Email Processing Settings¶
Configure how Mailborder handles email flow, delivery, and queue management.
Accessing Email Processing Settings¶
Navigate to System Settings → Email Processing in the web interface.
Or via command line:
Relay Host Configuration¶
The relay host is where Mailborder delivers clean email (your internal mail server).
Relay Host¶
Setting: Hostname or IP address of your mail server
Examples: - mail.example.com (recommended - uses DNS) - 192.168.1.10 (IP address) - [mail.example.com] (force no MX lookup)
Via Web Interface: System Settings → Email Processing → Relay Host
Via Command Line:
Relay Port¶
Setting: SMTP port on relay host
Common Values: - 25 - Standard SMTP (most common) - 587 - Submission port - 465 - SMTPS (deprecated but some servers use it) - Custom port if your server uses non-standard
Default: 25
Relay Authentication¶
If your mail server requires authentication:
Enable Authentication:
sudo mb-config set relay.auth.enabled true
sudo mb-config set relay.auth.username mailborder
sudo mb-config set relay.auth.password 'SecurePassword123!'
Via Web Interface: System Settings → Email Processing → Relay Authentication - Check "Require Authentication" - Enter username - Enter password
Security Note: Password stored encrypted in database.
Relay TLS/SSL¶
Encrypt connection to relay host.
Options: - None - No encryption (only for trusted internal networks) - STARTTLS - Opportunistic encryption (recommended) - TLS - Force TLS connection - SSL - Deprecated, avoid
Command Line:
Certificate Verification:
# Verify relay host certificate (recommended for production)
sudo mb-config set relay.tls.verify true
# Skip verification (for self-signed certs in testing)
sudo mb-config set relay.tls.verify false
Test Relay Connection¶
After configuring relay host:
Via Web Interface: System Settings → Email Processing → Test Connection
Via Command Line:
Expected output:
Testing relay connection...
[OK] DNS resolution: mail.example.com → 192.168.1.10
[OK] TCP connection to 192.168.1.10:25
[OK] SMTP greeting received
[OK] EHLO accepted
[OK] TLS negotiation successful
[OK] Authentication successful
[OK] Test message accepted
Relay host is properly configured!
Accepted Domains¶
Configure which domains Mailborder accepts email for.
Domain Types¶
Local Domain - Email delivered to relay host - Most common type - Example: example.com, company.net
Relay Domain - Email forwarded without modification - Used for routing to different servers - Example: Hosted service domains
Virtual Alias Domain - Domain aliases (alternate domain names) - All email forwarded to another domain - Example: company.com → company.net
Add Domain¶
Via Web Interface: 1. Navigate to System Settings → Domains 2. Click "Add Domain" 3. Enter domain name: example.com 4. Select type: Local 5. Click Save
Via Command Line:
# Add local domain
sudo mb-domain add example.com --type local
# Add relay domain
sudo mb-domain add partner.com --type relay --destination mail.partner.com
# Add virtual alias
sudo mb-domain add company.co --type virtual --destination company.com
List Domains¶
Output:
Domain Type Status Mailboxes
example.com local active 150
example.net local active 45
oldname.com virtual active → example.com
partner.com relay active → mail.partner.com
Remove Domain¶
Reject Unknown Domains¶
Reject email for domains not in your list.
Recommended: Enabled (prevents open relay)
When disabled, Mailborder accepts email for any domain (relay server mode).
Accepted Recipients¶
Control which email addresses are accepted.
Recipient Validation¶
LDAP/AD Integration - Query Active Directory or LDAP for valid recipients - Reject email for non-existent users at SMTP level - Saves bandwidth and processing
Configure LDAP validation:
sudo mb-config set recipients.ldap.enabled true
sudo mb-config set recipients.ldap.server ldap.example.com
sudo mb-config set recipients.ldap.base_dn "dc=example,dc=com"
sudo mb-config set recipients.ldap.filter "(mail=%s)"
Database Validation - Maintain list of valid recipients in Mailborder database - Manual or API management - Good for smaller deployments
Relay Host Validation - Forward RCPT TO to relay host - Accept if relay accepts - Slower (adds latency) but always accurate
Recipient Whitelist¶
Always accept email for specific addresses regardless of validation:
sudo mb-recipient-whitelist add admin@example.com
sudo mb-recipient-whitelist add support@example.com
Recipient Blacklist¶
Always reject email for specific addresses:
sudo mb-recipient-blacklist add spam-trap@example.com
sudo mb-recipient-blacklist add old-employee@example.com
Trusted Networks¶
IP addresses or networks that skip certain checks.
