CommuniGate Pro
Version 6.4
 

System Administration

When the CommuniGate Pro Server is up and running, it can be configured, monitored, and set up using any Web browser.

By default, the HTTP module provides access to the CommuniGate Pro Server Administration pages (the WebAdmin Interface) via the TCP port number 8010. To use the WebAdmin Interface, use the http://serveraddress:8010 URL, where serveraddress is the server IP address or the Server DNS name (A-record).

You can also administer the CommuniGate Pro Server via the network command-line interface.

Realms and Access Rights

The WebAdmin Interface pages are grouped into five Realms. To access a page in any realm, you should have a CommuniGate Pro Account, and that Account should be explicitly granted access rights to that realm.

  • The Settings realm contains pages that allow a Server Administrator to modify the Server kernel and module settings.
  • The Users realm contains pages that allow a Server Administrator to create and remove Domains and Accounts, and to modify the Domain and Account settings.
  • The Monitors realm contains pages that allow a Server Administrator to monitor server and module queues, communication channels and their states, to browse the Server Logs, and to view the Server Statistics.
    If a user is granted an access right to the Monitors realm, additional Monitor Access rights can be granted, too (rights to release and reject module queues, reconfigure the Log Manager, etc.)
  • The Directory realm contains pages that allow a Server Administrator to configure the CommuniGate Pro Directory services.
  • The Master realm contains the pages that allow a Server Administrator to grant and revoke Server Administrator access rights, and to modify the Server License Keys.

Note: An Account should be granted the Domains Read access right to access the Users realm to read information about all Domains and Accounts.

Note: An Account should be granted the All Domains access right to access the Users realm to read information and to make modifications in all Domains and Accounts.

Note: If an Account is granted the Master access right, the Account user can access all realms and make all types of modifications.

Note: These Server Administration access rights can be granted to the Main Domain Accounts only. Accounts in secondary Domains can be granted Domain Administration rights only.

When a Server is installed for the first time, it creates the postmaster Account in the Main Domain, and it grants the Master access right to that Account.


Interface Types

The CommuniGate Pro Server is very complex and flexible software. Its set of Settings and other configuration options can be overwhelming for someone not familiar with the product.

An WebAdmin Interface Type ranging from Basic to Expert is assigned to each Administrator. These Types (or Expertise Levels) are designed to simplify the learning process:

  • Basic: the WebAdmin Interface is shrunk to the minimal set of pages, and only the essential settings are displayed on these pages.
  • Advanced: the WebAdmin Interface shows all pages and settings needed to control a typical installation.
  • Expert: the WebAdmin Interface shows all available pages and settings.

When the CommuniGate Pro Server is installed for the first time, and the postmaster Account is created, the Basic WebAdmin Interface Type is set for that Account. You can change the Interface Type by opening the WebAdmin Preferences pages.

Note: This documentation shows the WebAdmin pages and settings as they are displayed in the Expert mode.


General Settings

Use the WebAdmin Interface to open the General page in the Settings realm:
Main Domain Name:
Contact Person:
Server Location:
Server Internals Log:
Crash Recovery:
Separate WebAdmin Realms:
Server Time: Wed, 06 Dec 2006 00:38:40 -0800
Server Up-time: 125 day(s) 5 hour(s) 23 min 16 sec
Server OS: Sun Solaris  
Server Hardware:x86 (32-bit) 
Server Version: 6.4.0
MAPI Version: 1.54.12.34/1.54.12.34 , 2.60.6/2.60.5
IPv6 Support: Enabled
Name Server(s) IP Address(es): [64.173.55.167]
Server IP Address(es):
[64.173.55.171] mycompany.com
[64.173.55.170] client2.dom
[2001:470:1f01:2565::a:845] mycompany.com
Startup Parameters:
"--Base" "/var/CommuniGate" "--Daemon"

Main Domain Name
In this field you should enter the name that the CommuniGate Pro Server will interpret as its own Main Domain Name. All mail addressed to that domain will be treated as local, and (in the simplest case) that mail will be stored in local Account Mailboxes. Initially, this field contains the server computer name that CommuniGate Pro retrieves from the OS. If this names looks like host12345hh.company.com, you should change it to the name of the domain this Server should process.

Note: unless you create additional Domains ONLY the E-mail Messages and Signals directed to addresses in the Main Domain will be processed as local. If the Main Domain Name is entered as company.com, then Messages to mail.company.com or Signals to sip.company.com will not be processed as local, and if such a Message or Signal is received, the Server will try to deliver it to the mail.company.com or the sip.company.com system over the network.
If the DNS record for mail.company.com or sip.company.com points to the same Server computer, the mail loop or signal loop error will be detected, and the Message or Signal will be rejected.

