Have a Question?
DOMAINS
The Domain page enables control of domains and associated settings, including user quota and authentication, mailing lists, individual accounts, and more.
The page has the following sections: general settings, domain information, and domain management.
Make a New Domain
Fill out the form that appears after clicking the CREATE button to create a new domain.
The Domain Details section contains more setup options for the domain, such as how to configure authentication and accounts in the domain.
The global theme
Global options affect Carbonio’s look and provide users the chance to adjust a number of parameters that affect how the web interface of Carbonio appears to web clients.
Each and every resource used for white labelling has to have a working URI and be accessible from Carbonio.
Ensure that the server’s SSL certificate is current and valid, as well as that its FQDN can be resolved from Carbonio (from the Proxy Node in the case of a Multi-Server configuration), in the event that the resources are hosted on a server that is not a part of the Carbonio infrastructure.
By uploading those resources to a directory called, for instance, /opt/zextras/web/custom/ (create it if it does not already exist) and using the URL https:///static/custom/, where is the FQDN of the Single-Server or of the Proxy Node in a Multi-Server environment, you can expose those resources using Carbonio’s Proxy Node in a secure manner.
Additionally, it is essential to maintain synchronisation between the resources on each instance of the proxy in a multi-server system with many proxy nodes.
By selecting the RESET option, all customizations can be deleted at once.
2-Factor-Autentication
For the different services provided by Carbonio, it is possible to configure 2FA globally (i.e., for all specified domains) on this page. Refer to 2-Factor-Autentication to change parameters for a single domain.
There are several services that may be configured independently. It is possible to completely disable 2FA for each of them, allowing users to log in using just their username and password; to trust an IP address or an IP range for all client connections, even those that don’t use 2FA; and to trust a device, allowing an application (typically a browser) to be trusted when connecting from a given IP.
Domain Information
It is possible to fine-tune the domain’s setup under the many subsections found in Domain Details. If a provided domain does not specify a value for the majority of the parameters (such the Time Zone), those values are inherited from the primary domain supplied.
General Preferences
Most of them exist when the domain is created and have an impact on the fundamental setup of the domain. Additional choices include the ability to choose the time zone, whether to use the HTTP or HTTPS protocol (we always recommend using the latter), and the mail server that will be used to transmit spam.
Additionally, the domain may have a default COS and its status associated.
We add a property to the domain that was established in the preceding step.
The DELETE DOMAIN button at the bottom of the page enables domain deletion. A dialogue detailing all domain-defined elements (accounts, mailing lists, resources, etc.) that will be removed along with the domain will appear when the button is pressed. There are two options: remove the domain and all of its contents or close the domain, maintaining all objects but restricting access.
The World Access List
When creating an email or adding attendees to an event in the Calendar, for example, a GAL is a special account called the “GALSync Account” that holds all of the email accounts set up on the server and allows for rapid searches of email addresses. When set up on Carbonio, a GAL can be external (when set up on the LDAP server that Carbonio uses), internal, or both. You may switch the GALSync account’s email address from external to internal, vice versa, or both in this page. Additionally, you may modify some of its settings and add it, if it isn’t already there.
The period chosen in the Settings section of the page determines how frequently the GALSync account is updated. By selecting RE-SYNC, administrators can compel a resynchronization of all GALs defined on a domain.
Certificates & Virtual Hosts
A different name assigned to a domain that may be used to access the same domain is called a virtual host. The name must be registered on the domain’s DNS with an A record in order to use the virtual host. Then, users don’t need to use the domain to check in; they may only use their usernames.
You may link an SSL certificate to each virtual host. With just a few simple steps, Carbonio allows users to upload numerous SSL domain certificates from the Carbonio Admin Panel and link them to various domains.
The virtual host should be chosen before clicking UPLOAD AND VERIFY CERTIFICATE. You have the option of using:
- a certificate from Let’s Encrypt that includes an intermediate certificate. Before pressing the GENERATE CERTIFICATE button, be sure you meet the conditions. Follow the guidelines below to finish the process.
