Users and Groups

In the user administration, you can manage users, local e-mail addresses, the login configuration as well as groups and policies.

The Realm defines, which user database is used to authenticate the users.
You can define several realms to enable users to login from different systems.

The standard realm "local" uses the local user database of the REDDOXX Appliance.
It cannot be changed or deleted.
You can add, edit and delete realms.
The following steps are required to configure a logon realm:

  1. Select Add
  2. Enter a name for the logon realm
  3. Select, if e-mail addresses are to be imported upon Login and if the Primary e-mail address should be set, as well as if the user is allowed to save the password for the login
    It is recommended to check "Disable Save Password" (this is the default setting when creating a realm.
    Passwords are saved in the browsers local storage and are potentially at risk.
    Deactivating this option only applies to the web login.
    Password (and further settings) are not stored in cookies anymore, but in the browsers local storage, but the "html5 local storage" can not be seen as a secure storage.
    Any person with access to the local computer could read the storage.
  4. Switch to the Authentication tab and choose the authentification backend
  5. Provide the logon credentials for the authentication Server (change the tcp port to 636 if using ssl)
  6. Select if in active directory authentications the UPN as user can be used
  7. It is also possible to select "Enable Group Addresses" for Active Directory Authentication Servers in the advanced tab of the Realm Konfiguration
    This way, the user has Access to all alias addresses that are configured via exchange distribution or security groups
    These addresses can then be selected in the Userinterface,Webinterface,Outlook Addin or Mobile App via Maildepot -> "Select deputy" and be used for Maildepot queries
  8. Confirm the settings with Save

Note the following restrictions / information:

  • Sample configuration is shown in the following document: LDAP connectivity of the REDDOXX Appliance
  • For Novell eDirectory only the Logon is available, address import or recipient check is not possible, do not activate these functions
  • For LDAP linkup to Novell Netware (OpenLdap), it must be possible to read the following user attributes with an anonymous LDAP bind: dn, cn, objectClass.
  • Only the following e-mail addresses are rated as valid for Lotus notes domino: Internet address,Shortname/UserID,User name
  • The stated addresses must be clear in Lotus Domino! Double entries lead to the rejection of the mail!
  • With Shortname/UserID, you can skip the Internet Domain in a Lotus notes Domino environment.
    Then all Internet Domains defined in the Domino server are accepted.
  • When importing during user Login at Lotus notes domino, at first only the Internet address is created as E-Mail alias in the REDDOXX Appliance.
    The additional e-mail addresses are then generated upon e-mail receipt.

  • With the Users configuration, you can add, edit, delete and search for users, as well as assign or remove licenses and change passwords.
  • Via rightclick -> edit, the Queue Report can be adjusted for each user (for a bulk change, the Diagnose user Profile can be also used).
  • Note, that only local users can be created here, as remote realm users are automatically created if a user logs in to the user console or receives a mail from an untrusted network.
  • Via Shift / CTRL and left click, multiple users can be selected to assign or remove licenses for multiple users (via right click -> assign or remove license) in one step.
  • Licenses are automatically assign when using the spamfinder or maildepot in the user console.
  • The assigned licenses are checked against the amount of available licenses.
  • If more licenses are assigned than available (e.g. in a test period) the appliance will report "Invalid license Count" or "no valid license".
    You need to remove the licenses from users until the amount of assigned and available licenses fit.
  • To import a list of users, you can use the import feature and provide a comma separated csv file with user information.
    The file needs to have the following structure (line by line):
    Username,Password,E-Mail-Adresse1,E-Mail-AdresseN …
    When importing users, you can also select a local realm (this can either be the default local realm, or an additional realm that has to be created before) and a spamfinder profile

  • Groups are required to control user policies
  • One or several users are assigned to a Group
  • You can add, edit and delete groups.

The following steps are required to create a group:

  1. Select Add
  2. Enter a group and provide a description in the comment field if necessary
  3. Select the users that are to be assgined to the group via the drop down list and the Add button
  4. Confirm the settings with "Save"

  • E-mail aliases are assigned to a user.
  • You can add, edit or delete e-mail aliases, change the filter profile and deactivate archiving for several e-mail aliases

The following steps are required to add an e-mail alias:

  1. Select "Add".
  2. Enter the e-mail address.
  3. Select the user that is allowed to manage this E-Mail address.
  4. Select the desired filter profile.
  5. Activate "Disable Archiving" if you want to disable mails for this e-mail address to be archived
    If archiving is disabled for an alias, the default policies are adjusted accordingly
  6. Confirm the settings with "Save".

The policies help you to create rules that define the function scope of the user console.
Rules are always applies on groups. This is why you must have already assigned users to groups.
The policies define whether select functions are allowed or prohibited for one or several groups.
A policy contains so-called rule sets, a summary of individual functions to an umbrella term.

The following rule sets are available:

  • Common Rules: Outgoing Queue, manage deputy Groups, user profile and user address settings
  • Spamfinder Rules: spamfinder queue, profile selection, e-mail preview, deleting e-mails from ciss and spam queue
  • Spamfinder Filterlist-Rules: Black- and Whitelist Management for subject, address and domains
  • Maildepot Rules: Maildepot view, e-mail preview, attachments in e-mail preview, save message
  • Mailsealer Rules: MailSealer view
  • Outlook Addin Rulres: message archiving and max message size for archiving
  • Deputy Groups: configuration of deputies

A rule set can have 3 different states:

  • Not configured: This set of rules is not evaluated. It is ignored in this policy. The status of the individual functions remain unchanged.
  • Deactivated: All functions of this rule set are deactivated. The following policies are no longer considered for this rule set.
  • Activated: The functions of the rule set are considered individually. The following policies are no longer considered for this rule set.

If there are no policies yet or if all rule sets are not configured, the default of the options applies initially and no deputies are defined.
When a user logs on to the user console, all available policies are processed in sequence from top to bottom.

If a user is included in the group that was assigned to the policy, the rule set is no longer considered on the following policies, unless the rule set previously had the status not configured.
You can set the sequence of the policies via the context menu (higher, lower).

The following steps are required to create a new policy:

  1. Select Add
  2. Enter the name for the policy
  3. Select, if the policy is applied to all users or choose apply or reject groups.
  4. Switch to the Rules tab and configure the desired rules
  5. Confirm the Settings with "Save"
  6. Adjust the policy priority if needed via right click on the created policy

The following steps are required to create a policy for deputies (e.g. to manage distributor groups)

  1. Create a Group with users that are needed for the deputy policy (Add in group configuration)
  2. Enter a name for the group
  3. Select the authorized users and confirm with "add"
  4. Save the group
  5. Add a local user in the Users configuration (Realm Local). The Deputy Group will later have access to the e-mail address assigned to this user
  6. Save the new user
  7. Configure the E-Mail address for this user via "Add" in the E-Mail addresses configuration
  8. Enter the E-Mail Address (e.g. a distributor address from AD) and select the created local user
  9. Choose the filter Profile for this alias and if archiving is to be disabled
  10. Save the new alias
  11. Switch to the Policies Configuration
  12. Select Add
  13. Enter a name for the deputy policy and select the group that was configured in step 1 via "Add Group to apply"
  14. Switch to the Rules tab
  15. Select Deputy Groups and set the status to "Enable"
  16. Right click the "Deputy Groups" in the lower corner and select "Add Group", add a name for the deputy group and confirm with OK
  17. Right click the created group and select "Add Address"
  18. Select the the E-Mail addresses that the deputys are allowed to manage (created in step 8) and confirm with Select
  19. Complete the configuration with "Save"

In the webinterface/user gui, the authorized users (from step 1) can then use the Option "Select deputy" to select from available e-mail addresses that are to be managed