Table of contents

Server, instructions for use

Last update: 2017-11-02

Your mail

News

On 2013-03-09 our web and mail was moved to a new, more modern server, running on Debian Linux. Its IP address is: 62.75.230.182.

Attention: For technical reasons some mail users apparently got their passwords reset. If you get a password error when trying to read or send mail, please send me an email from another mail account or send a WhatsApp or an SMS text message to +491793217777 and ask me to issue a new password, which I will do as quickly as possible.

Change your password

General

For the mail server you can have two passwords:

  1. The mail administration password
  2. The mail server password

It is a good idea to use the same password for both, since they are both used on the same system.

Note: If you change your mail administration password, your mail server password will automatically be changed as well, to the same password. The reverse is not true, however. You can change the mail server password in webmail, but leave the mail administration password unchanged. This is not recommended, because then you would have to keep track of two different passwords.

You should change your mail administration password as soon as possible after you have received it.

Your mail passwords have nothing to do with any web site password (Content Management System), which you may use to log on to a web site. Mail and web server are independent of each other in this respect. The mail passwords are only used to access the mail server, in the account setup of your local mail client program, for logging on to the webmail page, and possibly to administer your mail setup. You can, however, use the same password for mail and for the web site to make it easier to remember and to prevent mistaking one for the other.

Determine a safe password. At the very least it should be 8 characters long, containing letters and at least one digit. It should also contain at least one special character or be much longer. It should not be in any dictionary. It should not be anything that anybody could guess from your environment. It should not contain your username. It should not be repetitive or consist of any sequence that is easy to guess, like a sequence of neighboring keys on the keyboard.

A safe password is important, because a hijacked email account would be very troublesome for all of us (server getting blacklisted, etc.).

Mail administration password

On the mail administration pages you can set an out-of-office auto-reply or set mail forwarding.

Note: If you change your mail administration password, your mail server password will automatically be changed as well, using the same new password. The reverse is not true, however.

To go into your mail administration:

  1. Click on https://linkcafe.org:8443/ or enter http://linkcafe.org/admin.htm .
  2. You may at first get a certificate error. Click on the option to open the web page anyway. See the instructions below in the chapter Certificate error on how to avoid this error in the future.
  3. Log in with your email username, which is your complete email address, and your current, old mail server password.

    Attention: If your email address ends in @elephanttrust.org, you have to use @winhlp.com instead. Example: If your email address is jack@elephanttrust.org, your username is: jack@winhlp.com

  4. If you cannot log on with your complete email address and your mail server password, then your mail administration account has not been set up yet. In this case please send an email, and we will quickly set up your account.

  5. Click on the tab: My Profile
  6. Enter your new password twice in the respective input fields.
  7. Change other settings, if you like.
  8. Click on the button: [OK]
  9. If you use local email client programs, such as Thunderbird on your computer or K-9 on your smartphone, you now have to enter your new mail server password into each of them as well, because the old one no longer works.

If you later forget your password, an administrator can reset it, and then you have to change it again on the server and in your email client program. We cannot read the password from the server, and we don't want to know your password.

Mail server password

Changing the mail server password separately is not recommended, because then you would have to keep track of two different passwords. The recommendation is to change both passwords at the same time by changing your mail administration password, as described above.

To change the mail server password (not recommended):

  1. Go into webmail: https://webmail.linkcafe.org/
  2. You may at first get a certificate error. Click on the option to open the web page anyway. See the instructions below in the chapter Certificate error on how to avoid this error in the future.
  3. Log on with your email username, which is your complete email address, and your current, old mail server password.

    Attention: If your email address ends in @elephanttrust.org, you have to use @winhlp.com instead. Example: If your email address is jack@elephanttrust.org, your username is: jack@winhlp.com

  4. Click on: My Account, Password.
  5. Fill in the fields.
  6. Click on: Change Password.
  7. If you use local email client programs, such as Thunderbird on your computer or K-9 on your smartphone, you now have to enter your new mail server password into each of them as well, because the old one no longer works.