If your Server should serve several domain names, enter the additional domain names as Main Domain Aliases (if those domain names should be "mapped" to the Main Domain), or create additional ("secondary") Domains.

National (non-Latin) symbols are not allowed in the Main Domain Name, but they are allowed in additinal Domains and in Domain Alias names.

Sample configuration:
Your Server should serve the company.com and client1.com domains. These domain names have their DNS MX-records and SIP SRV-records pointing to server.company.com and server.client1.com A-records, and these A-records point to IP address(es) assigned to your CommuniGate Pro Server system.
  • set company.com as the Main Domain Name.
  • open the Domains page, find the company.com record and click on its Settings link to open the company.com Domain Settings page. Scroll it down to find the Domain Aliases fields.
  • enter server.company.com into an empty Domain Aliases field, and click the Update button.
  • open the Domains page. Enter client1.com into the text field and click the Create Domain button.
  • the client1.com record should appear in the list; click its Settings link to open the client1.com Domain Settings page. Scroll it down to find the Domain Aliases fields.
  • enter server.client1.com into an empty Domain Aliases field, and click the Update button.
The value of this field is used in SNMP protocol as system.sysName object.
Contact Person
In this field you should enter the textual identification of the contact person for this managed node, together with information on how to contact this person.
The value of this field is used in SNMP protocol as system.sysContact object.
Server Location
The physical location of this node (e.g.,'telephone closet, 3rd floor').
The value of this field is used in SNMP protocol as system.sysLocation object.
System Internals Log
Use this setting to specify what kind of information the Server kernel module should put in the Server Log. Usually you should use the Major (message transfer reports) level. But when you experience problems with the server kernel, you may want to set the Log Level setting to Low-Level or All Info: in this case low-level details will be recorded in the System Log as well. When the problem is solved, set the Log Level setting to its regular value, otherwise your System Log files will grow in size very quickly.
The kernel records in the System Log are marked with the SYSTEM tag.

Kernel problems are very unlikely to happen. If you see any problem with the Server, try to detect which component is causing it, and change the Log setting of that component (Router, SMTP, POP, etc.) to get more information.

Crash Recovery
If this option is enabled, the CommuniGate Pro Server uses special recovery techniques to proceed after various failures (including the crashing bugs in the Server software itself).

If you see "exception raised" messages in your CommuniGate Pro Log and/or in the OS system.log or mail.log, you may want to disable this option and force the Server to stop when an exception is raised again, and to produce a core dump file.
Core dump files can be uploaded to the CommuniGate Systems ftp site for examination.

CommuniGate Systems recommends you to disable this option if you are running any beta-version of the CommuniGate Pro software.

Separate WebAdmin Realms
If this option is disabled, WebAdmin realms are addressed using the /Master/realmName/page URLs, with /Master/ as the authentication realm. The Server Administrator can access all WebAdmin pages by entering the password only once, but the Server Administrator Account must have the Master access right.

If this option is enabled, WebAdmin realms are addressed using the /realmName/page URLs, with /realmName/ as the authentication realm. The Server Administrator needs to enter a password to open each realm, but the Server Administrator needs the access right for that realm only.

Enable this option if some of your Server Administrators do not have the Master access right.

Information fields
Information fields on the General Settings page display
  • the name of the Server Operating System
  • the Server hardware platform (CPU type)
  • the CommuniGate Pro Server version
  • the Server Local Time and Time Zone (this information is useful for Server Administrators that have to examine Logs from remote locations, as all time stamps in the System Logs are specified in the Server local time)
  • the MAPI Connector server part version
  • the flag indicating IPv6 support
  • the Domain Name Server network address(es)
  • the Server network addresses. Each address is accompanied with a link to the Domain it is assigned to, or the address is marked as un-assigned.
  • the Server Startup Parameters.
Refresh
This button can be used after the Server OS local IP Addresses have been changed or the DNS settings for CommuniGate Pro Domains have been modified. When you click this button:
  • the Server re-reads the list of Local IP Addresses from the OS
  • the Server re-reads the Domain Name Server addresses from the OS settings
  • the Server updates the "Assigned IP Addresses" for all Domains. If some Domains have IP Addresses specified "Using DNS A/MX Records", the new addresses are retrieved from the DNS system
  • the Server re-loads the MAPI Connector server part (so you can upgrade the MAPI Connector server part without restarting the Server)
Drop Root
This button is available on certain Unix platforms. It allows the System Administrator to tell the server to drop the "superuser" privileges. Certain functions (such as opening listeners on ports with numbers below 1024, etc.) may become unavailable.
If the Server succeeds to drop the "superuser" privileges, the button title changes to Restore Root. Click the Restore Root button to restore the "superuser" privileges.

