Synology NAS DS1517+ v3 Administrator's Guide PDF
en
Summary of Content for Synology NAS DS1517+ v3 Administrator's Guide PDF
1
Administrator's Guide for Synology MailPlus Server
Based on Synology MailPlus Server 2.3
Table of Contents
Introduction 01
Chapter 1: Deployment Guidelines 02
Select a Synology NAS
Estimate RAM and Storage Requirements
Running Multiple I/O Intensive Packages on the Same NAS
Chapter 2: Getting Started with MailPlus Server 06
Connect Synology NAS to the Internet
Set up DNS
Set up MailPlus Server
Set up MailPlus Client
Run MailPlus
Third-Party Email Clients
Troubleshoot
Chapter 3: Mail Migration 19
Create a Mail Migration Task in MailPlus Server
Import System Configurations from Microsoft Exchange to MailPlus
Server
Chapter 4: User Licenses 27
Purchase Licenses
Install Licenses
User Licenses
Chapter 5: Account Settings 31
Account System
Activate Accounts
Manage Privileges
Chapter 6: Protocol Settings 47
SMTP
IMAP/POP3
Network Interface
Chapter 7: SMTP Settings 51
Service Settings
SMTP Secure Connection
Mail Relay
Chapter 8: Domain Settings 67
Domain
Domain Management
Chapter 9: Security Settings 84
Antispam
Antivirus Scan
Authentication
Data Protection
Content scan
Chapter 10: Monitor Settings 108
Monitor Server Status
Monitor Mail Queue
Monitor Mail Log
Chapter 11: Disaster Recovery 128
High-Availability Cluster
Back up and Restore Email
Chapter 12: MailPlus Navigation 141
Basic Operations
Advanced Settings
01
Introduction
The Synology MailPlus suite provides advanced and secure mail service with high usability.
This suite consists of two packages: MailPlus Server and MailPlus. MailPlus Server is an
administration console that offers diverse settings, while MailPlus is an email platform for
client users.
This administrator's guide will guide you through the MailPlus Server setup and give detailed
configuration instructions including DNS settings, mail service migration, and other security
adjustments. In addition, the following key features are also contained in this guide to help you
achieve the best practices: MailPlus high-availability for stable and continuous mail service,
the mail queue for deferred message management, and the monitoring console displaying an
overview of the MailPlus health status.
Introduction
02
Chapter 1: Deployment Guidelines
This chapter is a guide on best practices to follow when deploying MailPlus to ensure the
stability and performance of mail services. The following is discussed below: how to select a
Synology NAS suitable for MailPlus, how to estimate RAM and storage requirements, what
to consider when utilizing SSD cache, and advice on the running of multiple I/O intensive
packages alongside MailPlus on the same NAS.
Select a Synology NAS
Synology offers a variety of NAS in different form factors, functions, and capabilities. Not all
of them are suitable for MailPlus Server. To help you choose a Synology NAS that meets your
requirements, please see below:
1. View a list of supported devices on the MailPlus licensing page sorted by the maximum
number of concurrent users and maximum server performance.
Maximum number of concurrent users refers to the recommended maximum number
of MailPlus users.
Maximum server performance refers to the maximum number of emails that MailPlus
Server can process per day.
2. Visit Synology product page to find a list of every model that supports MailPlus. By clicking
on the desired model, you can view more details about its specifications.
Note:
Figures are based on laboratory testing done internally by Synology. The test environment is listed as follows:
The CPU and RAM usage were both under 80% when testing the maximum number of concurrent users.
For models tested with expandable memory, the maximum amount of RAM was installed.
Models with 2 bays and dual M.2 drive slots were installed with two SSDs for SSD cache.
Models with more than 4 bays were installed with two SSDs for SSD cache.
FS series were installed with 12 SSDs in RAID F1 configuration.
The performance of the mail system will slightly decrease in high-availability mode due to data synchronization between the two servers.
Functions that were enabled in all of the tests above: antispam, antivirus, DNSBL, greylist, content scan, full-text search (English only).
Actual limitations may differ according to your system configuration. To achieve the same performance, please consider installing SSDs and expanding RAM.
Chapter 1: Deployment Guidelines
03
Chapter 1: Deployment Guidelines
Estimate RAM and Storage Requirements
Based on the multiple factors that will affect a NAS's memory usage, the recommended
memory sizes based on the number of users are:
for < 250 users: minimum of 8 GB RAM
for 250 - 500 users: minimum of 16 GB RAM
for 500 - 1000 users: minimum of 32 GB RAM
for > 1,000 users: minimum of 64 GB RAM
Estimating RAM usage
The amount of memory used is mainly dependent on the number of mail service users.
However, please take into consideration that the following services may also use high amounts
of memory:
Antispam: The default MailPlus antispam engine, Rspamd, can be memory intensive.
Antivirus: Antivirus services such as ClamAV and McAfee can be memory intensive,
especially when updating their offline virus database to the latest versions.
MailPlus web client: MailPlus Server may simultaneously receive multiple requests from
web clients when they are reading emails and saving email drafts. If the number of users
exceeds the Maximum Number of Concurrent Users as specified by the specifications of
the model of Synology NAS, sudden spikes in memory usage may occur as MailPlus Server
tries to handle all client requests.
Estimating volume size requirements
Use the following formula to estimate the storage size requirements for MailPlus:
Estimated storage size = [(the average number of incoming and outgoing emails per
day)*(the average size of emails)*(the number of users)*(days)]
The average email size of an email is 300 KB, the average number of emails sent and received
by a single person is 100 per day, and a mail service usually lasts for three to five years.
For example, if your MailPlus supports 200 users, the required storage size is:
100 (the average number of incoming and outgoing emails per day)*300 KB (the average size
of an email)*200 (the number of users)*1095 (the number of days in three years) = 6.12 TB
If you have a problem estimating the required storage size, please contact us for custom
suggestions.
04
Chapter 1: Deployment Guidelines
Utilizing SSD Cache
SSD cache is a way of improving system performance by temporarily storing frequently
accessed data (also known as hot data) on part of, or the entirety of, an SSD.
MailPlus involves frequently reading and writing messages, which would require small files
being randomly read and written to the drive. Since the average email size is relatively small,
the increase in read/write speed can be considerable when they are (or even partially) stored
on an SSD cache. Installing an additional SSD and utilizing Synology SSD cache will enhance the
overall performance of the mail service.
Note:
It is essential that enterprise users utilize SSD cache for best performance.
For optimal performance, it is strongly suggested to use an FS series NAS and create the volume with all SSDs.
Recommended size of SSD cache
SSDs are designed for different purposes, and you should take into consideration the following
when selecting a suitable SSD to use in your system: endurance, consistent performance, and
power loss protection.
Synology SSDs are enterprise-class SSDs that are built for 24/7 NAS environments and are
verified through rigorous validation to be interoperable with Synology systems. Intensive tests,
which include I/O stress, power cycling, and temperature trials, ensure that Synology SSDs can
provide both reliability and consistent performance suitable for enterprise environments -
especially for something as crucial as your mail server.
In addition to Synology SSDs, Synology has tested and verified several other third-party SSDs.
Depending on the manufacturer, an SSDs performance may vary widely.
To learn more about choosing an appropriate SSD for your SSD cache, please see this article.
Recommended size of SSD cache
The actual size of the SSD cache depends on the amount of hot data of the volume. At least
two SSDs are required to form a RAID 1/5/6/10 redundant drive to make use of a read-write
cache. For example, if you want to create a 480 GB read-write cache, at least two identical 480
GB SSDs are required.
Hot data will be cached within the SSD; for MailPlus Server, hot data will consist mainly of
recently-accessed emails that have a high probability of being frequently accessed. Hot data
usually accounts for three to six percent of the total storage space used for mail services.
For example, the hot data size on a 1 TB mail storage space is likely to be: 1,024 GB*6% =
61.4 GB
05
Chapter 1: Deployment Guidelines
However, SSD cache should have a larger capacity than the actual hot data size in order to
ensure performance. We recommend that the actual size of the SSD cache be double the size
of estimated hot data.
Continuing with the above example, the ideal cache size is: 61.4 GB*2 = 122.8 GB.