Add Trusted Network¶
Via Web Interface: System Settings → Email Processing → Trusted Networks
Via Command Line:
# Single IP
sudo mb-trusted-network add 192.168.1.50
# CIDR range
sudo mb-trusted-network add 192.168.1.0/24
# Entire private network
sudo mb-trusted-network add 10.0.0.0/8
Trusted Network Benefits¶
Email from trusted networks: - Skip greylisting - Skip some RBL checks - Reduced spam scoring - Faster processing
Use Cases: - Your internal mail servers - Branch office networks - Partner organizations - Internal applications sending email
Trusted Network Limitations¶
Trusted networks are NOT: - Immune to virus scanning (still scanned) - Immune to content filtering - Immune to recipient validation
Important: Only trust networks you control. Trusting external IPs weakens security.
Email Size Limits¶
Maximum Message Size¶
Total size including headers, body, attachments.
Default: 50 MB (52428800 bytes)
# Set to 25 MB
sudo mb-config set email.max_message_size 26214400
# Set to 100 MB
sudo mb-config set email.max_message_size 104857600
Recommended Values: - Small business: 10-25 MB - Standard: 25-50 MB - Large files: 50-100 MB - Enterprise: 100 MB+
Considerations: - Larger = more memory per scan - Larger = slower scanning - Larger = more storage - Must be ≤ relay host limit
Maximum Attachment Size¶
Per-attachment limit.
Default: 25 MB
Can be smaller than max message size (multiple small attachments allowed).
Size Limit Actions¶
When limit exceeded:
- Reject (recommended)
- Return 552 error at SMTP level
- Sender receives bounce
- No storage used
- Quarantine
- Accept but hold for review
- Admin can release if legitimate
- Uses storage
- Strip Attachments
- Deliver email, remove attachments
- Notify recipient of removal
- Rare use case
Queue Management¶
Queue Locations¶
Mailborder uses multiple queues:
/var/spool/mailborder/
├── incoming/ # New messages
├── active/ # Currently processing
├── deferred/ # Temporary failures (retry queue)
├── hold/ # Admin hold
└── corrupt/ # Damaged messages
Queue Limits¶
Maximum Queue Size
Total messages allowed in queue.
Default: 10,000
When limit reached: - Postfix returns 421 (try again later) - Sender's server retries automatically - Prevents memory exhaustion
Recommended Values: - Small: 5,000 - Medium: 10,000 - Large: 25,000 - Enterprise: 50,000+
Minimum Free Messages
Reserve queue space for priority email.
Default: 1,000 (10% of max)
Priority email (from trusted networks) can use reserved space.
Queue Retention¶
Maximum Queue Age
How long messages stay in queue before giving up.
Default: 5 days (432000 seconds)
# 5 days
sudo mb-config set queue.max_age 432000
# 24 hours (aggressive)
sudo mb-config set queue.max_age 86400
# 7 days (patient)
sudo mb-config set queue.max_age 604800
After max age: - Bounce sent to sender - Message removed from queue - Logged as expired
Retry Schedule¶
For deferred messages (temporary failures).
Default Schedule: - 1st retry: 5 minutes - 2nd retry: 15 minutes - 3rd retry: 1 hour - 4th retry: 4 hours - 5th retry: 12 hours - After 5 days: Give up
Customize:
Queue Management Commands¶
View queue:
Count messages:
Flush queue (retry all deferred):
Delete specific message:
Delete all deferred:
Hold message (prevent delivery):
Release held message:
Connection Limits¶
Concurrent Connections¶
SMTP Inbound
Maximum simultaneous connections from Internet.
Default: 100
Per Source IP
Maximum connections from single IP.
Default: 10
Prevents single source from monopolizing resources.
Connection Rate
Maximum new connections per second.
Default: 20
Processing Concurrency¶
Concurrent Scans
Parallel email scanning processes.
Default: Auto (2× CPU cores)
More concurrent = higher throughput but more resource usage.
Timeout Settings¶
SMTP Timeouts
# How long to wait for client data
sudo mb-config set smtp.timeout.data 300
# How long for client connection
sudo mb-config set smtp.timeout.connect 60
# How long for HELO/EHLO
sudo mb-config set smtp.timeout.helo 60
Scanning Timeout
Maximum time for email scan.
