ZCS Administrator's Guide, Network Edition 4.5, Rev 2 11/07
Table of Contents Previous Next Index


Managing ZCS Configurations

Managing ZCS Configurations
This chapter describes the Zimbra Collaboration Suite component configurations that you manage. The ZCS components are configured during the initial installation of the software. After the installation, you can manage the following components from either the administration console or using the CLI utility:
Help is available from the administration console about how to perform tasks from the administration console. If the task is only available from the CLI, see Appendix A for a description of how to use the CLI utility.
Managing Global Configurations
Global Settings control global rules that apply to accounts in the Zimbra servers. The global settings are set during installation, and the settings can be modified from the administration console. A series of tabs make it easy to manage these settings.
Global settings that can be configured include:
Enabling Pop and IMAP and the port numbers. If IMAP/POP proxy is set up, making sure that the port numbers are configured correctly.
You can view the current Zimbra license information, update the license if necessary and view the number of accounts created in Global Settings.
Note: Configurations set in Global Settings define inherited default values for the following objects: server, account, COS, and domain. If these attributes are set in the server. COS or Account set up, they override the global settings.
General Global Settings
In the General tab configure the Most results returned by GAL search field, which sets a global ceiling for the number of GAL results returned from a user search. The default is 100 results per search.
Global Attachment Settings
The Attachments tab can be configured with global rules to reject mail with files attached, to convert attachments to HTML for viewing, and to disable viewing files attached to mail messages in users’ mailboxes. When attachment settings are configured in Global Settings, the global rule takes precedence over COS and Account settings.
The attachment settings are as follows:
Attachments cannot be viewed regardless of COS. Users cannot view any attachments. This global setting can be set to prevent a virus outbreak from attachments, as no mail attachments can be opened.
Attachments are viewed in HTML regardless of COS. Email attachments can only be viewed in HTML. The COS may have another setting but this global setting overrides the COS setting.
Attachments are viewed according to COS. This global settings states the COS sets the rules for how email attachments are viewed.
Reject messages with attachment extension lets you select which file types are unauthorized for all accounts. The most common extensions are listed. You can also add different extension types to the list. Messages with those type of files attached are rejected and the sender gets a bounce notice. The recipient does not get the mail message and is not notified.
Note: Attachments settings can also be set for a Class of Service (COS) and for accounts.
Global MTA Settings
The MTA tab is used to enable or disable authentication and configure a relay hostname, the maximum message size, enable DNS lookup, protocol checks, and DNS checks. For a description of Zimbra MTA, see Zimbra MTA.
Authentication should be enabled, to support mobile SMTP authentication users so that their email client can talk to the Zimbra MTA.
TLS authentication only forces all SMTP auth to use Transaction Level Security to avoid passing passwords in the clear.
Web mail MTA Host name and web mail MTA port. The MTA that the web server connects to for sending mail. The default port number is 25.
The Relay MTA for external delivery is the relay host name. This is the Zimbra MTA to which Postfix relays non-local email.
MTA Trusted Network is a network where mail is relayed arbitrarily. In general, MTAs must not relay mail to addresses they do not service. This creates an exception to that rule.
Maximum messages size and maximum size of an upload. Maximum size for a message and it’s attachments to be received and the maximum size of a single attachment.
If Enable DNS lookups is checked, the Zimbra MTA makes an explicit DNS query for the MX record of the recipient domain. If this option is disabled, set a relay host in the Relay MTA for external delivery.
The Protocol fields are checked to reject unsolicited commercial email (UCE), for SPAM control.
The DNS fields are checked to reject mail, if the client’s IP address is unknown, the hostname in the greeting is unknown and/or if the sender’s domain is unknown.
Global IMAP and POP Settings
IMAP and POP access can be enabled as a global setting or server setting.
With POP3 users can retrieve their mail stored on the Zimbra server and download new mail to their computer. The user’s POP configuration determines if messages are deleted from the Zimbra server.
With IMAP users can access their mail from any computer as the mail is stored on the Zimbra server.
Configuring IMAP and POP Proxy Server
Setting up a IMAP/POP proxy server is useful for ZCS sites that want to present a single hostname for POP/IMAP. Enabling IMAP/POP proxy servers allows mail retrieval for a domain to be split across multiple Zimbra servers on an account basis.
Note: It is not recommended to configure IMAP/POP proxy server for ZCS running on a single server.
The IMAP/POP Proxy server feature can be enabled when ZCS is installed or any time from the administration console. Both SSL and non-SSL connections can be configured.
When an IMAP or POP user enters his email address and password, the IMAP/POP proxy server searches the LDAP directory server to find which Zimbra server host the account is created on and then passes the authentication through to the appropriate mailbox server. The proxy server does not contain any data.