Specifying the Preferred Language

CommuniGate Pro supports multiple languages, and different users can use different languages. If most of your users will use the same language, it is recommended to set this language as the default one for the entire Server or for a particular Domain.

Use the WebAdmin Interface to open the Account Defaults page in the Users realm to specify Server-wide language settings. If you want to set a default language for a particular Domain, open that Domain pages in the WebAdmin Users realm, and open the Domain Account Defaults page from there.
Click the Preferences link to open the Default Preferences page.

Select the default Language and select a matching Preferred Character set: ISO-2022-JP for Japanese, KOI8-R for Russian, etc. If most of your users use modern Web browsers with the proper UTF-8 support, set the Use UTF-8 option to Reading and Composing.

Set the display names for the INBOX Mailbox and the virtual MAPI Outbox folder. These strings are used only with the CommuniGate Pro own client components - the WebUser Interface and MAPI, so you can enter any valid Mailbox name here, in any language. You can also change these names at any time.

Set the names for special Mailboxes - Sent, Drafts, Notes, Trash, Contacts, Calendar, and Tasks. Please note that these names will be used with the CommuniGate Pro own client components only - the WebUser Interface and MAPI. To make the user's IMAP clients use the same Mailboxes for the same purposes, the same Mailbox names should be specified in the IMAP client configurations. If you change these names later, the new Mailboxes will be created when a client needs to access a special Mailbox: the already existing special Mailboxes will not be renamed.


Specifying the Preferred Time Zone

CommuniGate Pro supports multiple time zones, and different users can be located in different zones. If most of your users will use the same time zone, it is recommended to set this zone as the default one for the entire Server or for a particular Domain.

Open the Account Defaults page in the Domains section of the WebAdmin Interface if you want to set the Server-wide default time zone. If you want to set a default time zone for a particular Domain, open the Domains page of the WebAdmin Interface, open the Accounts or Settings page for the selected Domain and open the Domain Account Defaults page from there. Click the Preferences link to open the Default Preferences page.

Select the default Time Zone from the list. If you select the "built-in" zone (HostOS), the Server will use a fictitious zone that has the same time difference with GMT as the Server OS has at this time. This zone has no support for daylight saving time and it cannot be used for sending recurrent events outside your Server. Unless your Time Zone is not listed, avoid selecting the "built-in" zone.


Base Directory Structure

All CommuniGate Pro Server files - Accounts, Domains, Mailboxes, settings, queues, etc. are stored in one place - in the Server base directory.

When the Server starts, it creates the following objects inside its base directory:
  • The Settings directory. This directory contains files with module and kernel component settings.
  • The Queue directory. This directory contains Temporary and Message files. The Message files contain messages submitted to the Server, but still undelivered to all their recipients.
  • BadFiles directory. This directory contains Message files the Enqueuer kernel component failed to parse. This directory should be empty.
  • Accounts directory. This directory contains account files for the Main Server Domain.
  • Domains directory. This directory contains directories for all other Domains.
  • Submitted directory. This drop-in directory is used to submit messages to Server via the PIPE module.
  • SystemLogs directory. This directory contains Server Logs.
  • ProcessID file. This file exists only when the Server is running and contains the numeric identifier of the Server process in the OS.
  • Directory directory. This directory contains the Server Central Directory files.

For more information about the Account and Domain files and directories, see the Objects section.

You can use symbolic links to move some of these directories to other locations (and other disks).


