ZCS Administrator's Guide, Open Source Edition, 6.0.8

Managing Global Configurations

General Global Settings

Global Settings to Block Mail Attachments

Global MTA Settings

Global IMAP and POP Settings

Anti-spam Settings

Anti-virus Settings

Zimbra Free/Busy Interoperability

Global Settings controls global rules that apply to accounts in the Zimbra servers. The global settings are set during installation, and the settings can be modified from the administration console. A series of tabs make it easy to manage these settings.

Global settings that can be configured include:

•	Defining the default domain

•	Setting the number of results returned for GAL searches

•	Setting how users view email attachments and what type of attachments are not allowed

•	Configuring authentication process, setting the Relay MTA for external delivery, enabling DNS lookup and protocol checks

•	Enabling Pop and IMAP and the port numbers

Note: If IMAP/POP proxy is set up, making sure that the port numbers are configured correctly.

•	Set the spam check controls

•	Set anti-virus options for messages received that may have a virus

Note: Configurations set in Global Settings define inherited default values for the following objects: server, account, COS, and domain. If these attributes are set in the server, they override the global settings.

General Global Settings

In the General tab configure the following:

•	Most results returned by GAL search field. This sets a global ceiling for the number of GAL results returned from a user search. The default is 100 results per search.

•	Default domain. The default domain displays. This is the domain that user logins are authenticated against.

•

Number of scheduled tasks that can run simultaneously. This controls how many threads are used to process fetching content from remote data sources. The default is 20. If this is set too low, users do not get their mail from external sources pulled down often enough. If the thread is set too high, the server may be consumed with downloading this mail and not servicing “main” user requests.

•	Sleep time between subsequent mailbox purges. The duration of time that the server should “rest” between purging mailboxes. By default, message purge is scheduled to run every 1 minute. See the Customizing Accounts chapter, section Setting Email Retention Policy.

Note: If the message purge schedule is set to 0, messages are not purged even if the mail, trash and spam message life time is set.

•	Maximum size of an uploaded file for Documents or Briefcase (kb). This is the maximum size of a file that can be uploaded into Documents or Briefcase. Note: the maximum message size for an email message and attachments that can be sent is configured in the Global Settings MTA tab.

Global Settings to Block Mail Attachments

The Attachments tab can be configured with global rules for handling attachments to an email message. You can also set rules by COS and for individual accounts. When attachment settings are configured in Global Settings, the global rule takes precedence over COS and Account settings.

The attachment settings are as follows:

•	Attachments cannot be viewed regardless of COS. Users cannot view any attachments. This global setting can be set to prevent a virus outbreak from attachments, as no mail attachments can be opened.

•	Attachments are viewed according to COS. This global settings states the COS sets the rules for how email attachments are viewed.

You can also reject messages with certain types of files attached. You select which file types are unauthorized from the Common extensions list. You can also add other extension types to the list. Messages with those type of files attached are rejected. By default the recipient and the sender are notified that the message was blocked. If you do not want to send a notification to the recipient when messages are blocked, you can disable this option from the Global Settings>Attachments tab.

Global MTA Settings

The MTA tab is used to enable or disable authentication and configure a relay hostname, the maximum message size, enable DNS lookup, protocol checks, and DNS checks. For a information about the Zimbra MTA, see Zimbra MTA.

 

Authentication	• Authentication should be enabled, to support mobile SMTP authentication users so that their email client can talk to the Zimbra MTA. • TLS authentication only forces all SMTP auth to use Transaction Level Security to avoid passing passwords in the clear.
Network	• Web mail MTA Host name and Web mail MTA Port. The MTA that the web server connects to for sending mail. The default port number is 25. • The Relay MTA for external delivery is the relay host name. This is the Zimbra MTA to which Postfix relays non-local email. • If your MX records point to a spam-relay or any other external non-Zimbra server, enter the name of that server in the Inbound SMTP host name field. This check compares the domain MX setting against the zimbraInboundSmtpHostname setting, if set. If this attribute is not set, the domain MX setting is checked against zimbraSmtpHostname. • If Enable DNS lookups is checked, the Zimbra MTA makes an explicit DNS query for the MX record of the recipient domain. If this option is disabled, set a relay host in the Relay MTA for external delivery. • If Allow domain administrators to check MX records from Admin Console is checked, domain administrators can check the MX records for their domain.
Messages	• Set the Maximum messages size for a message and it’s attachments that can be sent. Note: To set the maximum size of an uploaded file to Documents or Briefcase, go to the General Information tab. • You can enable the X-Originating-IP header to messages checkbox. The X-Originating-IP header information specifies the original sending IP of the email message the server is forwarding.
Protocol checks	• The Protocol fields are checked to reject unsolicited commercial email (UCE), for spam control.
DNS checks	• The DNS fields are checked to reject mail if the client’s IP address is unknown, the hostname in the greeting is unknown, or if the sender’s domain is unknown.

Global IMAP and POP Settings

IMAP and POP access can be enabled as a global setting or server setting.

