Tenon Intersystems Please see text links at bottom of page for navigation Please see text links at bottom of page for navigation
Please see text links at bottom of page for navigation Please see text links at bottom of page for navigation
Please see text links at bottom of page for navigation
Search this site:

Program name: Post.Office
1. Introduction
1.1. Post.Office Features
What are some features of Post.Office?


  • Integrated SMTP, POP3, IMAP4, directory, and finger servers. All refer to a single account database for user information and addressing.

  • Secure design and operation. Notably the system does not run with root permissions, and user access can be limited to specified domains or hosts.

  • Account management and system configuration accomplished via email or web-based fill-in-the-blank forms.

  • An integrated list manager allows web and email-based subscription, unsubscription, and mailing list moderation.

  • Program Delivery allows messages for a particular mail account to be delivered to an administrator defined program, if desired.

  • Handles mail for multiple domains on a single machine.

  • Allows domain-based rather than host based addresses (i.e., person@domain.com, rather than person@host.domain.com), if preferred.

  • Allows arbitrary email addresses, such as Firstname.Lastname, for each user. These addresses are independent of any user login ID.

  • Allows any number of email addresses (aliases) for users. These are not counted as mailboxes.

  • Mail accounts are supported for users without login accounts.

  • Mailbox size limits can be established for individual accounts and the entire system.

  • Administrators can set the maximum message size allowed.

  • Several auto-reply options allow automated responses to incoming mail for any address on your site. Options include auto-reply, auto-reply with original message included, and a vacation mode that lets correspondents know when users are unable to read their mail.

  • Command-line interface provided, similar to UNIX sendmail systems. The -bd, -bm, and -bp operating modes are supported.
  • Multi-threaded. Post.Office can accept multiple incoming connections.

  • Uses mail exchange (MX) records in the Domain Name System server to determine where to send messages.

  • No programming language or unfamilar syntax to learn.

  • 1.2. Downloading
    How do I download your software?

    To download the software directly from our web site:

    1. Point your web browser to http://www.tenon.com/products/post_office
    2. At the bottom of the page are links to the software and documentation. Download the recommended items selecting them one by one.
    3. You may be prompted for some information so we can provide any necessary technical support.

    1.3. Top Ten Reasons to Use Post.Office
    Why should I buy Post.Office?


    1. Most people agree that WebSTAR mail is a huge disaster.
    2. Post.Office is not part of another server application, so putting the mail on a separate machine is easy to do.
    3. Post.Office includes both a mail server and list server, so users can move totally away from Mac OS 9 and LetterRip.
    4. Post.Office is robust, with a lot of control and power, and at the same time very easy-to-use.
    5. Post.Office is very affordable and additional mail accounts and lists are easy to add and reasonably priced.
    6. Post.Office is capable of high volume email traffic.
    7. Post.Office has locked down tight open relay protection.
    8. Post.Office has POP-before-SMTP for travelling users.
    9. Post.Office has the best SPAM filtering of any Mac OS X mail server. Customers have reduced SPAM by over 80% using Post.Office and creative filtering.

      And, the best reason of all,
    10. Tenon Technical Support is phenomenal.

    1.4. Maximum user number
    How many users can a server support?
    There is no hard limit programmed into the code. The practical limit is more a function of hardware and usage patterns than anything else. It really depends on the number and size of messages and attachments and the frequency with which users check their mail. In general, however, RAM is more important than CPU (since each connection calls another child process and they all reside in RAM).

    With the proper equipment, we’ve seen customers operate successfully with thousands of users and hundreds of domains on a single machine.

    Some of our ISPs have developed on-going user databases. They maintain those databases separately then use the data to batch edit Post.Office user information through scripts such as Perl. (See the User Guide section on Advanced User Information for details on using scripts.)

2. Installing, Upgrading, or Removing
2.1. Uninstalling Post.Office
How do I uninstall Post.Office?

Post.Office is an excellent mail server and list server, so if you are having difficulty, please let us help you.

If you decide to uninstall without contacting us, we would appreciate knowing your situation.

