Table of contents

SSL certificate renewed

Up and running since Sat 2008-04-19

Change your password

Email settings

Connecting your email program directly to our server

Using Google's spam filter

Troubleshooting

Certificate error

News

Server, instructions for use

Last update: 2009-11-21

Your mail

Note: The web site at musikwert.de no longer esists. Please try http://musicschool-cml.de/.

SSL certificate renewed

On 2009-01-10 the server SSL/TLS encryption certificate has been renewed. Please read the chapter Certificate error below for instructions on how to avoid the certificate error message you get for the india155.server4you.de server.

Up and running since 2008-04-19

Please check here for information on the new server.

The switch has been performed on Sat 2008-04-19. In theory a switchover should take half an hour, but there are some misconfigured DNS server around, so some mails may go to the old server for another day. If you check your email on the old server again once a few days later, you should be fine and should not lose any mail.

So far the change to the new server has been a full success. The new server is much faster, more modern, powerful, capable, and more reliable.

Technical background

Some technical data of the new server components:

Change your password

You should change your password as soon as possible after you have received it.

Your email password has nothing to do with any web site password (Content Management System), which you may use to log on to a web site. Email and web server are independent of each other in this respect. The email password is only used to administer your email setup, in the account setup of your email program, and for logging on to the webmail page. You can, however, use the same password for email and for the web site to make it easier to remember and to prevent mistaking one for the other.

  1. Determine a safe password. It should be 6 characters long at the very least. It should contain at least one special character or be much longer. It should not be in any dictionary. It should not be something that anybody could guess from your environment. It should not contain your username.

    A safe bet is to combine two unrelated words and include at least one special character (not a letter or digit).

    A safe password is important, because a hijacked email account would be very troublesome for all of us (server getting blacklisted, etc.).

  2. Click on: https://india155.server4you.de:8443/
  3. You will at first get a certificate error. Click on the option to open the web page anyway. See the instructions below in the chapter "Certificate error" on how to avoid this error in the future.
  4. Log in with your email username, which is your complete email address, and your current, old email password.

    Attention: If your email address ends in @elephanttrust.org, you have to use @winhlp.com instead. Example: If your email address is jack@elephanttrust.org, your username is: jack@winhlp.com

  5. Click on: Preferences
  6. Enter your new password twice in the respective input fields.
  7. Change other settings, if you like.
  8. Click on the button: [OK]

If you later forget your password, an administrator can reset it, and then you have to change it again on the server and in your email client program. We cannot read the password from the server, and we don't want to know your password.

Email settings

Should I use IMAP or POP3?

POP3 is a protocol that typically downloads all mail from the server into your computer and deletes it on the server. This is simple, but you can read your mail only on one computer.

IMAP (or IMAP4), in comparison, keeps all emails on the server and on each computer that connects to it. Each computer synchronizes its mails with the server.

You can use IMAP on our server or, if you route your mail through Google Mail, you can use IMAP on Google's server. The latter means two email accounts to set up and maintain, but it has the advantages of more storage space for emails and safer retention.

Our server will keep your mail too, but its storage space is more limited, so you have to remove old mail from time to time, and we cannot guarantee that your mail will always be kept. The server's hard disk could crash one day.

If you need more email storage space than your standard allocation, talk to us. As long as not too many people ask for more, we can easily grant it.

You can use your webmail and administer your email server account here.

If you are a migrating user who has already had an account on an older mail server, don't change that account. Instead create an additional, new account for the new server. The reason is that you have to collect mail from the old server for a couple of days.

You have to decide between two different ways to use your mail. You have to make a decision between 1. and 2., but you can use both a. and b. interchangingly if you use the IMAP protocol in your local email client program.

  1. Use our server directly.
    1. Recommended: Use it through an email client program like Outlook Express, Windows Mail, or Mozilla Thunderbird. See below for the settings.
    2. Use webmail by prepending "https://webmail." to your domain. Examples: https://webmail.michna.com/, https://webmail.elephanttrust.org/, etc. You will get a certificate warning, which you have to ignore and choose to open the web page anyway, but you will be using encrypted communication. This certificate warning cannot be avoided.

      You could use http:// in place of https:// to communicate without encryption, but this is not recommended, because it is dangerously insecure.

