Configuration Overview¶

Mailborder V6 provides comprehensive configuration options to tailor email security to your organization's needs. This page provides an overview of configuration areas and how they work together.

Configuration Methods¶

Mailborder can be configured through multiple interfaces:

Web Interface (Recommended)¶

The primary configuration method for most administrators.

Advantages: - User-friendly graphical interface - Input validation and error checking - Context-sensitive help - No command-line knowledge required - Real-time configuration testing

Access: Navigate to System Settings in the web interface.

Command-Line Interface¶

For automation, scripting, and advanced administration.

Advantages: - Scriptable and automatable - Batch configuration changes - Remote administration via SSH - Integration with configuration management tools

Commands:

mb-config set <key> <value>   # Set configuration value
mb-config get <key>            # Get configuration value
mb-config show                 # Show all configuration
mb-config reload               # Reload configuration

Configuration Files¶

Direct editing of configuration files (advanced users only).

Locations: - System config: /etc/mailborder/engine.cf - Service configs: /etc/mailborder/services/ - Policy configs: /etc/mailborder/policy/

Configuration File Editing

Direct editing of configuration files can break Mailborder if done incorrectly. Use the web interface or CLI commands whenever possible. If you must edit files directly, backup first and validate syntax before restarting services.

API¶

Programmatic configuration for integration with external systems.

Use Cases: - Automated provisioning - Integration with existing management systems - Multi-tenant deployments - Custom control panels

See API Integration for details.

Configuration Areas¶

Mailborder configuration is organized into these major areas:

1. System Configuration¶

Core system settings that affect overall operation.

Key Settings: - System name and identification - Hostname and network settings - Administrator email and alerts - Timezone and locale - Logging levels and retention

See System Configuration

2. Email Processing Settings¶

How Mailborder handles email flow.

Key Settings: - Relay host (where to deliver clean email) - Accepted domains - Trusted networks - Email size limits - Queue management - Retry policies

See Email Processing Settings

3. Spam Filter Configuration¶

Settings for spam detection engines and thresholds.

Key Settings: - Spam score thresholds (pass, quarantine, reject) - Enabled scanning engines (Rspamd, SpamAssassin, RBLs) - Content filtering rules - Header analysis - Greylisting

See Spam Filter Configuration

4. Antivirus Configuration¶

Virus and malware scanning settings.

Key Settings: - ClamAV configuration - Scan options (archives, Office documents) - Blocked file types - Virus actions (quarantine, reject, delete) - Signature update frequency

See Antivirus Configuration

5. Authentication Methods¶

How administrators and users authenticate.

Key Settings: - Password policies - Two-factor authentication (TOTP) - Passkey/WebAuthn - LDAP/Active Directory integration - SSO configuration

See Authentication Methods

6. Network Settings¶

Network-level configuration and security.

Key Settings: - Listening interfaces and ports - TLS/SSL settings - Firewall integration - Rate limiting - Connection limits

See Network Settings

7. SSL/TLS Certificates¶

Secure communication configuration.

Key Settings: - SSL certificate installation - Certificate types (self-signed, commercial, Let's Encrypt) - TLS versions and ciphers - Certificate renewal

See SSL/TLS Certificates

8. Backup Configuration¶

Data protection and disaster recovery.

Key Settings: - Backup schedule - Backup retention - Backup storage location - What to backup (config, database, quarantine) - Restore procedures

See Backup Configuration

Configuration Best Practices¶

1. Start Conservative¶

When first deploying:

Use higher spam thresholds (reduce false positives)
Enable quarantine rather than reject
Monitor closely for the first week
Gradually tighten policies based on results

2. Document Changes¶

Maintain a change log:

What was changed
Why it was changed
When it was changed
Who changed it
Expected result

The web interface logs all configuration changes with timestamps and user information.

3. Test Before Deploying¶

For critical changes:

Make change in test/staging environment first
Verify expected behavior
Monitor for unintended consequences
Deploy to production during low-volume period
Monitor closely after deployment

4. Backup Before Major Changes¶

Before significant configuration changes:

# Backup current configuration
sudo mb-backup --config-only

# Make changes

# Restore if needed
sudo mb-restore --config-only --from /path/to/backup

5. Use Version Control¶

For configuration files:

# Initialize git in config directory
cd /etc/mailborder
git init
git add .
git commit -m "Initial configuration"

# After changes
git add -u
git commit -m "Increased spam threshold to 7.0"

6. Validate Configuration¶

After changes, always validate:

# Check configuration syntax
sudo mb-config --verify

# Test configuration without applying
sudo mb-config --test

# Apply and reload
sudo mb-config reload

7. Monitor After Changes¶

Watch for impacts:

Email processing rates
False positive/negative rates
System resource usage
User complaints
Log errors or warnings

Configuration Hierarchy¶

Mailborder applies configuration in this order of precedence:

User-specific settings (if applicable)
Domain-specific settings
Global settings
Default values

This allows you to set global defaults and override for specific domains or users.

