web Admin
or the Configuration program.

Options Tab Logging Fields

Field Description

Logging No Logging
Levels The logging is switched off.

Debug Logging
The most detailed logging will be used showing all service traffics.

Summary Logging
A summary logging is simply the most important information to be logged and
also the summary of the whole action for the service. In other words what would
take few lines for the Debug logging here it would take a single line with more
information.

Debug & Summary Logging

Both Debug and Summary logging will be used.

Logging 0 specifies no cache. Otherwise a log cache is specified in KB. Logs are kept in
Cache memory and flushed to disk when the cache has been exceeded.

Delete logs If logging is enabled it is usual to keep the number of logfiles to a manageable
older than : limit. The Delete logs older than: setting will do exactly this, it will delete old
logfiles after the set number of days has passed.

Output Debug If the Output Debug String is checked, whenever a log is switched the Windows
String API function OutputDebugString will be called with the event log value. This is
useful for online monitoring of the services and it can be done remotely. In order
to use this option, you have to have a tool that will display these messages, like
the DebugView/EE that can be found at: http://www.sysinternals.com/
Do not forget to switch on the option for CRLF Returns in the tool. Otherwise, it
will not display the messages.

User Statistics Checking User Statistics tells the server to log all user activity. For each user
it will record the size of and number of received, sent and sent out. It will even log
the activity of unknown and external users.

The user statistics logs can be exported by using

the Get User Statistics Logs button. The From and
To fields indicates the timescale over which to
obtain log entries. The Filter indicates multiple
filters separated by commas. You can enter here
email addresses or domains:

[email protected];merakmail.com

21
Merak Mail Server (Aug 2002)

The format of the use statistics log file is following:

Domain,Alias,Received,Received_Amount,Sent,Sent_Amount,SentOut,Amount_SentOut,Las
t Sent,Last Received,Last Login

Amounts are in bytes. You can import this file to any database or system analysis tool.
The last line of the log file contains statistics for external, unknown users and messages self
created.

To log a particular service, just select the logging type you need. Debug logging level is
recommended for SMTP.

The filename of the log files are of the format SYYYYMMDD.log

S = Service type (S)MTP, (P)OP/IMAP or (C)ontrol or (E)rror

YYYY = Year example 2000
MM = Month example 10
DD = Day example 23
rd
So P20001023 would be the POP3/IMAP4 log for 23 Oct 2000.

Options Tab Disk Space Monitor Fields

Field Description

Monitor Active Check the Monitor Active checkbox to enable the Disk Space Monitor. Merak
can monitor all of your HDs free disk space and can alert you by sending a
message to yur email address.

Minimal Disk Enter a figure (in Megabytes) into this field which will be used as a threshold.
Space When available disk space falls below this figure a warning will be sent.

Report This is the email address that the warning report will be sent to. Multiple email
Address addresses delimited by a semicolon can be specified.

You can also use the diskspace.dat file for more disks to monitor:
C=400
D=800

If the threshold is reached a warning mail will be sent out similar to below :

From: Mail Delivery Subsystem [[email protected]]

Sent: 23 October 2000 21:31
To: [email protected]
Subject: Warning: system report

Warning: system report

Disk Space Monitor has detected low disk space on drive D: 410 MBytes

Options Tab Other Fields

22
Merak Mail Server (Aug 2002)

Field Description

Use Default.ini This option specifies that the default.ini should be used always when adding a
File new user. The new user will be added with the defaults specified in the file. This
file is located in the main directory and can be edited via the edit button
This option is also valid for users created with the web admin tool but not the
command line users tool.

Use Domain This option indicates that specified domains should be checked for disk quota
Disk Quota when receiving new mail. If the quota exceeds the limit the mail will be rejected.
Any domains requiring a quota need to be specified in a file diskquot.dat (in the
Config subdirectory).The file can be opened with the edit button
The format of the file is as follows:

Domain=limit
Example:

usa.net=5192
*=10000

This would specify that all domains have a 10MB limit apart from usa.net which
has 5MB.

Options Tab Other Fields contd

Field Description

Domain If you have a large number of domains and users it is advisable to create the
Mailbox users mailboxes in the format of their email address e.g. [email protected].
Processing If you do, then enabling this option reduces mail authentication and login time -
Merak is able to find their domain faster as its specified inside the mailbox string.
Basically a performance option for large sites. You will not be able to use the
standard mailbox name format then. All your mailbox specifications must include
the domain name.

Use Welcome This option specifies that when a new user is created, a welcome mail will be
Messages saved into his mailbox. You can specify different messages for particular
domains and not all domains have to have the welcome message set.

The welcome mails must be created in separate text files. These text files are
referred to in the file messages.dat (in the Config subdirectory) which can be
opened for editing using the edit button

The structure of the file is as follows:

domain=filename

23
Merak Mail Server (Aug 2002)

Example.
icewarp.com=c:\merak\welcome.tmp

If a line specifies an asterisk as the domain, the specified welcome file will be
used for the rest of the domains. Remember that if you want to use this option,
the asterisk must be on the last line of the file because the following lines will not
be checked.
NB The welcome file must be a normal mail ie specify fields such as From:
Subject: etc and end the file with a carriage return, period (.) carriage return at
the end. It would be wise to send such message to any mailbox on the server
and then use the mail\domain\mailbox\xxxxx.tmp. Example:

From: Support <[email protected]>

To: All new users
Subject: Welcome our new user

Dear new user,

we would like to welcome .....

Use Header / This option allows to insert headers and footers into messages automatically.
Footer You can specify either a header, a footer or both. This option works together with
the file tags.dat (in the Config subdirectory) which can be opened for editing
using the edit button
Placing tags.dat in the domain config directory overrides the global settings.

The structure of the file is as follows :

Headerfilename (for local senders)
Footerfilename (for local senders)
Headerfilename (for local recipients)
Footerfilename (for local recipients)

These are standard text files containing header or footer text.

The first two lines are for messages having a sender that belongs to a local
domain. The next two lines are for messages having a recipient that belongs to a
local domain.
If you do not wish to use a header or a footer, just leave the corresponding line
blank. Only plain/text files can be used.

Example:
c:\merak\sendheader.txt
c:\merak\sendfooter.txt
c:\merak\recvheader.txt
c:\merak\recvfooter.txt

There will be 3 possible situations:

1) Local sender, local recipient: both From: and To: e-mail addresses
belong to local domains. Then all four lines of tags.dat are inserted in the
message body.
2) Local sender, remote recipient: only From: e-mail address belongs to a
local domain. Then lines 1 and 2 of tags.dat are applied.
3) Remote sender, local recipient: only To: e-mail address belongs to a
local domain. Then lines 3 and 4 of tags.dat are applied.

You are free to combine lines 1-2 and 3-4 in tags.dat to obtain the desired result.

24
Merak Mail Server (Aug 2002)

Options Tab Other Fields contd

Field Description

Convert % To This option is for administrators who use full email addresses as usernames and
@ Netscape and Mac users who cannot use @ in the login name. With this option
enabled Netscape and Macintosh users can login as name%domain.com and
the authentication engine will convert this to [email protected]

Use Domain This option controls the number of accounts that can be created in a domain by a
Admin Limits domain administrator from Web Admin. The domain and their corresponding
limits are specified in the text file limits.dat (in the Config subdirectory) which can
be opened for editing using the edit button

The structure of the file is as follows :

Domain=xx

Example:
usa.net=10
*=20

This would specify a maximum of 10 accounts in the usa.net domain and 20 in all
others.

Use SMTP This is the text that will be displayed whenever a client contacts the server to
Policy Banner send mail. Using the edit button will bring up the text editor, enter some text
then close the window and either save or discard your changes.

NB You may have to stop the SMTP service to enable editing. Here is an
example. All the text beginning with the line of asterisks was entered.
220-mail.domain.com ESMTP Merak 2.10.350; Sun, 22 Oct 2000 14:32:28 +0100
220-*********************************************************************
220-* Secure Mail Server *
220-* *
220-* All connections are logged! *
220-* This server employs antivirus and antispam technology *
220 *********************************************************************

Server Title When connecting to Merak server it gives the response above including the
Merak and version on the first line. Sometimes you want to put a different text
value there so nobody knows it is Merak. Create a file called config\servertitle.dat
and edit the first line to match the Merak name you want.

Safe If this option is checked, when a user account is deleted and the confirmation
Confirmation warning given, the default button action will be No.

Hide Systray This option specifies that the systray icons should not be visible in the Windows
Icons 9X environment for the selected services.

Header Merak lets you to change the domain name of the originator recipient. When
Conversion sending a message this option converts the domain name to the new one
specified in this file config\headerconvert.dat. The structure of the file:

25
Merak Mail Server (Aug 2002)

{olddomain}={newdomain}
{olddomain}={newdomain}

Eg.:
merakmail.com=icewarp.com
usa.net=netaddress.com

26
Merak Mail Server (Aug 2002)

Security

This tab allows the configuration of powerful security options.

Field Description

Firewall active This enables the firewall functionality which is defined in the following 3 fields.
Basically this is not an anti relaying feature. It is a firewall and that means only
the specified IP addresses will be able (or not) connect to the server. Not talking
about sending or receiving messages. It is about connecting. If the Grant
checkbox is unchecked the listed IPs will not be able to connect. If it is checked
only the listed IPs will be able to connect.

SMTP These fields are used to list IP addresses or subnets. The format can be
POP3/IMAP4 aaa.bbb.ccc.ddd or *.*.*.*. or a range a-b.*.*.* The asterisk stays for the subnet.
Control The minus stands for a range between a and b. Entries are separated by semi-
colon delimiters ;.

Disable This will prevent anyone from using the ESMTP service. If a remote server
ESMTP issues the EHLO command Merak will reply with an error code. Outgoing SMTP
connections will not use ESMTP and will use the standard SMTP commands.
This is sometimes desirable when remote servers and routers/proxies have
implementation bugs. Should be switched off.

Deny VRFY This prevents anyone from using the VRFY command to check whether a mail

27
Merak Mail Server (Aug 2002)

account exists on the server or not. If a remote server issues the VRFY
command Merak will reply with a not supported error message. You can leave
this option switched off.

Security Tab Deny Fields

Field Description

Deny EXPN This prevents anyone from using the EXPN (expands and returns the users in a
mailing list). If a remote server issues the EXPN command Merak will reply with a
not supported error message. Suggested to have switched on.

Deny Telnet This prevents anyone from using telnet to access the ports used by Merak.
Normal keyboard operations are interfered with. Should be switched off. Our
support team cannot test your mail server via telnet when switched on to help
you.

Disable Web This prevents anyone from using the web administration functions of Merak
Access (default port 32000). Access denied is returned.

Disable SMTP If set, the server will not accept the SMTP AUTH command. Removing this
AUTH setting allows the clients to specify authentication for their outgoing mail server.
Following AUTH schemes are supported: LOGIN, PLAIN, CRAM-MD5

This option works in conjunction with the Relaying From control. The Relaying
From control needs to be switched on otherwise no authentication will be
required. The IPs specified in the Relaying From control do not need to SMTP
AUTHenticate. All other IPs have to authenticate in order to relay messages.

Domain Admin If set, this allows domain administrators to read the contents of other users
mailbox mailboxes.
viewing

Message If set, this allows domain administrators and administrators to read the messages
Viewing in other users mailboxes.

Max bad This specifies the number of bad commands Merak will accept on a connection
commands before closing the port.

Secure Web If set, then all file paths are checked to be in the Config path and above from
Admin Web Admin. This prevents user access to important files.

Security Tab Content Filter Fields

Merak has a very powerful content filter tool which allows a whole host of functionality based on
message content. Messages can be forwarded, trashed, rejected or allowed, or programs/DLLs
can be executed. You can even create a filter for attachments and use laymans logic. Filters are

28
Merak Mail Server (Aug 2002)

issued for all messages passing thru Merak (incoming and outgoing). Activate the filter and Click
the Content Filter to edit filters.

29
Merak Mail Server (Aug 2002)

The screen shot above demonstrates the laymans logic for content filters. It shows that no .exe
attachment can be send to this mail server. That means even user Jakub cannot receive such
messages. However, Jakub can receive .com attachments whereas nobody else can receive .com
attachments.

Content filters can be added, edited, deleted and moved. Use the buttons to do that.

Field Description

Active Specifies the state of the content filter. You can either have the filter active or
inactive (Y - Active, N - Inactive).

Boolean This field specifies whether active filters will be allowed (Y - Allow, N - Reject).

Title A descriptive text

Editing a separate content filter item

This window specifies the purpose of a content filter.

30
Merak Mail Server (Aug 2002)

Field Description

Active This check box tells the server this filter is active and should be used

Use an Is used instead of the Filters button. The executable should return whether the
executable as filter is true or false. See more information in the Static Routes section
a condition

Action Area This area specifies what action should be taken when the filter meets specified
criteria.

Reject/Allow/ You can either Reject the message or Allow to come through. Continue
Continue/Tras specifies that following content filters in the list should be processed no matter of
h the action. Trash deletes the message

Forward To Specifies email addresses that the message should be sent to

Execute This option can run your own application or library. See the static routes for more
information.

Filters
Filters specify multiple filter criteria. Each filter relate to a following and previous filter with a boolean
operator And, Or. You can have as many filters as want.

To manage filters use the buttons.

Field Description

Item Item contains the message item such as Attachment name, MIME header
(From:, To:) etc. The list box next to it is the logical condition. Text specifies the
value that should be checked in the message.

There is a special item 'Customer Header' which lets you specify your own MIME

31
Merak Mail Server (Aug 2002)

header. You have type in the Text field exactly the same string as in the
message itself. Eg. 'X-Mailer: Web Mail'.

The example above illustrates a filter for attachments containing .exe, .com, .dll,
.vbs. It is highly recommended to use the Contains List condition for multiple text
items separated by semicolon. It is the fastest method of having a content filter.
The message will be checked and opened only once for checking this condition.
If you create multiple attachment filters the message will be opened and checked
multiple times and that can result in a big CPU usage and a time consuming
issue.

Example:
To create an anti spam filter that would check an emptiness of the To and From
MIME headers the Filter list window would look like this. Use a boolean operator
Or and the conditions should be:
To: Is ''
Or
From: Is ''

The '' stands for an empty string. When editing the Text field leave it completely
empty.

You should be careful with using items Attachment and Body. You should keep
as least as possible filters like that. Each filter having this item opens the
message file separately and it can result in a high CPU usage and long time to
process all filters for long messages.

From Host If a message was sent from this host

Mesasge Size Specifies this size criteria

All This filter will be always true

Forward To Specifies email addresses that the message should be sent to

Security Tab Tarpitting Fields

Merak provides a great feature called tarpitting. When Tarpitting is active Merak checks for
unsuccessful attempts to deliver messages to unknown users by external or local non existing
users. If the number of attempts in a session exceeds the Count field the IP address of the sender
will be remembered for the Period and no access from that IP address will be allowed within the
period.

Basically this options serves as a protection from spammers trying to spam your mail server
accounts. Spammers usually have a dictionary of aliases they try to deliver to your domain. Once
the count of unknown aliases exceeds the limit they will not be able to spam you any more for the
given period of time.

Sometimes you might want to enable some IP address and do not want to wait for the period to
expire or simply specify a white list. The file is called Config\tarpitbypass.dat and contains the white
list IP addresses.

32
Merak Mail Server (Aug 2002)

Security Tab Watchdog Fields

Merak provides a self checking option which will restart services in the highly unlikely event that
they fail or somebody stops them.

In order for the Watchdog functionality to work the Control service must also be running. The
control service will check (in the interval specified) to see if the required services are still running. If
not, they will be restarted automatically.

Static Filters

Static Filters are special DLL filters that are loaded in memory and each time a message is received
filters are applied to it. The format for the DLL file is the same as Content Filter DLL files using
Cdecl parameter passing.

The static filter settings are kept in the file config\staticfilters.dat. It has the following structure:

Title=<Title>
Filter=<Full path to the DLL file>
Message=<Message that gets displayed in the SMTP session>
SMTPMessage=<A complete message including the SMTP result code>
Enabled=<[0,1] If you want to disable the filter use '0'>

Multiple filters are separated by a blank line. Currently you can use the RegEx filter developed by
Doug Swallow and do not have to use the Content Filter.