For uninstalling, you can use one of these alternatives:

  • From a terminal window type:

    sudo rm -R /usr/local/post.office
    sudo rm -R /var/spool/post.office
    sudo rm -R /Library/StartupItems/PostOffice
    sudo rm -R /var/spool/mailbox
    sudo rm -R /Applications/Post.Office.app
    sudo rm /etc/post.office.conf
    sudo rm /usr/lib/libPO35.A.dylib
    sudo rm -R /Library/Receipts/Post-Office.pkg

  • Post.Office may also be uninstalled by user the uninstaller script included in the download. Mount the Post.Office disk image and run the script from the Terminal Application using the following syntax:

    sudo /Volumes/Post.Office-3.5.3/Scripts/installer.sh --delete /Library/Receipts/Post-Office.pkg

  • If you are running under Jaguar, you will need to download a new installer.sh from Tenon's web site. The installer.sh shipped with Post.Office does not run on Mac OS X 10.2.

    1. Download the installer.sh-tenon script
      You can either do this by:

      • explicitly downloading the file in your web browser from:
      • bringing up a terminal window and running the commands:

        >ftp ftp.tenon.com
        >Name: anonymous
        >password: (your email address)
        >cd test
        >get installer.sh-tenon

    2. Move /usr/bin/installer.sh to /usr/bin/installer.sh-apple
    3. Copy installer.sh-tenon to /usr/bin/installer.sh-tenon
    4. Change directory to /usr/bin and copy installer.sh-tenon to installer.sh
    5. Change directory to /Library/Receipts
    6. Execute the command: sudo installer.sh --delete Post-Office.pkg

2.2. Installation Instructions
Where can I find installation instructions?
The Post.Office Installation Guide contains detailed installation instructions. The manual is available for downloading from our web site.


2.3. Disabling Postfix
Post.Office was running nicely on Panther. Now, when I reboot, I see Postfix running instead of Post.Office. What happened?
Mac OS X Server 10.3 has a fail safe feature that restarts Postfix, independent of any system configuration. The best approach is to disable Posfix.

You can do this, as root, using the GUI:
In Finder, pull down the Go menu and choose "Go to Folder"
Type: /usr/libexec/postfix
Rename the file called "master" to "master.old".

Alternately, as administrator, in a Terminal Window:

sudo tcsh

cd /usr/libexec/postfix
mv master master.old

Once Postfix is disabled, Post.Office will start up correctly.

UPDATE (2004-10-08):

Another way to keep postfix from restarting is to comment out the following line from your /etc/watchdog.conf file:

postfix:respawn:/usr/libexec/postfix/master # Mail services - SMTP

This method is probably cleaner and should also allow Post.Office to start correctly.

2.4. Uninstalling WebEdge
How do I uninstall WebEdge?
To uninstall WebEdge on Panther, remove the following folders:


You can do this using the Terminal application as 'root' or by using sudo, for example:
sudo rm -R /Library/Tenon/WebEdge

2.5. Disabling other POP and IMAP servers
I can see that messages are delivered to my mailboxes, however I am unable to login to POP to get the mail. I think a different pop server is running on my machine.
If you have a pop server other than Post.Office's running on your machine then you will be unable to check your mail. There are a couple of places that one could be started from. Most commonly you will need to change the disable = no line in your /etc/xinet.d/pop3d file to disable = yes . You can do this in the /etc/xinet.d/imapd file as well to turn imap off. Alternatively you can simply remove those files.

Another place that a pop server may be starting from is the /etc/inetd.conf file. Comment out any line that starts with pop or imap from this file.

After making any of these changes you should reboot your computer or do a `ps -ax |grep inetd` and then `kill - HUP ###` where ### is the pids returned by the ps command. After that you will need to restart Post.Office with `/usr/local/post.office/post.office shutdown` and restart with `/usr/local/post.office/post.office`

To determine if your Post.Office's pop server is running or not you can do `telnet mail.domain.com 110` and if the string returned says Post.Office in it then you are good to go. The same applies to IMAP but use the IMAP port of 143.

