ZCS Administrator's Guide Network Edition 6.0.8
Table of Contents Previous Next Index


Managing ZCS Configuration : Managing Global Configurations

Managing Global Configurations
Global Settings controls global rules that apply to accounts in the Zimbra servers. The global settings are set during installation, and the settings can be modified from the administration console. A series of tabs make it easy to manage these settings.
Global settings that can be configured include:
Configuring authentication process, setting the Relay MTA for external delivery, enabling DNS lookup and protocol checks
Note: If IMAP/POP proxy is set up, making sure that the port numbers are configured correctly.
View the current Zimbra license information, update the license if necessary and view the number of accounts created
Note: Configurations set in Global Settings define inherited default values for the following objects: server, account, COS, and domain. If these attributes are set in the server, they override the global settings.
General Global Settings
In the General tab configure the following:
Most results returned by GAL search field. This sets a global ceiling for the number of GAL results returned from a user search. The default is 100 results per search.
Default domain. The default domain displays. This is the domain that user logins are authenticated against.
Number of scheduled tasks that can run simultaneously. This controls how many threads are used to process fetching content from remote data sources. The default is 20. If this is set too low, users do not get their mail from external sources pulled down often enough. If the thread is set too high, the server may be consumed with downloading this mail and not servicing “main” user requests.
Sleep time between subsequent mailbox purges. The duration of time that the server should “rest” between purging mailboxes. By default, message purge is scheduled to run every 1 minute. See the Customizing Accounts chapter, section Setting Email Retention Policy.
Note: If the message purge schedule is set to 0, messages are not purged even if the mail, trash and spam message life time is set.
Maximum size of an uploaded file for Documents or Briefcase (kb). This is the maximum size of a file that can be uploaded into Documents or Briefcase. Note: the maximum message size for an email message and attachments that can be sent is configured in the Global Settings MTA tab.
Global Settings to Block Mail Attachments
The Attachments tab can be configured with global rules for handling attachments to an email message. You can also set rules by COS and for individual accounts. When attachment settings are configured in Global Settings, the global rule takes precedence over COS and Account settings.
The attachment settings are as follows:
Attachments cannot be viewed regardless of COS. Users cannot view any attachments. This global setting can be set to prevent a virus outbreak from attachments, as no mail attachments can be opened.
Attachments are viewed in HTML regardless of COS. Email attachments can only be viewed in HTML. The COS may have another setting but this global setting overrides the COS setting.
Attachments are viewed according to COS. This global settings states the COS sets the rules for how email attachments are viewed.
You can also reject messages with certain types of files attached. You select which file types are unauthorized from the Common extensions list. You can also add other extension types to the list. Messages with those type of files attached are rejected. By default the recipient and the sender are notified that the message was blocked. If you do not want to send a notification to the recipient when messages are blocked, you can disable this option from the Global Settings>Attachments tab.
Global MTA Settings
The MTA tab is used to enable or disable authentication and configure a relay hostname, the maximum message size, enable DNS lookup, protocol checks, and DNS checks. For a information about the Zimbra MTA, see Zimbra MTA.
 
