The complete process can and should be viewed in the process diagram that appears in a separate post (opens in a new window) that lets you follow along as you perform each step. If you would prefer to work from a printed copy of the flow chart, here’s a link to a PDF copy:
The rest of this article explains those parts of the installation process that need it and provides some next steps. To help you navigate the content is presented in expanding / collapsing sections.
MailPlus Server – which handles the incoming and outgoing mail. This package may download some additional prerequisite packages. If the MailServer Plus package is not visible in Package Center, your DiskStation Model does not support the app. Don’t confuse it with plain Mail Server. That’s a totally different and legacy product, and is the only option on low end models.
MailServer – which the users will use to access their mailbox. (There are mobile apps too, which I will describe later.)
You need to create a rule that tells the router to accept connections from the internet on public port xx and redirect it to internal (private) port xx on the DiskStation. Here’s an example from Synology’s own router the RT2600ac:
… and these are the ports you will need to forward
When you run MailPlus Server for the first time you will be guided through some steps:
In the next screen enter your domain name and accept the calculated name placed in the Hostname field
>Next you will see a summary which you can check and accept, or go back to amend
Once you press apply the system will start to set up MailPlus, until all four sections show a green check mark. Press Finish.
Now you have to do some limited configuration so that MailServer Plus can communicate with Comodo.
All other sections on the screen above should be left unselected as Comodo will take over these functions.
On the next screen enable various protocols to deliver and receive emails. It’s a good idea to enable full text search. I’m not aware what impact this has on system resources but as we won’t be using virus and spam detection engines, that will free up a lot of resources. If you’re running one of the lower powered devices and you find CPU and RAM running high, try switching off full text search.
To enable the postmaster account without using a licence, go to Mail Delivery > Alias, and set one up on the root account with an external mail box or postmaster@<you domain> and assign it to the users that manage the system.
Your Domain Name host will have provided you with access to a control panel where these settings can be found. Each provider’s pages will look different but do essentially the same thing.
Link to Comodo Page with Gateway Addresses – opens in new tab. You can ignore the references in that page to setting up a Smart Host. In this setup that’s not needed.
6.1 Add the Domain:
The default settings are a reasonable starting point but I have highlighted a few you may wish to select. For example, the default setting for Spam threshold is so low that when you try to save the record you get a warning!
Outgoing mail users
The most obvious way to control outgoing email users would be to enter their names, create passwords and require authentication. But there’s a problem – MailPlus Server authenticates at server level but Comodo at user level.
Fortunately, Comodo has another method – authorising an entire domain – illustrated below. You enter your static IP address as the user name, then your domain name, and leave the password field blank. In conjunction with the MailPlus Server settings (above), this will allow the traffic to flow.
This method has another advantage. With individual addresses on the Gateway you have to remember that for each user you add in MailPlus Server, you have to echo those accounts on the Comodo Server. With a domain account you don’t. But the advantage is only for outgoing mail.
Incoming mail users
For incoming mail, we do need to create user accounts on Comodo. This is so Comodo quarantine messages can be sent to the individuals.
The subject link will take the user to the Comodo gateway where they can:
- Request release and whitelisting of the sender if it’s from a genuine sender
- Request blacklisting of the sender, and delete the quarantined item if it’s not from a genuine sender
However, with this step, the process has become more complex than is really suitable for a home user. The email account that I used to sign up for, and therefore administer the account, is the same as the email to which the example shown above was sent. But that address also has to be listed in the incoming mail users’ list, where it acquires a separate identity. Therefore when I follow the link in the quarantine notice, my persona is that of a user. I can request that the item be blacklisted and deleted, but I then have to login to my other identically named account on the gateway to release it, which is extremely cumbersome. There are two choices:
- Change the setting on what to do with quarantined messages from accept to reject. This would prevent quarantined message notices as there would be nothing to blacklist and delete. But there would be no opportunity to whitelist and release any incorrectly quarantined genuine messages. They would be rejected too.
- Reduce the aggressiveness of the spam trap to reduce the risk of genuine being quarantined but that would result in more spam getting through.
Although this would work, things are starting to get complicated. One of the reasons for using a 3rd Party relay was to simplify email service management. This doesn’t feel simple. “Simple” would be if the Comodo gateway had an option to send periodic quarantine alerts to the postmaster account, but it doesn’t. The fact is, Comodo is an enterprise system where such controls are needed, and we are bending it to the needs of the home user.
MailPlus looks like many web based email clients but Synology have added their own twist. I prefer MailPlus to Gmail. The three column / preview capability is a standard feature rather then the Lab extra, and they have also done a great job in simplifying things like user preferences, focusing on what most users need most often, and leaving out the arcane stuff. There are pages of Gmail settings that many people will not understand. I don’t
The group of commands that appear column three when you select an item in column two is an improvement on the icon hunt you have to do in Gmail although with the space available it’s a shame that obvious operation such as “Mark as unread” are placed beneath a pull down menu:
To quote from the Synology Help:
To log in to MailPlus:
Enter the following information on the login page:
Account and Password: Enter your DSM account login credentials.