      To log on, enter your complete email address as username and your email password.

      Attention: If your email address ends in @elephanttrust.org, you have to use @winhlp.com instead. Example: If your email address is jack@elephanttrust.org, your username is: jack@winhlp.com

  2. Recommended if you receive more than approximately 50 spam mails per day: Use Google Mail (or another suitable email system with a good spam filter) to collect your email from the server and filter it. Note that since late 2008 our own server's spam filtering has been improved to such an extent that few users will need this Google Mail option.
    1. Collect your mail from Google Mail with your own email client program. Follow Google Mail's instructions to set it up.
    2. Use Google Mail on your web browser.

Connecting your email program directly to our server

This is the preferred solution.

Create an account for the new server in your email program. The following settings are needed to collect email directly from our mail server into your local email client program like Outlook Express, Outlook, Mozilla Thunderbird, Eudora, Pegasus, etc. (solution 1.a., the preferred standard solution).

Name of the account: (Arbitrary, you can call it like your email address. It just has to be unique.)
Server type: IMAP (preferred) or POP3
Server, both POP3/IMAP and SMTP: india155.server4you.de
Username: (Your complete email address)

Attention: If your email address ends in @elephanttrust.org, you have to use @winhlp.com instead. Example: If your email address is jack@elephanttrust.org, your username is: jack@winhlp.com

Password: (Your email password)

If you have not received your password by email already, ask us. We can also set a new password for you, but we cannot find out yours after you have changed it.

Important: When you have received a new password, change it immediately through the email administration.

Special server settings to enable: The SMTP (sending) server requires authentication, namely the same one as the POP3/IMAP (receiving) server.

The server does not use secure password authentication (SPA), but it does use TLS or SSL encryption (highly recommended), so enable TLS or SSL for both the receiving POP3 or IMAP and the sending SMTP server, if you can. It is an important security measure.

If TLS doesn't work, try SSL. Use the following port numbers.

Protocol    Without TLS/SSL    With TLS/SSL
IMAP 143 993
POP3 110 995
SMTP 587 587

For SMTP port 25 no longer works if you try to connect from any dial-in port, such as a DSL or modem connection. Always use port 587.

If you have enabled TLS or SSL (which you should), the first time you use the server you will get a certificate warning, which you can ignore. Select to use the server anyway. The certificate for mail is the same as that for the web server. Verify that it has one of the following:

Fingerprint SHA1: 5FFE91F3 6898CCF7 0DAB08EE 876BD9B5 F8F06ED6

Fingerprint MD5: 46C922A8 07B1DBBB 699A351E 6203A558

Please scroll down and read the chapter "Certificate warning" to avoid this repeated warning.

This encryption is essential, for example, when you use your laptop on a wireless LAN, because without it everybody else who is on that WLAN can record all your data traffic, even your mail password.

The IMAP root folder path, sometimes called the IMAP Path Prefix, is: INBOX

For example, in Outlook Express you can enable the setting to shift messages automatically into special folders. You should use the folder names sent-mail and Drafts.

Administration: https://india155.server4you.de:8443/ (You will at first get a certificate error. Click on the option to proceed anyway. Please read the chapter "Certificate error" below to learn how you can prevent it.)

There is also an auto-forwarder at http://michna.com/admin/, which goes to that same address and shows you the same web page. Its purpose is only that you can type the easier-to-remember address: michna.com/admin

Webmail: Prepend "https://webmail." to your domain. Examples: https://webmail.michna.com/, https://webmail.elephanttrust.org/. You will get a certificate warning every time, but you will be using encryption. Choose to open the web page anyway. This certificate warning cannot be avoided.

Log on with your mail username and password. If your address ends with @elephanttrust.org, you have to use @winhlp.com instead. Example: If your address is jack@elephanttrust.org, your username is: jack@winhlp.com

Cheat sheet: http://michna.com/mail/ (in short: michna.com/mail)

If you use IMAP, some special IMAP settings have to be set like the following example from a German Outlook Express. The root folder name for our server is INBOX. (For Google Mail it is [Gmail], including the brackets.) The folder for sent mail has to be named sent-mail, because that's what webmail automatically generates, and you want to have this compatible with webmail. The name for the drafts folder is arbitrary, but again you should set the same name in webmail to keep the systems in synch.