Default: 300 seconds (5 minutes)
If exceeded, email is deferred (retry later).
Bounce Settings¶
Bounce Address¶
Return address for bounces.
Default: MAILER-DAEMON@yourhostname
Bounce Notification¶
Notify Sender
Send bounce notification to sender.
Default: Enabled
Notify Postmaster
Copy bounces to postmaster.
Default: Disabled
sudo mb-config set bounce.notify_postmaster false
sudo mb-config set bounce.postmaster_address "postmaster@example.com"
Email Headers¶
Header Modifications¶
Add Headers
Mailborder adds these headers by default:
X-Mailborder-Server: mailborder.example.com
X-Mailborder-Version: 6.0.0
X-Spam-Score: 2.5
X-Spam-Status: No, score=2.5
X-Virus-Scanned: ClamAV
Customize Header Prefix:
Add Custom Headers:
Remove Headers:
Strip headers before delivery:
# Remove all X-Originating-IP headers
sudo mb-header remove "X-Originating-IP"
# Remove Received headers (privacy - careful!)
sudo mb-header remove "Received"
Header Privacy¶
Hide Internal IPs
Remove internal IP addresses from headers.
Replaces internal IPs with [HIDDEN].
Hide Received Headers
Remove Received headers showing internal mail flow.
Warning: May break SPF/DKIM. Only use if required for privacy.
Advanced Settings¶
Null Sender¶
Accept email with null sender (MAIL FROM:<>).
Used for bounces and notifications.
Default: Enabled
Address Extensions¶
Support "plus addressing" (user+tag@example.com).
Default: Enabled
Examples: - john+shopping@example.com - support+ticket123@example.com
All delivered to base address (john@example.com).
Case Sensitivity¶
Email addresses are case-insensitive per RFC.
Default: Lowercase all addresses
VERBS SMTP Command¶
Allow SMTP VRFY (verify user exists).
Default: Disabled (security - information disclosure)
ETRN SMTP Command¶
Allow SMTP ETRN (trigger queue flush for domain).
Default: Disabled
Configuration Examples¶
Example 1: Small Office¶
# Single internal mail server
sudo mb-config set relay.host mail.office.local
sudo mb-config set relay.port 25
sudo mb-config set relay.auth.enabled false
# Accept one domain
sudo mb-domain add company.com --type local
# Trust internal network
sudo mb-trusted-network add 192.168.1.0/24
# Conservative limits
sudo mb-config set email.max_message_size 26214400 # 25 MB
sudo mb-config set queue.max_size 5000
Example 2: Office 365 Backend¶
# Office 365 as relay
sudo mb-config set relay.host company-com.mail.protection.outlook.com
sudo mb-config set relay.port 25
sudo mb-config set relay.tls starttls
sudo mb-config set relay.tls.verify true
# Multiple domains
sudo mb-domain add company.com --type local
sudo mb-domain add company.net --type local
# No authentication needed (IP-based)
sudo mb-config set relay.auth.enabled false
# Standard limits
sudo mb-config set email.max_message_size 52428800 # 50 MB
Example 3: Multi-Server Environment¶
# Load-balanced relay hosts
sudo mb-config set relay.host mail-lb.company.com
sudo mb-config set relay.port 25
# High volume settings
sudo mb-config set queue.max_size 50000
sudo mb-config set processing.concurrent_scans 32
sudo mb-config set smtp.max_connections 500
# Multiple trusted networks
sudo mb-trusted-network add 10.0.0.0/8
sudo mb-trusted-network add 172.16.0.0/12
Applying Changes¶
After configuration changes:
# Reload configuration
sudo systemctl reload mb-virtuoso postfix
# Verify configuration
sudo mb-config --verify
# Test relay connection
sudo mb-test-relay
# Monitor logs
sudo tail -f /var/log/mailborder/virtuoso.log
Troubleshooting¶
Email Not Relaying¶
Check relay configuration:
Test connectivity:
Check logs:
Queue Growing¶
Check queue size:
Check deferred reasons:
Common causes: - Relay host down or slow - Authentication failure - Network issues - Relay host rejecting
Flush queue:
Rejected Recipients¶
Check domain acceptance:
Test recipient validation:
Check logs:
Next Steps¶
- Spam Filter Configuration - Tune spam detection
- Antivirus Configuration - Configure virus scanning
- Network Settings - Network and firewall configuration
- Email Flow Overview - Understand processing pipeline