Mail configuration: Difference between revisions

From MoodleDocs
m (formatting)
(Added DKIM section)
Line 18: Line 18:


NOTE: You can also use [[Email_setup_gmail|Google gMail]] servers or AMAZON [https://docs.bitnami.com/aws/how-to/use-ses/ AWS SES] Simple Email Services to setup SMTP relay for your outbound emails.  
NOTE: You can also use [[Email_setup_gmail|Google gMail]] servers or AMAZON [https://docs.bitnami.com/aws/how-to/use-ses/ AWS SES] Simple Email Services to setup SMTP relay for your outbound emails.  
== DKIM ==
For advanced DKIM setup this is usually done at the MTA such as postfix eg using a 'milter' like opendkim.
However there are advantages to doing this in Moodle directly such as when you have limited control over the way your email is being sent. Also by having it in Moodle it can be easier to manage.
In 3.10 / 4.0 a new setting was added that makes it possible to sign emails at the Moodle level and it requires setting up the private certificates and putting them in a known location where Moodle can find them. Because emails could be sent from a variety of From email addresses the location contains the domain in it's path and you can provide as many certificates as needed but this is an uncommon use case.
== The most common setup ==
The simplest and fairly typical setup is where all emails are sent from the noreply email. In this setup we will give instructions on a linux setup such as debian or ubuntu.
<code php>
$CFG->noreplyaddress = 'noreply@moodle.myschool.edu.au'
</code>
In this case you need to choose a DKIM selector which is arbitrary but is often based on a date as the best practice is to rotate them on a periodic basis.
Lets say we have chosen a selector of '2020sep'.
Now in sitedata we need to create a folder to hold the DKIM certificate with a subdirectory matching the domain:
<code php>
mkdir -p /path/to/sitedata/dkim/moodle.myschool.edu.au
</code>
Next in this directory generate the private key and public key DNS record using the opendkim-genkey tool:
<code php>
opendkim-genkey -b 2048 -r -s 2020sep -d moodle.myschool.edu.au -v
</code>
This should result in two files like this:
<code php>
/path/to/sitedata/dkim/moodle.myschool.edu.au/2020sep.txt
/path/to/sitedata/dkim/moodle.myschool.edu.au/2020sep.private
</code>
Only the .private file is used by Moodle, the .txt file is the TXT record which you need to add to your DNS. To confirm that it is all correct there is a great public tool where you can enter the domain and DKIM selector and it will confirm the record looks like it is in the correct shape.
https://mxtoolbox.com/dkim.aspx
Once this is in place then use the email testing tool in moodle to send a test email, it can be useful to turn on the debugsmtp setting.
/admin/testoutgoingmailconf.php
You should see the DKIM signature in the email headers. The email server receiving the email should also have validated this signature as well and added another header with the results of this validation.
ie in Gmail open the email, click the '...' on the right, then 'Show original' and in the headers it should say:
DKIM: 'PASS' with domain moodle.myschool.edu.au


===Test outgoing mail configuration===
===Test outgoing mail configuration===

Revision as of 12:10, 14 June 2021

Outgoing mail configuration

Settings related to mail sent by Moodle can be found in 'Outgoing mail configuration' in Site administration -> Server -> Email.

The setting 'Allowed email domains' (allowedemaildomains) allows you to enter domains allowed by your mail server so that forum post notification emails can be sent from users' real addresses. It accepts a wildcard for conveniently adding a lot of domains (*.example.com - tim@first.example.com), or a strict match (example.com - tim@example.com).

If allowed domains are set then the user's email address will be used in the "From" and "Reply to" field only in the following situations:

  • The email matches the allowed domains, and the user's setting is to display their email address to everyone.
  • The email matches the allowed domains, and the user's setting is to display their email only to course members, and the email is to be delivered to a course member.

All other situations use the no-reply address.

The setting 'Email via information' (emailfromvia) adds via information in the From section of outgoing email to inform the recipient where the email came from:

Name (via shortname) <noreplyaddress>

'shortname' is the short name for the site as set in the front page settings.

NOTE: You can also use Google gMail servers or AMAZON AWS SES Simple Email Services to setup SMTP relay for your outbound emails.


DKIM

For advanced DKIM setup this is usually done at the MTA such as postfix eg using a 'milter' like opendkim.

However there are advantages to doing this in Moodle directly such as when you have limited control over the way your email is being sent. Also by having it in Moodle it can be easier to manage.