Special IMAP settings for our server
(See different settings for Google Mail below.)

Create an additional folder named Trash for throw-away items, because this folder already exists in webmail.

After creating this account, you may have to select and synchronize it with the server once to make all folders appear in the correct positions.

Make the new account the default account, so you use it to send mail and no longer the old one.

You can delete the old account a few days after the new server is up and running and receiving mail.

Using Google's spam filter

Getting your mail into Google Mail

If you receive a large amount of spam, i.e. more than approximately 50 spam mails per day, consider using an additional spam filter. The easiest is Google Mail, but along with the generally poor quality of anything made by Google, it seems to have a considerable number of false positives for some users, i.e. good emails that end up in Google Mail's spam folder.

In Google Mail enter the settings described below, but use your own email username. Click on Settings, Accounts, Get mail from other accounts:

Google Mail collect
Google Mail settings example to collect your mail—substitute your username and password

Getting your mail from Google Mail into your local email client program

If you want to use a local email client program to collect your mail, like Outlook Express, Mozilla Thunderbird, or Eudora, you can configure it for Google Mail's server as follows.

  1. Go to Google Mail, Settings, Forwarding and POP/IMAP.
  2. Follow the instructions there to configure your email client. You had already enabled IMAP (perferred if your mail client can do it) or POP3, so most of the settings are already in place. You only have to change the configuration for the sending side, SMTP.

It is recommended to use our own server for sending mail, but you can also use Google's mail server when, for any reason, you have no other choice. Sending through Google Mail has the disadvantage that you do not benefit from our Domainkeys implementation, which Google Mail also has, but which does not work well. Also, your mails would show your real email address in the From: field, but your Google Mail address in the Sender: field, which makes your mails look less authentic.

If you want to use our own mail server for sending (recommended), enter the SMTP settings (for sending) described at the top into the account setting of your email program, but leave the POP3 or IMAP settings (for receiving) set for Google Mail. Note that you have to enter separate authentication settings, i.e. username and password, for the SMTP server. These settings are somewhat hidden in some email programs and have to be opened by an extra mouse click.

Some special IMAP account settings in your email program are the name of the root folder and the names of the two folders for sent mail and drafts. For example, in a German Outlook Express these settings look as follows.

Outlook Express IMAP
IMAP properties in a German Outlook Express for an English Google Mail

Troubleshooting

If you cannot collect or send mail, recheck the following:

  1. Check whether you actually have an Internet connection.
  2. Check all settings above, particularly the server name: india155.server4you.de
  3. Make sure that SPA (Secure Password Authentication) is not enabled, and neither any other secure password authentication method. We rely entirely on SSL to secure the entire data exchange, including the password.
  4. You can try to disable TLS/SSL (Secure Socket Layer) for testing, but when everything works, you should re-enable it.
  5. Make sure you have the right ports for the IMAP/POP3 and SMTP servers. Note that IMAP and POP3 use different ports with and without SSL. Check the settings above for the proper port numbers.

Certificate error

Background

The administrator pages of our new web server at https://india155.server4you.de:8443/ (also reachable through a forwarding page at http://michna.com/admin/, in short, michna.com/admin) use the SSL encryption protocol, recognizable by the https:// prefix in the address (URL), unlike the more common http:// prefix. This is useful and makes it much more difficult to eavesdrop electronically on the data exchange.

The same holds for all mail connections, if you chose to activate TLS or SSL, which you should.

The encryption key is customarily coupled to a certificate that is meant to certify the identity of the buyer of the certificate, which costs some money. Since we currently don't need this and need only the encryption key, we don't pay, but instead make our own certificate. Consequently your browser issues a certificate error, telling you that this certificate does not come from a commonly known certificate authority (CA) and is therefore not good enough to identify our server.

When this happens, you can choose to ignore the error and open the web page anyway, but the next time you start your browser and go to the administrator page, you will get the error message again. To avoid this, you essentially have to tell your browser that you trust this certificate, which means putting it into your certificate store.

