Server, instructions for use

Last update: 2009-11-21

Your mail

Note: The web site at musikwert.de no longer esists. Please try http://musicschool-cml.de/.

SSL certificate renewed

On 2009-01-10 the server SSL/TLS encryption certificate has been renewed. Please read the chapter Certificate error below for instructions on how to avoid the certificate error message you get for the india155.server4you.de server.

Up and running since 2008-04-19

Please check here for information on the new server.

The switch has been performed on Sat 2008-04-19. In theory a switchover should take half an hour, but there are some misconfigured DNS server around, so some mails may go to the old server for another day. If you check your email on the old server again once a few days later, you should be fine and should not lose any mail.

So far the change to the new server has been a full success. The new server is much faster, more modern, powerful, capable, and more reliable.

Change your password

You should change your password as soon as possible after you have received it.

Your email password has nothing to do with any web site password (Content Management System), which you may use to log on to a web site. Email and web server are independent of each other in this respect. The email password is only used to administer your email setup, in the account setup of your email program, and for logging on to the webmail page. You can, however, use the same password for email and for the web site to make it easier to remember and to prevent mistaking one for the other.

1. Determine a safe password. It should be 6 characters long at the very least. It should contain at least one special character or be much longer. It should not be in any dictionary. It should not be something that anybody could guess from your environment. It should not contain your username.

   A safe bet is to combine two unrelated words and include at least one special character (not a letter or digit).

   A safe password is important, because a hijacked email account would be very troublesome for all of us (server getting blacklisted, etc.).

2. Click on: https://india155.server4you.de:8443/
3. You will at first get a certificate error. Click on the option to open the web page anyway. See the instructions below in the chapter "Certificate error" on how to avoid this error in the future.
4. Log in with your email username, which is your complete email address, and your current, old email password.

   Attention: If your email address ends in @elephanttrust.org, you have to use @winhlp.com instead. Example: If your email address is jack@elephanttrust.org, your username is: jack@winhlp.com

5. Click on: Preferences
6. Enter your new password twice in the respective input fields.
7. Change other settings, if you like.
8. Click on the button: [OK]

If you later forget your password, an administrator can reset it, and then you have to change it again on the server and in your email client program. We cannot read the password from the server, and we don't want to know your password.

Email settings

You can use your webmail and administer your email server account here.

If you are a migrating user who has already had an account on an older mail server, don't change that account. Instead create an additional, new account for the new server. The reason is that you have to collect mail from the old server for a couple of days.

You have to decide between two different ways to use your mail. You have to make a decision between 1. and 2., but you can use both a. and b. interchangingly if you use the IMAP protocol in your local email client program.

1. Use our server directly.
   1. Recommended: Use it through an email client program like Outlook Express, Windows Mail, or Mozilla Thunderbird. See below for the settings.
   2. Use webmail by prepending "https://webmail." to your domain. Examples: https://webmail.michna.com/, https://webmail.elephanttrust.org/, etc. You will get a certificate warning, which you have to ignore and choose to open the web page anyway, but you will be using encrypted communication. This certificate warning cannot be avoided.

      You could use http:// in place of https:// to communicate without encryption, but this is not recommended, because it is dangerously insecure.

      To log on, enter your complete email address as username and your email password.

      Attention: If your email address ends in @elephanttrust.org, you have to use @winhlp.com instead. Example: If your email address is jack@elephanttrust.org, your username is: jack@winhlp.com

2. Recommended if you receive more than approximately 50 spam mails per day: Use Google Mail (or another suitable email system with a good spam filter) to collect your email from the server and filter it. Note that since late 2008 our own server's spam filtering has been improved to such an extent that few users will need this Google Mail option.
   1. Collect your mail from Google Mail with your own email client program. Follow Google Mail's instructions to set it up.
   2. Use Google Mail on your web browser.

Connecting your email program directly to our server

This is the preferred solution.

Create an account for the new server in your email program. The following settings are needed to collect email directly from our mail server into your local email client program like Outlook Express, Outlook, Mozilla Thunderbird, Eudora, Pegasus, etc. (solution 1.a., the preferred standard solution).

