Integrated SMTP, POP3, IMAP4, directory, and finger servers. All refer to a single account database for user information and addressing.
Secure design and operation. Notably the system does not run with root permissions, and user access can be limited to specified domains or hosts.
Account management and system configuration accomplished via email or web-based fill-in-the-blank forms.
An integrated list manager allows web and email-based subscription, unsubscription, and mailing list moderation.
Program Delivery allows messages for a particular mail account to be delivered to an administrator defined program, if desired.
Handles mail for multiple domains on a single machine.
Allows domain-based rather than host based addresses (i.e., email@example.com, rather than firstname.lastname@example.org), if preferred.
Allows arbitrary email addresses, such as Firstname.Lastname, for each user. These addresses are independent of any user login ID.
Allows any number of email addresses (aliases) for users. These are not counted as mailboxes.
Mail accounts are supported for users without login accounts.
Mailbox size limits can be established for individual accounts and the entire system.
Administrators can set the maximum message size allowed.
Several auto-reply options allow automated responses to incoming mail for any address on your site. Options include auto-reply, auto-reply with original message included, and a vacation mode that lets correspondents know when users are unable to read their mail.
Command-line interface provided, similar to UNIX sendmail systems. The -bd, -bm, and -bp operating modes are supported.
Multi-threaded. Post.Office can accept multiple incoming connections.
Uses mail exchange (MX) records in the Domain Name System server to determine where to send messages.
No programming language or unfamilar syntax to learn.
1.2. Downloading Question: How do I download your software?
Answer: To download the software directly from our web site:
Most people agree that WebSTAR mail is a huge disaster.
Post.Office is not part of another server application, so putting the mail on a separate machine is easy to do.
Post.Office includes both a mail server and list server, so users can move totally away from Mac OS 9 and LetterRip.
Post.Office is robust, with a lot of control and power, and at the same time very easy-to-use.
Post.Office is very affordable and additional mail accounts and lists are easy to add and reasonably priced.
Post.Office is capable of high volume email traffic.
Post.Office has locked down tight open relay protection.
Post.Office has POP-before-SMTP for travelling users.
Post.Office has the best SPAM filtering of any Mac OS X mail server. Customers have reduced SPAM by over 80% using Post.Office and creative filtering.
And, the best reason of all,
Tenon Technical Support is phenomenal.
1.4. Maximum user number Question: How many users can a server support? Answer: There is no hard limit programmed into the code. The practical limit is more a function of hardware and usage patterns than anything else. It really depends on the number and size of messages and attachments and the frequency with which users check their mail. In general, however, RAM is more important than CPU (since each connection calls another child process and they all reside in RAM).
With the proper equipment, we’ve seen customers operate successfully with thousands of users and hundreds of domains on a single machine.
Some of our ISPs have developed on-going user databases. They maintain those databases separately then use the data to batch edit Post.Office user information through scripts such as Perl. (See the User Guide section on Advanced User Information for details on using scripts.)
Post.Office may also be uninstalled by user the uninstaller script included in the download. Mount the Post.Office disk image and run the script from the Terminal Application using the following syntax:
sudo /Volumes/Post.Office-3.5.3/Scripts/installer.sh --delete /Library/Receipts/Post-Office.pkg
If you are running under Jaguar, you will need to download a new installer.sh from Tenon's web site. The installer.sh shipped with Post.Office does not run on Mac OS X 10.2.
Download the installer.sh-tenon script
You can either do this by:
bringing up a terminal window and running the commands:
>password: (your email address)
Move /usr/bin/installer.sh to /usr/bin/installer.sh-apple
Copy installer.sh-tenon to /usr/bin/installer.sh-tenon
Change directory to /usr/bin and copy installer.sh-tenon to installer.sh
Change directory to /Library/Receipts
Execute the command: sudo installer.sh --delete Post-Office.pkg
2.2. Installation Instructions Question: Where can I find installation instructions? Answer: The Post.Office Installation Guide contains detailed installation instructions. The manual is available for downloading from our web site.
