This chapter describes the Zimbra Collaboration Suite components that you manage. The ZCS components are configured during the initial installation of the software. After the installation, you can manage the following components from either the administration console or using the CLI utility:
Help is available from the administration console about how to perform tasks from the administration console. If the task is only available from the CLI, see Appendix A for a description of how to use the CLI utility.
Global Settings controls global rules that apply to accounts in the Zimbra servers. The global settings are set during installation, and the settings can be modified from the administration console. A series of tabs make it easy to manage these settings.
|
•
|
Default domain. The default domain displays. This is the domain that user logins are authenticated against.
|
|
•
|
Number of scheduled tasks that can run simultaneously. This controls how many threads are used to process fetching content from remote data sources. The default is 20. If this is set too low, users do not get their mail from external sources pulled down often enough. If the thread is set too high, the server may be consumed with downloading this mail and not servicing “main” user requests.
|
The Attachments tab can be configured with global rules to reject mail with files attached and to disable viewing files attached to mail messages in users’ mailboxes. When attachment settings are configured in Global Settings, the global rule takes precedence over COS and Account settings.
|
•
|
Reject messages with attachment extension lets you select which file types are unauthorized for all accounts. The most common extensions are listed. You can also add different extension types to the list. Messages with those type of files attached are rejected and the sender gets a bounce notice. The recipient does not get the mail message and is not notified.
|
The MTA tab is used to enable or disable authentication and configure a relay hostname, the maximum message size, enable DNS lookup, protocol checks, and DNS checks. For a information about the Zimbra MTA, see
Zimbra MTA.
|
|
|
•
|
Authentication should be enabled, to support mobile SMTP authentication users so that their email client can talk to the Zimbra MTA.
|
|
•
|
TLS authentication only forces all SMTP auth to use Transaction Level Security to avoid passing passwords in the clear.
|
|
|
|
|
•
|
The Relay MTA for external delivery is the relay host name. This is the Zimbra MTA to which Postfix relays non-local email.
|
|
•
|
If your MX records point to a spam-relay or any other external non-Zimbra server, enter the name of that server in the Inbound SMTP host name field. This check compares the domain MX setting against the zimbraInboundSmtpHostname setting, if set. If this attribute is not set, the domain MX setting is checked against zimbraSmtpHostname.
|
|
•
|
If Enable DNS lookups is checked, the Zimbra MTA makes an explicit DNS query for the MX record of the recipient domain. If this option is disabled, set a relay host in the Relay MTA for external delivery.
|
|
•
|
If Allow domain administrators to check MX records from Admin Console is checked, domain administrators can check the MX records for their domain.
|
|
|
|
|
•
|
Set the Maximum messages size for a message and it’s attachments that can be sent. Note: To set the maximum size of an uploaded file to Documents or Briefcase, go to the General Information tab.
|
|
•
|
You can enable the X-Originating-IP header to messages checkbox. The X-Originating-IP header information specifies the original sending IP of the email message the server is forwarding.
|
|
|
|
|
•
|
The Protocol fields are checked to reject unsolicited commercial email (UCE), for spam control.
|
|
|
|
|
•
|
The DNS fields are checked to reject mail if the client’s IP address is unknown, the hostname in the greeting is unknown, or if the sender’s domain is unknown.
|
|
With POP3 users can retrieve their mail stored on the Zimbra server and download new mail to their computer. The user’s POP configuration determines if messages are deleted from the Zimbra server.
ZCS utilizes SpamAssassin to control spam. SpamAssassin uses predefined rules as well as a Bayes database to score messages with a numerical range. ZCS uses a percentage value to determine spaminess based on a SpamAssassin score of 20 as 100%. Any message tagged between 33%-75% is considered spam and delivered to the user’s Junk folder. Messages tagged above 75% are always considered spam and discarded.
When a message is tagged as spam, the message is delivered to the recipient’s Junk folder. Users can view the number of unread messages that are in their Junk folder and can open the Junk folder to review the messages marked as spam. If you have the anti-spam training filters enabled, when they add or remove messages in the Junk folder, their action helps train the spam filter. See
“Anti-Spam Protection” .
Anti-virus protection is enabled for each server when the Zimbra software is installed. The global settings for the anti-virus protection is configured with these options enabled:
During ZCS installation, the administrator notification address for anti-virus alerts is configured. The default is to set up the admin account to receive the notification. When a virus has been found, a notification is automatically sent to that address.
When ZCS is deployed in a mix of ZCS servers and third party email servers and Calendar is an important feature with your users, you can set up free/busy scheduling across the mix so that users can efficiently schedule meetings.