When the proxy server is configured, the default POP and IMAP ports are configured for the proxy server. ZCS designates the Zimbra server port numbers. These port numbers cannot be changed. When you enable a proxy server on any Zimbra server, servers that do not have the proxy server enabled must be configured with appropriate server port number listed in the following table.
Anti-Spam Settings
Anti-spam protection can be enabled for each server when the Zimbra software is installed. The following options are configured:
When a message is tagged as spam, the message is delivered to the recipient’s Junk folder. Users can view the number of unread messages that are in their Junk folder and can open the Junk folder to review the messages marked as spam. If you have the anti-spam training filters enabled, when they add or remove messages in the Junk folder, their action helps train the spam filter. See "Anti-Spam Protection” .
RBL (Real time black-hole lists) can be turned on or off in SpamAssassin from the Zimbra CLI. See "To turn RBL on” .
Anti-Virus Settings
Anti-virus protection is enabled for each server when the Zimbra software is installed. The global settings for the anti-virus protection is configured with these options enabled:
Block encrypted archives, such as password protected zipped files.
Send notification to recipient to alert that a mail message had a virus and was not delivered.
During ZCS installation, the administrator notification address for anti-virus alerts is configured. The default is to set up the admin account to receive the notification. When a virus has been found, a notification is automatically sent to that address.
By default, the Zimbra MTA checks every two hours for any new anti-virus updates from ClamAV. The frequency can be set between 1 and 24 hours.
Note: Updates are obtained via HTTP from the ClamAV website.
License Information
A Zimbra license is required in order to create accounts. When you purchase, renew, or change the Zimbra license, you must update the Zimbra server with the new license information. The Update License Wizard from the administration console’s Global Settings is used to upload and install a new license and to update an existing license, or you can install or update the license using the zmlicense CLI command. See Appendix A, CLI Commands, "zmlicense” on page 117 to use the CLI command.
Current license information, including the license ID, the issue date, expiration date, number of accounts purchased, and the number of accounts used can be viewed from the Global Settings License tab.
When the number of accounts created is equal to the number of accounts purchased you will not be able to create new accounts. You can purchase additional accounts or you can delete existing accounts. Contact Zimbra sales to purchase additional accounts.
You must renew your license within 30 days of the expiration date. Starting 30 days before the license expires, when you log on to the administration console, a reminder notice is displayed.
Global HSM Session Setting
Global Settings HSM (Hierarchical Storage Management) sets the default message age thresholds to 30 days. The HSM global setting is the default unless you change the schedule in the Server configuration. See "Scheduling HSM Sessions” .
Managing Domains
One domain is identified during the installation process and additional domains can be easily added to the Zimbra system from the administration console.
For domains, you configure the Global Address List mode, the authentication mode, virtual domains and create a Domain Documents account. You can assign a COS to the domain and have the COS automatically assigned to accounts created on the domain.
Global Address List (GAL) Mode
The Global Address List (GAL) is your company directory.
GAL is configured on a per-domain basis. The GAL mode setting for each domain determines where the GAL lookup is performed. Select one of the following GAL configurations:
Internal. The Zimbra LDAP server is used for directory lookups.
External. External directory servers are used for GAL lookups. You can configure multiple external LDAP hosts for GAL. All other directory services use the Zimbra LDAP service (configuration, mail routing, etc.).
Both. Internal and external directory servers are used for GAL lookups.
A GAL configuration wizard steps you through configuring the GAL mode and to set the maximum number of results returned for a search in GAL.
Authentication Modes
Authentication is the process of identifying a user or a server to the directory server and granting access to legitimate users based on user name and password information provided when users log in. Zimbra Collaboration Suite offers the following three authentication mechanisms:
Internal. The Internal authentication uses the Zimbra directory server for authentication on the domain. When you select Internal, no other configuration is required.
External LDAP. The user name and password is the authentication information supplied in the bind operation to the directory server. You must configure the LDAP URL, LDAP filter, and to use DN password to bind to the external server.
External Active Directory. The user name and password is the authentication information supplied to the Active Directory server. You identify the Active Directory domain name and URL.
On the administration console, you use an authentication wizard to configure the authentication settings on your domain.
Virtual Hosts
Virtual hosting allows you to host more than one domain name on a server. The general domain configuration does not change. when you create a virtual host, Zimbra Web Client users can log in without having to specify the domain name as part of their user name.
Virtual hosts are entered on the Domains>Virtual Hosts tab on the administrator’s console. The virtual host requires a valid DNS configuration with an A record.
To open the Zimbra Web Client log in page, users enter the virtual host name as the URL address. For example, https://mail.company.com.
When the Zimbra login screen displays, users enter only their user name and password. The authentication request searches for a domain with that virtual host name. When the virtual host is found, the authentication is completed against that domain.
Documents
Zimbra Documents is a document sharing and collaboration application. Users can create, organize, and share web documents. Images, spreadsheets, and other rich web content objects can be embedded into Documents via the AJAX Linking and Embedding (ALE) specification.