In this case, a 480 GB SSD cache will more than meets the minimal requirements.
The following guide provides a quick SSD cache size estimation based on the number of users:
For < 500 users: 480 GB*2
For 500 - 1,000 users: 1 TB*2
For > 1,000 users: 2 TB*2
If you already have a Synology NAS, the hot data size and the appropriate cache size can be
determined by using SSD Cache Advisor at Storage Manager.
Note:
For more information on SSD cache, please refer to the following articles and documents:
SSD Cache help article
Frequently asked questions about using Synology SSD cache
White paper: Using Synology SSD Technology to Enhance System Performance
SSD cache is recommended as a way to speed up email processing even if the number of MailPlus users does not reach the Maximum Number of Concurrent Users as specified in the model's specifications.
Running Multiple I/O Intensive Packages on the Same NAS
To ensure performance and data security, as a best practice, I/O intensive packages such as
MailPlus Server, Synology Drive Server, and Synology Chat Server should not be installed on
the same Synology NAS. As all of the above consume high I/O resources, system errors can
easily result owing to resource competition between the different services. However, if the
packages are not all I/O intensive services, a Synology NAS is capable of running multiple
services at the same time. For example, MailPlus Server and Synology Drive should not be
installed on the same NAS, but Synology Calendar can be run together with MailPlus as they
are not I/O intensive services.
06
Chapter 2: Getting Started with MailPlus Server
With MailPlus Server, a Synology NAS can serve as a mail system that supports SMTP, POP3,
and IMAP. User accounts and email messages can be centrally managed and archived on a
Synology NAS. MailPlus, as a client package, provides mail service users with an easy-to-use
and browser-based email platform for viewing, managing, and sending messages.
This chapter will help you get started with MailPlus Server and MailPlus.
Connect Synology NAS to the Internet
There are three ways to connect a Synology NAS to the Internet: direct connection, PPPoE
connection, or connection through a router. For detailed instructions on how to access a
Synology NAS via the Internet, you can refer to this tutorial.
Having an external static IP address is crucial for a mail system. Although it is possible
to run a mail system with a dynamic IP address, it is not as reliable as using a static one.
We recommend registering an external static IP address for the mail system. For more
information, please contact your Internet service provider (ISP).
Configuring static IP/PPPoE
There are two ways to set up external static IP addresses on Synology NAS:
PPPoE: Some Internet service providers (ISP) provide free static IP addresses; however, users
must connect via PPPoE to retrieve a static IP address.
1. Sign in to DSM.
2. Go to Control Panel > Network.
3. At the Network Interface tab, select PPPoE and click the Edit button.
4. Set up the modem and network port.
5. Enter the username and password provided by your Internet service provider (ISP).
Static IP address: If you already have a static IP address, you can enter it in Synology NAS.
1. Sign in to DSM.
2. Go to Control Panel > Network.
3. At the Network Interface tab, select a network port and click the Edit button.
4. Enter your static IP address.
Chapter 2: Getting Started with MailPlus Server
07
Chapter 2: Getting Started with MailPlus Server
Set up DNS
A valid and registered domain name is required to allow clients to deliver emails to MailPlus
Server over the Internet. An email address has two parts. The part before @ is a username, and
the one after @ indicates a domain name. For example, Alex's email address is "alex@example.
com". His domain name is "example.com". To make sure an email address like "alex@example.
com" works, you'll need to set up the MX record and A record to help emails reach MailPlus
Server. You can configure these records on the DNS server of your domain providers.
MX record
MX record, or Mail Exchanger record specifies how the Internet should route your emails using
Simple Mail Transfer Protocol (SMTP). Each MX record contains a hostname and a preference.
A hostname guides emails to arrive at the right mail server. A preference points out the priority
of multiple servers. The lower the preference number is, the higher the priority will be.
You can set up multiple MX records for a domain with multiple mail servers and assign each
record a preference number. The primary server should have the lowest number, like zero,
to ensure that this mail server responds to requests at first. When there is no response from
the primary server, the Internet will try the other mail servers used for failover sequentially
according to their preference numbers until one of them gives a response.
For example: if the email address is alex@example.com, you have to set up the MX record
pointing to the mail server, which should receive emails on behalf of the domain example.com.
Therefore, you should enter the domain you are editing in the Host field and the hostname
of your MailPlus Server in the Points to field. The preference record that you assign to the
primary server should be zero or closer to zero.
Host Points to Preference
example.com mail.example.com 0
In this way, the MX lookup for example.com would return mail.example.com.
After the MX lookup finds the mail server, the Internet needs its IP address to locate the
destination for mail delivery. That's why you need to set up A record for your mail server.
A record
A record, or Address record, points a domain or subdomain to the IP address of the host
server. It allows the Internet to identify IP addresses when people use easy-to-remember
domain names.
In the case of alex@example.com, mail.example.com is the subdomain of example.com, and the
host server is the Synology NAS on which MailPlus Server is running.
From Hostname To IP Address
mail.example.com 111.116.172.181
08
Chapter 2: Getting Started with MailPlus Server
The examples and the image are for demonstration purposes only. The DNS record interface
that each provider offers may vary. If you have problems configuring DNS records, please
contact your domain providers.
Reverse DNS setup
The process of assigning specific DNS records to a domain name is known as forward DNS.
This is what leads a domain name to the exact server. There is also a reverse process, known
as reverse DNS.
What is reverse DNS?
Reverse DNS refers to translating numeric addresses of a website (i.e., the IP address) to the
domain/hostname, as opposed to the forward DNS process which translates a domain or
hostname to an IP address. Reverse DNS also refers to locating which domain name/host
belongs to a given IP address; that is why this process is often referred to as reverse DNS lookup. When a domain name has a valid reverse DNS, it can be accessed via an IP address.
What does reverse DNS do?
Reverse DNS is one of the basic requirements for a mail system. It is often used as a spam
filter to determine whether the IP address of an incoming message matches an authenticated
domain name, and to block the message if it doesn't. If you don't set up reverse DNS for
your mail server, messages sent from your mail server will be blocked by most major email
providers. If you cannot set up reverse DNS by yourself and keep experiencing mail delivery
problems, please add another SMTP server for mail delivery. We recommend that you use a
well-known SMTP server to avoid being taken as a spammer when sending emails.
09
Chapter 2: Getting Started with MailPlus Server
How to set up reverse DNS?
Set up reverse DNS on your own host: Some ISPs may delegate a portion of the zone
to users so that users can host their own reverse DNS. You can configure reverse DNS
by determining PTR records in a DNS server. PTR records are managed by the entity that
controls the IP address. It may be either your host or yourself if the host has delegated the
reverse DNS for the IP space (containing one or multiple IP addresses) to you. A PTR record
usually represents the IP entered backward, followed by an in-addr.arpa entry.
Set up reverse DNS with your ISP: The ISP or entity that owns your IP address is the only
one who can add appropriate PTR records. You may have to contact them for reverse DNS
configurations.
10
Chapter 2: Getting Started with MailPlus Server
Set up MailPlus Server
Once the installation is complete, you can start setting up MailPlus Server. In the section below,
we will demonstrate how to configure basic SMTP (Simple Mail Transfer Protocol) settings.
Please remember that the screenshots below are for reference only. Your settings may differ.
1. Go to Package Center to install MailPlus Server.
2. Launch MailPlus Server and select Create a new mail system if you want to set up a
whole new mail system, and click Next to continue the setup. Otherwise, you can select
Create a new mail system by migrating the data from previously installed Mail Server.
Check this tutorial to see how to migrate Mail Server to MailPlus Server.
3. Enter your domain name and hostname (FQDN):
Domain name: A domain name is a location or an address where email messages are
received. Please check if the domain name matches the MX record in DNS settings.
Hostname (FQDN): A hostname is the address of your MailPlus Server. Please check if
the hostname matches the A record in DNS settings.
11
Chapter 2: Getting Started with MailPlus Server
4. Modify the following settings according to your needs:
Account type: Select a user account type (local, LDAP, or domain users) that will be
allowed to use MailPlus services.
Network interface: Select a LAN port used for MailPlus Server.
Volume: Select a volume on which MailPlus Server and its data will be stored.