Command Line Options

The CommuniGate Pro Server supports the following command-line options (parameters):
--CGateBase directory
or
--Base directory
The next parameter string specifies the location of the CommuniGate Pro base directory.
--logToConsole
This option tells the Server to duplicate all its System Log records to the stdout (standard output). This option can be used for troubleshooting when the Web interface to System Logs is not available.
--logAll
This option tells the Server to ignore all current Log Level settings and record all possible Log records.
--daemon
This option can be specified on Unix platforms only. It tells the Server to fork and operate in the background, with stdin, stdout, and stderr redirected to /dev/null.
--CGateApplication directory
The next parameter string specifies the location of the CommuniGate Pro application directory. You can use this option when the application itself cannot properly detect its own location, or if the CommuniGate Pro Server application file is not placed in the same location as other application directory files and subdirectories.
--IPv6 [ YES | NO ]
See the Network section for the details.
--lockLockFile [YES | NO]
This option tells the Server not to try to lock the ProcessID lock file. This option can be used if the file system hosting the base directory does not support file locks.
--dropRoot
This option can be specified on Unix platforms only. It tells the Server to drop the root privilege permanently. The server drops the privilege approximately 60 seconds after the end of its kernel initialization process, so all listening sockets can be opened when the server is still running as the root. The root privilege cannot be restored later. See the Server Root Privilege section for more details.
--delayOnStart seconds
This option tells the Server to sleep for the specified number of seconds before proceeding with initialization. This option can be used when CommuniGate Pro starts during system startup and it should let other services to startup fully (for example, an external file system can be mounted, a virtual IP address can be created, etc.)
--threadsScope scope
This option can be specified on platforms supporting p-threads (most Unix flavors). The next parameter string can be either "system" or "process". See your OS manual to learn how these "scheduling scopes" work. If this option is not specified, the default OS scheduling mode is used.
--sharedFiles
This option can be specified on Microsoft Windows platform only.
The option tells the Server to open all files with the FILE_SHARE_READ sharing attribute making it possible for other programs (such as backup daemons) read the CommuniGate Pro base directory files when the server is running. This option is enabled by default on the Microsoft Windows NT/XP/200x platforms.
--noSharedFiles
This option can be specified on Microsoft Windows platform only.
The option tells the Server to open all files without the FILE_SHARE_READ sharing attribute if the Server does not need to read the file from several threads.
--useNonBlockingSockets
This option tells the Server to set its TCP and UDP sockets in the non-blocking mode. This option can improve the Server performance on some platforms.
--useBlockingSockets
This option tells the Server to set its TCP and UDP sockets in the blocking mode.
--closeStuckSockets
This option tells the Server to maintain a list of open communication sockets and check if some socket operations did not complete in time and due to the kernel bugs the OS failed to interrupt the operation in time. It is recommended to use this option on heavily-loaded Solaris systems.
--localIPBuffer size_value
This option tells the Server to use a buffer of the specified size when it retrieves a list of the Server Local IP addresses from the OS. On some platforms (such as Linux) the default buffer size is set to a relatively small value, because some versions of these OSes have problems processing large buffers. If your Server system has many IP addresses (more than a thousand) and your CommuniGate Pro Server does not recognize all of them, you may want to use this parameter to specify a larger buffer size. The default size is 16K or 128K, you may want to specify larger values (204800 or 200K).
--threadPriority [ YES | NO ]
If this option value is NO, the Server skips all attempts to increase an individual thread priority. Use this value if bugs in the Server OS cause an application to crash when a thread priority is increased ("non-global zones" in Solaris 10).
--defaultStackSize size_value
This option modifies the default stack size (in bytes) for the process threads.
--SIPUDPSendBuffer size_value
--SIPUDPReceiveBuffer size_value
These options specify custom send and receive buffer sizes (in bytes) for the SIP UDP listener socket.
--SIPUDPReceiverHighPty [ YES | NO ]
If this option value is YES, the priority of the thread receiving SIP UDP packets is increased. It is recommended that you use this option only when a non-zero number of SIP Enqueuer threads is used.
--DNRUDPSendBuffer size_value
--DNRUDPReceiveBuffer size_value
These options specify custom send and receive buffer sizes (in bytes) for the DNR UDP socket.
--DNRUDPReceiverHighPty [ YES | NO ]
If this option value is YES, the priority of the thread receiving DNR UDP packets is increased.
--excludeLocalIP ip_address
Use these options to remove the specfied Network IP Address from the list of addresses which are processed as "local" (i.e. the addresses assigned to the Server computer).
--createTempFilesDirectly pool_size
This option modifies the way the Temporary Files Manager creates its files. With the default value of 0, a special thread is used to keep a pool of pre-created files ready for consumption by any component. If this option is set to a non-zero value, and the amount of pre-created Temporary Files in the pool is below this value, new Temporary Files are created with the requesting threads themselves.
You may want to specify a non-zero value for this option on heavily-loaded systems with low file creation performance.
--UseSystemPorts [ YES | NO ]
On Unix systems, if this option value is YES, the Server will try to use the TCP/UDP ports with numbers below 1024, even when the Server application is not running as a "superuser" ("root").
--randomDataDevice path
This option specifies the path to the system entropy source. Without this parameter or when reading from the specified path fails the server uses the value of the system timer for seeding its PRNG.
--HTTPTrustedProxy iplist
This option specifies a comma-separated list of IP Addresses used by HTTP Proxy servers and set by them as the source of connections coming to the server. The server will process additional HTTP request headers (for example: X-Forwarded-For:) in these requests to learn the real IP address of the client that connects through this proxy.
--HTTPProxyHeader headerName[,headername]
This option specifies a comma-separated list of additional HTTP request headers names in requests from the trusted HTTP Proxy servers that contain the real IP address of the client that connects through this trusted proxy.
Command line option names are case-insensitive.

