Mail configuration: Difference between revisions

From MoodleDocs
(WIP...)
 
(50 intermediate revisions by 14 users not shown)
Line 1: Line 1:
{{New features}}
{{Server settings}}
If incoming mail processing is enabled, users are able to reply to forum posts via email and send files to their private files as email attachments. The two relevant settings can be found in ''Site administration>Server>Incoming mail configuration.
==Outgoing mail configuration==
''
Settings related to mail sent by Moodle can be found in 'Outgoing mail configuration' in Site administration -> Server -> Email.


[[File:incomingmail.png|center|thumb]]
The setting 'Allowed email domains' (allowedemaildomains) allows you to enter domains allowed by your mail server so that forum post notification emails can be sent from users' real addresses. It accepts a wildcard for conveniently adding a lot of domains (*.example.com - tim@first.example.com), or a strict match (example.com - tim@example.com).  


==Mail settings==
If allowed domains are set then the user's email address will be used in the "From" and "Reply to" field only in the following situations:
* The email matches the allowed domains, and the user's setting is to display their email address to everyone.
* The email matches the allowed domains, and the user's setting is to display their email only to course members, and the email is to be delivered to a course member.
All other situations use the no-reply address.


===General configuration===
The setting 'Email via information' (emailfromvia) adds via information in the From section of outgoing email to inform the recipient where the email came from:
The checkbox Enable incoming mail processing (''messageinbound_enabled'') MUST be ticked for this feature to work.
Name (via shortname) <noreplyaddress>
'shortname' is the short name for the site as set in the front page settings.
 
NOTE: You can also use [[Email setup gmail|Google gMail]] servers or AMAZON [https://docs.bitnami.com/aws/how-to/use-ses/ AWS SES] Simple Email Services to setup SMTP relay for your outbound emails.
 
 
=== DKIM ===
For advanced DKIM setup this is usually done at the MTA such as postfix e.g. using a 'milter' like opendkim.
 
However, there are advantages to doing this in Moodle directly such as when you have limited control over the way your email is being sent. Also by having it in Moodle it can be easier to manage.
 
In 3.10 / 4.0 a new setting was added that makes it possible to sign emails at the Moodle level and it requires setting up the private certificates and putting them in a known location where Moodle can find them. Because emails could be sent from a variety of From email addresses the location contains the domain in its path and you can provide as many certificates as needed but this is an uncommon use case.
==== The most common setup ====
The simplest and fairly typical setup is where all emails are sent from the noreply email. In this setup we will give instructions on a linux setup such as debian or ubuntu.
 
<code php>
$CFG->noreplyaddress = 'noreply@moodle.example.com'
</code>
 
In this case you need to choose a DKIM selector which is arbitrary but is often based on a date as the best practice is to rotate them on a periodic basis.
 
Lets say we have chosen a selector of '2020sep'.
 
Now in sitedata we need to create a folder to hold the DKIM certificate with a subdirectory matching the domain:
 
<code php>
mkdir -p /path/to/sitedata/dkim/moodle.example.com
</code>
 
Next in this directory generate the private key and public key DNS record using the opendkim-genkey tool:
 
<code php>
opendkim-genkey -b 2048 -r -s 2020sep -d moodle.example.com -v
</code>
 
This should result in two files like this:
 
<code php>
/path/to/sitedata/dkim/moodle.example.com/2020sep.txt
/path/to/sitedata/dkim/moodle.example.com/2020sep.private
</code>
 
Only the .private file is used by Moodle, the .txt file is the TXT record which you need to add to your DNS. To confirm that it is all correct there is a great public tool where you can enter the domain and DKIM selector and it will confirm the record looks like it is in the correct shape.
 
https://mxtoolbox.com/dkim.aspx
 
Once this is in place then use the email testing tool in moodle to send a test email, it can be useful to turn on the debugsmtp setting.
 
