The job of the system administrator is to make sure that the SmarterMail server runs as efficiently as possible. Part of that responsibility is putting measures in place to limit the potential for system abuses and "user error" that could cause problems.
SmarterMail gives system administrators the ability to create a default template that's used as a starting point for all domains that are added to the mail server. This includes the ability to set disk space limits for for the domain, set the number of domain aliases that can be created, the number of users and user aliases, the features available for users and more. These defaults can be set at any time and any new domains that are added will have the new settings. However, the new settings can also be propagated to all domains on the server if need be. From here, domain administrators can futher lock down user accounts and set their own user limits.
You can make whatever changes you want to the settings on the Domain Defaults page, and any NEW domains that are added to the server from that moment on will have these defaults applied for their users. However, it's also possible to change these settings, then push those settings to all domains, changing their settings to match what you've set as the defaults for new domains. To do this, you use the Propagate button.
System administrators who have the ability to manage domains will see the information below as well, when viewing the Options tab for a specific domain. However, some of the information will be filled out with customer infomation. Fields such as Domain Name, Hostname, Primary Domain Administrator, etc. will have information specific to the domain being managed.
Default Domain Configuration
Domains have a number of configuration settings the govern the features available, various limits for the domain, security features implemented, and much more. The Domain Defaults area is separated into multiple "cards" that contain these various settings. These cards are also mirrored on each domain's "Configuration" tab when it's selected from the Domains page. These cards, and their associated settings, include:
- Domain Name - When viewing a specific domain, the name of that domain. For example, smartermail.com. To change the name of a domain in SmarterMail, use the Actions (⋮) button to click on Rename Domain. NOTE: If you rename a domain, users will have to adjust any desktop or mobile clients to use the new domain name. While SmarterMail changes the domain name internally, it can not push the name change to email clients directly. Those have to be updated manually.
- Status - The current status of the domain: Enabled or Disabled. Disabled domains cannot send email and users cannot login to the Web interface. However, the domain will still receive email to prevent email loss. This option is a good way to temporarily shut off a domain without deleting it.
- Hostname - The URL of the mail server (e.g., mail.domain.com) to be returned for an Autodiscover query by a user of that domain. Instructions on how to Set up Autodiscover for SmarterMail can be found in the SmarterTools Knowledge Base. Note: On the Domain Defaults template, the Hostname field has a default value of "mail.%domain%". This variable allows the Hostname to match the name of the domain, though this setting can be adjusted manually, if desired. This Domain Default setting will be applied to new domains and can also be propagated to existing domains on the server.
- Root Mail Path / Folder - The directory in which all information (JSON files, mail statistics, alias information, etc.) pertaining to a domain is saved. To modify a specific domain's folder path, use the Actions (⋮) button and select Change Domain Path.
- Primary Domain Administrator - The primary domain administrator is the user that has overall control over all aspects of the domain. To adjust the primary domain administrator for the domain start typing the username you want to assign to the role, then select it from the autocomplete options. Only existing users on the domain can be selected as the primary administrator.
- Outbound IPv4 - The IPv4 address used to connect to external SMTP servers when a message is sent by the domain. If multiple IPv4 IPs are on the server, they will be listed in the dropdown. Selecting "Automatic" will use the primary IP address assigned to the Network Interface Card (NIC). (NOTE: If a different IPv4 address is set for SMTP Out on the Protocols page, that IPv4 address will take precedence over what is set up for the domain.)
- Outbound IPv6 - The IPv6 address used to connect to external SMTP servers when a message is sent by the domain. If multiple IPv4 IPs are on the server, they will be listed in the dropdown. Selecting "Automatic" will use the primary IP address assigned to the Network Interface Card (NIC). If there is none, this setting is ignored. (NOTE: If a different IPv6 address is set for SMTP Out on the Protocols page, that IPv6 address will take precedence over what is set up for the domain.)
