Version 5.4 |
||||||||||||||||||||||||||||||||||
|
|
The WebAdmin Interface pages are grouped into five Realms. To access a page in any realm, you should have a CommuniGate Pro Account, and that Account should be explicitly granted access rights to that realm.
Note: If an Account is granted the Master access right, the Account user can access all realms.
Note: These Server Administration access rights can be granted to the Main Domain Accounts only. Accounts in secondary Domains can be granted Domain Administration rights only.
When a Server is installed for the first time, it creates the postmaster Account in the Main Domain, and it grants the Master access right to that Account.
The CommuniGate Pro Server is very complex and flexible software. Its set of Settings and other configuration options can be overwhelming for someone not familiar with the product.
An WebAdmin Interface Type ranging from Basic to Expert is assigned to each Administrator. These Types (or Expertise Levels) are designed to simplify the learning process:
When the CommuniGate Pro Server is installed for the first time, and the postmaster Account is created, the Basic WebAdmin Interface Type is set for that Account. You can change the Interface Type by opening the WebAdmin Preferences pages.
Note: This documentation shows the WebAdmin pages and settings as they are displayed in the Expert mode.
Note: unless you create additional Domains
ONLY the E-mail Messages and Signals directed to addresses in the Main Domain will
be processed as local. If the Main Domain Name is entered as company.com,
then Messages to mail.company.com or Signals to sip.company.com will not
be processed as local, and if such a Message or Signal is received, the Server will try
to deliver it to the mail.company.com or the sip.company.com system over the network.
If the DNS record for mail.company.com or sip.company.com points to the same Server computer,
the mail loop or signal loop error will be detected, and the Message or Signal
will be rejected.
If your Server should serve several domain names, enter the additional domain names as Main Domain Aliases (if those domain names should be "mapped" to the Main Domain), or create additional ("secondary") Domains.
Kernel problems are very unlikely to happen. If you see any problem with the Server, try to detect which component is causing it, and change the Log setting of that component (Router, SMTP, POP, etc.) to get more information.
If you see "exception raised"
messages in your CommuniGate Pro Log and/or in the OS system.log or mail.log,
you may want to disable this option and force the Server to stop when an exception is raised again,
and to produce a core dump file.
Core dump files can be uploaded to the CommuniGate Systems ftp site for examination.
CommuniGate Systems recommends you to disable this option if you are running any beta-version of the CommuniGate Pro software.
If this option is enabled, WebAdmin realms are addressed using the /realmName/page URLs, with /realmName/ as the authentication realm. The Server Administrator needs to enter a password to open each realm, but the Server Administrator needs the access right for that realm only.
Enable this option if some of your Server Administrators do not have the Master access right.
CommuniGate Pro supports multiple languages, and different users can use different languages. If most of your users will use the same language, it is recommended to set this language as the default one for the entire Server or for a particular Domain.
Use the WebAdmin Interface to open the Account Defaults page in the Users realm to specify Server-wide
language settings.
If you want to set a default language for a particular Domain, open that Domain pages in the WebAdmin Users realm,
and open the Domain Account Defaults page from there.
Click the Preferences link to open the Default Preferences page.
Select the default Language and select a matching Preferred Character set: ISO-2022-JP for Japanese, KOI8-R for Russian, etc. If most of your users use modern Web browsers with the proper UTF-8 support, set the Use UTF-8 option to Reading and Composing.
Set the display names for the INBOX Mailbox and the virtual MAPI Outbox folder. These strings are used only with the CommuniGate Pro own client components - the WebUser Interface and MAPI, so you can enter any valid Mailbox name here, in any language. You can also change these names at any time.
Set the names for special Mailboxes - Sent, Drafts, Notes, Trash, Contacts, Calendar, and Tasks. Please note that these names will be used with the CommuniGate Pro own client components only - the WebUser Interface and MAPI. To make the user's IMAP clients use the same Mailboxes for the same purposes, the same Mailbox names should be specified in the IMAP client configurations. If you change these names later, the new Mailboxes will be created when a client needs to access a special Mailbox: the already existing special Mailboxes will not be renamed.
CommuniGate Pro supports multiple time zones, and different users can be located in different zones. If most of your users will use the same time zone, it is recommended to set this zone as the default one for the entire Server or for a particular Domain.
Open the Account Defaults page in the Domains section of the WebAdmin Interface if you want to set the Server-wide default time zone. If you want to set a default time zone for a particular Domain, open the Domains page of the WebAdmin Interface, open the Accounts or Settings page for the selected Domain and open the Domain Account Defaults page from there. Click the Preferences link to open the Default Preferences page.