2.3. Disabling Postfix Question: Post.Office was running nicely on Panther. Now, when I reboot, I see Postfix running instead of Post.Office. What happened? Answer: Mac OS X Server 10.3 has a fail safe feature that restarts Postfix, independent of any system configuration. The best approach is to disable Posfix.
You can do this, as root, using the GUI:
In Finder, pull down the Go menu and choose "Go to Folder"
Rename the file called "master" to "master.old".
Alternately, as administrator, in a Terminal Window:
mv master master.old
Once Postfix is disabled, Post.Office will start up correctly.
Another way to keep postfix from restarting is to comment out the following line from your /etc/watchdog.conf file:
postfix:respawn:/usr/libexec/postfix/master # Mail services - SMTP
This method is probably cleaner and should also allow Post.Office to start correctly.
2.4. Uninstalling WebEdge Question: How do I uninstall WebEdge? Answer: To uninstall WebEdge on Panther, remove the following folders:
You can do this using the Terminal application as 'root' or by using sudo, for example:
sudo rm -R /Library/Tenon/WebEdge
2.5. Disabling other POP and IMAP servers Question: I can see that messages are delivered to my mailboxes, however I am unable to login to POP to get the mail. I think a different pop server is running on my machine. Answer: If you have a pop server other than Post.Office's running on your machine then you will be unable to check your mail. There are a couple of places that one could be started from. Most commonly you will need to change the disable = no line in your /etc/xinet.d/pop3d file to disable = yes . You can do this in the /etc/xinet.d/imapd file as well to turn imap off. Alternatively you can simply remove those files.
Another place that a pop server may be starting from is the /etc/inetd.conf file. Comment out any line that starts with pop or imap from this file.
After making any of these changes you should reboot your computer or do a `ps -ax |grep inetd` and then `kill - HUP ###` where ### is the pids returned by the ps command. After that you will need to restart Post.Office with `/usr/local/post.office/post.office shutdown` and restart with `/usr/local/post.office/post.office`
To determine if your Post.Office's pop server is running or not you can do `telnet mail.domain.com 110` and if the string returned says Post.Office in it then you are good to go. The same applies to IMAP but use the IMAP port of 143.
Answer: Support for importing Mac OS X system users is built into Post.Office.
Post.Office supports importing users from the following programs:
(Note: When importing NetTen users, the MTA-Accounts database located in NetTen:mail:config: should be used rather than an export text file.)
To import users:
Export your user list from the program you are using and copy it to your home directory on your Post.Office server.
Run the appropriate import script, using the following Terminal syntax:
sudo /usr/local/post.office/cmdutils/import.program_name making sure to use the name of one of the program scripts included, rather than "program_name".
The above example assumes that you are logged in as an admin user and that the export file is located in your home directory.
To set wildcard delivery for an account, give it an additional Email address that includes a wildcard character ("*") followed by "@" and the local mail domain for which the wildcard account will accept mail.
For example, an account with the address "*@tenon.com" will receive al messages sent to unknown address in the local mail domain "tenon.com".
Set your MX record to deliver mail to the appropriate new domain(s) to your Post.Office host name.
Create accounts for the user@domain as you wish. Post.Office will accept mail for any Internet address as long as the mail is delivered to it properly (MX records) and it has an Internet address entry that matches the header of the mail message.
Users can receive mail for multiple domains if their Internet address field contains multiple domain entries, i.e.,
If you want their outgoing mail to have a particular domain address, make sure that the desired address is the first one listed under the Internet Addresses and that Address Rewriting is turned on as either Quoted or Commented.
One advantage of this configuration is that you can have the multiple accounts with the same name at separate domains, i.e.,
can be different from email@example.com
If they are created as separate accounts, they can then have separate POP deliveries, auto-replies, etc.