Example:

Title=Reg Ex Filter
Filter=c:\filters\mregexflt.dll
Message=Reg Ex Filter Rejection
Enabled=1

Title=LF Filter
Filter=c:\filters\lffilter.dll
Message=Contains bare LF
SMTPMessage=551 5.7.1 Message contains bare LFs (violates RFC822)
Enabled=1

33
Merak Mail Server (Aug 2002)

Security Tab Antivirus

Merak supports full virus checking and has an integrated antivirus built-in using the awarded
AVAST engine. When configured use the Send EICAR Virus Test Message to test your antivirus
settings.

Field Description

Enable Server If checked, all mail sent thru Merak will be checked for viruses. This is the most
Antivirus secure option.

Use Integrated This option will make Merak to use the built-in antivirus engine. The engine is
Antivirus fast, multithreaded and has been awarded with 100%.

External This button lets you use other external antivirus packages. See the end of the
Anvirius antivirus section for more information.

Scan All This option will make Merak to parse all message parts. That means not only the
Message attachments will be parsed for the antivirus to be scanned but all message parts.
Parts This is much more efficient and powerful than scanning the attachments only.

Reject / By default all messages containing a virus will be rejected. However, you might
Remove not want to reject them but only remove the virus and the rest of the message
deliver to the recipient. In that case use the Remove check.

Quarantine Merak supports a quarantine option which lets you forward the infected message
Infected to any email address. The address can be local or external. The control accepts
Messages email addresses separated by semi-colon.

Notification To If checked, any emails which are found to have a virus will cause notification to
Administrator / be sent to the selected entity.
Recipient /
Sender

34
Merak Mail Server (Aug 2002)

Field Description

Active Update Active Update is a system which enables antivirus updates immediately after they
Email Trigger have been released. Particularly we shall keep your email address on our server
and once a new update has been released we shall immediately send you an
automated message that will fire up an update procedure on your mail server.

Update This option lets you configure the update schedule.

Schedule

35
Merak Mail Server (Aug 2002)

Field Description

Bypass File Like any other filter option Merak lets you bypass scanning of some messages.
The bypass file can contain email addresses, IPs and other things specific to
bypass files.

Setting up the External Antivirus

Note: For Windows 9x and DOS command line scanners always do the following:

Make a shortcut link (a .pif file) to the executable.

Set the properties of the shortcut link to close the window on exit.
Use the shortcut link as the executable.

Click on the External Antivirus button. This will bring up a panel where the third party virus
scanners may be configured.

Enter the path and executable name in the Virus Scan Application field.
Enter any parameters in the Parameters field.
Return Values you can be either empty in that case the interval is 1-* or you can specify
your return values. Example: 1;2;4;8-255. See the exit codes of your antivirus application.
You can also specify the timeout for the antivirus. TIMEOUT=0, or TIMEOUT=30. By
default TIMEOUT is set to 30 seconds. 0 stands for no timeout.
File Deleted Checking is for such antivirus programs that do not return the exit code
properly. In such case tell them to delete the infected files. Merak will recognize this and will
assume the file was infected. This option is recommened to be used with Norton Antivirus.

The parameters will be different for all packages, but look for parameters which turn off
memory/bootsector scanning, archive parameters so .zip and .arj files contents are
scanned etc.

For more examples see the Antivirus Appendix.

36
Merak Mail Server (Aug 2002)

Delivery

The fourth tab, delivery, allows the configuration of even more security features as well as resource
management on the server.

Field Description

Max message Specifies the maximum message size that can be sent through the mail server.
size When a message exceeds this limit, it is rejected.

Search for If a message is sent to [email protected] but xyz is an unknown alias, checking
alias in other this option will make Merak to check for the alias in other domains. So if it finds
local domains [email protected] it will give the message to that user instead. Might be
sometimes dangerous.

Activate Merak will obey special headers like Return-Receipt-To and Deferred-
Message Delivery. If an email is received with a Return-Receipt-To header Merak will
Header automatically reply to say the mail has been received. NB This is not the same as
Functions the receipt notification features in Outlook. Deferred delivery defines when a mail
is to be delivered (only for outgoing messages).

Reject if Another security check is to receive mail only if the sender is a valid email
originators address. Checking to see if the senders domain has a Mail Exchange DNS
domain has no record is one way of doing this. If checked Merak will perform a MX lookup and
MX record reject the mail if no MX record exists. Sometimes when you have incorrectly

37
Merak Mail Server (Aug 2002)

configured your DNS server this can cause real harm.

Reject if This security option check is to receive mail only from servers that have reverse
sender's IP DNS PTR record (rDNS).
has no rDNS

Delivery Tab Delivery Fields contd

Field Description

Do not relay if Merak will only forward mail if the senders domains is one of those setup in
originators Merak. It will not allow empty email addresses to send messages out. It is not
domain is not recommended to use this option.
local

Relaying from If checked, this specifies that only listed IPs are allowed to send mail through the
SMTP server out. The local machine (127.0.0.1) should always be specified. IPs
and domains are separated by a semicolon delimiter. For example,

192.168.1.*;127.0.0.1;194.213.224.5-20

If you have a large number of entries then it may be easier to use the file
relay.dat (in the Config subdirectory) to specify the IPs and domains.
The format is each record on a separate line. For example,

192.168.1.*
127.0.0.1

This is the most powerful and safe option to use for you to be spam protected.

Make sure you do not switch this option off. It is really needed. Please, read the
appendix section about relaying and we "we do not relay" message.

POP3 before If a client connects to the POP3 or IMAP service (to check mail) and is
SMTP authenticated, then the clients IP address is remembered for the timespan
specified. Within that timespan, the client is allowed to use the SMTP service.
The timespan is specified in minutes. This option does not affect Relaying from
by default.

No Auto Specifying domains here will prevent an autoresponder from firing. Each user
Responder has a personal No Auto Responder file in the mailbox folder called
norespond.dat which has the same format. Email addresses and domains
separated by semi-colons.

Bad Mail This option requires an email address or addresses (separated by semi-colon)

38
Merak Mail Server (Aug 2002)

Address which will be used in any case of an undeliverable message which cannot be
send back to the sender. These are messages with empty "from", server
generated messages, sender's mailbox is full etc. The email address can be any
email address including local and external.

Use TLS/SSL Specifies that all outgoing messages will be forwarded using the STARTTLS
ESMTP command. If the remote mail server supports TLS/SSL messages will be
transferred in a secured manner using the Secure Socket Layer (SSL). It is
similar to https protocol. Messages are not transferred in a plain text and nobody
can monitor the TCP/IP protocol. All Merak vs. Merak transfers will be completely
secured. It is recommended to use this option.

Retry with There are some lousy routers and proxies on the Internet that do not follow
SMTP RFC821 and do not support SMTP EXTENTSIONS they report they do. In such
cases sending SMTP server gives up with an error. It is a RFC822 violation and
such routers and proxies should be replaced or the function should be disabled.
Basically what happens is that the sending and receiveing servers are
communicating thru the proxy in between. The sending and receiving servers
support some extensions the proxy does not. However when the sending server
receives the list of supported extensions the proxy does not change it in the way
so it reports what it really supports. In such case the sending server issues a
command and receives a bad reponse from the proxy.

Merak has a work around so in such cases it will retry to send the message using
plain SMTP without any extensions.

Delivery Tab Delivery Fields contd

Field Description

Require This option specifies that the SMTP session should always start by introducing
HELO/EHLO the servers (or mail client) by the command HELO or EHLO. If no introducing is
done server will not accept any messages.

RBL - An RBL is a service which provides a list of known spammers. If a sender is

Realtime found to be on the RBL then the messages are rejected.
Blackhole list Specify the RBL provider domains in the file rbl.dat (in the Config subdirectory)
which can be opened for editing using the edit button
The format is each provider domain on a separate line. Currently we recommend
blackholes.mail-abuse.org, sbl.spamhaus.org and relays.osirusoft.com. You can
enter more RBL domains found from the net. For example:
relays.ordb.org

Each RBL line can have a comment separated by semi-colon that gets displayed

39
Merak Mail Server (Aug 2002)

in the SMTP server response. It can contain any link or info on how to deal with
RBL.

Eg:
relays.ordb.org;Comment and URL here

There is also a bypass file for RBL. The file is named config\rblbypass.dat and
contains IP addresses that are not to be checked against RBL servers.

Possible RBL servers:

bl.spamcop.net
relays.ordb.org
orbs.dorkslayers.com
dev.null.dk
relays.osirusoft.com
relays.visi.com
blackholes.wirehub.net
dynablock.wirehub.net
proxies.relays.monkeys.com
ipwhois.rfc-ignorant.org

Use ETRN Specifies that when server connects to the Internet it should perform the ETRN
or ATRN command to the hostnames specified in the ETRN list with their given
parameters. When you press the ETRN button an ETRN dialog appears. You
can specify the hostnames and parameters for the ETRN command.

ETRN
Parameter is usualy the domain name. Merak has a great advantage of more
than one ETRN command. This option is used when the remote server holds all
messages for this server and by this action, it will know this server is connected
and it sends the messages in the queue. Therefore, this is a client ETRN. Merak
has also the feature of the server ETRN Queue.

If the remote ETRN queue has more domains for the same machine you can use
the semi-colon and specify other commands in the parameters section. More
ETRN commands will be issued in the same session.

ATRN
If you need Merak to use ATRN check the ATRN switch. ATRN requires to
authenticate on the remote server thus requires a usersname and password. The
format of the parameter is as following {domains};{user}:{pass}

Example:
icewarp.com;atrnuser:atrnpassword

Field Description

Undeliverable This specifies the number of days that Merak tries to send mail. If the mail
After cannot be delivered in the specified period it is returned to the sender as
undeliverable.

Undeliverable This specifies how many hours pass until the sender of a mail is informed that it
Warning after cannot be delivered. The server will keep trying to deliver the mail until it is
successful, or reaches the undeliverable after number of days.

40
Merak Mail Server (Aug 2002)

Delivery Tab Delivery Fields contd

Field Description

Info to Admin Specifies that when an undelivered message is returned to sender, it is also sent
to the administrator of the primary domain.

Max Hop Specifies the maximum number of hops from mail servers. This is protection
Count from mail looping. This option specifies the maximum number of mail servers
through which a mail can be delivered. If the number is exceeded the message is
returned as undeliverable. This can occur when there are problems with the DNS
Mail Exchange (MX) records for a domain or when you use the Relay feature and
you relay back to Merak.

Max Specifies the maximum number of recipients in a message. This is a protection

Recipients from spam.

Global Filters / In filters you can specify email addresses, domains and IP addresses that are or
Anti Spam are not allowed to send messages to your server.
Filters
This option indicates that Global Anti Spam filter, Domain Anti Spam filter and
Greeting filter should be used. In this way separate filters can be specified for the
whole mail server as well as separate domains. These filters will be used all
together plus the user Anti-Spam filter. The user Anti-Spam filter does not relate
to this option in any way. They are only filters for separate accounts.
The global filter takes priority and will be executed first. Last will be the account
filters.

In order to create a filter, create a file called filter.dat (in the Config subdirecory)
which can be opened for editing using the edit button

Structure of the filter.dat file

To specify a list of not allowed senders enter the desired data like this:

[email protected]
microsoft.net
194.223.*.*

This content above will not accept messages from [email protected], the whole
microsoft.net domain and the IP address mask specified.

If you want to create a filter for allowed senders only add "1" on the first line of
the file. Then all items listed in the file will be allowed to send messages only.

There is a special mark so you can make exceptions to the filter. It is used like
this:

1:[email protected]
microsoft.com

The content above allows [email protected] to mail to the server but the rest of
the microsoft.com domain not. Similarly you can do it with the "1" mark on the
first line:

41
Merak Mail Server (Aug 2002)

1
0:[email protected]
microsoft.com

This file means that only microsoft.com domain can send messages to the
server except [email protected].

Note that this filter is based on the SMTP level. That means the sender in SMTP
might not correspond to what you can see in the message MIME header "From:".

There is also a greeting filter that has file name config\heloehlo.dat This file is
filter for the name of the server that is specified during the HELO/EHLO
command in a SMTP session so you can easily block some servers without
knowing their IP.

Redirect This features lets you redirect messages due to email addresses. All settings are
located in the redirect.dat file. It has the following format:

{email}={email}
{domain}={email}
{domain}={domain}

Example:
[email protected][email protected]
[email protected][email protected]
icewarp.com=merakmail.com
[email protected]

When a message for [email protected] arrives it will be redirected to

[email protected] and when a message for [email protected] arrives it will be
redirected to [email protected]. Messages for any icewarp.com domain will be
sent to merakmail.com instead. Messages sent to microsoft.com will be sent to
[email protected] instead.

Bypass files

Merak supports several bypass files. That means if a certain named file exists with some content
the content filters or anti spam filters will be ignored. If a message has a recipient or sender and it is
listed in the bypass file the proper filter will be ignored. The bypass files are located in the
Merak\Config directory. The files can contain email addresses and domains, IP addresses, masks
each per line.

Delivery Tab Connection Fields

Field Description

Network This specifies that Merak will connect to the Internet via network. No other
Connection settings are needed. This is the preferred connection type.

Dial on Demand This specifies that Merak should not try to send until either the schedule or
Router other connection options condition is true - it prevents Merak from opening up

42
Merak Mail Server (Aug 2002)

a dial on demand connection too frequently.

You might want to use the config\demand.dat file to execute an application

before connecting. The file consists of one line that specifies the application to
execute and its parameters.

Dial-Up This specifies that Merak will open up a dialup networking connection according
Connection to the schedule or the Other options.

If the connection is already in use Merak will automatically use the same
connection and will not fail. The hangup in this case must be done by the
initiating application or use.

Login Name / These will be passed through to the dialup networking connection.
Password

Disconnect after After the specified period of inactivity on the dialup networking connection the
max idle time: line will be dropped.

Schedule A connection to the Internet can be scheduled through the standard scheduling
dialog box. This schedule overrides all subsequent schedules in Remote
Accounts and others. We do not want to fire up the connection from Remote
Accounts.

Clicking on the Other button

brings up a few more advanced
options.

Merak can be configured to make a dialup connection if it reaches a certain number of outbound
messages, if a message is waiting for more then x minutes, or if a message is sent with certain
values in the header.

Example someone sends a mail and clicks the high priority button. The mail will have a header of
Priority and a value of High.

Enter each header item on a separate line. Example:

Priority: High
X-Priority: High

43
Merak Mail Server (Aug 2002)

Account Manipulation
Cut, Copy and Paste can be used to
manipulate accounts.

Delete will remove an account. It will

only remove configuration data
however, the directories and data that
are on the server must be removed
manually. This is a safeguard to avoid
accidental erasure or deletion.

New Domain will bring up the new

domain section and allow more
domains to be entered.

Make Primary will convert the

selected domain into the primary
domain (the one which receives the
system generated messages)

Add will allow the creation of new

Accounts to the system

Import Windows NT Users

You might already have the user accounts set up in the Windows NT user database. To save
retyping, these can be imported into Merak.

Select the users you want to import and press the Import button. More users can be loaded from
different domains/servers using the Load button. If there are any aliases or mailboxes with same
value these users will be ignored and not imported. Passwords can never be retrieved from any
Windows system thus will be empty and you need to edit them.

Therefore, it is advisable to import the users as a first step of configuration.

44
Merak Mail Server (Aug 2002)

Accounts (Domain)

This is the most frequently accessed tab once Merak has been configured. This is where all the
domains and user accounts are setup.

There is no particular difference between a primary and a secondary domain. It all works the same.
Once you have working the primary domain the secondary has to work too. You should realize that
domain names and host names are not the same. That means if you have a secondary domain
then if you want your users to connect to mail.secondary.com or similar both MX and A DNS
records must exist.

Merak displays the domains and accounts in a hierarchical

format. Expanding a domain will show the types of account
which belong to it, expanding the types will show the
individual accounts setup.

Note : there will only be one domain with a red P by it. This
is the primary domain and is where all the critical system
messages are sent to. You can right click on a domain and
choose the option Make Primary

45
Merak Mail Server (Aug 2002)

Accounts Tab Domain Fields

Field Description

Name This is the name of the domain. It is not an IP address, shortcut or alias but the
actual full domain name. Messages can be only delivered to created domains. If
a domain does not exist messages will be forwarded outside your server.