/admin/testoutgoingmailconf.php
 
You should see the DKIM signature in the email headers. The email server receiving the email should also have validated this signature as well and added another header with the results of this validation.
 
i.e. in Gmail open the email, click the '...' on the right, then 'Show original' and in the headers it should say:
 
DKIM: 'PASS' with domain moodle.example.com
ℹ️ If your system does not have the opendkim-genkey command available, you may also try like: <syntaxhighlight lang="sh">
mkdir -p dkim/learning.example.com
cd dkim/learning.example.com
openssl genrsa -out learning.private 2048
openssl rsa -in learning.private -outform PEM -pubout -out learning.public
</syntaxhighlight>This example assumes your domain is "learning.example.com" and your DKIM selector is "learning". A DKIM selector allows you to send emails on one domain name, like example.com, from both your Moodle software running on one server with one key as well as other software elsewhere with another key.
 
Next you will need to create a DNS TXT entry for DKIM. You will need only public key to do this. We do not provide the algorithm here, but we note that a popular chatbot is able to format this correctly for you if you paste in the public key and ask it to provide a DKIM TXT record.
 
===Test outgoing mail configuration===
A link is available to send yourself a test email to check everything is working correctly.
==Incoming mail configuration==
If incoming mail processing is enabled in 'Incoming mail configuration' in Site administration, then users are able to reply to forum posts via email and send files to their private files as email attachments.
===Mailbox configuration===
===Mailbox configuration===
It is important to have a dedicated email address here. Don't use one you normally use for your personal emails. You do not need to add the @ sign. If you have set up the email mountorangeschool @ besteveremail.com then it would be entered as in the following screenshot:
It is important to have a dedicated email address here. Don't use one you normally use for your personal emails. You do not need to add the @ sign. If you have set up the email mountorangeschool@example.com then it would be entered as in the following screenshot:
[[File:emailexampleincoming.png|thumb|center|400px]]
[[File:emailexampleincoming.png|thumb|center|400px]]
===Incoming mail server settings===
As an example, if you are using gmail you would use '''IMAP.gmail.com''' in the Incoming mail server (messageinbound_host) field. (If using gmail you also need to make sure that you've enabled IMAP for yor gmail account - see https://support.google.com/mail/troubleshooter/1668960?hl=en )
Note1: The SMTP server hosting the mailbox you've configured above must support ''plus addressing'' i.e. any email sent to mountorangeschool+blahblahblah@example.com is still delivered to mountorangeschool@example.com.
Note2 : The username and password here must relate to the settings you entered earlier in Mailbox configuration. So if your address was mountorangeschool@example.com and your username is ''mountorangeschool'', then enter your username in this section along with the password you use to get into this email account.


===Incoming mail server settings===
Note 3: You may also need to make sure that your host does not block outbound connections to the IMAP ports (some do by default).
Note: The username and password  here must relate to the settings you entered earlier in Mailbox configuration. So if your address was mountorangeschool @ besteveremail.com and your username is ''mountorangeschool'', then enter your username in this section along with the password you use to get into this email account.
 
Note 4: If using gmail, you may find that IMAP does not work with Google's higher security setting. If IMAP is not working with gmail, check out https://support.google.com/accounts/answer/6010255?hl=en-GB and follow the configuration steps available at MDL-61921


==Message handlers==
==Message handlers==
Accessed from ''Site administration>Server>Incoming mail configuration>Message handlers'', this page allows you to turn on or off the following settings. Note that you must first have completed the fields in ''Site administration>Server>Incoming mail configuration>Mail settings.''
===Email to Private files===
===Email to Private files===
*If you enable this, then users will be able to send attachments via email directly to their private files. See [[Private files]] for details of how the feature works.
*If you enable this, then users will be able to send attachments via email directly to their private files. See [[Private files]] for details of how the feature works.
*Each user will be provided with an address in their Private files to which they send the email and attached files. You can set the default expiry period for this address here.
*Each user will be provided with an address in their Private files to which they send the email and attached files. You can set the default expiry period for this address here.
*Checking the 'Validate sender address' box will mean that if an email is sent to a user's private files from a different account from that registerd with user in Moodle, then Moodle will check first before allowing the file to be stored in the user's Private files.
*Checking the 'Validate sender address' box will mean that if an email is sent to a user's private files from a different account from that registered with user in Moodle, then Moodle will check first before allowing the file to be stored in the user's Private files.
===Invalid recipient handler===
If a valid message is received but the sender cannot be authenticated, the message is stored on the email server and the user is contacted using the email address in their user profile. The user is given the chance to reply to confirm the authenticity of the original message.This handler processes those replies.


