XMission Wiki - User contributions [en]

SIP ALG

2023-05-30T20:06:11Z

Benjii:

== XMission Voice and SIP ALG ==

Using XMission Voice on a different Internet service or through your own router can create quality issues with your voice services. This is often caused by a software protocol called SIP ALG or SIP HELPER depending on the equipment being used. XMission requires this build in protocol to be disabled in order to ensure service is properly working.

=== What is SIP ALG/HELPER? ===

This protocol assists with rewriting voice traffic to show that it is being NATed. In other words, instead of headers being sent the call is coming from an IP address of:

* 10.x.x.x
* 192.168.x.x
* 172.16.x.x

This shows the public IP address when the call is coming from the router's public IP address (IE: 166.70.x.x)

[[File:SIP-ALG-packets.png|600px]]

Using the image above, you can see how Internet traffic sends voice calls with and without SIP ALG/HELPER. The highlighted area is where the traffic gets changed.

=== Why SIP ALG/HELPER is not needed ===

Most voice providers (including XMission) have a public switch or server that is a go-between. In other words, the Telephone Adapters (TAs) or IP Phones that are provided by XMission connect to this switch prior to reaching the actual voice system to make and receive phone calls. Because we are configured for this, calls are by default tagged with a public IP address and do not require one from your equipment.

=== What happens with SIP ALG/HELPER? ===

Having SIP ALG enabled on your equipment can make it so the onsite equipment drops the registered device (TA) during the ringing process of phone calls. When this happens the following could be true:
* One-way audio: The caller not using XMission Voice can be heard, but the XMission Voice user cannot be heard.
* Outgoing calls fail: Calls get 404 or dead air when trying to dial out. Most calls don't even reach call.xmission.com call history.
* Incoming calls fail to ring: The signal to tell the handset to ring on incoming calls is blocked and callers end up going to voicemail.
* Device registration fails entirely.

=== How to disable SIP ALG/HELPER? ===

This protocol is typically found inside the web interface of your personal router/firewall under the advanced settings. It can often be found under:
* NAT forwarding
* QoS
* Security
* Firewall
* WAN settings

Please review the following to disable the protocol:

{| class="wikitable"
|-
|TP-Link Archer Routers (Archer Series):
# Log in to routers web interface (tplinkwiki.net)
# Click on Advanced
# Locate NAT Forwarding (or Firewall)
# ALG
# Uncheck "Enable SIP ALG"
# Save
|-
|Netgear Router (with Genie):
# Log in to router web interface (routerlogin.net)
# Click on Advanced
# Locate the Setup Menu
# Click WAN Settings (or Setup)
# Uncheck the "Enable SIP ALG"
# Save
|-
|Asus Routers (with ZenWiFi):
# Log in to routers web interface (router.asus.com)
# Click on WAN under Advanced Settings
# Click on NAT Passthrough Tab
# Select Disabled on SIP Passthrough
# Apply
|-
|Linksys/Cisco Routers (with Smart Wifi):
# Log in to router web interface (192.168.0.1 unless otherwise LAN IP has been changed)
# Click on Administration
# Under the Management Tab
# Select the Disabled button
# Save
|-
|}

* For unlisted routers, please contact XMission Support for additional help.

[[Category:Troubleshooting]]
[[Category:VoIP]]

SPF and DKIM

2023-05-23T19:29:20Z

Benjii: /* Valid SPF for XMission */

SPF and DKIM are two important security methods domain owners have of "authorizing" specific email servers to send mail on their behalf. Besides providing greater deliverability of your messages, these mechanisms prevent fraudsters from sending spoofing emails as your domain.

These TXT records are entered by the domain owner wherever the domain's DNS record is managed, which may be with the registrar or hosting provider. DKIM (Domain Key Identified Mail) also adds public key cryptography for deeper validation.

XMission advises all [https://xmission.com/zimbra Zimbra clients] to configure SPF & DKIM. It may sound a bit daunting but is really not very complicated. This document will walk you through it.

IMPORTANT NOTE ABOUT TXT RECORD ENTRY: Depending on the syntax requirements of your DNS system you may have to include or omit the quotation marks for the record to be properly enabled. Other DNS entries on your domain should provide quick visual guidance on protocol. XMission DNS systems do ''not'' use quotation marks.

= SPF =
The following is the most commonly applied SPF (Sender Policy Framework) record for XMission email customers but it is imperative you understand how and why this is applied. IMPORTANT: It is critical that you read and understand all SPF information below before applying the record to your domain as you could break email delivery.

{| class="wikitable"
! Host !! Record Type !! Value
|-
| @ (base domain) || TXT || "v=spf1 a mx include:_spf.xmission.com ~all"
|}

== How It Works ==
Any SPF record is a string of one more more potential mail sources, prefixed by a character indicating the policy for mail source. An example of a common SPF record:

{| class="wikitable"
|+ Example Syntax
|-
! Host !! Record Type !! Value
|-
| @ (base domain) || TXT || "v=spf a mx ~all"
|}

In this case, it says that the A and MX records for the domain are allowed to send, and all other mail fails (but with a "softfail", so that mail isn't actually rejected). "a", "mx" and "all", are all individual mail sources. The "~" prefixed to the "all" source is a policy denoting that mail from the source should be considered a "SoftFail".

{| class="wikitable"
|+ Sources & Definitions
|-
! Flag !! Source Type
|-
| a || DNS A record
|-
| mx || MX record
|-
| ptr || PTR record
|-
| ip4 || IPv4 address or subnet
|-
| ip6 || IPv6 address or subnet
|-
| include || The contents of another domain's SPF record
|-
| all || Any mail source (generally used at the end to provide a default policy)
|}

{| class="wikitable"
|+ Prefix Characters
|-
! Prefix !! Definition
|-
| '''+''' || Pass (Valid for SPF)
|-
| '''-''' || Fail (Invalid, and reject mail)
|-
| '''~''' || SoftFail (Invalid, but still accept)
|-
| '''?''' || Neutral (...whatever...)
|}

XMission Shared Hosting clients can [https://wiki.xmission.com/Adding/Managing_DNS_Records learn to manage DNS records here.]

== Valid SPF for XMission ==
Any SPF record for a domain sending through XMission should contain "include:_spf.xmission.com".

If you prefer a less identifiable entry then a minimum inclusion would have the following four sources:
* ip4:166.70.11.0/24
* ip4:166.70.13.0/24
* ip4:166.70.198.0/24
* ip4:198.60.22.0/24

Note that the SPF record policy is a decision of the domain owner's. If they want to Fail or SoftFail on all, add other sources, etc., is up to them. We don't have a singular recommendation or requirement for SPF. If the customer '''only''' sends via XMission, the following SPF record is relatively safe:

{| class="wikitable"
! Host !! Record Type !! Value
|-
| @ (base domain) || TXT || "v=spf1 a mx include:_spf.xmission.com ~all"
|}

===Valid SPF for XMission with additional sending services===

Sometimes it is necessary to have mailing list or other services that need to send emails so having multiple SPF records be strung together becomes necessary. Fortunately the fairly lenient syntax of SPF records makes this easy to do, here is our default record compared to some merged records:

{| class="wikitable"
! Hosts Generating Emails !! Example of Merged SPF Record
|-
| Default XMission || v=spf1 a mx include:_spf.xmission.com ~all
|-
| XMission plus Mailchimp || v=spf1 include:_spf.xmission.com include:servers.mcsv.net ~all
|-
| XMission plus Gmail, plus Constant Contact || v=spf1 include:_spf.xmission.com include:_spf.google.com include:spf.constantcontact.com -all
|}

== Forwarding ==
'''Important note''' about forwarding (ie automatically redirecting mail from one email address to another, not hitting the forward button):

Forwarding (under most circumstances) <em>BREAKS</em> SPF. If a domain has a "-all" ("reject all other mail" aka "Fail") policy in their SPF record, mail will be rejected by any servers respecting SPF after the server performing the forward. Users should keep this in mind when choosing a policy. This is why we suggest "~all" ("SoftFail") when you initially configure SPF.