- Similar to the previous situation, be sure you meet the requirements before selecting the GENERATE CERTIFICATE option for a Let’s Encrypt shortChain Certificate without an intermediate certificate. Follow the guidelines below to finish the process.
a unique certification. The three files of the authorization chain (the Domain Certificate, the Certificate CA Chain, and the Private Key) must be provided by you in this situation, or you must copy the contents of each file into the relevant areas. Verify the certificates by clicking VERIFY; if everything is accurate, notice will appear. It will show that the certificate is valid. The certificate must be uploaded and used by clicking the I WANT TO USE THIS CERTIFICATE button. The certificates have been stored, and another message will appear. If you are on a Single-Node, restart it to finish the process; if not, restart the node on which the Proxy is installed.
By selecting the corresponding button above the certificates themselves, you may REMOVE or DOWNLOAD the certificates.
Installation steps for a Let’s Encrypt certificate
You must do the following actions in order to properly issue a Let’s Encrypt certificate for your Carbonio installation.
As mentioned in the previous section, the first step is to generate the certificate using the Carbonio Admin Panel button. If you set the Carbonio properties listed above, in addition to the notice in the bottom right corner, you will shortly get an email letting you know if the certificate generation was successful or unsuccessful.
In the event of failure, the email will detail the issues you need to solve before trying again. Remember that if you request a certificate repeatedly without receiving one, you risk being temporarily barred from doing so.
The letter When the issuance is successful, a successfully received certificate as well as additional information, such as the expiration date, are included in the email. This is followed by a second confirming email.
The certificate may now be installed on your infrastructure. Enter the CLI as the zextras user and execute the instructions.
The certificate must be renewed 30 days before it expires since it has a 90-day expiration date. This is recommended by Let’s Encrypt. If you are comfortable doing it regularly from the crontab or manually, you may use certbot renew from the CLI to accomplish this.
When finished, repeat the two deployment instructions.
Mailbox Limit
With the help of these options, you may provide a maximum limit (in bytes, with 0 denoting no restriction) for the amount of space that each account and the domain as a whole may consume. Another option is to define a number that, when reached, will send an email warning to a specified address. The settings set here are inherited by all newly created accounts, however they may be changed on a per-user basis.
A list of accounts and their utilised quotas may be seen at the bottom of the page, making it easier to keep track of user usage.
Theme—These settings are identical to those in the Global Theme section but are domain-specific; if the global theme settings are not specified at the domain level, they will be used instead.
2-Factor-Autentication
For the specified domain alone, it is feasible to set up 2FA on this page for the many services that Carbonio provides. Refer to 2-Factor-Autentication to change settings for all domains.
There are several services that may be configured independently. It is possible to completely disable 2FA for each of them, allowing users to log in using just their username and password; to trust an IP address or an IP range for all client connections, even those that don’t use 2FA; and to trust a device, allowing an application (typically a browser) to be trusted when connecting from a given IP.
SAML
This page is where SAML access management for Carbonio is managed.
The ENTITY ID and SERVICE URL of the current Carbonio may be copied using the two buttons at the top of the screen. These values must be pasted into the corresponding fields to complete the configuration on the SAML IDP provider’s end.
Once the setting is complete, you may copy the URL and paste it in the textbox. If the settings URL utilises HTTP rather than HTTPS, click the Allow Unsecure button. To import the configuration, click IMPORT.
The three buttons below allow you to export or remove the existing configuration, create an SP certificate, set IDP logout, and produce an SP certificate.
The CLI Section Configure SAML Logout provides a detailed explanation of the steps to do in order to completely log out of the IDP. By entering the variables listed in that section’s bottom two textfields together with their respective values, you may achieve the same result from the Carbonio Admin Panel. Then, just click the ADD button. Do not forget to configure the IDP with the SP certificate.
