The Realm defines, which user database is used to authenticate the users.
You can define several realms to enable users to login from different systems.
The standard realm "local" uses the local user database of the REDDOXX Appliance.
It cannot be changed or deleted.
You can add, edit and delete realms.
The following steps are required to configure a logon realm:
Select Add
Enter a name for the logon realm
Select, if e-mail addresses are to be imported upon Login and if the Primary e-mail address should be set, as well as if the user is allowed to save the password for the login
It is recommended to check "Disable Save Password" (this is the default setting when creating a realm.
Passwords are saved in the browsers local storage and are potentially at risk.
Deactivating this option only applies to the web login.
Password (and further settings) are not stored in cookies anymore, but in the browsers local storage, but the "html5 local storage" can not be seen as a secure storage.
Any person with access to the local computer could read the storage.
Switch to the Authentication tab and choose the authentification backend
Provide the logon credentials for the authentication Server (change the tcp port to 636 if using ssl)
Select if in active directory authentications the UPN as user can be used
It is also possible to select "Enable Group Addresses" for Active Directory Authentication Servers in the advanced tab of the Realm Konfiguration
This way, the user has Access to all alias addresses that are configured via exchange distribution or security groups
These addresses can then be selected in the Userinterface,Webinterface,Outlook Addin or Mobile App via Maildepot -> "Select deputy" and be used for Maildepot queries
Confirm the settings with Save
Note the following restrictions / information:
Sample configuration is shown in the following document: LDAP connectivity of the REDDOXX Appliance
For Novell eDirectory only the Logon is available, address import or recipient check is not possible, do not activate these functions
For LDAP linkup to Novell Netware (OpenLdap), it must be possible to read the following user attributes with an anonymous LDAP bind: dn, cn, objectClass.
Only the following e-mail addresses are rated as valid for Lotus notes domino: Internet address,Shortname/UserID,User name
The stated addresses must be clear in Lotus Domino! Double entries lead to the rejection of the mail!
With Shortname/UserID, you can skip the Internet Domain in a Lotus notes Domino environment.
Then all Internet Domains defined in the Domino server are accepted.
When importing during user Login at Lotus notes domino, at first only the Internet address is created as E-Mail alias in the REDDOXX Appliance.
The additional e-mail addresses are then generated upon e-mail receipt.
With the Users configuration, you can add, edit, delete and search for users, as well as assign or remove licenses and change passwords.
Via rightclick -> edit, the Queue Report can be adjusted for each user (for a bulk change, the Diagnose user Profile can be also used).
Note, that only local users can be created here, as remote realm users are automatically created if a user logs in to the user console or receives a mail from an untrusted network.
Via Shift / CTRL and left click, multiple users can be selected to assign or remove licenses for multiple users (via right click -> assign or remove license) in one step.
Licenses are automatically assign when using the spamfinder or maildepot in the user console.
The assigned licenses are checked against the amount of available licenses.
If more licenses are assigned than available (e.g. in a test period) the appliance will report "Invalid license Count" or "no valid license".
You need to remove the licenses from users until the amount of assigned and available licenses fit.
To import a list of users, you can use the import feature and provide a comma separated csv file with user information.
The file needs to have the following structure (line by line):
Username,Password,E-Mail-Adresse1,E-Mail-AdresseN …
When importing users, you can also select a local realm (this can either be the default local realm, or an additional realm that has to be created before) and a spamfinder profile
You can add, edit or delete e-mail aliases, change the filter profile and deactivate archiving for several e-mail aliases
The following steps are required to add an e-mail alias:
Select "Add".
Enter the e-mail address.
Select the user that is allowed to manage this E-Mail address.
Select the desired filter profile.
Activate "Disable Archiving" if you want to disable mails for this e-mail address to be archived
If archiving is disabled for an alias, the default policies are adjusted accordingly
The policies help you to create rules that define the function scope of the user console.
Rules are always applies on groups. This is why you must have already assigned users to groups.
The policies define whether select functions are allowed or prohibited for one or several groups.
A policy contains so-called rule sets, a summary of individual functions to an umbrella term.
The following rule sets are available:
Common Rules: Outgoing Queue, manage deputy Groups, user profile and user address settings
Spamfinder Rules: spamfinder queue, profile selection, e-mail preview, deleting e-mails from ciss and spam queue
Spamfinder Filterlist-Rules: Black- and Whitelist Management for subject, address and domains
Maildepot Rules: Maildepot view, e-mail preview, attachments in e-mail preview, save message
Mailsealer Rules: MailSealer view
Outlook Addin Rulres: message archiving and max message size for archiving
Deputy Groups: configuration of deputies
A rule set can have 3 different states:
Not configured: This set of rules is not evaluated. It is ignored in this policy. The status of the individual functions remain unchanged.
Deactivated: All functions of this rule set are deactivated. The following policies are no longer considered for this rule set.
Activated: The functions of the rule set are considered individually. The following policies are no longer considered for this rule set.
If there are no policies yet or if all rule sets are not configured, the default of the options applies initially and no deputies are defined.
When a user logs on to the user console, all available policies are processed in sequence from top to bottom.
If a user is included in the group that was assigned to the policy, the rule set is no longer considered on the following policies, unless the rule set previously had the status not configured.
You can set the sequence of the policies via the context menu (higher, lower).
The following steps are required to create a new policy:
Select Add
Enter the name for the policy
Select, if the policy is applied to all users or choose apply or reject groups.
Switch to the Rules tab and configure the desired rules
Confirm the Settings with "Save"
Adjust the policy priority if needed via right click on the created policy
The following steps are required to create a policy for deputies (e.g. to manage distributor groups)
Create a Group with users that are needed for the deputy policy (Add in group configuration)
Enter a name for the group
Select the authorized users and confirm with "add"
Save the group
Add a local user in the Users configuration (Realm Local). The Deputy Group will later have access to the e-mail address assigned to this user
Save the new user
Configure the E-Mail address for this user via "Add" in the E-Mail addresses configuration
Enter the E-Mail Address (e.g. a distributor address from AD) and select the created local user
Choose the filter Profile for this alias and if archiving is to be disabled
Save the new alias
Switch to the Policies Configuration
Select Add
Enter a name for the deputy policy and select the group that was configured in step 1 via "Add Group to apply"
Switch to the Rules tab
Select Deputy Groups and set the status to "Enable"
Right click the "Deputy Groups" in the lower corner and select "Add Group", add a name for the deputy group and confirm with OK
Right click the created group and select "Add Address"
Select the the E-Mail addresses that the deputys are allowed to manage (created in step 8) and confirm with Select
Complete the configuration with "Save"
In the webinterface/user gui, the authorized users (from step 1) can then use the Option "Select deputy" to select from available e-mail addresses that are to be managed