== Alias Domains ==
Domain aliases that are used for sending email with "From:" addresses will need SPF & DKIM records configured.

All customers are strongly encouraged to configure SPF & DKIM records for all alias domains and parked domains to prevent possible abuse.

= DKIM =
DomainKeys Identified Mail (DKIM) is similar to SPF in that it uses a TXT record on the domain to define a sending policy for that domain. Where it differs is that it uses public key cryptography with this sending policy. A public key is added to that TXT record and any message that is signed with the private key (and thus validates with the public key) is then considered valid.

'''DKIM will break automatic responders, like ''Out of Office'' or ''Vacation'' replies.''' This is due to how DKIM verifies the sender, and how automated replies are generated and sent. This is intentional, and is a consideration that needs to be made when limiting sending from your domain via DKIM.

== Adding DKIM to an XMission Domain ==
We have a single private key for XMission DKIM signing. We can sign DKIM with this key on any domain sending out through XMission. It works for Zimbra domains, virtmail, and SMTP relay. To enable this feature for a domain, two things need to happen:

* The domain needs proper DNS for our domainkey key (see below)
* The domain needs to be added to XMission routing config as one with DKIM signing.

== DKIM DNS ==
Add the following two TXT records to the domain.

'''Note''': Once added you must [https://xmission.com/contact contact] [mailto:support@xmission.com support@xmission.com] to add your domain to XMission's DKIM routing file and complete the process:

{| class="wikitable"
! Host !! Record Type !! Value
|-
| xmission._domainkey || TXT || "v=DKIM1; t=y; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzWmoe0tzQkSUzMqliwcQQ5zY1HKk4z+Wgp+dRCRe7MmSBPftE9r5Lx1QfTfF/J8gl4k9tFsUvUBap0fk1VGMYUG/2LynVuzpkCI4JlUKF5fbx+MDNZrVi0aX73Edjd9trU6NKldVnhNg1RixDLa4aB04XJviy6+3P1h3IHNaZ0QIDAQAB"
|-
| _domainkey || TXT || "t=y; o=~;"
|}

Reminder: XMission DNS systems do not require entry of the quotation marks on the records above. External DNS system may require quotation marks.

====Multiple Email Hosts with DKIM ====

It is possible to use more than one host with DKIM, though this is only possible if the DNS records used to announce the public key for the security handshake don't share subdomains with each other.

[[Category: Email]]

Zimbra Email Client Configurations

2023-05-05T16:48:45Z

Benjii:

__TOC__

These easy to follow instructions will help you configure your favorite client for use with your Zimbra email service.<br/>
For greater convenience, you can always access your mail at https://zimbra.xmission.com/

For more help, reference the video repository of helpful tips on the [https://www.youtube.com/channel/UCcB648SoNlCNvyIh4arcTGg Zimbra YouTube Channel].

== Recommended Email Settings==
<p>XMission always recommends an IMAP email configuration [https://xmission.com/blog/2009/02/09/why-imap-rules heres why.]</p>
{| style="text-align: left; border: 1px solid #ccc;" cellspacing="0" cellpadding="2"
! style="border-bottom:1px solid #ccc; background-color: #eef; padding:2px 8px" colspan=2 | Incoming Server Information:
! style="border-style: solid; border-width: 0 0 1px 1px; border-color:#ccc; background-color: #eef; padding:2px 8px" colspan=2 | Outgoing Server Information:
|-
|style="padding:2px 8px" |Server Type: || IMAP
|style="border-left:1px solid #ccc; padding:2px 8px" | Server Type: || SMTP
|-
|style="padding:2px 8px" |Hostname: || zimbra.xmission.com
|style="border-left:1px solid #ccc; padding:2px 8px" | Hostname: || zimbra.xmission.com  
|-
|style="padding:2px 8px" |Port: || 993
|style="border-left:1px solid #ccc; padding:2px 8px" | Port: || 587
|-
|style="padding:2px 8px" |Enable encryption: || YES
|style="border-left:1px solid #ccc; padding:2px 8px" | Enable encryption: || YES
|-
|style="padding:2px 8px" |Authenticate Using: || Password
|style="border-left:1px solid #ccc; padding:2px 8px" | Requires Authentication: || YES
|-
|style="padding:2px 8px" |Login User Name: || Full email address  
|style="border-left:1px solid #ccc; padding:2px 8px" |Login User Name || Full email address
|-
|style="padding:2px 8px" |Alternate Port: || 143, SSL POP3 995  
|style="border-left:1px solid #ccc; padding:2px 8px" |Alternate Port: || 465 (For older systems, no longer supported)
|-
|}
{|
|-
||Webmail Interface: |||[https://zimbra.xmission.com/ https://zimbra.xmission.com/]
|-
||Admin Interface: |||[https://zimbraadmin.xmission.com https://zimbraadmin.xmission.com]
|-
||Folders: ||| Sent Mail = "Sent", Drafts = "Drafts", Trash = "Trash", Spam = "Junk"
|-
||MX Record: ||| mx.xmission.com
|-
||TXT Record: ||| v=spf1 a mx include:_spf.xmission.com ~all
|}

- Please note that some free wireless hotspots may block SSL without an extra fee. If you cannot send or receive while on certain wifi networks (especially ones in airports or public spaces) please check their terms and conditions and ensure they are not blocking SSL connections.<br/><br/>

==Videos==
*[https://www.youtube.com/watch?v=vIshNacUSLU Setting up Zimbra Email on Mac using IMAP]

==Windows 10 / 8.x / 7 / Vista==
*[[Hosted_Email:Outlook_2013|Outlook 2013/2016/365]]
*[[Hosted_Email:Outlook_2010|Outlook 2010]]
*[[Hosted_Email:Outlook_Connector|Outlook Connector for Zimbra Premium]] and Personal Premium Zimbra accounts
*[[Hosted_Email:Thunderbird_Zimbra_41|Thunderbird 41]]

====Archive Windows====
The following Microsoft Widows mail applications are out of date and no longer supported beyond the settings provided below.
Zimbra platform does not guarantee compatibility on all legacy mail applications as many are outside RFE compliance and lack proper security.
* Windows XP - Mail applications on this OS will still work but are no longer supported
*[[Hosted_Email:Outlook_2007|Outlook 2007]] <- Please upgrade your mail application to a current version.
*[[Outlook 2003]] <- Please upgrade your mail application to a current version.
*[[Hosted_Email:Windows_Mail|Windows Live Mail]] <- Please upgrade your mail application to a current version.
*[[Hosted_Email:Outlook_Express|Outlook Express]] <- Please upgrade your mail application to a current version.
*[[Hosted_Email:Thunderbird_Setup|Thunderbird 3]] <-- Please upgrade your mail application to a current version.

