Zimbra™ Collaboration Suite Appliance Administrator’s Guide

Release 6.0.7
July 2010

Legal Notices
Copyright 2010 Zimbra. All rights reserved. No part of this document may be reproduced, in whole or in part, without the express written permission of Zimbra. Zimbra, a division of VMware, Inc. 3401 Hillview Avenue Palo Alto , California 94304 USA www.Zimbra.com ZCS 6.0.7 7/27/2010

Table of Contents

Chapter 1

Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

5

Core Functionality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Core Zimbra Server Functionality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Zimbra License Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Available Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Support and Contact Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Chapter 2 Working in the Administration Console. . . . . . . . . . . . . . . . . . . 9

Logging Into the Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Setting Up the Administrator Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Changing Administrator Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Zimbra Status Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Anti-spam Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Anti-virus Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Convertd Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 LDAP Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Mailbox Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 MTA Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Spell Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Stats Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Disk Space Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Monitoring ZAP Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Navigating the Administration Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Working in the Dashboard Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Working in the Settings Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Working in the Advanced Tools Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Managing Network Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Updating ZCA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Chapter 3 Managing ZCA Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 19

Changing General Information about your Default Domain . . . . . . . . . . . . . 19 Default Domain Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Setting the Maximum Size of Uploads to Briefcase . . . . . . . . . . . . . . . . 20 Setting Up Relay MTA for External Delivery . . . . . . . . . . . . . . . . . . . . . . 20 Configuring Rules for Receiving Attachments to Email . . . . . . . . . . . . . . . . 20 Managing the Zimbra License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Managing Your Self-Signed or Commercial Certificates . . . . . . . . . . . . . . . 22 Requesting a Commercial Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Viewing the SSL Certificate Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Setting Up Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Configuring General Information Settings. . . . . . . . . . . . . . . . . . . . . . . . 25 Setting Up Your Global Address List (GAL) . . . . . . . . . . . . . . . . . . . . . . 27 Setting Up Account Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Setting UP Virtual Hosts for Your Domain . . . . . . . . . . . . . . . . . . . . . . . 31 Setting up Zimbra Free/Busy Interoperability . . . . . . . . . . . . . . . . . . . . 32 Managing Zimlets on the Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Zimbra Collaboration Suite Appliance iii

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 Other Feature Configuration Settings for Accounts . . . . . . . . . . . 46 Disabling Preferences. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 Configuring Advanced Tap Options . . . . . . . . . . . . . . 46 Zimbra Mobile . . . . . . 65 Using Distribution Lists for Group Sharing . . . . . . . . . 47 Setting Failed Login Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Resources and Distribution Lists. . . . . . . . . 52 Importing Accounts . . . . . . . . . . . . . . . . . . . 51 Password Options. . . 70 Setting up Mobile Device Security Policies . . . . . . . . . . . . . . . . . . . . . . . . . 43 Calendar . . . . . . . . . . 53 Migrating Accounts and Content. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 Tasks . . . . . . . . . . . . . . . . . . . . . . . . . 37 ZCA Features to Configure . . . . 37 Setting Up Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 Chapter 6 Managing Accounts. . . . . . . . . . . . . . . . . . . . . . 49 Setting Email Retention Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Deleting an Account . . 51 Before Creating Accounts . . . . . . . . 64 Changing an Account’s Status . . . . . . . . . . . . . . . . 47 Setting Account Quotas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Other Account Configuration Preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 About Zimbra Web Client . . . . . . . . . . . . . . . . 69 Setting Up Mobile Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Managing Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 View an Account’s Mailbox . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 Setting Session Timeout Policy . . . . . . . . . . . . 73 iv Zimbra Collaboration Suite Appliance . . . 72 Changing Mobile Device Password Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Managing Aliases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Managing Distribution Lists . . . . . . . . 70 Setting Mobile Device Policies Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Creating User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 Users’ Mobile Device Self Care Features . . . . . . . . . . 45 Briefcase. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 Enabling Sharing . . . . . . . . . . . . . 63 Managing Accounts . . . . . . . . . . . . . . . 64 Reindexing a Mailbox . 63 Changing Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 Chapter 4 Customizing Profiles and Setting Up Mail Policy Rules . . . . . . . . . . . . . . . . . . . . . . . . . . 50 Chapter 5 Creating Accounts on ZCA . . . . . . . . . . . . . . . . . . . . . . . . . 39 Address Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Email messaging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 Creating a Single Account . . . . . . . . . . . . . . . . . . . . . . . . . . . .Administrator’s Guide Customizing Themes for Domains . . . . . 66 Chapter 7 Managing Zimbra Mobile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Setting Password Policy . . . . .

and use other standard mail features • View mail by conversation threads • Tag mail to easily group messages for quick reference • Perform advanced searches • Save searches • Use the Calendar feature to schedule appointments • Create address books Zimbra Collaboration Suite Appliance ZCA 6.0 collaboration and messaging software for enterprises. Advanced Zimbra Web Client that offers a state-of-the-art Ajax web client. and Standard Zimbra Web Client as an HTML client. This guide is intended for system administrators responsible for creating and maintaining accounts. and government agencies. Administrators centrally manage the appliance from the administration console. Core Functionality The Zimbra Appliance is an innovative messaging and collaboration application that offers the following state-of-the-art messaging and collaboration solutions: • Intuitive message management and search • Personal and shared calendars • Multiple address books • Task management tool • Collaboration tools for online document authoring Zimbra offers two browser based web clients. service providers. Some of the features that can be found in the web client include: • Compose. forward. Web 2. read. reply.Chapter 1 Introduction Zimbra is the leader in open source. educational institutions.0.7 5 . The Zimbra Collaboration Suite Appliance is your email and collaboration cloud delivered as a virtual appliance for faster provisioning and easier administration than traditional solutions.

distribution lists. including the ability to use Microsoft Active Directory • Anti-spam protection • Anti-virus protection Task-Based Administration Console The Zimbra Appliance is managed from a task based administration console. Global Address List (GAL) and external authentication • LDAP interoperability for GAL and external authentication • Self-signed and commercial SSL certificate management • Zimbra license management • Service status overviews • Automatic update mechanism • Service level control with status • Diagnostic tools to log file downloads 6 ZCA 6. email folders.0.7 Zimbra Collaboration Suite Appliance .Administrator’s Guide • Share calendars. share and publish rich documents online Core Zimbra Server Functionality The core Zimbra server functionality includes: • Mail delivery and storage • Indexing of mail messages upon delivery • Mailbox server logging • IMAP and POP support • Directory services. resources. • Create and mange user accounts. The console offers the following management features: • Dashboard with task based management features. domains and aliases • Maintain profiles for feature based administration • Mobile device policy management • Color scheme configuration options of the Zimbra Web Client interface • Advanced tools for migration and interoperability • Exchange migration tools • Exchange interoperability for free/busy. including defining mail filtering options • Use the Tasks feature to create to-do lists and manage tasks through to completion • Create. address book lists with others • Set mailbox usage preferences.

zimbra. Late-breaking news for product releases and upgrade instructions are contained in the release notes. a trial license was automatically installed. and a description of administration tasks and configuration options.com/support/support_overview. The help topics describes how to perform tasks required to centrally manage mailbox accounts from the administration console.Zimbra. When you installed ZCA. Support and Contact Information Visit www.zimbra. This license is encrypted with the number of Zimbra accounts (seats) you have purchased. see the Zimbra website.html If you encounter problems with this software. go to http://bugzilla. Available Documentation The following documentation is available: • Administrator Guide. The help topics describe how to use the features of the Zimbra Web Client. The latest notes can be found on the Zimbra website.com to join the community and to be a part of building the best open source messaging solution. Zimbra Collaboration Suite Appliance ZCA 6.com for support issues.com. This trial license is good for 60 days. This guide provides a product overview.Zimbra.0. the effective date. http://www. • Zimbra Web Client Help. We appreciate your feedback and suggestions.7 7 . For information about the Zimbra support program.Introduction Zimbra License Requirements A Zimbra license is required in order to create accounts. • Release Notes. www.com to submit a bug report. and expiration date of the regular license. • Contact sales@Zimbra. • Zimbra administration console Help.com to purchase Zimbra Collaboration Suite • Contact support@zimbra. You will need to purchase a Zimbra regular license in order to create accounts after the trial license expires. Make sure to provide enough detail so that the bug can be easily duplicated.

7 Zimbra Collaboration Suite Appliance .Administrator’s Guide 8 ZCA 6.0.

This tab opens the admin dashboard used to manage accounts and domains. • Zimbra Administration tab. • Zimbra Status tab. This shows the status of the ZCA services. and proxy server settings.xxx. The administrator can download and install the update from this tab.xxx:5480 You can find the IP address on the vSphere Client. • Update tab. if they are configured. address settings. • Network tab.0.Chapter 2 Working in the Administration Console This chapter describes the components of the Zimbra Collaboration Suite Appliance (ZCA) administration console.7 9 . The administration console consists of the following four main tabs. Zimbra Collaboration Suite Appliance summary tab. Zimbra Collaboration Suite Appliance ZCA 6.xxx. This tab is used when a ZCA version is updated. Logging Into the Console To log into the administration console open your browser and type the Zimbra Appliance host name URL as https://xxx. This tab shows the network status. The administration console is the browser-based user interface the ZCA administrator uses to centrally manage ZCA.

Setting Up the Administrator Account One administrator account can be created in ZCA and this account is created during the installation of ZCA. Initial administrative tasks for this account may include setting up the administrator mailbox to create aliases and forwarding addresses needed for the administrator’s working environment.7 Zimbra Collaboration Suite Appliance . • Root. Changing Administrator Passwords The administrator password is created when ZCA is set up during installation. 10 ZCA 6. Zimbra Status Tab When you log on to ZCA. If you did not change the default settings during the installation. Other appliance reports may be sent to the admin account as well.0. This tab also shows the amount of free mail storage disk space remaining. When all services are green. This address is where notification messages from the operating system are sent. • The password is the password of the VMware virtual machine set during the installation of ZCA. Two aliases for the administrator account are created during install: • Postmaster. the message is forwarded to the administrator mailbox. the anti-virus notification is sent directly to the admin account. Note: When you log in to the ZCA administration console the first time. You should log on to this account frequently. ignore the warning and select the option to continue. Services that are not running display in red. Select the administrator account and change the password. The Zimbra Status tab opens and shows that status of all services. The postmaster address is displayed in emails that are automatically generated from the mail transfer agent (MTA) and sent to the sender when messages cannot be sent. This admin account is the first account provisioned on the server and allows you to log on to the administration account using the password that was created at the same time.Administrator’s Guide • The user name is vmware. This opens the administration dashboard where you manage ZCA accounts and domains. the first page that is displayed shows the Zimbra services. click the Zimbra Administration tab. If users reply to this postmaster address. if an untrusted connection warning displays. The password can be changed at any time from the Accounts toolbar.

Working in the Administration Console Anti-spam Service The Zimbra Appliance utilizes SpamAssassin to control spam. • Spam Training User to receive mail notification about mail that was not marked as junk.7 11 . Messages tagged above 75% are always considered spam and are discarded. and to send notification to recipients alerting that a mail message with a virus was not delivered. ZCA uses a percentage value to determine spaminess based on a SpamAssassin score of 20 as 100%. • Non-spam (referred to as ham) Training User to receive mail notification about mail that was marked as junk. Users can view the number of unread messages that are in their Junk folder and can open the Junk folder to review the messages marked as spam and move a message if it is not spam. Any message tagged between 33%-75% is considered spam and delivered to the user’s Junk folder. but should be. Anti-virus Service Clam AntiVirus software is bundled with the appliance as the virus protection engine. How well the antispam filter works depends on recognizing what is considered spam or not considered spam from messages that users specifically mark as Junk or Not Junk in their accounts. The accounts created are listed in the accounts list. The anti-virus software is configured to block encrypted archives. SpamAssassin uses predefined rules as well as a Bayes database to score messages with a numerical range. Zimbra Collaboration Suite Appliance ZCA 6. These addresses are automatically configured to work with the spam training filter. the message is delivered to the recipient’s Junk folder. An automated spam training filter is enabled and two feedback system mailboxes are created to receive mail notification. to send notification to administrators when a virus has been found. but should not have been. When a message is tagged as spam.0.