Select the default Time Zone from the list. If you select the "built-in" zone (HostOS), the Server will use a fictitious zone that has the same time difference with GMT as the Server OS has at this time. This zone has no support for daylight saving time and it cannot be used for sending recurrent events outside your Server. Unless your Time Zone is not listed, avoid selecting the "built-in" zone.
All CommuniGate Pro Server files - Accounts, Domains, Mailboxes, settings, queues, etc. are stored in one place - in the Server base directory.
When the Server starts, it creates the following objects inside its base directory:For more information about the Account and Domain files and directories, see the Objects section.
You can use symbolic links to move some of these directories to other locations (and other disks).
You can specify the Command Line Options using the Services control panel "Startup Parameters" field. A non-empty set of Command Line Options is stored in the System Registry and it is used every time the CommuniGate Pro Messaging Server service is started without parameters. To clear the stored set of the Command Line Options, specify a single minus (-) symbol using the Services control panel "Startup Parameters" field.
You may need to add certain shell commands to the CommuniGate Startup script. Since the Startup script is a part of CommuniGate Pro application software, it is overwritten every time you upgrade your CommuniGate Pro system. Instead of modifying the Startup script itself, you can place a Startup.sh file into the CommuniGate Pro base directory. Startup scripts check if that file exists, and execute it before performing the requested start/stop operations.
The CommuniGate Pro Server can be shut down by sending it a SIGTERM or a SIGINT signal.
On Unix and OpenVMS platforms you can use the startup script with the stop parameter, or you can get the Server process id from the ProcessID file in the base directory and use the kill command to stop the server. On OpenVMS platforms the KILL.EXE program can be found in the application directory.
On the Windows NT platform, you can use the Services control panel to stop and start the CommuniGate Pro server.
You can also use the shutdown CLI API command to stop the server.
When the Server receives a shutdown request, it closes all the connections, commits or rolls back Mailbox modifications, and performs other shutdown tasks. Usually these tasks take 5-15 seconds, but sometimes (depending on the OS network subsystem) they can take more time. Always allow the Server to shut down completely, and do not interrupt the shutdown process.
The CommuniGate Pro server can store as much as several megabytes of Log data per minute (depending on the Log Level settings of its modules and components), and it can search and selectively retrieve records from the log. To provide the required speed and functionality, the Server maintains its own multithreaded Log system.
The Server places records into the OS log:The CommuniGate Pro is designed as a highly secure application. In order to perform certain operations, the Server runs as root on Unix platforms, and it carefully checks that no user can access restricted OS resources via the Server. Since many other servers do not provide the same level of security, system administrators preferred to run servers in a non-root mode, so a hole in the server security would not allow an intruder to access the restricted OS resources.
CommuniGate Pro can "drop" the root privilege. The privilege can be dropped in the "permanent" or "reversible" mode. When asked to drop the root (uid=0) privilege, the Server changes its UID:If the root privilege was dropped in the "reversible" mode, the root privilege can be restored. For example, if you need to open a listener on the port 576, but the Server root privilege has been dropped, you should restore the root privilege first, then open the listener port, and then you can drop the Root privilege again.
To drop the root privilege permanently, use a special Command Line Option.
To drop the root privilege in the "reversible" mode, click the "Drop Root" button on the General page. The button should change to the "Restore Root" button - you can use it to restore the Server root privilege. This option is not available on those platforms that cannot drop the root privilege correctly (Linux).
If your Server has several Domains, you may want to grant some users in those Domains the Domain Administrator access right.
A Domain Administrator can control the Domain using the same WebAdmin port (see HTTP module description for the details), or using the Command Line Interface (API) commands. Domain Administrator access is limited to his Domain (and, optionally, to certain other domains), and to explicitly allowed Domain and Account settings and operations.
When you grant the Domain Administrator access right to a user, you will see
a list of specific access rights - the internal names of Domain and Account Settings.
Each option controls the settings this Domain Administrator can modify, and the operations
this Domain Administrator can perform.
Domain Administrator access rights can be granted to users by a Server Administrator with the All Domains and Account Settings access right.
A System Administrator with the All Domains and Account Settings access right can perform all operations potentially available to a Domain Administrator in any Domain.
When a customer has several Domains, you may want to let an Account in one Domain administer other Domains. You should grant such an Account the CanAdminSubDomains access right. Then you should open the Domain Settings page for the target Domain and specify the Administrator's Domain name in the Administrator Domain Name field.
