Email

Your Opalstack email service comes with the following features:

  • Secure regional access via IMAP, POP3, and SMTP protocols. Available regions are the United States and Germany, and both regions are available to all customers.
  • Secure regional access via webmail.
  • Sendmail enabled for your web applications.
  • Powerful server-side email filters via procmail.
  • Auto-responders
  • Automatic DKIM signing of outgoing mail for managed domains.
  • Platform-wide TLS encryption
  • Robust spam scanning of both incoming and outgoing mail.
  • Advanced system monitoring to stop spam attacks the moment they start.

Adding Mailboxes

  1. Click on Email in the dashboard sidebar.

  2. Click the green button "Create Mailbox" near the upper-right corner of the content area. A form will appear

  3. In the form Select the location for the new mailbox. The available locations are:

    • United States: imap1.us.opalstack.com
    • Germany: imap1.de.opalstack.com

    Please contact Opalstack Support if location that you need is not available for selection.

  4. Enter the username for the new mailbox in the Username field. Mailbox usernames are limited to 16 characters or less in length. This is the username that you will use for email authentication.

  5. Enter your procmail filter rules into the Procmail Rules field. This is optional. Please see our Filtering Email documentation for more information.

  6. Toggle the auto-responder feature on or off as desired.

  7. Enter the text to be sent from the auto-responder when it is active.

  8. When all of the form inputs are valid a green "Create Mailbox" button will appear in the form. Click the button to save your new mailbox.

  9. The status of the mailbox will update in real time as the mailbox is being created.

  10. When the mailbox is ready you can retrieve the initial mailbox password from your dashboard notice log.

Changing a Mailbox Password

You can change mailbox passwords via the dashboard as follows:

  1. Click on Email in the dashboard sidebar.

  2. Click the password icon (a key) for your mailbox in the right edge of the mailbox list in the lower half of the page. A form will appear.

  3. Enter your new password in the field labeled "New Password".

    Passwords must meet the following requirements:

    • Passwords must be from 10 to 64 characters in length
    • Passwords must contain 1 or more of each of the following types of characters:
      • Lowercase letters (a-z)
      • Uppercase letters (A-Z)
      • Numerals (0-9)
      • Special Characters (+-*/\.,:;!?#$%&@=^_~|<>()[]{})
  4. Enter your new password again in the field labeled "Verify Password".

  5. A purple "Change Password" button will appear when all of the form inputs are valid. Click the button to save your new password.

Your email users can reset their mailbox passwords themselves via the web at https://my.opalstack.com/mail/password/

Deleting Mailboxes

  1. Click on Email in the dashboard sidebar.

  2. Click the delete icon (a trashcan/bin) for your mailbox in the right edge of the mailbox list in the lower half of the page. A confirmation form will appear.

  3. Click the red "Delete" button on the form to delete the mailbox.

Editing Autoresponders and Procmail Rules for Mailboxes

  1. Click on Email in the dashboard sidebar.

  2. Click the Edit icon (a pencil) for the mailbox you want to edit. The Edit icon appears in the rightmost column of the mailbox list.

  3. Toggle the auto-responder feature on or off as desired.

  4. Enter the text to be sent from the auto-responder when it is active.

  5. Enter or edit your procmail rules in the space provided. Please see Filtering Email for procmail rule examples to use for server-side mail filters.

  6. Click the "Update Mailbox" button. Your changes will be applied after approximately 1-2 minutes.

Adding Email Addresses

  1. Add the domain for the email address to your dashboard if you have not done so already.

  2. If you want to be able to use IMAP, SMTP, and POP3 services with your new email address, then add a mailbox to your dashboard if you have not done so already.

  3. Click on Email in the dashboard sidebar.

  4. Click the green button "Create Email Address" in the upper-right corner of the page. A form will appear.

  5. Enter the Name portion of the new email address in the space provided. This is the portion of the email address which appears before the @ character.

    Tip

    If you would like a catch-all wildcard address to receive mail for your domain that is sent to non-existent addresses, you can enter a * character for the Name portion of the address.

  6. Select the domain to be used for the new email address. This is the portion of the email address that appears after the @ character.

  7. If you want the new address to deliver to a mailbox, then click the purple button "Add Mailbox" on the form. A list of your mailboxes will appear.

    Select the desired mailbox from the list, or delete the entry by clicking the red Trash button to the right of the list.

    If you want to deliver to multiple mailboxes then repeat this step.

  8. If you want the new address to forward to another address, then click the purple button "Add Forward Address" on the form. A text input field will appear.