5. Click Next to check the setup summary and click Apply to finish the settings.
6. After setting up MailPlus Server, you can Activate Accounts to allow specific users to use
mail service. Please note that activating more than five user accounts requires additional
purchased licenses. For more information on the MailPlus license mechanism, please refer
to the MailPlus licensing page.
Note:
The application privileges of MailPlus Server are granted to all users by default. Editing privilege settings at Control Panel can affect the functionality of MailPlus Server and therefore should be avoided. For more details, please refer to Activate Accounts.
After you set up MailPlus Server, a MailPlus shared folder will be automatically added to the Synology NAS. To ensure client users can access MailPlus, the permission settings of the shared folder should remain as default. We do not recommend that you edit the permissions on your own.
12
Chapter 2: Getting Started with MailPlus Server
Set up MailPlus Client
Access emails on Synology NAS with MailPlus
MailPlus is an add-on package that provides a web-based interface for client users to access
and manage emails hosted on a Synology NAS.
Multiple POP3 accounts can be created in MailPlus, allowing users to fetch messages via other
mail service providers (e.g., Mozilla Thunderbird, Gmail, and Office 365).
Install MailPlus
1. Go to Package Center to install MailPlus.
2. Go to Control Panel > Privileges to allow target users or groups to access MailPlus.
13
Chapter 2: Getting Started with MailPlus Server
Run MailPlus
1. There are two ways to launch the MailPlus login page:
Go to Main Menu > MailPlus.
Access MailPlus via Application Portal. Enter the name of the Synology NAS followed by
"/mail" in the address bar of your web browser. For example, if the Synology NAS is called
mydiskstation, enter mydiskstation/mail. Please refer to this help article to see how to
enable Application Portal.
14
Chapter 2: Getting Started with MailPlus Server
2. Enter your DSM username and password to sign in.
3. If the settings of MailPlus Server have been configured before the installation of MailPlus,
the SMTP settings of MailPlus Server will automatically appear at Settings > SMTP.
15
Chapter 2: Getting Started with MailPlus Server
Third-Party Email Clients
Access emails on Synology NAS with other email clients
Email accounts on a Synology NAS can be linked with various mail clients, such as Microsoft
Outlook or Mozilla Thunderbird. In the example below, we'll show you how to use
Thunderbird to access an email account hosted on a Synology NAS.
1. Launch MailPlus Server and go to the Service page to enable IMAP and POP3.
2. Launch Thunderbird on your computer and click Email to launch the Set up an Existing Email Account window.
16
Chapter 2: Getting Started with MailPlus Server
3. Enter the name, MailPlus address, and password for your DSM user account. Click
Continue.
4. Thunderbird will search for your MailPlus account. If the settings are correct, click Done to
finish the settings.
5. Once the setup is complete, your MailPlus account will appear on the left panel. You can
double-click the account to expand all mailboxes.
17
Chapter 2: Getting Started with MailPlus Server
Troubleshoot
Why can't I send or receive emails via webmail from MailPlus?
1. Check if settings on your MailPlus such as SMTP, DNS, and MX are correct.
2. Check if the Internet settings of the Synology NAS are correct. Go to Control Panel >
Regional Options. At the Time tab, tick Synchronize with NTP server and click the
Update Now button to examine if the Internet settings are correct. If a result comes back
successfully, the settings are correct.
3. Check if the port number on your router is correct.
4. Please visit Spamhaus to check if your IP is listed as a spammer. If so, remove your IP from
the block list on the same website.
Why can't I send or receive emails via email clients?
1. Check if you have enabled IMAP and POP3.
2. Check if your username and password are correct.
3. Check if settings on your MailPlus such as SMTP, DNS, and MX are correct.
4. Check if the Internet settings of the Synology NAS are correct. Go to Control Panel >
Regional Options. At the Time tab, tick Synchronize with NTP server and click on the
Update Now button to examine if the Internet settings are correct. If the result comes back
successfully, the settings are correct.
5. Check if the port number on your router is correct.
6. Please visit Spamhaus to check if your IP is listed as a spammer. If so, remove your IP from
the block list on the same website.
18
Chapter 2: Getting Started with MailPlus Server
Why can't I receive emails sent from another mail server (e.g., Gmail)?
1. Make sure DNS settings are correctly configured. You will need to point the MX and A
records to the Synology NAS so that other mail servers can find the Synology NAS.
2. Make sure the Synology NAS has a static IP address and is connected to the Internet, or
your domain name points correctly to your dynamic IP.
3. If the Synology NAS is set behind the NAT firewall/router, please make sure the port
forwarding works properly. You can check whether the port forwarding works by going to
the CanYouSeeMe website and inputting the port 25.
4. If any, check the message in a returned mail to find the detailed reason for an error.
Why do I get rejected when I send emails to certain webmail accounts, like those of Gmail or Hotmail?
Many free email providers do a reverse DNS lookup to check the validity of a sender. If your
reverse DNS lookup doesn't correspond to the sending domain name, your emails will be
rejected. Please check with your ISP. Another possibility is that your IP address is listed on a
spam block list. You can check this by visiting Spamhaus.
19
Chapter 3: Mail Migration
With a built-in mail migrator, MailPlus Server helps you migrate emails from non-MailPlus mail
servers (e.g., Microsoft Exchange and IMAP mail servers) and third-party services (e.g., Gmail
and Yahoo Mail) without complicated setup.
This chapter will guide you through how to migrate emails from Microsoft Exchange to
MailPlus Server. Before you start, please make sure you have done the following:
Check if the Synology NAS is running DSM 6.0 or later and supports MailPlus Server (see
compatible models here).
Set up MailPlus Server on the Synology NAS to make it the destination mail server.
Collect usernames and passwords of source accounts and the corresponding MailPlus
account names.
Create a Mail Migration Task in MailPlus Server
Sign in to MailPlus Server, go to Server Management > Mail Migration, and click the Create button to create a mail migration task. In this section, Microsoft Exchange will be used as an
example for demonstration purposes.
Note:
To know how to migrate emails from other sources (e.g., Gmail or Yahoo Mail), please see this help article.
Configure general task settings
1. Go to Server Management > Mail Migration and click the Create button.
Chapter 3: Mail Migration
20
Chapter 3: Mail Migration
2. Go to the General tab in the Migration Settings window, set Select the server type to
Microsoft Exchange, and fill in the required information of the Microsoft Exchange server.
3. The IMAP path prefix can be found within the settings of your Microsoft Exchange server.
4. If you have a delegate account on the source server that has full access permissions to
all the other source accounts, select Migrate mail with the delegate account and fill in
account credentials. This account allows you to migrate emails without asking for the access
permissions to each source account.
5. You can specify Accounts to migrate per time period according to the source server's
capability.
21
Chapter 3: Mail Migration
Import a user list
1. Prepare a user list following the requirements below:
Generate a user list in CSV format using a text editor.
List one user account information in one row.
List each user's following information from left to right: the source account, the source
account password, and the corresponding MailPlus Server account.
Separate each type of information with a comma (,).
When the source server type is set to Microsoft Exchange and Migrate mail with the delegate account is enabled, you can omit the source account password (e.g., source_
account_X,,MailPlus_Server_account_X).
Note:
Google Workspace accounts should be specified using FQDA (i.e., username@domain name).
2. A valid user list should look like the one below:
source_account_1,source_account_1_password,MailPlus_Server_account_1
source_account_2,source_account_2_password,MailPlus_Server_account_2
source_account_3,source_account_3_password,MailPlus_Server_account_3
...
source_account_N,source_account_N_password,MailPlus_Server_account_N
3. Go to User List, where you can import the list. Check if all account data are correct.
22
Chapter 3: Mail Migration
Set up email and mailbox filters
1. At the Filter tab, specify criteria to migrate or skip certain emails and mailboxes.
2. To filter mailboxes with keywords, tick the Enable mailbox filter checkbox and select a
filter policy (Skip mailboxes by keyword or Migrate mailboxes by keyword).
3. Click Set Keyword and enter text in the two areas:
Keyword: Enter text to process matching mailboxes according to the selected filter policy.
Exceptions: Enter text so that matching mailboxes will not be processed.