If your experience mirrors mine you will become very familiar with the CASG admin console and the following sections:
The Spam threshold and Probable spam threshold fields are a mystery. The help system tells us little more than the two values should be close and the second must be lower than the first. But no guidance is given as to the practical effect of these two settings nor what constitutes good or bad settings. It’s another example of a help system that assumes you know what is meant.
The default values of these fields are 0.45 and 0.1 respectively. At those levels, mail that Gmail allowed to flow routinely with minimal erroneous spam flagging, got routinely caught by CASG. I have therefore been playing around with the settings. For example at 0.45 mail from my Gmail to my domain addresses would get caught and, through trial and error I discovered i had to set it at 0.8 to get the mail to flow from me to me. Even Whitelisting my address made no difference,
The settings permutations of these two fields is > 5,000. I have asked CASG support for their advice on some settings that would be similar to what a user might expect of Gmail – please throw us a crumb!
The next issue is quarantining. I’m fine with the concept. I’m fine with the practice. But so far, despite all profile and domain settings I can find, I have not received a single quarantine alert from CASG. A simple email is all that’s needed. Instead I have to remember to visit the console from time to time to see what needs to be released.
This issue is ongoing with CASG Support and i will update this article with the resolution.
The Audit Log is invaluable as it tracks every incoming message, allows you to see whether it was accepted or not and whether, for example, any qualifiers such as “[Probable Spam]” were added to the Subject. It will also show you any changes that were made to the settings. It’s a godsend when you are fault-finding.
Whitelists and black lists are crucial to mail filtering, particularly blacklists. If an address is on your blacklist it won’t be passed through to you MailPlus Server, regardless of the content. Blacklist entries can be created manually or as an option when rejecting mail that has been quarantined and held at the CSAG gateway. If you accidentally blacklist something you will need to delete the entry from the blacklist manually.
Blacklist entries override the rest of the spam filters but Whitelists do not. If an address is whitelisted but fails the spam filters for other reasons, it will be blocked by the gateway, which is logical. A blacklist entry means “I don’t care how good the filters think the message is, I don’t want anything from this sender,” while the Whitelist entry says “I trust this sender, but please protect me from malicious content in their mails.”
If you use other email services, the simplest way to get them to integrate with MailPlus server, and therefore to be managed in MailPlus Server’s IMAP function, is to set up a rule on the other service to forward incoming mail to your domain email address. This is Gmail’s setting page:
This option will mark the external copy as read, but keep it on the server. Then if you suspect you have some missing mail you can check to see if it arrived and was forwarded (i.e. marked as read). Later, you might decide to delete the original after it has been forwarded so that your external inbox is always empty.
It’s possible your IP has been blacklisted. To check, visit this site.
If your IP is blacklisted you will need to apply for it to be removed, Click the Contact button top right of the Comodo KoruMail Reputation screen. Unfortunately it will take several days for your request to be actioned. But, to quote Comodo support:
However, please note that you do have the possibility to disable Comodo RBL from Incoming > Spam Detection Settings section. The incoming traffic will then be filtered based mostly on the spam score and for the cases that require special attention you can always choose to create custom blacklist rules using the Domain Rules section
One of the downsides of handling spam in an email relay service is that the scrubbing is done before the mail reaches the MailPlus Server and the server’s spam detection is turned off, so the mail is delivered directly to the user’s Inbox just like any other mail. There is no separation of spam mail into the dedicated spam folder.
Fortunately there is a workaround that will mimic most of that functionality. It will deliver the spam mail to the Spam folder. It will let you use MailPlus’s “Not Spam” function that will automatically move the mail to the inbox. What it won’t do is remove the [Probable Spam] tag that Comodo insert in the message’s Subject.
To enable this workaround, write an incoming mail filter that will direct spam items to the Spam Folder. It’s very easy. In MailPlus client (not server) click your user name in the top right corner and select Settings > Filter and follow the screen shots below.
Note there’s a label mismatch in the setup. Selecting the Spam folder will create a rule that refers to the Junk folder. They’re the same thing,with different labels.
With this rule in place mail will now be delivered to the Spam folder where you can delete it, if it is spam or use the MailPlus “Not Spam” control, if it isn’t spam, which will move it to the inbox:
- Marking mail as “not spam” does not teach the Comodo server anything about your mail traffic, because there is no connection back to the Comodo server, and MailServer Plus spam filtering engine is disabled.
- If you want to prevent future emails from the same sender being tagged as spam / placed in your spam folder you have three choices:
- Add them to the whitelist (may not work if their messages are still considered dubious by Comodo.)
- Adjust the spam threshold so the mail does not get tagged.
- Write an exception rule in MailPlus > Settings > Filter > Edit Filter to exclude their email address from being placed in the spam folder. 4. The [Probable Spam] tag that was added to the subject by Comodo will not be removed by the MailPlus client “not spam” function.
I hope you found this guide useful. I try to update it when I discover more about the products involved. If you have any comments or better solutions, I’d love to hear from you. You can use the Comments area below or the Contact link in the top menu.