Note: when a Domain Administrator connects to the Domain WebAdmin Interface, the browser displays the Login Dialog Box. If the Administrator Account is in a different Domain, the full account name (accountName@domainName) should be specified.
Domain Administrators can perform operations on their own Domains and, optionally, on certain other Domains. The set of allowed operations is defined by the Domain Access Rights explicitly granted to the Domain Administrator Account and listed in the table below:
Domain Settings | |
---|---|
Access Right | Description |
DomainAccessModes | Enabled Services |
AutoSignup | Provisioning: Auto-Signup Setting |
ExternalOnProvision | Provisioning: Consult External on Provision Setting |
TrailerText | Client Interfaces: Mail Trailer Text Setting |
WebBanner | WebUser Interface: Web Banner Text Setting |
WebSitePrefix | WebUser Interface: Personal Web Site Prefix Setting |
Foldering | Large Domains: Foldering Method Setting |
FolderIndex | Large Domains: Generate Index Setting |
RenameInPlace | Large Domains: Rename in Place Setting |
AllWithForwarders | Mail to All: Send to Forwarders Setting |
MailToAllAction | Mail to All: Distributed for Setting |
ExternalOnUnknown | Unknown Names: Consult External for Unknown Setting |
MailToUnknown | Unknown Names: Mail to Unknown Names Setting |
MailRerouteAddress | Unknown Names: Mail Rerouted to Setting |
SignalToUnknown | Unknown Names: Signal to Unknown Names Setting |
SignalRerouteAddress | Unknown Names: Signal Rerouted to Setting |
AccessToUnknown | Unknown Names: Access to Unknown Names Setting |
AccessRerouteAddress | Unknown Names: Access Rerouted to Setting |
CentralDirectory | Directory Integration Setting |
CertificateType | Security: Domain PKI Settings |
KerberosKeys | Security: Kerberos Keys |
RelayAddress | SMTP Sending: Send via Setting |
ForceSMTPAuth | SMTP Receiving: Force AUTH Setting |
recipientStatus | SMTP Receiving: When Receiving Setting |
ServiceClasses | Can create, rename, and remove Classes of Service |
Objects | |
Access Right | Description |
CanCreateAccounts | Create, rename, and remove Accounts |
CanCreateGroups | Create, rename, remove, and modify Groups |
CanCreateForwarders | Manage Forwarders |
CanCreateNamedTasks | Manage Named Tasks |
CanCreateLists | Create, rename, and remove Mailing Lists |
CanAccessLists | Modify Mailing Lists |
CanCreateAliases | Manage Aliases |
CanCreateTelnums | Manage Telephone Numbers |
CanPostAlerts | Post Domain and Account Alerts |
CanAdminSubDomains | Administer other Domains |
CanModifySkins | Manage Domain Skins |
CanModifyPBXApps | Manage Domain Real-Time Applications |
CanAccessMailboxes | Unrestricted Access to all Account Mailboxes |
CanAccessWebSites | Unrestricted Access to all File Storage files |
CanControlCalls | Unrestricted Access to all Call Control functions |
CanCreateWebUserSessions | Manage WebUser sessions via CLI |
CanImpersonate | Ability to Impersonate |
CanControlAirSync | Ability to control AirSync clients |
CanCreditAccounts | Ability to credit Account Balances |
CanChargeAccounts | Ability to charge Account Balances and to reserve funds. |
CanChargeReserves | Ability to charge fund reserved in Account Balances |
Account Settings | |
Access Right | Description |
ServiceClass | Class of Service settings |
BasicSettings | Basic Settings: Password, RealName, Custom and Public Info settings |
PSTNSettings | PSTN settings |
WebUserSettings | Preferences |
UseAppPassword | CommuniGate Password: Allow to Use |
PWDAllowed | CommuniGate Password: Allow to Modify |
PasswordEncryption | CommuniGate Password: Encryption |
RequireAPOP | Authentication methods: Secure only |
UseKerberosPassword | Kerberos Authentication |
UseCertificateAuth | Certificate Authentication |
UseSysPassword | Authentication methods: Enable OS Password |
OSUserName | Authentication methods: Server OS user name |
UseExtPassword | Authentication methods: External Authentication |
LogLogin | Logging for login/logout events in a Supplementary Log |
FailedLoginFlows | Authentication: Failed Login Limit |
AccessModes | Enabled Services |
MailInpFlow | Mail Transfer options: Incoming Mail Limit |
MailOutFlow | Mail Transfer options: Outgoing Mail Limit |
MaxMessageSize | Mail Transfer options: Incoming Message Size Limit |
MaxMailOutSize | Mail Transfer options: Outgoing Message Size Limit |
MailToAll | Mail processing options: Accept Mail to all |
AddMailTrailer | Mail processing options: Add Trailer to Sent Mail |