Authentication should be enabled, to support mobile SMTP authentication users so that their email client can talk to the Zimbra MTA.
TLS authentication only forces all SMTP auth to use Transaction Level Security to avoid passing passwords in the clear.
Web mail MTA Host name and Web mail MTA Port. The MTA that the web server connects to for sending mail. The default port number is 25.
The Relay MTA for external delivery is the relay host name. This is the Zimbra MTA to which Postfix relays non-local email.
If your MX records point to a spam-relay or any other external non-Zimbra server, enter the name of that server in the Inbound SMTP host name field. This check compares the domain MX setting against the zimbraInboundSmtpHostname setting, if set. If this attribute is not set, the domain MX setting is checked against zimbraSmtpHostname.
If Enable DNS lookups is checked, the Zimbra MTA makes an explicit DNS query for the MX record of the recipient domain. If this option is disabled, set a relay host in the Relay MTA for external delivery.
If Allow domain administrators to check MX records from Admin Console is checked, domain administrators can check the MX records for their domain.
Set the Maximum messages size for a message and it’s attachments that can be sent. Note: To set the maximum size of an uploaded file to Documents or Briefcase, go to the General Information tab.
You can enable the X-Originating-IP header to messages checkbox. The X-Originating-IP header information specifies the original sending IP of the email message the server is forwarding.
Protocol checks
The Protocol fields are checked to reject unsolicited commercial email (UCE), for spam control.
The DNS fields are checked to reject mail if the client’s IP address is unknown, the hostname in the greeting is unknown, or if the sender’s domain is unknown.
Global IMAP and POP Settings
IMAP and POP access can be enabled as a global setting or server setting.
With POP3 users can retrieve their mail stored on the Zimbra server and download new mail to their computer. The user’s POP configuration determines if messages are deleted from the Zimbra server.
With IMAP, users can access their mail from any computer as the mail is stored on the Zimbra server.
When you make changes to these settings, you must restart ZCS before the changes take effect.
Anti-spam Settings
ZCS utilizes SpamAssassin to control spam. SpamAssassin uses predefined rules as well as a Bayes database to score messages with a numerical range. ZCS uses a percentage value to determine spaminess based on a SpamAssassin score of 20 as 100%. Any message tagged between 33%-75% is considered spam and delivered to the user’s Junk folder. Messages tagged above 75% are always considered spam and discarded.
When a message is tagged as spam, the message is delivered to the recipient’s Junk folder. Users can view the number of unread messages that are in their Junk folder and can open the Junk folder to review the messages marked as spam. If you have the anti-spam training filters enabled, when they add or remove messages in the Junk folder, their action helps train the spam filter. See Anti-Spam Protection.
RBL (Real time black-hole lists) can be turned on or off in SpamAssassin from the Zimbra CLI. See the section To turn RBL on:.
SpamAssassin’s sa-update tool is included with SpamAssassin. This tool updates spamassassin rules from the SA organization. The tool is installed into /opt/zimbra/zimbramon/bin.
Anti-virus Settings
Anti-virus protection is enabled for each server when the Zimbra software is installed. The global settings for the anti-virus protection is configured with these options enabled:
Block encrypted archives, such as password protected zipped files.
Send notification to recipient to alert that a mail message had a virus and was not delivered.
During ZCS installation, the administrator notification address for anti-virus alerts is configured. The default is to set up the admin account to receive the notification. When a virus has been found, a notification is automatically sent to that address.
By default, the Zimbra MTA checks every two hours for any new anti-virus updates from ClamAV. The frequency can be set between 1 and 24 hours.
Note: Updates are obtained via HTTP from the ClamAV website.
Zimbra Free/Busy Interoperability
When ZCS is deployed in a mix of ZCS servers and Microsoft Exchange servers and Calendar is an important feature with your users, you can set up free/busy scheduling across the mix so that users can efficiently schedule meetings.
ZCS can query the free/busy schedules of users on Microsoft Exchange 2003/2007 servers and also can propagate the free/busy schedules of ZCS users to the Exchange servers.
To set free/busy interoperability, the Exchange systems must be set up as described in the Exchange Setup Requirements section, and the ZCS Global Config, Domain, COS and Account settings must be configured. The easiest way to configure ZCS is from the administration console.
Note: You can use the zmprov CLI. For more information about using zmprov to set this up, see the wiki article, Free Busy Interop for Exchange.
Exchange 2003/2007 Setup Requirements.
For Exchange 2003, the following is required:
ZCS users must be provisioned as a contact on the AD using the same administrative group for each mail domain. This is required only for ZCS to Exchange free/busy replication.
The Exchange user name must be provisioned in the account attribute zimbraForeignPrincipal for all ZCS users. This is required only for ZCS to Exchange free/busy replication.
Configuring Free/Busy on ZCS
To set Free/Busy Interoperability up from the administration console, configure the following:
Add the o and ou values that are configured in the legacyExchangeDN attribute for Exchange in either the Global Config or Domain Interop tab or in the Class of Service (COS) Advanced tab. The o and ou values correspond to the ZCS domain attribute zimbraFreebusyExchangeUserOrg.
In the Accounts Free/Busy Interop tab, configure the foreign principal for the account. The cn setting in the legacyExchangeDn attribute corresponds to the zimbraForeignPrincipal attribute. This sets up a mapping from the ZCS account to the corresponding object in the AD.
