|
Version 5.1 |
|
|
Accounts
An Account is the basic service unit: every user served with a
CommuniGate Pro Server should have an Account on that server.
Each Account is protected with a password, so only the Account owner
(and, optionally, System and Domain Administrators) can have access to
Account data.
The postmaster Account is automatically created in the Main Server Domain.
The Master (unlimited) access right is granted to that Account.
The pbx Account is automatically created in the Main Server Domain.
See PBX section for more details.
|
|
|
Creating a New Account
To create a new Account, type a new Account name into the field on the right side of the Create
Account button and click that button.
Use the pop-up menu to specify the Account type:
- MultiMailbox
- A folder-type Account that can contain several
mailboxes of various types. The INBOX mailbox is automatically
created within the new Account. All incoming mail is stored in the INBOX mailbox
by default. The user can create additional mailboxes using any IMAP client
software, or using the CommuniGate Pro Web E-mail Interface.
- Text Mailbox, MailDir Mailbox, ...
- An Account that contains a single INBOX mailbox. You can
select any supported mailbox format.
If the user plans to use just POP3 client software, only one mailbox is needed,
and you may want to create a Single-Mailbox type Account for that user.
By default, the Account name becomes the person's E-mail name, so Account
names should contain only letters, digits, dash and point (dot) symbol - some
mail systems cannot send mail to E-mail addresses containing other
symbols.
- external INBOX
- Select this option if you want the new Account INBOX to be created as
an external mailbox, so new Account
can be used with legacy local mailers. This option is enabled only
if the external mailbox location is specified in the Domain Settings.
Click the Create Account button. When a new Account is created, its
name appears in the Accounts list. The Server automatically displays the
Settings page for the new Account.
The Settings of a newly created Account are automatically set to the
Account Template values.
You can create several Accounts at once, by preparing an Account List
file and using the Import option.
Specifying Account Settings
To specify Account Settings, click the Account name link in the Accounts
list. The Account Settings page appears.
- Real Name
- This field is used to specify the real-life user name. The Server
uses this information to compose the default 'From' address in Web Mailer.
- additional System fields
- If the Server Directory Integration settings contain some
System Custom Account Setting fields, these fields appear in this panel where they can be set and modified.
- CommuniGate Password
- The Account password. When authenticating a user, the Server can check either this
password or OS password, or both (see below).
- additional Public Info fields
- If the Server Directory Integration settings contain some
Public Info Custom Account Setting fields, these fields appear in this panel where they can be set and modified.
The modified values of the Real Name and additional fields are updated in the Directory
if the Domain has the Directory Integration setting set to
Keep In Sync.
After the Account Settings are modified, click the Update button.
Authentication Methods
Use the Authentication panel to specify the Account authentication methods.
- CommuniGate Password
-
- CommuniGate Password
- This setting tells the Server if it should use the CommuniGate Password string when
authenticating a user. The user may use the CommuniGate Password, or the Server OS password
(see below) to connect to the CommuniGate Pro Server.
- Password Modification
- This option allows the user to modify the CommuniGate Password via the
PWD module, the WebUser Interface, XMPP module, or XIMSS Interface.
- Password Encryption
- This option specifies how the Server should store the CommuniGate Password.
If the clear option is selected, the password is stored as a clear-text string.
All other options specify various encryption methods. In most cases, you will not specify
this setting on a per-account basis, but rather using the Domain Account Defaults or global
Account Defaults.
The U-crpt password encryption is available on Unix platforms only. It
is used for compatibity with the Unix "crypt" encryption method and it should be used
for migrating users from other servers only. The U-crtp-encrypted passwords can
not be used for Secure (SASL) Authentiation methods.
See the Security section for the details.
- Server OS Integration
- CommuniGate Pro Accounts can be "mapped" onto the accounts (registered users) of the Server OS.
When a CommuniGate Pro user is being authenticated using a Server OS password,
or when a separate process (program) should be launched on the user behalf, the CommuniGate Pro
Server constructs an OS username (OS account name) to be used for that
CommuniGate Pro user (Account).
- OS UserName
- This setting specifies how to compose the Server OS username. The asterisk (*)
symbol is substituted with the CommuniGate Pro Account name. If this setting contains just
one symbol - the asterisk symbol, then the CommuniGate Pro Account is "mapped" onto the OS account
with the same name: when the CommuniGate Pro Server checks the OS password for the Account
jmsith, it checks if the specified password can be used to
log into the OS account jsmith.
If the setting contains *.dj, the OS username for the CommuniGate Pro Account
jsmith is jsmith.dj - and the jsmith.dj name is used for all
OS-level operations initiated on behalf of the CommuniGate Pro Account jsmith.