QuotaNotice | Mail Quota Processing: Send Notice |
QuotaAlert | Mail Quota Processing: Send Alerts |
QuotaSuspend | Mail Quota Processing: Delay New Mail |
RulesAllowed | Mail processing options: Rules |
RPOPAllowed | Mail processing options: RPOP Accounts |
MaxAccountSize | Mail Storage limits: Mail Storage |
MaxMailboxes | Mail Storage limits: Mailboxes |
DefaultMailboxType | Mail Storage options: New Mailboxes |
MaxSignalContacts | Signal processing limits: Contacts |
SignalRulesAllowed | Signal processing options: Rules |
CallsLimit | Signals: Concurrent Calls option |
CallLogs | Signals: Call Logs option |
DialogInfo | Signals: Call Info option |
CallInpFlow | Signals: Incoming Calls Limit option |
CallOutFlow | Signals: Outgoing Calls Limit option |
RSIPAllowed | Signals: RSIP Registrations |
AirSyncAllowed | Ability to specify which AirSync clients can access the Account. |
MaxRosterItems | Signals: MaxRosterItems option |
IMLogs | Signals: IM Logs option |
NotifyOutFlow | Signals: Outgoing NOTIFY Requests Limit option |
MaxWebSize | File Storage limits: Web Storage |
MaxFileSize | File Storage limits: Web Storage |
MaxWebFiles | File Storage limits: Web Files |
AddWebBanner | File Storage options: Add Web Banner |
DefaultWebPage | File Storage options: Default Web Page |
Server and Domain administrators can customize the WebAdmin Interface parameters, including the initial number of objects to be displayed in the Object Lists, the refresh rate for the Monitor pages, etc. The Preferences also specify the character set used for WebAdmin pages. If you plan to use non-ASCII symbols, specify the correct character set first.
The bottom part of every WebAdmin page contains the name of the authenticated Administrator viewing that page, and the link to the WebAdmin Preferences page.
Each CommuniGate Pro WebAdmin realm has its own Preferences. Click the Preferences link to open the Preferences page.
The specified Preferences are stored as one of the Administrator Account Setting attributes, so different administrators can have different Preferences.
The Server Administrator can modify the look and feel of the Domain WebAdmin interface. For each CommuniGate Pro Domain, a custom version of WebAdmin files can be created.
The WebAdmin Interface uses the same Skins Interface as the WebUser Interface.
The WebAdmin Interface uses the Admin-xxxxx Skins.
Within those Skins, the adminyyyyyyyy files are used to compose pages in the User Realm of the
Server WebAdmin Interface, as well as the Domain WebAdmin Interface pages.
To modify a the Domain WebAdmin Interface pages, upload custom adminyyyyyyyy files into the Admin-xxxxx Skins. You can create new Admin-xxxxx Skins, and select those Skins (shown without the Admin- prefix) in the Domain Administrator Preferences.
The Server Administrator can also upload custom admin* files into the Server-wide and Cluster-wide Skins.
Note:The Server WebAdmin interface always uses the "stock" Skin files
located in the WebSkins subdirectory of the application directory.
If you modify the WebAdmin interface for the Main Domain,
the modified pages will be used when a Domain Administrator of the Main Domain uses the WebAdmin Domain Interface.
The Server Administrator will see the Server WebAdmin Interface (with
the Settings, Domains, Directory, and Monitors realms) and the "stock" Skin files will be used to
compose the Server WebAdmin Interface pages.
The Server Administrator can modify the protocol prompts and other text strings the CommuniGate Pro Server sends to client applications.
To modify the Server Strings, open the General pages in the WebAdmin Interface Settings realm, and open the Strings page:Note: The actual Strings page has much more elements.
To modify a Server String, enter the new text in the text field, and select the lower radio button.
To change the string to its default value (displayed above the text field), simply select the upper radio button.
Click the Update button to update the Server Strings.
The CommuniGate Pro Server can use external programs to implement various operations - message scanning, user authentication, RADIUS login policies, etc. All these external programs are handled in the same way, and should support the simple Helper Interface.
To specify the External Helper program path and other parameters, open the General page in the Settings realm of the WebAdmin Interface and click the Helpers link:
The checkbox next to the Helper name tells the Server to start the specified program as a separate OS process.