Note that after this procedure you have two different passwords, your unchanged mail administration password and your now changed mail server password.

Email settings

Should I use IMAP or POP3?

POP3 is a protocol that typically downloads all mail from the server into your computer and deletes it on the server. This is simple, but you can read your mail only on one computer.

IMAP (or IMAP4), in comparison, keeps all emails on the server and on each computer that connects to it. Each computer synchronizes its mails with the server.

You can use IMAP on our server or, if you route your mail through Google Mail, you can use IMAP on Google's server. The latter means two email accounts to set up and maintain, but it has the advantages of more storage space for emails and safer retention.

Our server will keep your mail too, but its storage space is more limited, so you have to remove old mail from time to time, and we cannot guarantee that your mail will always be kept. The server's hard disk could crash one day.

If you need more email storage space than your standard allocation, talk to us. As long as not too many people ask for more, we may be able to grant it.

You can administer your email server account here.

If you are a migrating user who has already had an account on an older mail server, don't change that account. Instead create an additional, new account for the new server. The reason is that you have to collect mail from the old server for a couple of days.

You have to decide between two different ways to use your mail. You have to make a decision between 1. and 2., but you can use both a. and b. interchangingly if you use the IMAP protocol in your local email client program.

You will likely get a certificate error or warning. Please read below for handling this.

  1. Use our server directly.
    1. Use it through an email client program like Outlook Express, Windows Mail, or Mozilla Thunderbird. See below for the settings.
    2. Use webmail on https://webmail.linkcafe.org/.

      You could use http:// in place of https:// to communicate without encryption, but please don't, because it is dangerously insecure.

      To log on, enter your complete email address as username and your mail server password.

      Attention: If your email address ends in @elephanttrust.org, you have to use @winhlp.com instead. Example: If your email address is jack@elephanttrust.org, your username is: jack@winhlp.com

  2. Recommended if you receive more than 20 spam mails per day or if you use Gmail already to collect your mail from other accounts: Use Google Mail (or another suitable email system with a very effective spam filter) to collect your email from the server and filter it. Note that since late 2008 our own server's spam filtering has been improved to such an extent that few users will need this Google Mail option.
    1. Collect your mail from Google Mail with your own email client program. Follow Google Mail's instructions to set it up.
    2. Use Google Mail on your web browser.

    To set up Gmail, please see below.

Connecting your email program directly to our server

Create an account for the new server in your email program. The following settings are needed to collect email directly from our mail server into your local email client program like Outlook Express, Outlook, Mozilla Thunderbird, Eudora, Pegasus, etc. (solution 1.a., the preferred standard solution).

Name of the account: (Arbitrary, you can call it like your email address. It just has to be unique.)
Server type: IMAP (preferred) or POP3
Server, both IMAP/POP3 and SMTP: linkcafe.org
Username: (Your complete email address)

Attention: If your email address ends in @elephanttrust.org, you have to use @winhlp.com instead. Example: If your email address is jack@elephanttrust.org, your username is: jack@winhlp.com

Password: (Your mail server password)

If you have not received your password by email already, ask us. We can also set a new password for you, but we cannot find out yours after you have changed it.

Important: When you have received a new password, change it immediately, as described above.

Special server settings to enable: The SMTP (sending) server requires authentication, namely the same one as the POP3/IMAP (receiving) server.

The server does not use secure password authentication (SPA), but it does use TLS or SSL encryption (highly recommended), so enable SSL for both the receiving POP3 or IMAP and TLS for the sending SMTP server, if you can. It is an important security measure.

Use the following port numbers.

   Encryption
Protocol    None    STARTTLS, TLS
IMAP 143 143
POP3 110 995 or 110?
SMTP 587 587

If your local email client program does not offer TLS, but offers SSL or just encryption, try that. Some programs then make the right choice automatically.

For SMTP port 25 often does not work if you try to connect from any dial-in port, such as a DSL, modem, or mobile phone connection. Use port 587.