==Mac OS==
These settings are compatible across the bulk all OS X versions.
*[[Hosted_Email:Outlook_Exchange_on_Mac|Outlook Exchange on Mac]] - For Personal Premium and Zimbra Business accounts
*[[Hosted_Email:MacMail_16.x|Mac Mail 16.x]] - IMAP setup
** Video Tutorial - [https://www.youtube.com/watch?v=vIshNacUSLU Setting up Zimbra on Mac Mail]
*[[Hosted_Email:Thunderbird_Mac|Thunderbird Mac]]
*[[Hosted_Email:Mutt|Mutt]]

====Archive Mac OS====
The following Mac mail applications are out of date and no longer supported beyond the settings provided below.
Zimbra platform does not guarantee compatibility on all legacy mail applications as many are outside RFE compliance and lack proper security.
*[[Hosted_Email:MacMail_10.x|Mac Mail 10.x]] Same settings for Mail 11.X and 12.X.
*[[Hosted_Email:MacMail_9.x|Mac Mail 9.x]]
**[[Hosted_Email:Calendar_Sync_OSX|Calendar Sync]] - for Personal Premium and Zimbra Business accounts
**[[Hosted_Email:Contacts_Sync_OSX|Contacts Sync]] - for Personal Premium and Zimbra Business accounts
*[[Hosted_Email:MacMail_7.x|Mac Mail 7.x]]
*[[Hosted_Email:MacMail_3|Mac Mail 3.x]]

==Linux==
*[[Hosted_Email:Thunderbird_Setup_Linux|Thunderbird Linux]]
*[[Hosted_Email:Evolution|Evolution Mail]]

==Mobile==
*[[Hosted Email Base:iOS|Apple iOS Devices - iPhone/iPad]] - Zimbra Base and Standard Accounts
*[[Hosted_Email:iOS|Apple iOS Devices - iPhone/iPad]] - Zimbra Premium Account configuration with Profile
*[[Apple iOS Devices - iPhone iPad with Exchange]] - Zimbra Business Premium, XMission.com Personal Zimbra email, & Consumer Edition w/ ActiveSync, Exchange setting
*[[Hosted_Email:Android|Android]]
*[[Android Portable Devices with Microsoft Exchange]] - Zimbra Business Premium, XMission.com Personal Zimbra, and Consumer Edition w/ ActiveSync, Exchange setting
*[[Hosted_Email:Windows_Mobile|Windows Mobile & Windows Phone 8]]
*[[Hosted_Email:BlackBerry|BlackBerry IMAP]]

== Other ==
*[[Hosted_Email:Mutt|Mutt]] Terminal based. Works on Linux and Mac OS.
* Zimbra Desktop - Zimbra deprecating at end of 2019. Use configuration settings provided at top of page.

== Convert from POP to IMAP ==
* Thunderbird POP to IMAP process: https://support.mozilla.org/en-US/kb/switch-pop-imap-account
* [[Windows Outlook 2007 POP to Zimbra IMAP]] Essentially same instructions for 2003.
* [[Outlook Express POP to Zimbra IMAP]]
* [[Windows Live Mail POP to Zimbra IMAP]]

[[Category:Client Email Configuration]]
[[Category:Email]]
[[Category:Zimbra]]

Shared Hosting

2023-03-29T20:59:17Z

Benjii: /* Getting Started */

<noinclude>
== Getting Started ==
</noinclude>
*[[Administration/Logging in]]
*[[Adding a Domain]]
**[[Adding a Subdomain]]
**[[Adding a Domain Alias]]
**[[Adding a Domain Forwarder]]
*[[Adding MySQL Databases]]
**[[Managing MySQL]]
*[[Adding/Managing DNS Records]]
*[[Managing Domain/Users]]
*[[Managing FTP Access/Users]]
**[[About FTP and Shared Hosting]]
*[[PHP Settings]]
*[[Previewing the Website]]
*[[Secure Your Sites]]
*[[Web Statistics]]
Additional Development Help
*[[Changing your upload limits]]
*[[Password Protecting a Directory With ".htaccess"]]
Applications
*[https://wiki.xmission.com/Lets_Encrypt Let's Encrypt!]
*[http://wiki.xmission.com/WordPress Wordpress One-Click Install]
*[https://wiki.xmission.com/WordPress_Toolkit WordPress Toolkit]
Domain Management
*[[Domains]]
*[[Hosting a domain not registered with XMission]]

[[Category: Shared Hosting]]

Shared Hosting

2023-03-28T15:30:05Z

Benjii:

<noinclude>
== Getting Started ==
</noinclude>
*[[Administration/Logging in]]
*[[Adding a Domain]]
**[[Adding a Subdomain]]
**[[Adding a Domain Alias]]
**[[Adding a Domain Forwarder]]
*[[Adding MySQL Databases]]
**[[Managing MySQL]]
*[[Adding/Managing DNS Records]]
*[[Managing Domain/Users]]
*[[Managing FTP Access/Users]]
**[[About FTP and Shared Hosting]]
*[[PHP Settings]]
*[[Previewing the Website]]
*[[Web Statistics]]
*[[Secure Your Sites]]
Additional Development Help
*[[Changing your upload limits]]
*[[Password Protecting a Directory With ".htaccess"]]
Applications
*[https://wiki.xmission.com/Lets_Encrypt Let's Encrypt!]
*[http://wiki.xmission.com/WordPress Wordpress One-Click Install]
*[https://wiki.xmission.com/WordPress_Toolkit WordPress Toolkit]
Domain Management
*[[Domains]]
*[[Hosting a domain not registered with XMission]]

[[Category: Shared Hosting]]

Shell Access

2023-03-22T14:35:43Z

Benjii:

==How do I activate my shell account?==
To activate your shell account, contacting the [https://xmission.com/contact XMission Sales] team is necessary.

===Why isn't shell access on by default?===
Having shell access enabled by default on all accounts presents a security risk. A shell account gives the user a direct window into our system. By minimizing the number of active shell accounts, we minimize the risk of compromising our system.

==Is there a way to transfer files to and from my XMission account other than FTP?==
Although FTP is the recommended way to transfer files to and from your XMission account, it's not the only way. SFTP (ssh ftp) works directly to shell.xmission.com.

=What is SSH and how do I use it?=
SSH is a secure shell. Using it is differs, depending on the operating system. Mac OS X is probably the easiest. Nothing special has to be installed. Simply open a terminal window and <tt>ssh username@shell.xmission.com</tt>. Accept the key and enter your password. For most Windows operating systems, an SSH client must be used. There are many SSH clients on the market and a few are "freeware". PuTTY is a recommended free SSH client for Windows. Some places to look for additional SSH software would be Download.com and Tucows.com.

==Can I choose my shell type?==
Yes. You can choose from bash, tcsh, sh, zsh, csh, and ksh. We recommend using either bash or csh, at first, since they're the most user-friendly.

==Why don't my screen and text work properly?==
There are two typical problems that occur during a telnet session. The first and most common problem is incorrect terminal emulation. The second problem occurs after a screen has been messed up by viewing a binary file.

The most commonly used terminal emulation is vt100, though vt220 is supported and recommended. To change the terminal emulation of your telnet application, view the preferences and choose either vt100 or vt220. However, even after specifying the terminal emulation for your telnet application, you may still have problems correctly displaying columns and rows. For this, you'll need to define the default size of your window in your run commands (explained below]). When trying to fix a screen after viewing a binary file, run <tt>fixvt</tt> at a command prompt.

==What are some common commands I'll need to know when using the UNIX shell?==
The most common commands you'll need to know are <tt>cd</tt> (changes your directory), <tt>pwd</tt> (shows your current directory path), and <tt>ls</tt> (lists the contents of the current directory). For a more complete list of common commands, please see our Common Commands page.

==Why do I get "command not found" when using a command I'm sure should work? ==
It's possible that you don't have the paths to the command directories defined correctly in your run commands. For instructions on defining the correct paths, see below.