Administrator’s Guide The anti-virus protection is enabled for each server during installation. 12 ZCA 6. the Zimbra MTA checks every two hours for any new anti-virus updates from ClamAV. The LDAP directory service is used for internal authentication. LDAP entries are made for every ZCA attribute that specify operating parameters for the appliance. When a virus has been found. Mailbox Service The mailbox service manages all accounts’ mailbox content. the notification address for anti-virus alerts is configured.0. calendars. In addition. ZCA uses the LDAP directory to look up user addresses from within the company. including messages. LDAP Service LDAP directory services provides a centralized repository for information about users and devices that are authorized to use your network. This is referred to as the GAL. During ZCA installation.7 Zimbra Collaboration Suite Appliance . MTA Service MTA receives email through SMTP and routes each message to the mailbox server. The default is to set up the admin account to receive the notification. attachments. By default. contacts. and briefcase folders. a notification is automatically sent to that address. Anti-virus protection is enabled for each server when the Zimbra software is installed. Each account has an unique mailbox ID that is the primary point of reference to identify the account. Functionality includes: • SMTP authentication • Attachment blocking • Relay host configuration Spell Service This is the spell checker service used for Zimbra Web Client (ZWC) to check the spelling when an email message is composed. Convertd Service The convertd service is a conversion service that is used to extract the text from attachments to email messages so they can be indexed along with the email body.

You should regularly monitor the disk capacity and when disks reach the 85% full threshold. Monitoring ZAP Servers You can set up a third-party monitoring tool to manage ZCA servers. you are directed to use this link by Zimbra support to help diagnose issues. the results are saved to a zip file that can be forwarded to support. performance.Working in the Administration Console Stats Service This service maintains statistics about the operation of the application. A link to the Spring Source Hyperic HQ monitoring tool is available from the Status tab. • Settings. Navigating the Administration Tab You manage all user and domain configuration tasks from the administration tab. but is available for Zimbra support to troubleshoot issues. you should plan to add additional disk space. The console includes three tabs that make it easy to quickly find items in the console. and utilization. HQ's default metric collection provides real time monitoring of availability. • Dashboard. The storage space is used to save the content of users’ accounts. For more information about Hyperic HQ go to the following links: • For product description: http://www.0.com/support/systems-monitoringdoc Diagnostics Link The Diagnostics link is used for troubleshooting ZCA. Zimbra Collaboration Suite Appliance ZCA 6. When you run a diagnostics of ZCA.hyperic.hyperic. used to manage server configuration and to create a policy for attachments received with email messages. used to manage the daily ZCA activity for accounts. In most cases.com/products • For documentation: http://www. Disk Space Usage The Status tab shows the amount of free storage space remaining on the disk.7 13 . The information is not available for administrator’s review.

domains. aliases. 14 ZCA 6. domains.0. To view each of these items in the Content pane. When you view All addresses. This tab includes tools for migrating and importing accounts. and profiles area. profiles. and resources. Tasks Managed from the Administration Tab Some of the tasks that are performed from the administration console include: • Managing your domain and create new domains • Managing general configuration settings including licenses and certificates • Setting up virtual hosts on a domain • Creating and managing end-user accounts • Creating different profiles that define enabled features and assign the profiles to accounts • Creating and managing distribution lists and aliases • Migrating Microsoft Exchange user accounts to ZCA using the migration tool • Importing multiple accounts • Managing resources that can be scheduled for meetings • Changing user passwords Working in the Dashboard Tab From the ZCA dashboard tab you can view a list of account addresses. used to manage the Zimbra Appliance license and certificates. distribution lists. the Content pane shows all addresses in ZCS. You can identify the type of account from the icon.Administrator’s Guide • Advanced Tools.7 Zimbra Collaboration Suite Appliance . select the item from the menu on the right of the Find address.

Distribution lists do not count against your ZCA license. This icon represents a resource location account. distribution lists. Only one administrator account can be created. Zimbra Collaboration Suite Appliance ZCA 6. profiles. the ZCA license account limit reflects the change. and resources • Edit and delete the items you have created • Change passwords for accounts • View an accounts mailbox • View a list of account addresses. domains.0. (spam and ham) and GALsync account if you configure GAL for your domain. These are specific accounts used by ZCA. When you delete an account. This account counts against your ZCA license. and resources Description of Items to Create From the New menu on the dashboard toolbar you can create the following items. domains. distribution lists. • Create new accounts. Aliases do not count against your ZCA license.Working in the Administration Console This icon represents system accounts. Resource accounts do not count against your ZCA license. From the dashboard you can manage the following items. System accounts include the spam filter accounts for junk mail. profiles.7 15 . Do not delete this account! This icon represent user accounts. Do not delete these accounts! This icon represents the administrator account. This icon represents a distribution list. aliases. This icon represents an alias account. This icon represents a resource equipment account. aliases. This type of account counts against your ZCA license account limit.

Administrator’s Guide • Accounts. the default profile is displayed. configure GAL. • Aliases. As a minimum. You can create new resources and set the scheduling policy for the resource. • Resources.7 Zimbra Collaboration Suite Appliance . Lists all accounts. • Profile. • Domains. Lists the domain in the Zimbra Appliance environment.0. You can create and manage domains. passwords and aliases for an account. and configure the authentication mechanism to be used for that domain. The tab includes the following items: • Zimbra License tab that shows ZCA license information 16 ZCA 6. You can create new distribution lists and add to or delete members from a distribution list. Working in the Settings Tab The Settings tab is used to manage general ZCA settings. or delete profiles. You can create. Lists location or equipment that can be scheduled for a meeting. profiles. Lists profiles that have been created. Lists all distribution lists. In the Accounts folder. • Distribution Lists. The following domain items are managed from the Settings tab: • Update server configuration • Set rules for what type of attachments can be received with an email message Working in the Advanced Tools Tab The Advanced Tools tab page includes features that are infrequently accessed after you initial configure ZCA. Lists all aliases that have been created in user accounts. edit. You can use the Move Alias feature from the toolbar to move an alias from one account to another. setting options. you create and manage end-user accounts.

including IP address. and host name. gateway. You can set specific addresses or you can select to obtain the configuration from DHCP server. DNS server address. • The Address tab can be used to change the network addresses if you move the server to a new network.Working in the Administration Console • SSL Certificates tab that displays the information about the certificate assigned to ZCA • Migration Wizard and Import Accounts wizard links to help you migrate accounts and their content or import account information to provision many accounts at once Managing Network Settings The Network tab displays the Zimbra Appliance network connection settings. • The Proxy tab is configured if an HTTP proxy is required for access to the Internet for Web services that the Zimbra server may access. restart ZCA from the VMware VSphere console to make sure your changes take affect on all ZCA services. netmask. • The Status tab displays the Zimbra Appliance network status.0. Updating ZCA The Update tab is used to check for ZCA updates and to install those updates when they become available.7 17 . When you make changes to the network settings. The Proxy tab is configured if external calendar servers or social networking services are made available from user accounts. Zimbra Collaboration Suite Appliance ZCA 6.

0.Administrator’s Guide 18 ZCA 6.7 Zimbra Collaboration Suite Appliance .

Zimbra Collaboration Suite Appliance ZCA 6.Chapter 3 Managing ZCA Configuration ZCA settings are configured during the initial installation of the application and can be modified from the administration console.7 19 . You can change this. internal or external • Define the virtual host for a domain • Change general information configured for the default domain • Customize the client color scheme • Manage Zimlets that are available for accounts • Set up free/busy interop for scheduling meetings when you have users on both ZCA and Exchange • Define the email attachment filtering policy for incoming emails Changing General Information about your Default Domain The general information tab shows the following configuration details. You can manage these tasks from the administration console: • Install and manage your Zimbra license • Install and view your SSL certificates • Create new domains • Configure the authentication method to use.0.

This is configured during the installation of ZCA. This is the relay host name to which the MTA relays external email Default Domain Name The default domain name is the fully qualified hostname of the server. such as . an email loop is created. This is the default. The relay host name is the appliance MTA to Gateway host.0. scripts. You can change this on the General Information tab. you can configure rules to filter all attachments from email messages or attachments with a specific extension type. there is no limit to the size of the upload.) Configuring Rules for Receiving Attachments to Email To help prevent potential viruses from being received. or email clients that generate automatic replies or responses. Setting the Maximum Size of Uploads to Briefcase If the Briefcase feature is enabled. The default is 10 Mb. Setting Up Relay MTA for External Delivery Setting this parameter is optional.zip. This setting is used to instruct the MTA to send all non-local mail to a different SMTP server. If you set the default to 0. • Maximum size of an uploaded file for Documents or Briefcase. (An email loop is an infinite loop phenomenon. This is the maximum size of a file that can be uploaded into Briefcase. or used as a third-party anti-virus and anti-spam gateway. Common use cases for a relay host is when an ISP requires that all your email be relayed through a designated host or if you have some filtering SMTP proxy server. • Relay MTA for external delivery. This is changed from the Settings>Attachments tab. 20 ZCA 6. This also used as the assumed domain name when only a user name but not the domain is provided. users can upload files up to 10240K in size to their accounts.7 Zimbra Collaboration Suite Appliance . resulting from mail servers. Important: Use caution when setting a relay host to prevent mail loops. This is the assumed domain name when users try to authenticate without providing a domain name as part of their login name.Administrator’s Guide • Default domain name. If one such automatic response triggers another automatic response on the other side.

When you purchase. You can select from the common extension types that are listed or add other types of extensions. • Do not restrict viewing attachments. Messages with those type of extensions attached are rejected and the sender and recipient are notified that the message was blocked. Users cannot view any attachments sent with their email messages. and expiration date of the regular license. Files attached to email messages can only be viewed in HTML. Attachment to an email message can be viewed either in HTML or the attachment can be viewed in the original format. When you installed ZCA. Zimbra Collaboration Suite Appliance ZCA 6.0. You can also restrict receiving attachments by the file extension type.Managing ZCA Configuration The Attachments tab can be configured as follows: • Block all attachments. renew. Extensions that are restricted here do not display even if you have selected Do not restrict viewing attachments. • Allow viewing attachments only in HTML. This license is encrypted with the number of Zimbra accounts (seats) you have purchased. you must update the server with the new license information. If you do not want to send a notification to the recipient when messages are blocked. This trial license is good for 60 days. the effective date. Managing the Zimbra License A Zimbra license is required in order to create accounts. you can disable this feature. You will need to purchase a Zimbra regular license in order to create accounts after the trial license expires. or change the Zimbra license.7 21 . Use the Install License Wizard from the administration console’s Advanced Tools tab to upload and install a new license and to update an existing license. a trial license was automatically installed. This option blocks all attachments types sent with email messages and can be set to prevent a virus outbreak from attachments.

and the number of accounts used can be viewed from the Advanced Tools>License tab.7 Zimbra Collaboration Suite Appliance . When the number of accounts created is equal to the number of accounts purchased. A self-signed certificate is automatically deployed when ZCA is installed. and install self-signed and commercial certificates from the administration console Advanced Tools tab. issue date. expiration date. you will not be able to create new accounts. When ZCA is installed. a security alert is displayed and you will need to accept the warning to be able to log in. A certificate is the digital identity used for secure communication between different hosts or clients and servers. Self-signed certificates are normally used for testing. You can use the Certificate Installation Wizard to generate a new selfsigned certificate. but when you log in to the appliance administration console the first time. This is useful when you use a self-signed certificate and want to change the expiration date. The default is 365 days. Managing Your Self-Signed or Commercial Certificates You can view. • A commercial certificate is issued by a certificate authority (CA) that attests that the public key contained in the certificate belongs to the organization (servers) noted in the certificate. 22 ZCA 6.0. Two types of certificates can be used. update. number of accounts purchased. when you log on to the administration console a reminder notice is displayed. • A self-signed certificate is an identity certificate that is signed by its own creator.Administrator’s Guide Current license information. Certificates are used to certify that a site is owned by you. including license ID. self-signed and commercial certificates. the self-signed certificate is automatically installed and can be used. You must renew your license within 30 days of the expiration date. Starting 30 days before the license expires. You can purchase additional accounts or you can delete existing accounts.