    Enter the forwarding address in the field, or delete the entry by clicking the red Trash button to the right of the field.

    If you want to forward to multiple addresses then repeat this step.

  9. When all of the form inputs are valid a green button "Create Email Address" will appear on the form.

  10. Click the green "Create Email Address" button to save the new email address.

Editing Email Addresses

  1. Click on Email in the dashboard sidebar.

  2. Click the Edit icon (a pencil) for the email address you want to edit. The Edit icon appears in the rightmost column of the email address list in the top half of the page.

  3. Edit the email address as desired. You may:

    • Edit the name and domain of the email address.
    • Add and remove destination mailboxes to and from the email address.
    • Add and remove forwarding destinations to and from the email address.
  4. Click the gree button "Update Email Address" to save your changes.

Deleting Email Addresses

  1. Click on Email in the dashboard sidebar.

  2. Click the delete icon (a trashcan/bin) for your email address in the right edge of the the email address list. A confirmation form will appear.

  3. Click the red "Delete Email Address" button on the form to confirm the operation.

  4. The email address will be deleted after a few seconds.

Email Client Configuration

Your Opalstack email service includes IMAP, POP3, and SMTP servers to let you work with your email. These servers can be used to receive and send email with with desktop and mobile email clients, web applications, programming languages, or any other tool that uses these common mail protocols.

Email client settings are outlined below. Note that before you can configure your email client settings, you must first create a mailbox and an email address.

Incoming Mail (IMAP)

  • Server hostname:
    • United States: mail.us.opalstack.com
    • Germany: mail.de.opalstack.com
  • Username: your mailbox name (not your email address)
  • Password: your mailbox password
  • Authentication type: Normal password (some clients show this as just "Password")
  • Secure port - SSL: 993

Incoming Mail (POP3)

  • Server hostname:
    • United States: mail.us.opalstack.com
    • Germany: mail.de.opalstack.com
  • Username: your mailbox name (not your email address)
  • Password: your mailbox password
  • Authentication type: Normal password (some clients show this as just "Password")
  • Secure port - SSL: 995

Outgoing Mail (SMTP)

  • Server hostname:
    • United States: smtp.us.opalstack.com
    • Germany: smtp.de.opalstack.com
  • Username: your mailbox name (not your email address)
  • Password: your mailbox password
  • Authentication type: Normal password (some clients show this as just "Password")
  • Secure port - SSL: 465
  • Secure port - TLS: 587
  • Sender address: domain must meet the requirements detailed in Outgoing Mail Domains

Webmail

Your Opalstack email service includes webmail service available at:

https://webmail.opalstacked.com

The webmail service is running the Roundcube open source webmail system.

To use the webmail service:

  1. Create a mailbox and assign it to an email address.

  2. Go to the webmail URL in your browser.

  3. Select your regional webmail server (US or Germany).

  4. Enter your mailbox name (not your email address) and password into the spaces provided.

  5. Click the Login button.

Warning

The first time you log in to the webmail server you'll be prompted to set your sender identity by providing your name and email address. The information you enter here will be used on your outgoing mail.

Do not leave the default values - replace them with your own name and email address.

The email address that you provide must meet the criteria outlined in our Outgoing Mail Domains.

Filtering Email

Incoming email can be filtered on the mail server by specifying procmail rules for your Opalstack mailboxes. These rules will allow you to file or delete incoming email messages based on the sender, the spam score, or any other content of the message.

About Procmail Rules

A procmail rule generally consists of three lines:

  • :0: is a marker that indicates the beginning of a rule. The marker always begins with a colon : followed by a zero 0.

  • * condition is the criteria for the filter. Note that the condition line always begins with an asterisk *. The conditions themselves are regular expressions which typically start with a particular email header followed by whatever text you're attempting to match.

  • .destination/ is the folder for the messages that meet the filter criteria. Note that in procmail rules, mail folder paths are always preceded by a dot . and end with a slash /.

Your mailbox can have multiple procmail rules. The rules are processed in the order that they are entered, and processing stops at the first matched rule.

See Editing Autoresponders and Procmail Rules for Mailboxes for instruction on how to edit your procmail rules.

Procmail Examples

Filtering messages from a specific sender

This basic example moves mail sent from bob@domain.com into a folder named Bob:

:0:
* ^from:.*bob@domain\.com
.Bob/

Filtering messages to a specific recipient

Filtering by recipient is useful when you have multiple addresses attached to a single mailbox.