Specifying Command Line Options under Windows NT/200x/XP/Vista

You can specify the Command Line Options using the Services control panel "Startup Parameters" field. A non-empty set of Command Line Options is stored in the System Registry and it is used every time the CommuniGate Pro Messaging Server service is started without parameters. To clear the stored set of the Command Line Options, specify a single minus (-) symbol using the Services control panel "Startup Parameters" field.

Customizing Unix Startup Scripts

You may need to add certain shell commands to the CommuniGate Startup script. Since the Startup script is a part of CommuniGate Pro application software, it is overwritten every time you upgrade your CommuniGate Pro system. Instead of modifying the Startup script itself, you can place a Startup.sh file into the CommuniGate Pro base directory. Add the SUPPLPARAMS="" string and specify the required parameters inside quotes.


Shutting Down

The CommuniGate Pro Server can be shut down by sending it a SIGTERM or a SIGINT signal.

On Unix platforms you can use the startup script with the stop parameter, or you can get the Server process id from the ProcessID file in the base directory and use the kill command to stop the server.

On the Windows NT platform, you can use the Services control panel to stop and start the CommuniGate Pro server.

You can also use the shutdown CLI API command to stop the server.

When the Server receives a shutdown request, it closes all the connections, commits or rolls back Mailbox modifications, and performs other shutdown tasks. Usually these tasks take 5-15 seconds, but sometimes (depending on the OS network subsystem) they can take more time. Always allow the Server to shut down completely, and do not interrupt the shutdown process.


OS syslog

The CommuniGate Pro server can store as much as several megabytes of Log data per minute (depending on the Log Level settings of its modules and components), and it can search and selectively retrieve records from the log. To provide the required speed and functionality, the Server maintains its own multithreaded Log system.

The Server places records into the OS log:
  • when it starts up;
  • when it shuts down;
  • when it detects its own memory leaks;
  • when it detects its own program error;
  • when a program error exception (signal) is raised.

The system Log is:

  • system.log or mail.log file on Unix systems
  • Event Log on Windows systems

Urgent Notifications

The CommuniGate Pro Server can display Urgent Notification Messages to Server Administrators.

The Urgent Notifications are displayed in WebAdmin Interface:

mail.mycompany.com
Settings
A problem with Module SMTP, TCP listener on [0.0.0.0]:25: failed to start. Error Code=network address/port is already in use

There may be Notifications about failures with Helpers, filesystem errors, license keys expiration, and other critical events which require immediate reaction from the Server Administrator.
When there are several Notification in progress, one randomly choosen Notification is displayed.
The Server automatically deactivates the Notifications when they become outdated.


Server Root Privilege

The CommuniGate Pro is designed as a highly secure application. In order to perform certain operations, the Server runs as root on Unix platforms, and it carefully checks that no user can access restricted OS resources via the Server. Since many other servers do not provide the same level of security, system administrators preferred to run servers in a non-root mode, so a hole in the server security would not allow an intruder to access the restricted OS resources.

CommuniGate Pro can "drop" the root privilege. The privilege can be dropped in the "permanent" or "reversible" mode. When asked to drop the root (uid=0) privilege, the Server changes its UID:
  • to the UID of the Unix user cgatepro (if exists), otherwise
  • to the UID of the Unix user nobody (if exists), otherwise
  • to the UID 1

When the root privilege is dropped, the following restrictions apply:

  • No Listener port with number < 1024 can be opened. If you try to add a listener with the port number n (n < 1024), the port with the number 8000+n is opened instead (unless the --UseSystemPorts Command Line Option is used).

If the root privilege was dropped in the "reversible" mode, the root privilege can be restored. For example, if you need to open a listener on the port 576, but the Server root privilege has been dropped, you should restore the root privilege first, then open the listener port, and then you can drop the Root privilege again.

To drop the root privilege permanently, use a special Command Line Option.

To drop the root privilege in the "reversible" mode, click the "Drop Root" button on the General page. The button should change to the "Restore Root" button - you can use it to restore the Server root privilege.


Domain Administrator

If your Server has several Domains, you may want to grant some users in those Domains the Domain Administrator access right.