7 23 . before you generate the CSR you must know the following details: • Common Name (CN). and country. Are you going to use a wildcard common name? If you want to manage multiple sub domains on a single domain on the server with a single certificate. company. They issue a digitally signed certificate.Managing ZCA Configuration To obtain a commercially signed certificate. As you enter information about your company. An asterisk (*) is added to the Common Name field. You download the CSR from the Zimbra server and submit it to a CA. You save this file to your computer and submit it to your commercial certificate authorizer. and when you receive the certificate. you complete a form with details about the domain. you use the Certificates Wizard to install the certificate on ZCA. To generate the CSR. check this box.0. Zimbra Collaboration Suite Appliance ZCA 6. Requesting a Commercial Certificate You can use the Zimbra Certificate Installation Wizard to generate the CSR that is sent to a commercial certificate authorizer and to install the commercially signed certificate when it has been authorized. such as VeriSign or GoDaddy. and then generate a CSR with the RSA private key. This is the exact domain name that should be used to access your Web site securely. use the Zimbra Certificates Wizard to generate the RSA Private Key and Certificate Signing Request (CSR).

0. The state/province you want the certificate to display as your company location • City (L). Your company name • Organization Unit (OU). You should renew your certificates before it expires.7 Zimbra Collaboration Suite Appliance . When SAN is used the domain name is compared with the common name and then to the SAN to find a match. Viewing the SSL Certificate Tab The Advanced Tools>SSL Certificate tab displays the certificate information for the Zimbra services. a security alert warning is displayed. The city you want the certificate to display as your company location • Organization Name (O). You can create multiple SANs. including validation days that shows when the certificate expires. When the alternate name is entered here. The country you want the certificate to display as your company location • State/Province (ST). when users log on to the accounts. the client ignores the common name and tries to match the server name to one of the SAN names.Administrator’s Guide • Country Name (C). The unit name (if applicable) Are you going to use Subject Alternative Name (SAN)? The input should be a valid domain name. 24 ZCA 6. If a certificate expires.

commonly used in sharing • Free/Busy Interop settings for use with Microsoft Exchange • Zimlets that are available for the domain • Customize the domain skin The default domain configuration after ZCA installation is as follows: • The GAL mode is Internal. When you select Domains from the Find address. and Free/Busy Interop are not set up • The profile is set to default profile Configuring General Information Settings Domains are managed from the administration console dashboard. either Internal LDAP server. Select the domain to edit from the list. external LDAP. The following settings can be configured for your default domain or when you create a new domain. or external Active Directory • Virtual hosts that are used to establish a default domain for user login • Public service host name that is used for REST URLs. Zimbra Collaboration Suite Appliance ZCA 6.7 25 . domains and profiles menu. When you set up a domain.Managing ZCA Configuration Setting Up Domains One domain is identified during the installation process and additional domains can be added from the administration console.0. External LDAP server or Active Directory. • The authentication mechanism is Internal • The Virtual Hosts. or both • Domain authentication mode. a list of domains is displayed. A GAL sync account is created and the datasource for the Internal GAL is Zimbra. you can configure the following: • Global Address List (GAL) mode. internal.

This is commonly used when sharing within Zimbra Appliance. the name of that server must be entered in Inbound SMTP Hostname field.domain. Note: The default time zone setting that is displayed in an account’s General Preferences folder is used to localize the time for received messages and calendar activities in the standard Zimbra Web Client. Each domain can be configured with the public service host name to be used for REST URLs. 26 ZCA 6. To make sure that the time is displayed the same in one or the other client. set that here.0. email folders. When you configure a pubic service hostname. Users can change the time zone from their accounts’ Preferences>General folder.Administrator’s Guide Default time zone for the domain PST (Pacific time) is the time zone that is set at installation by default. the time zone setting on the computer is used as the time stamp for received messages and for calendar activities. this public service hostname is used instead of the ZCA server hostname and the ZCA service hostname. make sure that the user’s computer time zone and the Zimbra Web Client time zone are set to the same time. This is the URL that is used when users share items such as calendars. When users use the advanced Zimbra Web Client. If the majority of your uses are located in another time zone. and Briefcase folders.7 Zimbra Collaboration Suite Appliance . Inbound SMTP Hostname If your MX records point to a spam-relay or any other external non-zimbra server. Public service hostname This is the host name to be used for REST URLs. The URL displays as http://publicservicename.com/home/username/ sharedfolder.

0. Domain Status The domain status is active in the normal state. If you create additional profiles. • Suspended. The default setting is Internal mode. Accounts can be created and mail can be delivered. but email is still delivered to the accounts. GAL is configured on a per-domain basis. the account’s status overrides the domain status setting. users cannot log in to check their email. When a domain status is marked as closed. The GAL search options are as follows: • Internal. This is sometimes referred to as the company directory or company “white pages. deleted. you can assign another profile to the domain. The GAL mode setting for each domain determines where the GAL lookup is performed. For the initial set up the default profile created during the installation is assigned to the domain. Changing the status also can affect the status for accounts on the domain. Note: If an account has a different status setting than the domain setting. If an account’s status setting is marked as maintenance or closed.” ZCA uses the GAL to look up user addresses from within the company. • Maintenance. The closed status overrides an individual account’s status setting. • Locked.7 27 . Domain status can be set as follows : • Active. If an account’s status setting is marked as closed. The Zimbra LDAP server is used for directory lookups. and accounts and distribution lists cannot be created. users cannot log in and their email is queued at the MTA. When the domain status is marked as maintenance. Users can log in and mail is delivered. login for accounts on the domain is disabled and messages are bounced. the account’s status overrides the domain status setting. the account status overrides the domain status. Setting Up Your Global Address List (GAL) The GAL is your company-wide listing of users that is available to all users of the email system. • Closed. Active is the normal status for domains. If an account’s status setting is marked as closed. When a domain status is marked as locked. the account’s status overrides the domain status setting. When the domain status is marked as suspended. The Configure Gal wizard on the Domain toolbar is used to configure the authentication modes.Managing ZCA Configuration Default Profile for the Domain The profile designated for the domain is automatically assigned to accounts created on the domain. Zimbra Collaboration Suite Appliance ZCA 6. users cannot log in. their email is queued at the MTA. or modified.

Configuring GAL Search for External GALs When you configure an external GAL.Administrator’s Guide • External. Internal and external directory servers are used for GAL lookups. When you configure the external GAL mode. all GAL contacts from the LDAP are added to the GAL address book. you can configure GAL search and GAL sync separately.0. but users also need to be able to sync to the GAL. • Both.).7 Zimbra Collaboration Suite Appliance . You can configure multiple external LDAP hosts for GAL. modified contact and deleted contact information. mail routing. the GAL sync account is updated with new contact. changes you make to the address book are deleted. a GAL sync account is created for each LDAP data source. During the sync. 28 ZCA 6. the traditional LDAP based search is run. You should not modify the GAL sync account address book directly. These accounts display in the administration console accounts list. Syncing the LDAP to the account gives users faster access to the GAL data and makes it easier for users to search the GAL. GALsync accounts When an internal or external GAL is set up. Configuring GAL Search for Internal GAL When you select Internal. All other directory services use the Zimbra LDAP service (configuration. You may want to configure different search settings if your LDAP environment is set up to optimize LDAP searching by setting up an LDAP cache server. External directory servers are used for GAL lookups. you can configure different search settings and sync settings. When the LDAP syncs the GAL to the account. no additional configuration is required. If the GALsync account is not available for some reason. etc. The address book in these accounts is used to sync the LDAP server contact data. When the GAL sync account syncs to the LDAP.

• External LDAP. • LDAP search base.0. You can configure multiple external LDAP hosts so users can access GAL from the next available configured server when a GAL server is down.Managing ZCA Configuration External LDAP settings that need to be configured are the following: • LDAP URL and whether to use SSL. Zimbra Collaboration Suite Appliance ZCA 6.7 29 .). • LDAP filter. Zimbra Collaboration Suite offers the following three authentication mechanisms: • Internal. A search filter must be specified. then enter the DN/password of a service account on the external LDAP that has been granted access to the attributes required to do the search. The port is 389. The following is an example of the filter string. If you use SSL. • Autocomplete filter. The Configure Authentication wizard on the Domain toolbar is used to configure the authentication modes. The user name and password is the authentication information supplied in the bind operation to the directory server. LDAP filter. etc. To enable the ability to let users use the Autocomplete from GAL feature. For LDAP. the autocomplete filter must be configured. no other configuration is required. The Internal authentication uses the Zimbra directory server for authentication on the domain. ( dc=server. If the filter you entered cannot be run using an anonymous bind. gn. For example. adAutoComplete is the default filter. and then verifies that the entry matched is either a Zimbra account or distribution list. To search within a specific part of your directory. The parameters in a filter you construct determine the thoroughness of a search. Enter the LDAP address. This is the default. You must configure the LDAP URL. enter a search base. For AD. and to use DN password to bind to the external server. Setting Up Account Authentication Account authentication is the process of identifying a user or a server to the directory server and granting access to legitimate users based on user name and password information provided when users log in. The filter defines the search rules used for directory searches. dc=com). When you select Internal. • Use DN Password to bind to external server. Syntax "%s" represents the string the user enters: (&(|( cn=*%s*)( sn=*%s*)( gn=*%s*)( mail=*%s*)( zimbraMailDeliveryAddress=*%s*) ( zimbraMailAlias=*%s*)( zimbraMailAddress=*%s*)) (|( objectclass=zimbraAccount)( objectclass=zimbraDistributionList))) This filter example combines the basic search filters using the Boolean operation OR to first search the various attributes (cn. the port is 636. the default GAL filter setting is (|( cn=%s*)( sn=%s*)( gn=%s*)( mail=%s*)).

If you use SSL. Enter the LDAP address. The default is to use the internal method as the authentication mode.com). The user name and password is the authentication information supplied to the Active Directory server. On the administration console you use the Authentication Wizard to configure the authentication settings for your domain. 30 ZCA 6. otherwise an authentication error is returned to the user. the default port is 636. Example of the search filter is (mail=%u@mycompany.7 Zimbra Collaboration Suite Appliance . You can configure multiple external LDAP hosts. You identify the Active Directory domain name and URL. You should ensure that the filter you enter results in a single entry being matched. The filter defines the search rules used for directory searches and tries to map the user name to one user on the external LDAP. No additional configuration is necessary. • LDAP filter.Administrator’s Guide • External Active Directory. You configure the following external LDAP settings: • LDAP URL and whether to use SSL or StartTLS. the connection is closed and the password is considered valid. Internal The Internal authentication method assumes the Zimbra schema. The authentication method is set on a per-domain basis. External LDAP The external LDAP authentication mechanism attempts to bind to the specified directory server using the supplied user name and password. The default port is 389.0. If this bind succeeds. Check either to use SSL or StartTLS.