===How do I edit my shell run commands (rc) file?===
Your shell run commands are found in a file named ''.cshrc'' (for c shell), ''.bashrc'' (for borne shell), ''.kshrc'' (for korn shell), etc. This file will be located in your home directory (/home/users/u/username). It contains commands that are run when you first log on to set your paths, environment variables, and aliases. Before changing ANY rc file, it's recommended you make a back-up copy.

To set or edit your paths, edit your run commands file with a text editor (pico, vi, ed, etc.). Your paths will be defined after the command <tt>set path =</tt>. The default paths should be <tt>/bin /usr/local/bin /usr/bin</tt>. If you'd like to add a path, simply add it to the end, separated by a space. (e.g.: /home/users/u/username/morecommands/) If you'd like to edit what information is displayed in your prompt, edit the <tt>set prompt=</tt> variable. A useful way to define your prompt is to have it display your current directory. To do this, remove the default <tt>set prompt=</tt> and enter this in its place:

<tt>alias cd 'cd \!* ; set prompt="'hostname':'pwd'> "'</tt> To edit your environment variables, first type <tt>env</tt> at a command prompt to show your current variables. If you'd like to change any of these, enter the definition after a new "setenv" line. The proper syntax, as you'll see in the default settings, is:

<tt>setenv VARIABLE_NAME path/or/command:/2nd/path/or/command/</tt> Adding an alias is fairly simple. If you'd like a certain command to be run when you type something in at the command prompt, you'd enter that here. The proper syntax is:

<tt>alias aliasedcommand 'realcommand -options'</tt> This is also where you define your terminal emulation settings.
<tt>setenv TERM vt100 </tt>(sets terminal type)
<tt>/bin/stty rows 24 </tt>(sets number of rows)
<tt>/bin/stty cols 80 </tt>(sets number of columns)
<tt>/bin/stty erase ^H </tt>(sets backspace command)

==What are all these files in my home directory, and what are they for?==
If you do a complete list, showing hidden files, of your home directory, you will notice that there are several files already there. The files are listed and explained in the table below. Some of these files will not be there by default, but only appear if the application that uses them is run.

===Types===
rc run commands/preferences (usually, but not always)

===Files===
.cshrc shell run commands(for csh or tcsh) .gopherrc gopher preferences .login shell preferences (read after run commands at login) .newsrc news preferences .nn Network News Reader preferences .pinerc Pine preferences (pine is primarily used for email) .tin Threaded Internetwork News preferences

===Directories===
bin can contain scripts or binary executables ftp your personal directory for file transfer mail Email is stored here (used by pine and others) news articles are saved here by default public_html your web pages

==How can I alter the information shown in my prompt?==
If you use tcsh, changing the prompt is as simple as entering the command:

<tt>set prompt="options"</tt>

However, with other shells, you will need to edit the <tt>set prompt=</tt> line in your shell run commands file (shown above).

==What program can I use to read email from a shell? ==

Probably the most popular options are ''mutt'' (recommended) and ''pine'', but ''elm'', ''mail/rmail'', and ''emacs'' are also available. At a command prompt, run the command <tt>mutt</tt>, <tt>pine</tt>, or <tt>elm</tt> and the mail client will open, also creating either a /mail (pine and elm) or /Mail (mutt) directory. Using mail/rmail
or emacs isn't quite as intuitive. It's recommended that you read the manual before using. (Type <tt>man mail</tt> or <tt>man emacs</tt> at a command prompt.)

==What program can I use to read news (Usenet) from a shell?==
The newsreaders available on shell are slrn, tin, nn, pine, nmh, trn, and emacs. The most popular ones would be slrn, tin, nn, and pine. We recommend slrn, since it's the only one that still has development. For more information on how to use any of these programs, type "man" followed by the program name at the command prompt (e.g.: <tt>man tin</tt>).

==How do I kill a process? ==
Before you kill a processes, you have to have its processes ID. You get this by typing "ps" at the command prompt. Once you've determined which one of your processes is the one you want to kill, type <tt>kill -9 PID</tt> (where PID is the actual processes ID) at the command prompt.

==How do I compress and decompress files? ==
The method you'll use to decompress a file is determined by looking at the file extension. The instructions below show how to decompress the file in the current directory. For further information, see the
manual for each program (tar, bzip, unzip, gzip, uncompress).

<tt>file.tar </tt><tt>tar xvf file.tar</tt>

<tt>file.Z </tt> <tt>uncompress file.Z</tt>

<tt>file.gz </tt> <tt>gzip -d file.gz</tt>

<tt>file.zip </tt> <tt>unzip file.zip</tt>

<tt>file.bz2 </tt> <tt>bzip2 -d file.bz2</tt>

If there is a combination of formats, such as file.tar.gz, you can
either pipe one command to the other (e.g. <tt>gzip -d file.tar.gz | tar
xvf</tt>), or see if the option is supported by tar (<tt>man tar</tt>>. Using the command
<tt>tar xvfz file.tar.gz</tt> will handle both the gzip compression and the
tar compression. When piping a .Z file, however, be sure to use <tt>zcat
file.Z</tt> (the equivalent of <tt>uncompress -c file.Z</tt>, which writes to standard
output the files that were compressed). A similar rule applies to
bzip2, where you should use <tt>bzcat file.bz2</tt> (equal to <tt>bzip2 -dc file.bz2</tt>)
when piping the output to another command.

==What are some basics on setting permissions with "chmod"?==

First, an understanding of file/directory ownership is needed. Each
file or directory has a user (also the owner) and a group. The owner
of your files should always be your XMission username. The groups
you'll need to know are www (which gives the web server access to
the files) and users (which gives any of XMission's users, from shell,
access to the files). There's also the category, others, that includes
any user or group.

Permissions are based on those three categories: owner, group, and
others. When you do a long listing of the file (<tt>ls -l filename</tt>), the
permissions will be displayed to the left. The format is shown as
such:

<tt>-rw-r--r-- 1 acctname group 1949 Sep
19 2000 file.html</tt>

The first space defines weather the file is a simple file (shown with a hyphen) or a directory (shown with a d). The next three spaces represent the permissions (highlighted in red)
for the owner, the next three are for the group, and the last three
are for others. The letters represent what kind of permissions are
allowed.

'''r ''' = Read (view and make copies)

'''w ''' = Write (make changes to or delete)

'''x ''' = Execute (run program/script)
When using "chmod" to change permissions, you will need to specify
the category by using one or a combination of the following letters:

'''u ''' = User (Owner)

'''g ''' = Group

'''o ''' = Others

'''a ''' = All (same as using "ugo")
To change the permissions, execute "chmod" with the following parameters:

<tt>chmod who+/-/=permission file</tt>

The plus (+) adds the following permission, the minus (-) removes
it, and the (=) adds it, discarding any previous permissions. Some
examples:

<tt>chmod g+r file.html</tt> (adds read access for group)

<tt>chmod go-r file.html</tt> (removes read access from group and
others)

<tt>chmod a=x file.html</tt> (replaces existing permissions with read
access for all)

<tt>chmod g+rx file.html</tt> (adds read and execute access for group)
There is another way to change permissions without having to write
out <tt>chmod who+/-/=permission file</tt> every time. This method uses a 3-digit octal
number. Determining the octal number is fairly easy after some practice.
To start, refer to the chart below.

===Symbol Octal===

---0 --x1 -w-2 -wx3 r--4 r-x5 rw-6 rwx7

For example, if you'd like to set the permissions on file.html
to be <tt>-rw-r--r--</tt> you would determine the octal number
like this (skip the first space in the set):
<tt>rw-</tt> = 6, <tt>r--</tt> = 4, <tt>r--</tt> = 4. The octal
number is 644.