With POP3 users can retrieve their mail stored on the Zimbra server and download new mail to their computer. The user’s POP configuration determines if messages are deleted from the Zimbra server.

With IMAP, users can access their mail from any computer as the mail is stored on the Zimbra server.

When you make changes to these settings, you must restart ZCS before the changes take effect.

Anti-spam Settings

ZCS utilizes SpamAssassin to control spam. SpamAssassin uses predefined rules as well as a Bayes database to score messages with a numerical range. ZCS uses a percentage value to determine spaminess based on a SpamAssassin score of 20 as 100%. Any message tagged between 33%-75% is considered spam and delivered to the user’s Junk folder. Messages tagged above 75% are always considered spam and discarded.

When a message is tagged as spam, the message is delivered to the recipient’s Junk folder. Users can view the number of unread messages that are in their Junk folder and can open the Junk folder to review the messages marked as spam. If you have the anti-spam training filters enabled, when they add or remove messages in the Junk folder, their action helps train the spam filter. See Anti-Spam Protection.

RBL (Real time black-hole lists) can be turned on or off in SpamAssassin from the Zimbra CLI. See the section To turn RBL on:.

SpamAssassin’s sa-update tool is included with SpamAssassin. This tool updates spamassassin rules from the SA organization. The tool is installed into /opt/zimbra/zimbramon/bin.

Anti-virus Settings

Anti-virus protection is enabled for each server when the Zimbra software is installed. The global settings for the anti-virus protection is configured with these options enabled:

•	Block encrypted archives, such as password protected zipped files.

•	Send notification to recipient to alert that a mail message had a virus and was not delivered.

During ZCS installation, the administrator notification address for anti-virus alerts is configured. The default is to set up the admin account to receive the notification. When a virus has been found, a notification is automatically sent to that address.

By default, the Zimbra MTA checks every two hours for any new anti-virus updates from ClamAV. The frequency can be set between 1 and 24 hours.

Note: Updates are obtained via HTTP from the ClamAV website.

Zimbra Free/Busy Interoperability

When ZCS is deployed in a mix of ZCS servers and Microsoft Exchange servers and Calendar is an important feature with your users, you can set up free/busy scheduling across the mix so that users can efficiently schedule meetings.

ZCS can query the free/busy schedules of users on Microsoft Exchange 2003/2007 servers and also can propagate the free/busy schedules of ZCS users to the Exchange servers.

To set free/busy interoperability, the Exchange systems must be set up as described in the Exchange Setup Requirements section, and the ZCS Global Config, Domain, COS and Account settings must be configured. The easiest way to configure ZCS is from the administration console.

Note: You can use the zmprov CLI. For more information about using zmprov to set this up, see the wiki article, Free Busy Interop for Exchange.

Exchange 2003/2007 Setup Requirements.

For Exchange 2003, the following is required:

•	Either a single Active Directory (AD) must be in the system or the global catalog must be available.

•	The ZCS server must be able to access the HTTP(S) port of IIS on at least one of the Exchange servers.

•	Web interface to Exchange public folders needs to be available via IIS. (http://server/public/)

•	ZCS users must be provisioned as a contact on the AD using the same administrative group for each mail domain. This is required only for ZCS to Exchange free/busy replication.

•	The Exchange user name must be provisioned in the account attribute zimbraForeignPrincipal for all ZCS users. This is required only for ZCS to Exchange free/busy replication.

Configuring Free/Busy on ZCS

To set Free/Busy Interoperability up from the administration console, configure the following:

•	Either globally or by domain configure the Exchange server settings as described in Global Config Setup below.

•	Add the o and ou values that are configured in the legacyExchangeDN attribute for Exchange in either the Global Config or Domain Interop tab or in the Class of Service (COS) Advanced tab. The o and ou values correspond to the ZCS domain attribute zimbraFreebusyExchangeUserOrg.

•	In the Accounts Free/Busy Interop tab, configure the foreign principal for the account. The cn setting in the legacyExchangeDn attribute corresponds to the zimbraForeignPrincipal attribute. This sets up a mapping from the ZCS account to the corresponding object in the AD.

Note: To find these settings on the Exchange server, you can run the Exchange ADSI Edit tool and search the legacyExchangeDN attribute for the o= , ou= , and cn= settings.

Global Config Setup

The ZCS Global Config Settings are configured from the Interop tab on the administration console. Here you configure the Exchange server settings as follows:

•	Exchange Server URL. This is the Web interface to the Exchange.

•	Exchange Authentication Scheme, either Basic or Form.

•	Basic is authentication to Exchange via HTTP basic authentication.

•	Form is authentication to Exchange as HTML form based authentication.

•	Exchange user name and password. This is the name of the account in Active Directory and password that has access to the public folders. These are used to authenticate against the Exchange server on REST and WebDAV interfaces.

•	The O and OU used in the legacyExchangeDN attribute. Set at the global level this applies to all accounts talking to Exchange.

 

 

 

 

 

 

 

ZCS Administrator's Guide, Open Source Edition, 6.0.8