3. Account Management
3.1. Importing Users from other Programs
How do I import users from my current mail server or list server?

Support for importing Mac OS X system users is built into Post.Office.

Post.Office supports importing users from the following programs:
  • LetterRip

  • EIMS

  • WebSTAR 4

  • QuickMail

  • NetTen
    (Note: When importing NetTen users, the MTA-Accounts database located in NetTen:mail:config: should be used rather than an export text file.)

To import users:
  1. Export your user list from the program you are using and copy it to your home directory on your Post.Office server.

  2. Run the appropriate import script, using the following Terminal syntax:
    sudo /usr/local/post.office/cmdutils/import.program_name
    making sure to use the name of one of the program scripts included, rather than "program_name".

  3. The above example assumes that you are logged in as an admin user and that the export file is located in your home directory.

    3.2. "Catch-All" Email Addresses
    How do I set up a "catch-all" email address?


    To set wildcard delivery for an account, give it an additional Email address that includes a wildcard character ("*") followed by "@" and the local mail domain for which the wildcard account will accept mail.

    For example, an account with the address "*@tenon.com" will receive al messages sent to unknown address in the local mail domain "tenon.com".

4. List Management
no entries
5. Administration
5.1. Post.Office Logs
How do I view my Post.Office logs?


The Post.Office logs can be viewed by using the /Applications/Utilities/Terminal application.

Simply enter:
sudo tail -f /var/spool/post.office/log/post.office.log

You will get a real-time view of your log.

You can also use the Console Application to view the log if you are logged in as a root user.

5.2. Secondary Mail Servers
How do I set up a secondary mail server?


Setting up a secondary mail server in Post.Office is very similar to the way you would set up 'sendmail' to do the same thing.

In sendmail, you would edit the relay-domains file to include the domains for whom you want act as as secondary mail server. These domains would not be included in the local-host-names.

So, in Post.Office, what you want to do is to accept the mail to selected domains, but not to try to deliver it locally. You will essentially be relaying this mail.

Make sure that in the "Restrict Relay Settings" you add the domains for which you want to act as a secondary:

If relay mail is restricted as specified above, use the following delivery options:

Allow delivery to
Check: Additional Domains

Then list all of the domain names and host names, for example:


You will also need to make sure to configure the proper MX records. The secondary mail server should have a lower priority (higher number) than the primary in each of the domains that will be hosted.

5.3. SPAM Filters & Regular Expressions
The "Tenon SPAM Filter" uses some complex regular expressions, can you explain things in a little more detail?

First, take a look at the Tenon spam filter as it looks in a Post.Office form.

Now, let's take the first filter:

Subject: *\s{10,}
The expression:
\s means any white space
\s{M, N} means at least M number of white spaces and not more than N or any number of white spaces between M and N

\s{10,} means at least 10 white spaces
\s{10} means exactly 10 white spaces

Here's some more useful notation:
^ means the beginning of a line (beginning with)
$ means the end of a line (ending with)

And, of course the asterisk '*' is a wildcard, so
*enis* means any word with the contiguous letters 'enis' (which SPAMmers are starting to use now).

And | means OR, so *enis|viagra* would filter anything with either of those character strings.

Because regular expressions use certain characters in a special way, it is important to escape those characters if you want to filter for them literally. These characters include:


To escape a character, simply put a backslash ("\") before it.

5.4. Multiple Domains
How do I set up multiple domains?


  1. Set your MX record to deliver mail to the appropriate new domain(s) to your Post.Office host name.

  2. Create accounts for the user@domain as you wish. Post.Office will accept mail for any Internet address as long as the mail is delivered to it properly (MX records) and it has an Internet address entry that matches the header of the mail message.

    Users can receive mail for multiple domains if their Internet address field contains multiple domain entries, i.e.,



    If you want their outgoing mail to have a particular domain address, make sure that the desired address is the first one listed under the Internet Addresses and that Address Rewriting is turned on as either Quoted or Commented.