The following example will move mail sent or cc'd to me@company.com into a folder named Work:

:0:
* ^(to|cc|bcc):.*me@company\.com
.Work/

Filtering messages with specific words in the subject

Sometimes it is useful to categorize incoming messages based on their subject.

In the next example, incoming mail that contains the word "invoice" in the subject will be moved into a folder named Invoices:

:0:
* ^subject:.*invoice
.Invoices/

Filtering suspected junk email messages

The incoming mail servers on your Opalstack email service analyze incoming mail and assign to it extra headers indicating the likelihood that the message is junk email (aka "spam").

One of these headers is named X-Spam-Level and contains a series of asterisk characters can be used to filter suspected junk email.

For example, a message with a spam score of 6 will have a header that reads X-Spam-Level: ******. The six asterisk characters indicate that the spam score is 6.

If you decide that you want any message with a spam score of 5 or higher to be filtered into a folder named Junk, then you can use a procmail rule similar to this:

:0:
* ^x-spam-level: \*\*\*\*\*
.Junk/

As you can see, the x-spam-level filter expression contains 5 sequences of \* (escaped asterisks).You could increase the sensitivity of that rule by using fewer \* sequences, thus lowering the spam score that you use as your criteria for spam. This will result in less spam in your inbox, but with a higher probability of false positives being moved out of your inbox.

Conversely, you can use a higher number of \* sequences to filter on a higher spam score. This will leave more spam in your inbox, but with a reduced probability of false positives being moved out of your inbox.

Deleting messages

You can delete messages by using the special folder named /dev/null as the destination in your procmail rules.

As an example, here is an expanded version of the previous spam filter that includes an additional rule that deletes messages:

:0:
* ^x-spam-level: \*\*\*\*\*\*\*\*\*\*
/dev/null

:0:
* ^x-spam-level: \*\*\*\*\*
.Junk/

The first rule deletes messages with a spam score of 10 or higher, and the second rule moves any remaining messages with spam score of 5 or higher into the Junk folder.

This example also illustrates the importance of the order of your rules. Once a message has been matched in a rule, the action for that rule is run and all processing for that message stops. If the order of our two spam rules were reversed then all spam with a score of 5 or higher would be filtered into the Junk folder. No spam would be deleted because the processing would stop before the other rule could run.

Importing Email from Another Provider

Opalstack supports two methods to import mail from other providers for use with your Opalstack mailboxes: direct import and IMAP-to-IMAP transfers.

Direct Import

If your other mail provider stores your mail on their servers in Maildir format, then that mail can be copied directly into a mailbox account on Opalstack.

  1. Ask your mail provider to provide a zipped archive of your Maildir directory.

  2. Upload the zipped archive into one of your shell user home directories. You may use SFTP for this purpose.

  3. Create a mailbox if you haven't done so already.

  4. Contact Opalstack Support to ask to have the mail imported. Please include the mailbox name and the location of your mail archive in your request.

IMAP-to-IMAP Transfer

If your other mail provider offers IMAP mail service, then you can copy your mail over to your Opalstack mailboxes over IMAP. There are a couple of different approaches to this - with a specialized tool for transferring mail between servers or by moving messages with with your desktop mail client software.

IMAP Transfer with imapsync

  1. Create a mailbox if you haven't done so already.

  2. Create a shell user if you have not done so already. You can use an existing shell user if you wish.

  3. Log in to a SSH session on your Opalstack server as your shell user.

  4. Create a file named oldpasswd.txt containing your old mailbox password.

  5. Create a file newpasswd.txt with your Opalstack mailbox password.

  6. Test with the following command:

    imapsync --dry --host1 OLD_MAILSERVER --ssl1 --user1 OLD_MAIL_USERNAME --passfile1 ./oldpasswd.txt \
        --host2 NEW_MAILSERVER --ssl2 --user2 NEW_MAILBOX --passfile2 ./newpasswd.txt
    
    • OLD_MAIL_USERNAME: your old mail provider login name
    • NEW_MAILBOX: your Opalstack mailbox name
    • OLD_MAILSERVER: your old mail provider's incoming mail server
    • NEW_MAILSERVER: your Opalstack incoming mail server, either mail.us.opalstack.com or mail.de.opalstack.com.
  7. Assuming that works, repeat the command without the --dry option.

    imapsync --host1 OLD_MAILSERVER --ssl1 --user1 OLD_MAIL_USERNAME --passfile1 ./oldpasswd.txt \
        --host2 NEW_MAILSERVER --ssl2 --user2 NEW_MAILBOX --passfile2 ./newpasswd.txt
    
  8. imapsync will import your mail, reporting its progress as it goes.

