Staff E-mail - Other Clients
General instructions for Non-Staff desktop staff e-mail clients
Introduction
The officially supported e-mail client provided as part of our standard Windows Staff Desktop model is now Microsoft Outlook. This client will automatically be installed on your staff desktop PC if you are a user of the new staff e-mail system, and you should not need to perform any manual configuration of your staff desktop PC in order to use this with its default settings.
We also have instructions for setting up Outlook 2003 for those NOT on the Staff Desktop service www.lboro.ac.uk/it/email/outlook-setup-home.html. This could be your home computer at home, or a non-Staff Desktop computer on campus. We also have instructions for setting up Outlook 2007 for those NOT on the Staff Desktop service www.lboro.ac.uk/it/email/outlook-2007-setup-home.html.
The instructions given below are provided in order to assist staff and research students at Loughborough University in configuring their own e-mail clients to work with the new staff e-mail service, either instead of, or in addition to, the officially supported client. You will need an in-depth understanding of how your e-mail client communicates in order to use these instructions. You should only need to use these instructions if you are not using a client for which we have provided specific tailored instructions. Before following these instructions, you should consider whether you would be willing / able to switch over to using the officially supported e-mail client, or failing that, an e-mail client for which we are able to provide specific instructions, as this may aid both you and our staff in the event of problems. Specific instructions exist for the following well known e-mail clients:
-
Microsoft Outlook 2003 for home/non-Staff Desktop users (Windows) www.lboro.ac.uk/it/email/outlook-setup-home.html.
-
Microsoft Outlook 2007 for home/non-Staff Desktop users (Windows) www.lboro.ac.uk/it/email/outlook-2007-setup-home.html.
-
Mozilla Thunderbird (Windows) www.lboro.ac.uk/it/email/thunderbird-setup.html.
-
Apple Mail - existing users or users with multiple e-mail accounts (Macintosh) www.lboro.ac.uk/it/mac/staff-mail-multiple.html.
-
Apple Mail - new users (Macintosh) www.lboro.ac.uk/it/mac/staff-mail-new.html.
-
Apple iCal (Macintosh) www.lboro.ac.uk/mac/ical.html.
-
Mozilla Thunderbird (Macintosh) www.lboro.ac.uk/it/mac/thunderbird.html.
-
Mozilla Thunderbird (Linux) www.lboro.ac.uk/it/email/linux-thunderbird.html.
Information for Configuring Unsupported E-mail Clients
E-Mail and Password Security
The following instructions detail how to configure an e-mail client to communicate over encrypted sessions. This methodology ensures that the communication between your e-mail client and the e-mail servers can not be deciphered by malicious third parties. It should be noted however that e-mail is still "at risk" when it is stored on your desktop computer system, if the security of that system itself is not adequate. If in doubt, you should consider only using the web interface to staff e-mail as this reduces the risk to your e-mail information.
Additionally, it should be noted that although it is possible to save your password in most e-mail clients such that you will not be asked to enter the password each time you read your e-mail, IT Services do not recommend this on grounds of security. It is particularly important not to allow the client to save your e-mail password when installing on a client machine which may be used by other people, as to do so could inadvertently give others access to your University e-mail account violating both the University Acceptable Use Policy (see www.lboro.ac.uk/it/policies/loughborough-aup.html), and UK Data Protection legislation (see www.lboro.ac.uk/admin/ar/policy/dpact/index.htm). The username and password to use are your standard Loughborough University Active Directory username and password.
Configuring your client for reading e-mail
The new staff mail service is configured to only permit e-mail reading via the Internet Message Access Protocol (IMAP). The previous staff e-mail service also supported an older protocol called the "Post Office Protocol" better known as POP. This protocol should now be considered deprecated and is deliberately disabled on the new staff e-mail servers. IMAP in general provides a better interface to e-mail, allowing the placement of e-mail folders on the server, and providing more efficient mechanisms for e-mail retrieval and encrypted communication. IMAP is also a supported mechanism on virtually all modern e-mail clients and has been the recommended method for staff e-mail access at Loughborough University for approximately 7 years.
In order to protect e-mail access and to prevent malicious individuals listening in to your network traffic and obtaining your personal details (e.g. username and password), the new staff e-mail service is configured to only allow logins over an encrypted connection. The e-mail system provides two different mechanisms for enabling this encryption. Virtually all IMAP clients support at least one of these mechanisms, and many support both. The supported mechanisms are:
-
IMAP over SSL (sometimes referred to as IMAPS).
-
IMAP with TLS (sometimes referred to as IMAP with STARTTLS).
IMAP over SSL causes the IMAP traffic to travel over a pre-encrypted network port. To use the SSL method, you should look in the configuration for references to SSL or IMAPS and you should configure the client to communicate with the server on TCP port 993.
IMAP with TLS causes the IMAP client to make an ordinary unencrypted connection to the IMAP server. This unencrypted connection is then changed into an encrypted one by the client sending the "STARTTLS" command. To use this method, you should look for references to TLS or STARTTLS in your clients connection methods and should enable these. Your client should be configured to communicate on the default IMAP port, TCP port 143.
Either of the above two mechanisms will work with the new staff e-mail server. If your client is able to support both mechanisms, then we would recommend that you choose the first of the two mechanisms (IMAP over SSL) as this matches what is automatically configured on the IT Services Staff Desktop model and may aid diagnosis in the event of problems.
If your e-mail client supports multiple IMAP login methods, then you should ensure that it is set to use a "plain text" login method. Login methods which inherently involve encryption technology e.g. certificate transfer and challenge response are not supported by the staff e-mail service as these are not required when SSL or TLS are in use to encrypt the whole communication stream.