    One advantage of this configuration is that you can have the multiple accounts with the same name at separate domains, i.e.,


    can be different from

    If they are created as separate accounts, they can then have separate POP deliveries, auto-replies, etc.

  3. Pick one of your domains to be utilized for Address Completion as defined in the Post.Office's System Configuration Form. For example, if someone sends a message to Post.Office, without any domain name (i.e., Joe) what would you like to automatically append (tenon.com)? You may define only one.

    This entry will also change the default domain name that you and your users see when you display the Authentication Form.

    Note: If you don't define a domain in the Address Completion field and Post.Office receives mail to deliver without a domain name, it will default to the postofficehostname.domainname, which may not be an address that you have defined for all of your users.

  4. You should also define both domains as your "Local Mail Domains" in the System Configuration Form, if your Post.Office hos is the only mail host receiving mail for these domain names and you are not doing any routing of these domains to another mail host.

  5. 5.5. Hiding the host name in E-mail adresses
    How do I hide my host name from the outside world?


    The feature that you are asking for is what we have called "Hostname Hiding". This allows you to receive mail using addresses that only contain your username@yourdomainname

    (no hostname). You can set it up by doing the following:

    1. You need to make sure that your site’s DNS has an MX record for "yourdomain", not just "yourpostofficehostname.yourdomainname".

    2. Each user must be
      configured such that:

      • They have an Internet address that does not have the hostname specified in their domain (i.e., Username@yourdomainname)

      • This address is the first in their Internet address list.

      • They have addressing re-write turned on: either commented or quoted

    3. Modify your Address Completion Domain in your system configuration to be yourdomainname. This will change the default that you see on the authentication form. It will also make sure that mail that is sent to Post.Office without a domainname (i.e. joe) can be delivered through the envelope by using the Address Completion Domain. (i.e. joe@yourdomainname). If you do not specify an address completion domain, Post.Office will pick the following domain:
      yourpostofficehostname.yourdomainname (i.e.

    This feature works the same way if you are supporting multiple domains. Just make sure that the user’s email addresses refer to their domain and you have MX records configured for each


    5.6. Address Completion details
    What is Address Completion? Will Address Completion help reduce the number of "Unknown Users"Error Forms I receive?


    All mail messages sent via SMTP should comply with the format username@domainname. Many mail clients, like Pegasus or Eudora, allow you to send mail in improper format (to "Steve",
    for example). You can configure these clients to add the @ sign and the domain name to the end of the user name so that it will be sent to it’s mail server (Post.Office) in the format username@domainname.

    If you do not configure your client in such a way, then Post.Office will receive the E-mail with just the user name (Steve). This cannot be delivered since it is not a valid SMTP
    address. Post.Office will attempt to remedy the problem by appending the domain name found in the Address Completion domain field of the System Configuration Form.

    In the event that there is no domain listed in this field, Post.Office makes its best guess by looking up the machine name and appending the domain name to it, e.g.
    steve@yourpostofficehostname.yourdomainname (see manual 6-10).

    Some sites have not defined these fully qualified addresses for their users and so mail is returned to Postmaster as an unknown account.

    So, assuming that your E-mail clients are not adding yourpostofficehostname.yourdomainname to the end of the To: and From: lines (remember that some clients can be configured to do this completion also), it should be
    as simple as adding your domain name to the Address Completion domain field in the System Configuration Form to avoid these errors.

    If you have specified an Address Completion Domain in Post.Office, then check to see if your client is attempting completion.

    5.7. CGI, PHP and sendmail scripts.
    My webserver scripts (perl, cgi, PHP, etc..) are not able to send mail to remote users. What is the problem?


    The Post.Office default install for SMTP relay Restriction is highly secure. You will need to add or the IP address of your server in the relay settings.

    In general, restrict relay mail except as indicated below:

    Allow relay from these IP addresses:

    5.8. Restricting Mail Relay
    I am having trouble figuring out the "Restrict Mail Relaying" System Configuration page. What does all of that mean?


    Although Post.Office ships as closed relay, it is important to know what the settings on this page are for in case you plan on making changes. The Administration Guide goes into detail about the functions of each field, but this page should give some general guidelines to follow.