When the virtual host is found.company. Zimbra Collaboration Suite Appliance ZCA 6. Setting UP Virtual Hosts for Your Domain You can configure multiple virtual host names to host more than one domain name on the server. The general domain configuration does not change. The default port is 389. The name of the domain for the active directory server. Zimbra Web Client users can log in without having to specify the domain name as part of their user name. You can configure multiple external active directory hosts. users enter only their user name and password. https:// mail. users can login to their accounts without having to specify the domain name as part of their user name. You configure the following settings: • AD domain name. • Use DN/Password to bind to external server. Virtual hosts are configured from the administration console Domains>Virtual Host tab. If the filter you entered cannot be run using an anonymous bind.0.Managing ZCA Configuration • LDAP search base. If you use SSL.7 31 . The virtual host requires a valid DNS configuration with an A record. It would be entered as ( dc=server. Users enter the virtual host name as the URL address. The authentication request searches for a domain with that virtual host name. • AD LDAP URL and whether to use SSL. the authentication is completed against that domain. dc=com). External Active Directory The external active directory (AD) authentication mechanism attempts to bind to the AD server using the supplied user name and password. When the Zimbra login screen displays. enter a search base. To search within a specific part of your directory. Enter the active directory LDAP address. then enter the DN/password for a service account on the external LDAP that has been granted access to the attributes required to do the search. For example. When you create a virtual host. the default port is 636.com.

• Web interface to Exchange public folders needs to be available via IIS. • The Exchange user name must be provisioned in the account attribute zimbraForeignPrincipal for all ZCA users. To set free/busy interoperability. 32 ZCA 6. Configuring Free/Busy on Zimbra Appliance The Exchange server settings are configured from the Domain>Interop tab on the administration console dashboard tab. Exchange 2003/2007 Setup Requirements For Exchange 2003. • The ZCA server must be able to access the HTTP(S) port of IIS on at least one of the Exchange servers. This is required only for ZCA to Exchange free/busy replication. (http://server/public/) • ZCA users must be provisioned as a contact on the AD using the same administrative group for each mail domain. This is required only if there is Zimbra Appliance to Exchange free/busy replication. The Zimbra Free/Busy module to connect with Microsoft Exchange pulls the free/busy schedule of users on the Exchange server and also pushes the free/ busy schedule of ZCA users to the Exchange server.Administrator’s Guide Setting up Zimbra Free/Busy Interoperability When ZCA is deployed in a with Microsoft Exchange servers and. the Exchange systems must be set up as described in the Exchange Setup Requirements section. you can set up free/busy scheduling across the Exchange server and the ZCA server so that users can efficiently schedule meetings.0.7 Zimbra Collaboration Suite Appliance . the following is required: • Either a single Active Directory (AD) must be in the system or the global catalog must be available. ZCA can query the free/busy schedules of users on Microsoft Exchange 2003/ 2007 servers.

• Form is authentication to Exchange as HTML form based authentication.Managing ZCA Configuration • Microsoft Exchange Server URL. This is the name of the account in AD and password that has access to the public folders.7 33 . to see contact information from the address book for this name. • Basic is authentication to Exchange via HTTP basic authentication. The following are included: • com_zimbra_date.0. ou= . Zimbra Collaboration Suite Appliance ZCA 6. The cn setting in the legacyExchangeDn attribute corresponds to the zimbraForeignPrincipal attribute. either Basic or Form. These are used to authenticate against the Exchange server on REST and WebDAV interfaces. Set at the global level this applies to all accounts talking to Exchange. and cn= settings. • O and OU used in the legacyExchangeDN attribute. Managing Zimlets on the Domain Pre-defined Zimlets that enhance the user’s experience from the Zimbra Web Client are included with ZCA. • com_zimbra_email. Note: To find these settings on the Exchange server. Email addresses/names. • com_zimbra_url. This is the Web interface to the Exchange. • Microsoft Exchange User Name and Password. Next go the each account’s Free/Busy Interop tab and configure the foreign principal for the account. • Microsoft Exchange Authentication Scheme. URL link to quickly go to the website specified in an email message. you can run the Exchange ADSI Edit tool and search the legacyExchangeDN attribute for the o= . This sets up a mapping from the ZCA account to the corresponding object in the AD. Dates or time in the message to see their calendar schedule for that date or time.

7 Zimbra Collaboration Suite Appliance . Emotiocons. Customizing Themes for Domains The Zimbra Web Client includes multiple themes that users can select as the appearance of their mailbox. • com_zimbra_ymemotiocons. to add a textual portrayal of different facial expressions to their messages. Drag and Drop files on to their email message. The text color usually does not need to be changed. VOIP software. Check the Zimlets that should be enabled for the domain. All Zimlets that are deployed are displayed in the Domain>Zimlets tab. such as Skype or Cisco VOIP phones must be installed on the user’s computer. Phone numbers to quickly place a call. • Foreground color of the themes. The default text color is black. The emoticons are available from a link on the compose toolbar. 34 ZCA 6. If a Zimlet should not be turned off from ZWC. You can change the base colors of themes for a domain from the administration console. Users can control the Zimlets they use from the ZWC Preferences>Zimlet page. Note: This feature does not work with Internet Explorer.Administrator’s Guide • com_zimbra_phone. The foreground color is the text color displayed. select mandatory.0. • com_zimbra_ dnd.

In the following image. The secondary color is the color used for the toolbar. • Selection color of the themes. and selection highlight.7 35 . and for a selected tab. Waves and Yahoo. The selection color is the color displayed for a selected item.Managing ZCA Configuration • Background color of the themes. the background color displays with the logo. and the toolbar are displayed in the secondary color. tabs. background color of the Content and Navigation panes. Hot Rod. the selected tab. have been designed with graphics or color codes that are not changed when you change the base color. • Secondary color of the themes. You may want to disable those themes from user’s Theme preferences selection. The primary background color displayed in the client. Note: A number of Zimbra themes are included with Zimbra Appliance. This color is the background on the page. in this example. such as a message. the variant of the background color displays in the login area. Mail. In the following image. Some of these themes.0. Zimbra Collaboration Suite Appliance ZCA 6. selection headers in the Navigation pane. such as Lemongrass. Variants of the color are used for buttons. the clicked item from a right-click or other drop-down menu selection.

Administrator’s Guide 36 ZCA 6.7 Zimbra Collaboration Suite Appliance .0.

In an environment that includes users with different email and collaboration requirements. When IMAP or POP clients are used. Zimbra Collaboration Suite Appliance ZCA 6. which allows users to sync their smart phones with their accounts. create another profile that enables the features and Zimbra Mobile and assign this profile to users who can access to this feature. the default profile does not enable mobile sync. a new profile tab opens. You can create a profile from the New link on the administration console dashboard. Each account is assigned a profile. You might not want to turn this on for all of your users. creating different profiles based on user requirements makes it easy to give users the feature sets they need.7 37 . A default profile is automatically created during the installation of ZCA and you can create additional profiles. For example. In that case. Setting Up Profiles Profiles define which features are enabled for an account. Configuring profiles and assigning a profile to accounts lets you configure the features for accounts. When you change a profile.0. accounts assigned that profile reflect the change. Click New and select Profile.Chapter 4 Customizing Profiles and Setting Up Mail Policy Rules This chapter describes the features that can be enabled in a ZCA profile that is assigned to user accounts. users may not have these features available. Note: Mailbox features are enabled for the Zimbra Web Client users.

• Advanced. Domain Profiles When you create a new domain or edit an existing one. ZCA Features to Configure When users use the Zimbra Web Client to view their accounts they can access the following features as determined by their profile. This is a good option if most users on the domain should have the same features enabled. Managing Zimbra Mobile for information about this feature. See Chapter 13. • Features. • Email 38 ZCA 6. This tab is used to set up account quota. On this tab you define the profile’s display name and you can describe the profile in any way you want. and set password. Note: If you delete a profile that accounts are currently assigned. the accounts are automatically assigned the default profile. the default profile is automatically assigned when an account is created. login. you can select the profile that is automatically assigned to users created on that domain. The features are described in this chapter. This tab enables the Zimbra Mobile sync feature. and email retention policies. This tab lists all features that can be enabled for user accounts. If the domain does not have a profile defined. • Zimbra Mobile.7 Zimbra Collaboration Suite Appliance .0.Administrator’s Guide A profile consists of the following configuration tabs: • General Information.

Users can change the default from the Mail toolbar. tags. Many of these features can be managed by users from their account Preferences tab when they log on to the Zimbra Web Client. View link. This is enabled by default in the profile. Conversations group messages by subject. user-defined filters. You configure which email messaging features are enabled. Zimbra Collaboration Suite Appliance ZCA 6. They can specify their default font settings for HTML compose in their account Preferences tab.0. you can remove the check from Preferences in the profile. and more. Features tab.7 39 . Messages can be displayed grouped into conversations or as a message list. If this feature is enabled. The default is to let users manage their preferences. Mail Features Mail Conversations Description Enables the email application. mail sorted by conversations. conversation view is the default.Customizing Profiles and Setting Up Mail Policy Rules • Address books • Calendar • Tasks • Briefcase • Preferences These features can be enabled in the profile. user-defined folders. Email messaging Zimbra Appliance email messaging is a full-featured email application that includes advanced message search capabilities. HTML compose Users can compose email messages with an HTML editor. If you do not want users to be able to change their account preferences.

An email with information about the email’s subject. A copy of each message sent to the account is immediately forwarded to the designated forwarding address. Persona The name and address configured for the account creates the primary account persona. Users can change the information from their account Preferences tab. In the Forwarding tab you can enable the function so that a copy of the forwarded message is not saved in the user’s mailbox. Account aliases can be selected for the From name of messages sent from that persona account and a specific signature can be set for the persona account. They can turn this feature on or off and designate an address from their account Preferences tab. status. and folders. By default a message is sent to each recipient only once every seven days. users can create additional account names to manage different roles. regardless of how many messages that person sends to the address during that week. size. attachment. Saved searches 40 ZCA 6. In the account configuration. domain. tags. When Persona is enabled.7 Zimbra Collaboration Suite Appliance . you can also specify forwarding addresses that are hidden from the user. Advanced search Allows users to build a complex search by date.Administrator’s Guide Allow the user to specify a forwarding address Users can create a forwarding address for their mail. You can specify a default forwarding address for a user when you create or edit an account. sender address and recipient address is sent to the address. New mail notification Allows users the option to specify an address where to be notified of new mail to their ZWC account. Users can save a search that they have previously executed or built. Users can also set the start and stop dates for the out of office message. This is commonly used as a vacation message.0. Out of office reply Users can create an email message that automatically replies to incoming messages. This is the information that the user uses as the From address.