- Outbound Gateway - Outbound gateways can reduce the load on the server by using a secondary server to process outgoing mail. Specify an outbound gateway to use for messages sent from this domain. If no options are available, an outbound gateway has not been configured. Instructions on how to Configure SmarterMail as a Free Gateway Server can be found in the SmarterTools Knowledge Base.
- Use primary IP if selections are unavailable - This will use the IP address that's assigned to the Network Interface Card (NIC) on the SmarterMail server.
- Disk Space MB (0 = Unlimited) - The maximum number of megabytes allocated for the domain. By default, the domain is allocated 500 MB of disk space. This disk space limit also includes file storage and online meetings for users. Note: When this limit is reached, SmarterMail will send a warning to the domain administrator and mailboxes on the domain will not be able to receive new mail.
- Domain Aliases (0 = Unlimited) - The maximum number of domain aliases allowed for the domain. A domain alias is bascially an alternate domain name for one that already exists in SmarterMail. For example, imagine you have a domain, 'example.com', in SmarterMail with a user, 'email@example.com'. By adding a domain alias for 'example.net', emails sent to 'firstname.lastname@example.org' will be delivered to 'email@example.com'. That means that emails sent to either domain will end up in the same mailbox. By default, domains are limited to two domain aliases.
- Users (0 = Unlimited) - The maximum number of mailboxes allowed for the domain. By default, domains are limited to 100 users. Note: If your SmarterMail license limits the number of mailboxes allowed on the domain, your license level will override this setting.
- User Aliases (0 = Unlimited) - The maximum number of alias email accounts allowed for the domain. An email alias is essentially a forwarding email address that can be used to forward messages to a single address or multiple email addresses. By default, domains are limited to 1,000 user aliases.
- Max Message Size (KB) - The maximum size email a user can send. By default, the max message size is 512000 KB. This number includes text, HTML, images and attachments. Note: Base64 encoding of attachments increases their size by approximately 35%. Knowing this, and in order to provide a better user experience, SmarterMail allows messages to be sent that are technically over the limit set for Max Message Size. For example, a 10MB message with a 490MB attachment will still be sent even though the actual message size, after base64 encoding, would far exceed the 500MB max limit.
- Max Attached File Size (KB) - The maximum size of attachments, regardless of type, to NON-email related areas such as calendars, tasks, notes, signatures, etc. This is because the Max Message Size limit already calculates attachment size for email.
- Recipients per Message (0 = Unlimited) - The maximum number of recipients a message can have. By default, users can send messages to 200 email addresses.
- Active Directory Integration (Enterprise Only) - Select this option to enable active directory authentication. By enabling this, domain administrators will be able to add in the necessary LDAP binding string to import LDAP users.
- Automated Forwarding - Select this option to allow users to enter one or more forwarding addresses that automatically forwards any email that reaches their mailbox. When this feature is enabled, domain administrators can enable or disable Automated Forwarding on a per user basis. Note: Messages routed to other email folders via content filters or plus addressing will also be forwarded to this address. Messages routed to the Junk Email folder will not be forwarded by default. However, these can be included if the domain's "Forwarding Exclusion" is set to "No exclusion - Forward all mail." In addition, even if disabled messages may still be forwarded to alternative addresses via Events, content filtering or using rules created within email clients.
- Catch-All Alias - Select this option to allow domain administrators to create catch-all email addresses. A catch-all alias is an email address that receives all incoming email that goes to invalid email addresses within the domain. NOTE: This simply enables the ability to set a catch-all alias -- an actual alias will need to be created, or an existing alias edited, and assigned as a catch-all.
- Chat (XMPP) (Enterprise Only) - Select this option to allow users on the domain to chat with each other via the Web interface or any XMPP-compatible chat client. Note: This feature is only available when licensed with SmarterMail Enterprise.
- Cloud Storage Connections - Select this option to allow users to connect different services, like OneDrive and Dropbox, to their SmarterMail accounts to facilitate actions like attaching links to shared files.
- Disposable Address - Select this option to allow users to create a temporary, disposable address independent of their email address.