It is not possible to disable sender verification of this handler because the user may reply from an incorrect email address if their email client configuration is incorrect.
===Reply to forum posts===
===Reply to forum posts===
*If you enable this, then users will be able to reply to forum posts directly from their email inbox.
*If you enable this, then users will be able to reply to forum posts directly from their email inbox. See the section on 'Reply to posts via email' in [[Using Forum]] for details of how the feature works.
*
*You must leave empty the ''Site administration > Server > Email > Outgoing mail configuration > Allowed email domains'' setting; otherwise users will see the email of the forum poster instead.
*Each user will be provided with reply-to address when they click to reply to a forum post via email. You can set the default expiry period for this address here.
==See also==
* [https://moodle.org/mod/forum/discuss.php?d=277594 Need help configuring forum's "Reply to post" feature] forum discussion
 
[[Category:Forum]]
 
[[es:Configuración del correo]]
[[de:Einstellungen für E-Mails]]

Latest revision as of 13:07, 18 January 2024

Outgoing mail configuration

Settings related to mail sent by Moodle can be found in 'Outgoing mail configuration' in Site administration -> Server -> Email.

The setting 'Allowed email domains' (allowedemaildomains) allows you to enter domains allowed by your mail server so that forum post notification emails can be sent from users' real addresses. It accepts a wildcard for conveniently adding a lot of domains (*.example.com - tim@first.example.com), or a strict match (example.com - tim@example.com).

If allowed domains are set then the user's email address will be used in the "From" and "Reply to" field only in the following situations:

  • The email matches the allowed domains, and the user's setting is to display their email address to everyone.
  • The email matches the allowed domains, and the user's setting is to display their email only to course members, and the email is to be delivered to a course member.

All other situations use the no-reply address.

The setting 'Email via information' (emailfromvia) adds via information in the From section of outgoing email to inform the recipient where the email came from:

Name (via shortname) <noreplyaddress>

'shortname' is the short name for the site as set in the front page settings.

NOTE: You can also use Google gMail servers or AMAZON AWS SES Simple Email Services to setup SMTP relay for your outbound emails.


DKIM

For advanced DKIM setup this is usually done at the MTA such as postfix e.g. using a 'milter' like opendkim.

However, there are advantages to doing this in Moodle directly such as when you have limited control over the way your email is being sent. Also by having it in Moodle it can be easier to manage.

In 3.10 / 4.0 a new setting was added that makes it possible to sign emails at the Moodle level and it requires setting up the private certificates and putting them in a known location where Moodle can find them. Because emails could be sent from a variety of From email addresses the location contains the domain in its path and you can provide as many certificates as needed but this is an uncommon use case.

The most common setup

The simplest and fairly typical setup is where all emails are sent from the noreply email. In this setup we will give instructions on a linux setup such as debian or ubuntu.

$CFG->noreplyaddress = 'noreply@moodle.example.com'

In this case you need to choose a DKIM selector which is arbitrary but is often based on a date as the best practice is to rotate them on a periodic basis.

Lets say we have chosen a selector of '2020sep'.

Now in sitedata we need to create a folder to hold the DKIM certificate with a subdirectory matching the domain:

mkdir -p /path/to/sitedata/dkim/moodle.example.com

Next in this directory generate the private key and public key DNS record using the opendkim-genkey tool:

opendkim-genkey -b 2048 -r -s 2020sep -d moodle.example.com -v

This should result in two files like this:

/path/to/sitedata/dkim/moodle.example.com/2020sep.txt /path/to/sitedata/dkim/moodle.example.com/2020sep.private

Only the .private file is used by Moodle, the .txt file is the TXT record which you need to add to your DNS. To confirm that it is all correct there is a great public tool where you can enter the domain and DKIM selector and it will confirm the record looks like it is in the correct shape.

https://mxtoolbox.com/dkim.aspx

Once this is in place then use the email testing tool in moodle to send a test email, it can be useful to turn on the debugsmtp setting.