Pick one of your domains to be utilized for Address Completion as defined in the Post.Office's System Configuration Form. For example, if someone sends a message to Post.Office, without any domain name (i.e., Joe) what would you like to automatically append (tenon.com)? You may define only one.
This entry will also change the default domain name that you and your users see when you display the Authentication Form.
Note: If you don't define a domain in the Address Completion field and Post.Office receives mail to deliver without a domain name, it will default to the postofficehostname.domainname, which may not be an address that you have defined for all of your users.
You should also define both domains as your "Local Mail Domains" in the System Configuration Form, if your Post.Office hos is the only mail host receiving mail for these domain names and you are not doing any routing of these domains to another mail host.
The feature that you are asking for is what we have called "Hostname Hiding". This allows you to receive mail using addresses that only contain your username@yourdomainname
(no hostname). You can set it up by doing the following:
You need to make sure that your sites DNS has an MX record for "yourdomain", not just "yourpostofficehostname.yourdomainname".
Each user must be configured such that:
They have an Internet address that does not have the hostname specified in their domain (i.e., Username@yourdomainname)
This address is the first in their Internet address list.
They have addressing re-write turned on: either commented or quoted
Modify your Address Completion Domain in your system configuration to be yourdomainname. This will change the default that you see on the authentication form. It will also make sure that mail that is sent to Post.Office without a domainname (i.e. joe) can be delivered through the envelope by using the Address Completion Domain. (i.e. joe@yourdomainname). If you do not specify an address completion domain, Post.Office will pick the following domain: yourpostofficehostname.yourdomainname (i.e. firstname.lastname@example.org).
This feature works the same way if you are supporting multiple domains. Just make sure that the users email addresses refer to their domain and you have MX records configured for each
5.6. Address Completion details Question: What is Address Completion? Will Address Completion help reduce the number of "Unknown Users"Error Forms I receive?
All mail messages sent via SMTP should comply with the format username@domainname. Many mail clients, like Pegasus or Eudora, allow you to send mail in improper format (to "Steve", for example). You can configure these clients to add the @ sign and the domain name to the end of the user name so that it will be sent to its mail server (Post.Office) in the format username@domainname.
If you do not configure your client in such a way, then Post.Office will receive the E-mail with just the user name (Steve). This cannot be delivered since it is not a valid SMTP address. Post.Office will attempt to remedy the problem by appending the domain name found in the Address Completion domain field of the System Configuration Form.
In the event that there is no domain listed in this field, Post.Office makes its best guess by looking up the machine name and appending the domain name to it, e.g. email@example.com (see manual 6-10).
Some sites have not defined these fully qualified addresses for their users and so mail is returned to Postmaster as an unknown account.
So, assuming that your E-mail clients are not adding yourpostofficehostname.yourdomainname to the end of the To: and From: lines (remember that some clients can be configured to do this completion also), it should be as simple as adding your domain name to the Address Completion domain field in the System Configuration Form to avoid these errors.
If you have specified an Address Completion Domain in Post.Office, then check to see if your client is attempting completion.
5.7. CGI, PHP and sendmail scripts. Question: My webserver scripts (perl, cgi, PHP, etc..) are not able to send mail to remote users. What is the problem?
The Post.Office default install for SMTP relay Restriction is highly secure. You will need to add 127.0.0.1 or the IP address of your server in the relay settings. ie:
5.8. Restricting Mail Relay Question: I am having trouble figuring out the "Restrict Mail Relaying" System Configuration page. What does all of that mean?
Although Post.Office ships as closed relay, it is important to know what the settings on this page are for in case you plan on making changes. The Administration Guide goes into detail about the functions of each field, but this page should give some general guidelines to follow.
Here is an example of the page with some comments:
5.9. Testing Spam/SMTP Message Filters Question: How do I test an SMTP Filter without deleting potentially important email? Answer: You can disable the filter's actions by unchecking both actions:
Action: Action to be taken when a filter matches a message
- Discard - Copy To
at the top of the filter form page.