    Here is an example of the page with some comments:

    External Relay Restrictions:

    Don't restrict relay mail
    ^^ Enabling this will make your server "open relay" and should only be used in closed networks.

    In general, don't restrict relay mail except as indicated below:
    ^^ Enabling this will make your server "open relay" to most servers and should only be used in closed networks.

    Restrict relay from these IP addresses:


    Restrict relay from these domains:

    (based on envelope Mail From: Address)

    Restrict all relay mail
    ^^ Enabling this will make your server "closed relay" to all clients, even those on your network. This will not be a problem if Pop-Before SMTP is enabled.

    In general, restrict relay mail except as indicated below:
    ^^ Enabling this will make your server "closed relay" except to the clients indicated. (Default)

    Allow relay from these IP addresses:
    ^^ By enabling this, you can specify the IP address ranges that will be allowed to relay. You should enter in your main network IP ranges below.


    Local Mail Domains
    ^^ Enabling this will make your server "open relay" because this data can be easily forged by relayers.


    Additional domains:
    ^^ Enabling this will make your server "open relay" because this data can be easily forged by relayers.

    (based on envelope Mail From: Address)

    If relay mail is restricted as specified above, use the following delivery options:

    Allow delivery to:

    No domain except those listed below:
    ^^ Enabling this item is OK, and will make sure mail sent to your domain does not get restricted. (Default)

    Local Mail Domains
    ^^ Enabling this item is OK, and will make sure mail sent to your domain does not get restricted. (Default)


    Additional Domains:
    ^^ Enabling this item is OK, but should only be used when your Post.Office server is a secondary mail server.

    Any domain except those listed below:
    ^^ Enabling this will make your server "open relay" and should only be used in closed networks.

    Local Mail Domains:
    (for reference)




    5.9. Testing Spam/SMTP Message Filters
    How do I test an SMTP Filter without deleting potentially important email?
    You can disable the filter's actions by unchecking both actions:

    Action: Action to be taken when a filter matches a message

    - Discard - Copy To

    at the top of the filter form page.

    By viewing your logs, you can see when the filter matches on an Email. It will say something like:

    00date0string-0800:IP Filter: Test MATCH: IP Src: <evil@spammer.com> IP dest: <innocent@victim.com>
    00date0string-0800:Header Filter: Spam Killa' Src ip: <evil@spammer.com> Dst ip: <innocent@victim.com> Header: Received: from spammer.com ([])
    with some offending text from the email.

    The log will not show:

    00date0string-0800:SMTP-Accept:MESSAGE DISCARDED

    because no action will be taken.

    5.10. Starting and Stopping
    How do I start and stop the Post.Office mail server?

    The Post.Office mail server is a background process that will start at the time your server boots up and remain running until you shutdown. You do not need to log in or start an application to run Post.Office.

    Should you wish to start or stop the server manually, you may do so by logging in as an Admin user and issuing these simple commands in the Terminal application:

    • To start:
      sudo /usr/local/post.office/post.office
    • To stop:
      sudo /usr/local/post.office/post.office shutdown

    5.11. RBL Filters
    Can I use zen.spamhaus.org, given this warning:

    "..Caution: Because ZEN includes the XBL and PBL lists, do not use ZEN on ...SMTP AUTH outbound servers..."

    Does Post.Office use SMTP AUTH?
    Post.Office does SMTP AUTH on inbound connections, not on outbound connections, so can use zen.spamhaus.org as one of your Reatime Blacklist (RBL) entries.