- OS Password
- If this option is enabled, the Account user can log in using the password set in the
Server OS registration information for this user.
If both the OS and the CommuniGate Pro passwords are enabled, and if at least one of those passwords
matches the password provided by the user, the user is allowed to connect to the Account.
See the Security section for the details.
- Kerberos
- If this option is enabled, the user can log into the Account using the Kerberos Authentication method.
See the Security section for the details.
- Certificate
- If this option is enabled, the user can log into the Account using the Client Certificate Authentication method.
See the PKI section for the details.
- External Password
- If this option is enabled, the user can log into the Account using a password
verified with the External Authenticator program.
See the Security section for the details.
- Secure Only
- This option requires use of secure authentication methods
(APOP or non-clear-text SASL methods) with this Account.
If a user client application connects to the Server and supplies a
password for this Account using an unsecure ("clear text") authentication
method, the Server will reject the connection even if the supplied password
is correct.
Clear-Text password are still accepted if they are passed through a secure (SSL/TLS) communication channel.
Note: Since OS passwords can be checked only using the clear-text authentication
method, enabling the Secure Only option forces the users employing OS passwords to use
secure (SSL/TLS) communication channels.
If the CommuniGate Password, OS Password, Kerberos, Certificate, and External Authentication
options are disabled, the user will not be able to access the Account.
Any of Authentication Setting can be set to the default value, in this
case the setting value is taken from the Domain Default Account Settings or the
Server-wide or Cluster-wide Default Account Settings.
Enabled Services
There is a set of settings that specify
which CommuniGate Pro services can be used with the Account:
The Server checks the Account and the Account Domain settings.
Only if the service is enabled for both the Account and the Account Domain, that service can be used with this Account.
See the Domains Settings section for more details.
If you select the default option, the Enabled Services for this Account are
defined using Domain Default Account Settings or the global Default Account Settings.
Please note a difference between the Default Account settings and the Enabled Services specified
for the domain: while you can override the Default Account Settings for some Account by
explicitly specifying the enabled services for that Account, you cannot override the Enabled Services
specified for the Domain. If the Default Account Settings disable POP and IMAP access, you
can explicitly enable POP and IMAP access for a particular account. But if POP and IMAP access
is disabled in the Domain Settings, no Account in that Domain can be accessed via these protocols.
Mail Settings
- Mail Storage
- This option is used to specify the maximum total size of the all Account
mailboxes. If a new incoming message cannot be stored in an Account, because
the Account size would exceed the specified limit, the message is rejected
and the message sender receives an error report.
The current Mail Storage usage value is shown as a button, if the page is viewed by
a System Administrator. By clicking this button you can re-calculate the usage storage counter
if that counter was de-synchronized.
- Mailboxes
- This option is used to specify the maximum number of Mailboxes that can be
created in this Account.
- New Mailbox Format
- This setting is displayed for multi-mailbox Accounts only. It specifies the default
format for all new mailboxes created in this Account.
- Delay New Mail
- If the Account mail storage size is limited, and the specified percent
of that limit is already used, or it would be used when the new message is added,
message delivery to this Account is suspended. The Local Delivery module
settings specify what actually happens to the Account message queue in this case.
- Send Alerts
- This option specifies when the Storage Quota Alerts
should be sent to the Account user.
The Alert message text is a Server String
and it can be customized.
- Send Notice
- This option specifies when the Local Delivery module should compose and store an "over quota"
message in the Account INBOX. If this Notice Message is stored, no new Notice Message will be composed
and stored for the next 24 hours.
The Notice Message Subject and the Message text are Server Strings
and they can be customized. There are two different Notice Message bodies - one is used when an incoming message has been
delivered, and the other one - when an incoming message is too big to be delivered to the Account.
Note: the Notice Messages are not submitted to the Queue, they are composed
with the Local Delivery module and they are stored directly in the Account INBOX.
- Allowed Mail Rules
- This setting tells the Server if the user is allowed to specify automated
Rules that instruct the Server how to process incoming E-mail messages.
- No
- If this option is selected, only the administrator can specify the automated rules for this user.
- Filter Only
- If this option is selected, the user can specify only the following actions:
Discard, Reject, Stop Processing, Mark, Add Header, and Store in.
- All But Exec
- If this option is selected, the user can specify any action, but the Execute action.
- Any
- If this option is selected, the user can specify any action.
Click the Mail Rules link to specify the
rules to be applied to all incoming E-mail messages directed to this Account.