ZCA 6. An alias is not an email account.7 41 IMAP access Zimbra Collaboration Suite Appliance . the corresponding actions associated with that rule are applied. Users can access the company directory to find names for their email messages. When Initial search preference is enabled. They can add the external account address to their account settings. Users can define a set of rules and corresponding actions to apply to incoming mail and calendar appointments. When an incoming email message matches the conditions of a filter rule. When this is enabled. Users can set these up from their Preferences tab. to access their mailbox using the IMAP protocol.0. users can create a spam white list from the Preferences Mail folder to identify email addresses that should not be marked as spam. Users can set these up from their Preferences Accounts tab. Messages identified as spam are moved to the Junk folder. users can select another folder as the default search folder that is automatically searched from the search field. Users set up these rules from their account Preferences tab. Users can set up to retrieve their POP accounts’ email messages directly from their ZWC account. External POP access External IMAP Access Aliases for this account Mail filters Tagging GAL access Autocomplete from GAL Users can create tags and assign them to messages. Users cannot change this. An email alias is an email address that redirects all mail to a specified mail account. Users can set up to retrieve their IMAP accounts’ email messages directly from their ZWC account. Users can also choose whether to delete the messages on the server after they are downloaded. contacts. Users can use third party mail applications. To avoid having mail incorrectly marked as junk. Note: Spam check on a received message is completed before users’ mail filters are run. Users can turn this feature on or off from their Preferences tab. users enter a few letters in their compose header and names listed in the GAL are displayed.Customizing Profiles and Setting Up Mail Policy Rules Initial search preference The initial search folder is Inbox. They can add the external account address to their account settings. such as Thunderbird or Outlook. You can create an alias for the account. and Documents pages.

If more than one language locale is installed on Zimbra Appliance. and Briefcase folders.. • Set the display language for ZWC. • Whether to compose messages in a separate window.Administrator’s Guide POP3 access Users can use third party mail applications. The default maximum number of white list and black list addresses is 100 on each list. This data can be saved to their computer or other location as a backup. such as Thunderbird or Outlook. • Whether to send a read receipt when it is requested. highlight the Mail tab when a message arrives. Users can modify the following mail preferences from their Preferences Signatures tab. Import/Export Folder In the advanced Web Client. The account data is saved as a tar-gzipped (tgz) archive file so that it can be imported to restore 42 ZCA 6. • How often. • Whether to save copies of outbound messages to the Sent folder. that the Web Client checks for new messages.7 Zimbra Collaboration Suite Appliance . users can select the locale that is different from the browser language settings. Check for new mail every. etc. and flash the browser. • Set or change email message alerts. Important: To allow users to share their mailbox folders. including email messages and attachments. Users can modify the following mail preferences from their account Preferences Mail tab. • Preferences for how messages that are replied to or forwarded are composed. • Which folder should be searched first when running a search. • Whether to save a local copy of a message that is forwarded or to have it deleted from their mailbox. tasks. Alerts can be set up to play a sound. address books. to access their mailbox using the POP protocol. contacts. • Whether to view mail as HTML for messages that include HTML or to view messages as plain text. Import/ Export folder can be used to export a user’s account data. calendar. the messages and attachments are saved on the Zimbra server. in minutes. enable Sharing in the Features tab. Users can set up their own Junk Mail Options of whitelist and blacklist email addresses that is used to filter incoming message from their Preferences Mail folder. • Whether to automatically append a signature to outgoing messages. calendars.0. When they retrieve their POP email messages. the Preference..

Important: To allow users to share their address books. You can turn the Import/Export feature off from the profile.Customizing Profiles and Setting Up Mail Policy Rules the user’s account. Important: To allow users to share their calendars. and Documents notebooks. a Contacts list and an Emailed Contacts list are created in Address Book. By default. Address Book Zimbra Address Book allows users to create multiple contact lists and add contact names automatically when mail is received or sent. Users can import contacts into their Address Book. When they run the export command. enable Sharing in the Features tab. and Documents notebooks. By default. establish recurring activities. They can subscribe to external calendars and view their calendar information from Zimbra Web Client.csv files. Users can modify the following Address Book preferences from their account Preferences Address Book tab.7 43 . Users can import other contact lists into their Address Book and can export their address books as well. address books. They can also use search for appointments in their calendars. Zimbra Collaboration Suite Appliance ZCA 6. calendars. The files must be . enable Sharing on the Features tab. • Enable auto adding of contacts to automatically add contacts to their Emailed Contact list when they send an email to a new address. not removed from the user’s account. and delegate manager access to their calendars. two contact lists folders are in the Address Book. share calendars with others. the data are copied. create multiple calendars. This is done from the Preferences Import/Export folder Calendar Zimbra Calendar lets users schedule appointments and meetings. Feature Name Address Book Description Users can create their own personal contacts lists.0.

• Display the mini-navigation calendar in the Mail view. The Find Attendees. When Group Calendar is not checked. 44 ZCA 6. 7-day week. • Calendar view they want to see by default. • Users can import and export their appointments in the standard iCalendar (. list.Administrator’s Guide Feature Name Calendar Description A calendar and scheduling tool to let users maintain their calendar. • Number of minutes before an appointment to be reminded and select how to be notified: sound. • First day of the week to display in the calendar. • Set permissions for free/busy and who can invite the user to a meeting. giving them the opportunity to change time zones while making appointments. work week. schedule meetings. flash the browser title. When this option is enabled. and popup notification.ics) format. The mini-calendar automatically displays in the Calendar view. the only Calendar feature is the ability to create personal appointments and accept invitations to meetings. The filter subject is Calendar Invite. day. messages that are marked as invites are run through the filter. delegate access to their calendar.0.7 Zimbra Collaboration Suite Appliance . Filtering Calendar Messages Users can set up mail filter rules that act on calendar-related messages. • Time-zone list in their appointment dialog. the QuickAdd dialog displays when users double-click or drag on the calendar. • View calendars as a nested group within different folders. When they select this subject. Other User Calendar Preferences Users can modify the following calendar preferences from their account Preferences Calendar folder. month. This is done from the Preferences Import/Export folder. the user must have Yahoo! BrowserPlus™ installed. Group Calendar Setting Remote Calendar Automatic Update Interval Remote calendars are automatically updated every 12 hours by default. Schedule and Find Resources tabs are not displayed. and more. • Use the QuickAdd dialog to create appointments from the calendar view. create multiple personal calendars. or schedule. If popup notification is selected.

They can open the file if the application is available on the computer. • Enable the ability to automatically add invites with PUBLISH method.7 45 . Feature Name Briefcase Description Users can upload files to their Zimbra Web Client account. These files can be accessed whenever they log into the advanced Zimbra Web Client. Tasks Zimbra Tasks lets users create to-do lists and manage tasks through to completion. The account the invitation is forwarded to must have been granted admin privileges on the shared calendar to be able to reply to the invitation. send the file in an email. enable Sharing in the Features tab. organize files into different Briefcase folders. Feature Name Tasks Description Users can create and organize tasks from the Zimbra Web Client. Important: To allow users to share their task lists. Briefcase Zimbra Briefcase lets users upload files from their computer to their Zimbra Web Client account. Other Feature Configuration Settings for Accounts Other configuration options include: • Enabling the Sharing feature that allows users to share items with other users • Disabling Preferences for user accounts • Disabling the user preferences for Import/Export • Enable Zimbra Mobile so users can access their accounts from their mobile devices Zimbra Collaboration Suite Appliance ZCA 6.0. • Forward calendar invitation to specific addresses.Customizing Profiles and Setting Up Mail Policy Rules • Set the preference to use the iCal delegation model for shared calendars for CalDav interface. They can add tasks to the default tasks list and they can create additional task lists to organize to-do lists by more specific activities. groups. • Be notified of changes made to an appointment by a delegated access grantee. Task lists can be shared with individuals. and the public.

over-the-air synchronization of email. In this folder users see a list of folders that have been shared with them and folders that they have shared with others. They cannot change the default configuration for features that are set up for their accounts. Managing Shared Items using Distribution Lists When distribution lists are used to manage shared items. including their mail folders. All members of the list have the same share privileges that the grantee defined for the shared folder. New members added to the distribution list can be automatically notified about items that are shared with them. users can share any of their folders. Users can modify the default preferences that are configured for their account. Users specify the type of access permissions to give the grantee. Users can manage their shared folders from their ZWC Preferences Sharing folder. Users must notify the administrator that they have shared a folder with the distribution list. a copy of the shared folder is put in the grantee’s folder list on the Overview pane. and Briefcase folders.7 Zimbra Collaboration Suite Appliance . When a new shared folder is published. When internal users share a mail folder. You can disable preferences and the Preferences tab does not display in users’ mailboxes. Administrators manage the shares from the DL’s Shares tab. existing members of the DL are automatically notified of the new shared item. They can accept the shared item from their ZWC Preferences>Sharing tab. When the administrator is notified. calendars. members of the distribution list are automatically granted rights to the shared item. Disabling Preferences Preferences is enabled by default in profiles. When a member is removed from the distribution list. They can share with internal users who can be given complete manager access to the folder.0. address books. 46 ZCA 6. Zimbra Mobile Zimbra Mobile is an optional component that enables two-way.Administrator’s Guide Enabling Sharing When the Sharing feature is enabled. the administrator publishes the shared item in the Shares tab to make the shared item available to members of the DL. external guests that must use a password to view the folder content. calendar. the share privileges associated with the DL are revoked. task lists. and the public access so that anyone who has the URL can view the content of the folder. and contacts data between mobile devices and the Zimbra server.

Configuring Advanced Tap Options The profiles Advanced tab lets you set account quotas and password. The quota percentage can be set and the warning message text can be modified in the Advanced tab settings for the profile. Select Password locked from the Advanced tab Password section. calendar. When this is enabled. If you set the quota to 0. When this threshold is reached. Account quota is the amount of space in megabytes that an account can use.0. and email retention policies. task lists. accounts do not have a quota. Zimbra Collaboration Suite Appliance ZCA 6. you can configure ZCA to require users to create strong passwords. Setting Password Policy If internal authentication is configured for the domain. Users can be notified that their mailboxes are nearing their quota. The percentage threshold for quota notification can be configured. When the number is reached. a quota warning message is sent to the user.Customizing Profiles and Setting Up Mail Policy Rules Zimbra Mobile Enables the Zimbra Mobile feature that allows Zimbra to provide mobile data access to email. The password settings that can be configured are listed below. The default mobile device policy is also enabled. login.7 47 . The Address Book size limit field sets the maximum number of contacts a user can have across all of their address books. you must disable the Change Password feature in their profile. Calendar meeting information. The AD password policy is not managed by Zimbra. and files in Briefcase. and contacts for users of selected mobile phones. The quota includes email messages. See the Zimbra Mobile chapter for information about setting up mobile devices and setting up or changing the mobile device policies that can be enabled. all email messages are rejected and users cannot add files to their account. Important: If Microsoft Active Directory (AD) is used for user authentication. users cannot add new contacts. When the quota is reached. Setting Account Quotas You can specify mailbox quotas and the number of contacts allowed for accounts.

Minimum upper case characters Minimum lower case characters Minimum punctuation symbols Minimum numeric characters Minimum number of unique passwords history Password locked Upper case A . If this is set to 0. an unlimited number of failed log in attempts is allowed.9 Number of unique new passwords that a user must create before he can reuse an old password. the “failed login lockout” feature is enabled and you can configure the following settings.7 Zimbra Collaboration Suite Appliance . They must change it when the maximum password age is reached. $. &. Users can change their passwords at any time between the minimum and maximum set. Users cannot change their passwords. Configuring the next settings will require users to create more complex passwords. 48 ZCA 6. This type of policy is used to prevent password attacks. This means the account is never locked out. The default is 10 attempts. The default minimum length is 6 characters.z Non-alphanumeric. % Base 10 digits 0 . #. Configuring a minimum and maximum password age sets the password expiration date.Administrator’s Guide Feature Name Minimum/Maximum password length Minimum / Maximum password age Description This specifies the required length of a password.0. The default maximum length is 64 characters.Z Lower case a .This should be set if authentication is external. The number of failed login attempts before the account is locked out. Setting Failed Login Policy You can specify a policy that sets the maximum number of failed login attempts before the account is locked out for the specified lockout time. Feature Name Enable failed login lockout Number of consecutive failed logins allowed Description When this box is checked. for example !.