Note: To find these settings on the Exchange server, you can run the Exchange ADSI Edit tool and search the legacyExchangeDN attribute for the o= , ou= , and cn= settings.
Global Config Setup
The ZCS Global Config Settings are configured from the Interop tab on the administration console. Here you configure the Exchange server settings as follows:
Exchange user name and password. This is the name of the account in Active Directory and password that has access to the public folders. These are used to authenticate against the Exchange server on REST and WebDAV interfaces.
The O and OU used in the legacyExchangeDN attribute. Set at the global level this applies to all accounts talking to Exchange.
Backup/Restore
Two distinct backup methods are available.
The standard backup (default) method is to run a weekly full backup session and daily incremental backup sessions to backup all mailboxes daily.
The auto-grouped backup method is recommended for large ZCS environments where running a full backup of all accounts at one time would take too long. The auto-grouped backup method runs a full backup session for a different group of mailboxes at each scheduled backup.
During ZCS install, by default, backups are scheduled to run daily. The target backup directory and the email notification address to receive backup session results are set up during ZCS installation. You can change the backup method and schedule from the administration console.
For information about backups and schedules see Backup and Restore
Customizing Themes
You can change the logo and base colors of the Zimbra Web Client themes (skin) from the administration console without having to customize individual ZCS themes. Customized themes can be created as a global setting or as a domain setting. If you customize themes in both settings, the domain values are displayed for the domain.
This also changes the base colors for the administration console. Read the Changing ZWC Theme Colors and Logo chapter to understand what you can change and what attributes are modified.
Global HSM
Hierarchical Storage Management (HSM) is a process of moving older data to a secondary storage device, called the secondary message volume in ZCS. One message volume is configured on each mailbox server. This is the primary message volume. Additional secondary message volume can be configured for HSM.
To manage your disk utilization, implement a global HSM policy or a HSM policy for each mailbox server. The policy configured on individual servers overrides the policy configured as the global policy.
Email messages, documents stored in Documents or Briefcase, and the other items in the account are moved from the primary volume to the current secondary volume based on the HSM policy. The items are still accessible. Users are not aware of any change and do not see any noticeable differences when opening older items that have been moved.
The default global HSM policy moves messages and document files more than 30 days old to the secondary volume. You can also select to move tasks, appointments, contacts, chats, and notes. The schedule for moving can be set for items older than a specified number of days, months, weeks, hours, minutes.
In addition to selecting different items to move, you can use the search query language to set up other HSM policies. For example:
If you wanted all messages marked as junk to be included in messages moved to the current secondary volume, you would add the following to the policy: message:in:junk before:-[x] days.
Note: The search string can be added to the default policy or you can write a new policy.
Sessions to move items to the secondary volume are scheduled in your cron table. You can manually start an HSM session from the Servers, Edit toolbar.
License Information
A Zimbra license is required in order to create accounts. When you purchase, renew, or change the Zimbra license, you must update the Zimbra server with the new license information. The Update License Wizard from the administration console’s Global Settings is used to upload and install a new license and to update an existing license, or you can install or update the license using the zmlicense CLI command. See Appendix A, CLI Commands, “zmlicense” on page 270 to use the CLI command.
Current license information, including the license ID, the issue date, expiration date, number of accounts purchased, and the number of accounts used can be viewed from the Global Settings License tab.
When the number of accounts created is equal to the number of accounts purchased you will not be able to create new accounts. You can purchase additional accounts or you can delete existing accounts. Contact Zimbra sales to purchase additional accounts.
You must renew your license within 30 days of the expiration date. Starting 30 days before the license expires, when you log on to the administration console, a reminder notice is displayed.
Updating Your License
When you renew or change the Zimbra license, you update ZCS mailbox servers with the new license information. This can be done from either the administration console or using the zmlicense CLI command.
From the administration console:
1.
2.
Log on to the administration console, go to Global Settings>License tab and on the toolbar click Update License. The License Installation Wizard opens.
3.
Browse to select the ZCS license file. Click Next. The license file is uploaded.
4.
Click Install to install the license file.
5.
To make the license effective on all mailbox servers in your environment, you must flush the cache on each mailbox server.
From the command line for each mailbox server type:
zmprov fc config.
Note: This step is not necessary if there is only one mailbox server in your environment.
Your license information is updated automatically. The cached account license count is automatically refreshed on each mailbox server.

Managing ZCS Configuration : Managing Global Configurations

Table of Contents Previous Next Index
ZCS Administrator's Guide Network Edition 6.0.8
Copyright © 2010 Zimbra Inc.