/admin/testoutgoingmailconf.php

You should see the DKIM signature in the email headers. The email server receiving the email should also have validated this signature as well and added another header with the results of this validation.

i.e. in Gmail open the email, click the '...' on the right, then 'Show original' and in the headers it should say:

DKIM: 'PASS' with domain moodle.example.com

ℹ️ If your system does not have the opendkim-genkey command available, you may also try like:

mkdir -p dkim/learning.example.com
cd dkim/learning.example.com
openssl genrsa -out learning.private 2048
openssl rsa -in learning.private -outform PEM -pubout -out learning.public

This example assumes your domain is "learning.example.com" and your DKIM selector is "learning". A DKIM selector allows you to send emails on one domain name, like example.com, from both your Moodle software running on one server with one key as well as other software elsewhere with another key.

Next you will need to create a DNS TXT entry for DKIM. You will need only public key to do this. We do not provide the algorithm here, but we note that a popular chatbot is able to format this correctly for you if you paste in the public key and ask it to provide a DKIM TXT record.

Test outgoing mail configuration

A link is available to send yourself a test email to check everything is working correctly.

Incoming mail configuration

If incoming mail processing is enabled in 'Incoming mail configuration' in Site administration, then users are able to reply to forum posts via email and send files to their private files as email attachments.

Mailbox configuration

It is important to have a dedicated email address here. Don't use one you normally use for your personal emails. You do not need to add the @ sign. If you have set up the email mountorangeschool@example.com then it would be entered as in the following screenshot:

emailexampleincoming.png

Incoming mail server settings

As an example, if you are using gmail you would use IMAP.gmail.com in the Incoming mail server (messageinbound_host) field. (If using gmail you also need to make sure that you've enabled IMAP for yor gmail account - see https://support.google.com/mail/troubleshooter/1668960?hl=en )

Note1: The SMTP server hosting the mailbox you've configured above must support plus addressing i.e. any email sent to mountorangeschool+blahblahblah@example.com is still delivered to mountorangeschool@example.com.

Note2 : The username and password here must relate to the settings you entered earlier in Mailbox configuration. So if your address was mountorangeschool@example.com and your username is mountorangeschool, then enter your username in this section along with the password you use to get into this email account.

Note 3: You may also need to make sure that your host does not block outbound connections to the IMAP ports (some do by default).

Note 4: If using gmail, you may find that IMAP does not work with Google's higher security setting. If IMAP is not working with gmail, check out https://support.google.com/accounts/answer/6010255?hl=en-GB and follow the configuration steps available at MDL-61921

Message handlers

Email to Private files

  • If you enable this, then users will be able to send attachments via email directly to their private files. See Private files for details of how the feature works.
  • Each user will be provided with an address in their Private files to which they send the email and attached files. You can set the default expiry period for this address here.
  • Checking the 'Validate sender address' box will mean that if an email is sent to a user's private files from a different account from that registered with user in Moodle, then Moodle will check first before allowing the file to be stored in the user's Private files.

Invalid recipient handler

If a valid message is received but the sender cannot be authenticated, the message is stored on the email server and the user is contacted using the email address in their user profile. The user is given the chance to reply to confirm the authenticity of the original message.This handler processes those replies.

It is not possible to disable sender verification of this handler because the user may reply from an incorrect email address if their email client configuration is incorrect.

Reply to forum posts

  • If you enable this, then users will be able to reply to forum posts directly from their email inbox. See the section on 'Reply to posts via email' in Using Forum for details of how the feature works.
  • You must leave empty the Site administration > Server > Email > Outgoing mail configuration > Allowed email domains setting; otherwise users will see the email of the forum poster instead.
  • Each user will be provided with reply-to address when they click to reply to a forum post via email. You can set the default expiry period for this address here.

See also