Your username for login via the IMAP session should be specified in the form:
username@lboro.ac.uk (e.g. ccano@lboro.ac.uk)
Please note: The new e-mail service specifically requires the addition of the @lboro.ac.uk at the end of e-mail usernames. This is a significant change from the old staff e-mail system and should be noted if you are attempting to alter an existing e-mail configuration to use the new servers.
If you are already familiar with low level configuration of IMAP clients to talk to the old staff e-mail server then you will notice an immediate difference on the new IMAP servers. The old server placed all e-mail folders under your personal "Inbox" folder which would have looked something like this:
- Inbox
- My folder 1
- My folder 2
- Sent Items
- Drafts
- Deleted Items
The new staff e-mail server stores your personal folders on the server at the same level in the folder structure as your Inbox, so the same folders would instead look like this:
- Inbox
- My folder 1
- My folder 2
- Sent Items
- Drafts
- Deleted Items
[Note: Some e-mail clients hide the actual structure from you anyway. If you use such a client then you are unlikely to notice this difference.]
Configuring your client for sending e-mail
The new staff e-mail system uses the Simple Mail Transfer Protocol (SMTP) to send e-mail. This is the same mechanism used by the old staff e-mail service and is supported by all modern e-mail clients. As with IMAP, the new e-mail servers will only accept e-mail sent to them via e-mail clients if they are configured to operate over an encrypted link. Again, as with IMAP this is done to prevent malicious individuals being able to gain access to your personal credentials or the content of the e-mail messages that you are sending.
Two different encryption methods are supported for SMTP:
-
SMTP over SSL (sometimes referred to as SMTPS).
-
SMTP with TLS (sometimes referred to as SMTP with STARTTLS).
These two methods are analogous to those used for IMAP communication.
The SMTP over SSL method communicates over a previously encrypted channel operating on TCP port 465. To enable this method on your client, you should look for references to SSL or SMTPS and choose TCP port 465 for your communication.
The SMTP with TLS method makes a conventional SMTP connection to the server and then asks the server to convert this into an encrypted connection by sending the STARTTLS command. To enable this method look for the configuration options for TLS or STARTTLS. Clients using this method can either be configured to connect to the default SMTP port which is TCP port 25, or can alternatively be configured to connect to the SMTP-Submission port which is TCP port 587.
Some broadband ISPs specifically block access via the default TCP port 25 to e-mail servers outside of their own network. They do this to prevent misuse of other e-mail servers by their subscribers, however this is very inconvenient for legitimate users of external e-mail services, e.g. users of the Loughborough staff e-mail servers. If you are planning on using your e-mail client from a broadband supplier which applies this restriction, and wish to use SMTP with TLS, then changing your client to communicate on TCP port 587 will normally get around this restriction.
SMTP connections on the new staff e-mail server also require authentication for security reasons. As with IMAP, you should ensure that your client is using a "plain text" login method, and that your username is specified in the form:
username@lboro.ac.uk (e.g. ccano@lboro.ac.uk)
Subscribing to folders
The IMAP server provided by the new staff e-mail service is compliant with the IMAPrev4 standard. This includes the ability to support IMAP folder subscription. E-mail clients, which also support this standard, will have the concept of e-mail folders on the server to which you "subscribe" and folders to which you do not "subscribe". This feature is present to allow you to control which folders appear in your normal folder view, whilst hiding other less used folders. While on the face of it, this is a potentially useful feature, it can cause difficulties where multiple users need to share common e-mail folders, such as the new shared Archive service, with each and every user of the shared e-mail folders needing to individually subscribe to each shared folder from their e-mail client.
In order to avoid this problem, the standard installation of Outlook, as provided by IT Services, does not enable the folder subscription feature. This ensures that users are always able to see all of their folders, including any shared ones. However, users of alternative e-mail clients may find that their client does enable the IMAP folder subscription feature. With some e-mail clients, this is a configuration option which may be disabled to allow viewing of all folders at all times. On other clients, e.g. Microsoft Entourage, no capability exists for disabling the feature. Unless you have a very good reason for requiring the folder subscription feature, our recommendation is that, wherever possible, you disable it in your client. Users of clients which can not disable this feature, should ensure that they carry out regular folder subscriptions when new folders are created, e.g. shared folders, created by their departmental archive administrator. You can subscribe to folders on the fully-functioned Webmail system https://staff-mail.lboro.ac.uk and do not select Lightweight interface, by clicking Settings in the top right, and then clicking the Subscriptions tab.
Connecting to the Server
The password to use is your Loughborough University Active Directory password. Please note that we recommend that the password should be entered each time you use your client, and should not be stored in the client.
Summary
IT Services regret that they are unable to provide specific assistance in configuring all e-mail clients to talk to the new staff e-mail server. The instructions above are however known to work for a very large number of e-mail clients. We have staff / research students known to be accessing the staff e-mail servers using many different IMAP based e-mail clients. These include, but are not restricted to: Microsoft Outlook, Outlook Express, Thunderbird (all platforms), Apple Mail, Eudora, Pine, Mutt, Mulberry, Fetchmail, Evolution, Nokia Series 60 & 90 Mailers, ProfiMail, and MS Entourage (Macintosh).
In the unlikely event that you are unable to configure your e-mail client to work with the new staff e-mail server, you have two options. You can either switch over to using one of the supported e-mail clients (e.g. Microsoft Outlook), or you can choose to access your e-mail via the web access method. The new staff e-mail servers provide an enhanced web access method designed to look more like a desktop e-mail client. There is also a lightweight interface (for less able web browsers, and slower network links) as well as a compact interface designed to be accessed via small screen web browsers, such as those present on many PDAs and Mobile Phones. All of these web interfaces are available at the following URL: