The status of an account determines whether a user can log in and receivemail. The account status is displayed on the Accounts Content pane of the Administration Console.
| Status | Description |
|---|---|
Active |
Normal state for mailbox account. Mail is delivered and users can log in to the client interface. |
Maintenance |
Logging is disabled and any mail addressed to this account is queued at the MTA. Note that this state is automatically set for the account during a backup or when importing/exporting/ restoring the account. |
Pending |
Assignment for account when it is created but not yet ready to become active. While pending, the login is disabled and messages are bounced. |
Locked |
User cannot log in but mail continues to be delivered to the account. The locked state can be set if you suspect that a mail account has been compromised (used in an unauthorized manner). |
Closed |
Login is disabled and messaged are bounced. This status is used to soft-delete the account before deleting it from the server. A closed acocunt does not change the account license. |
LockOut |
The automatic state that occurs if the user attempts to log in with incorrect password. A LockOut cannot be administratively assigned but will occur after the number of user attempts exceeds the configured number of attempts allowed. The duration of the lockout is also configurable. The administrator can remove the locked out status at any time. |
You can delete accounts from the Administration Console. This removes theaccount from the server, deletes the messages in the message store, and changes the number of accounts used against your license.
|
Tip
|
Before you delete an account, run a full backup of that account to save the account information. See also the Backup and Restore. |
You can view a selected account’s mailbox content, including all folders, calendar entries, and tags from the Administration Console.
Select an account and from the gear icon, select View Mail. The user’s ZWC account opens in a new browser window.
This feature can be used to assist users who are having trouble with their mail account as you and the account user can be logged on to the account at the same time.
Any View Mail action to access an account is logged to the audit.log file.
An email alias is an email address that redirects all mail to a specified mail account. An alias is not an email account. Each account can have unlimited numbers of aliases.
When you select Aliases from the Manage Aliases navigation pane, all aliases that are configured are displayed in the content pane. You can create an alias, view the account information for a specific alias, move the alias from one account to another, and delete the alias.
A distribution list is a group of email addresses contained in a list with a common email address. When users send to a distribution list, they are sending the message to everyone whose address is included in the list. The address line displays the distribution list address; the individual recipient addresses cannot be viewed.
You can create distribution lists that require an administrator to manage the member list and you can create dynamic distribution lists that automatically manages adding and deleting members in the list. For more information about dynamic distribution lists, see Using Dynamic Distribution Lists.
You can see which distribution lists a user is a member of from the user’s account Member of page. When a Zimbra user’s email address is added to a distribution list, the user’s account Member Of page is updated with the distribution list name. When a distribution list is deleted, the distribution list name is automatically removed from the account’s Member Of page.
Subscription policies can be set up to manage a distribution list’s membership. Owners of the list manage the subscription policy from the Properties page of a distribution list.
| Distribution Option | Description |
|---|---|
New Subscription Requests |
|
Unsubscription Requests |
|
You can add owners to distribution lists and they manage the list from their ZWC account’s Address Book, Distribution List folder. Owners of a list can right click a distribution list and click the Edit Group link to edit a list.
Besides adding and deleting members, distribution list properties that owners can configure include:
-
Marking the list as private so it is hidden in the Global Address List
-
Managing who can send messages to the list
-
Setting a member subscription policy
-
Adding additional owners
Use steps in this section to create a distribution list:
Home > Manage > Distribution Lists
-
At the Gear icon, click New.
-
On the Members page, add the distribution list name. Do not use spaces. The other fields are optional.
-
Find members to add to the distribution list in the right column. Select the members to add and click Add Selected. If you want to add all addresses on the page, click Add This Page. If you want to add members that are not in the company list, in the Or enter addresses below section, type a complete mail address.
-
Click Next to configure the Properties page.
Table 2. Distribution Properties Options Distribution Properties Options Description Can receive mail
Enabled by default. If this distribution list should not receive mail select this box.
Hide in GAL
Enable to create distribution lists that do not display in the Global Address List (GAL). You can use this feature to limit the exposure of the distribution list to only those that know the address.
Mail Server
This is set to auto by default. To select a specific mail server, uncheck auto and select a specific server from the list.
Dynamic Group
If you check this box, the Member URL field displays and you create a dynamic distribution list.
New Subscription Requests
Select from:
* Automatically accept * Require list owner approval * Automatically reject
Unsubscription Requests
Select from:
* Automatically accept * Require list owner approval * Automatically reject
-
In the Members Of page, select distribution lists that should be direct or indirect members of the list.
-
If the distribution list should have alias, create it.
-
If this distribution list can be managed by other users, enter these email addresses in the Owners page.
-
Set how messages received to the distribution list should be replied to.
-
Click Finish. The distribution list is enabled and the URL is created.
After a distribution list is created, you can manage who can view members of a distribution list and who can send messages to a distribution list. The default is all users have access to all distribution lists. This section describes how to use the CLI to manage access.
To limit who can access distribution lists, grant rights to individual users on a domain or if you want only members of a domain to access distribution lists, you can grant rights on the domain. When you grant the right on the domain, all distribution lists on the domain inherit the grant.