You can create an IP domain if you want to and you know why. In that case make
sure you create the IP domain and one more domain in the format: [IP] as a
domain alias of the IP domain. This is required.

Description This can be any text used to describe the domain.

Virtual IP A domain can be logically bound onto IP's. (If the primary domain is bound to an
Binding IP it is required that the other domains are also bound.) You can specify multiple
IP addresses using semi-colon.

When a user connects to authenticate Merak will use the specified IP to find the
domain. It is not recommended to use this option unless you know what you are
doing.

Make sure you use this option only if you know what you are doing. Do not use it
by default!!!

Standard This specifies a normal domain with users who have separate mailboxes. This is
a default.

ETRN/ATRN This is an enhanced option. This specifies that this domain should hold the mail
Queue for another mail server that will issue the ETRN or ATRN client command in
order to receive the mail.

The To: field will be an IP Address if the remote host is static, or empty if it is
dynamic. A dynamic host will usually be a companys mailserver that connects to
the Internet using a dialup rather than a permanent connection.

When you create an ETRN Domain, you have to create only one account in the
domain. This account will be used to keep the messages and it should a
standard user account with all the settings you need. Beware of the password
though. Most of the settings to the user are ignored. The important ones are
Password, Alias, Mailbox Path and ETRN. You have to switch the ETRN option
on. This is the only case when this option is needed and is mandatory - it will not
work without this switch. If you set a password for this account the remote mail
server issuing the ETRN client command must add the password too.

The other mail server that needs to issue the ETRN command should do it so in
this way:
ETRN {domain}
or

46
Merak Mail Server (Aug 2002)

ETRN {domain} {password}

Domain Alias This specifies that any mail received to this domain should be forwarded straight
onto the one specified in the To: box. This is commonly done when a client
registers various combinations of their domain e.g. domain.com domain.net etc
and wants all mail to be directed into a single set of mailbox accounts. You only
need to create accounts for the primary domain ie the one where mail is
forwarded to.

Backup This specifies that any mail received to this domain should be hold and
Domain forwarded straight to the host name specified in the To: box. You do not need
to create any users in this domain and you may simply redirect all messages for
this domain to another mail server (external or local). This solution is used for
backup domain mail servers.

If the To field is empty the standard MX queries will be used to deliver the
message. Only the lower MX preference numbers will be tried. It has mechanism
to avoid looping from Merak to itself.

Accounts Tab Domain Fields contd

Field Description

Default Alias Specifies the postmaster aliases. Aliases can be separated by the semi-colon ;
delimiter without spaces. This means you do not need to create those users in
the domain as accounts.

E-Mail Specifies the actual account for all the postmaster aliases. Multiple accounts can
be specified (semicolon delimiter), even remote accounts for different domains.
This option must not be empty.

Field Description

Info to admin If an email is sent to an unknown user, the admin (postmaster) for this domain
will be notified regardless of whether the mail is rejected or forwarded.

Reject Mail If an email is sent to an unknown user, this option specifies that it should be
rejected and returned to the sender. No message will be ever transferred.

Forward To If an email is sent to an unknown user, this will forward it to the specified
account. It is quite common to setup a catch all account (for server Domain
POP) that will receive all unknown mails. This is how ISPs offer unlimited email
aliases since you can send mail to [email protected]. When using a catch

47
Merak Mail Server (Aug 2002)

all account it is suggested to switch on the Add X-Envelope-To option for that
account.

48
Merak Mail Server (Aug 2002)

Accounts Tab Domain Fields contd

Field Description

Domain In filters you can specify email addresses, domains and IP addresses that are or
Antispam are not allowed to send messages to your server.
Filter
This is a textfile which defines rules for accepting or rejecting email for this
domain. The Global Anti Spam option must be switched on to have this working.

Click on the edit button to bring up the textfile for editing.

See more details about the user Spam filters.

# Accounts This option controls the number of accounts that can be created in a domain by a
domain administrator from Web Admin. This option overrides the Domain Admin
Limit.

49
Merak Mail Server (Aug 2002)

Accounts (User)

Field Description

Alias This is the users name at the domain. Example: to setup the email address
[email protected] enter an alias of support.

Multiple aliases can be used by separating them with a semi-colon:

support;help;bugs;info

Mailbox This is the name of the mailbox and mail account. Usually automatically created
by Merak. This is what is used for authentication and mail collection. It defaults to
the same as the alias but does not have to be. The mailbox name is also used as
the login for web admin or remote configuration.

Password The password for the mailbox. Repeat in the confirmation field.

Name The real name, or an identifier. This is used in autoresponders and for displaying
the accounts. You can also specify a comment in this field. You should use the
semi-colon and then enter the comment. The comment is not used for
autoresponders and account displaying. It's only used in searches and for your
needs.

Eg. "John Doe; my comment over here"

Important Information regarding duplicate mailboxes!

It is very likely that there will be duplicate mailboxes across different domains e.g.
[email protected], [email protected].

Delivery of mail is easy since the domain is specified. However, upon mail collection by users, in
order for Merak to know which mailbox is being requested it compares mailbox and password
combinations.

50
Merak Mail Server (Aug 2002)

So it is perfectly acceptable to have duplicate mailboxes across different domains, but the
passwords must be different. Merak will take care of this itself.

One way round this is to bind all domains to different IP addresses. Then Merak can differentiate
between domains using IP. Or, make the mailbox unique by specifying the full email address.

Accounts Tab User Fields contd

Field Description

Mailbox Path This specifies that any mail received to this account is stored in the defined
mailbox. The directory name of the mailbox defaults to the name of the alias but
can be different. This field can even contain a full qualified path.

Remote This specifies that mail is not to be stored by this mail account and forwarded
Address onto a remote address instead. This address should be of the format
[email protected]

Forward To All incoming mail will be forwarded onto any addresses specified here. This is a
separate option not related to mailbox path or remote address. This provides
a mechanism for copying email to remote or local accounts.

IMAP By default all accounts are of the POP3 type. Checking this will enable the IMAP
functionality. Mail can still be received via a POP3 client however.

Mailbox By default you should leave this empty in all cases.

If the account is IMAP enabled, Merak will place the incoming mail into the IMAP
folder specified. This is usually inbox.

Shared IMAP
Merak has the Shared IMAP option that allows you to share one or more IMAP
mailboxes to other users. It will simply appear as a new mailbox in their private
IMAP account.

For this reason Merak also supports ACL IMAP extensions which allows you to
specify rights for each mailbox and identifier (user). For all users there is a
special identifier called "anyone".

The Shared button lets you open the config\sharedimap.dat file where you
specify the shared imap email addresses so Merak knows them and can process
them. The main advantage of this is that you can also specify the mailbox
text/string that will be displayed to other users for the shared mailbox and you
can specify the domains that are allowed to see or work with the shared imap
account.

You can also specify the folder of IMAP account which will be shared by using
the backslash character after the email address of the shared imap email
address. By this you can share more folders of one imap account. Without the
specification only the INBOX folder is shared.

The structure of the file is as following:

51
Merak Mail Server (Aug 2002)

<shared imap email address>,<mailbox name to be displayed>

Eg.:

[email protected],Shared
[email protected],Shared 2
[email protected]\Sent,Shared 3
[email protected]\Received,Shared 4

Field Description

Copies Specifies a mailbox path or email address to copy any incoming mail to.
Incoming Mail

Copies Same as above, except outgoing mail is copied.

Outgoing Mail

Accounts Tab User Fields contd

Field Description

Limit mailbox A quote can be assigned to a mailbox. If the user fills their mailbox any new mail
size will be returned to the sender.

Megabyte A non-zero value here specifies the amount of data a user can send out in a day.
send limit per Also, if a mail is sent to 2 recipients the usage is doubled. If the user exceeds the
day limit he has to wait till the next day until being able to send some more.

Number send A non-zero value here specifies the number of mails a user can send out in a

52
Merak Mail Server (Aug 2002)

limit per day day. The logic is the same as the Megabyte send limit.

Max received A non-zero value here specifies the maximum message size a user can receive
message size into his mailbox.

User can send This specifies that the user can only send mail to a domain which is configured
mail only to on this mail server. It will not let the user send mail external to this mail server.
local domains

Accounts Tab User Fields contd

Field Description

Delete mail Merak will remove any messages after the specified period. This happens at
older than midnight.

Forward mail Merak will forward any messages after the specified period to the account listed.
older than to: Multiple accounts may be specified using the semicolon delimiter

User State Using this option you can disable the account to login or to login and receive
messages. Login means the user cannot login and check his email or change
any settings. Receive means no messages can be delivered to the users.

Tarpitting is good for old unused accounts. Some old mailing lists send
messages to old non-existing accounts. These messages will be considered as
spam.

NT Password If set, the password for the mailbox will be inherited from a user account with the
same name as the mailbox. The mail server must have the SE_TCB_NAME
privilege. Enter a NT domain to validate against, or leave empty to validate
against the default NT domain. Handy if you use a Windows NT network with
domains.

Any Password This specifies that no matter what password is given, it will always be accepted.

53
Merak Mail Server (Aug 2002)

Accounts Tab User Fields contd

Field Description

User Type This options relates to the use of web admin.

Standard User:
The account is setup by an administrator for a user and cannot be changed by
anyone other than an administrator.

Self Configurable User:

The account can be modified by the user using the web admin. Passwords,
mailbox/forwarding , auto responder and deleting mail after x days are the types
of settings which can be changed. They can also view their mailbox.

Domain Administrator:
Domain administrators cannot change global settings but are allowed to
administer accounts in their domains. At the right there is a button for controlling
domains the administrator can maintain. Enter the domains on separate lines.
E.g.
icewarp.com
microsoft.com

You can also specify the domain administrator rights on the first line like this:
RIGHTS=U,M,D

The characters here stand for separate functions:

U - User accounts
M - Mailing list accounts
E - Executable accounts
N - Notification accounts
R - Remote accounts
D - Domain settings

Administrator

54
Merak Mail Server (Aug 2002)

Specifies that this user is a full administrator and is able to change any of the
settings thru web admin.

Accounts Tab User Fields contd

Field Description

Account valid Specifies that the account is only valid until this date. After the validity expiration,
till the received mail cannot be received with the POP3/IMAP4 client. The result is
the same as when the account is disabled.

Validity When the Account Valid Till option is checked this option specifies that a report
warning should be sent to the user when their account is due to expire in the specified
number of days.

Validity This specifies the path and filename of the report that will be sent to the user
Warning File informing them that their account will soon expire. If not specified a standard
report will be generated.

Delete When the account expires it will be automatically removed.

account when
expired

NULL This option specifies that this is a dummy account. Mail can still be sent to it, but
no mail is saved. However all the forwarding and autoresponder functions will
work. The user will not be able to login to Merak.

No mailing list Specifies that this user will be excluded from all Merak mailing lists that have
Send to All specified.

ETRN This specifies that this is the account in which all the messages will be kept for
the remote mail server that will issue the ETRN command. This account must be
the first and the only account defined in the domain. It is used only when the
domain is an ETRN domain.

Add X- This option specifies that all messages received for this accounts should have
Envelope-To the X-Envelope-To header added with the real recipient. This option is used for
Catch All accounts so the remote mail server knows exactly to whom the
message was sent to.

Anti Spam Edits the user anti spam file filter.dat. Discussed in the Anti Spam Filters section.
Filter

55
Merak Mail Server (Aug 2002)

Field Description

Responder This option sets up an autoresponder, which is useful if someone is away from
their email for a lengthy period of time. On vacations for example.

Enter a path and filename e.g. c:\autoresp\away.txt (or use the button to
browse for an existing file), then use the edit button to open the file.

You can also use some variables to enhance the reply :

%%From%% %%From_Name%%
%%From_Alias%% %%To%%
%%To_Name%% %%To_Alias%%
%%To_Domain%% %%IP%%
%%Subject%% %%Header%%
%%Size%% %%Date%%
%%Time%%

Example:

Hello, your message sent at %%Time%% on the %%Date%% was %%Size%%

KB long.

Do Not Respond
The option is disabled.

Respond Always
All messages sent to this account will have the auto response message
generated.

Respond Once
A response message will be sent to all received messages only once. Merak
keeps a log of previous email addresses so messages will not loop and will be
sent only once to the sender while having this option set.

Responder This button opens the responder file for editing.

File

56
Merak Mail Server (Aug 2002)

No Responder This button opens the file that specifies excpetion email addresses and domains
For of senders that will not get a responder sent when sent a message to this
account. The file name is norespond.dat and it can contain email addresses and
domains.

Reply From This is the return address that will be used in the auto responder. If blank the
email of the account and name will be used.

Respond only If a message sent to this account contains the email address in the To field that
if to me belongs to this account then a response will be generated.

57
Merak Mail Server (Aug 2002)

Accounts (Mailing List)

The mailing list feature is an easy way of sending off a mail to a single address that will be
forwarded onto all the members of the list. They are especially useful as discussion groups or
connecting with others who share the same interests and ideas.

Merak can go one step further and also be configured as a list server which means it will
handle the administration of the lists and their members via emailed commands.

As the setup of a mailing list is somewhat different to a list server they have been covered
separately in the next sections.

Note that the setup of the Anti Spam filters is done in the usual manner.

58
Merak Mail Server (Aug 2002)

Creating a Mailing List

Field Description

Alias Specifies the name for the mailing list. When you want to send a mail to the list it
will be this <name>@domain that you will use.

Description Descriptive text for the mailing list

Owner The email address of the owner of the list. Multiple addresses can be specified
using the semicolon delimiter.

List File If the list is to be used to send mail to various recipients at various domains then
a list file needs to be used.
The list file specifies the full path and filename of a text file containing the email
addresses of the list members. After specifying the path and filename use the
edit button to edit the members of the list. Place each member on a new line in
the format of username <email> as follows :

Ian Atkins <[email protected]>

John Doe <[email protected]>

You can also specify a list of email addresses that are eligible to join the mailing
list in a second text file, and append this to the first with a semicolon delimiter.
Example c:\merak\list.txt;c:\merak\allowed.txt

Digest Specifies that the messages sent to this mailing list will be archived for each day
and those who have subscribed to this digest mailing list will receive a mailing list
daily.

Set From to Specify an email address to be put into the From: field. Using this option greys
out the set list owner to from field option.

Set Reply to This specifies that a reply to the message will be sent to the originator of the
to originator message. Example UserX sends a mail to the list. UserX reads the mail and
writes a reply. By default his reply will be sent to UserX not the list.

Swap fields This specifies that the users replies will be sent back to the list, not the originator
of a message. It should be used only along with Set From To and Set Reply To
options.

List Server Leave this unchecked.

Send to All Users From List File

A standard list file will be used

Users From ODBC

An ODBC source will be used. The connection string has to be written in the List
File field. It has the following structure:

DSN,username,password,SQL query
Example:
listusers,user,pass,SELECT Email FROM Users

The SQL query has to return only one field which will include the email
addresses. You can specify an ODBC source for digest users to by adding "|"
char and specifying another DSN with a query:
DSN,username,password,SQL query|DSN,username,password,SQL

59
Merak Mail Server (Aug 2002)

query

Users From Domain

This option will forward a mail received by the list to every user in the domain.

All Users
Message will be forwarded to all accounts on the mail server including all
domains.

All Domain Administrators

Message will be forwarded to all domain administrators on the mail server.

All Administrators
Message will be forwarded to all administrators on the mail server.

List Server Leave this blank.

Help

Creating a Mailing List contd

Options Tab

Add to subject This prefixes the subject line with the specified string. If the text is already
present it does not duplicate it. If the subject line is not present it is created.

Send to If unchecked and a user (who is on the list) sends a message to the list, he
Sender himself will not get it back. If checked he will receive a copy of his own message.

Set Recipient Specifies a new recipient in the To header.

To:

60
Merak Mail Server (Aug 2002)

Copy to If the owner is not on the list, this option will copy messages to the email address
Owner specified in the owner field. However it is suggested that owners subscribe to
the list themselves.