ZCS can query the free/busy schedules of users on Microsoft Exchange 2003/2007 servers and also can propagate the free/busy schedules of ZCS users to the Exchange servers.
To set free/busy interoperability, the Exchange systems must be set up as described in the Exchange Setup Requirements section, and the ZCS Global Config, Domain, COS and Account settings must be configured. The easiest way to configure ZCS is from the administration console.
|
•
|
Add the o and ou values that are configured in the legacyExchangeDN attribute for Exchange in either the Global Config or Domain Interop tab or in the Class of Service (COS) Advanced tab. The o and ou values correspond to the ZCS domain attribute zimbraFreebusyExchangeUserOrg.
|
The ZCS Global Config Settings are configured from the Interop tab on the administration console. Here you configure the Exchange server settings as follows:
|
•
|
The O and OU used in the legacyExchangeDN attribute. Set at the global level this applies to all accounts talking to Exchange.
|
One domain is identified during the installation process and additional domains can be easily added to the Zimbra system from the administration console.
A domain can be renamed and all account, distribution list, alias and resource addresses are changed to the new domain name. The CLI utility is used to changing the domain name. See
“Renaming a Domain” .
|
•
|
Active. Active is the normal status for domains. Accounts can be created and mail can be delivered. Note: If an account has a different status setting than the domain setting, the account status overrides the domain status.
|
|
•
|
Closed. When a domain status is marked as closed, Login for accounts on the domain is disabled and messages are bounced. The closed status overrides an individual account’s status setting.
|
|
•
|
Locked. When a domain status is marked as locked, users cannot log in to check their email, but email is still delivered to the accounts. If an account’s status setting is marked as maintenance or closed, the account’s status overrides the domain status setting.
|
|
•
|
Maintenance. When the domain status is marked as maintenance, users cannot log in and their email is queued at the MTA. If an account’ status setting is marked as closed, the account’s status overrides the domain status setting.
|
|
•
|
Suspended. When the domain status is marked as suspended, users cannot log in, their email is queued at the MTA, and accounts and distribution lists cannot be created, deleted, or modified. If an account’s status setting is marked as closed, the account’s status overrides the domain status setting.
|
You can configure each domain with the public service host name to be used for REST URLs. This is the URL that is used when sharing Documents Notebooks, email folders and Briefcase folders, as well as sharing task lists, address books, and calendars.
When users share a ZCS folder, the default is to create the URL with the Zimbra server hostname and the Zimbra service host name. This is displayed as
http://server.domain.com/service/home/username/sharedfolder. The attributes are generated as follows:
When you configure a public service host name, this name is used instead of the server/service name, as
http://publicservicename.domain.com/home/username/sharedfolder. The attributes to be used are:
GAL is configured on a per-domain basis. The GAL mode setting for each domain determines where the GAL lookup is performed. Select one of the following GAL configurations:
|
•
|
Internal. The Zimbra LDAP server is used for directory lookups.
|
|
•
|
External. External directory servers are used for GAL lookups. You can configure multiple external LDAP hosts for GAL. All other directory services use the Zimbra LDAP service (configuration, mail routing, etc.). When you configure the external GAL mode, you can configure GAL search and GAL sync separately.
|
|
•
|
Both. Internal and external directory servers are used for GAL lookups.
|
Configuring search and sync separately lets you configure different search settings and sync settings. You may want to configure these settings differently if your LDAP environment is set up to optimize LDAP searching by setting up an LDAP cache server, but users also need to be able to sync to the GAL.
Authentication is the process of identifying a user or a server to the directory server and granting access to legitimate users based on user name and password information provided when users log in. Zimbra Collaboration Suite offers the following three authentication mechanisms:
|
•
|
Internal. The Internal authentication uses the Zimbra directory server for authentication on the domain. When you select Internal, no other configuration is required.
|
|
•
|
External LDAP. The user name and password is the authentication information supplied in the bind operation to the directory server. You must configure the LDAP URL, LDAP filter, and to use DN password to bind to the external server.
|
|
•
|
External Active Directory. The user name and password is the authentication information supplied to the Active Directory server. You identify the Active Directory domain name and URL.
|
Virtual hosting allows you to host more than one domain name on a server. The general domain configuration does not change. When you create a virtual host, this becomes the default domain for a user login. Zimbra Web Client users can log in without having to specify the domain name as part of their user name.
Virtual hosts are entered on the Domains>Virtual Hosts tab on the administrator’s console. The virtual host requires a valid DNS configuration with an A record. Not required for Virtual Hosts.