If you have enabled TLS or SSL (which you should), the first time you use the server you will get a certificate warning, which you can ignore. Select to use the server anyway. The certificate for mail is the same as that for the web server. Verify that it has one of the following:

Fingerprint SHA1: 1458EC93 8FCA1ABF 1AC122B5 CD7C9809 D081EB45

Fingerprint MD5: F8EF64AD 69573CDB 6D50BB90 7E283F38

Please scroll down and read the chapter "Certificate warning" to avoid this repeated warning.

This encryption is essential, for example, when you use your laptop on a wireless LAN (WiFi), because without it everybody else who can connect to that WLAN can record all your data traffic, even your mail password.

If you have the bad luck to use an email client that does not accept the certificate under any circumstance, you may have to use an unencrypted connection, i.e. disable TLS/SSL. The Apple iPhone may have one of these.

The IMAP root folder path, sometimes called the IMAP Path Prefix, is: INBOX

If you use our server's webmail, Horde, please note that that always creates and uses a folder named sent-mail (exactly like that, with a hyphen) to store its sent mail. Therefore it is a good idea to tell all other programs to use that name for sent mail as well. Otherwise you would end up with at least two different folders for sent mail. Alternatively you could rename that folder in webmail to "Sent", which is the most widespread standard name. Be sure to check the webmail setup, so it uses that folder for sent mail.

For example, in Outlook Express you can enable the setting to shift messages automatically into special folders. You should use the folder names sent-mail and Drafts, the latter being the default drafts folder of Horde webmail. The name Drafts is also configurable in Horde.

Push mail: Our server has a special capability, it can push mail to your IMAP mail program, so you do not have to regularly collect mail and can instead get your mail immediately when it arrives.

The technical terminus for this protocol is ENHANCED IDLE. You may have to enable this function in your mail program. For example, in Thunderbird click on: Tools, Account Settings, select your IMAP account, click on: Server Settings, [Advanced…], check: Use IDLE command if the server supports it.

After closing the "Advanced" dialog box, check and set: Check for new messages every 29 minutes. The number 29 is important. It must be less than 30, but should be the nearest below 30. For example, if, in another program, you only have the choices 10, 20, and 30, you have to choose 20, the largest choice below 30.
Administration: https://linkcafe.org:8443/ (You will at first get a certificate error. Click on the option to proceed anyway. Please read the chapter Certificate error below to learn how you can prevent it.)

You can also go to http://linkcafe.org/admin.htm, which forwards to that same address and shows you the same web page. Its purpose is only that you can type the easier-to-remember address: linkcafe.org/admin.htm

Webmail: Use https://webmail.linkcafe.org/. (You will at first get a certificate error. Click on the option to proceed anyway. Please read the chapter Certificate error below to learn how you can prevent it.)

Log on with your mail username and password.

Attention: If your email address ends in @elephanttrust.org, you have to use @winhlp.com instead. Example: If your email address is jack@elephanttrust.org, your username is: jack@winhlp.com

Cheat sheet: http://linkcafe.org/mail.htm (in short: linkcafe.org/mail.htm)

If you use IMAP, some special IMAP settings have to be set like the following example from a German Outlook Express. The root folder name for our server is INBOX. (For Google Mail it is [Gmail], including the brackets.) The folder for sent mail has to be named sent-mail, because that's what webmail automatically generates, and you want to have this compatible with webmail. You can change it to Sent in webmail and here, if you like. The name for the drafts folder is arbitrary, but again you should set the same name in webmail to keep the systems in synch.

OE IMAP settings
Special IMAP settings for our server
(See different settings for Google Mail below.)

Create an additional folder named Trash for throw-away items, because this folder already exists in webmail.

After creating this account, you may have to select and synchronize it with the server once to make all folders appear in the correct positions.

Make the new account the default account, so you use it to send mail and no longer the old one.

You can delete the old account a few days after the new server is up and running and receiving mail.

