Halfdone Development
Articles

Installing and Configuring XMail for Windows

Based on 1.16 (1.17 is the same)

Step by step tutorial on how to setup XMail on a windows computer. The goal: setup a simple XMail server to run on your domain (or subdomain like dynamic ip servers). For simplicity's stake we will not get into filtering and virus scanning and such here. You would also need to know how to use zip files (if you don't please don't run a mail server), how to use the registry, and how tcp/ip works.

In my quests to look for free server software for windows I found about XMail which you can get at http://www.xmailserver.org. It's free and gpl, unlimited, actively developed and also can run as a service under NT. If you ever looked at the documentation it can get quite overwhelming. 69 pages of examples and protocol commands that make appear more complex then it really is. I thought a step-by-step tutorial on setting up a simple server might help get you started.

Conventions:

[tab] means to hit the tab key on your keyboard.
[newline] means to hit the enter key on your keyboard jumping down to the next line

Installing:

Quick list (see further down for details):

  1. Copy exe files to /bin
  2. Secure mail folder
  3. Create MAIL_ROOT and MAIL_CMD_LINE registry entries

When you download the XMail binary version it comes in a zip file. Extract the contents of the zip to some temporary location for now. I'm messy and use my desktop. Dig around until you see some files like ChangeLog, ctrlclnt, gpl.txt...etc. Take all the .exe files from this folder and dump it into the subfolder MailRoot/bin. Now you have all these document files. I dump them in a new folder MailRoot/docs. Now you can take the whole MailRoot folder and place it where you want it to go. They suggest c:\MailRoot but I hate having more root folders so I move and rename it to c:\servers\XMail. Where you put it is up to you but you need to know where you put it! I'll call this location "MailRoot folder" from now on.

Now you need to secure this folder. By default anyone on the system can check the MailRoot folder and check out anyone else's email. I see no reason I should tempt my brother like that. If you right click the folder you should have a security tab. If you are running XP see this MSKB on how to access the security tab. You want to make sure that only Administrators and SYSTEM has access to this folder. Remove any other users listed. Disable inheritance if it bugs you about it. Details on how to use NTFS permissions can be found in windows help or on the web.

Next you need to edit the registry. Before playing in there it's best to make a backup first.Create the key and subkey HKEY_LOCAL_MACHINE\SOFTWARE\GNU\XMAIL. Create the Sting (REG_SZ) values called MAIL_ROOT and MAIL_CMD_LINE. For the value of MAIL_ROOT put in the "MailRoot folder" location like c:\servers\xmail. For MAIL_CMD_LINE you can leave it blank or put in "-Pl -Sl -Ql -Fl -Cl -Ll" which will log all entries. I would then setup permissions so that only Administrator and System can modify these locations.

Configuration Part 1: Config files

Quick list:

  1. Setup SERVER.TAB
  2. Setup CTRLACCOUNTS.TAB and CTRL.IPMAP.TAB for remote configuration access
  3. Setup SMTPRELAY.TAB to prevent being an open relay
  4. Cleanup unneeded example files

1. Setup SERVER.TAB

SERVER.TAB is the file with all the global options for the server. Using my domain halfdone.com as an example, only the following lines would need to be changed. The defaults for the rest are fine.

RootDomain to "halfdone.com"
SmtpServerDomain to "mail.halfdone.com"
POP3Domain to "mail.halfdone.com"
HeloDomain to "mail.halfdone.com"
PostMaster to "postmaster@halfdone.com"
ErrorsAdmin to "postmaster@halfdone.com"

2. Setup CTRLACCOUNTS.TAB and CTRL.IPMAP.TAB for remote configuration access

Setup CTRLACCOUNTS.TAB and CTRL.IPMAP.TAB files. These files are used for admin access using programs like ctrlclnt.exe or 3rd party software. You need to set a user/password and if possible, limit what IP addresses can access it.

2.1 Run xmcrypt.exe to create an encoded password. It's used in the format of XMCRYPT.EXE <password>.

C:\Servers\Xmail\bin>xmcrypt.exe testpassword
1100161115041616120a1701

2.2 CTRLACCOUNTS.TAB contains the usernames and passwords for admin access. It has a format of "username" [tab]"password" [newline]

"catfish" [tab] "1100161115041616120a1701"

2.3 CTRL.IPMAP.TAB contains a list of IPs that can connect (with valid user/pass) to the admin interface. It has the format of "IP" [tab] "netmask" [tab] "permissions" [tab] "precedence" [newline].

Netmask is a way to choose ranges of ips. You can think of them as a mask over the IP address and where 255 is, it's frozen and can't change and where there is a 0 it can change to anything. If the mask has a 0 in a position you want the IP address to be 0 there also (for our uses).

"0.0.0.0" "0.0.0.0" "DENY" "1" (...block all default)
"127.0.0.1" "255.255.255.255" "ALLOW" "2" (...allow local access, override precedence 1)
"192.168.0.0" "255.255.255.0" "ALLOW" "3" (...allow 192.168.0.x access, override precedence 1 and 2)

3. Setup SMTPRELAY.TAB to prevent being an open relay

SMTPRELAY.TAB file controls who can use your computer as a relay. In this context a relay would be a server that can send email for you without it coming from or to your users. Allowing this for the internet at large would be a magnet for spammers. They can bounce email off your server making it harder to trace it back to them and making you look like you spammed others. This is considered being an open relay and will likely get your server blacklisted.