4. You can enter regular expressions in the two areas and they should be surrounded by a
slash on each side (e.g., /REGULAR_EXPRESSION/).
23
Chapter 3: Mail Migration
Set up migration notifications
1. Make sure Enable SMTP (at Service) is ticked in MailPlus Server to allow notification
delivery.
2. At the Notification tab, determine whether MailPlus Server should send notifications about
each account's migration results and where the administrator should receive them.
24
Chapter 3: Mail Migration
Run a mail migration task
1. At Server Management > Mail Migration, you can select a migration task and click Start to run it. To avoid migration errors, do not change IMAP/POP3 settings in MailPlus Server or
move/delete emails on the source mail server.
2. Click Information (the document icon) to see migration statistics and logs.
Note:
When you migrate emails from Google Workspace, filters will be applied according to your Google labels.
25
Chapter 3: Mail Migration
Import System Configurations from Microsoft Exchange to MailPlus Server
You can export system configurations and aliases from a Microsoft Exchange server and have
them imported to MailPlus Server for continuous use.
Export system configurations and aliases from Microsoft Exchange
1. Download the script file (ExchangeConfigExport.ps1) from here.
2. Log in as the system administrator to a Windows computer running the Microsoft Exchange
server.
3. Move the script file to the Windows computer.
4. Execute the script file on the Microsoft Exchange server using Windows PowerShell.
5. When prompted to change the execution policy, choose Yes to allow script execution.
6. When execution completes, the Microsoft Exchange server will export the system
configurations into a SynologyExportedExchangeConf.xml file and the aliases into a
SynologyExportedAlias.txt file.
7. Move the generated .xml file and .txt file to your local computer.
26
Chapter 3: Mail Migration
Import system configurations to MailPlus Server
1. Begin the import process in either way below:
When MailPlus Server is to be initialized: Launch MailPlus Server and select Create a new mail system by importing configurations from Microsoft Exchange.
When MailPlus Server has already been initialized: Launch MailPlus Server and go to
Server Management > Configuration Import > Import Configurations.
2. Click Browse to import the SynologyExportedExchangeConf.xml file from your local
computer.
3. Click Next to check configuration details at General Settings (e.g., SMTP and security
settings) and Criteria (e.g., blacklist and whitelist). Click Import.
27
Chapter 4: User Licenses
Sufficient licenses are required to run MailPlus Server. The number of required licenses is
determined by the number of accounts that are to be activated. By default, MailPlus Server
comes with five free email accounts and allows you to add more accounts with additional
purchased licenses.
The number of license users will not be affected by the following:
Deactivated accounts: For example, the license of a former employee can be applied to a
new employee.
Email alias: Each user can add aliases at no extra cost because alias email addresses are
bound to existing user accounts.
Multiple domains (including other domains): MailPlus Server can handle multiple
domains, so using multiple domains does not require additional licenses.
DSM users that do not belong to the specified account type: For example, when the
account type is set to LDAP users, local users will not be counted as license users.
Purchase Licenses
MailPlus license packs include five or 20 units of email accounts and can be purchased through
Synology authorized resellers. For details on MailPlus license packs, please refer to the
MailPlus licensing page.
Install Licenses
Purchased licenses must be installed to activate email accounts. Please refer to the following
steps:
1. Go to License and click the Add button to add licenses.
Chapter 4: User Licenses
28
Chapter 4: User Licenses
2. In the Add License window, please carefully read the license agreement for MailPlus Server.
After checking and confirming the content, click Agree.
3. Sign in to the Synology Account and click Next.
Note:
Should there be situations where licenses are unable to be retrieved after being activated, sign in to the Synology Account to submit a technical support ticket.
29
Chapter 4: User Licenses
4. Enter the license number in the License Key field as shown in the image below. If you need
to add more than one license, click on the plus icon (+) to add more fields.
5. Check and confirm if the number of licenses to be installed and their respective license keys
are correct. After confirming the information is correct, click Next to finish adding licenses.
30
Chapter 4: User Licenses
6. After adding licenses, you can go to the License page to check the details and statuses of
each license:
License key
The number of email accounts provided by each license
License activation date
License expiration date
License validity status
7. In addition, at the bottom of the License page, you can view the total number of licenses
installed on the MailPlus Server, as well as the number of used and unused licenses.
User Licenses
After adding licenses, you can go Account > User to choose which accounts to activate. For
detailed instructions, please refer to Activate Accounts.
31
Chapter 5: Account Settings
Account System
MailPlus Server uses the same account system as DSM; therefore, you can activate user
accounts in MailPlus Server from existing user accounts on DSM.
In addition to activating user accounts from local users, you can activate user accounts from
LDAP/domain users (go to DSM > Control Panel > Domain/LDAP to bind LDAP and domain
accounts). However, DSM cannot synchronize more than one directory service at a time;
therefore, MailPlus Server cannot simultaneously synchronize more than one directory service
and account system either.
Note:
MailPlus Server can only use one of the following account types at a time: Local, LDAP, or Domain.
Modify account type
Please follow the steps below to modify account type:
1. Sign in to your DSM.
2. Go to Control Panel > Domain/LDAP to bind with a specific directory service. If you are
using Local users as the account type, please skip this step.
3. Launch MailPlus Server.
4. Go to Service to select an account type from the Account type drop-down menu. (Only the
directory service configured on DSM will be shown here.)
Chapter 5: Account Settings
32
Chapter 5: Account Settings
5. Click Apply to import user accounts from the directory service. As shown in the following
image, if you switch from Local users to LDAP Users or Domain Users and click Apply, an
alert window will appear.
Note:
Different account types have different email addresses, so emails under different account types cannot be shared. If you want to migrate emails from Local Users to LDAP Users or Domain Users, please click Yes. The system will only migrate emails to directory service accounts with the same usernames as local users. Accounts with different usernames will be automatically ignored.
33
Chapter 5: Account Settings
Activate Accounts
You must activate user accounts in MailPlus Server to start using mail services, such as sending
and receiving emails. Therefore, you need sufficient licenses to activate the accounts that will
use mail services. For more information, please refer to the User Licenses section.
If you have already activated some user accounts, and these users cannot sign in to DSM or
launch MailPlus/MailPlus Server, please check if you have disabled any user accounts and
whether these user accounts have privileges to the MailPlus or MailPlus Server. For more
information on client login issues, please refer to this article.
Activate user accounts
Activating user accounts requires a sufficient number of licenses. For more instructions, please
refer to User Licenses section. Please follow the steps below to activate user accounts:
1. Go to Account > User.
2. Select the users you want to activate. If the checkboxes under the Activate and Deactivate
columns are not ticked for a certain user, the status of this user will be set as the default
status. For details, please refer to Default status. Ticking the Activate checkbox will reduce
the number of available licenses.
3. The Activation Info column displays if a license has been applied to the user.
4. The Status column displays the following DSM user statuses: Normal, Deactivated, and
Username unsupported.
Note:
Users can use mail services properly only when an account is Activated under Activation Info and Normal under Status. Account setting can be left as the sole entry in MailPlus privilege without modifying the settings in Control Panel.
34
Chapter 5: Account Settings
5. Customize mailbox storage by selecting the target user and click Set Quota to configure the
following settings:
MailPlus quota: Specify the mailbox size limit.
Remaining capacity notification: Specify the warning threshold to remind users that
their mailboxes are approaching the storage limit
5. Click OK to apply the user's quota.
6. The Info column displays the user's quota information and used capacity.
7. Click Apply to activate users.
Note:
For users with deactivated licenses (e.g. former employees), you can select them and click Clear Data to remove all their emails and personal setttings..
Activate groups
You can easily activate and deactivate user groups here. Settings will be applied to all members
within the same group. Please refer to the following steps:
1. Go to Account > Group to activate or deactivate a group.
Note:
The descending order of the priority for determining the last activated user account is as follows: User settings, Group settings, and Default settings.
35
Chapter 5: Account Settings
2. Customize mailbox storage quota for groups. Select the target group and click Set Quota to
configure the following settings:
MailPlus quota: Specify the mailbox size limit.