To execute the command, type:

chmod 644 file.html
'''Note''': This would be the same as using:

chmod a+r file.html

chmod u+x file.html

(if no permissions were previously set).

Changing ownership and the group of a file would normally be done with "chown" and "chgrp". However, because these commands are restricted to the user and group being specified, you're unable to use them on XMission (because you're only one user and you're only a member of one group). However, if you'd like a file to belong to the group www, you can either create it in or upload it to your public_html directory. This will set the group, by default, to www.

[[Category:FAQ|Shell Access]]
[[Category:Troubleshooting]]
[[Category:Getting Started]]

Main Page

2023-03-20T21:23:28Z

Benjii:

__NOTOC__ __NOEDITSECTION__
{| width="100%" style="vertical-align:top"
<div style="margin: 0; margin-right:10px; border: 2px solid 004,209,252; padding: 0 1em 1em 1em; background-color:#ffffff; text-align:left;">
<h1 class="superHeader blue">[[File:support.png]]XMission Support Wiki</h1>
'''Welcome to XMission Support Wiki. We have documentation for may of our products. If you cannot find what you need please feel free to check out our [http://wiki.xmission.com/Category:Troubleshooting Troubleshooting Page]. You can also [http://xmission.com/contact/ contact our technical support team].'''
</div>
{| width="100%" class="padding-control"
| width="50%" style="vertical-align:top" |
<div style="margin: 0; margin-right:15px; padding: 17px; background-color:#c0ebf4; height:auto;">
==<div style="background-color:#03afd3; color:white; margin:-1em; padding:1em; font-family:Arvo;">Top Support Issues</div>==
* [[Hosted_Email:_Admin_Panel#Change_Password | <span style="color:#1c1f22;">Zimbra Password Change</span>]] (Domain Admin)
* [[Zimbra Email Client Configurations | <span style="color:#1c1f22;">Zimbra Email Client Configuration</span>]]
* [[Spam | <span style="color:#1c1f22;">Spam</span>]]
* [[SPF and DKIM | <span style="color:#1c1f22;">SPF and DKIM</span>]]
* [[Passwords |<span style="color:#1c1f22;">How do I change my password?</span>]]
* [[Account_Home |<span style="color:#1c1f22;">How do I pay my bill?</span>]]
* [[UTOPIA Setup | <span style="color:#1c1f22;">UTOPIA Router Configuration</span>]]
* [[Speedtest | <span style="color:#1c1f22;">Speed Concerns</span>]]
* [[Router and Wireless Troubleshooting | <span style="color:#1c1f22;">Router and Wireless Troubleshooting</span>]]
</div><br>
<div style="margin: 0; margin-right:15px; padding: 17px; background-color:#ffd9c4; height:auto;">
==<div style="background-color:#ee4b00; color:white; margin:-1em; padding:1em; font-family:Arvo;">Popular Articles</div>==
* [[General Email Settings | <span style="color:#1c1f22;">General Email Settings</span>]]
* [[Hosted_Email:Zimbra_Self-Service_Account_Recovery | <span style="color:#1c1f22;"> Reset your forgotten Zimbra email password</span>]]
* [[Zimbra Domain Email and Collaboration Suite | <span style="color:#1c1f22;">Zimbra Domain Email and Collaboration Suite</span>]]
* [[XMission_Voice_Portal | <span style="color:#1c1f22;">XMission Voice Portal </span>]]
* [[About_FTP_and_Shared_Hosting | <span style="color:#1c1f22;"> About FTP and Shared Hosting </span>]]
* [[Lets_Encrypt | <span style="color:#1c1f22;"> Let's Encrypt </span>]]

</div><br>
<div style="margin: 0; margin-right:15px; padding: 17px; background-color:#eff5ce; height:auto;">
==<div style="background-color:#b3ca37; color:white; margin:-1em; padding:1em; font-family:Arvo;">Top Categories</div>==
* [[Connections|<span style="color:#1c1f22;">Connections</span>]]
* [[Email|<span style="color:#1c1f22;">Email</span>]]
* [[Hosting|<span style="color:#1c1f22;">Hosting</span>]]
* [[XMission_Voice|<span style="color:#1c1f22;">XMission Voice</span>]]
* [[XMission_Services|<span style="color:#1c1f22;">XMission Services</span>]]
</div><br>
| width="50%" style="vertical-align:top" |
<div style="margin: 0; margin-right:15px; padding: 17px; background-color:#eff5ce; height:auto;">
==<div style="background-color:#b3ca37; color:white; margin:-1em; padding:1em; font-family:Arvo;">About XMission</div>==
If you're just starting out, these links are recommended reading:
* [[Announcements|<span style="color:#1c1f22;">Announcements</span>]]
* [[Account_Home|<span style="color:#1c1f22;">Billing</span>]]
* [[Domains|<span style="color:#1c1f22;">Domains</span>]]
* [[Recommended_Routers|<span style="color:#1c1f22;">Recommended Routers</span>]]
* [[Banners|<span style="color:#1c1f22;">Banners</span>]]
* [[Logos|<span style="color:#1c1f22;">Logos</span>]]
</div><br>
<div style="margin: 0; margin-right:15px; padding: 17px; background-color:#dddedf; height:auto;">
==<div style="background-color:#717475; color:white; margin:-1em; padding:1em; font-family:Arvo;">Troubleshooting</div>==
* [[Router_and_Wireless_Troubleshooting | <span style="color:#1c1f22;">Slow speeds over Wifi?</span>]]
* [[How_to_use_ssh_keys|<span style="color:#1c1f22;">How to use ssh keys</span>]]
* [[Cloud_Hosting|<span style="color:#1c1f22;">Cloud Hosting</span>]]
* [[Shared Hosting| <span style="color:#1c1f22;">Shared Hosting</span>]]
* [[Router and Wireless Troubleshooting|<span style="color:#1c1f22;">Router and Wireless Troubleshooting</span>]]
</div><br>
<div style="margin: 0; margin-right:15px; padding: 17px; background-color:#f1f2f2; height:auto;">
==<div style="background-color:#acb0b2; color:white; margin:-1em; padding:1em; font-family:Arvo;">Contact Us</div>==
{|
|[[File:Phone.png|link=]] [[File:Mail.png|link=mailto:support@xmission.com|alt="Contact us via E-Mail!"]] [[File:Live-support-2.png|link=https://livesupport.xmission.com|alt="Contact us via Live Support!"]] [[File:Twitter.png|link=http://twitter.com/#!/xmission|alt="Check out our Twitter feed!"]] [[File:Facebook.png|link=https://www.facebook.com/pages/XMission/6155383019|alt="Find us on Facebook!"]]
|-
| <div style="font-size:13px; color:#777; line-height:160%; width:250px;">Our live technical support is available for you 24/7 at <b>801.539.0852</b> or<br /> <b>877.XMISSION</b> (877.964.7746)
</div>
|}
</div><br>
<div style="position:absolute; top:475px; left:-194px; width:160px; height:420px;">[[File:Zimbra-wiki-ad.png|link=http://xmission.com/email_collaboration?cid=wikibanner1]]</div>
|}

[[Category: Getting Started]]

Main Page

2023-03-17T22:00:42Z

Benjii:

__NOTOC__ __NOEDITSECTION__
{| width="100%" style="vertical-align:top"
<div style="margin: 0; margin-right:10px; border: 2px solid 004,209,252; padding: 0 1em 1em 1em; background-color:#ffffff; text-align:left;">
<h1 class="superHeader blue">[[File:support.png]]XMission Support Wiki</h1>
'''Welcome to XMission Support Wiki. We have documentation for may of our products. If you cannot find what you need please feel free to check out our [http://wiki.xmission.com/Category:Troubleshooting Troubleshooting Page]. You can also [http://xmission.com/contact/ contact our technical support team].'''
</div>
{| width="100%" class="padding-control"
| width="50%" style="vertical-align:top" |
<div style="margin: 0; margin-right:15px; padding: 17px; background-color:#c0ebf4; height:auto;">
==<div style="background-color:#03afd3; color:white; margin:-1em; padding:1em; font-family:Arvo;">Top Support Issues</div>==
* [[Hosted_Email:_Admin_Panel#Change_Password | <span style="color:#1c1f22;">Zimbra Password Change</span>]] (Domain Admin)
* [[Zimbra Email Client Configurations | <span style="color:#1c1f22;">Zimbra Email Client Configuration</span>]]
* [[Spam | <span style="color:#1c1f22;">Spam</span>]]
* [[SPF and DKIM | <span style="color:#1c1f22;">SPF and DKIM</span>]]
* [[Passwords |<span style="color:#1c1f22;">How do I change my password?</span>]]
* [[Account_Home |<span style="color:#1c1f22;">How do I pay my bill?</span>]]
* [[UTOPIA Setup | <span style="color:#1c1f22;">UTOPIA Router Configuration</span>]]
* [[Speedtest | <span style="color:#1c1f22;">Speed Concerns</span>]]
* [[Router and Wireless Troubleshooting | <span style="color:#1c1f22;">Router and Wireless Troubleshooting</span>]]
</div><br>
<div style="margin: 0; margin-right:15px; padding: 17px; background-color:#ffd9c4; height:auto;">
==<div style="background-color:#ee4b00; color:white; margin:-1em; padding:1em; font-family:Arvo;">Popular Articles</div>==
* [[General Email Settings | <span style="color:#1c1f22;">General Email Settings</span>]]
* [[Hosted_Email:Zimbra_Self-Service_Account_Recovery | <span style="color:#1c1f22;"> Reset your forgotten Zimbra email password</span>]]
* [[Zimbra Domain Email and Collaboration Suite | <span style="color:#1c1f22;">Zimbra Domain Email and Collaboration Suite</span>]]
* [[XMission_Voice_Portal | <span style="color:#1c1f22;">XMission Voice Portal </span>]]
* [[About_FTP_and_Shared_Hosting | <span style="color:#1c1f22;"> About FTP and Shared Hosting </span>]]
* [[Lets_Encrypt | <span style="color:#1c1f22;"> Let's Encrypt </span>]]

</div><br>
<div style="margin: 0; margin-right:15px; padding: 17px; background-color:#eff5ce; height:auto;">
==<div style="background-color:#b3ca37; color:white; margin:-1em; padding:1em; font-family:Arvo;">Top Categories</div>==
* [[Connections|<span style="color:#1c1f22;">Connections</span>]]
* [[Email|<span style="color:#1c1f22;">Email</span>]]
* [[Hosting|<span style="color:#1c1f22;">Hosting</span>]]
* [[XMission_Voice|<span style="color:#1c1f22;">XMission Voice</span>]]
* [[XMission_Services|<span style="color:#1c1f22;">XMission Services</span>]]
</div><br>
| width="50%" style="vertical-align:top" |
<div style="margin: 0; margin-right:15px; padding: 17px; background-color:#eff5ce; height:auto;">
==<div style="background-color:#b3ca37; color:white; margin:-1em; padding:1em; font-family:Arvo;">About XMission</div>==
If you're just starting out, these links are recommended reading:
* [[Announcements|<span style="color:#1c1f22;">Announcements</span>]]
* [[Banners|<span style="color:#1c1f22;">Banners</span>]]
* [[Account_Home|<span style="color:#1c1f22;">Billing</span>]]
* [[Domains|<span style="color:#1c1f22;">Domains</span>]]
* [[Logos|<span style="color:#1c1f22;">Logos</span>]]
</div><br>
<div style="margin: 0; margin-right:15px; padding: 17px; background-color:#dddedf; height:auto;">
==<div style="background-color:#717475; color:white; margin:-1em; padding:1em; font-family:Arvo;">Troubleshooting</div>==
* [[XMission_App | <span style="color:#1c1f22;">Slow speeds over Wifi?</span>]]
* [[How_to_use_ssh_keys|<span style="color:#1c1f22;">How to use ssh keys</span>]]
* [[Cloud_Hosting|<span style="color:#1c1f22;">Cloud Hosting</span>]]
* [[Shared Hosting| <span style="color:#1c1f22;">Shared Hosting</span>]]
* [[Router and Wireless Troubleshooting|<span style="color:#1c1f22;">Router and Wireless Troubleshooting</span>]]
</div><br>
<div style="margin: 0; margin-right:15px; padding: 17px; background-color:#f1f2f2; height:auto;">
==<div style="background-color:#acb0b2; color:white; margin:-1em; padding:1em; font-family:Arvo;">Contact Us</div>==
{|
|[[File:Phone.png|link=]] [[File:Mail.png|link=mailto:support@xmission.com|alt="Contact us via E-Mail!"]] [[File:Live-support-2.png|link=https://livesupport.xmission.com|alt="Contact us via Live Support!"]] [[File:Twitter.png|link=http://twitter.com/#!/xmission|alt="Check out our Twitter feed!"]] [[File:Facebook.png|link=https://www.facebook.com/pages/XMission/6155383019|alt="Find us on Facebook!"]]
|-
| <div style="font-size:13px; color:#777; line-height:160%; width:250px;">Our live technical support is available for you 24/7 at <b>801.539.0852</b> or<br /> <b>877.XMISSION</b> (877.964.7746)
</div>
|}
</div><br>
<div style="position:absolute; top:475px; left:-194px; width:160px; height:420px;">[[File:Zimbra-wiki-ad.png|link=http://xmission.com/email_collaboration?cid=wikibanner1]]</div>
|}

[[Category: Getting Started]]

Lets Encrypt

2023-03-17T21:59:38Z

Benjii:

=Let's Encrypt!=
Securing your website is a key step increasing your site's visibility to search engines and during marketing campaigns. While a free SSL certificate doesn't offer the same liability coverage that a paid SSL certificate can offer, it is still useful for websites that don't collect data. Should your site need to collect customer information, please reach out to [https://xmission.com/contact XMission's Sales team] for more information about ordering a paid SSL certificate.

Let's Encrypt is a free SSL/CA service created by the Internet Security Research Group (ISRG). It allows its users to create their own SSL/TLS certificate to have secure HTTPS connections to their websites through a free service in their Shared Hosting panel. If you would like to know more about the ISRG or the Let's Encrypt product, please see [https://letsencrypt.org/about/ letsencrypt].

==How to create your own SSL certificate using Let's Encrypt==
'''1.''' Log in to your [https://hosting.xmission.com Shared Hosting panel].

'''2.''' Click on "'''SSL/TLS Certificate'''" under '''Security''' from the dashboard of the site you want to install Lets Encrypt

[[File:pleskSSL-1.png|600px]]

'''3.''' Click on '''Install a free basic certificate provided by Let's Encrypt''' located at the bottom of the page.
* '''NOTE''' In order for Let's Encrypt to successfully install your domain's Names Servers need to be hosted by XMission and the "A" and "AAAA" Records must point to the server's IP Address. If you need any help with Name Servers and A Records please visit [[Hosting_a_domain_not_registered_with_XMission | Domain not with XMission]].