You can grant the right on individual distribution lists and configure specific users that are allowed to access the distribution list.
You can restrict access to a distribution list from the CLI zmprov grant
rights (grr) command.
|
Note
|
For more information about how granting rights works, see Delegated Administration. |
The default is that all users can view members addresses in a distribution list. A distribution list address displays a + in the address bubble. Users can click on this to expand the distribution list. A list of the addresses in the distribution list is displayed. Users can select individual addresses from the expanded list.
Restricting who can view addresses in a distribution list to individuals or to a domain:
-
For individual users:
zmprov grr domain <domain_name> usr <[email protected]> viewDistList
-
For all users in a domain:
zmprov grr domain <domain_name> dom <example.com> viewDistList
-
To grant rights on a distribution list and let specific users view the list:
zmprov grr dl <[email protected]> usr <[email protected]>
The default is that all users can send messages to all distribution lists. You can grant rights to a distribution list or to a domain that defines who can send messages to a distribution list. When users attempt to send to a distribution list that they are not authorized to use, a message is sent stating that they are not authorized to send messages to the recipient distribution list.
|
Note
|
The Milter Server must be enabled from Global Settings > MTA. |
Restricting who can send messages to a distribution list to individuals or to a domain:
-
Granting rights to an individual user in a domain to send messages to all distribution lists.
zmprov grr domain <domain_name> usr <[email protected]> sendToDistList
-
Granting rights to all users in a domain to send messages to all distribution lists.
zmprov grr domain <domain_name> dom <example.com> sendToDistList
Restricting access and to remove the restriction to individual distribution lists for different user types.
-
Access to specific internal users:
zmprov grr dl <[email protected]> usr <[email protected]> sendToDistList
Revoke access
zmprov rvr dl <[email protected]> usr <[email protected]> sendToDistList
-
Access only to members of the distribution list:
zmprov grr dl <[email protected]> grp <[email protected]> sendToDistList
Revoke access
zmprov rvr dl <[email protected]> grp <[email protected]> sendToDistList
-
Access only to all users in a domain:
zmprov grr dl <[email protected]> dom <example.com> sendToDistList
Revoke access
zmprov rvr dl <[email protected]> dom <example.com> sendToDistList
-
Access only to all users in an external domain:
zmprov grr dl <[email protected]> edom <example.com> sendToDistList
Revoke access
zmprov rvr dl <[email protected]> edom <example.com> sendToDistList
-
Access only to internal users:
zmprov grr dl <[email protected]> all sendToDistList
Revoke access
zmprov rvr dl <[email protected]> all sendToDistList
-
Access only to all public email addresses:
zmprov grr dl <[email protected]> pub sendToDistList
Revoke access
zmprov rvr dl <[email protected]> pub sendToDistList
-
Access only to specific external email address:
zmprov grr dl <[email protected]> gst <[email protected]> "" sendToDistList
Revoke access
zmprov rvr dl <[email protected]> gst <[email protected]> "" sendToDistList
To view Active Directory distribution list members in messages or in the address book, the GAL group handler for Active Directory must be configured in the {product-abbrev} GALsync account for each Active Directory.
Use steps in this section to update the GALsync account for each Active Directory.This configuration requires that you know the GALsync account name and all data sources on that GALsync account.
-
Display the Zimbra ID of the GAL sync account:
zmprov gd {domain} zimbraGalAccountIdTo find the name:
zmprov ga {zimbraId-of-the-GAL-sync-account} | grep "# name" -
Display data sources for the GALsync account:
zmprov gds {gal-sync-account-name-for-the-domain} -
Enable the group handler for the Active Directory:
zmprov mds {gal-sync-account-name-for-the-domain} {AD-data-source-name} zimbraGalLdapGroupHandlerClass com.zimbra.cs.gal.ADGalGroupHandler
Dynamic distribution lists automatically manage the membership. Users are added and removed from the distribution list automatically. When you create a dynamic distribution list, a member URL is specified. This member URL is used to identify who should be members of the list. You can view this URL from the Administration Console distribution list’s Properties page.
You can create dynamic distribution lists from the Administration Console or from the CLI. In the URL, you specify specific object classes that identifies the type of users to be added to the dynamic distribution list. For example, you can configure a dynamic distribution list with the object class= zimbraAccount. In this case, when accounts are provisioned or accounts are deleted, the dynamic distribution list is updated.
You can create dynamic distribution lists for all mobile users or POP/IMAP users.
You can modify a distribution list to change the filter rules. When you modify a distribution list, the members in the list are changed to reflect the new rule.
You can create a dynamic distribution list with the admin console or with the CLI, as described in this section.
Home > Manage > Distribution Lists.
-
In the Gear icon, click New.
-
On the Members page, add the dynamic distribution list name. Do not use spaces. Do not add members to the list.
-
Click Next to configure the Properties page.
Table 3. Dynamic Distribution Lists Options Option Description Can receive mail
Enabled by default. If this distribution list should not receive mail select this box.