- Domain Chat History View - Select this option to allow domain administrators to be able to search through all chat history for any and all users of a domain.
- eM Client Licenses - Select this option to allow domain administrators to be able to take advantage of the partnership between SmarterTools and eM Client so that they can receive, distribute, and manage a FREE eM Client Pro license with 3 device activations for their users. For more information, see eM Client Licenses.
- File Storage - Select this option to allow users to access the File Storage section, where users can upload files to the mail server and then share them by sending out links to those files.
- Global Address List - Select this option to provide a listing of all users who have accounts for the particular domain in the Contacts menu icon. If the Global Address List is disabled for a domain, collaboration items, like calendars or notes, will not use autocomplete when adding shared users. Note: This feature is only available when licensed with SmarterMail Enterprise. In addition, MAPI requires use of the Global Address List (GAL) in order to work properly. Therefore, regardless of whether the domain's Global Address List feature is disabled, or a user/alias has Show in GAL disabled, Outlook MAPI will always show the GAL directory and be available via autocomplete when typing in a recipient's email address.
- Webmail Login Customization - Select this option to allow domain administrators to customize the login screen to add a company logo, provide additional branding text, or adjust the default “Login to SmarterMail” text. Note: If you enable this feature to allow the domain to override the custom login display, and the domain administrator does not enable customization for their domain, users will see the default SmarterMail login screen, regardless of whether the login display is customized in the system administrator-level general settings.
EAS is the industry standard for synchronizing email clients and mobile devices with email servers like SmarterMail. Using EAS, users can synchronize email, contacts and calendars (and tasks and notes, on supported devices) with email clients, like Windows Mail, and with smartphones and tablets from Apple, Samsung and others. When trialing the add-on or using a paid subscription, the following options will be available:
- Remote Wipe - When enabled, this allows domain administrators to initiate a remote wipe of a device connected via EAS. For example, if a person leaves an organization, administrators can wipe their mobile device(s) to ensure SmarterMail accounts are removed.
- Allow Domain Administrators to manage EAS for users - Enable this setting to allow domain administrators to assign EAS to the number of accounts allocated for the domain.
- Accounts - The maximum number of EAS accounts that can be assigned for the domain.
MAPI/EWS are both protocols used for connecting desktop email clients to SmarterMail to give them Microsoft Exchange-level functionality. MAPI is used by Microsoft Outlook 2016 and above for Windows machines while EWS is used by Apple Mail on Mac OS and eM Client on Windows.
- Allow Domain Administrators to manage MAPI/EWS for users - Enable this setting to allow domain administrators to assign MAPI/EWS to the number of accounts allocated for the domain.
- Accounts - The maximum number of MAPI/EWS accounts that can be assigned for the domain.
- Autoresponder Exclusions - To prevent SmarterMail from sending automated messages, such as out-of-office replies, to addresses based on the spam level of the original message, select the appropriate option from the list.
- Forwarding Exclusions - To prevent the system from forwarding messages based on the spam level of the message, select the appropriate option from the list.
- Enable Greylisting - Greylisting is a spam prevention method that temporarily rejects any email from an unrecognized sender. The idea is that a valid message will be re-tried and, therefore, accepted on its subsequent delivery attempt. Though effective, greylisting can lead to a delay in email delivery for a domain. Enable this option to activate greylisting for the domain.
- Enable Sender Verification Shield - Administrators can choose to enable the Sender Verification Shield for users. This is a way to help a user understand whether the sender is truly the sender or not by performing checks on DMARC, DKIM, and SPF, the trusted sender status, etc.
- Inbound Message Delivery - Administrators can specify the domain location for incoming email delivery. This allows you to specify whether the domain is hosted locally or partially/entirely on an external server. The following options are available:
- Local - Select this option if the mail server is hosted locally.
- External (use MX record) - Select this option if the mail server is hosted partially or entirely externally. Messages will be delivered based on an MX lookup. Select the option "Deliver locally if user exists" to perform a local delivery instead of external if the user exists locally.
