Skip to content

Securing the archive#

This documentation applies to Piler enterprise edition 2.0.0

Revision #1

Publication date: 2025-SEP-23

Single node layout#

The piler node should be accessed on port 443 from the Internet. Port 25 should be limited to your mail servers, also see the SMTP ACL feature below.

Multiple nodes layout#

UI node ports accessibility:

  • tcp/443: from the Internet
  • tcp/3306: from the worker nodes

The worker nodes ports accessibility:

  • tcp/25: only the MX server
  • tcp/80,443: only the UI node
  • tcp/9312: only the UI node

MX server ports accessibility:

  • tcp/25: only from your mail servers

It's also possible to use an internal network where the worker nodes' ports and the UI node mysql port are available.

STARTTLS support#

By default the installer creates a key and a self-signed certificate (/etc/piler/piler.pem) to support STARTTLS providing encrypted message transfer between the smtp client and the Piler smtp server. You are free to fix piler.pem to use your signed CA.

SMTP ACL lists#

Piler supports an smtp acl list similar to postscreen. See https://mailpiler.com/smtp-acl-list/ for more.

Antivirus and antispam support#

Piler expects clean emails only. Spam and other malware occupy valuable disk space and other resources on the piler host, not to mention that it might pose other problems. So you should do the heavy lifting of scanning and filtering of any spam and malware on your MX servers.

However, Piler is able to use the result of any antispam application, provided that it sets a specific email header to mark spam emails. If you used SpamAssassin, then you may use the following setting in /etc/piler/piler.conf, then piler can recognize when it receives a spam:

spam_header_line=X-Spam-Flag: YES

If piler recognizes a spam, then you may set an exlusion rule to discard it (preventing from getting to the archive) or archive it for a shorter time, eg. 30 days or so.

Note that piler supports a single spam header line, ie. you cannot specify the anti-spam headers of several anti-spam products. However, by using an SMTP it’s possible to rewrite several kind of antispam headers to a unified value. See https://mailpiler.com/consolidating-several-anti-spam-message-headers-on-the-smtp-gateway/ for more.