Join/Leave If the list is administered by a listserver, then when a new user is added Merak
File will inform the new user of their subscription and also unsubscription when left
the list. A textfile (rules of the list perhaps) can be appended to this information
by specifying a path and filename here. As always the edit button can be used to
edit the file. The leave file is specified by using a semi-colon and specifying
another text file.
Example:
c:\list\join.txt;c:\listleave.txt

Header File Specifies a text file that should be inserted at the beginning of all messages
passing through the mailing list. Always a full path name.

Footer File Specifies a text file that should be inserted at the end of all messages passing
through the mailing list.

Moderated A moderated mailing list is where a message needs to contain a password for
Mailing List / the message to be approved and sent to list members. There must be a
List Server password at the start of the Subject. If the password is not specified then the
message is sent to the list owner who can add it and send it back. When the
message is sent out to list members the password part from the Subject is
removed! When used along with the option Server Moderated all messages are
saved on server and when replied to them the original message will be sent out
to members. In that case the reply serves as a password only. To delete stored
messages on the server and not sending them out to the mailing list add '-
DELETE' to your approval password.

Some mail clients support the X-Approved MIME header which contains the
password. Merak automatically checks that header. If it finds it and the password
is correct it does not check and remove the first line. It will only remove the X-
Approved header.

Deny EXPN If a client issues an EXPN command the list members will be returned. Checking
this option prevents this - No such mailing list will be returned.

Max Mail Size Specifies the maximum message size that can be sent to the mailing list.

Members Only Specifies that only the members of the mailing list can send messages to the
mailing list.

Originator This is an advanced SMTP option. When connecting to an SMTP server the
MAIL From <value > command is issued. If the <value> is blank some email
servers reject the message. It can either be empty, filled with the sender or the
owner of the mailing list. When you choose the Sender or Owner all bounce
backs of the mailing list will be sent to that email address.

61
Merak Mail Server (Aug 2002)

Creating a List Server

Field Description

Alias Specifies the name for the list server. When you want to send commands to the
list server it will be this <name>@domain that you will use.

Description Descriptive text for the list server

Owner The email address of the owner of the list server. Multiple addresses can be
specified using the semicolon delimiter. This option is used for replies from the
list server and as a confirmation email address.

List File By default this option should be empty and servers to all mailing list.

If you need to list allowed mailing lists this file contains a list of all the mailing lists
that can be administered through it.

Place each mailing list on a new line as follows :

[email protected]
[email protected]

Confirmed All subscriptions will have to be confirmed by email by the owner.

Set From to Leave Blank. This has no effect on a list server.

Set Reply to This is greyed out when list server is checked.

to originator

Swap fields This is greyed out when list server is checked.

List Server Check this to tell Merak that this is a list server and not a mailing list.

Subject By default the list server will accept commands that are embedded into the body
of mails sent to it. Check this and Merak will require that commands are entered
into the subject line.

List Server If a user sends a help command to the list server, the list server will send back a
Help standard help response. If a file is specified here, Merak will send it back instead.
If you add a semi-colon and another text file path here this file will be used in the
Confirmation message from the list server when used confirmed subscriptions.

Allow These checkboxes specify what commands the list server is allowed to process.
Commands See the list of commands on the next page

Add to Subject Not required for a listserver

Subscription Not required for a listserver

File

Header File Not required for a listserver

Footer File Not required for a listserver

62
Merak Mail Server (Aug 2002)

Moderated When running as a listserver, all list server commands are protected by a
Mailing List / password. This password is placed between the command name and the
List Server command parameters.

Parameters for the list server are usually placed into the body of a message as the only text there.

List Server Commands :

JOIN or SUBSCRIBE (JOIN-DIGEST or SUBSCRIBE-DIGEST)

The join or subscribe commands are issued by users who want to join the list. These commands
are only accepted if allowed by the list server. Otherwise, the owner gets a message about the user
request.

Usage:
join [password] {listname}, [mail address], [full name]
or
subscribe [password] {listname}, [mail address], [full name]

The values inside the braces are optional. If no email address is given, the one they use to send the
request will be used.

LEAVE or UNSUBSCRIBE (LEAVE-DIGEST or UNSUBSCRIBE-DIGEST)

Users can leave the list automatically using the leave or unsubscribe command.

Usage:
leave [password] {listname}, [mail address]
or
unsubscribe [password] {listname}, [mail address]

The values inside the braces are optional. If no email address is given, the one they use to send the
request will be used.

LISTS
Use this command to obtain a list of all the mailing lists that are served by this server.

Usage:
lists [password]

WHICH
This command returns you a listing of all the mailing lists to which you have subscribed.

Usage:
which [password] [mail address]

The values inside the braces are optional. If no email address is given, the one they use to send the
request will be used.

RECIPIENTS or REVIEW
Get a listing of all members of the specified mailing list.

Usage:
recipients [password] <list>
or
review [password] <list>

HELP
Use this command to get a description of all the list server commands (as on this page)

63
Merak Mail Server (Aug 2002)

Usage:
help [password]

64
Merak Mail Server (Aug 2002)

Accounts (Executables)

The executables are good ways of running jobs on a server without having to use any remote admin
tools. Simply setup a job in advance, then the job can be executed by sending an email to the
server. Do not forget the application must properly exit at the end. All applications usually require
the temporary message file name as the input.

It would be a good idea to use the antispam filters to only allow your email address through to this
account though.

Field Description

Alias This is the executable name at the domain. Eg [email protected] would

require an alias of defrag

Description Some descriptive text for this executable

Forward To Specifies that the contents of any mail is also forwarded to the specified address.

Application Specifies the path and filename of the application to execute. This can be a DOS
or W32 application. Must not require a user input.

Parameters Specifies the parameters to execute the application with:

%%From%% - who the mail was sent from
%%To%% - who the mail was sent to
%%Subject%% - the subject of the mail
%%Date%% - the date of the mail
%%Message-ID%% - the header id of the message
%%MessageFile%% - the full path/filename of the message

When passing parameters to the executables, it is a good idea to enclose them

with double quotes in case the parameter has a space embedded in it.

65
Merak Mail Server (Aug 2002)

Accounts (Remote Accounts)

Remote Mail Accounts are user accounts on external POP3 servers. You can assign Merak to
check for waiting mails on a remote server. It can either be done for one account only or for the
whole domain using the Domain POP feature.

All Remote Accounts send a message to the Forward To addresses if they are not Domain POP.

Field Description

Name The name of this remote account. It is used purely for informational purposes.

POP3 Specifies the POP3 host name server example pop3.demon.com

Username The username of the remote POP3 account.

Password The password of the remote POP3 account.

APOP Check this to ensure that Merak logs in using the secure APOP command. The
remote server must support this. (APOP is a secure login using md5 encryption)

Leave Merak will leave the messages on the remote server after retrieving them. In
messages on other words, will not erase them.
server

Forward to Specifies the list of addresses separated by semi-colons to which the

message(s) should be forwarded.

66
Merak Mail Server (Aug 2002)

Accounts Tab Remote Accounts contd

Field Description

Domain POP Specifies that this remote account is to be used to collect mail for the entire
domain ie the remote POP3 account contains all the email for this domain.
The messages will be resolved by the header To: , "Cc: " or other methods.

Example if a message has the header To: John Doe <john @doe.com>", the
doe.com domain must exist on Merak and the message will be delivered to john
in the doe.com domain. If the domain does not exist or the user either, the
"Forward To option will be used and the message will be delivered to the
specified email address. In other words, Forward To contains an email address
to send messages to that are undeliverable and come via Remote Accounts.

Sometimes all messages are delivered to the Forward To account. This might be
caused by several reasons. If such thing happens make sure the domain in the
To header matches the domain defined on Merak. If that is correct and you still
have problems switch on the "No Received Processing" option.

Use X- Specifies that the Domain POP procedure should use the X-Envelope-To/X-
Envelope- RCPT-To/Delivery-To header of the message and should send the message to
To/X-RCPT- the specified address.
To/Delivery-To
The Other window lets you specify additional header items. One per each line.

Do Not Specifies that the Domain POP procedure should not use the "Received: "
Process header and the "for" item. Some remote mail servers set this field to a different
Received email address then the one in the To header. This can cause nothing but
Header problems. Merak uses the first Received header created.

Search Specifies that when using Domain POP Merak should try to search throught
Through actual names in the header and only lookup based on the alias. Example for
Names John Doe <[email protected]>" Merak will look for John Doe on the server and if
found it will deliver the message to that account

Schedule Specifies the Schedule tasks for this remote account that need to be entered.
This is the standard Merak scheduler dialog. Do not ever forget to setup the
Schedule

67
Merak Mail Server (Aug 2002)

68
Merak Mail Server (Aug 2002)

Accounts (Static Routes)

Static Routes are simply aliases which are able to receive mail and forward these directly to other
mail servers or domains based on whatever filter mechanisms are configured.

Field Description

Alias Specifies the alias for the static route.

Description Some descriptive text.

Action Forward To Address

Message will be forwarded to this address.

Forward To Domain
Message will be forwarded to this domain with the received recipient.

Forward To Host
Message will be sent to the specified Host machine. It can be a host name or IP
address.

Deliver To This Domain

Message will be delivered to the actual domain without any other filtering. This is
useful when you want to check all messages for something and then deliver it to
the recipient. You can use external filters to do whatever you want.

Delete
Message will be deleted.

Forward Specifies that even if the domain to forward to is local, to still forward via the
Internet. This is useful when there are more MX records for one domain and the
other domain with higher priority was not working. This mail server will receive

69
Merak Mail Server (Aug 2002)

the mail and will try to deliver it to the other primary mail server.

Value The value ie address, domain, host etc

Accounts Tab Static Routes contd

Field Description

Save To This option lets you save all messages which meet the filter criteria and were
filtered. This is a relative directory path for local mailboxes. This should be the
same string as for the users mailbox path that will receive the messages. It can
even contain a full qualified path.

Default Filter Specifies Merak filters which will be applied to messages. Use the Add, Edit and
Delete buttons to configure filters.

Each filter has a logical condition of AND or OR. Once the logical value of the
filters is true the action of the Static Route will be processed.

External Filter Specifies an external filter file instead of the built-in Merak ones. The external
filter file must be a DLL with this function or an executable:

TMessageStruct = Packed Record

szOriginalAddress: Array [$00..$FF] Of Char;
szRecipientAddress: Array [$00..$FF] Of Char;
szFilename: Array [$00..$FF] Of Char; // Name of the temporary message file
End;

There are 3 other options: StdCall, Cdecl and Executable. The 2 first options
specify the type of the DLL.

Function MerakFilterProc(Var MessageStruct: TMessageStruct): Boolean;

StdCall;

Function MerakFilterProc(Var MessageStruct: TMessageStruct): Boolean; Cdecl;

If the function returns true the message will be processed by the server else not.
Do not forget when importing the DLL function that the case matters. The
functions name is case sensitive.

The 3rd parameter specifies that the filter is an executable and will be called
each time. A first parameter passed to this executable will be the file name of the
message. If the executable returns an exit code other than 0 then the message
will be processed by the server.

Anti Spam As always, an antispam filter can be applied.

Filter

70
Merak Mail Server (Aug 2002)

Accounts (Notification)

The Notification account is an alias that is designed to convert a message into a suitable format for
Notification delivery. In essence this usually means chopping the message into Notification chunks
and stripping off attachments. In order to use this option you need an email gateway from your
provider. This means you need to have an email address that you sent messages to to your
notification device.

Field Description

Alias Specifies the alias for the Notification

Description Some descriptive text.

Notify To Specifies the email address of the email gateway that the formatted message will
be sent to.

Forward To Specifies an email address that the message will be forwarded to.

From If filled this will be in the message's From field.

Max Size This specifies the maximum number of characters that can be accepted in a
single notification. This is specific to the telecoms provider.

Count This specifies that if the message is larger than Max Size how many chunks it
is allowed to be split into. A count of 1 and a Max Size of 128 means that only the
first 128 characters of a message will be sent. A count of 2 means that the first
256 characters of the message will be split into 2 separate messages and
forwarded onto the gateway.

Skip If the message is received with an attachment, then the attachment is dropped
attachments and only the text of the message is sent.

Into Subject The text will be placed into the subject of the forwarded notification.

71
Merak Mail Server (Aug 2002)

72
Merak Mail Server (Aug 2002)

Accounts Tab Notification contd

Field Description

To Specifies that the recipient field is placed into the notification.

From Specifies that the sender field is placed into the notification.

Subject Specifies that the subject field is placed into the notification.

Body Specifies that the body text is placed into the notification.

Date / Time Specifies that the date and time is placed into the notification.

All All messages are to be sent, No

None No messages will be sent

Filter Messages will be sent according to the filters specified.

Send If this is checked and the filter validates the message it will be sent. If it is
checked and the filter is invalid the message will not be sent.

If this is unchecked and the filter validates the message it will not be sent. If it is
unchecked and the filter is invalid the message will be sent.

Originator This is an advanced SMTP option. When connecting to an SMTP server the
MAIL From <value > command is issued. If the <value> is blank some email
servers reject the message. It can either be empty, filled with the sender or the
owner of the mailing list. When you choose the Sender or the From field all
bounce backs of the mailing list will be sent to that email address.

Subject Any notification account can contain your own subject. You can specify the
content by this option.

Body Any notification account can contain your own body. You can specify the content
by this option.

Text File Any notification account can contain your own body. You can specify the content
by this option. The whole content of the text file will be inserted into the
Notification account.

73
Merak Mail Server (Aug 2002)

Web Admin

Merak has a built in web server which allows for remote administration via its web interface. This is
not restricted to administrators however, users can (if allowed) administer their own accounts too. If
you want to login you need to have defined users in the Accounts of Merak with either options:
Administrator, Self Configurable or Domain Administrator.

Open up a web browser and enter the hostname or IP address for the server which Merak is
running, along with a port of 32000. E.g. http://192.168.11.92:32000
(If you have changed the control port then change the URL accordingly)

You will be prompted for a username and password. This can be the username of an administrator,
domain administrator or a user with the self-configuration option. Standard users will not be
accepted.

The administrators first screen Domain Admins first screen

There is not much to say about the web admin, the settings that can be navigated to are the same
as those described in the reference section.

74
Merak Mail Server (Aug 2002)

It would be a good idea to use the remote admin web interface over a secure connection - SSL
(next section).

75
Merak Mail Server (Aug 2002)

Proxy server
Merak mail server has a built in IceWarp Proxy Server than you can fully use. The only thing you
need to do is to configure your web browser to use proxy and enable the proxy server by the Active
switch in the proxy.cfg file. The proxy server host name will be the Merak machine's host name or
IP. The port is the same as control server is running on (default 32000). Once configured you can
use IceWarp Proxy Server.

To change some of the proxy settings (to switch on proxy logging and many others) see the
config\proxy.cfg file. You need to create if missing. Edit it as you need. IceWarp Proxy Server has
some good features such as activity logging, IP filtering, Port filtering and URL filtering. Everything
can be set in the proxy.cfg file:
Active=1
Logging=0
Logging_Path=
Parent_Proxy=
Filter_File=
Tunnel_Filter_File=

Filter files can contain a URL, IP address or Port. Example:

http://www.adult.com
0-191.*.*.*
193-255*.*.*
192.168.0.10
:0-79
:81-65535
The example above forbids access to www.adult.com and allows access of 192.*.*.* except
192.168.0.10. It will work with port 80 only.

76
Merak Mail Server (Aug 2002)

Secure Connections

SSL is an encryption method based on public and private keys. It ensures that information being
transferred between a web server and a web browser cannot be seen by anyone and thus ensures
privacy.

Merak uses its own built in web server. This fully supports the SSL standards. The only thing you
need to do in order to start using the SSL connection is specify a different URL :

https://<server>:<port> (https:// - this tells your browser to use the secure socket layer.)

e.g. https://192.168.11.92:32001

The port that must be specified defaults to 32001 in Merak. This can be changed from the System
settings :

In the screenshot above the control port has been changed from 32000 to 80, and the SSL port
from 32001 to 443.
80 and 443 are the industry standard ports for web and secure web. This means that when using
Merak with these port settings, the port will not need to be specified at all e.g. http://192.168.11.92
or https://192.168.11.92

If all is working you will be greeted with a warning :

What does the warning mean?

An SSL certificate requires 3 conditions to be met :
1) That it has been issued by a company who is trusted.
2) That the date on the certificate is valid
3) That the website name matches the name on the certificate.

77
Merak Mail Server (Aug 2002)

There are only a few companies in the world who issue certificates that are automatically trusted by
web browsers (e.g. Verisign and Thawte). As this certificate is issued by IceWarp software the web
browser does not trust it.
To resolve this, click on the View Certificate button and then Install Certificate. Follow the
prompts. This tells the web browser that the certificate can be trusted.

Unfortunately it is not possible to fix point (3). A certificate is matched to a website address at
creation.

SSL and Certificates is a highly complex subject. Trusted certificates that do not have warnings
have to be paid for from an issuer like Verisign or Thawte. If you wish to pursue obtaining your own
certificate from a trusted issuer then contact IceWarp software who will be able to assist.

The certificate is kept in the file cert.pem. You can edit it and use your own certificate. Our SSL
system has the great advantage of having multiple SSL certificates on one system. Each certificate
can be used for a different IP address. The cert.pem is used as a default certificate. There is a file
cert.dat (located in the webmail or merak directory just like the cert.pem file) with the following
structure:
[Server]
// [IP]=[certificate file path]
193.179.195.74=c:\certificates\icewarpcert.pem
193.179.195.75=c:\certificates\merakcert.pem

At the certificate warning proceed by clicking on the Yes button. The Merak remote admin screen
will be shown.

For Internet Explorer Users, in the bottom of the web browser status bar towards the right the
secure symbol will be shown :

For Netscape users, look in the bottom left of the web browser :

This confirms to the user that the connection is secure.

Important!
It is only the connection between the web browser and the web server that is secure. This does not
affect in any way the ability for email to be read as it is sent from Merak.

78
Merak Mail Server (Aug 2002)

4. Merak Mail Server Power Pack

Power Pack

The Merak Mail Server Power Pack product includes 2 products in 1. These 2 products are Merak
Mail Server and IceWarp Web Mail.

The main goal of this package is that IceWarp Web Mail is automatically configured to be
completely integrated with Merak Mail Server right after the installation has finished. Therefor you
do not need to configure the integration manually. In fact once installed you can immediately start
using both products without any configuration.

The other advantage is that no additional service will be installed. IceWarp Web Mail will run under
the Merak's Control service. That means the same TCP/IP port will be used for Merak Web
Administration and IceWarp Web Mail. That is usually the port 32000.

IceWarp Web Mail

There is no particular difference in using both products. Merak simply keeps running and serves as
a web server engine for IceWarp Web Mail. However, there is a small change in using web mail.

To access web mail you need to type this into your web browser:
http://yourserver:32000/mail/
IceWarp Web Mail login page will appear:

79
Merak Mail Server (Aug 2002)

Settings and all configuration for IceWarp Web Mail is located in the Merak\WebMail directory. To
Administer web mail you only need to use http://localhost:32000/mail/admin/. The rest is the same
as in the single IceWarp Web Mail product. See the IceWarp Web Mail PDF Manual for more
details.

If you want to configure virtual hosts and other web server settings you need to edit the
Merak\Config\WebServer.cfg file. The same rules as for web mail apply. See the web mail manual
for more information.

Merak Mail Server Web Configuration

There is no difference for Merak Web Administration at all. You simply use it as in the single Merak
Mail Server product.

When you specify the URL like this:

http://yourserver:32000/
Merak Mail Server Web Administration login page will appear:

80
Merak Mail Server (Aug 2002)

5. Tutorials

Mailing List

This walkthrough will explain how to create a mailing list which includes the ability to be remotely
administered via email (thus including a list server as well)

For the purposes of this example we will create a fictitious scenario :

There are a group of people who wish to discuss PCs and associated topics using a mailing list.
They register the domain pc-tech.com and wish to setup a mailing list called [email protected].
They decide on who the owner will be and give them the [email protected] email account.

As it is a general discussion group they decide that anyone is free to join and that the list is
unmoderated. They also decide that new users should be able to subscribe to the list themselves.

Lastly, to easily identify emails from the group they ask that all emails have a distinctive header so
filters may be applied easily in their email packages.

Setup Tasks

Create the domain

Create the admin account

Create the mailing list

Create the list server

Test the list server

Test the mailing list

81
Merak Mail Server (Aug 2002)

a) Creating the Domain

Open up the Merak config applet and under the Accounts menu, choose New Domain.

Enter the domain details and press Save.

Here we have created the domain pc-tech.com, specified that any of the postmaster aliases will
forward to the [email protected] account, specified that any mails sent to unknown aliases will
be rejected, and notification sent to the admin account.

82
Merak Mail Server (Aug 2002)

b) Creating the Admin Account

While the pc-tech domain is still highlighted, from the Accounts menu select Add and then choose
New User.

Enter the account details and press Save.

We have created the account [email protected] (using an alias of admin), left the mailbox
name the same as the alias and left the defaults of storing mail in a mailbox ie no forwarding.

83
Merak Mail Server (Aug 2002)

c) Creating the Mailing List

Whilst the pc-tech domain is still highlighted, from the Accounts menu select Add and then choose
New Mailing List.

Enter the list details and press Save.

The alias of chat has been specified as the list will be [email protected]. The owner has been set
to the account [email protected] as asked for.

We want emails to appear like they have come from an individual, however any replies must be
sent back to the chat list, in order to achieve this we must set the From: and Reply To: the list,
but in order to get the individual to appear as the sender, use the Swap fields function.

The list of subscribers will be maintained by the list server, but we need to enter a filename that will
be used to store the subscriber details. This has been entered as c:\pctechlist.txt

The last field to be entered is on the Options

tab. The requirement was for a distinctive
header in the subject field. We have prefixed
each subject list with [PC-tech]

84
Merak Mail Server (Aug 2002)

d) Creating the List Server

While the pc-tech domain is still highlighted, from the Accounts menu select Add and then choose
New List Server.

Enter the list server details and press Save.

Commands to amend the lists will be sent to [email protected] as this is the alias that has been
specified. The owner has been set to [email protected] as specified.

The List Server is automatically checked, so that commands can be specified in the subject line
the subject field has been checked. All commands are allowed.

85
Merak Mail Server (Aug 2002)

e) Testing the List Server

To perform a test of the listserver we will ask for an account to be added to the list of subscribers.

We are sending a mail asking for a new user Lee to be added.

Shortly after sending, the following email is received :

List server report: User Lee at SIWD <[email protected]> has been successfully subscribed
to the mailing list: [email protected]

Recipient: Listserver account <[email protected]>

User Lee at SIWD <[email protected]> has been successfully subscribed to the mailing
list: [email protected]

A quick check of the file c:\pctechlist.txt shows that

the new user has in fact been added.

Sending an email to the listserver to get a list of currently subscribed users :

returns the following email :

List server report: [email protected]

Recipient: Listserver account <[email protected]>

All members of the mailing list: [email protected]

Lee at SIWD <[email protected]>

The listserver is working perfectly.

86
Merak Mail Server (Aug 2002)

e) Testing the Mailing List

To perform a test of the mailing list we will send a message to it which should be received by all the
subscribers. Things to check are the unique subject line and the from, to and reply addresses.

We are sending a mail to the list with very basic details. The account used to send the mail was a
user called Jakub who has the email address [email protected] . Shortly after sending, the
following email is received :

We can see that the sender of the message is identified and the subject line does begin with the
unique identifier. Performing a reply we can see that replies are sent back to the list.

The mailing list works perfectly.

87
Merak Mail Server (Aug 2002)

Relaying and the "...we do not relay" message

Relaying is a quite common problem. It means that a server allows somebody to send messages
outside. It is desirable to allow sending messages only to your users. Thus you need to use
antirelaying options not to allow spam and relaying thru your server to unwanted users (spammers)
from outside. The error message "550 5.7.1 <>...we do not relay <>" means your anti relaying
settings are incorrectly set and you simply cannot send messages thru your server out.

We do not suggest using any antirelaying options other than Relaying From, POP Before SMTP.
All other anti relaying options in the Delivery tab sheet should not be used. Switch on all of the 3
options and into the Relaying From field enter:

127.0.0.1;192.168.*.*;10.*.*.*;172.16-31.*.*

That means all of these IP addresses will be able to relay. All of them are LAN IP addresses. It's
also suggested to specify the server's IP address in the field too. By this your LAN will be able to
send messages out just fine.

Sometimes you might need to allow relaying for your customers outside your LAN. That is a small
problem but can be solved. Usually all relaying is IP address based. Just like on your LAN. ISPs
know their IP addresses and allow relaying from all of these addresses. It is suggested for users
from outside to use their ISP's mail server to send messages out. Sure, but you want them to use
your mail server. You can use 2 options on your server to fix this. Either the POP Before SMTP or
SMTP Authentication. Using Relaying From is not possible because the IP addresses of your
external users are unknown and change dynamically.

POP Before SMTP

The user needs to check his mail before sending messages out. The server will record the user's IP
and for some period of time will allow sending messages out from the IP. The problem is that most
of the mail clients (Outlook Express) sends messages first and then receives. Users would need to
rememebr to check for messages manually before sending.

SMTP Authentication

This is a more professional way of allowing external users to relay thru your server. The user will
authenticate during the SMTP session and by that the server knows it is a legal user and will let him
relay. The thing is that users need to configure their mail clients to use the SMTP authentication
and you also need to switch off the Disable SMTP Auth option in the Security tab sheet. This option
works in conjunction with the Relaying From control. The Relaying From control needs to be
switched on otherwise no authentication will be required. The IPs specified in the Relaying From
control do not need to SMTP AUTHenticate. All other IPs have to authenticate in order to relay
messages.

Using these 3 options together is not a problem.

88
Merak Mail Server (Aug 2002)

Security (Relaying and Spam)

There is a fine line between making Merak a secure mail server and ending up with a broken mail
server that refuses to send/receive mail! The most important issues surrounding security are
relaying and spam.

Relaying is essentially the sending out of messages. This is something that is required for
authorized users, but external users or intruders should not be allowed this privilege.

Spam (or spamming) is the sending of unsolicited messages to an email address. These are
typically mailshot type emails offering goods and services. They should be treated with extreme
caution since a reputable company does not spam!

Organizations who spam across lengthy email lists are always on the lookout for servers that allow
relaying; in this way the identity of the spammer can be protected. Therefore it is important to
consider the relaying and anti-spam features of Merak.

Three scenarios are covered :

1. A company or department who uses Merak for internal use only. (Internal)

2. A company or department who use Merak for both internal and external use, and have a
permanent Internet connection or use dialup. (External)

3. An ISP who uses Merak as the email service for all customers. (ISP)

Each will have different needs and concerns.

All

The best protection from spam is to use the RBL. You can also use the Anti Spam Filters but the
problem is that these need constant editing to keep the files up to date. The RBL is
administered by Internet users so it's regularly updated.

Content filters are another issue against spam and also viruses: for example, setting up a content
filter that rejects any messages with the string I Love You in the header.

Internal Use

Security is not so much of an issue if Merak is being used in an intranet environment. There is no
need to enable Firewalls or the various deny options. Nor is Anti-relaying required. It is hardly likely
that a worker is going to spam his fellow colleagues! For this environment it is recommended that
the anti-relaying functionality is not enabled. There is no email coming in externally so we need not
worry about validating the originator either.

As all the mail is being sent/received through local domains, there are 2 useful settings : Do not
forward if the originators domain is not local and under each user account option enable User can
send mail only to local domains.

89
Merak Mail Server (Aug 2002)

External Use

If a company has a mail server that can be seen from the Internet it would be a good idea to enable
the firewall for the Control service so that only a couple of PCs internally can be used to change
any settings. Denying the ability to telnet into the services is also a good idea.

The last thing a company wants is for their email server to be used to send out spam or
unauthorized mailing lists. This reflects badly on the company and could have dire consequences. It
is most important that the only people who are allowed to send mail through the server are
employees. However, this scenario is easy to deal with since all the employees are on fixed, easily
definable networks.

For example, lets assume that a company sets up 3 departments on 3 subnets of a private address
range :
192.168.1.X
192.168.2.X
192.168.3.X

Only clients with these IP addresses are allowed to send mail through the SMTP service.
Enable the Relaying From functionality, and enter either 192.168.* or (more securely), enter
192.168.1.*;192.168.2.*;192.168.3.*

Even easier, the domain(s) that the company use can be specified instead of IP addresses. This will
only allow users on the internal networks to use the server to send mail.

Remember to include either the subnet or IP address of the server itself!!

If the server receives email from an external source, it is a good idea to check that the email
address has come from a valid domain. Enable the Reject mail if the originators domain has no
MX record option - if email comes from an invalid address or has no return path then it will be
rejected.

Internet Service Provider

The ISP has the hardest time since it is very easy to over-secure the mail server and prevent
customers from sending/receiving email.

Certainly secure web-admin and Deny telnet should be specified, but since access could be gained
from anywhere it is recommended to not use the firewalling options.

It is a good idea to check that that any incoming mail has come from a valid domain. Enable the
Reject mail if the originators domain has no MX record option - if email comes from an invalid
address or has no return path then it will be rejected.

With regards to anti-relaying there are 2 kinds of ISP; one who also controls the users access to
the Internet (hence all the users will have easily identifiable IPs and subnets) and one who is an
independent ISP and requires users to be able to use the server no matter how they connect to the
Internet.

For both types of ISP it is paramount that the server is not used to send out spam however.

For the ISP who knows what subnets and IPs the users are connecting with, it is simply a matter of
enabling the anti-relaying functionality and entering the subnets/IPs in the field.

If there are a large number of entries required then it is easier to create the file relay.dat (in the
Config subdirectory) and specify entries on a separate line eg :

192.168.1.*

90
Merak Mail Server (Aug 2002)

127.0.0.1

For the ISP who has customers connecting from various IPs it is not feasible to enter subnets and
IPs in the relaying field. Instead, anti-relaying should be enabled for everything except the local
machine and alternative methods of user-authentication used such as POP3 before SMTP, and the
SMTP Auth command.

Both POP3 before SMTP and SMTP Auth will require that the sender has an account on the mail
server in order to be able to use the SMTP service.

91
Merak Mail Server (Aug 2002)

6. LDAP

LDAP
LDAP is an acronym for Lightweight Directory Access Protocol.

LDAP lets you "locate organizations, individuals, and other resources such as files and devices in a
network, whether on the Internet or on a corporate intranet," and whether or not you know the
domain name, IP address, or geographic whereabouts.

An LDAP directory can be distributed among many servers on a network, then replicated and
synchronized regularly. An LDAP server is also known as a Directory System Agent (DSA).

LDAP was developed at the University of Michigan; it's "lightweight" in contrast to DAP, a part of the
older X.500 direct protocol for networks.

IceWarp implementation of the LDAP is based on the OpenLDAP Project at

http://www.openldap.org/, extended with SSL support and is available in Merak Mail Server
Professional (Regular and Power Pack) only. The whole LDAP server is installed and configured
automatically during the Merak Mail Server installation and includes also proper configuration for
Netscape Messenger and Outlook Express (schemas).

There many resources about LDAP on the Internet. It is definitely good idea to study some of
them Look at the References section of this chapter.

LDAP Architecture
LDAP utilizes Client-Server Architecture.

LDAP Server is installed together with your Merak Mail Professional (Regular and Power Pack) and
resides in the folder Merak\LDAP\

LDAP Client is usually your email client, or other application. Many current email clients, including
Microsoft Outlook, Eudora, and Netscape Communicator are able to access this LDAP Server. See
the section Using LDAP for configuration.

LDAP Server
Merak Mail Server Professional supports LDAP v3 and is based on the OpenLDAP project
http://www.openldap.org/. Any additional information can be found on that site. See the license
argeement in the LDAP\readme.txt file.

Once installed you can start the LDAP server and it will be ready and working. It has its suffix
already created so you can go on with creating new entries immediately.

LDAP runs under the Control service and works only on Windows NT and higher (NT,2000,XP)
platforms. It does not support Windows ME,95,98.

LDAP setting files can be found in the Merak\LDAP directory and follows the OpenLDAP project.

92
Merak Mail Server (Aug 2002)

To activate LDAP you have to have the Professional version of Merak and have Merak running on
Windows NT platforms. Click Active and Save. LDAP server will start immediately.

