Version 6.2
Objects |
|---|
In many cases, a Domain should not have a separate set of user Accounts, but should rather be a domain name alias for an already existing CommuniGate Pro Domain. You may also want to serve some domain names using account mapping and/or Unified Domain-Wide Accounts.
In all these cases, you do not have to create a new CommuniGate Pro Domain to serve a domain name.
When a client application connects to your CommuniGate Pro Server, and specifies an account name, the Server has to decide in which Domain to look for that Account. See the Access section for the details.
Use the WebAdmin Interface to view the list of Domains served with your Server. Open the Domains page in the Users realm.
To open the Users realm, you should be connected as the postmaster or any other Server Administrator with the All Domains access right.
To select Domains by name, type a string into the Filter field, and click the Display button: only the Domains with names containing the specified string will be displayed.
Each entry in the Domain list contains the Domain name, the assigned network address (if any), and the number of Accounts in the Domain. If the Domain is a shared Domain served by a Dynamic Cluster, the Domain name has the [+] prefix. If the Domain is a Directory-based Domain, its name is displayed with the [D] prefix.
A list entry also displays the number of currently opened Domain Accounts, the total number of times the Domain Accounts have been opened (since the Server last restart), and the last time any Domain Account was opened.
Select the Show Aliases option to include Domain Aliases into the list. Each Domain Alias element contains the link to its "real" Domain object list and settings pages.
Click a Domain name to view the Objects in that Domain.
Click the word Settings in the last column to view and update the Domain Settings.
Click the Telephone Numbers (Telnum) link to view all Telnums.
Type a new Domain name into the field on the right side of the Create Domain button.
Click the Create Domain button. When a new Domain is created, its name appears in the Domain List.
If this Server is a member of a Dynamic Cluster, the additional Create Dynamic Cluster Domain button appears. Click that button to create a Domain that will be served with all Cluster members. The Domain created using the Create Domain button are created as "local" Domains and are served with this Server only.
International (non-Latin) symbols are not allowed in the Domain names, but they are allowed in the Domain Alias names.
The Main Domain and all Secondary Domains have Domain-level settings.
To open the Domain Settings page in your browser, either click the Domain Settings link in the Domains List, or click the Domain Settings link on the Domain Object list page.
The Comment field allows you to enter arbitrary information about the domain.
The Account Log option allows you to specify how the account-level operations (account open/close, password verifications, Mailbox creating/removing, size updates, etc.) are recorded. Log records created for account-related events have the ACCOUNT tag.
The Mailbox Log option allows you to specify how the mailbox-level operations (message storing/removing, message status updating, etc.) are recorded. Log records created for Mailbox-related events have the MAILBOX tag.
Most of Domain Settings can be set to the default value. In this case the actual setting value is taken from the global, Server-wide Default Domain Settings.
When the Domain Settings are modified, click the Update button. The page should appear again, displaying the Updated marker.
You can click the Objects link to switch to the Domain Object List.
A Domain setting can have the default value. In this case the actual setting value is taken from the server-wide Default Domain Settings. You can modify these Default values by clicking the Domain Defaults link on the Domains (Domain List) page.
The Default Domain Settings page resembles a regular Domain Settings page.
A Dynamic Cluster installation maintains separate server-wide Default Domain settings for all non-Shared (Local) Domains, and cluster-wide Default Domain settings for all Shared Domains. In the Cluster environment, the Default Domain Settings page displays links that allow you to switch between the Server-wide and Cluster-wide Default Settings.
You should read this chapter only if you plan to support multihoming, if your system is behind a firewall, or if you have a non-standard Domain Name System setup.
When the Server starts, it detects its own network address(es). Your Server system is "multihomed" if it has more than one network (IP) address.
If the Server system has several IP addresses, some of them can be assigned (dedicated) to secondary Domains. Accounts in such Domains can be accessed using any POP, IMAP, or other client application without explicitly specifying the full Account name.
The Assigned IP Addresses option allows you to assign network addresses to the main and secondary Domains.
For each Domain in the Domain List, the assigned network (IP) addresses are displayed. This can be used to check the DNS and Server setup for systems with multihoming.
Because of setup errors or due to a non-standard network and DNS setup, the Server's own IP address(es) may be left unassigned to any of the Server domains. Open the General Settings page to see the list of the Server own IP addresses. The unassigned addresses are marked in red.
When a client application connects to the Server via an unassigned address and the full account name is not specified, the Server does not allow the user to log in.
Each Domain can have its own list of Client IP Addresses, which extends the Server-wide or Cluster-wide Client IP Addresses list for this Domain Account users:
Each Domain has a set of settings that specify which CommuniGate Pro services can be used with the Domain Accounts. See the Accounts section for the details.
Services can also be disabled for individual Domain Accounts.
A service is available for an Account only if that service is enabled for the Account itself AND
for the Account Domain. Disabling a service in the Domain Settings disables that service for all Domain Accounts.