Remaining capacity notification: Specify the warning threshold to remind users that
their mailboxes are approaching the storage limit
3. Click OK to apply the group's quota
4. Click Apply to activate users within the group.
Default status
You can adjust the default status at the Settings tab in the Account page. The default status
settings will be applied to user accounts in the Normal status that have not been activated or
deactivated. Please refer to the following steps:
1. Go to Account > Settings and choose whether to tick the Activate all users by default or
the Enable default user quota checkbox.
Note:
Activating by default may use a large number of licenses. Please make sure you have sufficient licenses.
36
Chapter 5: Account Settings
2. Click Apply to save the settings.
Create user policies
After activating users or groups, you can create dedicated mail service policies for certain
users or groups to meet an organization's requirements. Please refer to the following steps to
create user policies:
1. Go to Account > User Policy.
2. Click the plus icon (+) to create a new policy.
3. In the Create window, go to User Policy and enter a policy name in the Name field.
4. Select a color for the policy from the Color drop-down menu for easy identification.
37
Chapter 5: Account Settings
Note:
For details on policy information, please refer to Policy information and restrictions.
5. Switch to the Target User tab and select a user or group to apply the policy to. You can also
use the search bar at the top of the window to find the target.
6. Click OK to finish the settings.
7. After a policy has been created, it will be listed in the User Policy page. Select a policy to
preview policy details and settings on the right panel of the page.
38
Chapter 5: Account Settings
Change user policy priority
Multiple user policies may be applied to one user; however, only one policy will take effect.
Which policy will take effect depends on the priority settings of user policies. Please refer to
the following steps to change the priority of a user policy:
1. Go to Account > User Policy and click the double triangle icon to show or hide target users/
groups.
2. Higher policies have greater priority over lower policies. (For example, in the image below,
the priority in descending order will be as follows: Old policy, New policy, Default policy.
Therefore, Old policy instead of New policy will be applied to the admin.)
3. Click the two-way arrow icon to change the policy priority.
Note:
If you wish to apply a specific policy to a user, please make sure this policy has a higher priority over other policies.
39
Chapter 5: Account Settings
4. Hover to the left of the policy and drag and drop it to a suitable position according to your
desired order.
5. Click the two-way arrow icon to close the drag and drop function and make the new priority
order take effect.
Note:
Default policy will always have the lowest priority. For more information, please refer to Default policies.
Edit and delete user policies
You can edit policy settings, add or delete users to a policy, or change policy color. Please refer
to the following steps to edit or delete a user policy:
1. Go to Account > User Policy.
2. Hover to the policy you want to edit and two icons will appear. Click the pencil icon to edit
the policy, or click the trash-can icon to delete the policy.
40
Chapter 5: Account Settings
Default policies
The system default policy will be applied to users that are not regulated by any custom policy.
The default policy is a pre-existing policy that cannot be edited, deleted, or re-prioritized.
Please refer to the following setting details of the default policy:
Disable auto forwarding The default is By Domain.
Daily sending quota (number) The default is By Domain.
Daily outbound traffic (MB) The default is By Domain.
Single attachment size (MB) The default is By Domain.
Send mail to internal users only The default is No.
Enable IMAP The default is Yes.
Allow login only from LAN via IMAP The default is No.
Enable POP3 The default is Yes.
Allow login only from LAN via POP3 The default is No.
Enable full-text search The default is Yes.
Since the default policy will apply to all users, it may not meet your expectations regarding
certain restrictions. If you do not want specific restrictions to take effect, you will need to
disable these restrictions.
41
Chapter 5: Account Settings
Policy information and restrictions
No. Policy Results of Enabling Policy
Results of Disabling Policy By Domain
01 Disable auto forwarding
Users cannot auto-forward emails.
Users can auto- forward emails.
Policies will follow domain settings.
Note:
This policy does not affect manual forwarding.
No. Policy Results of Enabling Policy
Results of Disabling Policy By Domain
02 Daily sending quota (number)
Users will be restricted by a quota.
Users will not be restricted by a quota.
Policies will follow domain settings.
Note:
If an email message has been rejected before being delivered, it will not be counted against the quota.
If an email message has been returned after being delivered, it will be counted against the quota.
The value set for the default policy is equal to the Daily quota value under the Daily Quota section of the Usage Limit tab in the Domain page.
When the value is 0, users will not have any restrictions.
You must go to Mail Delivery > General and tick the Enable SMTP authentication checkbox.
No. Policy Results of Enabling Policy
Results of Disabling Policy By Domain
03 Daily outbound traffic (MB)
Users will be restricted by outbound traffic.
Users will not be restricted by outbound traffic.
Policies will follow domain settings.
Note:
If an email message has been rejected before being delivered, it will not be counted against the quota.
If an email message has been returned after being delivered, it will be counted against the quota.
The value set for the default policy is equal to the Daily traffic limit (MB) value under the Daily Quota section of the Usage Limit tab in the Domain page.
When the value is 0, users will not have any restrictions.
You must go to Mail Delivery > General and tick the Enable SMTP authentication checkbox.
42
Chapter 5: Account Settings
No. Policy Results of Enabling Policy
Results of Disabling Policy By Domain
04 Single attachment size (MB)
Users will be restricted by attachment sizes.
Users will not be restricted by attachment sizes.
Policies will follow domain settings.
Note:
The value set for the default policy is equal to the Maximum size per mail (MB) value at the General tab in the Mail Delivery page.
The value set for the default policy will be applied to external emails.
No. Policy Results of Enabling Policy
Results of Disabling Policy
05 Send mail to internal users only
Users will be restricted to sending emails to internal users only.
Users will not be restricted to sending emails to internal users only.
No. Policy Results of Enabling Policy
Results of Disabling Policy
06 Enable IMAP Users will be allowed to use IMAP.
Users will be restricted from using IMAP.
Note:
If the Enable IMAP checkbox under the IMAP/POP3 section in the Service page is not ticked, IMAP services will not be available and the user policy will not take effect. Users will not be able to use IMAP even when IMAP is enabled in the user policy.
No. Policy Results of Enabling Policy
Results of Disabling Policy
07 Allow login only from LAN via IMAP
Users will be restricted to only signing in from a subdomain via IMAP.
Users will have no restrictions when signing in to MailPlus.
Note:
If the Enable IMAP checkbox under the IMAP/POP3 section in the Service page is not ticked, IMAP services will not be available and the user policy will not take effect. Users will not be able to sign in via IMAP even when Allow login only from LAN via IMAP is enabled in the user policy.
MailPlus web clients will not be restricted by this setting.
No. Policy Results of Enabling Policy
Results of Disabling Policy
08 Enable POP3 Users will be allowed to use POP3.
Users will be restricted from using POP3.
43
Chapter 5: Account Settings
Note:
If the Enable POP3 checkbox under the IMAP/POP3 section on the Service page is not ticked, POP3 services will not be available and the user policy will not take effect. Users will not be able to use POP3 even when POP3 is enabled in the user policy.
No. Policy Results of Enabling Policy
Results of Disabling Policy
09 Allow login only from LAN via POP3
Users will be restricted to only signing in from a subdomain via POP3.
Users will have no restrictions when signing in to MailPlus.
Note:
If the Enable POP3 checkbox under the IMAP/POP3 section in the Service page is not ticked, POP3 services will not be available and the user policy will not take effect. Users will not be able to sign in via POP3 even when Allow login only from LAN via POP3 is enabled in the user policy.
You can still sign in with MailPlus using an external network. (MailPlus connects to the mail server using the internal network.)
No. Policy Results of Enabling Policy
Results of Disabling Policy
010 Enable full-text search The server will index email content of users.
The server will not index email content of users.
Note:
If the Enable full-text search checkbox under the Full-Text Search section in the Service page is not ticked, the user policy will not take effect, and the email content of users will not be indexed.
Create delegation policies
At the Delegation tab, you can delegate other users to manage settings related to server
management, domain, security, auditing, and account (except for license) of MailPlus Server
according to the delegation profile you assign them. In this chapter, Domain Admin will be
used as an example for demonstration purposes.
1. Go to Account > Delegation and click the plus icon on the top bar.
44
Chapter 5: Account Settings
2. In the pop-up window, go to the Delegation tab and enter the required information. The
system will automatically tick the options below based on the selected delegation profile.