In 3.10 / 4.0 a new setting was added that makes it possible to sign emails at the Moodle level and it requires setting up the private certificates and putting them in a known location where Moodle can find them. Because emails could be sent from a variety of From email addresses the location contains the domain in it's path and you can provide as many certificates as needed but this is an uncommon use case.

The most common setup

The simplest and fairly typical setup is where all emails are sent from the noreply email. In this setup we will give instructions on a linux setup such as debian or ubuntu.

$CFG->noreplyaddress = 'noreply@moodle.myschool.edu.au'

In this case you need to choose a DKIM selector which is arbitrary but is often based on a date as the best practice is to rotate them on a periodic basis.

Lets say we have chosen a selector of '2020sep'.

Now in sitedata we need to create a folder to hold the DKIM certificate with a subdirectory matching the domain:

mkdir -p /path/to/sitedata/dkim/moodle.myschool.edu.au

Next in this directory generate the private key and public key DNS record using the opendkim-genkey tool:

opendkim-genkey -b 2048 -r -s 2020sep -d moodle.myschool.edu.au -v

This should result in two files like this:

/path/to/sitedata/dkim/moodle.myschool.edu.au/2020sep.txt /path/to/sitedata/dkim/moodle.myschool.edu.au/2020sep.private

Only the .private file is used by Moodle, the .txt file is the TXT record which you need to add to your DNS. To confirm that it is all correct there is a great public tool where you can enter the domain and DKIM selector and it will confirm the record looks like it is in the correct shape.

https://mxtoolbox.com/dkim.aspx

Once this is in place then use the email testing tool in moodle to send a test email, it can be useful to turn on the debugsmtp setting.

/admin/testoutgoingmailconf.php

You should see the DKIM signature in the email headers. The email server receiving the email should also have validated this signature as well and added another header with the results of this validation.

ie in Gmail open the email, click the '...' on the right, then 'Show original' and in the headers it should say:

DKIM: 'PASS' with domain moodle.myschool.edu.au


Test outgoing mail configuration

A link is available to send yourself a test email to check everything is working correctly.

Incoming mail configuration

If incoming mail processing is enabled in 'Incoming mail configuration' in Site administration, then users are able to reply to forum posts via email and send files to their private files as email attachments.

Mailbox configuration

It is important to have a dedicated email address here. Don't use one you normally use for your personal emails. You do not need to add the @ sign. If you have set up the email mountorangeschool @ besteveremail.com then it would be entered as in the following screenshot:

emailexampleincoming.png

Incoming mail server settings

As an example, if you are using gmail you would use IMAP.gmail.com in the Incoming mail server (messageinbound_host) field. (If using gmail you also need to make sure that you've enabled IMAP for yor gmail account - see https://support.google.com/mail/troubleshooter/1668960?hl=en )

Note1: The SMTP server hosting the mailbox you've configured above must support plus addressing i.e. any email sent to mountorangeschool+blahblahblah@besteveremail.com is still delivered to mountorangeschool@besteveremail.com.

Note2 : The username and password here must relate to the settings you entered earlier in Mailbox configuration. So if your address was mountorangeschool @ besteveremail.com and your username is mountorangeschool, then enter your username in this section along with the password you use to get into this email account.

Note 3: You may also need to make sure that your host does not block outbound connections to the IMAP ports (some do by default).

Note 4: If using gmail, you may find that IMAP does not work with Google's higher security setting. If IMAP is not working with gmail, check out https://support.google.com/accounts/answer/6010255?hl=en-GB

Message handlers

Email to Private files

  • If you enable this, then users will be able to send attachments via email directly to their private files. See Private files for details of how the feature works.
  • Each user will be provided with an address in their Private files to which they send the email and attached files. You can set the default expiry period for this address here.
  • Checking the 'Validate sender address' box will mean that if an email is sent to a user's private files from a different account from that registered with user in Moodle, then Moodle will check first before allowing the file to be stored in the user's Private files.

Invalid recipient handler

If a valid message is received but the sender cannot be authenticated, the message is stored on the email server and the user is contacted using the email address in their user profile. The user is given the chance to reply to confirm the authenticity of the original message.This handler processes those replies.

It is not possible to disable sender verification of this handler because the user may reply from an incorrect email address if their email client configuration is incorrect.

Reply to forum posts

  • If you enable this, then users will be able to reply to forum posts directly from their email inbox. See the section on 'Reply to posts via email' in Using Forum for details of how the feature works.
  • You must leave empty the Site administration > Server > Email > Outgoing mail configuration > Allowed email domains setting; otherwise users will see the email of the forum poster instead.
  • Each user will be provided with reply-to address when they click to reply to a forum post via email. You can set the default expiry period for this address here.

See also