The Documents application consists of a Global Documents account which holds the templates, one optional domain Documents account per domain, and Documents Notebooks.
The Global Documents account is automatically created when ZCS is installed. Documents is enabled from the COS or for individual accounts.
One domain Documents account can be created per domain. The domain Documents Notebook folder can be used to collect, organize, and share information with your users. You can set access for the following for each Documents notebook: all users in your domain, all users in the ZCS environment, public view-only, individual user, and distribution lists for groups. You can change the access permissions at any time from the administration console.
One domain Documents account can be created per domain. The domain Documents Notebook folder can be used to collect, organize, and share information with your users. You can set access for the following for each Documents notebook: all users in your domain, all users in the ZCS environment, public view-only, individual user, and distribution lists for groups. You can view and change the access permissions at any time from the administration console.
Managing Servers
A server is a machine that has one or more of the Zimbra service packages installed. During the installation, the Zimbra server is automatically registered on the LDAP server.
You can view the current status of all the servers that are configured with Zimbra software, and you can edit or delete existing server records. You cannot add servers directly to LDAP. The Zimbra Installation program must be used to add new servers because the installer packages are designed to register the new host at the time of installation.
The server settings include:
Determining how authentication should work for the server, setting a web mail MTA hostname different from global. setting relay MTA for external delivery, and enabling DNS lookup if required.
Enabling POP and IMAP and setting the port numbers for a server. If IMAP/POP proxy is set up, making sure that the port numbers are configured correctly.
Servers inherit global settings if those values are not set in the server configuration. Settings that can be inherited from the Global configuration include MTA, SMTP, IMAP, POP, anti-virus, and anti-spam configurations.
General Server Settings
The General tab includes the server display name, the server hostname, and LMTP information including name and IP address if configured.
Services Settings
The Services tab shows the Zimbra services. A check mark identifies the services that are enabled for the selected server, including LDAP, Mailbox, MTA, SNMP, Logger, Spell, Anti-Virus, and Anti-Spam.
MTA Server Settings
From the MTA tab, you can enable or disable authentication, configure the Web mail MTA hostname, set Web mail MTA timeout, the relay MTA for external delivery and disable DNS lookup for the server.
IMAP and POP Server Settings
From these tabs, you can configure IMAP and POP availability on a per server basis.
Volume Settings
The Volume tab can be used to manage storage volumes on your Zimbra Mailbox server. When Zimbra Collaboration Suite is installed, one index volume and one message volume are configured on each mailbox server. You can add new volumes, set the volume type, and set the compression threshold
Index Volume
Each Zimbra mailbox server is configured with one current index volume. Each mailbox is assigned to a permanent index directory on the current index volume. When an account is created, the current index volume is automatically defined for the account. You cannot change which index volume the account is assigned.
As volumes become full, you can create a new current index volume for new accounts. When a new current index volume is added, the older index volume is no longer assigned new accounts.
Index volumes not marked current are still actively in use as the index volumes for accounts assigned to them. Any index volume that is referenced by a mailbox as its index volume cannot be deleted.
Message Volume
When a new message is delivered or created, the message is saved in the current message volume. Additional message volumes can be created, but only one is configured as the current volume where new messages are stored. When the volume is full, you can configure a new current message volume. The current message volume receives all new messages. New messages are never stored in the previous volume.
A current volume cannot be deleted. and message volumes that have messages referencing the volume cannot be deleted.
Scheduling HSM Sessions
HSM can be configured for secondary storage volumes for older messages. Messages and attachments are moved from a primary volume to the current secondary volume based on the age of the message. Users are not aware of any change and do not see any noticeable difference when opening an older message that has been moved.
To manage your email storage resources, you can implement a different HSM policy for each mailbox server. The message age threshold for HSM is set globally on the HSM tab or for individual servers from the Server, Volume tab. The default is 30 days. The thresholds configured on individual servers override the threshold configured as the global setting.
Sessions to move messages to the secondary volume are scheduled in your cron table. From the administration console, when you select a server, you can manually start a session, monitor sessions, and abort sessions that are in progress from the Volumes tab.
Managing Other Functions
Zimlets
Zimlets can be deployed and undeployed from the administration console. The Zimlets pane lists all the Zimlets that are installed and shows whether the Zimlet is enabled or not. You can configure the COS and individual accounts to allow access to Zimlets. See the Working with Zimlets chapter for information about Zimlets.
Admin Extensions
You can create custom modules to add to the Zimbra administration console user interface. You can use the administration console to easily upload and install your modules.
Note: Go to the Zimbra Wiki, Extending Admin UI for documentation about how to create an extended admin UI module.
 

Managing ZCS Configurations

Table of Contents Previous Next Index
ZCS Administrator's Guide, Network Edition 4.5, Rev 2 11/07
Copyright © 2007 Zimbra Inc.