[[File:PleskLE-1.png|600px]]

'''4.''' Fill in a contact email in case of a lost key, renewal failures, or if you are in need of recovery.
* '''Secure the domain name''' - Keep this checked to secure your base domain.
* ''' Secure the wildcard domain''' - If you have subdomains you wish to have covered by the certificate, check this box.
* '''Include a 'www' subdomain for the domain''' - If you wish to have your www website covered by the certificate, check this box.

'''5.''' Click "'''Get it free'''"

[[File:PleskLE-2.png|600px]]

'''6.''' Let's Encrypt verifies the certificate by using DNS, so waiting on propagation is necessary. It is possible to review your domain's DNS propagation using various online services such as [https://whatsmydns.net WhatsMyDNS.Net] and then searching the '''_acme-challenge.'''''yourdomain.tld'' TXT record to see if the rest of the world can see the record.
: '''Note''': DNS commonly goes live in under an hour, but potentially can take up to 24-48 hours to go live globally. Especially if there was a previous record it is replacing and the previous records TTL needs to expire.
* Once the '''_acme-challenge.'''''yourdomain.tld'' TXT record has been confirmed serving, click '''Reload''' to finalize the Let's Encrypt certificate generation.

[[File:LetsEncrypt-Reload.png|600px]]

'''7.''' Return to the Websites & Domains home page and under the '''Hosting & DNS''' tab, select the listing for '''Hosting Settings'''.

[[File:HostingSettings.png|600px]]

'''8.''' You will find the '''Security''' section where we can ensure the Let's Encrypt certificate is properly in place.
* '''SSL/TLS support''': Allows the website to be able to use the certificate.
* '''Permanent SEO-safe 301 redirect from HTTP to HTTPS''': Any attempts to load the site without the SSL certificate (over HTTP) will be automatically redirected to the secure version of the page. (over HTTPS)
* '''Certificate''': The default repository is for the certificate Plesk loads which ''will not work for general purposes''. Select the name matching your Let's Encrypt installation process.
: Once completed, select '''Ok''' at the bottom of the page to save and return to the previous page.

[[File:HostingSettings-SaveCertificate.png|600px]]

The Let's Encrypt Certificate has been fully generated and installed!

[[File:HostingSettings-SettingSuccessfullySaved.png|600px]]

'''Note''': After completion you will be given a message that states it has saved properly. This indicates the server has marked the change to be implanted to your Apache & Nginx configuration. A regularly occurring CRON job will implement the change within five minutes. You will notice the website briefly give an HTTP 502 error, then it will load the new certificate properly. In case it gets stuck, please contact our 24/7 support team for assistance restarting the related server processes to force it to go live.

{{:Shared_Hosting}}

[[Category:Shared Hosting]]

File:HostingSettings-SettingSuccessfullySaved.png

2023-03-17T21:53:34Z

Benjii: Success message after saving the changes in Hosting Settings.

Success message after saving the changes in Hosting Settings.

File:HostingSettings-SaveCertificate.png

2023-03-17T21:38:51Z

Benjii: Withing the Plesk interface's Hosting Settings section, you can review the SSL certificate settings for the website we are installing Let's Encrypt on.

Withing the Plesk interface's Hosting Settings section, you can review the SSL certificate settings for the website we are installing Let's Encrypt on.

File:HostingSettings.png

2023-03-17T21:38:13Z

Benjii: Selecting Hosting Settings on Plesk.

Selecting Hosting Settings on Plesk.

File:LetsEncrypt-Reload.png

2023-03-17T21:36:37Z

Benjii: Benjii uploaded a new version of File:LetsEncrypt-Reload.png

Displaying the reload button for the Let's Encrypt registration process.

File:LetsEncrypt-Reload.png

2023-03-17T20:49:15Z

Benjii: Displaying the reload button for the Let's Encrypt registration process.

Displaying the reload button for the Let's Encrypt registration process.

Zimbra Email Client Configurations

2023-03-17T18:34:31Z

Benjii:

__TOC__

These easy to follow instructions will help you configure your favorite client for use with your Zimbra email service.<br/>
For greater convenience, you can always access your mail at https://zimbra.xmission.com/

For more help, reference the video repository of helpful tips on the [https://www.youtube.com/channel/UCcB648SoNlCNvyIh4arcTGg Zimbra YouTube Channel].

== Recommended Email Settings==
<p>XMission always recommends an IMAP email configuration [https://xmission.com/blog/2009/02/09/why-imap-rules heres why.]</p>
{| style="text-align: left; border: 1px solid #ccc;" cellspacing="0" cellpadding="2"
! style="border-bottom:1px solid #ccc; background-color: #eef; padding:2px 8px" colspan=2 | Incoming Server Information:
! style="border-style: solid; border-width: 0 0 1px 1px; border-color:#ccc; background-color: #eef; padding:2px 8px" colspan=2 | Outgoing Server Information:
|-
|style="padding:2px 8px" |Server Type: || IMAP
|style="border-left:1px solid #ccc; padding:2px 8px" | Server Type: || SMTP
|-
|style="padding:2px 8px" |Hostname: || zimbra.xmission.com
|style="border-left:1px solid #ccc; padding:2px 8px" | Hostname: || zimbra.xmission.com  
|-
|style="padding:2px 8px" |Port: || 993
|style="border-left:1px solid #ccc; padding:2px 8px" | Port: || 587
|-
|style="padding:2px 8px" |Enable encryption: || YES
|style="border-left:1px solid #ccc; padding:2px 8px" | Enable encryption: || YES
|-
|style="padding:2px 8px" |Authenticate Using: || Password
|style="border-left:1px solid #ccc; padding:2px 8px" | Requires Authentication: || YES
|-
|style="padding:2px 8px" |Login User Name: || Full email address  
|style="border-left:1px solid #ccc; padding:2px 8px" |Login User Name || Full email address
|-
|style="padding:2px 8px" |Alternate Port: || 143, SSL POP3 995  
|style="border-left:1px solid #ccc; padding:2px 8px" |Alternate Port: || 465 (For older systems, no longer supported)
|-
|}
{|
|-
||Webmail Interface: |||[https://zimbra.xmission.com/ https://zimbra.xmission.com/]
|-
||Admin Interface: |||[https://zimbraadmin.xmission.com https://zimbraadmin.xmission.com]
|-
||Folders: ||| Sent Mail = "Sent", Drafts = "Drafts", Trash = "Trash", Spam = "Junk"
|-
||MX Record: ||| mx.xmission.com
|}

- Please note that some free wireless hotspots may block SSL without an extra fee. If you cannot send or receive while on certain wifi networks (especially ones in airports or public spaces) please check their terms and conditions and ensure they are not blocking SSL connections.<br/><br/>

==Videos==
*[https://www.youtube.com/watch?v=vIshNacUSLU Setting up Zimbra Email on Mac using IMAP]

==Windows 10 / 8.x / 7 / Vista==
*[[Hosted_Email:Outlook_2013|Outlook 2013/2016/365]]
*[[Hosted_Email:Outlook_2010|Outlook 2010]]
*[[Hosted_Email:Outlook_Connector|Outlook Connector for Zimbra Premium]] and Personal Premium Zimbra accounts
*[[Hosted_Email:Thunderbird_Zimbra_41|Thunderbird 41]]

====Archive Windows====
The following Microsoft Widows mail applications are out of date and no longer supported beyond the settings provided below.
Zimbra platform does not guarantee compatibility on all legacy mail applications as many are outside RFE compliance and lack proper security.
* Windows XP - Mail applications on this OS will still work but are no longer supported
*[[Hosted_Email:Outlook_2007|Outlook 2007]] <- Please upgrade your mail application to a current version.
*[[Outlook 2003]] <- Please upgrade your mail application to a current version.
*[[Hosted_Email:Windows_Mail|Windows Live Mail]] <- Please upgrade your mail application to a current version.
*[[Hosted_Email:Outlook_Express|Outlook Express]] <- Please upgrade your mail application to a current version.
*[[Hosted_Email:Thunderbird_Setup|Thunderbird 3]] <-- Please upgrade your mail application to a current version.