A Domain Administrator can control the Domain using the same WebAdmin port (see HTTP module description for the details), or using the Command Line Interface (API) commands. Domain Administrator access is limited to his Domain (and, optionally, to certain other domains), and to explicitly allowed Domain and Account settings and operations.

When you grant the Domain Administrator access right to a user, you will see a list of specific access rights - the internal names of Domain and Account Settings.
Each option controls the settings this Domain Administrator can modify, and the operations this Domain Administrator can perform.

Domain Administrator access rights can be granted to users by a Server Administrator with the All Domains and Account Settings access right.

A System Administrator with the All Domains and Account Settings access right can perform all operations potentially available to a Domain Administrator in any Domain.

Domains Administrators in other Domains

When a customer has several Domains, you may want to let an Account in one Domain administer other Domains. You should grant such an Account the CanAdminSubDomains access right. Then you should open the Domain Settings page for the target Domain and specify the Administrator's Domain name in the Administrator Domain Name field.

Sample:
A customer has the company1.com, company2.com, company3.dom Domains on your Server. You may want to specify company1.com as the Administrator Domain Name in the company2.com and company3.com Domain Settings. Now, any Account in the company1.com Domain that has the CanAdminSubDomains Domain Administrator right can administer all three Domains.

Note: when a Domain Administrator connects to the Domain WebAdmin Interface, the browser displays the Login Dialog Box. If the Administrator Account is in a different Domain, the full account name (accountName@domainName) should be specified.

Domain Administrator Access Rights

Domain Administrators can perform operations on their own Domains and, optionally, on certain other Domains. The set of allowed operations is defined by the Domain Access Rights explicitly granted to the Domain Administrator Account and listed in the table below:

Domain Settings
Access RightDescription
DomainAccessModes Enabled Services
AutoSignup Provisioning: Auto-Signup Setting
ExternalOnProvision Provisioning: Consult External on Provision Setting
TrailerText Client Interfaces: Mail Trailer Text Setting
WebBanner WebUser Interface: Web Banner Text Setting
WebSitePrefix WebUser Interface: Personal Web Site Prefix Setting
Foldering Large Domains: Foldering Method Setting
FolderIndex Large Domains: Generate Index Setting
RenameInPlace Large Domains: Rename in Place Setting
AllWithForwarders Mail to All: Send to Forwarders Setting
MailToAllAction Mail to All: Distributed for Setting
ExternalOnUnknown Unknown Names: Consult External for Unknown Setting
MailToUnknown Unknown Names: Mail to Unknown Names Setting
MailRerouteAddress Unknown Names: Mail Rerouted to Setting
SignalToUnknown Unknown Names: Signal to Unknown Names Setting
SignalRerouteAddress Unknown Names: Signal Rerouted to Setting
AccessToUnknown Unknown Names: Access to Unknown Names Setting
AccessRerouteAddress Unknown Names: Access Rerouted to Setting
CentralDirectory Directory Integration Setting
CertificateType Security: Domain PKI Settings
KerberosKeys Security: Kerberos Keys
RelayAddress SMTP Sending: Send via Setting
ForceSMTPAuth SMTP Receiving: Force AUTH Setting
recipientStatus SMTP Receiving: When Receiving Setting
ServiceClasses Can create, rename, and remove Classes of Service
Objects
Access RightDescription
CanCreateAccounts Create, rename, and remove Accounts
CanCreateSpecialAccounts Create single-mailbox or Legacy INBOX Accounts
CanCreateGroups Create, rename, remove, and modify Groups
CanCreateForwarders Manage Forwarders
CanCreateNamedTasks Manage Named Tasks
CanCreateLists Create, rename, and remove Mailing Lists
CanAccessLists Modify Mailing Lists
CanCreateAliases Manage Aliases
CanCreateTelnums Manage Telephone Numbers
CanPostAlerts Post Domain and Account Alerts
CanAdminSubDomains Administer other Domains
CanModifySkins Manage Domain Skins
CanModifyPBXApps Manage Domain Real-Time Applications
CanAccessMailboxes Unrestricted Access to all Account Mailboxes
CanAccessWebSites Unrestricted Access to all File Storage files
CanControlCalls Unrestricted Access to all Call Control functions
CanCreateWebUserSessions Manage WebUser sessions via CLI
CanImpersonate Ability to Impersonate
CanControlAirSync Ability to control AirSync clients
CanCreditAccounts Ability to credit Account Balances
CanChargeAccounts Ability to charge Account Balances and to reserve funds.
CanChargeReserves Ability to charge fund reserved in Account Balances
Account Settings
Access RightDescription
ServiceClass Class of Service settings
BasicSettings Basic Settings: Password, RealName, Custom and Public Info settings
PSTNSettings PSTN settings
WebUserSettings Preferences
UseAppPassword CommuniGate Password: Allow to Use
PWDAllowed CommuniGate Password: Allow to Modify
PasswordEncryption CommuniGate Password: Encryption
RequireAPOP Authentication methods: Secure only
UseKerberosPassword Kerberos Authentication
UseCertificateAuth Certificate Authentication
UseExtPassword Authentication methods: External Authentication
LogLogin Logging for login/logout events in a Supplementary Log
FailedLoginFlows Authentication: Failed Login Limit
AccessModes Enabled Services
MailInpFlow Mail Transfer options: Incoming Mail Limit
MailOutFlow Mail Transfer options: Outgoing Mail Limit
MaxMessageSize Mail Transfer options: Incoming Message Size Limit
MaxMailOutSize Mail Transfer options: Outgoing Message Size Limit
MailToAll Mail processing options: Accept Mail to all
AddMailTrailer Mail processing options: Add Trailer to Sent Mail
QuotaNotice Mail Quota Processing: Send Notice
QuotaAlert Mail Quota Processing: Send Alerts
QuotaSuspend Mail Quota Processing: Delay New Mail
RulesAllowed Mail processing options: Rules
RPOPAllowed Mail processing options: RPOP Accounts
MaxAccountSize Mail Storage limits: Mail Storage
MaxMailboxes Mail Storage limits: Mailboxes
DefaultMailboxType Mail Storage options: New Mailboxes
MaxSignalContacts Signal processing limits: Contacts
SignalRulesAllowed Signal processing options: Rules
CallsLimit Signals: Concurrent Calls option
CallLogs Signals: Call Logs option
DialogInfo Signals: Call Info option
CallInpFlow Signals: Incoming Calls Limit option
CallOutFlow Signals: Outgoing Calls Limit option
RSIPAllowed Signals: RSIP Registrations
AirSyncAllowed Ability to specify which AirSync clients can access the Account.
MaxRosterItems Signals: MaxRosterItems option
IMLogs Signals: IM Logs option
NotifyOutFlow Signals: Outgoing NOTIFY Requests Limit option
MaxWebSize File Storage limits: Web Storage
MaxFileSize File Storage limits: Web Storage
MaxWebFiles File Storage limits: Web Files
AddWebBanner File Storage options: Add Web Banner
DefaultWebPage File Storage options: Default Web Page