By viewing your logs, you can see when the filter matches on an Email. It will say something like:
00date0string-0800:IP Filter: Test MATCH: IP Src: <firstname.lastname@example.org> IP dest: <email@example.com>
00date0string-0800:Header Filter: Spam Killa' Src ip: <firstname.lastname@example.org> Dst ip: <email@example.com> Header: Received: from spammer.com ([18.104.22.168])
with some offending text from the email.
The log will not show:
The Post.Office mail server is a background process that will start at the time your server boots up and remain running until you shutdown. You do not need to log in or start an application to run Post.Office.
Should you wish to start or stop the server manually, you may do so by logging in as an Admin user and issuing these simple commands in the Terminal application:
sudo /usr/local/post.office/post.office shutdown
5.11. RBL Filters Question: Can I use zen.spamhaus.org, given this warning:
"..Caution: Because ZEN includes the XBL and PBL lists, do not use ZEN on ...SMTP AUTH outbound servers..."
Does Post.Office use SMTP AUTH? Answer: Post.Office does SMTP AUTH on inbound connections, not on outbound connections, so can use zen.spamhaus.org as one of your Reatime Blacklist (RBL) entries.
6.1. Backing up Post.Office Question: How do I backup Post.Office for a reinstallation or move to another machine? Answer: The files that you need to back up in order to keep your user acounts and configuration are:
You can create a compressed tar file of the directory from the Terminal like this:
sudo tar czvf Post.Office-backup-11.6.2002.tar.gz /var/spool/post.office
To restore the settings:
sudo tar xzvf Post.Office-backup-11.6.2002.tar.gz
To back up the mailbox directory, use:
sudo tar czvf Post.OfficeMailbox-backup-11.6.2002.tar.gz /var/spool/mailbox
To restore the mailbox directory, use:
sudo tar xzvf Post.OfficeMailbox-backup-11.6.2002.tar.gz
7.1. Sendmail Question: Is Post.Office compatible with sendmail? Answer: The "sendmail" emulation program provided with Post.Office recognizes all of sendmail's command-line switches and options. The -bd, -bm, and -bp operating modes are fully supported, and support may be added for other operating modes as required.
The /etc/passwd file is not needed by Post.Office; all user information and addressing is kept in a user account database. The installation program will create this database and enter all existing users' information for you (if desired).
The /etc/aliases file is not needed by Post.Office; all aliases are kept in the user account database.
Users' .forward files are not needed by Post.Office; all delivery information (including forwarding) is kept in the user account database.
NIS & NIS+ databases, and UUCP are not supported.
7.2. FAX and pager software Question: Does Post.Office support, work with, or recommend any FAX or pager software? Answer: Post.Office users can take advantage of the Program Delivery feature. Program Delivery can be used to direct mail to your FAX or pager provided you have FAX or pager software that will accept mail as standard input.
7.3. Running Scripts with Post.Office Question: I have some Perl scripts and PHP scripts that rely on 'sendmail'. How can I use Post.Office as a sendmail replacement with these scripts? Answer: Post.Office has its version of "sendmail" in the directory called /usr/sbin. That means that for any scripts that you have that call sendmail, you need to make sure the path says:
/usr/sbin/sendmail. You might be using scripts that have the pre-set path of /usr/bin/sendmail and this is what needs to be changed to /usr/sbin/sendmail.
In addition, you will need to set up Post.Office to allow relay from the machine you are running the script from.
Log in to Post.Office via the web browser to Port 9090. Click on System Configuration and go to Restrict Mail Relaying. Set up the form so that it says:
X Restrict Relay Mail Except As Indicated Below:
X Allow Relay From the Following IP Addresses:
If Relay Mail is Restricted as Specified Above,
Allow Relay to
X No Domain Except those Listed Below:
X Local Mail Domains
X Additional Domains (if needed).
You will need to add the IP address of where the script is running to the Allow Relay From the Following IP Addresses box. If your script is running on the same machine as Post.Office, then you need to add it as 127.0.0.1. If you don't know what IP address you need to add, you can look in your /var/spool/post.office/log/post.office.log file (after running a test by trying to send out a message on your script) and seeing what the IP is when you get a Relay Denied message.
7.4. My Scripts Stopped Working Question: I've been using Post.Office to support my PHP mail scripts. I upgraded the OS and now my scripts no longer work. What happened? Answer: Post.Office uses /usr/local/post.office/bin/sendmail to support scripts. When Post.Office is installed a link is made from /usr/sbin/sendmail to the Post.Office sendmail, so scripts that need sendmail will 'just work'. Sometimes a operating system update will break this link.
As root, or using sudo and Terminal, run the following commands:
cd /usr/sbin mv sendmail sendmail.bak ln -s /usr/local/post.office/bin/sendmail sendmail
If you have trouble in the future you can check for this link and if it's not there, just replace it.
8.1. APOP Question: Do you have plans to support APOP? Answer: We currently do not have any plans to support APOP in addition to POP3. We do support SMTP-Authentication.
8.2. IMAP4 Question: Will you support IMAP4 on Post.Office? Answer: We already do! Post.Office for Mac OS X includes IMAP4. Previous versions for other operating systems did not.
8.3. SPAM Filtering Question: What kind of tools do you have to inhibit SPAM? Answer: Post.Office has two techniques for filtering SPAM: 1) a built-in vehicle for creating your own filters that cater to your particular environment; and 2) a SpamAssassin plug-in.
SpamAssassin is a powerful, open source filtering tool that can be used to stop SPAM. Post.Office customers can take advantage of SpamAssassin, simply by invoking the SpamAssassin plug-in.
Sophisticated users can further empower SpamAssassin to support their particular situation. Advanced usage of SpamAssassin is detailed in a customer-supported Wiki and is not part of the standard Tenon technical suppport.
9.1. Deleting all user accounts Question: Is there a way to use the delacct command line to delete all accounts? I'm installing the first time and would like to import a modified EIMS export rather than my original EIMS export that I used for testing. Answer: Yes, using the command line utilities you can delete accounts in batch mode. Briefly, you need to run the 'listacct' program and send the output to a file. Then you need to hand edit the file to put './delacct' in front of each entry you want to delete, being careful not to delete the the default Post.Office accounts. Then make the file you created executable and execute the file.
Here are the steps in detail:
Log in to a terminal window as "root" and type in:
./listacct >> myfile
You can list out the contents of your file with the command:
You will see something like this:
This will create a file called "myfile" (you can name it anything you want) that will contain the user ID's of all of your users. Edit that file with an editor so it looks like this:
Don't delete Postmaster, Root, Error-Handler, List-Manager or any of the built in Post.Office accounts!
Once you have added the "delacct" at the beginning of each line, change the file permissions of myfile so that it is an executable file. Type in:
chmod +x myfile
and now run the file:
That will delete each account that is named in the file.
9.2. Virus Scanning software and Post.Office Question: How can I use virus scanning software with Post.Office? Answer: Most of our customers use McAfee's Virex 7 (the client version) for virus scanning. Virex 7 is scriptable and customers have contributed scripts to scan the received mail at intervals.
Virex 7 scans the mail received by Post.Office, but not yet delivered to the user's mailbox on the server.
Alternative strategies that sit on port 25 and scan mail before it is received by Post.Office may be available in the future.
Email address harvesters are programs that search web pages collecting Email addressses to send spam to.
The affects of these harvesters can be controlled in a number of ways:
Make Email address links on your web pages less decipherable to these harvesters by using HTML characters:
Once rendered this looks like:firstname.lastname@example.org and should behave like a normal link.
Filter for repeatedly spammed addresses that are no longer in use. You can check your logs to get these addresses using the following Terminal command:
(There may be a lot of them.) Configure an SMTP Filter with some of those addresses in the "Dest Addr" field, making sure that they are OR'd together. Now, any Emails to these addresses will immediately get deleted. The real benefit occurs when spam is addressed to both a bogus and a real address - the real user does not receive the spam, and you don't have a "User Unknown" bounce sent out by your server to the spammer.