This is the procedure for Internet Explorer 7:

  1. In Internet Explorer open: https://india155.server4you.de:8443/
  2. Click on the choice to open the web site in spite of the error.
  3. Click on the red signal at the very top center: "Certificate error"

    The browser tells you: Certificate is invalid

  4. Click on: Show certificates
  5. Inspect the certificate. It should be from: india155.server4you.de
  6. Click on the button: [Install certificate]
  7. Accept the default certificate store choice and click on the button: [Next >]
  8. Finalize the procedure by clicking on the respective button.
  9. Verify that the certificate has one of the following:

    Fingerprint SHA1: 5FFE91F3 6898CCF7 0DAB08EE 876BD9B5 F8F06ED6

    Fingerprint MD5: 46C922A8 07B1DBBB 699A351E 6203A558

  10. Close your browser.

Other browsers probably do this similarly. Firefox, for example, asks you directly, so after inspecting the certificate and checking a fingerprint, elect to always accept it.

Web site certificates are coupled to the domain. You could call the administrator pages up through any domain hosted on the server. For example, instead of https://india155.server4you.de:8443/ you could call them up with https://aschenbrenner.com:8443/, https://michna.com:8443/, https://winhlp.com:8443/, or https://elephanttrust.org:8443/. However, only the india155.server4you.de domain has the certificate, so on all other domains, including the webmail addresses, you get a certificate address error, even though the certificate is valid.

News

Server outage on 2008-10-17, approx. 18 to 20 o'clock UTC

On 2008-10-17 we had a server outage that lasted two hours.

Server outage 2008-10-17
Server outage 2008-10-17, Times CEST. Subtract 2 hours to get UTC.

The long and winded story that goes with it is about this:

  1. A user complained about losing mails.
  2. I (Hans-Georg) looked through the mail logs to identify what happened to some particular mails.
  3. I found that all of them were delivered properly by our well-working mail server. (The cause of the mail loss is as yet undiscovered, but our mail server is not at fault. No other user has reported any similar losses either.)
  4. On this occasion I saw that our virus checker DrWeb sends error mails to the nonexistent email address (in which I replaced @ with ©): postmaster©india155.server4you.de
  5. I thought the simplest way to find out would be to create a domain india155.server4you.de on our server with one mail forwarder that redirects these mails to me, and so I did.
  6. Minutes later the server became sluggish, slow and slower, and finally entirely unresponsive.
  7. I had to hard-reboot the server, only to find that it comes back up, works fine for a couple of seconds, then begins again to get sluggish and essentially dies within a minute.
  8. I suspected that my new mail forwarder creates something like an endless loop and decided that the only solution is to remove the mail forwarder and the domain again, but without the server being responsible I could not do that. I called Klaus, and we discussed the situation.
  9. During the next reboot I was able to find out that indeed our SMTP server, qmail, created a very large number of mail processing threads, which swamped the server and were the immediate cause of our problem.
  10. After trying various methods to stop the qmail service, hampered by our lack of knowledge of the deeper details of this particular SuSE Linux + Plesk installation, we engaged in the following dragon fight. While Klaus hacked off the constantly regrowing multiple heads of the dragon, I sneaked in and slit the dragon's belly. Translated into computer language, while Klaus kept killing the qmail threads that were produced in large numbers every five seconds, I went into the Plesk administration and removed the offending mail forwarder and the entire india155.server4you.de domain setup.
  11. Instant success—the spook was gone, the server was working smoothly and perfectly again. To be on the safe side, we soft-rebooted the server one last time.

But my doomed actions were basically successful—it actually worked. During the episode quite a few of the mails that I was curious about were forwarded to my personal mailbox, so I could later have a look at them. It turned out that DrWeb sends these mails when it cannot check a mail for viruses, which happens from time to time for peculiar reasons like licensing. Since the mail that couldn't be checked is delivered normally, the warning mails are uninteresting and can be discarded.

By the way, the peak in CPU usage just after midnight, that you can see in the picture above, represents the web statistics processing that produces the web statistics you can see for a domain when you append /plesk-stat/webstat/ to the domain's web address. Example: http://winhlp.com/plesk-stat/webstat/

Your friendly server administrators Klaus and Hans-Georg

@

hits since 2008-04-22
Free PHP scripts by PHPJunkYard.com