6. Backing up, Restoring, Relocating
6.1. Backing up Post.Office
How do I backup Post.Office for a reinstallation or move to another machine?
The files that you need to back up in order to keep your user acounts and configuration are:


You can create a compressed tar file of the directory from the Terminal like this:
cd / 

sudo tar czvf Post.Office-backup-11.6.2002.tar.gz /var/spool/post.office

To restore the settings:
cd / 

sudo tar xzvf Post.Office-backup-11.6.2002.tar.gz

To back up the mailbox directory, use:
cd /

sudo tar czvf Post.OfficeMailbox-backup-11.6.2002.tar.gz /var/spool/mailbox

To restore the mailbox directory, use:
cd /

sudo tar xzvf Post.OfficeMailbox-backup-11.6.2002.tar.gz

7. Compatibility
7.1. Sendmail
Is Post.Office compatible with sendmail?
The "sendmail" emulation program provided with Post.Office recognizes all of sendmail's command-line switches and options. The -bd, -bm, and -bp operating modes are fully supported, and support may be added for other operating modes as required.

The /etc/passwd file is not needed by Post.Office; all user information and addressing is kept in a user account database. The installation program will create this database and enter all existing users' information for you (if desired).

The /etc/aliases file is not needed by Post.Office; all aliases are kept in the user account database.

Users' .forward files are not needed by Post.Office; all delivery information (including forwarding) is kept in the user account database.

NIS & NIS+ databases, and UUCP are not supported.

7.2. FAX and pager software
Does Post.Office support, work with, or recommend any FAX or pager software?
Post.Office users can take advantage of the Program Delivery feature. Program Delivery can be used to direct mail to your FAX or pager provided you have FAX or pager software that will accept mail as standard input.

7.3. Running Scripts with Post.Office
I have some Perl scripts and PHP scripts that rely on 'sendmail'. How can I use Post.Office as a sendmail replacement with these scripts?
Post.Office has its version of "sendmail" in the directory called /usr/sbin. That means that for any scripts that you have that call sendmail, you need to make sure the path says:
/usr/sbin/sendmail. You might be using scripts that have the pre-set path of /usr/bin/sendmail and this is what needs to be changed to /usr/sbin/sendmail.

In addition, you will need to set up Post.Office to allow relay from the machine you are running the script from.

Log in to Post.Office via the web browser to Port 9090. Click on System Configuration and go to Restrict Mail Relaying. Set up the form so that it says:

X Restrict Relay Mail Except As Indicated Below:
X Allow Relay From the Following IP Addresses:


If Relay Mail is Restricted as Specified Above,
Allow Relay to
X No Domain Except those Listed Below:
X Local Mail Domains
X Additional Domains (if needed).

You will need to add the IP address of where the script is running to the Allow Relay From the Following IP Addresses box. If your script is running on the same machine as Post.Office, then you need to add it as If you don't know what IP address you need to add, you can look in your /var/spool/post.office/log/post.office.log file (after running a test by trying to send out a message on your script) and seeing what the IP is when you get a Relay Denied message.

7.4. My Scripts Stopped Working
I've been using Post.Office to support my PHP mail scripts. I upgraded the OS and now my scripts no longer work. What happened?
Post.Office uses /usr/local/post.office/bin/sendmail to support scripts. When Post.Office is installed a link is made from /usr/sbin/sendmail to the Post.Office sendmail, so scripts that need sendmail will 'just work'. Sometimes a operating system update will break this link.

As root, or using sudo and Terminal, run the following commands:

cd /usr/sbin
mv sendmail sendmail.bak
ln -s /usr/local/post.office/bin/sendmail sendmail

If you have trouble in the future you can check for this link and if it's not there, just replace it.

8. Questions about Features
8.1. APOP
Do you have plans to support APOP?
We currently do not have any plans to support APOP in addition to POP3. We do support SMTP-Authentication.

8.2. IMAP4
Will you support IMAP4 on Post.Office?
We already do! Post.Office for Mac OS X includes IMAP4. Previous versions for other operating systems did not.

8.3. SPAM Filtering
What kind of tools do you have to inhibit SPAM?
Post.Office has two techniques for filtering SPAM: 1) a built-in vehicle for creating your own filters that cater to your particular environment; and 2) a SpamAssassin plug-in.

SpamAssassin is a powerful, open source filtering tool that can be used to stop SPAM. Post.Office customers can take advantage of SpamAssassin, simply by invoking the SpamAssassin plug-in.