If you do not find any of these bogus addresses in your logs, you can plant one on your website yourself, making sure to disguise it so normal users won't click on it. Some software companies refer to this as a "poison address", but it acts more like a flag to help filter spam.
Although Post.Office uses filters to eliminate spam, some software products will actually attempt to crash or corrupt the address database by using a "poison pill" or "teergrube". These products use CGI or PHP to generate numerous bogus addresses for harvesters to choke on, but may cause more problems than they solve, and should be used with care.
In the System Config area, under "Configure an SMTP Filter" you can set limits on message delivery.
SMTP filtering provides for rule-based specification of filters that are applied to messages as they are received. Filters may contain multi-faceted triggering based on a combination of source, destination, subject or message body contents. When a filter matches the contents of a message, one or more elements in a series of actions is invoked. Actions include message discard with logging, message forwarding to an alternate address and copying of a message with delivery.
Filters are constructed using standard UNIX regular expression processing, or by simply using keywords. This makes Post.Office SPAM filtering extremely powerful.
For detailed documentation on regular expressions there are many resources on the web:
Open Relay Blacklist filters prevent servers who have been identified as being open relay from sending mail to your server. Because this mail will likely be spam, these filter can reduce the amount of unsolicited messages your user receive and cut down on the proliferation of open relay servers.
These filters are easy to configure and would look like this screen shot:
Make sure to specify "Dyn. Host" as the type of field and then enter the blacklist server you prefer in the following field. Our Post.Office demo has a view of the completed form with the RBL filter.
Post.Office SMTP Filters can now use SpamAssassin as a plug-in extension to their standard capabilities. To configure the Post.Office SMTP Filters to use SpamAssassin:
Log in to the Post.Office web based administration pages and navigate to: System Config : Configure an SMTP Filter
Enter a new name and description for the filter
Select "Plugin Name" in the "Body" filter pop-up menu.
Enter spam_assassin into the text field to the right of the pop-up menu.
You do not need to specify an Operation in the "Op" pop-up menu.
Submit the filter request.
SpamAssassin is configured by default to reject messages with a rating of 5 or higher. Further settings may be configured in SpamAssassin. See http://www.spamassassin.org for details.
9.7. "Whitelisting" with SpamAssassin Question: I have some important clients. How can I make sure their mail isn't filtered by SpamAssassin? Answer: You can use the capabilities of Post.Office's built-in SMTP Filtering to exclude your clients source and destination e-mail address or domain name, so that messages coming to or from your client are not sent to SpamAssassin for review.
So, for example, your filter that calls SpamAssassin might look like:
9.8. Changing Port 25 Question: How can I change the incoming mail port on Post.Office? Answer: Post.Office does not have web based administration of the SMTP port (changing it is rarely needed), but you can update some database information by E-mailing to "configuration" and specifying the appropriate parameters.
From an account with Postmaster privileges, perform the following:
1. If you do not already have one, add a "E-mail Form Security Enhancement Password" to the "Establish System Security" form in the "System Config" section of the web based administration.
2. Make sure your "Configuration Manager" account (a Reserved Account) has a valid email address listed in its Additional E-mail Addresses. eg: "email@example.com"
3. Construct a mail message to "configuration@yourhost"
4. The body should contain:
Postmaster-Password: [your PM password]
Form-Security-Password: [your FS password] (This is on the Security form and cannot be blank)
Form: [Global Field Setup]
SMTP-Accept/Config/Socket:  (or whatever port you want)
5. Send the message.
You should not receive an error message back from the Configuration account.
Next, restart Post.Office, by either rebooting your server or using the Terminal application:
sudo /usr/local/post.office/post.office shutdown
-- wait a minute or so--
Your SMTP server should now be running on the specified port.