The profile will switch to Custom when you tick or untick any options below. Please refer to
this article to know more about the delegated permissions.
For example, if you select Domain Manager for Domain Admin, users regulated by this
delegation policy can manage all settings of existing domains. However, if you select Domain Assistant for Domain Admin, users under this delegation policy can only manage the alias and
auto BCC of domains.
45
Chapter 5: Account Settings
3. Go to the Target User tab to select the users/groups to be regulated under the defined
delegation policy.
4. Click OK to save the settings.
Manage delegation policies
1. Go to Account > Delegation.
2. Select Domain Admin to view, edit, and delete a policy.
3. You can use the buttons on the top toolbar and the preview panel on the right to manage
delegation policies:
Set policy priority:
Click the two-way arrow icon to set the priority.
Click Domain Admin and drag and drop the policy to a suitable position. If a user/group
is governed by more than one delegation policy, the system will apply the highest
policy on the list to the user/group.
Expand/Collapse a delegation policy: Click the double triangle icon to expand or
collapse its target users/groups.
Search a delegation policy: Enter the policy name or its users in the top search bar.
Preview a delegation policy: Preview the name, profile, and other details of the
delegation policy.
Edit a delegation policy: Click the pen icon to edit the policy.
Delete a delegation policy: Click the trash bin icon to delete the policy.
46
Chapter 5: Account Settings
Manage Privileges
MailPlus Server privilege settings are synchronized with DSM settings. Users who are from the
administration group on DSM can access all the MailPlus Server settings, while general users
can only see the Personal page (as shown in the image below).
Note:
The privilege settings of MailPlus Server should remain as default at Control Panel. All users should have privileges on MailPlus Server; otherwise, the package functionality would be limited.
47
Chapter 6: Protocol Settings
Chapter 6: Protocol Settings
MailPlus Server provides a centralized configuration interface for mail service protocols. You
can open/close ports for certain protocols or rebind the network interface of your server.
Since protocol settings affect the external operations of the entire server, please make sure
the settings are configured according to your needs.
SMTP
The SMTP uses three ports. In MailPlus Server, they are displayed as SMTP (port number: 25),
SMTP-SSL (port number: 465), and SMTP-TLS (port number: 587). The three protocols and their
respective roles are listed below:
SMTP: SMTP is a standard protocol used to receive external emails and deliver internal
emails. MailPlus Server uses Postfix and will deliver email messages using hamming
code when STARTTLS is not specified. Currently, our SMTP is not encrypted. If you need
encryption, please refer to here.
SMTP-SSL: SMTPS is a supported protocol for SMTP-SSL. Since DSM no longer supports SSL
encryption, MailPlus Server can only connect to SMTP-SSL through TLS.
Note:
This is different from encrypting SMTP through STARTTLS. SMTP must send encrypted packets out after a handshake. If you need to relay using this protocol, please refer to here for more information.
SMTP-STARTTLS: SMTPS is a supported protocol for SMTP-STARTTLS and performs
encryption through STARTTLS. SMTP-STARTTLS requires authentication; therefore, it is often
used for the internal protocol between client and MSA.
Set up SMTP
Please refer to the following instructions on the configuration of SMTP and respective ports:
1. Go to Service > Protocol > SMTP and tick the Enable SMTP checkbox.
Note:
SMTP is the main protocol for a mail server.
48
Chapter 6: Protocol Settings
2. You can change the port number in the Port field.
Note:
Unless there are special circumstances, we recommend that you use the default port 25.
3. You can adjust the following settings:
Enable SMTP-SSL/TLS: Tick to encrypt the SMTP connection between your MailPlus
Server and other email servers or clients with TLS.
Enable SMTP-STARTTLS: Tick to encrypt the SMTP connection between your MailPlus
Server and other email servers or clients with STARTTLS.
4. Click Apply to save the settings.
IMAP/POP3
IMAP/POP3 provides both encrypted and non-encrypted options, thereby using four ports. In
MailPlus Server, these ports are IMAP (port number: 143), IMAPS (port number: 993), POP3 (port
number: 110), and POP3S (port number: 995). Through these protocols, you can retrieve email
information from MailPlus Server using different email clients.
Note:
Both protocols encrypt through STARTTLS. Since DSM no longer supports SSL encrypted connection, please do not set up SSL for an encrypted connection.
IMAP: IMAP is a standard protocol that allows users to access data stored on a mail server.
IMAP clients modify emails on the mail server, which will be mirrored to all IMAP client
mailboxes; therefore, all the changes made to an email will be synchronized across multiple
devices.
49
Chapter 6: Protocol Settings
POP3: POP3 is a standard protocol that allows users to access data stored on a mail server.
POP3 clients download emails from the server and save them locally, so changes made to an
email will not be synchronized back to the mail server.
Set up IMAP/POP3
You can refer to the following steps to configure IMAP, POP3, and their respective ports:
1. Go to Service > IMAP/POP3.
2. You can adjust the following settings under the IMAP/POP3 section:
Enable POP3: Tick to allow email client software to receive messages using POP3.
Enable POP3 SSL/TLS: Tick to allow POP3 client connection to be protected with SSL/TLS.
Enable IMAP: Tick to allow email client software to receive messages using IMAP.
Enable IMAP SSL/TLS: Tick to allow IMAP client connection to be protected with SSL/TLS.
3. Click Apply to save the settings.
50
Chapter 6: Protocol Settings
Network Interface
After you install MailPlus Server or configure high-availability, MailPlus Server will bind with a
network interface to support High-availability cluster. The mail service hosted on the server
will run on this network interface.
Bind network interface
When your MailPlus Server is running on a single server, you can bind MailPlus Server with
LAN, PPPoE, or a bonded network interface. When your MailPlus Server is running under a
high-availability architecture, you can bind MailPlus Server with LAN or a bonded network
interface. You can use manual configuration to retrieve the IP address of the network
interface.
Note:
When your MailPlus Server binds with a bonded network interface, you cannot unbind the bonded network interface. If you want to unbind the bonded network interface, you must first modify the network interface or uninstall MailPlus Server.
Modify network interface
1. Sign in to DSM.
2. Launch MailPlus Server.
3. Go to Service > Network Interface and switch network interfaces from the Network Interface drop-down menu.
4. Click Apply to save the settings.
51
Chapter 7: SMTP Settings
After completing the basic MailPlus Server configuration during the installation stage, you may
need to set up SMTP-related limits on users' login or inbound/outbound mail delivery.
Service Settings
You can go to the Mail Delivery page to set up rules for sending and receiving emails.
MailPlus Server provides quick and convenient service setting options including the following:
SMTP profile: You can specify a hostname for MailPlus Server and an SMTP banner on a
client's Telnet terminal. In addition, you can set up rules for sending and receiving emails
such as specifying the maximum size per email and maximum recipients per message to
avoid consuming excessive resources.
Full-text search: You can enable the full-text search feature to improve the performance
of mail search. This feature allows MailPlus web clients to index emails, including those with
Chinese, Japanese, and Korean characters. Since the full-text search feature indexes all email
content, it may require additional computing resources. You can decide whether or not to
enable the full-text search feature, and further disable full-text search for specific users. For
more information, please refer to Create user policies.
Set up an SMTP profile
SMTP profile contains rules about how MailPlus Server sends emails to other mail servers.
1. Go to Mail Delivery > General.
Hostname (FQDN): Specify the hostname of MailPlus Server in FQDN format. Make sure
that the hostname matches the IP address in a DNS server.
SMTP banner: Specify the text that will show up on an SMTP client's Telnet terminal.
Max recipients per message: Set the maximum number of recipients in an inbound/
outbound message. A message exceeding the limit will be rejected.
Max message hops: Set the maximum number of hops (i.e., mail relays) made by an
inbound/outbound message. A message exceeding the limit will be rejected.
Maximum size per email (MB): Set the maximum size of an inbound/outbound
message. A message exceeding the limit will be rejected.
Chapter 7: SMTP Settings
52
Chapter 7: SMTP Settings
2. Click Apply to save the settings.
External postmaster
External postmaster is set to receive system emails sent to Mailer-daemon and Postmaster
aliases from other mail servers.