Collecting your mail through Google Mail

  1. Open https://mail.google.com/ on a computer.
  2. Click on the sprocket in the top right.
  3. Click on: Settings
  4. Click on the blue heading near the top: Accounts and Import
  5. In Accounts and Import, Check mail from other accounts (using POP3), click on: Add a POP3 mail account you own
  6. Enter your email address, for example: jack@elephanttrust.org
  7. Click on the button: Next step »
  8. Fill in the form. Enter your username, which is your complete email address. (elephanttrust.org users have to substitute winhlp.com): jack@winhlp.com
  9. Enter your email password on the linkcafe.org server (not your Gmail password). Note: If you make any mistake or go back to change your settings, you probably have to re-enter your email password, because the form may not keep it.
  10. Enter the name of the POP3 server: linkcafe.org
  11. Make sure the port is set to: 110
  12. All the four checkboxes should be unchecked, particularly: Leave a copy of retrieved message on the server. Always use a secure connection (SSL) when retrieving mail. Archive incoming messages (Skip the Inbox). Only the checkbox "Label incoming messages:" may be checked, if you want your incoming messages to be labelled. This allows you to see quickly from which account each of your emails came.
  13. Click on the button: Add Account »
  14. Make your choice, whether you want to use your email address as a sender address on Gmail. You probably want this, otherwise all your mails would always be sent from your @gmail.com address.
  15. Click on the button: Next Step »
  16. If you chose to be able to use your email address as a sender address on Gmail, you can now give additional information. Enter your real name. You may want to uncheck the "Treat as an alias" setting.
  17. Click on the button: Next Step »
  18. Leave the choice "Send through Gmail (easier to set up)" selected. Our servers and DNS are configured to allow this, and it is easier.
  19. Click on the button: Next Step »
  20. Click on the button: Send Verification
  21. Now you have to receive one last email on the linkcafe.org server. If you have not set up any mail program for that, the easiest way is to open https://webmail.linkcafe.org/, elect to ignore the certification error message, and log on with your email address and email password.
  22. Wait for the confirmation email to arrive, which usually takes no longer than two minutes.
  23. In the confirmation email click on the confirmation link, the topmost long one.
  24. Mail collection should have begun already. You can now close all unwanted browser windows and go back to your Gmail inbox, where you will find all your incoming email to your non-Gmail account.

If you have chosen to be able to use your email address as a sender address on Google Mail, you can now select this address alternatively to your Gmail address when you send a new mail in Gmail.

Settings for K-9 (Android)

General

K-9 is a fine email client for Android devices, but its settings are overdone and overwhelming. Follow this advice to get it to work.

The settings described below should work, but some of them can be changed to your liking. Also this description does not prescribe all settings, but only those that are functionally essential. Other settings, like the color of the account, are not described. You can change those to your liking as well, or you can leave them at their defaults.

Mail-server-related settings

In K-9 you have to create an account, then press the Menu button and tap "More".

Tap: Fetching mail

Enter the following settings, most of which are set fairly high and can be tuned to your requirements.

Local folder size: 100 messages
Sync messages from: any time (no limit)
Fetch messages up to: 256Kb
Folder poll frequency: never
This is the correct setting, because we use a push protocol.
Poll folders: All
Push folders: All
Sync server deletions: (checked)
When I delete a message: Delete from server
Expunge deleted messages: Immediately
Download headers: (checked)

Tap: Incoming server

Username: (your complete mail address—if it ends in @elephanttrust.org, replace this with @winhlp.com)
Password: (your mail password)
IMAP server: linkcafe.org
Security type: SSL (always)
Authentication type: PLAIN
Port: 993
IMAP path prefix: INBOX

Check all four checkboxes.

Next => …

The program should now test and confirm the incoming IMAP server connection.

Tap: Advanced

Poll when connecting for push: (checked)
Max folders to check with push: 10 folders
Refresh IDLE connection: Every 24 minutes
This setting is important. It must be less than 30 minutes, but otherwise as high as possible. Here the optimal setting is 24 minutes.