- External (use host address) - Select this option if the mail server is hosted partially or entirely externally. Messages will be delivered to the specified host address. The host address can either be entered as an IP address or the Fully Qualified Domain Name (FQDN), such as mail.yourdomain.com. Select the option "Deliver locally if user exists" to perform a local delivery instead of external if the user exists locally.
Mailing Lists are a great way to allow users to communicate with a number of different individuals via a single email address. For example, many companies use mailing lists to email newsletters, promotional offers, or information about product updates to subscribers. Unlike an Alias, a mailing list allows people to subscribe or unsubscribe from email communications.
- Mailing Lists - Enable this option to allow domain administrators to create and manage mailing lists for their domain.
- Mailing List Command Address - The address used for responding to mailing list requests. For example, if a request is sent requesting a list of all available commands.
- Mailing Lists (0 = Unlimited) - The maximum number of mailing lists allowed for the domain. By default, this setting is set to Unlimited.
- Max Message Size (KB) - The maximum size message that can be sent to a mailing list. By default, the maximum message size is set to 512000 KB.
- Two-Step Authentication - Two-Step Authentication is a method of providing a second verification of ownership before a user can log in or connect to third-party clients and/or devices. For example, when a user has Two-Step Authentication enabled, the SmarterMail login page will require their primary password and a secondary verification of ownership before the user can log into webmail. The second method of verification will be provided to the user through popular authentication apps, like Google or Microsoft Authenticator, or through a recovery email address. When this feature is enabled for a domain, the domain administrator can override the system setting and choose whether to enable or force Two-Step Authentication for their users. Options for Two-Step Authentication include:
- Enable - Simply enables Two-Step Authentication, but users have the option to use it or not. It is not required.
- Forced - This enables Two-Step Authentication and forces/requires users to set it up. However, domain admininstrators have the ability to disable it for their own users.
- Forced - Prevent Domain Disabling - This makes Two-Step Authentication required and removes the ability for domain admininstrators to turn it off.
- Enable TLS if supported by the remote server - This enables TLS (SSL encryption) for outgoing mail.
- Enable SRS when forwarding messages - Enable this to allow the mail server to re-email (as opposed to "forward") an email message so that it passes any SPF checks on the recipient's end.
- Require SMTP Authentication - Enable this option to require SMTP authentication when sending email. Note: If this option is enabled, users must provide an email address and password to send email from their account. SmarterMail supports cram-md5 and login authentication methods.
- Force all traffic over HTTPS - Select this option to force all SmarterMail traffic over HTTPS. This improves SmarterMail security by allowing all traffic to be encrypted. Note: Prior to enabling this setting, SmarterMail must be set up as a site in IIS and have a valid SSL certificate in place for the SmarterMail site. If this is enabled and a user navigates to the IP address, the server will attempt a rDNS lookup and then redirect accordingly.
- Show passwords to domain administrators - Enable this option to allow domain administrators to view a user's password (and app passwords, if the user is protected by Two-Step Authentication). Note that passwords cannot be viewed when the authentication method is set to Active Directory.
- Postmaster Mailbox - The system administrator can specify an email address that's used as the postmaster address for a specific domain. If there's no specific postmaster@ user set up for a domain, then the primary domain administrator address is generally entered here. The Postmaster address is essentially an Alias: if someone emails postmaster@, the email is forwarded to the address entered here, just as it is for an Alias. If an Account, Alias or Mailing List already exists with the "postmaster" username/name, then this field is ignored.
- Redirect to a webpage on logout from webmail - Generally, when users logout of webmail they're presented with the standard webmail login page. However, a system administrator can enter a custom URL to a page that is presented to users when they log out of webmail.
- Allow domain administrators to create domain aliases - Enable this option to allow domain administrators to create domain aliases. A domain alias is basically an alternate domain name for one that already exists in SmarterMail. For example, imagine you have a domain, 'example.com', in SmarterMail with a user, 'firstname.lastname@example.org'. By adding a domain alias for 'example.net', emails sent to 'email@example.com' will be delivered to 'firstname.lastname@example.org'. That means that emails sent to either domain will end up in the same mailbox.