1. Go to Mail Delivery > General.
2. Click the External Postmaster button.
3. Tick the Enable external postmaster checkbox.
4. Click the plus icon/Add button to add email addresses for external postmasters.
5. Click OK to save the settings.
53
Chapter 7: SMTP Settings
Full-text search
With full-text search enabled, the server will index email subject lines, senders, recipients, and
message content, allowing you and client users to conveniently search keywords on clients
supporting this feature (e.g., MailPlus).
Note:
Enabling this feature may increase system loading when there is a large number of outbound and inbound messages.
1. Go to Service.
2. Under the Full-Text Search section, you can adjust the following settings:
Enable full-text search: When you tick this option, you can refer to Create user policies
for detailed information. You can disable full-text search for specific users to avoid server
load.
Allow character search for Chinese, Japanese, and Korean mail: When you tick this
option, a character segmenter will be enabled to help you find specific characters in
Chinese, Japanese, and Korean email content.
3. Click Apply to save the settings.
SMTP Secure Connection
MailPlus Server can enhance security and stability by analyzing user connection, login info,
and email content. This will not only safeguard your service quality but also prevent MailPlus
Server from becoming an open relay for spammers and being blacklisted consequently.
SMTP authentication: With SMTP authentication enabled, users need to enter their DSM
user accounts and passwords for authentication when relaying emails through the server.
54
Chapter 7: SMTP Settings
Note:
Authentication is only required for email relaying. This is to prevent becoming an open relay for spammers. For more information, please refer to this article.
Blacklist and whitelist: If your server continues to receive spam emails, you can set up
blacklist rules to reject services for emails from certain sources. On the other hand, MailPlus
Server may accidentally reject legitimate emails when Antivirus scan, Authentication, or
other scanning features are enabled. In this case, you can use the whitelist to skip security
scanning so that important emails can be received.
Sender policy: You can set up criteria to reject unqualified formats or unauthenticated
sender addresses.
Connection policy: You can limit connections from the client IPs that cannot be identified or
may cause MailPlus Server to overload.
Advanced settings: During the connection phase, accurate commands and other advanced
settings are required. Please refer to Advanced settings for more information.
Enable SMTP authentication
Authentication prevents malicious users from relaying spam through your mail server. We
recommend enabling the user authentication feature. Users who do not pass authentication
will be unable to forward their emails. This will prevent your server from being listed on
blacklists.
Note:
Some features in MailPlus Server such as Daily Quota require authentication.
1. Go to Mail Delivery > General and choose whether to tick the Enable SMTP Authentication checkbox.
2. With the Enable SMTP Authentication checkbox ticked, you can adjust the following
settings:
Skip authentication for local network connections from terminal: Users who use the
local network to access mail services do not require authentication.
Check if the sender's email addresses belong to the login accounts: Users have to
use the email addresses that belong to their login accounts to send emails.
Note:
If you tick the Check if the senders' email addresses belong to the login accounts checkbox at the General tab, emails from the Trusted List might be rejected by MailPlus Server. You can go to the General tab and tick the Skip the check for sender's email address to see if it belongs to the login account for emails sent from trusted networks checkbox to skip the check. If you tick the Skip authentication for local network connections from terminal checkbox at the General tab, emails from local networks will not be blocked by MailPlus Server.
55
Chapter 7: SMTP Settings
3. Click Apply to save the settings.
Create blacklist & whitelist
The system will take specific actions on certain messages based on various criteria specified
in Blacklist & Whitelist. You can refer to the following steps to create rules for blacklist and
white list:
Note:
If an email message matches the criteria set in both the blacklist and whitelist, this email will be received since the whitelist takes priority over the blacklist. Please refer to the Whitelist information and restrictions section.
1. Go to Mail Delivery > Security and click Blacklist & Whitelist .
2. In the Blacklist & Whitelist window, you can manage your blacklist and whitelist. In this
section, we will use Blacklist for demonstration purposes:
Blacklist: Set rules to reject/discard matching email messages.
Whitelist: Set rules to allow matching email messages to pass through.
3. At the Blacklist tab, click Create.
56
Chapter 7: SMTP Settings
4. Name the blacklist (whitelist) rule in the Name field.
5. Choose a type of rule:
Sender: Takes specific actions when a sender address matches the specified criteria.
Recipient: Takes specific actions when a recipient address matches the specified criteria.
IP: Takes specific actions when a sender IP address matches the specified criteria.
IP/subnet mask: Takes specific actions when a sender IP address and its subnet mask
match the specified criteria.
Domain: Takes specific actions when a sender domain matches the specified criteria. This
option is only available for Whitelist.
Note:
The address in Sender is determined by the information retrieved from MAIL FROM.
The address in Recipient is determined by the information retrieved from RCPT TO.
6. Specify the criteria for the selected rule type. Please refer to the grey text in the input field
for the correct format. You can enter asterisks (*) when specifying the sender or recipient
criteria.
7. Choose an action to take when the criteria are matched from the Do this drop-down menu.
Note:
Whitelist does not include this option since it always allows emails that match its criteria to be received.
Reject it: Senders will be notified when their emails are rejected.
Discard it: Senders will not be notified when their emails are discarded.
57
Chapter 7: SMTP Settings
8. Click OK to complete the settings.
Edit and delete blacklist & whitelist
1. You can enter keywords in the search field in the upper-right corner of the Black & White List window to search for the blacklist or whitelist you want to modify.
2. You can tick the Enabled checkbox to enable or disable a rule. (You do not need to delete
the rule from the blacklist or whitelist.)
3. When you need to edit or delete a specific rule, select the rule first and click Edit or Delete.
4. Click OK to save the settings.
58
Chapter 7: SMTP Settings
Whitelist information and restrictions
Whitelist settings may skip the tests that are required for blacklists. Moreover, depending on
the type of settings, it may also skip DNSBL, SPF, antivirus scans, DKIM, and DMARC tests. The
following table shows which tests will be skipped based on the different whitelist settings:
DNSBL SPF Antivirus Scans DKIM DMARC
smtpd_*_
restrictions
IP v v v v v v
IP/subnet mask v v v v v
Sender v v v
Recipient v v v
Domain v v v v v
Note:
There are certain tests the whitelist will not skip, emails that do not pass these tests will fail to be delivered. For example, when the sender admin@example.com is on the whitelist, since the sender rule does not support DNSBL, DKIM, and DMARC, it must pass DNSBL, DKIM, or DMARC tests to avoid delivery failure.
If you wish to skip all the tests listed in the table, we recommend that you set up whitelist rules based on IP address.
Sender policy
1. Go to Mail Delivery > Security.
2. Under the Sender Policy section, set up certain criteria to reject emails. The policies include
the following:
Reject senders without fully qualified domain name (FQDN): When a sender's domain
name from MAIL FROM does not match the RFC standard FQDN format, emails will be
rejected.
Reject senders using unknown domains: When MailPlus Server is not the final receiving
terminal and a sender domain from MAIL FROM does not match any DNS A record and
MX record, or when the MX record is incorrect, emails will be rejected.
59
Chapter 7: SMTP Settings
Connection policy
1. Go to Mail Delivery > Security.
2. Under the Connection Policy section, set up the criteria to restrict client connections or
block suspicious IP addresses. The policies include the following:
Reject unknown client hostnames: When an IP address or a client hostname is
incorrect or does not exist, the client connection to MailPlus Server will be rejected.
Keeping more concurrent connections than the limit: You can set the maximum
concurrent connections for the server. When the number of concurrent connections with
the same IP address exceeds this number, connections will be blocked until the total
number is lower than the limit.
Sending more messages than the limit in one minute: You can set the maximum
number of email messages that can be sent within one minute. When the number of
emails sent within one minute from the same IP address exceeds this number, emails
from this IP address will be blocked until the next minute starts.
Building more connections than the limit in one minute: You can set the maximum
number of connections within one minute. When the number of connections with the
same IP address exceeds this number within one minute, connections will be blocked
until the next minute starts.
Advanced settings
1. Go to Mail Delivery > Security.
2. Under the Advanced section, you can adjust security settings for mail delivery:
Reject unauthorized pipelining requests: Rejects connections that keep sending SMTP
requests.
