Manage

Manage#

The Manage Domains page contains options to configure accounts, mailing, and generic resources.

Accounts#

The list of all account in the domain is present here, along with information on their type and status.

The list can be filtered using the text field above the list, while a new account can be created using the + button.

A click on any account will open a new panel that contains a number of information and options that can be modified. When editing a user’s account, most of the option are the same that can be found in the Create an Account section and are organised in tabs.

On the panel’s top right corner, buttons allow to VIEW MAIL of the user, that is, to access the user’s mailbox and to DELETE the user. Upon deletion, all the e-mails, contacts, calendars, and files owned by the user will be deleted: in other words, all user’s blobs and associated metadata will be removed from Carbonio CE.

Options defined in the user’s COS are inherited, but can be modified for any individual user. The values that have been modified are accompanied by a circular arrow icon. If you hover on that icon, you will see the inherited value, while if you click on it you will restore the COS value.

Account Options

The configuration options available for each account are grouped in several categories. Click on each button to go to the respective category.

General

General configuration options of the account

Profile

Personal information about the user and its role

Configuration

Options about e-mail management and features available to users

User Preferences

Default values for preferences that can be overridden by the user

Security

Password policies, OTP, backup and other security-related options

Administration

Additional Domain Administration roles

General

This tab contains all the options provided during the account creation, plus other options, including:

  • The number of aliases of the account

  • The type of the account, which is one of

    • Normal: a Regular user

    • DelegatedAdmin: a Delegated (Domain) Administrator

    • Admin: a Global Administrator

    • System: special accounts used by Carbonio CE, i.e., GALsync, spam and ham training, and virus quarantine

    • External: an account that does not use Carbonio CE for authentication

    Upon clicking the arrow on the right-hand side of the option, the Administration tab will open, to allow changing the user’s Role.

  • To force the user to change password at the next login

    Note

    An Admin can not change the password of a user, only wipe it, so the user is forced to change it on the next login attempt.

  • The quota used and available for the e-mails and the Carbonio Files module. It is possible to insert up to three decimal digits for each quota.

  • To remove the user’s password from LDAP

  • The COS the user belongs to

  • The Distribution List memberships

  • To move a user to another domain, which must be defined on the same server, by writing the new one in the Domain Name

At the bottom, it is possible to see all the user’s open sessions, which can be terminated by selecting one and clicking END SESSION button on the top right of the list.

Profile

Data in this tab represent the user’s phones, company, and address. They can be managed by both the user and the Administrators.

Configuration

The options listed here allows to specify forwarding addresses and to prevent e-mail messages to be saved locally, if these operations are allowed by the administrator. Values for these options can be set from the CLI: please refer to section Setting Features from CLI for more information.

User Preferences

The preferences in this tab concern how a user sees or interacts with the e-mails (receive, sending, composing, adding a signature) and are mostly inherited from the COS.

Note

Signatures can not be assigned to Resources.

Security

Options present here allow to manage the account security: policies for password and failed login. New application passwords can be created; a policy can set to force the user to select a secure password and the type of characters to be chosen.

Password

A policy can set to force the user to select a secure password and the type of characters required for the password. The Forgotten password feature, if enabled, allows a user to receive a token, to temporarily access the webmail, to the recovery address specified in the textfield next to the option. It also provides the user a new option in the Settings ‣ Auth, namely the ability to change the recovery address.

See also

The password recovery procedure is described in section Lost Password.

The Failed login policy determines how the system behaves when a user fails too many consecutive logins.

Administration

By toggling the Global Administration switch you can promote or demote the user to Global Administrator or vice versa.

Account Statuses#

A user account can be in one of the following statuses.

  1. Active. The account is enabled and ready for everyday operations: the user can log in and send and receive e-mails.

  2. Under Maintenance. This state occurs during maintenance operations on the domain or account: backup, import, export, restore. The user can not login, e-mails are queued on the MTA.

  3. Locked. The account can not be accessed by the user, but incoming e-mails are still delivered. This status can be set for example if the user violates the terms of service or if the account has been cracked

  4. Closed. The user is not allowed to log in, incoming e-mails are rejected.

  5. Pending. This status is usually seen during the account creation, when it is not yet active. User can not log in, incoming e-mails are rejected.

  6. LockOut. This is the only status that can not be set. It is applied automatically when the log in attempts fail for a given number of times. It is a preventive measure to avoid unauthorised access of brute force attacks. The account will not be accessible for a given interval (“lockout period”)

    Hint

    Both the number of failed attempts and the lockout period can be configured.

The status of an account also influences the items stored in that user’s Carbonio Files: Whenever an account is in Closed status, the item shared by that user are no longer visible to the users who could access it.

Account Aliases#

An alias is a new e-mail address that can be associated with an existent account. It works exactly like any other account except that you can not login with it. All e-mails sent to the alias will land in the Account’s mailbox.

The aliases can be easily managed from the General tab of the user’s option. Click the pencil icon right below the account’s username: in the opening dialog window, provide a new alias and the domain then click + to add the alias to the user. Existent aliases can be modified or deleted using the small icons next to the e-mail in the Your Available Aliases field.

Distribution List#

Distribution lists can be simply created by clicking the + button to open a tabbed modal dialog in which to configure it.

In the first tab you can give a name, an address, and a description to the distribution list; if you want a dynamic mode, that automatically populates the list’s members, refer to section Dynamic Mode.

In the second add Members by simply writing the e-mail addresses in the test field.

Hint

E-mail addresses are auto-completed while typing.

In the third tab, advanced settings can be configured, including the option to notify new members that they have been added to the list and the presence of the distribution list in the GAL. Owners can be added to the list: they will see the lists of which they are owners in a dedicated menu item, where they can edit some details and the members.

The last tab recaps the settings: now you can either go back to any of the previous tabs and change some of the settings, or proceed to create the distribution list.

Once a distribution list has been created, it can be further configured by adding aliases, which work like e-mail accounts, changing the description, notes, and members, and granting selected users the permission to send e-mails to the distribution list or making them Owners.

Whenever new members are added to a Distribution List, it is necessary to refresh (or restart) the milter service. From the CLI, as the zextras user, execute this command

zextras$ zmmilterctl refresh

Dynamic Mode#

Distribution list’s Dynamic Mode allows the automatic management of members. Indeed, each Dynamic Distribution List is identified by a name and by a unique Distribution List URL, which is an LDAP query that automatically populates the members of the Distribution List.

To create a Dynamic Distribution List, the procedure is similar to the normal Distribution Lists: click the + button and provide a Displayed Name name and list Name, then click the Dynamyc Mode switch to access more options, including the Distribution List URL, which is mandatory.

Hint

The Distribution List URL already includes the ldap:/// prefix, so you do not need to add it.

You can also make the list Hidden from GAL and add owners to the list, who can manage the configuration of the list.

Advanced options, like subscription and unsubscription options are available after the creation of the Dynamic Distribution List, when editing it.

Resources#

A Resource is a generic object that can be assigned an e-mail address, but, unlike other regular accounts, they do not need any signature, so you can not specify one.

A Resource can be either of type Meeting Room or Equipment: to reserve either of them, send an e-mail to the assigned e-mail address.

A policy can be assigned to Resource, to determine how to react to the booking request, either a manual or automatic acceptance or rejection.

Additional e-mail addresses can be added to the resource, for example to notify the company’s facility manager which meeting rooms are reserved and which are free.