If you use IMAP, some special IMAP settings have to be set like the following example from a German Outlook Express. The root folder name for our server is INBOX. (For Google Mail it is [Gmail], including the brackets.) The folder for sent mail has to be named sent-mail, because that's what webmail automatically generates, and you want to have this compatible with webmail. The name for the drafts folder is arbitrary, but again you should set the same name in webmail to keep the systems in synch.

Special IMAP settings for our server
(See different settings for Google Mail below.)

Create an additional folder named Trash for throw-away items, because this folder already exists in webmail.

After creating this account, you may have to select and synchronize it with the server once to make all folders appear in the correct positions.

Make the new account the default account, so you use it to send mail and no longer the old one.

You can delete the old account a few days after the new server is up and running and receiving mail.

Using Google's spam filter

Getting your mail into Google Mail

If you receive a large amount of spam, i.e. more than approximately 50 spam mails per day, consider using an additional spam filter. The easiest is Google Mail, but along with the generally poor quality of anything made by Google, it seems to have a considerable number of false positives for some users, i.e. good emails that end up in Google Mail's spam folder.

In Google Mail enter the settings described below, but use your own email username. Click on Settings, Accounts, Get mail from other accounts:

Google Mail settings example to collect your mail—substitute your username and password

Getting your mail from Google Mail into your local email client program

If you want to use a local email client program to collect your mail, like Outlook Express, Mozilla Thunderbird, or Eudora, you can configure it for Google Mail's server as follows.

1. Go to Google Mail, Settings, Forwarding and POP/IMAP.
2. Follow the instructions there to configure your email client. You had already enabled IMAP (perferred if your mail client can do it) or POP3, so most of the settings are already in place. You only have to change the configuration for the sending side, SMTP.

It is recommended to use our own server for sending mail, but you can also use Google's mail server when, for any reason, you have no other choice. Sending through Google Mail has the disadvantage that you do not benefit from our Domainkeys implementation, which Google Mail also has, but which does not work well. Also, your mails would show your real email address in the From: field, but your Google Mail address in the Sender: field, which makes your mails look less authentic.

If you want to use our own mail server for sending (recommended), enter the SMTP settings (for sending) described at the top into the account setting of your email program, but leave the POP3 or IMAP settings (for receiving) set for Google Mail. Note that you have to enter separate authentication settings, i.e. username and password, for the SMTP server. These settings are somewhat hidden in some email programs and have to be opened by an extra mouse click.

Some special IMAP account settings in your email program are the name of the root folder and the names of the two folders for sent mail and drafts. For example, in a German Outlook Express these settings look as follows.

IMAP properties in a German Outlook Express for an English Google Mail

Troubleshooting

If you cannot collect or send mail, recheck the following:

1. Check whether you actually have an Internet connection.
2. Check all settings above, particularly the server name: india155.server4you.de
3. Make sure that SPA (Secure Password Authentication) is not enabled, and neither any other secure password authentication method. We rely entirely on SSL to secure the entire data exchange, including the password.
4. You can try to disable TLS/SSL (Secure Socket Layer) for testing, but when everything works, you should re-enable it.
5. Make sure you have the right ports for the IMAP/POP3 and SMTP servers. Note that IMAP and POP3 use different ports with and without SSL. Check the settings above for the proper port numbers.

Certificate error

Background

The administrator pages of our new web server at https://india155.server4you.de:8443/ (also reachable through a forwarding page at http://michna.com/admin/, in short, michna.com/admin) use the SSL encryption protocol, recognizable by the https:// prefix in the address (URL), unlike the more common http:// prefix. This is useful and makes it much more difficult to eavesdrop electronically on the data exchange.

The same holds for all mail connections, if you chose to activate TLS or SSL, which you should.

The encryption key is customarily coupled to a certificate that is meant to certify the identity of the buyer of the certificate, which costs some money. Since we currently don't need this and need only the encryption key, we don't pay, but instead make our own certificate. Consequently your browser issues a certificate error, telling you that this certificate does not come from a commonly known certificate authority (CA) and is therefore not good enough to identify our server.

When this happens, you can choose to ignore the error and open the web page anyway, but the next time you start your browser and go to the administrator page, you will get the error message again. To avoid this, you essentially have to tell your browser that you trust this certificate, which means putting it into your certificate store.