Sophisticated users can further empower SpamAssassin to support their particular situation. Advanced usage of SpamAssassin is detailed in a customer-supported Wiki and is not part of the standard Tenon technical suppport.

9. Advanced SetUp
9.1. Deleting all user accounts
Is there a way to use the delacct command line to delete all accounts? I'm installing the first time and would like to import a modified EIMS export rather than my original EIMS export that I used for testing.
Yes, using the command line utilities you can delete accounts in batch mode. Briefly, you need to run the 'listacct' program and send the output to a file. Then you need to hand edit the file to put './delacct' in front of each entry you want to delete, being careful not to delete the the default Post.Office accounts. Then make the file you created executable and execute the file.

Here are the steps in detail:

Log in to a terminal window as "root" and type in:

cd /usr/local/post.office/cmdutils
./listacct >> myfile

You can list out the contents of your file with the command:
cat myfile

You will see something like this:

This will create a file called "myfile" (you can name it anything you want) that will contain the user ID's of all of your users. Edit that file with an editor so it looks like this:

./delacct Full_Name
./delacct IMappy
./delacct Michael_Charles
./delacct New_Guy

Don't delete Postmaster, Root, Error-Handler, List-Manager or any of the built in Post.Office accounts!

Once you have added the "delacct" at the beginning of each line, change the file permissions of myfile so that it is an executable file. Type in:

chmod +x myfile
and now run the file:

That will delete each account that is named in the file.

9.2. Virus Scanning software and Post.Office
How can I use virus scanning software with Post.Office?
Most of our customers use McAfee's Virex 7 (the client version) for virus scanning. Virex 7 is scriptable and customers have contributed scripts to scan the received mail at intervals.

Virex 7 scans the mail received by Post.Office, but not yet delivered to the user's mailbox on the server.

Alternative strategies that sit on port 25 and scan mail before it is received by Post.Office may be available in the future.

9.3. Thwarting Email address harvesters
How can I control the effects of Email address harvesters and the resulting spam they create?

Email address harvesters are programs that search web pages collecting Email addressses to send spam to.

The affects of these harvesters can be controlled in a number of ways:

  • Make Email address links on your web pages less decipherable to these harvesters by using HTML characters:
    <A HREF="mailto:support%40tenon.com">support&#64;tenon.com</A>
    Once rendered this looks like:support@tenon.com and should behave like a normal link.
  • Filter for repeatedly spammed addresses that are no longer in use. You can check your logs to get these addresses using the following Terminal command:
    grep -B1 UnknownAccounts /var/spool/post.office/log/post.office.log
    (There may be a lot of them.) Configure an SMTP Filter with some of those addresses in the "Dest Addr" field, making sure that they are OR'd together. Now, any Emails to these addresses will immediately get deleted. The real benefit occurs when spam is addressed to both a bogus and a real address - the real user does not receive the spam, and you don't have a "User Unknown" bounce sent out by your server to the spammer.
  • If you do not find any of these bogus addresses in your logs, you can plant one on your website yourself, making sure to disguise it so normal users won't click on it. Some software companies refer to this as a "poison address", but it acts more like a flag to help filter spam.
  • Although Post.Office uses filters to eliminate spam, some software products will actually attempt to crash or corrupt the address database by using a "poison pill" or "teergrube". These products use CGI or PHP to generate numerous bogus addresses for harvesters to choke on, but may cause more problems than they solve, and should be used with care.

9.4. Spam/SMTP Message Filters
How can I make message filters for SPAM?


In the System Config area, under "Configure an SMTP Filter" you can set limits on message delivery.

SMTP filtering provides for rule-based specification of filters that are applied to messages as they are received. Filters may contain multi-faceted triggering based on a combination of source, destination, subject or message body contents. When a filter matches the contents of a message, one or more elements in a series of actions is invoked. Actions include message discard with logging, message forwarding to an alternate address and copying of a message with delivery.

Filters are constructed using standard UNIX regular expression processing, or by simply using keywords. This makes Post.Office SPAM filtering extremely powerful.

For detailed documentation on regular expressions there are many resources on the web:




Note: Not all functions in those documents are supported.