WebAdmin Preferences

Server and Domain administrators can customize the WebAdmin Interface parameters, including the initial number of objects to be displayed in the Object Lists, the refresh rate for the Monitor pages, etc. The Preferences also specify the character set used for WebAdmin pages. If you plan to use non-ASCII symbols, specify the correct character set first.

The bottom part of every WebAdmin page contains the name of the authenticated Administrator viewing that page, and the link to the WebAdmin Preferences page.

Each CommuniGate Pro WebAdmin realm has its own Preferences. Click the Preferences link to open the Preferences page.

The specified Preferences are stored as one of the Administrator Account Setting attributes, so different administrators can have different Preferences.


Customizing Domain WebAdmin Interface

The Server Administrator can modify the look and feel of the Domain WebAdmin interface. For each CommuniGate Pro Domain, a custom version of WebAdmin files can be created.

The WebAdmin Interface uses the same Skins Interface as the WebUser Interface. The WebAdmin Interface uses the Admin-xxxxx Skins.
Within those Skins, the adminyyyyyyyy files are used to compose pages in the User Realm of the Server WebAdmin Interface, as well as the Domain WebAdmin Interface pages.

To modify a the Domain WebAdmin Interface pages, upload custom adminyyyyyyyy files into the Admin-xxxxx Skins. You can create new Admin-xxxxx Skins, and select those Skins (shown without the Admin- prefix) in the Domain Administrator Preferences.

The Server Administrator can also upload custom admin* files into the Server-wide and Cluster-wide Skins.

Note:The Server WebAdmin interface always uses the "stock" Skin files located in the WebSkins subdirectory of the application directory. If you modify the WebAdmin interface for the Main Domain, the modified pages will be used when a Domain Administrator of the Main Domain uses the WebAdmin Domain Interface.
The Server Administrator will see the Server WebAdmin Interface (with the Settings, Domains, Directory, and Monitors realms) and the "stock" Skin files will be used to compose the Server WebAdmin Interface pages.