IMAP Transfer with mbsync

Warning

mbsync can use a lot of memory on large mailboxes. If you're moving more than 1GB of mail then please use imapsync as described above.

  1. Create a mailbox if you haven't done so already.

  2. Create a shell user if you have not done so already. You can use an existing shell user if you wish.

  3. Log in to a SSH session on your Opalstack server as your shell user.

  4. Create a file in your shell user's home directory named ~/.mbsyncrc with the following contents, making the changes as directed:

    IMAPAccount oldhost
    SSLType IMAPS
    # change the following two lines to your old mail server and user
    Host mail.oldhost.com
    User your_old_mail_username
    
    IMAPStore oldhost
    Account oldhost
    
    IMAPAccount opalstack
    SSLType IMAPS
    # change the following two lines to your Opalstack mail server and user
    Host mail.us.opalstack.com
    User your_mail_user_name
    
    IMAPStore opalstack
    Account opalstack
    
    Channel main
    Master :oldhost:
    Slave :opalstack:
    Patterns *
    Create Slave
    Sync Pull
    CopyArrivalDate yes
    
  5. Save the configuration file from step 4 and you are ready to migrate your mail by running the following command:

    mbsync --pull --all
    

    mbsync will then report its progress as it copies your mail over.

IMAP Transfer with a Mail Client

If you need to move only a small amount of mail from your old provider, then Opalstack recommends this approach:

  1. Create a mailbox if you haven't done so already.

  2. Configure your mail client with your Opalstack mailbox credentials.

  3. Configure your mail client with your other mail provider's credentials if you have not done so already.

  4. Make a note of the folders and subfolders that exist on your old mail account and create them for your Opalstack mail account if they do not exist already.

  5. For each folder and subfolder in your old mail account:

    1. Click the folder in your mail client.
    2. Select all of the messages in the folder.
    3. Drag the messages into the corresponding folder for your Opalstack mailbox.

Your mail client may have other menu options for moving and copying mail between folders and accounts. Check your mail client documentation for more information.

Processing messages with a script or program

Your Opalstack server includes a utility called imap2script which will monitor any IMAP mailbox in real time and deliver incoming mail to a script or program in your shell user home directory.

In the following example, mail delivered to a mailbox named mailuser will be sent to a script /home/myshelluser/myscript.py.

  1. Create a mailbox and an email address if you haven't done so already.

    Tip

    We recommend that you use a dedicated mailbox for this because the script will mark messages read as it processes them. This might not be desirable if the mail is also going to a person. If you do need to send mail to a script and a person, then use two mailboxes and add them both to the address.

    imap2script works with any IMAP mail account, so if you want to process messages from an external IMAP mail provider you can use that instead of a local mailbox.

  2. Create a shell user and put your script in the shell user's home directory.

    The script must accept input on stdin. Here's a simple Python example that writes incoming messages to a file:

    #!/usr/bin/env python3
    
    import sys
    import email
    import email.policy
    
    if __name__ == '__main__':
        txt = sys.stdin.read().strip()
        msg = email.message_from_string(txt, policy=email.policy.SMTPUTF8)
    
        with open('mailscript_example.log', 'a') as f:
            f.write("------------------------------------------------------\n")
            f.write(f"Received message from: {msg.get('From')}" + '\n')
            f.write(f"Received message to: {msg.get('To')}" + '\n')
            f.write(f"Received message subject: {msg.get('Subject')}" + '\n')
            f.write(msg.get_body().get_content() + '\n\n')
    

    Be sure to make the script executable, eg: chmod 700 /home/myshelluser/mailscript_example.py

  3. Create a configuration file for imap2script using the following template:

    [{
        "Host":        "mail.us.opalstack.com",
        "Port":        993,
        "User":        "mailbox",
        "Pass":        "password",
        "Folder":      "INBOX",
        "Scripts":     ["/path/to/mailscript_example.py"],
        "Timeout":     900,
        "DeleteAfter": false
    }]
    

    The parameters are:

    • Host: the IMAP server that you're getting mail from
    • Port: the IMAP port (leave as 993)
    • User: your mailbox name
    • Pass: your mailbox password
    • Folder: the mail folder to read (usually INBOX)
    • ScriptPath: the location of the script or program in your shell user home directory
    • Timeout: the number of seconds to wait if the IMAP server stops responding.
    • DeleteAfter: should messages be deleted from the mailbox after sending to target scripts?