Control domains
Options for setting up accounts, mailing lists, and general resources are available on the Manage Domains page.
Accounts
This page contains a list of every account on the domain, along with details about their kind and status.
The text field above the list may be used to filter the list, and the + button can be used to add a new account.
The name and aliases, if any, the status (see below), and the creation date may all be found in a new panel that is opened when any account is clicked. By selecting the MANAGE ALIAS button, it is simple to manage the aliases. In the dialogue box that appears, choose a domain and a new alias, then click + to add the alias to the user.
The upper right corner of the panel has buttons that may be used to modify or delete users as well as redirect to their mailboxes.
Most of the options are structured in tabs and are the same as those in the Create New Account section when modifying a user’s account. Although options set out in a user’s COS are inherited, they may be changed for each specific user.
A list of the currently active sessions may be seen at the bottom of the panel. For instance, if a user has signed in from three separate devices and has never logged out, three sessions will be displayed. The session will end after picking one of them and pressing the END SESSION button.
Make a new account
When you click the Add button, a dialogue box that lets you configure the new account’s fundamental settings appears.
New Global Admin Created
You must first create the account, as described in the preceding section, before you may create a new Admin. We assign the name acme_admin to this account.
Select the new account from the list of accounts, and then click the pencil icon to edit it.
Go to Settings under the General tab, select the switch labelled This is a Global Administrator, then save to make acme_admin a Global Admin. The Carbonio Admin Panel may now be accessed by the acme_admin user.
Message List
By just clicking the plus button, a tabbed modal dialogue that allows for mailing list configuration is opened.
You may describe the mailing list’s name, address, and description in the first tab. In the second, you can add members by entering their email addresses in the test box.
Advanced options, such as limiting the members who are permitted to send emails to the list, the procedures for subscription and unsubscription requests, and the mailing list’s owners, may be set up under the third tab.
The last tab summarises the options; at this point, you may either go back to any of the earlier sections and make changes, or you can move on to creating the mailing list.
A mailing list may be further customised by adding aliases, which function similarly to email accounts, modifying the owners and members, and allowing certain people to send emails to the mailing list.
Dynamic Mode The Dynamic Mode of mailing lists enables the automated administration of subscribers. Each Dynamic Mailing List is, in fact, given a name and a special Mailing List URL, which is an LDAP query that populates the Mailing List’s members automatically.
The process for creating a Dynamic Mailing List is the same as for creating a regular Mailing List: click the Add button, enter a Displayed Name and list name, then choose Dynamic Mode to access additional choices, including the Mailing List URL, which is required. You can also add owners to the list who can control the list’s setup and make the list Hidden from GAL.
After the Dynamic Mailing List is created, advanced options, including subscription and unsubscription options, are accessible when modifying it
ActiveSync
All accounts linked using the ActiveSync protocol are listed on this page. Some details, such as the Device ID and the time it last connected, are displayed for each connected device. Additional details, such as client data and the device’s ABQ status (see ABQ – Allow/Block/Quarantine device management), are displayed when any of the connections are clicked.
You can WIPE DEVICE (restore the connected device to its factory settings), RESET DEVICE (log the device out of the account), and SUSPEND the connection.
Replenish Account
You may restore a mailbox’s preferences and contents in exactly the same condition as when it was removed by using the Restore Account process.
A new account (the Destination Account) is formed when a Restore Account is initiated, and all things present in the source account at the time of deletion are restored in the destination account, together with the folder hierarchy and all user data. If Apply HSM Policy after the restoration is not checked, all recovered objects will be generated in the current main store.
Enter an email address in the text box or choose an account from the list to begin the process.
Next, pick the options to apply for the Restore by clicking the CONFIG tab:
- Which time and date should the account be restored to?
- Choosing whether to utilise the account’s most recent status
- If necessary, restore External Data Sources
- Choose a recipient email for the notice of the successful restore.