When the Zimbra login screen displays, users enter only their user name and password. The authentication request searches for a domain with that virtual host name. When the virtual host is found, the authentication is completed against that domain.
Zimbra Documents is a document sharing and collaboration application. Users can create, organize, and share web documents. Images, spreadsheets, and other rich web content objects can be embedded into Documents via the AJAX Linking and Embedding (ALE) specification.
The Documents application consists of a global Documents account that includes the Document templates and the global notebook, one optional Documents account per domain, and individual accounts’ Documents notebooks. The global Documents account is automatically created when ZCS is installed. The domain Documents account is not automatically created.
One Documents account can be created per domain. You can easily add the account from the administration console when you create a domain. When you create the account, you configure who can access this Documents account and what access rights these users can have.
Except for Public, which is view-only, you can select the access privileges these users can have: view, edit, remove, and add pages to the Documents notebook. You can view and change these access permissions from the administration console.
The Zimbra Free/Busy Module to connect with Microsoft Exchange pulls the free/busy schedule of users on Exchange and also pushes the free/busy schedule of ZCS users to the Exchange server. You complete the Interop tab for the domain to enable this feature for the domain. For more information see
“Zimbra Free/Busy Interoperability” .
Zimbra Collaboration Suite includes pre configured Zimlets, see Working with Zimlets. These Zimlets are enabled in the default COS. Additional Zimlets can be added and enabled by COS or by account. All Zimlets that are deployed are displayed in the
Domain>Zimlets tab. If you do not want all the deployed Zimlets made available for users on the domain, select from the list the Zimlets that are available for the domain. This overrides the Zimlet settings in the COS or for an account.
When you rename a domain you are actually creating a new domain, moving all accounts to the new domain and deleting the old domain. All account, alias, distribution list, and resource addresses are changed to the new domain name. The LDAP is updated to reflect the changes.
A server is a machine that has one or more of the Zimbra service packages installed. During the installation, the Zimbra server is automatically registered on the LDAP server.
You can view the current status of all the servers that are configured with Zimbra software, and you can edit or delete existing server records. You cannot add servers directly to LDAP. The ZCS Installation program must be used to add new servers because the installer packages are designed to register the new host at the time of installation.
Servers inherit global settings if those values are not set in the server configuration. Settings that can be inherited from the Global configuration include MTA, SMTP, IMAP, POP, anti-virus, and anti-spam configurations.
The Services tab shows the Zimbra services. A check mark identifies the services that are enabled for the selected server, including LDAP, Mailbox, IMAP and POP proxy, MTA, SNMP, Anti-virus, Anti-spam, Spell Checker, and Logger.
In the Volume tab you manage storage volumes on the Zimbra Mailbox server. When Zimbra Collaboration Suite is installed, one index volume and one message volume are configured on each mailbox server. You can add new volumes, set the volume type, and set the compression threshold.
Each Zimbra mailbox server is configured with one current index volume. Each mailbox is assigned to a permanent directory on the current index volume. When an account is created, the current index volume is automatically defined for the account. You cannot change which index volume the account is assigned.
As index volumes become full, you can create a new current index volume for new accounts. When a new current index volume is added, the older index volume is no longer assigned new accounts.
Index volumes not marked current are still actively in use as the volumes for accounts assigned to them. Any index volume that is referenced by a mailbox as its index volume cannot be deleted.
When a new message is delivered or created, the message is saved in the current message volume. Additional message volumes can be created, but only one is configured as the current volume where new messages are stored. When the volume is full, you can configure a new current message volume. The current message volume receives all new messages. New messages are never stored in the previous volume.
Zimlets can be deployed and undeployed from the administration console. The Zimlets pane lists all the Zimlets that are installed and shows whether the Zimlet is enabled or not. You can allow access to the enabled Zimlets by domain, and you can configure COSs and individual accounts to allow access to Zimlets. See the
Working with Zimlets chapter for information about Zimlets.
You can create custom modules to add to the Zimbra administration console user interface. You can use the administration console to easily upload and install your modules.
Backing up the mailbox server on a regular basis can help you quickly restore your email service if there is an unexpected crash. You should include backing up the ZCS server in your system-wide backup process. Only full backups of the ZCS data can be created.
Before backing up the ZCS data, all servers must be stopped. To stop the servers, use the CLI command,
zmcontrol stop. After the backup is complete, to restart the servers, use
zmcontrol start. See Appendix A, for more information about these command.
Copyright © 2009 Zimbra Inc.