Feature Name Session idle lifetime Description Session idle lifetime sets how long a user session remains active. Time window in which the failed logins must occur within to lock the account Setting Session Timeout Policy You can set how long a user session should remain open and when to close a session because the session is inactive. or days the account is locked out. The default is 1 hour. Feature Name Email message lifetime Description Number of days a message can remain in any folder before it is automatically purged. trashed and spam messages is set in the profile. minutes. the user can continue attempts to authenticate.This forces the current session of the account to expire immediately. The duration of time in seconds. or days after which the number of consecutive failed login attempts is cleared from the log. hours. The minimum configuration for email message lifetime is 30 days. no matter how many consecutive failed login attempts have occurred.Customizing Profiles and Setting Up Mail Policy Rules Time to lockout the account The amount of time in seconds. The default is 2 days. or the administrator manually changes the account status and creates a new password. Activity includes any clickable mouse action. such as viewing contents of a folder or clicking a button. hours. . minutes. You can manually expire a user’s web client session from the administration console Expire Sessions link. When the message purge function runs is set by the message purge command.7 49 . Zimbra Collaboration Suite Appliance ZCA 6. The default is 0. email messages are not deleted. If this is set to 0. Setting Email Retention Policy The email retention policy for email. the account is locked out until the correct password is entered. if no activity occurs.0. The default is 0.

users are automatically redirected to the standard Zimbra Web Client. The default is 30 days. unless they use the menu on the login screen to change to the standard version. tasks. Users can change the default version in their preferences. Other Account Configuration Preferences Preferences Import/Export. If you do not want users to the import/export capability.Administrator’s Guide Trashed message lifetime Spam message lifetime Number of days a message remains in the Trash folder before it is automatically purged. contacts.7 Zimbra Collaboration Suite Appliance . including mail. 50 ZCA 6. ZCA offers a standard and an advanced Zimbra Web Client that users can log in to. The data are not removed from their accounts. Any of these files can be imported into their account from the same tab. The exported account data file can be viewed with an archive program such as WinRAR archiver. Both web clients include mail. calendar. you can disable the feature from the profile. if ZWC detects the screen resolution to be 800 x 600.csv files. This web client works best with newer browsers and fast internet connections.ics files. The account data is saved as a tar-gzipped (tgz) archive file so that it can be easily imported to restore their account. They can export specific items in their account and save the data to their computer or other location. • Standard Web Client is a good option when Internet connections are slow or users prefer HTML-based messaging for navigating within their mailbox. they view the advanced Zimbra Web Client. and Briefcase folders. About Zimbra Web Client Zimbra Web Client (ZWC) is a full-featured messaging and collaboration application that users can access from any web browser. Features Tab. address book and task functionality. The default ZWC for login is the advanced Zimbra Web Client. However. The default is 30 days. calendar. Users can still choose the advanced ZWC but get a warning message suggesting the use of the standard ZWC for better screen view. From the browser the enter the URL you provide along with their password to log in. General Features Section. Individual contacts are saved as .0. Users can select which client to use when they log in. and individual calendar files are saved as . Number of days a message can remain in the Junk folder before it is automatically purged. When users log in. including Briefcase and the ability to export your account information. • Advanced Web Client includes Ajax capability and offers a full set of Web collaboration features. The Import/Export tab found under the user’s Preference tab lets users export all of their account data.

• Use the Migration Wizard for Exchange to migrate user accounts and their content directly from Exchange. Customizing Profiles and Setting Up Mail Policy Rules.Chapter 5 Creating Accounts on ZCA New accounts are created from the administration console of Zimbra Collaboration Suite Appliance (ZCA) in any of the following methods: • Use the New Account Wizard to create one account at a time • Use the Import Wizard to import account information from an external directory server (either LDAP or Active Directory) to provision multiple accounts at once. • Will all user accounts have the same features that are enabled in the default profile or do you need to create additional profiles? See Chapter 4.xml file and is set when the account is provisioned. it can be added as part of the . When you import accounts.csv or . The AD password policy is not managed by Zimbra. Passwords can be from 6 to 64 characters and do not have an expiration date. Important: If Microsoft Active Directory (AD) is used for user authentication.7 51 . you must disable the Change Password feature in their Profile. Before Creating Accounts Before you create accounts you need to determine the following: • Will all accounts be on the same domain? See Managing ZCA to create a new domain. if the password is known. • Are passwords required and can users change their password? Password Options When you provision accounts. Zimbra Collaboration Suite Appliance ZCA 6. you can configure accounts with a password and require users to change the password the first time they log in or you can leave the password field blank and users can create their own password.0.

The account information that can be configured includes: • Account name. and last name. Creating a Single Account You create one account at a time from the administration console dashboard. not the email address. and password. • Profile to be assigned which enables features for the account. The default profile is automatically selected if you do not select a profile. This is the friendly name.7 Zimbra Collaboration Suite Appliance . 52 ZCA 6. • Aliases to be used. When you select New>Account from the dashboard toolbar. • Users first. • Password to be used. the mailbox is created on the domain and a directory account is created on the LDAP server.0. middle. • Contact information. and address.Administrator’s Guide Creating User Accounts When you create user accounts. This is the name used in the email address. including phone number. company name. Each account is assigned a profile that defines features for the account. • Display name that appears in the user’s messages. The only information needed to create an account is the account name and the last name. the New Account Wizard opens and steps you through the information needed to create an account.

0.7 53 . the wizard generates a report in a . Advanced Tools. If you add contact information about the account and use the internal GAL. the file is removed from the server. make sure you download the list of provisioned accounts as this will list the passwords for each account. In addition. The wizard guides you through importing accounts from an external directory. When the end-user logs in for the first time or when an email is delivered to the user’s account. When this is complete. Users must change their password the first time they log on to their accounts.csv format with a list of new accounts. you can enter how many records to fetch for this import. Importing Accounts You can create as many accounts as you have license for using the Import Accounts Wizard from the administration console’s Advanced Tools tab. Download this file for future reference. that information is available in the LDAP directory. The wizard downloads account information from your directory and creates the accounts on ZCA. Choose a secure location to store it as it may contain password information for all of your users. If you choose to generate random passwords for each account. You can configure the wizard to generate a random password for each account or use one password for all accounts and require users to change their passwords the first time they login. Managing the Import Process 1. you can enable Must Change Password for the account. Creating an account sets up the appropriate entries on the Zimbra LDAP directory server. The import wizard configuration details include: • Generating passwords for the accounts. either Active Directory or an LDAP server. the mailbox is created on the mailbox server. Zimbra Collaboration Suite Appliance ZCA 6. From the administration console. By choosing the download option. You enter details for connecting to your AD or LDAP server. • Setting up the LDAP directory connection. click Import Accounts. If you want to make sure users change a password that you create.Creating Accounts on ZCA • Enable Forwarding to allow users to specify forwarding addresses from their mailbox.

Administrator’s Guide 2. the domain is automatically created. 6.7 Zimbra Collaboration Suite Appliance . which means that no limits are set. 54 ZCA 6. The following options can be set: Set either • Generate a random password for each account. • Check Require users to change the password after first login. You need to give the password information to each user. On the Overview dialog. Enable Automatically create missing domains. The password can be from 6 to 64 characters. On the Bulk provisioning options dialog. 4. set the password configuration option you want to use and click Next. enter the details for connecting to your Active Directory or other LDAP server. The default is 8 characters. 5. The default is 0. 3. On the Directory connection dialog. you must download the . so that when an account is imported and the domain they were on is not created on ZCA. accounts from domains that do not exist on ZCA are not created. • Length of generated password. If the wizard generates random passwords for each account. select whether to import accounts from Active Directory or from another LDAP directory. If you do not enable Automatically create missing domains. Enter the maximum accounts to import at one time. makes it easy to import accounts from specific domain that have been precreated on the Zimbra Appliance. Disabling this option.0. or • Use the same password for all new accounts.csv file that is created as this file lists the passwords that were created.

Zimbra Collaboration Suite Appliance ZCA 6. Here you can define search criteria to collect the type of account information you want to import. individual first. This dialog also shows the import options you configured. is set to gather account information. The Import Wizard connects to the directory server and generates a report showing the number of accounts found on the server and how many of those accounts are already created on ZCA. • LDAP search base is used to configure what subsection of the LDAP forest to search.example. last names.0. but you can change this • Use Security.com • By default the port is 3268. You can change the filter. After you complete this dialog. click Next. the LDAP URL is entered as ldap:// ldapdirectory. including email address.7 55 .Creating Accounts on ZCA Enter the following information about the AD or LDAP server: • For Server Name. middle. In this field enter the LDAP search filter to run. Check SSL if this is used • Bind DN and bind password • LDAP filter. postal and phone information if it is available. The filter in the field (objectClass=organizationalPerson).

Download the .0. the file is removed from the server. a Provision Accounts dialog shows the number of accounts imported and number of accounts that failed to be imported. 8. Choose a secure location to store it as it may contain password information for all of your users. Click Next. you will not be able to access it again. By choosing the download option.csv file is created with the list of all provisioned accounts. A . Note if you choose not to downlaod the file now. 56 ZCA 6.Administrator’s Guide 7. When the import is complete.csv file that lists the created accounts and their password. The accounts are imported to ZCA.7 Zimbra Collaboration Suite Appliance . This list includes the password information for each account. Download this file for future reference.

xml file data.xml file from the data on the Active Directory. When you select the one-step option.xml file is created. 2. the folder hierarchy is maintained.0. run the Migration Wizard and configure the migration options and Active Directory log on information. From the administration console. 3. Zimbra Collaboration Suite Appliance ZCA 6. create an xml file with the migrating accounts data. the ZCS Migration Wizard creates the accounts and import the accounts content based in the . and task lists from an existing Microsoft Exchange server to ZCA. This information is used to create an . In the Migration options dialog. Migrating accounts to the Zimbra Appliance is a two step process. click Migration Wizard. select the migration options. calendars.7 57 . On the Overview dialog. contacts.xml file. run the ZCS Migration Wizard for Exchange one-step migration option using the . • Step 1. after the . identify the MAPI profile to use to log into the Exchange server. You enter this MAPI profile information in Step 4. Before you begin. From the ZCA administration console Advanced Tools tab. • Step 2. Advanced Tools.Creating Accounts on ZCA Migrating Accounts and Content Zimbra’s migration tools can be used to move users’ email messages. When the user’s files are migrated. Creating the XML file 1. click Next.