Note: This is different from disabling a service in the Domain Default Account Settings:
disabling a service in the Default Account Settings disables that service only
for those Domain Accounts that have the Enabled Services option set to default.
The System Administrator can specify some limits on the resources available to the Domain users.
A Domain Administrator can see, but cannot modify these limits.
Each CommuniGate Pro Domain can have aliases (alternative names). If the client.dom Domain has the mail.client.dom and www.client.dom Domain Aliases, E-mail and Signals directed to user@mail.client.dom and to user@www.client.dom will be routed to the user@client.dom Account. Also, to access the user@client.dom Account via POP, IMAP, XMPP, and other client applications the Account names user@mail.client.dom and user@www.client.dom can be specified in the client settings.
This is especially useful for WebUser clients. Users specify the domain name in their browser URLs, and users of the client.dom Domain tend to use www.client.dom in the browser URLs. You may want to register the www.client.dom domain name with the DNS, assigning it the same IP address as the address assigned to the client.dom Domain, and then you should create the www.client.dom Domain Alias for the client.dom Domain.
You can modify existing Domain Aliases, add an Alias by typing a new name in the empty field, and remove an Alias by deleting it from its field. Use the Update button to update the Domain Aliases list.
The Domain Aliases are stored in the DomainAliases database located in the Settings directory inside the CommuniGate Pro base directory.
The System Administrator can specify if the Domain Accounts should be included into the Central Directory.
This panel is not displayed for Directory-Based Domains, since those domains are always completely integrated with the Directory.
See the Directory Integration section for the details.
CommuniGate Pro Accounts may be "mapped" to the accounts (registered users) of the Server OS. See the Accounts section for more details.
The CommuniGate Pro allows you to create Accounts with Legacy INBOX Mailboxes. These Mailboxes are stored not inside the CommuniGate Pro base directory, but in the system file directory known to the legacy mailer applications.
If you have to support local mailer compatibility for all or some Accounts in this Domain, you should specify the Legacy INBOX settings:
See the Mailboxes section for the details.
A Domain can have its own set of enabled Authentication methods. See the Security section for more details.
A Domain can have PKI settings (Private Keys and Certificates) enabling
secure communications (TLS, Certificate Authentication, S/MIME) with that Domain.
Use the Security link on the Domain Settings page to open the Domain Security settings.
See the PKI section for more details.
A Domain can be configured to add DKIM-Signature headers to outgoing messages.
Use the Security link on the Domain Settings page to open the DKIM settings.
See the PKI section for more details.
A Domain can have Kerberos keys enabling "secure single sign-on" for that Domain.
Use the Security link on the Domain Settings page to open the Domain Security settings.
See the Security section for more details.
The Domain objects (Accounts, Groups, Forwarders, etc.) should have unique names within that Domain.
Each name should contain from 1 to 250 Latin letters, decimal digits, the dot (.), underscore (_), minus (-) symbols.
A name should not start or end with the dot (.) symbol.
A name should not be the same as one of the Special Address names.
Names of Account Aliases and Forwarders may contain non-Latin characters and ideograms (such as Cyrillic, Greek, Chinese) and the Latin alphabet-based characters with diacritics or ligatures (such as French). Since one such character may be encoded by multiple bytes the maximal length of the name may be less than 250 letters.
All upper case letters (Latin, Cyrillic, Greek, Coptic, Armenian) are automatically transferred to lower case.
You can control how the Server creates, renames, and removes Domain Accounts.
If this option is enabled, the Sign-up link appears on the WebUser Interface Domain Login page, and the XIMSS and XMPP modules report their self-registration capabilities.
The Server checks that no Account with the specified name exists and creates a new Account.
The Server uses the Account Template settings for the newly created Account,
overriding its Password and Real Name settings with the data specified by the new user.
Addresses used in E-mail messages, in client "login names", and in Signals can contain unknown names. If the Server cannot find an Object (an Account, a Mailing List, an Alias, a Group, or a Forwarder) with the specified name, the Domain Unknown Names settings are used.
The administrator can enable the special virtual list (address) "all" that can be used to send messages to all Accounts created in this Domain.
Messages sent to the <all@domainname> address are stored directly in the Account INBOX Mailboxes, bypassing any Account Rules.
Messages sent to the <all@domainname> address are not stored in the Accounts that have the Accept Mail to All setting disabled.
Mail access to the <all@domainname> address can be restricted.
Messages to <all@domainname> can be sent to all Forwarder addresses, too:
If the administrator has enabled mail distribution to all Accounts in the Main Domain, a message can be sent to all Accounts in all Domains.
To send a message to all Accounts in all server Domains, it should be sent to the alldomains@main_domain_name address.
For each Domain, the message source is checked and the message is distributed to the Domain Accounts only if it passes that Domain "Mail to All" distribution checks.
The SMTP panel controls how E-mail messages are sent from and received for Accounts in this Domain.
If this field is not empty, the Domain Administrator Accounts created in this Domain and the Domain Administrator Accounts created in the specified Domain can be used to administer this Domain.