When started you can see it is really running in the System tab where it has to say "LDAP" under
the control service.

93
Merak Mail Server (Aug 2002)

You can also change the LDAP ports. LDAP in Merak supports SSL so you can connect to the
LDAP over a secure connection using the certificates installed on Merak. Same certificates as for
HTTP and other services will be used.

The Reload button will make sure to restart the LDAP server so it reloads all of the LDAP setting
files. This is mostly handy when changing the schemes or slapd.conf file so you do not have to
restart the Control service manually by stopping and starting it. You just press the Reload button.
Make always sure to check the LDAP running status. If you do any errors in the settings the LDAP
server will not start.

LDAP Configuration
To configure LDAP properly you have to have some prior knowledge. To learn more about LDAP
search the Internet or follow the resource links. Merak LDAP will let you immediately add, modify,
delete and search records on LDAP.

The main settings are done in the file LDAP\slapd.conf. The file looks like this:

94
Merak Mail Server (Aug 2002)

# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27

20:00:31 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include schema/core.schema
include schema/inetorgperson.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory

# service AND an understanding of referrals.
#referral ldap://root.openldap.org

#pidfile slapd.pid
#argsfile slapd.args

# Load dynamic backend modules:

# modulepath %MODULEDIR%
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la

#
# Sample Access Control
# Allow read access of root DSE
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
#
#access to dn="" by * read
#access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default is:
# Allow read by all
#
# rootdn can always write!

#######################################################################
# ldbm database definitions
#######################################################################

database ldbm
suffix "dc=root"
rootdn "cn=admin,dc=root"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw admin
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd/tools. Mode 700 recommended.
directory ldbm
# Indices to maintain
index objectClass eq

95
Merak Mail Server (Aug 2002)

include
This item lets include additional schema definitions. All schema definitions are located in the
LDAP\Schema directory. You can create your own definitions and edit the existing. Make sure to
follow the creation rules otherwise LDAP will not start. If you are a beginner use always the existing
schema definitions. Includes are used on multiple lines. Please, see the Schema paragraph below.

suffix
This item identifies the suffix you will use the LDAP server under. All client connections will have to
use this suffix. All DB records are also under this suffix so when you change the suffix you need to
create the new records again under the suffix. Usually the suffix is like your domain name.

suffix "dc=icewarp,dc=com"

We wanted to you to be able to use the LDAP right always so we created the suffix

suffix "dc=root"

rootdn
This item identifies the administrator user of LDAP that does not need to exist in LDAP and still
perform any actions like add, edit and delete records. It always has to contain the suffix at the end.
The default is.

rootdn "cn=admin,dc=root"

rootpw
This item contains the password for rootdn the administrator account in LDAP.

The rest of the slapd.conf lets you perform additional changes. Make sure you do not change them
unless you know what you are doing. Any additional information can be found at
http://www.openldap.org/.

LDAP Tools

There are some tools in the LDAP directory that help to administer LDAP DB. The tools have the
same parameters as the tools of the OpenLDAP project.

The one that is worth a word is slapadd which lets you add records to LDAP DB using the LDIF
format. You can see an example in the LDAP directory. The 2 files create.ldif and create.bat this
batch file creates the suffix in the LDAP DB using the slapadd tool. Similarly you can add more
records by editing the create.ldif file. Syntax of the LDIF format can be found on the Internet.

Schema

The LDAP schema, as with all database schemas, is the definition of what can be stored in the
directory. The basic thing in an entry is an attribute, like givenName. Each attribute is associated
with a syntax that determines what can be stored in that attribute (plain text, binary data, encoded
data of some sort), and how searches against them work (case sensitivity, for example). An
objectclass is a three-tuple, consisting of (must have, required, may have), saying what other
attributes can or should be present.

There is a standard core of schema definitions (object classes, attributes and syntaxes), and you
can define your own to suit your particular needs. Most every organization will want to do that.
The best resource for information the LDAP schema repository where you can browse object
classes, attributes, syntaxes and matching rules.

96
Merak Mail Server (Aug 2002)

Using LDAP
Adding, modifying and deleting records on LDAP can be done using different LDAP tools. We
recommend using LDAP Administrator from Softerra which is a shareware and can be downloaded
from http://www.softerra.com/. Ithas a nice windows-like explorer interface and works properly.

All mail clients supporting LDAP allow you to search records on LDAP servers. Hardly some will
help you to modify records on the server. Some mail clients have a better LDAP implementation
and searching is smooth and some are cumbersome and hardly to use.

Netscape Messenger

Configuring Netscape Messenger to use LDAP servers is easy and is done in the Address Book
area. Click File and New Directory.

Description can be anything you would like to see in the Address Book. Server needs to be the IP or
the host name of the LDAP server. Search root is the suffix or desired root you want. Leave the port
numbers default. You can use the secure SSL connections if needed. Configuring is done.

Now to search the directory. Click the directory and press Search. A dialog will appear.

Press search and a list of items will appear in the directory listing. Netscape messenger has really a
nice way of using LDAP. The list and the search is cached and next time you open the directory last
search results will be present.

97
Merak Mail Server (Aug 2002)

Outlook Express

Outlook Express has slightly worse support of LDAP. Each time you want to use it you have to
perform a search and select the directory you want to search. To configure Outlook Express to use
LDAP you have to do this. Select the Tools - Accounts - Directory Service and click Add Directory
Service.

Searching in Outlook is a bit too complicated. You have to open the Address Book and in the Edit
menu item use the Find Persons item. Select the LDAP directory and fill in the desired search
conditions. Click Search.

References

LDAP Zone
ldapman.org has some great introductory articles.
The LDAP Schema Repository is indispensable for figuring out what to stuff in there and how.
A System Administrator's View of LDAP by Bruce Markey from Netscape is a very clear
introduction to our use of it (note how his layout style resembles ours :-P).
Jeff Hodge's LDAP roadmap and faq which seems to be the authoritative guide to links.
Unfortunately, it's so badly organized that it's almost not worth it. Beware that this guy is way
confused about "versioning" his web site, so you may very well find yourself reading something
out-of-date by more than a year! Check the "Last updated" on top of the page and try the other
versions.
The Yahoo! category has fine links.
Here's something about the Abstract Syntax Notation used in specifying the protocol.
Here's something about the Basic Encoding Rules defining what the protocol looks like on the
wire.
More about BER, this time LDAP-specific

98
Merak Mail Server (Aug 2002)

Appendix A - Settings for Common AntiVirus programs

McAfee VirusScan (tested 4.7.0) http://www.mcafee.com/

We are only interested in the command line scanner and it is actually easier to copy these files from
a different machine that has had the software installed on it. In fact, if you have a Windows2000
server then this is the only way as the McAfee software will not install onto the server.

Install the McAfee software onto a workstation or windows 9x, and then package up all the files in
the following directory :
C:\Program Files\Common Files\Network Associates\VirusScan Engine\4.0.xx

Copy these files to your server and place them in a meaningful directory e.g. antivirus

Application: c:\antivirus\scan.exe
Parameters: %s /ALL /NOMEM /NOBEEP /UNZIP /ANALYZE /DEL /DAM /MIME /NOEXPIRE
/NOBOOT /PROGRAM /SILENT /SUB
File Deleted Checking: On

/ALL - scans all files

/NOMEM - do not scan memory
/NOBEEP - do not issue a beep on virus discovery
/UNZIP - scan through compressed archives (.zip .arj files)
/ANALYZE
/DEL
/DAM
/MIME
/NOEXPIRE
/NOBOOT
/PROGRAM
/SILENT
/SUB
%s - the filename variable which Merak will replace at runtime.

Note about the new version:

a) McAfee VirusScan Security Suite package includes NetShield who includes VirusScan
command line

b) VirusScan command line is installed in the /Common Files/Network Associates/VirusScan

Engine path..

c) NetShield by default performs automatic cleaning of all infected files when they are written or
read from hd by any application, so when Merak write the attachements in Merak\Temp
directory, the files are automatically cleaned by NetShield and the command line scanner
invoked by Merak never will find any virus! This is a problem because infected e-mails are
deliverd to recipients! To resolve this iussue, the admin haves to configure NetShield to exclude
the Merak/Temp path for automatic virus checking...

99
Merak Mail Server (Aug 2002)

F-Prot http://www.f-prot.com/

Application: c:\antivirus\f-prot.exe
Parameters: /ARCHIVE /NOBOOT /NOMEM %s
File Deleted Checking: Off

The executable is called f-prot.exe

/ARCHIVE - scan through compressed archives (.zip .arj files)
/NOBOOT - do not scan the boot sector of the hard disk.
/NOMEM - do not scan memory
%s - the filename variable which Merak will replace at runtime.

Note: From some version, F-Prot stopped working with Merak. There is an easy work around
for this. Create a shortcut link to f-prot.exe and set the properties to close window on exit. Then
specify the Virus Scan Application as the new shortcut link.

Dr.Solomons (tested at 4.0.3a)

Application: c:\antivirus\scan32.exe
Parameters: /NOSPLASH /ALWAYSEXIT /SUB /ALL /COMP /UINONE /CONTINUE %s
File Deleted Checking: Off

The executable is called scan32.exe

/NOSPLASH - prevents the splashscreen from appearing
/ALWAYSEXIT - this ensures that the scanner always exits
/SUB - includes subdirectories
/ALL - includes all files
/COMP - includes compressed files
/UINONE - No user interface (ie run in background)
/CONTINUE - carry on if a virus is found
%s - the filename variable which Merak will replace at runtime.

AVG Antivirus (tested at 6.0) http://www.grisoft.com/

Application: c:\antivirus\avg.exe
Parameters: /NOMEM /SCAN /NOSELF /ARC %s
File Deleted Checking: Off

The executable is called avg.exe

/ARC - scan through compressed archives (.zip .arj files)
/NOMEM - do not scan memory
/SCAN - scan all files
/NOSELF - do not check itself
%s - the filename variable which Merak will replace at runtime.

100
Merak Mail Server (Aug 2002)

Norton Antivirus (tested at Corporate Edition and Standard) http://www.symantec.com/

Corporate Edition

Application: c:\antivirus\vscand.exe
Parameters: /AZ /D /NA /NB /NL /NM /Q /ZIP /C %s
File Deleted Checking: On

The files you need are under the clt-inst dir under dos subfolder. Copy the files to Merak machine
and use the vscand.exe.

The executable is called vscand.exe

/AZ
/D
/NA
/NB
/NL
/NM
/Q
/ZIP
/C
%s

Standard

Application: c:\antivirus\navwnt.exe
Parameters: %s /S+ /M /B- /NORESULTS
File Delete Checking: On

Do not install NAV autoprotect feature. There are two main problems with that virus scanner. First
of all NAV does not return an exit code upon scan completition. Other programs quit with different
exit codes whether they have found a virus or not. That is the way Merak and other servers know
about infected attachments, usually. The "File Deleted Checking" option was introduced by IceWarp
as a workaround for this issue. Second, there is no command line option to tell NAV to delete
infected files instead of repairing or simply detecting them. You have to configure NAV through its
graphical interface for this.

You should configure Merak this way:

1) In Virus Scan Filters section, select "File Deleted Checking", "Scan All Message Parts".
2) The "Return Values" field does not matter.
3) In "Parameters" field enter (without the quotes): "%S*.* /S+ /B- /NORESULTS"
4) Select the NAV executable (navwnt.exe).
5) Click on Add button.

Then launch the NAV administration console and configure the Manual Scan Options as follows:
1) Deselect boot record options.
2) Set "Delete the infected file" action.
3) Select "All files".
4) Select "Scan within compressed files".

The executable is called navwnt.exe

/S+
/M
/B-
/NORESULTS
%s - the filename variable which Merak will replace at runtime.

101
Merak Mail Server (Aug 2002)

Appendix B - Migrating To Merak Mail Server

The biggest challenge and problem for sysadmins today when going to a new mail server is to
figure out a way to painlessly and carefully move all the mail and users from the old server to the
new server. The classical approach to this problem was to simply use some sort of custom program
to extract the data directly from the old servers user database and then import the mail and users,
either directly by moving them physically from one machine to another, or through some kind of
POP import program. The problem with this approach is that you always need a custom program
for each type of mail server on the market to extract the mail and users. However most of the mail
server systems never give away plain text passwords and list of mailboxes and domains so the new
server cannot use them and the whole process is unusable. So, how do we get around this
problem? IceWarp made this problem the past. The answer is Merak Mail Server Migration Tool.

The Merak Mail Server Mail Migrator uses a smart proxy approach by gleaning all user and mail
information not from the original database, but from the information that comes from the user
directly by acting as a POP3 proxy. Since the username and password provided by the user arrives
in plain text, it is possible for the migrator to use that to build the mailboxes on the new server and
to pull the mail off the old server as well. You basically stick the Merak Mail Server Migrator Tool
between your customers and your old mail server and the migrator takes care of the rest. All of the
messages on the old mail server will not be deleted and will be left on the server.

The complete Merak Mail Server Migrator Tool manual can be downloaded at the IceWarp
Download section. It contains the migration tour with screen shots and tutorial. You can also
purchase the migrator on our web site.

102
Merak Mail Server (Aug 2002)

Appendix C - An Overview of how Merak Mail Server

works

Services

Merak Mail server consists of three services and the configuration program. There are also a few
tools like DNS Query Tool, Users Command Line Tool, WebAdmin, Control Panel applet, and Mail
Notification. Services are programs that run in the background of Windows and do the work for you.

SMTP service handles the mail delivery, forwarding the mail, disk space monitor and all account
options. This service handles the most work of the mail server and should always run.

POP3/IMAP4 service handles the message sending to the mail clients when users want to get new
mail from the server. This service also handles the Remote Accounts and the Antivirus System.
This service should be always run as well.

Control service handles the DialUp connections, Remote Administration, Web Administration, and
the Watchdog option. If you do not need any of these you do not have to run this service.

Files & Directories

In the Merak directory there are all the executable, help, readme files, and the default.ini. In the
HTML directory, there are files for the Web Administration. The CONFIG directory contains all
configuration and settings. The LOG directory contains all logs.

SMTP, POP3/IMAP4 and Control logs can be switched on individually. Error logs are always made
when errors occur. The log structure:
[IP Address] [Thread ID] [Date Time] [Action]

Example:
SYSTEM [00000000] Fri, 19 Jan 2001 11:36:54 +0100 SMTP Service started

In the MAIL directory, there are domain directories and the FORWARD directory. In the forward
directory is the queue for outgoing mail. All mail has extension .tmp. When mail is being transmitted
its extension changes to .tm$. In the domain directories there are mailbox directories for the
received mail.

In the TEMP directory, files are being currently received. After they have been received they are
copied to the mailbox(es) and then deleted.

Mail Sending & Receiving

There is no difference between local and Internet mail receiving. Therefore if you can receive your
local mail you can also receive Internet mail. If mail is not being delivered from the Internet it is likely
that security options set are preventing this, or the DNS MX records on the domain has been
entered incorrectly.

103
Merak Mail Server (Aug 2002)

Sending the mail follows a different path. When mail is being sent to a local account it is
immediately delivered to the local mailbox and the mail does not go to the Internet. Mail server
recognizes that according to the configured domains in the Config program. When there is a
recipient with the local domain, it is delivered to the local domain. When it finds out it is an external
recipient (domain) it places the mail in the FORWARD directory (outgoing queue) and tries
immediately to deliver the message. This is all done in separate threads (processes). Merak is a full
multi threaded multiple CPU support server.

The greatest advantage of Merak it its safety and security. All of the services run the TLS/SSL
support (Secure Socket Layer) and you can set your mail clients to support and use this option. In
such case all message transmission to and from server will be totally secured. Merak goes beyond
this and when found a remote mail server supporting this feature too (another Merak) the whole
TCP/IP communication is secured in the same manner. Therefor a network of Merak mail servers
would totally put hackers out of their business.