It has the format of "IP" [tab] "netmask" [newline]

"127.0.0.1" "255.255.255.255" [...allow 127.0.0.1 to relay]
"192.168.0.0" "255.255.255.0" [...allow 192.168.0.x to relay]

4. Cleanup unneeded example files

XMail comes with several example files that are not needed on a finished server.

Delete the domains/home.bogus folder and subfolders.
Delete the custdomains/mirror.redir.tab file.
Delete the userauth/pop3/home.bogus.tab
Delete the userauth/smtp/home.bogus.tab

Starting Xmail server:

You want to run this server all the time, even before any users login incase the system reboots due to power outage so it needs to be run as a NT Service. You can install the service by running:

XMail --install-auto

This will setup xmail to run on startup. You can now use NET STOP XMAIL to stop the server and NET STOP XMAIL to start the server.

Configuration Part 2: Control Client

Quick list:

  1. Remove the example items
  2. Setup your domain
  3. Add any domain aliases
  4. Add users to your domain
  5. Add any (user) aliases

You can configure the rest of xmail using it's command line ctrl client program. You can create/delete/view domains, users, mailing lists, aliases...etc. It's format is

ctrlclnt -s <server ip> -u <username> -p <pass> <commands>

You can check the manual under "XMail Admin Protocol" but with the client you use spaces instead of tabs.

1. Remove the example items

XMail comes with an example domain and users. We need to remove these. Make sure that XMail is running. It might take a moment for the admin interface to startup.

To view the example domain, users and aliases you can use domainlist, userlist and aliaslist:

ctrlclnt -s localhost -u catfish -p testpassword domainlist
"xmailserver.test"

ctrlclnt -s localhost -u catfish -p testpassword userlist
"xmailserver.test" "xmailuser" "xmail" "U"

ctrlclnt -s localhost -u catfish -p testpassword aliaslist
"xmailserver.test" "root" "xmailuser"
"xmailserver.test" "postmaster" "xmailuser"

Now we need to remove the examples using domaindel (which will also remove the users and aliases)

ctrlclnt -s localhost -u catfish -p testpassword domaindel xmailserver.test

In my tests I get the following error when removing the text account:

ErrCode = -148
ErrString = Controller response error
ErrInfo = Unable to remove directory

You can ignore this, the domain info (they their folders) are removed. You can now verify that they example is gone:

ctrlclnt -s localhost -u catfish -p testpassword domainlist
ctrlclnt -s localhost -u catfish -p testpassword userlist
ctrlclnt -s localhost -u catfish -p testpassword aliaslist

2. Setup your domain

Now you can setup your domain, using the domainadd command. It's format is domainadd <domain>

ctrlclnt -s localhost -u catfish -p testpassword domainadd halfdone.com

3. Add any domain aliases

You can also alias domains. You might use this if you have a .com and .org domain (like halfdone.com and halfdone.org). In my case I moved moved from a dyndns.org sub domain (halfdone.homeip.net) to a full domain, you can setup a domain alias with the aliasdomainadd command. It's format is aliasdomainadd <real domain> <alias domain>

ctrlclnt -s localhost -u catfish -p testpassword aliasdomainadd halfdone.com halfdone.homeip.net
ctrlclnt -s localhost -u catfish -p testpassword aliasdomainadd halfdone.com catfish.homeip.net

4. Add users to your domain

Now for the user email accounts. You use the useradd command with the format of useradd <domain> <user> <password> U

The U means normal users instead of a mailing list user, which we don't cover here.

ctrlclnt -s localhost -u catfish -p testpassword useradd halfdone.com catfish testpass U

5. Add any (user) aliases

You can also setup (user) aliases. So you don't have to check a bunch of account for postmaster@, webmaster@ and abuse@ you can alias to a real account. The TO: field in the email client will still show the actual email used though. You can think of them as forwarders. The format is aliasadd <domain> <alias user> <true user>

ctrlclnt -s localhost -u catfish -p testpassword aliasadd halfdone.com postmaster catfish
ctrlclnt -s localhost -u catfish -p testpassword aliasadd halfdone.com webmaster catfish
ctrlclnt -s localhost -u catfish -p testpassword aliasadd halfdone.com Administrator catfish
ctrlclnt -s localhost -u catfish -p testpassword aliasadd halfdone.com Admin catfish
ctrlclnt -s localhost -u catfish -p testpassword aliasadd halfdone.com root catfish
ctrlclnt -s localhost -u catfish -p testpassword aliasadd halfdone.com abuse catfish
ctrlclnt -s localhost -u catfish -p testpassword aliasadd halfdone.com security catfish
ctrlclnt -s localhost -u catfish -p testpassword aliasadd halfdone.com secalert catfish
ctrlclnt -s localhost -u catfish -p testpassword aliasadd halfdone.com mmoniz catfish
ctrlclnt -s localhost -u catfish -p testpassword aliasadd halfdone.com mike catfish

You can also setup a "everything else" account by using a * for an alias. Any email address to your domain that isn't set to some user or other alias will be sent to you.

ctrlclnt -s localhost -u catfish -p testpassword aliasadd halfdone.com * catfish

Testing:

Now you have to test your server to make sure it's not an open relay. Best way to do so on a internet accessible server is doing the telnet test at http://mail-abuse.org/tsi/ar-test.html.

Last Update: Sep 14th, 2003
Written by Mike "Catfish" Moniz @ Halfdone Development
Page last modified: June 20th, 2005 - 5:44pm Boston, USA time.