Press the Back button.

Tap: Sending mail

Tap: Composition defaults

Enter your name and your email address in the appropriate fields.

Press the Back button.

Skip "Manage identities", unless you want to set up multiple identities.

Message format: Plain Text (images and formatting will be removed)

Leave the next settings at their defaults.

Scroll down to and tap: Outgoing server

SMTP server: linkcafe.org
Security type: TLS (always)
Port: 587
Require sign-in: [checked]
Authentication type: PLAIN
Username: (your complete mail address—if it ends in @elephanttrust.org, replace this with @winhlp.com)
Password: (your mail password)

Next => …

The program should now confirm the outgoing SMTP server connection.

Other account settings

Locate the account settings. Open K-9 and, if necessary, press the back button to see the the mailboxes, like Inbox and Outbox.

Tap: Menu button.

Tap: More

Tap: Settings

Tap: Account settings

Tap: General settings

If you don't like the automatically assigned account name, probably your mail address, you can change it here. It has no function other than to show and let you select this account, which plays a role if you have more than one account.

Make sure that "Default account" is checked, if this is the account from which you usually want to send your mails.

Press the Back button to get back to "Account settings".

Tap: Folders

Check the folders. They have to coincide with the folders you see when you open your mail account through webmail on a computer. The following are the settings of your administrator. They should be identical or similar to yours. For example, the following list indicates that there is no special "Spam" folder. Instead, spam is moved to the "Trash" folder.

Auto-expand folder: INBOX

Folders to display: All

Move/copy destination folders: All

Folders to search: All

Archive folder: -NONE-

Drafts folder: Drafts

Sent folder: Sent

Spam folder: Trash

Trash folder: Trash

Press the Back button to get back to "Account settings".

Tap: Storage

Storage location: External storage (SD card)

Unless your phone has a fairly big internal storage or you want to keep only very few mails in storage, it is better to put the mails on the external storage, i.e. the SD card. This also means that you cannot use your mail program while you have enabled USB mass storage access to your SD card.

Press the Back button to get back to "Account settings".

Tap: Notifications

Set the notification settings to your liking. A recommendation is to activate "New mail notifications", not to activate "Include outgoing mail", activate "Blink LED" and choose a "Notification LED color" that you can associate with incoming mail. Also enable "Notification opens unread messages" and "Show unread count".

Leave the settings by pressing the Back button repeatedly.

Troubleshooting

If you cannot collect or send mail, recheck the following:

  1. Check whether you actually have an Internet connection.
  2. Check all settings above, particularly the server name: linkcafe.org
  3. Make sure that SPA (Secure Password Authentication) is not enabled, and neither any other secure password authentication method. We rely entirely on SSL to secure the entire data exchange, including the password.
  4. You can try to disable TLS/SSL (Secure Socket Layer) for testing, but when everything works, you should re-enable it.
  5. Make sure you have the right ports for the IMAP/POP3 and SMTP servers. Note that IMAP and POP3 use different ports with and without SSL. Check the settings above for the proper port numbers.
  6. Make sure you have set username and password authentication not only for the receiving IMAP or POP3 part of the server, but equally for the sending SMTP part of the server.

Certificate error

Background

The administrator pages of our new web server at https://linkcafe.org:8443/ (also reachable through a forwarding page at http://linkcafe.org/admin.htm, in short, linkcafe.org/admin.htm) use the SSL encryption protocol, recognizable by the https:// prefix in the address (URL), unlike the more common http:// prefix. This is useful and makes it much more difficult to eavesdrop electronically on the data exchange.

The same holds for all mail connections, if you chose to activate TLS and SSL, which you should.

The encryption key is customarily coupled to a certificate that is meant to certify the identity of the buyer of the certificate, which costs some money. Since we currently don't need this and need only the encryption key, we don't pay, but instead make our own, self-signed certificate. Consequently your browser issues a certificate error, telling you that this certificate does not come from a commonly known certificate authority (CA) and is therefore not good enough to identify our server.