104
Merak Mail Server (Aug 2002)

Appendix D - DNS and MX records

DNS - Understanding and getting it working with your mail server

Having a domain, e.g. mycompany.com, is an important step in establishing an identity for a

business on the Internet. People enter the domain as part of an e-mail address or a Web address.
Really, what the network uses to route traffic is not domain names as such, but the corresponding
IP addresses. The translation between fully qualified domain names and IP addresses is taken care
of by DNS servers. DNS server is an abbreviation for Domain Name System server. Basically all
host names on the Internet are converted to IP addresses by querying the DNS. DNS has many
purposes. The most important one is that without a proper DNS server your Internet connection
cannot work because you do not know the real IP addresses of the desired servers. DNS runs on a
UDP protocol port 53.

There are several record types on DNS. For us the 2 important are A and MX records. A records
convert a host names into IP addresses.

Example:
www.icewarp.com A 12.107.133.12

MX records are mail exchange records. They are used for delivery of email to its destination mail
sever. Basically email addresses are constructed by an alias and a domain: alias@domain.
Example: [email protected]. Each domain should have at least 1 MX record. If there is none mail
delivery will not work. There are some issues when it might work but generally all domains should
have MX records.
Each MX record for a domain has a preference number and a host name of the server to deliver
messages to. When there are more MX records for a domain the lowest preference number has the
highest priority and should be tried first to deliver the message to. If that does not work a lower
priority should be tried. Usually there is only 1 MX record for a domain.

Example:
icewarp.com MX mail.icewarp.com 10

The above is an MX record for the domain icewarp.com with a preference 10.

DNS servers are mainly maintained by your ISP. You should make sure they setup your DNS
records correctly. If you need proper DNS records for your mail server you should do this:
Find out the IP of your mail server machine
Require an A DNS record such as: mail.yourdomain.com to point to that IP
Require an MX DNS record for your domain to point to mail.yourdomain.com with some preference
(10).

That is really all you need for your mail server to receive messages from the Internet. In the Merak
Mail Server package there is a special tool that you can use to verify your DNS records. The tool is
called DNS Query Tool and can be found in: Merak\dnsquery.exe
Run that tool. The DNS field should contain a proper working DNS server IP or host name. Query
should contain the value you want to query. Type, select the DNS record type. Now verify all your
DNS records. For icewarp.com it would be:
Query: icewarp.com, Type: MX, Result = mail.icewarp.com
Query: mail.icewarp.com, Type: A, Result = {some IP address}

If your queries do not work either your specified DNS server is not working properly or your DNS
records are not configured right. You should call your ISP on the phone and ask them for their DNS
server IP address and tell them to verify your records.

105
Merak Mail Server (Aug 2002)

When all done Merak or any other mail server can receive messages from the Internet. A little note.
When your email server can receive messages locally it also works externally from the Internet.
There is no difference. If there is a problem it must be a DNS record problem only, not the mail
servers.

Receiving messages should be fine by now. Sometimes there might be problems with sending
messages. They might get stuck in the Outgoing queue. In Merak it is the Merak\Mail\Forward
directory. 99% it is a DNS server problem. Not a DNS record problem but your DNS specification in
the Merak configuration program the system section DNS field. Try to specify another DNS server
there (assuming you are using DNS Lookup option). If it still does not work switch on Merak SMTP
logging and analyze the logs. Look for Client Session records and MX queries. It should look like
this:
Client session MX - Issuing query 194.213.224.2 for "icewarp.com"

The line above tells there is going to be a query to the DNS server 194.213.224.2 for the domain
icewarp.com
The most important record is the following line:
Client session MX - Query response: 0 (1)

That line means DNS server responded with 0 (OK) and returned 1 result. If you have a different
line such as Could not connect. Your DNS server is not working and you should use a different one.
If your line looks like this:
Client session MX - Query response: 0 (0)

It is the same problem as above. Use a different DNS server.

Final lines of interest:

Client session Connecting to "mail.icewarp.com"
Client session Connected

The result of the DNS query returned host mail.icewarp.com and Merak is trying to connect to it. It
was successful. Sometimes you might get Could not connect. That means the remote server is
either down or your machine cannot connect to it for some reason (firewall or incorrectly set up
Internet connection etc.). Try using this from the command line:
telnet mail.icewarp.com 25

If that works all your Internet settings are correct and the remote mail server that did not work and is
only down for a some while.

How does DNS work?

DNS is a distributed database. DNS service is offered by thousands of DNS servers on the Internet,
each responsible for a portion of the name space called a zone. The servers that have access to
the DNS information (zone file) for a zone is said to have authority for that zone. When queried , a
DNS server translates the domain name into the corresponding IP address. For example, the
domain name www.example.com might translate to 195.24.22.209.

When TCP/IP software is installed on a Windows workstation, the IP address of one or more name
server(s) is one of the configured parameters. This is the name server that the host (or really, the
browser application on the host) should direct its query to when looking for the IP address of for
instance a Web server on the Internet (given that this server has a fully qualified domain name). It is
also the server responsible for telling other servers on the Internet how to get in touch with the
workstation, if this should be desired (again given that the workstation has a fully qualified domain
name). A fully qualified domain name, like www.example.com consists of a hostname (www) as
well as a domain (example.com).

No single one of the thousands of name servers on the Internet knows all the keys for translating
domain names into IP addresses and vice versa, but each server knows the names and IP address
of every users computer on its branch of the Internet (zone). The server then exchanges this

106
Merak Mail Server (Aug 2002)

information with other domain name servers from other corners of the net, thus enabling domain
name addressed communication between hosts on different networks.

The Internet would work without DNS, of course, but it would mean that all traffic would have to be
addressed using IP addresses

Types of DNS record

The two most common resource records are:

A: The Address Record.

This record supplies the IP address for a given hostname. You will need A records for any
public servers you maintain (servers which should be accessible from the Internet). The
most common hostnames are www and mail that are used to identify Web servers and
mail servers.

MX: The Mail Exchange Record. This record indicates which host(s) handles electronic
mail for the domain, and offers a method of prioritizing the order of mail servers that e-mails
to the domain should be attempted delivered to. An MX record has two parts: the name of
the machine that will accept mail for the domain, and a preference value. A domain can
have multiple MX records.

The other types of resource records are :

SOA: The Start of Authority Record

This contains general information about the domain, which server is responsible for it, how
long the domain information should be held in another machines cache etc

CNAME: The Canonical Name Record

This is an alias for a host (A) record.

PTR: The Pointer Record

This is a hostname to IP address record used for reverse lookups.

NS: The Nameserver Record

This defines the nameservers for a domain.

The MX Record

From a mailserver perspective we are only really interested in MX records. The MX record is what
makes it possible to have e-mail addresses in the format [email protected] that use the domain
without specifying the specific host (the mail server). If no MX record was created for a domain, the
specific domain of every mail server within the domain would have to be specified though an entry
in the address record (A), and the e-mail address for the user would look something like
[email protected].

Consider the domain lotus.com. We will query the MX records for the domain using the supplied
DNS Query tool :

107
Merak Mail Server (Aug 2002)

This tells us that there are 2 MX records for the domain lotus.com. When an email is sent to the
domain lotus.com, the sending machine will request the MX records and then send to the
mailserver with the smallest preference value. In this case, the server would attempt to send the
mail to the server lotus.lotus.com. If that server refuses the mail, or is uncontactable the next server
is tried, lotus2.lotus.com.

Only after trying all MX records does a server mark a mail as undeliverable, and then retries every
X hours X times before returning the mail to the sender as undeliverable.

Things to Check

Ensure that for each domain that is setup at least one MX record exists, and for the hostname
specified in the MX record, that a corresponding hostname (A) record exists, otherwise the lookup
on the mailserver hostname will fail also. Here is an example DNS database file :
@ IN SOA ns3.siwd.net. support.siwd.net. (
15 ; serial number
900 ; refresh
600 ; retry
86400 ; expire
14400 ) ; minimum TTL

;
; Zone NS records
;
@ NS ns3.siwd.net.
@ NS ns4.siwd.net.

;
; Zone records
;
@ MX 5 mail.liquid-matrix.com.
mail A 213.165.154.3
www A 213.165.154.2

108
Merak Mail Server (Aug 2002)

Appendix E - API

The API

The API (Application Programming Interface) for Merak is designed for those who want
to manipulate domains, users, mailing lists, notification accounts and executables from external
applications. It allows you to get lists of accounts, add, delete, edit and read the settings.

The API.DLL can be found in the Merak directory and is used by the Users.exe command line tool.
The source code for Users.exe can be found in the API directory and is written in Delphi.

Using the API

The API can be used in any programming language such as Delphi, BC++ Builder, MS VC++, ASP,
VB etc.
All you need to do is to import the functions from the API DLL (Dynamic Linked Library).

In order to use the API you have to follow few rules:

1. Before calling any functions from the API, call the Init function and pass the full Merak directory to
it.

2. All functions return a result. The result can be either negative or positive.
The positive results (including 0) indicate a success of the function. See the APIConst unit for
negative results. You should always check all results.

Functions:

Function Init(Directory: PChar): Longint; StdCall;

Initializes the API. The directory contains the Merak Mail Server installation path. This function
should be the first called function.

Procedure UpdateConfiguration; StdCall;

Makes all services to reload the global configuration changes.

GetUserCount(Domain: PChar): Longint;

Returns the number of accounts in the specified domain.

GetUserList(Domain: PChar; Var List; Size: Longint): Longint;

Returns the list of all accounts in the specified domain. The List must be long enough and the Size
must specify the length of the List buffer. A list of all users will be placed into the List buffer. The
users will be separated by the #00 byte. The last record contains one more #00 byte.

Function GetUserIndex(Domain, Alias: PChar): Longint; StdCall;

Returns the index of the user. The domain specifies the domain and alias specifies the user's alias.
All records are index based. Therefore when you want to save or load a user you need to know the
index first.

Function LoadUser(Domain: PChar; Index: Longint; Var Buffer; Size:

Longint): Longint; StdCall;
Loads the user settings for the specified domain and the index of the user. Buffer must be long
enough to hold the whole user's settings. Make it at least 4192 bytes.

Function SaveUser(Domain: PChar; Index: Longint; Var Buffer; Size:

Longint): Longint; StdCall;

109
Merak Mail Server (Aug 2002)

Saves the user settings from the Buffer.

Function AddUser(Domain: PChar; Var Buffer; Size: Longint): Longint;

StdCall;
Adds a new user.

Function DeleteUser(Domain: PChar; Index: Longint): Longint; StdCall;

Deletes the specified user.

Function AuthenticateUser(Mailbox, Password, IP: PChar; Var DomainIndex:

Longint; Var FResult; ResultSize: Longint): Longint; StdCall;
Authenticates the user to the mail server. Merak uses the same function to find the user during the
authentication process. The IP parameter should be the IP address of the mail server to connect to.
If you are not using this option leave it empty (NIL) When successful the function returns the
DomainIndex the user was found in and the FResult contains the user buffer.

Function GetUserSetting(Var Buffer; Size: Longint; Setting: Longint; Var

FResult; ResultSize: Longint): Longint; StdCall;
Function SetUserSetting(Var Buffer; Size: Longint; Setting: Longint; Var
FResult; ResultSize: Longint): Longint; StdCall;
These 2 functions are the most important ones. By these functions you can set/get all the settings
for the users. Buffer contains the user setting structure and the Size reports its size. Setting
specifies the Command. The command list can be found in the APIConst unit. The FResult is the
buffer to get/set the value for the particular setting. The ResultSize specifies the size of the FResult
buffer. Settings have several data formats:
a) String, size = length of the string
b) Boolean, size = 1
c) Number, size = 4
d) Time, size = 8
The setting command names correspond to the config program option names. The data formats
correspond as well.

Function GetDomainCount: Longint; StdCall;

Returns the number of domains.

Function GetDomainList(Var List; Size: Longint): Longint; StdCall;

Returns the list of all domains. The List must be long enough
and the Size must specify the length of the List buffer. A list of all domains will be placed into the
List buffer. Domains will be separated by the #00 byte. The last record contains one more #00 byte.
The first domain in the list is a primary domain.

Function GetDomainName(Index: Longint; Var Name; Size: Longint): Longint;

StdCall;
Returns the name of the domain specified by the Index. All domains are index
based. Therefor when you want to save or load a domain you need to know the index first.
The Name is a pointer to buffer to receive the domain name, Size specifies the size of the buffer.
The function returns the size of the returned domain name.

Function GetDomainIndex(Name: PChar): Longint; StdCall;

The opposite of the previous above.

110
Merak Mail Server (Aug 2002)

The following functions have the same logic as user functions. Please, see the user functions for
more information.

Function LoadDomain(Index: Longint; Var Buffer; Size: Longint): Longint;

StdCall;
Function SaveDomain(Index: Longint; Var Buffer; Size: Longint): Longint;
StdCall;
Function AddDomain(Name: PChar; Var Buffer; Size: Longint): Longint;
StdCall;
Function DeleteDomain(Index: Longint): Longint; StdCall;
Function GetDomainSetting(Var Buffer; Size: Longint; Setting: Longint;
Var FResult; ResultSize: Longint): Longint; StdCall;
Function SetDomainSetting(Var Buffer; Size: Longint; Setting: Longint;
Var FResult; ResultSize: Longint): Longint; StdCall;

Function GetDomainIP(Index: Longint; Var Buffer; Size: Longint): Longint;

StdCall;
Function SetDomainIP(Index: Longint; Var Buffer; Size: Longint): Longint;
StdCall;
These functions get/set the logical IP binding of a domain. If you are not using it do not call these
functions.

Delphi
The Delphi unit APIConst contains the constants for manipulating the settings and getting
the results. The unit APIUnit contains the function definitions of all the exported
functions from the API.DLL. All functions are StdCall API functions. See the complete source
of the Users application.

VB
The first thing you have to do in order to make this all work is to copy the API.DLL file
into your windows system32 directory. Please copy not move this file. You will still
need to keep a copy in the Merak folder. Also do not forget to update both API.DLL files
when a new version of Merak Mail is released.

The next step is to start a VB project, the type is not important, but
it is probably easier to test as you go if you create an EXE. Add a module to this
project and then add the following code into that module:

Public Enum VarTypes

V_Bool = 1
V_Long
V_String
End Enum

Public Enum ResultCodes

S_OK = 0

E_FAILURE = -1
E_LICENSE = -2
E_PARAMS = -3
E_PATH = -4
E_CONFIG = -5
End Enum

Public Enum DomainSetting

D_Description = 0

111
Merak Mail Server (Aug 2002)

D_Type
D_DomainValue = 3
D_PostMaster
D_AdminForward
D_UnknownUsersForward
D_UnknownForwardTo
D_InfoToAdmin

End Enum

Public Enum UserSetting

U_Type = 0
U_AntiSpamIndex
U_Name
U_Alias

U_Mailbox = 16
U_AccountDisabled
U_AccountValid
U_AccountValidTill
U_CheckVirus
U_AllowRemote
U_ValidityReport
U_ValidityReportDays
U_NTPassword
U_IMAP
U_IMAPMailbox
U_MaxMessageSize
U_DontShowMessages
U_AnyPassword
U_ETRN
U_DeleteExpire
U_NULL
U_Password
U_NTPasswordValue
U_DomainAdminIndex
U_DomainAdmin
U_MailBoxPath
U_Admin
U_MaxBox
U_MaxBoxSize
U_ForceFrom
U_Respond
U_OnlyLocalDomain
U_UseRemoteAddress
U_ForwardTo
U_RespondWith
U_MailIn
U_MailOut
U_ValidReport
U_DeleteOlder
U_DeleteOlderDays
U_ForwardOlder
U_ForwardOlderDays
U_ForwardOlderTo
U_RemoteAddress
U_ForceFromAddress
U_MegabyteSendLimit
U_NumberSendLimit
U_NoMailList

E_Application = 80
E_Parameters
E_ExecForwardCopy

M_OwnerAddress = 112

112
Merak Mail Server (Aug 2002)

M_CopyToOwner
M_DigestConfirmed
M_MailingListFile
M_ListServer
M_SendToSender
M_SubListFile
M_SendAllLists
M_HeaderFile
M_FooterFile
M_Moderated
M_ModeratedPassword
M_DenyEXPNList
M_MaxList
M_MaxListSize
M_SetFromTo
M_SetFromToValue
M_HelpFile
M_MembersOnly
M_ReplyTo
M_SwitchFields
M_AddToSubject
M_JoinR
M_LeaveR
M_ListsR
M_WhichR
M_ReviewR
M_ListSubject
M_ListSender
M_ServerModerated