- Allow domain administrators to manage Mailbox Size Limit for users - When this setting is enabled, domain administrators will be able to modify a user's Mailbox Size Limit and propagate the setting to users. When this setting is disabled, domain administrators will be able to see the current Mailbox Size Limit, but they will be unable to edit the value or propagate changes to users. NOTE: A system administrator will always be able to manage a user's Mailbox Size Limit when impersonating a domain administrator and editing a user.
- Allow users to edit their profile - When enabled, this allows users to manually edit their profile information. (I.e., modify their Displan Name, contact information, etc.) It also makes the "Allow users to opt out of Global Address List" setting visible. NOTE: For Active Directory administrators, or companies who use Active Directory for user administration, this setting can be disabled for all users in Domain Defaults, which means any profile information is "read only" for users and, instead, managed by Active Directory.
- Allow users to opt out of Global Address List - The Global Address List (GAL) is basically a listing of all users who have accounts for your particular email domain. However, not all accounts would necessarily need to be listed in the GAL. For example, generic addresses like info@ or support@ may not need to be listed as they're used for specific purposes (e.g., support@ being imported into a ticketing system.)
- Exclude IP from received line - Select this option to remove the client's IP address from the received header on messages received through SMTP. Note: Removing the IP address from the received header is not recommended because it violates RFC.
Select this option to allow users to create online meetings, which allow for video chatting and shared documents with users on the domain and guests alike. Technical Note: Video conferencing within online meetings utilizes WebRTC. WebRTC will prefer UDP as the communications protocol, but it will use TCP if it's the only available method through the firewall. For ports, WebRTC will use anything in the 0-65535 range to transfer video and audio. In order to establish the connection, port 3478 should be open. In addition, WebRTC uses VP8 or H.264 for video codecs and Opus for audio, though this can vary depending on device, OS and browser. WebRTC handles this selection automatically.
It's also possible to set a specific, separate STUN/TURN server to be used by all domains that are created. If no servers are specified, SmarterMail will use the default STUN/TURN settings for online meetings.
Use this card to prioritize the remote delivery of standard messages and configure the throttling options for the domain. By default, all messages for all users are sent at a normal priority with an exception of mailing lists, which default to low priority. Messages that fail the first attempt to deliver get automatically "degraded" in priority to low.
Throttling, on the other hand, allows system administrators to limit the number of messages per hour and/or the amount of bandwidth used per hour to send messages, either at the domain level, the user level, or a mix of both. If the throttling action is set to Reject, SmarterMail will bounce any messages attempting to be sent after the threshold is met, until the next session. If the throttling action is set to Delay, SmarterMail will allow the message into the spool and trickle delivery.
The way throttling works is as follows: Anytime an SMTP session is made to deliver a message to any outside user (i.e., not a local delivery), that session counts against the throttling limits that are set. For example, if a user sends 5000 emails to 5000 Gmail users, that's 5000 messages that count against their "Outbound Messages per Hour" throttling limit, if that user has throttling set up, or their domain's throttling limit. However, if they send 5000 emails but 4000 to to Gmail users, and 1000 go to other users on their domain, only 4000 messages count as the other 1000 are delivered locally. So, throttling limits are only counted for messages that are sent to another server; throttling limits do NOT count for local deliveries.
There is also a timing element involved with throttling: things like spool delays, delivery delays, etc. can impact whether or not messages count against whatever throttling limits are set. However, those issues are generally few and far between.
- Delivery Priority - The priority level for messages that don't have another priority affecting it.
- Outbound Messages per Hour - The number of messages sent by the domain per hour. By default, the number of outgoing messages is 5,000.
- Message Throttling Action - The action SmarterMail should take when the message throttling threshold is reached.
- Outbound Bandwidth MB per Hour - The total number of MBs sent by the domain per hour. By default, the outgoing bandwidth is 100.