This is the procedure for Internet Explorer 7:

1. In Internet Explorer open: https://india155.server4you.de:8443/
2. Click on the choice to open the web site in spite of the error.
3. Click on the red signal at the very top center: "Certificate error"

   The browser tells you: Certificate is invalid

4. Click on: Show certificates
5. Inspect the certificate. It should be from: india155.server4you.de
6. Click on the button: [Install certificate]
7. Accept the default certificate store choice and click on the button: [Next >]
8. Finalize the procedure by clicking on the respective button.
9. Verify that the certificate has one of the following:

   Fingerprint SHA1: 5FFE91F3 6898CCF7 0DAB08EE 876BD9B5 F8F06ED6

   Fingerprint MD5: 46C922A8 07B1DBBB 699A351E 6203A558

10. Close your browser.

Other browsers probably do this similarly. Firefox, for example, asks you directly, so after inspecting the certificate and checking a fingerprint, elect to always accept it.

Web site certificates are coupled to the domain. You could call the administrator pages up through any domain hosted on the server. For example, instead of https://india155.server4you.de:8443/ you could call them up with https://aschenbrenner.com:8443/, https://michna.com:8443/, https://winhlp.com:8443/, or https://elephanttrust.org:8443/. However, only the india155.server4you.de domain has the certificate, so on all other domains, including the webmail addresses, you get a certificate address error, even though the certificate is valid.

News

Server outage on 2008-10-17, approx. 18 to 20 o'clock UTC

On 2008-10-17 we had a server outage that lasted two hours.

Server outage 2008-10-17, Times CEST. Subtract 2 hours to get UTC.

The long and winded story that goes with it is about this:

1. A user complained about losing mails.
2. I (Hans-Georg) looked through the mail logs to identify what happened to some particular mails.
3. I found that all of them were delivered properly by our well-working mail server. (The cause of the mail loss is as yet undiscovered, but our mail server is not at fault. No other user has reported any similar losses either.)
4. On this occasion I saw that our virus checker DrWeb sends error mails to the nonexistent email address (in which I replaced @ with ©): postmaster©india155.server4you.de
5. I thought the simplest way to find out would be to create a domain india155.server4you.de on our server with one mail forwarder that redirects these mails to me, and so I did.
6. Minutes later the server became sluggish, slow and slower, and finally entirely unresponsive.
7. I had to hard-reboot the server, only to find that it comes back up, works fine for a couple of seconds, then begins again to get sluggish and essentially dies within a minute.
8. I suspected that my new mail forwarder creates something like an endless loop and decided that the only solution is to remove the mail forwarder and the domain again, but without the server being responsible I could not do that. I called Klaus, and we discussed the situation.
9. During the next reboot I was able to find out that indeed our SMTP server, qmail, created a very large number of mail processing threads, which swamped the server and were the immediate cause of our problem.
10. After trying various methods to stop the qmail service, hampered by our lack of knowledge of the deeper details of this particular SuSE Linux + Plesk installation, we engaged in the following dragon fight. While Klaus hacked off the constantly regrowing multiple heads of the dragon, I sneaked in and slit the dragon's belly. Translated into computer language, while Klaus kept killing the qmail threads that were produced in large numbers every five seconds, I went into the Plesk administration and removed the offending mail forwarder and the entire india155.server4you.de domain setup.
11. Instant success—the spook was gone, the server was working smoothly and perfectly again. To be on the safe side, we soft-rebooted the server one last time.

But my doomed actions were basically successful—it actually worked. During the episode quite a few of the mails that I was curious about were forwarded to my personal mailbox, so I could later have a look at them. It turned out that DrWeb sends these mails when it cannot check a mail for viruses, which happens from time to time for peculiar reasons like licensing. Since the mail that couldn't be checked is delivered normally, the warning mails are uninteresting and can be discarded.

By the way, the peak in CPU usage just after midnight, that you can see in the picture above, represents the web statistics processing that produces the web statistics you can see for a domain when you append /plesk-stat/webstat/ to the domain's web address. Example: http://winhlp.com/plesk-stat/webstat/

Your friendly server administrators Klaus and Hans-Georg

hits since 2008-04-22
Free PHP scripts by PHPJunkYard.com