Reject HELO hostnames without fully qualified domain name (FQDN): Rejects
connection when hostnames have incomplete domain names during HELO or EHLO.
60
Chapter 7: SMTP Settings
Reject unknown HELO hostnames: Rejects connection when hostnames do not have
DNS A record or MX record during HELO or EHLO.
Block any IP emailing more non-existent accounts than the limit: Blocks the IP
address of a user until the next day when the user using the same IP address on the
same day sends emails, exceeding the specified limit, to non-existent accounts in MailPlus
Server.
Max junk commands per session: When the number of connected clients exceeds the
specified number of junk commands (i.e., NOOP, VRFY, ETRN, and RSET) within the same
session, every 10 junk commands will cause a one-second delay on mail delivery.
Mail Relay
If you want to send emails via other servers or send/receive emails for other servers, you can
configure mail relay, SMTP authentication, encryption, and other provided security features.
Set up delivery control
At the Delivery tab, you can configure settings of MailPlus Server to relay emails through a
specific server, allowing all outgoing emails to be sent through the specified server.
1. Go to Mail Delivery > Delivery > Relay Settings.
2. Select a rule type:
Send mails directly from this server: All emails will be sent by MailPlus Server directly.
All mails are sent through a single relay host: All emails will be sent by the relay server
that you specify below. Enter the IP address or hostname of the relay server in the Server
field and its port number in the Port field. After ticking this option, you can adjust the
following security settings:
61
Chapter 7: SMTP Settings
Always use a secure connection (TLS): MailPlus Server sends STARTTLS to enable
encrypted connections. If MailPlus Server is the relay server, please refer to here. In
MailPlus Server, the default TLS security level is may.
Authentication required: If your relay server has enabled authentication, please
enter the account and password of the relay server to use it for mail relay.
Note:
STARTTLS and SMTPS differ. If you want to use SMTPS, MailPlus Server does not provide an interface to configure this. Please refer to wrappermode to configure the settings.
Emails matching a certain rule specific email addresses or domains can be sent through a
designated relay server. You can click the Relay Host List button under Relay Exceptions to
adjust recipient and sender rules.
62
Chapter 7: SMTP Settings
Recipient Rule: Emails sent to the specified email addresses or domains will be sent
through a designated relay server. The priority of recipient rules will be higher than
that of sender rules.
Sender Rule: Emails sent from the specified addresses or domains will be sent
through a designated relay server.
a. Click the Create, Edit, or Delete button to manage recipient and sender rules.
b. Enter a rule name and specify a relay server and port.
c. Edit the Recipient List by selecting an email address or domain so emails relayed
to the server will be received at the specified email addresses or domains.
d. Click OK to save the settings.
e. Click Apply to finish the settings.
63
Chapter 7: SMTP Settings
Set up relay control
At the Relay Control tab, you can adjust MailPlus Server settings, so it can send or receive
emails for multiple mail servers.
Relay outbound emails for other mail servers:
1. Go to Mail Delivery > Relay Control.
2. Click the Trusted List button under the Relay Outbound Mails section.
3. Click Create and enter a rule name. Specify the IP address or subnet mask of other mail
servers.
4. Click OK to save the settings.
Note:
If you tick the Check if the senders' email addresses belong to the login accounts checkbox at the General tab, emails from the Trusted List might be rejected by MailPlus Server. You can go to the General tab and tick the Skip the check for sender's email address to see if it belongs to the login account for emails sent from trusted networks checkbox to skip the check. If you tick the Skip authentication for local network connections from terminal checkbox at the General tab, emails from local networks will not be blocked by MailPlus Server.
Relay inbound emails for other mail servers
To relay inbound emails for other mail servers, please set up a DNS record first. You may refer
to the following steps and go to Domain List to add a mail server. Here we use one external
server and one internal server as an example.
1. Set up an external DNS server for MailPlus Server. Here we use Bluehost as an example.
2. After logging in to Bluehost, adjust the following settings. Enter your domain name in the
MX record on the external DNS server and enter the IP address of MailPlus Server in the A
record. In this way, other mail servers will be able to send emails to MailPlus Server based
on these DNS records.
64
Chapter 7: SMTP Settings
3. Set up an internal Synology DNS Server for MailPlus Server to find your primary mail server.
4. Enter your domain name in the MX record on the internal DNS server and enter the IP
address of the domain in the A record. The priority of the DNS records on the internal DNS
server must be higher than that on the external DNS server.
65
Chapter 7: SMTP Settings
5. Go to DSM > Control Panel > Network > General and tick the Manually configure DNS server checkbox. Enter the IP address of the internal DNS server in the Preferred DNS Server field and the IP address of the external DNS server in the Alternative DNS Server
field to make sure the internal and external connections of MailPlus Server can work
properly. After MailPlus Server receives emails, it will check the MX records of the two DNS
servers and send emails to the mail server with the higher priority.
66
Chapter 7: SMTP Settings
6. Launch MailPlus Server and go to Mail Delivery > Relay Control. Under the Relay Inbound Mails section, click the Domain List button.
7. Click the Create button.
8. Enter the rule name and domain.
9. Click OK to save the settings.
Note:
Although emails are sent internally, you should configure the security settings at the Spam and Antivirus tabs of the Security page to avoid malicious emails.
Since security settings are turned on, you can add emails to the whitelist at Mail Delivery > Security to avoid blocking.
The network segment of all servers should be the same.
67
Chapter 8: Domain Settings
Domain
You can host multiple email domains in a single MailPlus Server to centralize emails sent to
your domains. You can also customize aliases, auto BCC, usage limits, and disclaimers for each
domain.
Create a domain in MailPlus Server
Sign in to MailPlus Server and go to Domain to create a new domain. In this chapter,
synology.456 will be used for demonstration purposes.
1. Go to Domain and click the Add button.
2. Fill in the domain name synology.456 and its description.
3. When adding members to the domain, MailPlus Server will fetch information from the
account system based on the settings of Default email address format. You may choose
Account name, Display name, Mail nickname, Email, or Custom according to the
account type you set at Service > SMTP > Account type.
Note:
Editing account names will not change the existing email addresses..
Chapter 8: Domain Settings
68
Chapter 8: Domain Settings
The following table shows the default settings MailPlus Server provides for each account type.
Account type Default settings
Local users Account name Mail nickname
LDAP users Account name Mail nickname
Domain users
Account name Display name Mail nickname
4. In addition to the above options, you can select Custom to enter variables in the Custom variables field as the default email address formats. The following table shows the
variables that MailPlus Server supports:
69
Chapter 8: Domain Settings
Variable Value
Related manuals for Synology NAS DS1517+ v3 Administrator's Guide
en
en
en
en
en
en
en
Manualsnet FAQs
If you want to find out how the DS1517+ Synology works, you can view and download the Synology NAS DS1517+ v3 Administrator's Guide on the Manualsnet website.
Yes, we have the Administrator's Guide for Synology DS1517+ as well as other Synology manuals. All you need to do is to use our search bar and find the user manual that you are looking for.
The Administrator's Guide should include all the details that are needed to use a Synology DS1517+. Full manuals and user guide PDFs can be downloaded from Manualsnet.com.
The best way to navigate the Synology NAS DS1517+ v3 Administrator's Guide is by checking the Table of Contents at the top of the page where available. This allows you to navigate a manual by jumping to the section you are looking for.
This Synology NAS DS1517+ v3 Administrator's Guide consists of sections like Table of Contents, to name a few. For easier navigation, use the Table of Contents in the upper left corner.
You can download Synology NAS DS1517+ v3 Administrator's Guide free of charge simply by clicking the “download” button in the upper right corner of any manuals page. This feature allows you to download any manual in a couple of seconds and is generally in PDF format. You can also save a manual for later by adding it to your saved documents in the user profile.
To be able to print Synology NAS DS1517+ v3 Administrator's Guide, simply download the document to your computer. Once downloaded, open the PDF file and print the Synology NAS DS1517+ v3 Administrator's Guide as you would any other document. This can usually be achieved by clicking on “File” and then “Print” from the menu bar.