S_MailAddress = 160
S_SMSIntoSubject
S_Size
S_SendTo
S_SendFrom
S_SendSubject
S_SendBody
S_SendDateTime
S_Send
S_SMSForwardCopy
S_SkipAttach
S_SMSSender
S_SMSCount
S_SMSFilterFile

R_Activity = 192
R_ActivityValue
R_FilterFile
R_ExternalFilter
R_ExternalFilterFile
R_ExternalDomain
R_SaveTo
R_ExternalFilterType
End Enum

Public Const BUFFER_SIZE As Integer = 4192

''' Misc Functions

Public Declare Function Init Lib "api" (ByVal Directory As String) As

Long

''' Domain Functions

Public Declare Function GetDomainCount Lib "api" () As Long

113
Merak Mail Server (Aug 2002)

Public Declare Function GetDomainList Lib "api" (ByRef List As Any, ByVal
Size As Long) As Long

Public Declare Function GetDomainName Lib "api" (ByVal Index As Long,

_ByRef Name As Any, ByVal Size As Long) As Long

Public Declare Function GetDomainIndex Lib "api" (ByVal Name As String)

As Long

Public Declare Function LoadDomain Lib "api" (ByVal Index As Long, ByRef
Buffer As Any, _ByVal Size As Long) As Long

Public Declare Function SaveDomain Lib "api" (ByVal Index As Long, ByRef
Buffer As Any, _ByVal Size As Long) As Long

Public Declare Function AddDomain Lib "api" (ByVal Name As String, ByRef
Buffer As Any, _ ByVal Size As Long) As Long

Public Declare Function DeleteDomain Lib "api" (ByVal Index As Long) As

Long

Public Declare Function GetDomainSetting Lib "api" (ByRef Buffer As Any,

ByVal Size As Long, _ByVal Setting As DomainSetting, ByRef FResult As
Any, ByVal ResultSize As Long) As Long

Public Declare Function SetDomainSetting Lib "api" (ByRef Buffer As Any,

ByVal Size As Long, _ByVal Setting As DomainSetting, ByRef FResult As
Any, ByVal ResultSize As Long) As Long

''' User Functions

Public Declare Function GetUserList Lib "api" (ByVal Domain As String,

_ByRef List As Any, ByVal Size As Long) As Long

Public Declare Function GetUserCount Lib "api" (ByVal Domain As String)

As Long

Public Declare Function GetUserIndex Lib "api" (ByVal Domain As String,

ByVal Alias As String) As Long

Public Declare Function LoadUser Lib "api" (ByVal Domain As String, ByVal
Index As Long, _ByRef Buffer As Any, ByVal Size As Long) As Long

Public Declare Function SaveUser Lib "api" (ByVal Domain As String, ByVal
Index As Long, _ByRef Buffer As Any, ByVal Size As Long) As Long

Public Declare Function GetUserSetting Lib "api" (ByRef Buffer As Any,

ByVal Size As Long, _ByVal Setting As UserSetting, ByRef FResult As Any,
ByVal ResultSize As Long) As Long

Public Declare Function SetUserSetting Lib "api" (ByRef Buffer As Any,

ByVal Size As Long, _ByVal Setting As UserSetting, ByRef FResult As Any,
ByVal ResultSize As Long) As Long

Public Declare Function AddUser Lib "api" (ByVal Domain As String, ByRef
Buffer As Any, _ByVal Size As Long) As Long

Public Declare Function DeleteUser Lib "api" (ByVal Domain As String,

ByVal Index As Long) As Long

Public Declare Function AuthenticateUser Lib "api" (ByVal Mailbox As

String, ByVal Password As String, ByVal IP As String, ByRef DomainIndex
As Long, ByRef FResult As Any, ByRef ResultSize As Long) As Long

When making any call to the Merak API you must initialize the API first by calling

114
Merak Mail Server (Aug 2002)

the Init function defined above. Here is how to make that call:

Private Sub Form_Load()

Debug.Print Init("d:\Merak\"**)
End Sub

* Note that I'm basing this on a typical VB EXE Project

** This path is your Merak Directory

Contrary to how VB works, if Init returns a zero then you have initialized the API correctly.
To get an idea of what the other return codes mean take a look at results codes enum listed above.

Get Domain List

Let's start off with a fairly easy task, getting a list of the domains. This will provide
a good example of how Merak uses byte arrays which are not typically used much in VB. To
get the list of domains we can use the following code:

Private Sub Form_Load()

Dim lNum As Long

Dim lMax As Long
Dim sString As String
Dim asList(1 To 1024) As Byte

''' remember that Merak returns 0 for success

If Not Init("d:\Merak\") Then

lMax = GetDomainList(asList(1), 1024)

For lNum = 1 To lMax

If asList(lNum) <> 0 Then
sString = sString & Chr$(asList(lNum))
Else
Debug.Print sString
sString = ""
End If
Next lNum

End If

End Sub

Make sure that you change the path in the Init call to the proper path in your system.
When the asList variable gets filled by the GetDomainList call, it will insert a zero for
breaks between multiple arrays and it will insert two zeros at the end of the list. Once
these bytes have been converted to characters this would look something like this:

domainA0domainB0domainC00

That is why each byte is checked to see if it is greater than zero. If it is a zero it is
a separator, if there are two zeros in a row that is the end of the list. The function itself
returns to us the number of bytes that have been put into the array. An easy way to handle this
would be to cut off the last two bytes and then split the string.

Loading Domains and Users

In order to make changes to Domains and Users you first have to load their settings byte array
which you can then modify to make changes. Loading is a fairly simple task and works the same for
both Domains and Users.

Private Sub Form_Load()

115
Merak Mail Server (Aug 2002)

Dim lIndex As Long

Dim abBuffer(1 To BUFFER_SIZE) As Byte

''' remember that Merak returns 0 for success

If Not Init("d:\Merak\") Then

lIndex = GetDomainIndex("yourdomain.com")
Debug.Print LoadDomain(lIndex, abBuffer(1), BUFFER_SIZE)

End If

End Sub

First you need the index, and then you can load the domain/user which fills the buffer variable.

Changing Settings

Once you have loaded a domain or a user you can then make calls to GetSetting and SetSetting.
One of the hardest parts about this is knowing what type of value a setting uses. Merak uses
three different variable types for the settings-boolean, long, and string. It is important to know
which type of value the system is expecting because of the byte conversion process that is
required.
Below are some functions which I use to do the conversions:

Public Function CBytes2Long(ByRef Bytes() As Byte) As Long

Dim lTemp As Long

lTemp = Bytes(1)
lTemp = lTemp + (Bytes(2) * 256)
lTemp = lTemp + (Bytes(3) * 65536)
CBytes2Long = lTemp

End Function

Public Function CBytes2String(ByRef Bytes() As Byte) As String

Dim lMax As Long

Dim lNum As Long
Dim sTemp As String

lMax = UBound(Bytes)

For lNum = 1 To lMax

sTemp = sTemp & Chr$(Bytes(lNum))
Next lNum

CBytes2String = sTemp

End Function

Public Function CBytes2Bool(ByRef Bytes() As Byte) As Boolean

CBytes2Bool = CBool(Bytes(1))

End Function

Public Sub CString2Bytes(ByVal Value As String, ByRef Bytes() As Byte)

Dim lLen As Long

Dim lNum As Long

lLen = Len(Value)

ReDim Bytes(1 To lLen) As Byte

116
Merak Mail Server (Aug 2002)

For lNum = 1 To lLen

Bytes(lNum) = Asc(Mid$(Value, lNum, 1))
Next lNum

End Sub

Public Sub CLong2Bytes(ByVal Number As Long, ByRef Bytes() As Byte)

Bytes(3) = Number / 65536

Number = Number Mod 65536
Bytes(2) = Number / 256
Number = Number Mod 256
Bytes(1) = Number

End Sub

Once you know that you can convert these values back and forth you can make the calls
to set and get the settings. Here is an example to get and set a user's password:

Private Sub Form_Load()

Dim lIndex As Long

Dim abBuffer(1 To BUFFER_SIZE) As Byte
Dim abOut() As Byte

''' The size of this array depends on the

''' type of variable.
''' 1 for boolean
''' 4 for long
''' 1024 for string
ReDim abOut(1 To 1024) As Byte

''' remember that Merak returns 0 for success

If Not Init("d:\Merak\") Then

lIndex = GetUserIndex("mydomain.com", "myuser")

Call LoadUser("mydomain.com", lIndex, abBuffer(1), BUFFER_SIZE)

''' get the user's password

Call GetUserSetting(abBuffer(1), BUFFER_SIZE, U_Password,
abOut(1), UBound(abOut))

Debug.Print CBytes2String(abOut)

''' set the password

CString2Bytes "newpass", abOut

Call SetUserSetting(abBuffer(1), BUFFER_SIZE, U_Password,

abOut(1), UBound(abOut))

End If

End Sub

Please note that the above code will not change the user's password because we didn't save the
settings.

Saving Domains and Users

Once you have made changes to a user or domain's settings you have to save those settings
or else all your changes will be lost. Saving is easy to do.

Private Sub Form_Load()

117
Merak Mail Server (Aug 2002)

Dim lIndex As Long

Dim abBuffer(1 To BUFFER_SIZE) As Byte

''' remember that Merak returns 0 for success

If Not Init("d:\Merak\") Then

lIndex = GetDomainIndex("yourdomain.com")
Debug.Print SaveDomain(lIndex, abBuffer(1), BUFFER_SIZE)

End If

End Sub

Creating Domains and Users

If you understand everything up to this point then creating domains and uses
should be a fairly simple task for you to do. First of you have to create an empty
buffer array and then set the values you need to set on that user or domain. Once
your buffer is set with all of your values you will then call AddDomain or AddUser.
Below is some sample code on how to add a new user to your domain.

Private Sub Form_Load()

Dim lRet As Long

Dim abBuffer(1 To BUFFER_SIZE) As Byte
Dim lNum As Long

''' initialize the array

For lNum = 1 To BUFFER_SIZE
abBuffer(lNum) = 0
Next lNum

''' remember that Merak returns 0 for success

If Not Init("d:\Merak\") Then

''' you would need to make all of your SetUserSetting calls here
''' this code will not work unless you set the settings
lRet = AddUser("mydomain.com", abBuffer(1), BUFFER_SIZE)

End If

End Sub

Remember that the above code will not work unless you set the user's setting before
calling the AddUser function. I think the minimum settings you can set for a user to
be able to be created it the username, password, and alias.

This VB part has been written by one of our very good customers Bryant Likes. Thank you Bryant
you did an excellent job.

118
Merak Mail Server (Aug 2002)

Appendix F - Users & Domains Command Line Tools

Users & Domains Command Line Tools

The users.exe and domains.exe command line tools can be found in the Merak directory. You can
also find the source code in the API directory. These tools can be used for user and domain
manipulation such as editing/adding/deleting etc. You can even use it for exporting and importing
users. The users tool is limited to work on one domain only. That means you would need to run the
tool subsequently to export/import users from multiple domains.

Users Usage
By running the users.exe without any parameters you will get the output below.

API User Manager - Merak Mail Server

Copyright (c) 2002 IceWarp Software. All rights reserved.
E-mail: [email protected]

Usage: USERS {commands} -u{user|*@[domain]} [properties] [parameters]

Usage: USERS -STATISTICS <from> <to> <filter> <output file>

Commands:
-a Add new user
-c Change user's properties
-d Delete a user
-l List a user
-e[delimiter char] Export users
-g[delimiter char] Import users from a file into a domain
-STATISTICS Creates the user statistics file
-h This help

-u{user[@domain]} Specifies the user's address

Properties:
-n{name} Specifies the user's name
-p{password} Specifies the user's password
-m{mailbox} Specifies the user's mailbox name
-b{mailbox} Specifies the user's mailbox path
-i{+/-}{KB} Specifies the user's max mailbox size
-k{KB} Specifies the user''s max message size
-r{address} Specifies the user's remote address (no local
mailbox)
Empty address stands for no remote address
-f{address list} Specifies the user's forward address list
-4{+/-} Specifies that the user can use the IMAP4
-z{+/-} Specifies that the user is self configurable
-s{+/-} Specifies that the user is the administrator
-x{+/-} Specifies that the user is the domain
administrator
-j{+/-} Specifies that the user uses the NT Password
-o{+/-} Specifies that the user is disabled
-q{file path} Specifies auto responder file path
-t{+/-}{days} Delete mail older than x days
-w{+/-}{days};{address} Forward mail older than x days to y

Parameters:
-cfg{path} Specifies the full path to the Merak directory

119
Merak Mail Server (Aug 2002)

Adding a user

Lets add a new user with the name John Doe, alias john, mailbox john and password secret into the
domain icewarp.com. You do not need to specify the domain name if it is a primary domain.

users -a [email protected] -mjohn -psecret -n"John Doe"

In the case of a primary domain and alias equals the mailbox name.

users -a -ujohn -p"my secret" -n"John Doe"

Notice the quotes which should be used for space containing parameters.

Deleting a user

Lets delete the just created user.

users -d [email protected]

Editing a user

You might want to change the password for the user john to topsecret.

users -c [email protected] -p"topsecret"

Listing a user

The listing feature displays one user information. It cannot be used for more users at once.

users -l [email protected]

Exporting and Importing users

The exporting feature exports the list of the given domain mask or all domains to screen. If you
need to save it to a file you need to redirect the output to a file. The first example prints all users
from the domain icewarp.com to screen.

users -e -u*@icewarp.com

or for all domains

users -e -u*@*

The exported data contain the program title before the actual lines. If you need to import the data
you need to delete those lines first. The format of the file can be easily found out. Administrator's
password will not be shown ever, instead it will contain the star character "*". Exporting users to a
text file follows.

users -e -u*@icewarp.com > c:\temp\export.txt

The text file after removing the information lines might look like this:

[email protected],john,*,icewarp.com\john\,John Doe,,,0,0
[email protected],support,topme,icewarp.com\support\,Support Team,,,0,0

The format of the file follows

[Alias]@[Domain],[Mailbox],[Mailbox Path],[Name]...

In order to import users from the file you need to do this.

120
Merak Mail Server (Aug 2002)

users -g c:\temp\export.txt

User Statistics

If you use the User Statistics option the users tool can help you to export the user statistics to a file
so you do not need to use the Config GUI or the web admin. The syntax is easy:

users -STATISTICS "2002/02/01" "2002/02/28" "*" "c:\temp\stats.log"

Domains Usage
By running the domains.exe without any parameters you will get the output below.

API Domain Manager - Merak Mail Server

Copyright (c) 2002 IceWarp Software. All rights reserved.
E-mail: [email protected]
Usage: DOMAINS {commands} {domain} [properties] [parameters]

Commands:
-a Add new domain
-c Change domain's properties
-d Delete a domain
-l List a domain
-e[delimiter char] Export domains
-g[delimiter char] Import domains from a file
-h This help

Properties:
-s{description} Specifies the domain's description
-i{+/-} Info To Admin
-u{forwardto} Unknown Users Forward To
-f{alias} Admin Default Alias
-m{email} Admin Default Email
-t{domain type} Domain Type (0..3)
-v{domain type value} Domain Type Value

Parameters:
-cfg{path} Specifies the full path to the Merak directory

Adding a domain

Lets add a new domain with the name icewarp.com and description IceWarp Domain

domains -a icewarp.com -s"IceWarp Domain"

Notice the quotes which should be used for space containing parameters.

Deleting a domain

Lets delete the just created domain.

domains -d icewarp.com

Editing a domain

You might want to change the description of the domain.

domains -c icewarp.com -s"IceWarp Software Domain"

Listing a domain

The listing feature displays one domain information. It cannot be used for more domains at once.

121
Merak Mail Server (Aug 2002)

domains -l icewarp.com

Exporting and Importing domains

The exporting feature exports the list of all domains to screen. If you need to save it to a file you
need to redirect the output to a file. The first example prints all domains to screen.

domains -e

The exported data contain the program title before the actual lines. If you need to import the data
you need to delete those lines first. The format of the file can be easily found out.

domains -e > c:\temp\export.txt

In order to import domains from the file you need to do this.

domains -g c:\temp\export.txt

122