Global#
Settings#
The settings in this page allow to configure both system notifications and domain disclaimers.
To configure notifications, provide the e-mail address that appears as the sender of the system notifications, which must be unique, and the recipients that will receive them.
The first options is to activate the domain disclaimer as a mandatory option for all domains configured. By default, the disclaimer, whose text can be configured in Section Disclaimer), is added at the end of each incoming and outgoing message (i.e., messages with a recipient external to the domain), unless the second option, Only allow outbound disclaimers, is enabled: in that case, the disclaimer is added only to outgoing messages
(seeSee also
Domain disclaimer can be managed from the CLI as well, please refer to Section Configuring Domain Disclaimer.
Once you change any of the options, restart amavis as the zextras
user on every Node featuring the MTA role
zextras$ zmamavisdctl restart && zmconfigdctl restart
Administrators#
This page is an excerpts of the Accounts ( ) table, showing all the Global Delegates.
Whitelabel Settings#
Global settings concern the appearance of Carbonio and allow to customise various option that will influence how the Carbonio web interface appears to the web clients.
Note
These setting are applied to all the domains configured; if you want to customise the appearance, please change the settings under
.All the resources used for White Labelling must have a valid URI and must be reachable from Carbonio.
In case the resources are hosted on an server external to the Carbonio infrastructure, make sure that server’s SSL certificate is valid and has not expired, and its FQDN is valid and resolvable from Carbonio (from the Proxy Node in case of a Multi-Server).
You can safely use the Carbonio’s Proxy Node to expose those
resources, by uploading them into a directory called for example
/opt/zextras/web/custom/
(create it if does not exist yet) and
using the URL https://<Carbonio_hostname>/static/custom/
, where
<Carbonio_hostname>
is the FQDN of the node that hosts the Proxy Node role.
Moreover, in a Multi-Server featuring multiple Proxy Nodes, it is mandatory to keep in sync the resources on all the Proxies instances.
The light mode features a white-based colour combination for the Carbonio login page and GUI, while the dark mode has a black-based colour combination.
Select the primary colour that will used in either Light or Dark mode, using an HEX (HTML) value. The secondary colour will be automatically computed.
The title is the string that will appear on the client’s tab, while the copyrights information will appear at the bottom of the panel in the login page.
This is the logo that appears on the login mask of Carbonio at the top of the panel in the login page. There are different dimensions and ratios for the Admin and End User logos.
Requirements:
Each login logo must adhere to the following suggested requirements.
The preferred format is SVG
The logo must have a transparent background
-
For a correct display of the logos, please respect the aspect ratio indicated and (in the case of raster images) respect dimensions as close as possible to the default ones
Admin: ratio 7:1, default 340x47 pixel
End user: ratio 4:1, default 340x85 pixel
This logo appears:
on the main page after a successful login, is displayed on the upper left corner.
in video calls: before starting and after terminating the call and during the call, in the top right corner
There are different dimensions and ratios for the Admin and End User logos.
Requirements:
Each WebUiApp logo must adhere to the following suggested requirements.
The preferred format is SVG
The logo must have a transparent background
-
For a correct display of the logos, please respect the aspect ratio indicated and (in the case of raster images) respect dimensions as close as possible to the default ones
Admin: ratio 5:1, default 150x30 pixel
End user: ratio 8:1, default 250x31 pixel
The favicon will be displayed next to the tab’s name and in browser notifications, if they have been activated in your browser.
Requirements:
The favicon must adhere to the following maximum requirements.
The format must be ICO
The dimensions must be 32x32 pixel, with ratio 1:1 (i.e., it must be square)
The background image for the login page is displayed behind the login panel during the login phase, You can choose one image for the light mode and one for the dark mode.
Requirements:
The images used for the background must adhere to the following requirements.
The format must be JPG or PNG
The dimensions must be between 1280x720 and 1920x1080 pixels, with ratio 16:9
The size should be less than 800 Kb
This is the URL on which the user will land when clicking the logo.
The URL on which the user will land upon a successful login
The URL shown whenever a user logs out from Carbonio by clicking on the Logout item in the menu appearing when clicking on the account icon on the top-right corner.
The title shown on the browser’s tab when a user logs in and the copyright notice shown on the user’s login page
The title shown on the browser’s tab of the Administrators and the copyright notice shown on the Carbonio Admin Panel login page
All customisations can be removed at once by clicking the RESET button.
Domains#
This table lists all the domains configured on Carbonio. A click on any domain opens the General settings (Create New Domain to add a new domain.
) of that domain. Check section2-Factor-Autenthication#
In this page it is possible to configure 2FA globally (i.e., for all domains configured) for the various services offered by Carbonio. To modify settings for a single domain, refer to 2-Factor-Autenthication.
Note
The global values configured are inherited by all domains, but they can be overridden by domain-specific settings.
Many services are available to configure individually. For each of them it is possible to Disable 2FA completely, allowing user access with username and password only; to Trust the IP, meaning that all client connections from a given IP address or IP range will be trusted even if they don’t use 2FA; and to Trust the device which allows an application (usually a browser) to be trusted when connecting from a given IP.
Hint
2FA applies only to those protocols or apps supporting it, for example HTTP and HTTPS but not to IMAP and SMTP.
Quarantine#
In this page appears the configuration of the special quarantine e-mail account, which holds all the messages either marked as Spam or containing viruses.
The available setting is the duration of the retention time, i.e., how long these messages are kept before being deleted forever. The quarantine account, including all the e-mail messages it contains, can be deleted and recreated by clicking the DELETE AND RE-CREATE button. At the bottom of the page the list of quarantined messages is shown. Being a system account, to view the messages you can go to , click the quarantine account, then the VIEW MAIL button to see the quarantined e-mails.
When viewing a quarantined message, the Administrator can carry out a few actions on it:
View the original message, including the score and the reason why the e-mail was marked as spam
-
Remove infected attachments from the e-mail and deliver the e-mail to the recipient (see box below).
Note
If the e-mail still has infected attachments, it will not be delivered.
Download the message and share it with the recipient
Delete the e-mail
To remove one or more attachments from an infected e–mail, hover on the name of the attachment and click the thrash bin icon
Once all the infected attachments have been removed, click the DELIVER button to complete the delivery of the e-mail to the intended recipient.
ActiveSync#
This page allows to configure the DoS protection. The Maximum of Requests Allowed and Time window for Allowed Requests options define how many attempts a Mobile device can carry out in the given amount of time: when this happens, the device is jailed (i.e., it will not be allowed to connect) for the amount of time defined in the Jail Duration.
The buttons allow to restart the jail, freeing all blocked devices and allow them to connect, and purge the ActiveSync status.
Mobile includes a dedicated DOS Filter component to improve both security and stability. The DoS filter will automatically activate whenever a device exceeds the defined connection rate over time and will forbid any connections from that device for a given period of time.
This approach improves both security, by helping to prevent DoS attacks, and stability, by blocking clients that are performing too many requests because of bugs or malfunctioning, thus saving resources for all other clients.
When the rate has been exceeded, a warning is sent via email to admin and added to server notifications.
See also
You can configure the DoS Filter from the CLI: please refer to Section Carbonio Mobile DoS Filter Configuration.