Hide in GAL
Enable to create distribution lists that do not display in the Global Address List (GAL). You can use this feature to limit the exposure of the distribution list to only those that know the address.
Mail Server
This is set to auto by default. To select a specific mail server, uncheck auto and select a specific server from the list.
Dynamic Group
Check this box.
Can be used in right management
Uncheck this box.
Member URL
The Member URL is the type of LDAP URL filter that determine which type of users are added and removed in the list.
Type the URL for this list. In the command,
ldap://??sub?is the URL. You can add any combination of filters to this to create different types of dynamic distribution lists.Example 1. All users, GAL account names, and spam/ham account listldap:///??sub?(objectClass=zimbraAccount)
Example 2. Delegated administrators listldap:///??sub?(&(objectClass=zimbraAccount)(zimbraIsDelegatedAdminAccount=TRUE))
Example 3. All active accountsldap:///??sub?(&(objectClass=zimbraAccount)(ZimbraAccountStatus=active))
Example 4. All users with the title managerThe title is taken from the account’s Contact Information Job Title field. In this example, this field would be set to “Manager”.
ldap:///??sub?(&(objectClass=zimbraAccount)(title=Manager))
New Subscription Requests
Select Automatically reject.
Unsubscription Requests
Select Automatically reject.
-
If the dynamic distribution list should have an alias, create it.
-
If this dynamic distribution list can be managed by other users, enter these email addresses in the Owners page.
-
If you want to set up a reply to address, enter it here. Any replies to this distribution list are sent to this address.
-
Click Finish. The dynamic distribution list is created.
Users are added automatically to the list based on the filter you specified. If you add or delete users, the list is updated.
|
Note
|
If you use the CLI to modify a dynamic distribution list originally created
on the Administration Console, you must set zimbraIsACLGroup FALSE for
that dynamic distribution list.
|
Use the zmprov command to manage dynamic distribution lists. In the
command, ldap:///??sub? is the URL. You can add any combination of
filters to this to create different types of dynamic distribution lists.
Creating a dynamic distribution list of all new and existing accounts
All users, GAL account names, and spam/ham account names are included. When user accounts are deleted, they are removed from the list.
zmprov cddl <[email protected]> memberURL 'ldap:///??sub?(objectClass=zimbraAccount)' zimbraIsACLGroup FALSECreating a COS and Assign Users
If you create COSs and assign users to the COS based on specific criteria, such as all managers, you can quickly modify a dynamic distribution list to be used for a specific COS.
Examples of creating dynamic distribution lists for specific user types:
zmprov cddl <[email protected]> memberURL 'ldap:///??sub?(&(objectClass-zimbraAccount) (zimbraCOSId=513e02e-9abc-4acf-863a-6dccf38252e3) (zimbraAccountStatus=active) )' zimbraIsACLGroup FALSETo use this, the account’s Contact Information Job Title field must include the title. In this example it would be set to "Manager".
zmprov cddl <[email protected]> memberURL 'ldap:///??sub?(&(objectClass-zimbraAccount) (zimbraCOSId=513e02e-9abc-4acf-863a-6dccf38252e3) (title=Manager) )' zimbraIsACLGroup FALSEzmprov cddl <[email protected]> memberURL 'ldap:///??sub?(&(objectClass-zimbraAccount) (zimbraCOSId=513e02e-9abc-4acf-863a-6dccf38252e3) (zimbraIsDelegatedADminAccount=TRUE) )' zimbraIsACLGroup FALSEMailboxes can be moved between Zimbra servers that share the same LDAP server.
You can move a mailbox from either the Administration Console or use the
CLI command - zmmboxmove - to reposition a mailbox from one server to
another, without taking down the servers.
The destination server manages the mailbox move process. The move runs in the background and the account remains in active mode until most of the data has been moved. The account is locked briefly to move the last data and then returned to active mode.
The mailbox move process goes through the following steps:
-
Mailbox blobs are moved to the new server
-
When most of the content has been moved, the account is put into maintenance mode
-
Database tables, index directories and any changed blobs are moved
-
The account is put back into active mode
After the mailbox is moved to a new server, a copy still remains on the older server, but the status of the old mailbox is closed. Users cannot log on and mail is not delivered. Check to see that all the mailbox content was moved successfully before purging the old mailbox.
-
Moving a mailbox to a new server
zmmboxmove -a <email@address> --from <servername> --to <servername>
-
Purging the mailbox from the old server
zmpurgeoldmbox -a <email@address> -s <servernamee>
Global configuration options for moving a mailbox can be set to exclude search indexes, blobs, and HSM blobs when mailboxes are moved. The following configuration options can be set on either the exporting server or the destination server:
-
zimbraMailboxMoveSkipSearchIndexIf you do not include the search index data, the mailbox will have to be reindexed after the move.
-
zimbraMailboxMoveSkipBlobsBlobs associated with the mailbox, including primary and secondary volumes (HSM) are excluded.
-
zimbraMailboxMoveSkipHsmBlobsThis is useful when HSM blobs already exist for the mailbox being moved. Set this if
zimbraMailboxMoveSkipBlobsis not configured, but you want to skip blobs on HSM volumes.