On the Mail server information dialog configure the ZCA server and Microsoft Exchange information needed to log in to each server. • Length of generated password. You need to give the password information to each user.csv file that is created as this file lists the passwords that were created. address book contacts. • Select the items to import the accounts: email messages. The default is 8 characters. select Ignore previously imported emails so accounts do not have duplicate email messages. If this is not checked and you do not have a commercial certifcate installed before you migrate accounts. the ZCS Migration Wizard for Exchange fails to migrate the accounts because the server certificate is not valid. or • Use the same password for all new accounts. tasks. 4.7 Zimbra Collaboration Suite Appliance .xml element for provisioning the account. • Ignore invalid SSL certificate is checked by default. • If some accounts were migrated before. you must download the .Administrator’s Guide Set either • Generate a random password for each account. If the wizard generates random passwords for each account. • Create user accounts in ZCA is checked to enable the account . 58 ZCA 6. • Select whether to import items from the account’s Trash folder (deleted items) or Junk folder. The password can be from 6 to 64 characters. Uncheck this box if the accounts were already created on ZCA. • Check Require users to change the password after first login.0. and calendars.

com • By default the port is 3268. The filter in the field (objectClass=organizationalPerson). The LDAP URL is entered as ldap:// ldapdirectory. • The ZCA administrator account is automatically configured. • • • Mapi profile name. but you can change this • Use Security. Enter the password for this account.7 59 .Creating Accounts on ZCA • In the Target domain field enter the domain name where accounts are migrated to. 5. which means that no limits are set. On the Active Directory information dialog. • Server Name. This domain should be created on ZCA. The default is 0. Here you can define search criteria to collect the type of account information you want to import. • Enter the maximum accounts to import at one time. Check SSL if this is used • Bind DN and bind password • LDAP filter. is set to Zimbra Collaboration Suite Appliance ZCA 6.0. Enter the MAPI logon user DN Click Next. This is the MAPI profile you create for use with the Zimbra Migration Wizard to conduct the migration.example. In this field enter the LDAP search filter to run. • Enter the MAPI profile that is used to connect to the Microsoft Exchange server. enter the following information. MAPI server name is the name of the name of the Microsoft Exchange server from which data is collected.

click Next. click Next. 6.7 Zimbra Collaboration Suite Appliance . • LDAP search base is used to configure what subsection of the LDAP forest to search. The migration wizard connects to the Exchange server. postal and phone information if it is available.xml file is created. The Review migration options dialog shows the migration options you have configured.0. 60 ZCA 6. the . individual first. After you complete this dialog. click Previous. If you need to fix any of the options. last names. middle. including email address. If the information is correct.Administrator’s Guide gather account information. You can change the filter. When you click Next.

Choose a secure location to store it as it may contain password information for all of your users. the Import Completed dialog displays.0. the migration begins and a progress bar is displayed.xml file created on ZCA. When you click Next. Using ZCS Migration Wizard to Create Accounts and Import Content You can run the ZCS Migration Wizard for Exchange executable file at any time. 8. By choosing the download option. Select One Step Migration and browse to the . the file is removed from the server.Creating Accounts on ZCA 7. Click Download XML file for MS Exchange migration utility and save the file to a folder on the computer. Zimbra Collaboration Suite Appliance ZCA 6.7 61 . Note: See the Migrating from Microsoft Exchange to ZCS Guide for detailed information about the Wizard. The accounts are now created on ZCA. When you open the migration wizard. The ZCS Migration Wizard one-step migration makes it easy to create accounts and import the content you selected for those accounts. When the migration is complete. the Import Destination dialog displays. Note if you choose not to download the file now. you will not be able to access it again. Click Download MS Exchange migration utility to download the ZCS Migration Wizard for Exchange executable file. Users can now log on to their ZCA accounts.

Administrator’s Guide 62 ZCA 6.0.7 Zimbra Collaboration Suite Appliance .

The user must be told the new password. domains. and view which lists the account is on • Create and change alias addresses • View an account’s mailbox • Change an account’s status and delete accounts • Reindex a mailbox To see a list of accounts. Managing Accounts The following are some of the details that you can manage from the dashboard: • Change password for a selected account • Find a specific account using the Search feature • Change account information • Add or delete an account for multiple distribution lists at one time. See the ZCA administration console Help for information about how to perform these tasks from the administration console. Zimbra Collaboration Suite Appliance ZCA 6. Changing Passwords If you use internal authentication.Chapter 6 Managing Accounts. resources and distribution lists.7 63 . Passwords can be from 6 to 64 characters and do not have an expiration date.0. select Accounts from the Find address. you can quickly change an account's password from the administration console Account toolbar. Resources and Distribution Lists The administration console dashboard is used to manage accounts. and profiles menu.

• Closed. The login is disabled and messages are bounced. • Maintenance. Users can still access their mailbox while reindexing is running. Reindexing a Mailbox Mail messages and attachments are automatically indexed before messages are deposited in a mailbox. The following account status can be set for an account: • Active. login is disabled. If a user reports an issue performing text searches or a message is logged in the mailbob. This status is used to soft-delete an account before deleting the account from the server. and mail addressed to the account is queued at the MTA. but mail is still delivered to the account. or restoring the mailbox.log file. An account can be set to maintenance mode for backing up.Administrator’s Guide View an Account’s Mailbox View Mail in the Accounts toolbar lets you view the selected account’s mailbox content. When you are in an account. Changing an Account’s Status Account status determines whether a user can log in and receive mail. Pending is a status that can be assigned when a new account is created and not yet ready to become active. 64 ZCA 6. This index file is required to retrieve search results from the mailbox. This feature can be used to assist users who are having trouble with their mail account as you and the account user can be logged on to the account. When a mailbox status is closed. • Pending. When a mailbox status is set to maintenance. When a mailbox status is locked.0. searches may not find all results. Any View Mail action to access an account is logged to the audit. calendar entries. depending on the number of messages in the mailbox. Mail is delivered and users can log into the client interface.log warning of a possible corrupt index. A closed account does not change the account license. the user cannot log in. Each mailbox has an index file associated with it. the login is disabled and messages are bounced. you can mouse over or right click on a folder to see the number of messages in the folder and the size of the folder. and tags. Active is the normal status for a mailbox account. The locked status can be set if you suspect that a mail account has been hacked or is being used in an unauthorized manner. importing. but because searches cannot return results for messages that are not indexed. Reindexing a mailbox's content can take some time. you can reindex the mailbox to recreate the mailbox’s index file.7 Zimbra Collaboration Suite Appliance . • Locked. including all folders.

distribution lists can be created to share items with a group. Only administrators can create. select Distribution Lists from the Find address.7 65 . the user’s account Member Of tab is updated with the list name. change the account status to Closed. change. You can use this feature to limit the exposure of the distribution list to only those that know the address. When a Zimbra user’s email address is added to a distribution list. and changes the number of accounts used against your license. domains.0. the account and all the content is deleted. but the message is not sent to more than 1000 recipients. When users send to a distribution list. Resources and Distribution Lists Deleting an Account You can delete accounts from the administration console.Managing Accounts. If you are not sure that is what you want to do. The maximum number of members in a distribution list is 1000 recipients. deletes the message store. existing members of the list are automatically notified of the new share. Important: System accounts designated with the icon and the administrator icon should never be deleted. When you delete an account. Users notify the administrator that they have shared an item with the distribution list and the administrator publishes the shared item to the list. The 1000 recipients include addresses in distribution lists that are nested within a distribution list. Senders do not receive an error when they send a message to a distribution list with more than 1000 members. Managing Distribution Lists A distribution list is a group of email addresses contained in a list with a common email address. Using Distribution Lists for Group Sharing Instead of creating individual share requests. The address line displays the distribution list address. and profiles menu. or delete distribution lists. the distribution list is automatically removed from the Member Of tab. When a distribution list is deleted or the removed. To see a list of distribution lists. but the content of the account is still available. Zimbra Collaboration Suite Appliance ZCA 6. the individual recipient addresses cannot be viewed. When a new shared item is published. Deleting these accounts may prevent certain ZCA components from functioning and possibly the lose of administration dashboard access. The Hide in GAL check box can be enabled to create distribution lists that do not display in the GAL. This removes the account from the server. This is done in the Shares tab. they are sending the message to everyone whose address is included in the list. The login is disabled and messages are bounced.

and profiles menu. Managing Aliases An email alias is an email address that redirects all mail to a specified mail account. To see resources available on the ZCA. select Aliases from the Find address. domains. From Aliases you can quickly view the account information for a specific alias. You can configure the account with the following details about the resource: 66 ZCA 6. User accounts with the calendar feature can select these resources for their meetings. select Resources from the Find address. Administrators do not need to monitor these mailboxes on a regular basis.7 Zimbra Collaboration Suite Appliance . all aliases that are configured are displayed in the Content pane. Each account can have unlimited numbers of aliases. Managing Resources A resource is a location or equipment that can be scheduled for a meeting. and profiles menu. The contents of the resource mailboxes are purged according to the mail purge policies.0. they are automatically granted the same shared privileges as other members of the group. When new members are added to the group distribution list. You can set up the Share tab so that new members are automatically notified about items that are shared with them through the list. If you create a distribution list for sharing and do not want the distribution list to receive mail. These accounts do not count against your license. A Resource Wizard on the administration console guides you through the resource configuration. you can disable the Can receive mail checkbox. Distribution List Alias tab. When members are removed from the group distribution list. Create Distribution List Aliases A distribution list can have an alias. Each meeting room location and other non-location specific resources such as AV equipment is set up as a resource account. When you select Aliases from the Manage Addresses Overview pane. and delete the alias. their share privileges are revoked. You can view and edit an account’s alias names from the account view.Administrator’s Guide Everyone in the DL has the same share privileges that the grantee defines for the shared item. To see a list of aliases. This is set up from the administration console. The resource accounts automatically accept or reject invitations based on availability. move the alias from one account to another. domains. An alias is not an email account.

Zimbra Collaboration Suite Appliance ZCA 6. contact information. the resource account automatically declines all appointments that conflict. thus more than one meeting could schedule the resource at the same time. If you set this up. Resources and Distribution Lists • Type of resource. To schedule a resource. Because the resource always accepts the invitation. • Auto accept always. users invite the equipment resource and/or location to a meeting.7 67 . auto-decline on conflict. In this case. if the resource is free the meeting is automatically entered in the resource’s calendar and the resource is shown as Busy. and. No recurring appointments can be scheduled for this resource. the resource account automatically accepts appointments unless the resource is already scheduled. • Manual accept. Setting up the Scheduling Policy for Resources The scheduling policy establishes how the resource’s calendar is maintained. When they select the resource.0. configure the forwarding address so a copy of the invite is sent to the account that can manually accept the invitation. a directory account is created in the LDAP server. and room capacity When you create a resource account. auto decline on conflict.Managing Accounts. This can be a person to contact if there are issues. they can view the description of the resource. specific building location including building and address. the suggested use for this policy would be for a frequently used location off premises that you want the location address to be included in the invite to attendees. When this option is selected. free/busy information is not maintained. an email is sent to the resource account. The following resource scheduling values can be set up: • Auto decline all recurring appointments. You can modify the autodecline rule to accept some meetings that conflict. • Location information. The free/busy times can be viewed. When the meeting invite is sent. Appointment requests that do not conflict are marked as tentative in the resource calendar and must be manually accepted. The resource account automatically accepts all appointments that are scheduled. and free/busy status for the resource if these are set up. You can modify the auto-decline rule to accept some meetings that conflict. This value is enabled when the resource can be scheduled for only one meeting at a time. either location or equipment • Scheduling policy • Forwarding address to receive a copy of the invite • Description of the resource • Contact information. including room name. based on the scheduling policy. • Auto accept if available. When this option is selected.

edit. you can set up a threshold. Maximum allowed number of conflicts and/or Maximum allowed percent of conflicts are configured to allow a recurring resource to be scheduled even if it is not available for all the requested recurring appointment dates. either as a number of conflicts or as a percentage of all the recurring appointments to partially accept recurring appointments.7 Zimbra Collaboration Suite Appliance . Managing Resource Accounts The Resource Accounts Preference>Calendar tab can be configured to let users manage the Resource’s Calendar. If the forwarding address was set up when the account was provisioned. For accounts that include the auto decline on conflict value. In the Permissions section. If you set both fields. accept. 68 ZCA 6. or decline the invites.0. • An address to forward invites. remove. you can change the address • Who can use this resource. The resource account is manually managed.Administrator’s Guide • No auto accept or decline. To fully manage a resource account’s calendar. Conflict Rules. you can share the resource calendar with a user who is given the manager rights. Users delegated as manager have full administrative rights for that calendar. add. They can view. Invites. select Allow only the following internal users to invite me to meetings and add the appropriate users’ email addresses to the list. The resource accepts appointments even if there are conflicts until either the number of conflicts reaches the maximum allowed or the maximum percentage of conflicts allowed. You can configure the following options to manage the resource. the resource declines appointments whenever either of the conditions are met. A delegated user must log into the resource account and accept or decline all requests.