9.5. Open Relay Blacklist filter
How do I configure an Open Relay Blacklist filter?

Open Relay Blacklist filters prevent servers who have been identified as being open relay from sending mail to your server. Because this mail will likely be spam, these filter can reduce the amount of unsolicited messages your user receive and cut down on the proliferation of open relay servers.

These filters are easy to configure and would look like this screen shot:

Make sure to specify "Dyn. Host" as the type of field and then enter the blacklist server you prefer in the following field. Our Post.Office demo has a view of the completed form with the RBL filter.

9.6. Configuring SMTP Filters to use SpamAssassin
How can I use SpamAssassin in conjunction with Post.Office SMTP Filters?

Post.Office SMTP Filters can now use SpamAssassin as a plug-in extension to their standard capabilities. To configure the Post.Office SMTP Filters to use SpamAssassin:

  1. Log in to the Post.Office web based administration pages and navigate to: System Config : Configure an SMTP Filter
  2. Enter a new name and description for the filter
  3. Select "Plugin Name" in the "Body" filter pop-up menu.
  4. Enter spam_assassin into the text field to the right of the pop-up menu.
  5. You do not need to specify an Operation in the "Op" pop-up menu.
  6. Submit the filter request.

SpamAssassin is configured by default to reject messages with a rating of 5 or higher. Further settings may be configured in SpamAssassin. See http://www.spamassassin.org for details.

9.7. "Whitelisting" with SpamAssassin
I have some important clients. How can I make sure their mail isn't filtered by SpamAssassin?
You can use the capabilities of Post.Office's built-in SMTP Filtering to exclude your clients source and destination e-mail address or domain name, so that messages coming to or from your client are not sent to SpamAssassin for review.

So, for example, your filter that calls SpamAssassin might look like:

spamassassin white list filter

9.8. Changing Port 25
How can I change the incoming mail port on Post.Office?
Post.Office does not have web based administration of the SMTP port (changing it is rarely needed), but you can update some database information by E-mailing to "configuration" and specifying the appropriate parameters.

From an account with Postmaster privileges, perform the following:

1. If you do not already have one, add a "E-mail Form Security Enhancement Password" to the "Establish System Security" form in the "System Config" section of the web based administration.
2. Make sure your "Configuration Manager" account (a Reserved Account) has a valid email address listed in its Additional E-mail Addresses. eg: "configuration@tenon.com"
3. Construct a mail message to "configuration@yourhost"
4. The body should contain:

Postmaster-Password: [your PM password]
Form-Security-Password: [your FS password] (This is on the Security form and cannot be blank)
Form: [Global Field Setup]
Form-Identifier: [None]
SMTP-Accept/Config/Socket: [26] (or whatever port you want)

5. Send the message.

You should not receive an error message back from the Configuration account.

Next, restart Post.Office, by either rebooting your server or using the Terminal application:

sudo /usr/local/post.office/post.office shutdown
-- wait a minute or so--
sudo /usr/local/post.office/post.office

Your SMTP server should now be running on the specified port.

9.9. Post.office Server Scanning Extension
How do I setup Joe Savelberg's Post.Office Server Scanning Extension?
You can configure the Post.Office Server Scanning Extension by following this document.

9.10. Configuring SMTP Filters to use ClamAV
How can I set up virus scanning with Post.Office 3.6?

Post.Office SMTP Filters can now use ClamAV for virus scanning. ClamAV operates as a plug-in extension to Post.Office 3.6. To configure the Post.Office SMTP Filters to use ClamAV:

  1. Log in to the Post.Office web based administration pages and navigate to: System Config : Configure an SMTP Filter
  2. Enter a new name and description for the filter
  3. Select "Plugin Name" in the "Body" filter pop-up menu.
  4. Enter clamav into the text field to the right of the pop-up menu.
  5. You do not need to specify an Operation in the "Op" pop-up menu.
  6. Submit the filter request.

ClamAV is configured by default to update its virus database biweekly and to filter attachments with viruses. See http://www.clamav.net for more details.