If an administrator creates an Automated Rule containing actions the
Account user is not allowed to specify, the user will be able to view that Rule,
but not to modify any part of it.
- RPOP Modifications
- This setting tells the Server if the user is allowed to specify remote host
(RPOP) accounts that the RPOP module should poll on the user's behalf.
If this option is disabled, only the administrator can specify the RPOP accounts for this user.
Click the RPOP link to specify the remote accounts to be polled on behalf of this user.
- Accept Mail to all
- This setting tells the Server to store messages directed to the all@domain address in the Account INBOX.
- Add Mail Trailer
- This setting tells the Server to append the trailer text (specified in the
Domain Settings) to all messages this user composes
using the WebUser Interface.
Any of these Settings can be set to the default value, in this
case the setting value is taken from the domain Default Account Settings or the
global Default Account Settings.
Signaling Settings
- Registered Devices
- This setting specifies the maximum number of "Contacts" (devices) the Server can register
for this Account.
- Allowed Call Rules
- This setting tells the Server if the user is allowed to specify automated
Rules that instruct the Server how to process incoming Signals.
- No
- If this option is selected, only the administrator can specify the automated Signal Rules for this user.
- Any
- If this option is selected, the user can specify any action.
Click the Call Rules link to specify the
rules to be applied to all incoming Signals (calls) directed to this Account.
If an administrator creates an Automated Rule containing actions the
Account user is not allowed to specify, the user will be able to view that Rule,
but not to modify any part of it.
- Roster Limit
- This setting specifies the maximum number of Roster elements ("Buddies") for this Account.
File Storage Settings
- File Storage
- This option is used to specify the maximum total size of the all files in the
Account File Storage. If this option is set to zero, the Account File Storage is disabled.
- Files
- This option is used to specify the maximum number of all files in the Account File Storage.
- Add Banner to HTML
- This setting tells the Server to insert the Web banner code (specified in the
Domain Settings) to all HTML files retrieved from this
Account File Storage.
- Default Web Page
- When an HTTP URL for a File Storage file does not specify a file name
(http://domain:port/~account/ or http://domain:port/~account/subDir/),
a file with the Default Web Page name is retrieved.
Account Aliases
Each Account can have Aliases (alternative names).
If the john_smith Account has the jsmith and j.smith Aliases,
E-mail directed to jsmith and to j.smith will be stored in the john_smith Account,
and the Signals directed to to jsmith and to j.smith will be delivered to the john_smith Account.
To access the john_smith Account via POP, IMAP, XMPP, XIMSS, WebUser, or any other
client application the user names jsmith and j.smith can be specified in
the client application settings.
You can modify existing aliases, add an alias by typing
a new name in the empty field, and remove an alias by deleting it
from its field. Use the Update button to update the list of Account aliases.
Alias names should not be the same as the name of some other Account, or other Object in the same Domain.
You can specify several Aliases in one field, by separaring them with the comma symbol.
Account Telephone Numbers
Each Account can have zero, one, or more Telephone (PSTN) numbers assigned to it.
The Server maintains a global list of all Telephone Numbers assigned to all Accounts in all Domains.
Telephone numbers should be specified in the E.164 format: +country_code area_code local_number.
The number should contain only digits and it can start with the plus (+) symbol.
Note:
- Only when a Signal (a call) comes to your CommuniGate Pro
Server or Cluster, these Telephone Number mappings take effect.
- An assigned Telephone Number should be registered with one of the PSTN Gateways. When a
PSTN call is made to that number, the Gateway should receive the call and it should direct
the call to your CommuniGate Pro Server via a VoIP protocol (such as SIP).
When a call made to a PSTN number arrives to the Server, it is usually still directed to the
dialed PSTN number, and not to the user Account name. The Server uses its global list of
assigned Telephone Numbers to route the call to the proper Account.
- Users may want to register their assigned Telephone Numbers
with one of the global ENUM services.
If a Telephone number is linked to a CommuniGate Pro Aomain using such a service, VoIP calls made
by users of all VoIP systems employing that ENUM service will be routed to the CommuniGate Pro
Account directly, via the Internel, bypassing PSTN.
See the PSTN section for more details.
Creating Mailing Lists
Every CommuniGate Pro Mailing List has an owner - an Account in the
main or one of the secondary Domains. To create a Mailing List, you should
create the Owner Account first. For each list, the Mailing List manager
creates several mailboxes inside the owner Account, so the owner Account
should be of the MultiMailbox type.
To create a mailing list, type the list name and click the Create List
button. To modify the list settings, to rename and remove the mailing lists
use the links to the Mailing List Settings pages.