IPod Touch. Zimbra Mobile is compatible with IPhone. calendar and task data and device security policy enforcement between the mobile device and an account on the mailbox server. ZCA 6.Chapter 7 Managing Zimbra Mobile Zimbra Mobile is the Zimbra synchronization program enabled on the mailbox server that provides over-the-air synchronization of mail. Devices use the native software and UI that is installed on the device to sync. and many other phones that support the Active Sync protocol. Windows Mobile 5 (WM5). ActiveSync™ 1 Native Client 2 Internet 3 Reverse Proxy (Optional) Mailbox Server 4 Authentication LDAP server Disk Storage The diagram shows how the native mobile device application software syncs with the Zimbra mailbox server using Activesync™.7 69 .0. and 6 (WM6) devices. The ActiveSync™ protocol is used to configure and sync the Zimbra mailbox server with the native client that is used on a user’s device. contacts. The following diagram shows the flow of data from the server to the mobile.

zimbra. and add contacts to their address book.com/index. no additional plug-ins are required to be able to use the Zimbra Mobile feature.zimbra. 3. 4. The protocol goes through the reverse proxy if it is present in the path. You can enforce general security policies including password rules and set up local wipe capability on compliant devices. http://wiki. They can send email. • User name. The mailbox server accesses the LDAP server to verify and authenticate the user’s credentials before allowing a connection.7 Zimbra Collaboration Suite Appliance .0. Enter the fully qualified host name of the user’s Zimbra Appliance mailbox server. create appointments. Older devices do not respond to security policies. In most cases. Users can immediately sync their account to their mobile device when this is configured. Note: Only WM6 devices and IPhones support security policies set by the server. For details about specific device setup. The client then connects to the user’s account on the mailbox server.php?title=Mobile_Device_Setup http://wiki. • SSL certificate from the server may have to be added to the device as trusted if SSL is used when the certification is self-signed. Enter the user’s Zimbra Appliance domain name (DNS). • Domain. The user’s Zimbra mailbox domain name 2. Setting Up Mobile Devices Mobile sync is enabled either in the profiles for the account or enabled on individual accounts. The user’s username as configured on the account c.Administrator’s Guide 9. The Zimbra mailbox server address b. The following may need to be configured in the mobile device: • Server name (address). 70 ZCA 6. Enter the user’s primary Zimbra Appliance account name.php?title=IPhone Setting up Mobile Device Security Policies The administrator can configure mobile security policies that enforce security rules on compliant mobile devices that sync with Zimbra Appliance accounts.com/index. The user’s client connects to the Internet using the ActiveSync protocol for syncing with the Zimbra mailbox server. see the Mobile Device Setup pages on the Zimbra Wiki. Users configure the following information: a.

a locally (generated by the device) initiated wipe of the device is performed. after the number of minutes configured. after the PIN is entered incorrectly more than the specified number of times. If a mobile device is lost or stolen.Managing Zimbra Mobile After the mobile policy is set up. In addition to the rules. the device can sync. users must enter their PIN. the next time a mobile device sends a request to the server. This erases all data on the device. the device is protected by the following policy rules: • When the Idle Time before device is locked is configured.7 71 . Zimbra Collaboration Suite Appliance ZCA 6. the device is locked. Once the server confirms that the policy is enforced on the mobile device. See the Users’ Mobile Device Self Care Features section. • When the Number of consecutive incorrect PIN inputs before device is wiped is configured. the user is required to fix the PIN before they can sync with the server. mobile devices that are capable of enforcing security policies automatically set up the rules and immediately enforces them. To unlock the device. This typically means that if a Personal Identification Number (PIN) has not been set up on the device or the PIN is not as strong as required by the mobile policy you set up. Remote Wipe can be used to erase all data on lost or stolen devices.0.

A user selects the device to wipe and clicks Wipe Device. Once the wipe is complete.Administrator’s Guide Setting Mobile Device Policies Attributes The following attributes can be configured to establish rules for PIN and device lockout and local wipe initiation rules. To unlock the device. How long the device remains active when not in use before the device is locked.0. the policy requires an alphanumeric PIN. For example. Allow non-provisionable devices Allow partial policy enforcement on device Devices that are capable of enforcing only parts of the mobile security policy can still be used. The device is returned to its original factory settings. 72 ZCA 6. If a mobile device is lost. users must enter their PIN. Forces the user to create a personal identification number on the mobile device. . the status of the device in the Preference> Mobile Devices folder shows as wipe completed.7 Zimbra Collaboration Suite Appliance . The next time the device requests to synchronize to the server. users can initiate a remote wipe from their ZWC account to erase all data from the mobile device. Number of failed login attempts to the device before the device automatically initiates a local wipe. Idle time before device is locked (Minutes) Users’ Mobile Device Self Care Features The Zimbra Web Client Preference> Mobile Devices folder lists users mobile devices that have synced with ZWC. The device does not need to contact the server for this to happen. Requires that the password includes both numeric and alpha characters. the wipe command is initiated. Users can directly manage the following device functions from here: • Perform a remote wipe of a device. or no longer being used. Force PIN on device Require alpha-numeric password for device Password Strength Policy Settings Minimum length of device PIN Number of consecutive incorrect PIN input before device is wiped Specifies the minimum length of a password. but a device that only supports a numbered PIN can still be used. stolen.

Managing Zimbra Mobile

Users can cancel a device wipe any time before the device connects with the server. • Suspend a sync that has been initiated from the mobile device and resume the sync to the device • Delete a device from the list. If a device is deleted from the list and attempts to sync after that, the server forces the device to re-fetch the policy on the next sync of the device. Note: This list can include devices that do not have the ability to support the mobile policy rules. Wiping a device does not work.

Changing Mobile Device Password Policy
Once a mobile device is locked by the Zimbra Appliance mobile password policy, in order to remove the PIN requirement on the device, the device sync relationship with the server must be deleted and then the PIN requirement for the device must be turned off. After the PIN requirement is turned off, the user re syncs the device to the account. 1. In the administration console, open the user account to be modified. 2. Open the Zimbra Mobile tab and uncheck Force pin on device. Once the password policy has been turned off, users must resync their devices to their ZWC account as follows: • If the device is a WM6 device, the user syncs to the account. After the sync has completed, instruct the user to go to the Lock setting on the device and turn off the device PIN. • If the device is an iPhone/iPod Touch 3.0 or above, the user syncs to the account. After the sync, instruct the user to go to the Settings>General properties and turn off Passcode Lock. Note: If the iPhone/iPod Touch is prior to 3.0, there is an Apple software bug that prevents downloading new device policies to take effect. The user must delete the ZCA account from the iPhone/iPod Touch, turn the PIN off, and then re-setup sync with the ZCA. Because the password requirement was turned off, a PIN is not asked for.

Zimbra Collaboration Suite Appliance

ZCA 6.0.7

73

Administrator’s Guide

74

ZCA 6.0.7

Zimbra Collaboration Suite Appliance

Index

A
account deleting 65 other configuration settings 45 account quota 47 account status 64 account, creating single 52 accounts, creating 51 accounts, importing 53 accounts, migrating 57 accounts, user 16 Active Directory, using and passwords active status 64 address book, features 43 administration console, overview 9 administrator account 10, 15 administrator password, change 10 aliases 16 anti-virus settings 11 appointment reminder 44 appointment reminder popup, Yahoo!BrowserPlus 44 attachments rules 20 auth token, immediate session end 49 authentication modes 29

contact lists 43 core functionality

5

D
deleting accounts 65 distribution list used for sharing 66 distribution list, maximum members 65 distribution list, sharing items 46 distribution lists 16 distribution lists, group sharing 65 distribution lists, managing 65 documentation 7 domain profiles 38 domain, default domain 20 domain, general information 19 domains 16 authentication modes 29 virtual hosts 31 domains, automatically created 54 domains, global address list mode 27 domains, managing 25

51

E
email messaging, features 39 equipment resources 66 export calendar appointments in .ics export preferences on ZWC 42 external LDAP 30

B
background color, changing on Zimbra Web Client 34 Briefcase feature 45

44

F
failed logging policy, setting 48 features to configure 38 features, web client 5 forwarding address, hidden 40 free/busy interop, Exchange setup requirments 32 free/busy interoperability 32 free/busy, configuring 32

C
calendar preferences 44 calendar, enabling personal appointments only 44 calendar, import or export .ics 44 calender, features 43 certificate, requesting CSR 23 certificates - self-signed and commercial 22 changing account status 64 changing password, users 63 closed status 64 contact 7

G
GAL access for COS GAL mode 27

41

Zimbra Collaboration Suite Appliance

ZCA 6.0.7

75

sharing 68 resource conflict rules 68 resources 16 resources. location 15 resources.ics import preferences on ZWC 42 importing accounts 53 importing accounts. managing 66 resources. 49 sessions.7 Zimbra Collaboration Suite Appliance . using to migrate accounts 61 mobile device. passwords 53 importing process for accounts 53 interop 32 44 L license. setting 47 47 9 M mail filters 41 mail filters. user self care 72 mobile devices. setting 47 password. using distribution lists for 65 O out of office reply 40 H hidden forwarding address 40 P password policy. enabling 44 group sharing. managing 68 resource calendar. external access 41 postmaster alias 10 profiles 16 profiles. creating xml file 57 migration wizard. working with spam check 41 mail identities 40 mail notification 40 mailbox full notification 47 mailbox quotas specifying 47 mailbox. failed login policy 48 persona 40 POP3.Administrator’s Guide group calendar. setting up 70 R reindexing a mailbox 64 relay MTA for external delivery 20 resource accounts. expire 49 setting up profiles 37 settings tab 19 shared items. managing 46 shares tab. mobile device 70 session idle lifetime 49 session time out policy. domain 38 profiles. maintaining calendars 67 resources. changing password policy 73 mobile device.0. Zimbra 21 location resources 66 logging into the admin console Q quota. changing admin 10 password. installing 22 license. equipment 15 resources. trial 21 license. setting up notification quotas. setting up 37 provisioning accounts 51 public service host name 25 publishing shares 66 I icons used 14 IMAP access 41 import calendar appointments in . security policy 70 mobile devices. address book 47 quota. scheduling policy 67 REST URL 25 root alias 10 rules for attachments 20 S scheduling policy for resources 67 screen resolution. password strength policy settings 72 mobile device. view from admin console 64 managing resource accounts 68 managing resources 66 maximum number in distribution lists 65 message lifetime 49 migrating accounts. distribution list 46 50 N New menu 15 76 ZCA 6. standard web client security policy. reindexing 64 mailbox.

import/export account data Zimlets 33 42 77 ZCA 6.0. customizing 34 trashed message lifetime 50 U untrusted connection warning 10 Update tab 17 uploading files.sharing. 65 50 T tasks feature 45 themes. maximum size allowed 20 V vacation message 40 view mailbox from admin console viewing SSL certificate 24 virtual host 31 64 W Web client features 5 web client features 39 wipe device. setting as default support 7 system accounts 15. for mail filters 41 standard web client. notifying distribuion list 66 spam message lifetime 50 spam white list. mobile 72 Z Zimbra mobile 46 zimbra mobile 69 Zimbra Web Client features 38 Zimbra web client.7 Zimbra Collaboration Suite Appliance .

7 Zimbra Collaboration Suite Appliance .0.Administrator’s Guide 78 ZCA 6.

Sign up to vote on this title
UsefulNot useful