    Save the configuration file with a json extension like config.json.

  4. Launch imap2script in the foreground:

    imap2script --config config.json
    
  5. Send a test email to an email address that targets the mailbox you specified in the config. When the message is delivered you'll see some activity on the screen as imap2script processes the message.

    Check whatever you need to ensure that your script did the right thing.

  6. Assuming that worked, press CTRL-C to terminate imap2script, then relaunch it as a background process like:

    daemonize -p $PWD/imap2script.pid -o $PWD/imap2script.log -e $PWD/imap2script.log \
        -c $PWD /usr/local/bin/imap2script --config $PWD/config.json
    

That's it! imap2script is then running in the background and feeding incoming mail to your script or program.

If you need to terminate the background process you can do so like:

kill $( cat imap2script.pid )

Pointing your domain at an external email service

The email service used by your domain is determined by the domain's MX records.

If your domain is using Opalstack's name servers and you want to point it at an external email service:

  1. Consult your email provider's documentation to get their recommend MX server settings.

  2. Add your domain to your Opalstack dashboard if you have not done so already.

  3. Add a new DNS record for each of your mail provider's MX servers with the following values:

    • Domain: your domain
    • Type: MX
    • Content: the MX server host
    • Priority: as recommended by your mail provider
    • Ttl

      leave as the default

  4. If your mail provider recommends other DNS records then add those as well.

  5. Wait for the DNS changes to propagate. This can take anywhere from a few minutes to a day or more, depending on who is doing the DNS lookups. You'll know it's done when all of your email is arriving at your external email provider.

Example: Configuring your domain to use Google mail services

If you want to use Google Workspace (formerly known as G Suite or Google Apps) for your domain's email service then you can create the necessary DNS records via your Opalstack dashboard as follows.

Note

Your domain needs to be using Opalstack's name servers for this to work.

  1. Add your domain if you have not done so already.

  2. Create 5 MX records for Google with the following values:

    Content Priority
    ASPMX.L.GOOGLE.COM 1
    ALT1.ASPMX.L.GOOGLE.COM 5
    ALT2.ASPMX.L.GOOGLE.COM 5
    ALT3.ASPMX.L.GOOGLE.COM 10
    ALT4.ASPMX.L.GOOGLE.COM 10

SPF records for Opalstack email

SPF records can improve the deliverability of your email by letting recipient email servers know which systems are allowed to send mail for your domain.

For Domains Using Opalstack Name Servers

If your domain uses Opalstack's name servers then you can create a SPF record as follows:

  1. Click Domains in the dashboard sidebar.

  2. Add your domain if you have not done so already.

  3. Click the edit icon for your domain.

  4. Add a new DNS record with the following values:

    • Type: TXT
    • Content: v=spf1 include:spf.opalstack.com ~all
    • All other fields can be left at their preset defaults
  5. Save the new DNS record. It should take about 1 hour at most to propagate through DNS, after which it will be available for checks by recipient mail servers.

For Domains Using External Name Servers

If your domain uses external name servers, such as those provided by your domain registrar or a third-party service like Cloudflare, then you can create a SPF record by logging into their DNS management system and creating a new TXT record for your domain with the following content:

v=spf1 include:spf.opalstack.com ~all

Email Limits

Outgoing mail volume

The volume of outgoing mail sent via your Opalstack SMTP and sendmail services is limited as follows:

  • 750 messages per "day" (a rolling 24-hour period)
  • 10,000 messages per "month" (a rolling 30-day period)

If you exceed either of these limits your outgoing mail will be placed in a hold queue.

These limits apply across your entire Opalstack hosting account. If you need a higher daily or monthly limit then please contact Opalstack support for assistance.

Message size limits

Individual incoming and outgoing messages are limited to 35MB in size, including their attachments. Messages that exceed these limits are rejected.

Mail storage

Mail storage quotas are as follows:

  • Managed shared hosting plan storage quotas include all of web and email storage. For example, if you have a 100GB storage quota and are using 50GB on your web server and 25GB on your mail server then you would have 25GB of available storage remaining before you reach your quota.
  • Managed VPS hosting plan storage quotas include 50GB of email storage which is separate from your VPS storage capacity.
  • Managed dedicated hosting plan storage quotas include 100GB of email storage which is separate from your dedicated server storage capacity.

Sender address requirements

Mail sent from your Opalstack email service can be sent only from the domains that you own and that have been added to your Opalstack dashboard.

If you attempt to send email from an address that does not meet the above criteria, the message will be rejected.