Renaming Accounts
If you want to rename an Account, open its Settings page, and enter a new Account name into the New Account Name field.
Click the Rename Account button.
If there is no other Object with the same name as the specified new
Account name, the Account is renamed and its Account Settings page should
reappear on the screen under the new name.
You cannot rename an Account when it is in use.
Removing Accounts
If you want to remove an Account, open its Settings page, and click the Remove Account button. The confirmation page should appear.
If you confirm the action, the selected Account, all its Mailboxes,
Settings, and other Account-related data files will be permanently removed
from the Server disks.
The Account Aliases and all Mailing List owned by this Account will be removed, too.
You cannot remove an Account when it is in use.
Default Account Settings
An Account setting can have the default value. In this case the actual setting value
is taken from the Default Account Settings for the Account Domain.
You can modify the Default Account Setting values by clicking the Account Defaults link on any Domain administration page of the WebAdmin Interface.
The Default Account Settings page resembles a regular Account Settings page.
The Domain Default Account Settings themselves can be assigned the default value.
In this case the setting value is retrieved from the Server-wide or Cluster-wide Default Account Settings.
You can modify the server-wide Default Account Settings by clicking the Account Defaults
link on the Domains (Domain List) page.
A Dynamic Cluster installation maintains separate
server-wide Default Account Settings for all Accounts in non-Shared (Local) Domains, and cluster-wide
Default Account Settings for all Accounts in the Shared Domains. In the Cluster environment, the
Default Account Settings page displays links that allow you to switch between the Server-wide
and Cluster-wide Default Settings.
Example:
-
The global (Server) | Default Account Settings: | Storage Limit = 10Mbytes |
The company.dom | Default Account Settings: | Storage Limit = 30Mbytes |
The client1.dom | Default Account Settings: | Storage Limit = default |
Now:
- If you create an Account in any Domain, and set its Storage Limit to some value, that
value will be used.
- If you create an Account in the company.dom Domain, and set its Storage Limit value to default,
the Account will be able to keep up to 30Mbytes of mail (the Default Account Setting for that Domain).
- If you create an Account in the client1.dom Domain, and set its Storage Limit value to default,
the Account will be able to keep up to 10Mbytes of mail (the global Default Account Setting for the Server).
When you serve many Accounts, you should try to specify most of the setting values as
default, so you can easily change those settings for all Accounts. If some Account
should be treated differently, you should explicitly specify the required setting value for that Account.
Account Template
When you need to create many Accounts, you may want to specify some non-default
setting for all new Accounts. Each Domain has its own Account Template, and you
can modify it by clicking the Template link on the Account List page.
The Accounts Template page resembles a regular Account Settings page.
All the settings set there will be copied to all newly created Accounts in this domain.
Note: The Default Account Settings and Account Template are quite different.
The Account Template is used only when an Account is being created. All template settings
with non-default values are copied to the new Account settings. If you modify the
template settings after an Account has been created, those Account settings will not change.
Besides the initial, non-Default setting values, the Account Template can be used
to instruct the Server to create additional Mailboxes in each new Account (by default only
the INBOX Mailbox is created), to subscribe the Account to certain Mailboxes, and
to create Mailbox Aliases in all newly created Accounts.
Enter a name into the empty field to add a Mailbox name to the list.
For non-mail mailboxes, specify the Mailbox Class from the pop-up menu.
If you select the Lock checkbox, it will be impossible to delete or rename the created Mailbox.
In this sample, when a new multi-mailbox Account is created in this Domain, the
mail Mailboxes Sent and Drafts, and the calendar Mailbox Calendar will be created in that Account,
along with the INBOX Mailbox.
The Account users will not be able to delete or rename the Calendar Mailbox.
See the Mailboxes section to learn about Mailbox Subsciptions.
Creating initial non-empty subscription:
- simplifies the initial set-up of some client mailers that can access only those Account Mailboxes
that are included into the Mailbox Subscription list;
- helps new users to subscribe to public mailboxes containing administrative information, news, etc.
See the Mailboxes section to learn about Mailbox Aliases.
Specifying a non-empty list of Mailbox Aliases simplifies the initial set-up for
Microsoft Outlook users that need access to public Mailbox and other
Foreign mailboxes, but cannot use their mailers to access
foreign Mailboxes directly.
This field can contain a mail message in the RFC822 format. If this field is not empty,
then the specified message is stored in the INBOX mailbox of every newly created Account.
The text can contain the following macro combinations, replaced with the newly created Account data:
- ^A - the newly created Account name.
- ^D - the Domain name.
- ^E - the newly created Account Real Name.
The Date: header field is automatically added to the stored messages.