Customizing Server Prompts

The Server Administrator can modify the protocol prompts and other text strings the CommuniGate Pro Server sends to client applications.

To modify the Server Strings, open the General pages in the WebAdmin Interface Settings realm, and open the Strings page:
KeywordText
EventDeclineReason This time slot is assigned to ^0
FTPByeBye CommuniGate Pro FTP Server connection closed
FTPPrompt CommuniGate Pro FTP Server ^0 ready
................................
SubjectFailed Undeliverable mail

Note: The actual Strings page has much more elements.

To modify a Server String, enter the new text in the text field, and select the lower radio button.
To change the string to its default value (displayed above the text field), simply select the upper radio button.

Click the Update button to update the Server Strings.


Backup and Recovery

The Server data are stored in files, so backups can be easily performed by various third-party utilities.
The base directory with the data can be backed up in whole or by parts.
However, different parts require different approaches; some can be copied and restored while the Server is running, others require the Server to be stopped or other additional steps to be taken. Also, different objects have different importance, and as a result, they may have different backup frequency.

Base directory root objects

The Settings directory
This directory contains files with module and kernel component settings.
Recovery requires stopping the server. You can restore individual files with the settings of the corresponding modules.
The Queue directory
This directory contains files with module and kernel component settings.
You should not restore the content - this will lead to duplication of messages.
BadFiles directory
This directory contains Message files the Enqueuer kernel component failed to parse. This directory should be empty.
There is no point in restoring the contents.
Submitted directory
This drop-in directory is used to submit messages to Server via the PIPE module.
You should not restore the content - this will lead to duplication of messages.
SystemLogs directory
This directory contains Server Logs.
It is possible to restore without stopping the server. You can restore individual files, including under a different name.
Directory directory
This directory contains the Server Central Directory files.
Recovery requires stopping the server.
You can restore individual files with the settings of the respective Directory Storage Units.
If the Dicectory contains no custom data then instead of recovering the files the contents of the Directory may be recreated.
ProcessID file
This file exists only when the Server is running and contains the numeric identifier of the Server process in the OS.
You should not restore this file.
Accounts and Domains directories
These directories contain domain and user data and are the main backup items.
Objects should be restored from these directories individually.

Domains

Backing up a whole Domain is desirable while the Domain is suspended, otherwise some files may be copied in inconsistent state. However, suspension of a Domain means denial of service to all users of that Domain. Therefore, if copying a large domain takes a long time, then this approach may not be appropriate and you need to backup individual Accounts.

Domain recovery requires Server (Cluster) shutdown. It is possible to restore to a Domain directory with a different name.

Accounts

Backing up an File Storage are not written, etc., otherwise some files may be copied in inconsistent state. To achieve that you may temporary disable the Account Enabled Services and submit KillAccountSessions command via CLI.

Recovering the contents of an Account directory may be performed only into existing Account directory; do not create Account directory manually. For that you can create a new Account via WebAdmin or CLI. Stopping the server is not required, but after restoring the files, it is advisable to submit ClearAccountCache command via CLI because the contents of the account.info and account.settings files may be cached in memory.

Mailboxes

Mailboxes may be of four Formats:

  • Text Format - a file with .mbox extension; also there may be files with .flags and .bdx extensions.
    The .bdx file may be not restored since it's an index file which can be recreated by the Server.
  • MailDir Format - a directory with .mdir extension.
    One should be restored wholly.
  • Sliced Format - a directory with .mslc extension.
    One should be restored wholly.
  • 4th Version Format - a directory with .mb4 extension.
    One should be restored wholly.

You can restore Mailboxes without stopping the server.

It is advisable to restore a Mailbox as duplicate under a new name, so that the user himself would find the lost messages in the restored Mailbox and copy them to the original Mailbox.

Note: some client applications (including Samoware) may need to reconnect to see the restored Mailboxes.

Note: for non-mail Mailboxes (calendars, contacts, notes, etc.) the info about the Mailbox type is stored separately in account.info file; therefore, you need to restore over an existing Mailbox of the corresponding type, which you can create a new empty one via WebMail or CLI interfaces.

E-mail Messages

To backup or recover a single Message is possible only from MailDir Format Mailbox. For all cases it is recommended to backup and restore the entire mail folder.

To recover incoming Messages accidentally deleted by users, use Journaling.

Files

You can restore Files into the Account File Storage without stopping the Server.

Note: some client applications (including Samoware) may need to reconnect to see the restored Files and file folders.


CommuniGate Pro Guide. Copyright © 2020-2023, AO StalkerSoft