See the System Administrator section for more details.
If you want to rename a Secondary Domain, open its Domain Settings page, fill the New Domain Name field, and click the Rename Domain button.
If there is no other Domain with the same name as the specified new domain name, the Domain is renamed and its Domain Settings page should reappear on the screen under the new name.
You cannot rename a Domain when any of its Accounts is in use.
If you want to remove a Secondary Domain, open its Domain Settings page, and click the Remove Domain button. The confirmation page appears. If the Empty Domains Only option is selected, a Secondary Domain is removed only if there are no Accounts in it. Otherwise, all Domain Accounts are permanently removed, too.
If you confirm the action, the selected Domain, its settings, all its Accounts and other Objects will be permanently removed.
You cannot remove a Domain when any of its Accounts is in use.
You may want to suspend a secondary Domain to close all its currently open Accounts, sessions, and connections. Attempts to open an Account in a suspended Domain are rejected with a temporary error (and incoming mail is delayed).
Suspend a Domain if you want to perform OS-level maintenance tasks on the Domain storage and you need to ensure that the CommuniGate Pro Server or Cluster is not accessing that storage.
To suspend a Domain, open its Domain Settings page, and click the Suspend Domain button. The Button changes to become the Resume button.
To resume a Domain, open its Domain Settings page, and click the Resume button.
Suspended Domains have the Suspended marker on the WebAdmin Domains list page, and their Domain Settings pages have the same marker on the page top.
The Main Domain data is stored in the Accounts file directory inside the CommuniGate Pro base directory.
The secondary Domains data is stored in the Domains file directory inside the base directory. For each secondary Domain, a directory with the Domain name is created in the Domains directory. All shared Domains in a Dynamic Cluster and stored as subdirectories of the SharedDomains directory.
Each Domain directory contains data for all Domain Accounts.
When a Domain contains many Accounts, Account Subdirectories inside the Domain directory can be used.
Domain subdirectories are directories inside the Domains or SharedDomains directory. A subdirectory name has the .sub file path extension (suffix).
Subdirectories can be nested.
Note: When the CommuniGate Pro Server starts, it scans the Domains directory and
all its .sub subdirectories, and it collects the names and file paths of all Domains
it finds there.
This feature allows the administrator to change the foldering method
(see below) without stopping the Server and without relocating already created Domains.
It also allows the system administrator to move Domains between subdirectories
at any time when the CommuniGate Pro Server is stopped.
When a new Domain is being created (or when an existing Domain is being renamed), the Server composes a name for the subdirectory in which the Domain files should be created. The Domain Storage panel contains the settings that control how a subdirectory name is composed. Open the Domains page of the WebAdmin Interface, and follow the Domain Defaults link to open the page that contains the Domain Storage panel:
Account subdirectories are directories inside the Domain directory. A subdirectory name has the .sub file path extension (suffix).
Subdirectories can be nested.
Note: When the CommuniGate Pro Server starts, it scans all Domain file directories and all their subdirectories, and it collects the names of all Domain Accounts. This feature allows the system administrator to move Accounts between subdirectories at any time when the server is stopped. It also allows you to change the foldering method (see below) without stopping the Server and without relocating already created Accounts.
For each Account, the CommuniGate Pro Server remembers the name of the subdirectory that contains the Account files.
When a new Account is being created (or when an existing Account is being renamed), the Server composes a name for the subdirectory in which the Account files should be created.
Note: if you have stopped the Server and manually moved/removed some Domain Account directories, delete the Index.data file from the Domain directory before you start the Server again.
Note: if you want to keep only symbolic links in the Domain file directory, you can create the Index subdirectory inside the Domain directory (or an Index symbolic link to some other directory). If this subdirectory exists, the Server stores the Index.data file inside that subdirectory rather than in the Domain file directory itself.
When a CommuniGate Pro system serves many Domains, especially large Domains, you may want to distribute Domain files and directories between several physical storage volumes.
To create a "Storage mount point", use the CREATEDOMAINSTORAGE CLI command.
It creates the storage name.mnt directory inside the Domains directory.
Replace that directory with a symbolic link to the selected physical storage volume, or "mount" an additional physical storage volume over this directory.
When at least one "storage mount point" exists, the Create Domain button is accompanied by a pull-down menu listing all available storage mount points. Select a storage mount point to store new Domain files in.
When a Domain is renamed, its files stay within the storage used to create that Domain.
When a CommuniGate Pro Domain has many Accounts, you may want to distribute Account files and directories between several physical storage volumes.
To create a "Storage mount point", use the CREATEACCOUNTSTORAGE CLI command.
It creates the storage name.mnt directory inside the Domain directory.
Replace that directory with a symbolic link to the selected physical storage volume, or "mount" an additional physical storage volume over this directory.
When at least one "storage mount point" exists, the Create Account button is accompanied by a pull-down menu listing all available storage mount points. Select a storage mount point to store the new Account files in.
When an Account is renamed, its files stay within the storage used to create that Account.