The message text can start with a
[charsetName] prefix, then the text will be converted from UTF-8
to the specified character set. Specify the Content-Type header field with the proper the
charset= parameter:
Templates can be used to generate an initial default Web (HTML) page in the
File Storage for all newly created Accounts:
This field can contain an HTML text. If this field is not empty,
then the specified text is stored as the Default Web Page file
in the File Storage of each newly created Account.
Importing User Account Information
The built-in Account Loader allows the administrator to register sets of
users. The user names and Account attributes should be placed into a tab-delimited
text file on the administrator (client) computer, and that file should be uploaded
to the server using the Import field.
Click the browse button to select a file on your local system, and then click the
Import Accounts button to create Accounts listed in the selected file.
Below is a sample IMPORT file:
Name | Type | Ignore | Storage | Aliases |
johnd | MultiMailbox | sales dept | 50M | |
susan | MultiMailbox | mgmnt | 10M | susan.s,susan_smith |
sales | MultiMailbox | dummy | 30M | |
info | MultiMailbox | dummy | 50M | help |
Note: The import file must be prepared on the client computer (on the computer you
use to run your browser). The browser allows you to upload files from disks connected to that
computer, not to the CommuniGate Pro Server computer.
Note: When using Netscape and some other Unix browsers, make sure that the file name ends
with the .txt suffix - otherwise the browser won't upload the file as a text one, and the file will be ignored.
Note: The MacOS 9.x versions of the Microsoft Internet Explorer upload
Macintosh files in the encoded x-macbinary format if the file contains a resource fork.
Most text files created with Macintosh text editor applications contain resource forks that
keep the information about the file fonts, file window position, and other Macintosh data. Such
files cannot be used as import files with the Microsoft Internet Explorer browser. Either
use a text editor application that saves text files without resource forks or use a browser
that uploads Macintosh files without encoding.
The first file line describes the file contents. It should contain tab-delimited names
of Account attributes. The following names are supported:
- Name
- This column contains the Account names. This attribute is not
required to be in the first column, but it must exist. All other attributes are optional.
- RealName
- This column contains the Account user "real name".
- Type
- This column contains the Account type (MultiMailbox, Text Mailbox, etc.).
If the file does not contain this column, or this field is empty, the Account type selected on
the Account List WebAdmin page is used.
- Password
- This column contains the Account password.
If the file does not contain this column, or this field is empty, the CommuniGate Password
and the Use CommuniGate Password settings are taken from the domain Account Template.
- UnixPassword
- This column can be used instead of the Password column.
If it exists, it should contain crypt-encrypted Account passwords.
The Account Loader will add the binary prefix to those strings,
so these CommuniGate passwords will be used as U-crpt encrypted passwords.
See the Migration section for more details.
- Storage
- This column contains the maximum Account Mail Storage size (in bytes, or in kilobytes, if the number is
followed with K, or in megabytes, if the number is followed with M). The column data can contain
-1 or unlimited to specify unlimited storage.
- Aliases
- This column contains the Account Aliases; several Aliases may be specified in one field
if they are separated with the comma symbol.
- MailInRules
- This column contains the Account Mail Processing Rules. Rules should be represented in the
internal format, as an array of individual Rules. Each Rule is an array,
where the first element is the Rule priority, the second element is the Rule Name string,
the third element is the Rule conditions array, and the last element is the Rule Actions array.
- SignalInRules
- This column contains the Account Signal Processing Rules.
- Ignore
- This column is ignored. An Account list file can contain several Ignore columns.
- setting name
- You can use columns that contain initial values for various additional Account settings
(File Storage file and size limit, type or Rule actions enabled, etc.). Any additional column should have the
same name as the selected Account setting name (keyword).
For example, you can use the column named
MaxWebSize to specify the storage limit for the Account File Storage, and you can also
use the column named MaxAccountSize instead of the Storage column.
- Custom Setting
- You can use columns that contain initial values for various Custom Account Settings.
For example, if the Directory Integration page contains the Custom Setting city,
you can include a column named city in your Account Import file.
If the first line is parsed, all other lines are processed. Each line should contain tab-delimited fields,
with the field contents specified in the first line. A line can contain less fields than the first line,
in this case missing fields are processed as empty fields.
Attribute values for empty and missing fields are taken from the Account Template.
If an error occurs while processing some file line (missing name field, duplicate name, etc.),
all Accounts created while processing previous lines are removed, and the number of the line that
caused the problem is displayed. You can fix the file and try again.
CommuniGate® Pro Guide. Copyright © 1998-2007, Stalker Software, Inc.