- Bandwidth Throttling Action - The action SmarterMail should take when the bandwidth throttling threshold is reached.
- Bounces Received per Hour - As bounce messages are received from null senders per RFCs, this setting dictates the number of messages from null senders a domain can receive over SMTP before any further messages from null senders will be rejected. By default, a domain can receive 1,000 bounces per hour.
- Bounces Throttling Action - The action SmarterMail should take when the bounces throttling threshold is reached.
Autodiscover is a service that allows email clients to automatically determine a user’s mail server address and port from that user’s email address and password alone. This greatly simplifies a user’s setup process when attempting to connect SmarterMail to a desktop client, like Outlook and Apple Mail, as well as mobile clients. Autodiscover settings can be configured per protocol and per domain. Instructions on how to Set up Autodiscover for SmarterMail can be found in the SmarterTools Knowledge Base.
With the appropriate DNS records and IIS configuration in place, you can use this section to enable or disable specific protocols from returning Autodiscover results. When a protocol is enabled for Autodiscover, clicking on that protocol’s settings cog will open a window where the encryption type and port can be adjusted. Utilizing Autodiscover with MAPI/EWS or EAS requires encryption over SSL or TLS. Therefore, port 443 MUST be available and not blocked by a firewall. NOTE: If a user has POP disabled for their account, their POP Autodiscover request will not be fulfilled, even if POP is enabled for Autodiscover. This applies to all protocols in their account's Service Access settings.
Overriding the Default Desktop and/or Mobile XML Responses
Administrators with advanced Autodiscover knowledge can override the default XML response that is sent from the domain when Autodiscover is requested. However, please understand that these settings should NOT be modified without advanced knowledge of the XML responses used with Autodiscover. Adjusting the custom XML incorrectly can result in invalid responses returned meaning users will be unable to connect to their email client(s). Furthermore, if you turn on an override but never save any custom XML, SmarterMail will use the default protocol settings. However, if the override is turned on, ANY text you save to the Custom XML area will be used for the Autodiscover response. If you save custom text, then later remove that text and save a blank entry, Autodiscover will send a blank response. Therefore, it is imperative that you only enable the override and enter custom Autodiscover XML if you are absolutely sure what you're using is correct.
There are two types of Autodiscover responses that can be modified: Mobile XML and Desktop XML. The mobile XML response is strictly used with EAS. The desktop XML response is used with everything else, including IMAP, POP, SMTP In, MAPI and EWS.
In the textbox window that appears after enabling the override of the XML, clicking on Generate will show the XML response that SmarterMail would normally send on an Autodiscover request. You can generate this response to make adjustments as needed, or simply enter the XML response you would like to use. When adjusting the XML, don’t remove or modify variables such as %EmailAddress%, %Base64EmailAddress%, %DisplayName% or %LegacyDN% since these are used to identify the user making the Autodiscover request. Also note that although changes are not validated by SmarterMail, any changes made to the XML response should be within RFC guidelines.
When changes to domain defaults are made, these changes only apply to any new domains that are added AFTER the changes are saved. However, system admininistrators can make changes to Domain Defaults then propagate those changes to all domains. In order to apply domain settings to all of the existing domains, do the following:
- First, make any changes you want on this page, then click the Save button.
- Next, click on the Propagate button. A modal window opens up.
- Scroll down the list of settings, placing a check mark next to the settings you want to push to your domains. Not all settings need to be propagated, only those settings that have been changed.
- Once you've selected your changes, click the Propagate button.
Changes to Individual Domains
If changes need to be made for individual domains, these can be handled by clicking on the domain from the Domains page, then making modifications using the tabs available to system administrators. For example, if a system administrator wants all domains to have Cloud Storage Connections disabled, but grant Cloud Storage Connections to individual domains, the setting can be disbled on Domain Defaults, but enabled for specific domains on their Options tab.
Copyright © SmarterTools Inc. All rights reserved.