Example:

Global spam threshold: 7.0
Domain example.com spam threshold: 5.0 (more strict)
User ceo@example.com spam threshold: 10.0 (less strict)

Email to user@example.com → Uses 5.0 (domain override)
Email to ceo@example.com → Uses 10.0 (user override)
Email to other@other.com → Uses 7.0 (global default)

Configuration Synchronization¶

In clustered deployments, configuration is automatically synchronized:

Master Node: - Configuration changes made here - Automatically pushed to child nodes - Child nodes apply changes within 60 seconds

Child Nodes: - Receive configuration from master - Apply locally - Read-only (changes must be made on master)

Verification:

# On master
sudo mb-cluster config-push

# On child
sudo mb-cluster config-status

Configuration Security¶

Access Control¶

Configuration changes require:

Administrator account
Proper permissions (role-based)
Active session (not expired)
CSRF token (web interface)

Audit Logging¶

All configuration changes are logged:

# View configuration change log
sudo mb-audit --type config --last 7d

Log includes: - Timestamp - Administrator who made change - What was changed (before/after values) - Source IP address - Success or failure

Sensitive Data¶

Sensitive configuration values are encrypted at rest:

Database passwords
API keys
LDAP bind passwords
SSL private keys

Configuration Export/Import¶

Export Configuration¶

Backup or transfer configuration:

# Export all configuration
sudo mb-config export > mailborder-config.yaml

# Export specific section
sudo mb-config export --section spam > spam-config.yaml

# Export as JSON
sudo mb-config export --format json > config.json

Import Configuration¶

Apply saved configuration:

# Import and merge with existing
sudo mb-config import mailborder-config.yaml

# Import and replace existing (dangerous!)
sudo mb-config import --replace mailborder-config.yaml

# Import with dry-run (show what would change)
sudo mb-config import --dry-run mailborder-config.yaml

Common Configuration Scenarios¶

Scenario 1: Increase Spam Aggressiveness¶

Goal: Block more spam, acceptable to have some false positives.

Changes: - Decrease spam threshold: Pass < 5.0, Quarantine 5.0-12.0, Reject > 12.0 - Enable greylisting - Enable additional RBLs - Enable content filtering for common spam keywords

Scenario 2: Reduce False Positives¶

Goal: Ensure no legitimate email is blocked, even if some spam gets through.

Changes: - Increase spam threshold: Pass < 8.0, Quarantine 8.0-25.0, Reject > 25.0 - Disable aggressive RBLs - Whitelist frequent legitimate senders - Tag spam instead of quarantining

Scenario 3: Department-Specific Policies¶

Goal: Different spam policies for different departments.

Changes: - Create domain or user-specific overrides - Example: sales@ gets less filtering, finance@ gets more - Use policy rules to apply different thresholds

Scenario 4: Compliance Mode¶

Goal: Log everything, archive all email, strict policies.

Changes: - Enable maximum logging - Enable email archiving - Strict sender authentication (SPF/DKIM/DMARC) - Block based on GeoIP (only accept from specific countries) - Require TLS for all connections

Configuration Templates¶

Mailborder includes configuration templates for common scenarios:

Available Templates: - basic: Minimal configuration, good starting point - standard: Recommended settings for most organizations - strict: High security, more false positives acceptable - permissive: Low false positives, some spam may get through - compliance: For regulated industries (healthcare, finance)

Apply Template:

# List available templates
sudo mb-config templates

# Apply template
sudo mb-config apply-template standard

# Apply template with customization
sudo mb-config apply-template strict --domain example.com

Troubleshooting Configuration Issues¶

Configuration Not Applied¶

Symptoms: Changes made but not taking effect

Solutions:

# Reload configuration
sudo mb-config reload

# Restart services
sudo systemctl restart mb-*

# Check for syntax errors
sudo mb-config --verify

Configuration Causing Errors¶

Symptoms: Services failing after configuration change

Solutions:

# View service logs
sudo journalctl -u mb-rpcd -n 50

# Restore previous configuration
sudo mb-config restore

# Reset to defaults
sudo mb-config reset --confirm

Can't Access Web Interface¶

Symptoms: Locked out after changing authentication settings

Solutions:

# Reset admin password
sudo mb-admin-reset --email admin@example.com

# Disable 2FA temporarily
sudo mb-config set auth.require_2fa false

# Reset network settings
sudo mb-config reset --section network

Next Steps¶

Explore specific configuration areas:

System Configuration - Core system settings
Email Processing Settings - Email flow configuration
Spam Filter Configuration - Spam detection tuning
Antivirus Configuration - Virus scanning settings
Authentication Methods - Login and access control
Network Settings - Network and connectivity
SSL/TLS Certificates - Secure communications
Backup Configuration - Data protection