Email Info

Webmail is available at iron.waffle.tech/webmail, it will move to waffle.tech/webmail once the webpage is also moved to the new machine.

  • IMAP is available at mx.waffle.tech port 993, use TLS.
  • SMTP is available at mx.waffle.tech port 587, use STARTTLS.
  • POP3 is availbale at mx.waffle.tech port 995, use TLS, but you probably don't want POP3 anyway.
  • ManageSieve is available at mx.waffle.tech port 4190, use STARTTLS.

When authenticating, use only your username, do not include the @waffle.tech. The SMTP submission interface supports the BURL optimization, if your client is capable (most are not yet).

The MTA is configured to allow emails with a total size of up to 25MiB. This is about the point where many major recipient email services will start to reject receiving such a message anyway, so for larger attachments you will need to do something else (e.g. upload them to your webroot?).

SpamAssassin is running and should both prepend the subject with [SPAM] and add the X-Spam-Flag: Yes header if an email scores high. Emails that score exceptionally high or come from certain blacklisted sources may be completely rejected by the MTA, in this case the sender (if they are real) should receive a non-delivery notice from their own provider.

Sieve runs to filter email. There is one rule always run before any user filters which moves email flagged as spam to the 'Junk' folder, if you so desire it's possible to add another custom rule to move it back. You can add/manage custom rules using the ManageSieve protocol which is supported by some clients and the waffle.tech webmail.

Outgoing email is validated by SPF, DKIM, and DMARC to encourage successful delivery. In some cases the headers of email you send may be returned to the waffle.tech administrator if the recipient's mail system judges it to be spam, this is to enable investigation of any compromise.

The MTA will opportunistically use TLS for any outgoing email if the receiving MTA supports it. Additionally, the MTA is configured with a list of “known secure” recipient domains and will refuse non-TLS delivery to these domains. This list includes all of the major email providers you can think of. Contact the administrator if you would like a domain you correspond with and know to support TLS to be added to this list. As always, do not trust en-route encryption of emails because there are several ways for it to fail and for your email to end up being transferred in plaintext.

  • Last modified: 2020/06/30 01:59
  • by jesse