When this happens, you can choose to ignore the error and open the web page anyway, but the next time you start your browser and go to the administrator page, you will get the error message again. To avoid this, you essentially have to tell your browser that you trust this certificate, which, for Microsoft's Internet Explorer, means putting it into your certificate store.

This is the procedure for Internet Explorer:

  1. In Internet Explorer open: https://linkcafe.org:8443/
  2. Click on the choice to open the web site in spite of the error.
  3. Click on the red signal at the very top center: "Certificate error"

    The browser tells you: Certificate is invalid

  4. Click on: Show certificates
  5. Inspect the certificate. It should be from: linkcafe.org
  6. Verify that the certificate has one of the following:

    Fingerprint SHA1: 1458EC93 8FCA1ABF 1AC122B5 CD7C9809 D081EB45

    Fingerprint MD5: F8EF64AD 69573CDB 6D50BB90 7E283F38

    Click on the button: [Install certificate]
  7. Accept the default certificate store choice and click on the button: [Next >]
  8. Finalize the procedure by clicking on the respective button.
  9. Close your browser.

Other browsers probably do this similarly. Firefox, for example, asks you directly, so after inspecting the certificate and checking a fingerprint, elect to always accept it.

Web site certificates are coupled to the domain. You could call the administrator pages up through any domain hosted on the server. For example, instead of https://linkcafe.org:8443/ you could call them up with any other domain on our server. However, only the linkcafe.org domain without the www prefix has the certificate, so on all other domains, including the webmail addresses, you get a certificate address error, even though the certificate is valid.

Spam defense

General

Our mail server uses several methods to make life difficult for spammers and other problematic agents in today's mail systems. Some of them make it possible for other, receiving mail servers to recognize that our mails are genuine and really coming from us. Another one is used to reject spam.

All of the methods use the DNS (Domain Name System) to provide the needed information. We run our own DNS server on our physical server, plus slave DNS servers in different locations on our planet that automatically mirror our main DNS server.

SPF

SPF (Sender Policy Framework) is a simple, DNS-based method to check whether an email comes from the right mail server or from a wrong one. For example, we allow our outgoing mail, including yours, only to come from our server, currently bearing the IP address mentioned at the top.

Our SPF rules prescribe that mail from any of our domains that comes from any other mail server should be rejected by all mail servers that obey SPF rules, i.e. by all good, modern mail servers.

There is one exception: We also allow our mail to come from any of Google's mail servers, because Gmail has the ability to send mail ostensibly from another mail address, which some of our users make use of. Since Google makes reasonably sure that this ability is not abused, we can allow that.

DomainKeys

All our outgoing mails are automatically signed by our server with DomainKeys that prove that our mails actually come from the domain they say they come from. This makes it impossible for spammers and other criminals to impersonate us without being detectable.

Our public DomainKeys policy prescribes that unsigned mails from any of our domains should be rejected, and all good, modern mail servers will obey this rule.

By the way, if you use Google Mail to send mail from one of our domains, it will also be signed properly by Google's mail server. Google makes sure that other people cannot pervert this, so only the rightful owner of one of our mail addresses can use Google Mail to send properly from this mail address.

Blacklists

We check every incoming mail against a number of reliable, public DNS blacklists, such as zen.spamhaus.org. More precisely, when another mail server attempts to deliver mail to our server, its IP address is instantly checked against all blacklists we use. If it falls foul of one, mail delivery is immediately rejected, and the sending server, if it is a proper mail server, will deliver a "bounce" mail back to the original sender, informing him of the precise reason for the rejection.

This method has proven to be highly effective. It appears to catch about 97% of all incoming spam. False positives (good mail falsely classified as spam and rejected) are exceedingly rare, though of course not 100.00% avoidable.

We adjust the blacklists from time to time to adapt them to changing conditions.


Your friendly server administrators Klaus and Hans-Georg

@

hits since 2008-04-22
Free PHP scripts by PHPJunkYard.com/a>