==Mac OS==
These settings are compatible across the bulk all OS X versions.
*[[Hosted_Email:Outlook_Exchange_on_Mac|Outlook Exchange on Mac]] - For Personal Premium and Zimbra Business accounts
*[[Hosted_Email:MacMail_16.x|Mac Mail 16.x]] - IMAP setup
** Video Tutorial - [https://www.youtube.com/watch?v=vIshNacUSLU Setting up Zimbra on Mac Mail]
*[[Hosted_Email:Thunderbird_Mac|Thunderbird Mac]]
*[[Hosted_Email:Mutt|Mutt]]

====Archive Mac OS====
The following Mac mail applications are out of date and no longer supported beyond the settings provided below.
Zimbra platform does not guarantee compatibility on all legacy mail applications as many are outside RFE compliance and lack proper security.
*[[Hosted_Email:MacMail_10.x|Mac Mail 10.x]] Same settings for Mail 11.X and 12.X.
*[[Hosted_Email:MacMail_9.x|Mac Mail 9.x]]
**[[Hosted_Email:Calendar_Sync_OSX|Calendar Sync]] - for Personal Premium and Zimbra Business accounts
**[[Hosted_Email:Contacts_Sync_OSX|Contacts Sync]] - for Personal Premium and Zimbra Business accounts
*[[Hosted_Email:MacMail_7.x|Mac Mail 7.x]]
*[[Hosted_Email:MacMail_3|Mac Mail 3.x]]

==Linux==
*[[Hosted_Email:Thunderbird_Setup_Linux|Thunderbird Linux]]
*[[Hosted_Email:Evolution|Evolution Mail]]

==Mobile==
*[[Hosted Email Base:iOS|Apple iOS Devices - iPhone/iPad]] - Zimbra Base and Standard Accounts
*[[Hosted_Email:iOS|Apple iOS Devices - iPhone/iPad]] - Zimbra Premium Account configuration with Profile
*[[Apple iOS Devices - iPhone iPad with Exchange]] - Zimbra Business Premium, XMission.com Personal Zimbra email, & Consumer Edition w/ ActiveSync, Exchange setting
*[[Hosted_Email:Android|Android]]
*[[Android Portable Devices with Microsoft Exchange]] - Zimbra Business Premium, XMission.com Personal Zimbra, and Consumer Edition w/ ActiveSync, Exchange setting
*[[Hosted_Email:Windows_Mobile|Windows Mobile & Windows Phone 8]]
*[[Hosted_Email:BlackBerry|BlackBerry IMAP]]

== Other ==
*[[Hosted_Email:Mutt|Mutt]] Terminal based. Works on Linux and Mac OS.
* Zimbra Desktop - Zimbra deprecating at end of 2019. Use configuration settings provided at top of page.

== Convert from POP to IMAP ==
* Thunderbird POP to IMAP process: https://support.mozilla.org/en-US/kb/switch-pop-imap-account
* [[Windows Outlook 2007 POP to Zimbra IMAP]] Essentially same instructions for 2003.
* [[Outlook Express POP to Zimbra IMAP]]
* [[Windows Live Mail POP to Zimbra IMAP]]

[[Category:Client Email Configuration]]
[[Category:Email]]
[[Category:Zimbra]]

Hosted Email:Zimbra Self-Service Account Recovery

2023-03-17T16:10:18Z

Benjii:

Zimbra business email users can recover their account by resetting their own passwords by using the "Forgot Password" link on Zimbra webmail login page. The process utilizes a recovery email address of the users choice; it doesn't have to be under the Zimbra domain, and can be a valid third party email address.

== Setting Up Password Recovery Email ==
There are two parts to the account recovery using Zimbra's password reset functionality.

'''Step One:''' Establish the recovery email address.
: In the Zimbra web client ([https://zimbra.xmission.com zimbra.xmission.com]), go to '''Preferences > Accounts''', and you'll find a new section called '''Password Recovery Account Settings'''. Enter a valid email for password recovery address and click "Add Recovery Email."

'''Step Two:''' Validate the recovery email address and save.
: Open your recovery address mailbox and retrieve the verification code. This verification code is only valid for 10 minutes. Return to the Zimbra webmail and enter the verification code in its field under the "Password Recovery Account Settings" section within 10 minutes of clicking the "Add Recovery Email" button. This should confirm the setting. Remember to hit "Save" when existing Zimbra webmail preferences.

Your recovery process is now validated and established.

'''Note''': If you have a personal Zimbra email address ending @XMission.com you will not be able to use this feature to recover your account and instead will need to update your password using the tools found at [https://xmission.com/control the XMission Control Panel].

== Using Forgot Password to Reset Your Password ==
Once a recovery email is setup, the Zimbra self-service password recovery can be used.
* To recover your Zimbra mailbox account you can click on the "'''Forgot Password'''" link on the Zimbra web client login page ([https://zimbra.xmission.com zimbra.xmission.com]).
[[File:Zimbrapwrecov1.png]]
* Enter the full email address of the account you are trying to recover, then click the "'''Submit'''" button.
[[File:Zimbrapwrecov2.png]]
* On the following page, click the "'''Request Code'''" button at the bottom of the box. This will send a code to your recovery email address. Like the verification code, this reset code is only valid for 10 minutes.
[[File:Zimbrapwrecov3.png]]
* Open that address mailbox and retrieve the reset code which you will enter on the Zimbra webmail recovery form. The email will look like this:
[[File:Zimbrapwrecov4.png]]
* Go back to the Zimbra webmail recovery form, and enter the reset code within 10 minutes of clicking the "'''Request Code'''" button from the previous page. Then click the "'''Verify Code'''" button.
[[File:Zimbrapwrecov5.png]]
* On this page you can either choose to log into the web client directly, or you can choose to reset your password. We'll want to choose "'''Reset Password'''" for this example.
[[File:Zimbrapwrecov6.png]]
* At this point you will be prompted to establish a new password.
: '''Note''': Always create new secure passwords, never re-use passwords from other sites as they are likely compromised. Password managers make this process easy and will generate secure passwords for you.
* Once you have entered and confirmed your new password, click the "'''Submit'''" button to set it.
[[File:Zimbrapwrecov7.png]]
* With that, your password has been reset!

'''Important''': Remember to update all devices and applications that were using the previous password. This can include; email, calendars, contacts, tasks, notes, and files.

[[Category:Zimbra]]

SPF and DKIM

2023-03-09T21:33:21Z

Benjii: /* DKIM DNS */

SPF and DKIM are two important security methods domain owners have of "authorizing" specific email servers to send mail on their behalf. Besides providing greater deliverability of your messages, these mechanisms prevent fraudsters from sending spoofing emails as your domain.

These TXT records are entered by the domain owner wherever the domain's DNS record is managed, which may be with the registrar or hosting provider. DKIM (Domain Key Identified Mail) also adds public key cryptography for deeper validation.

XMission advises all [https://xmission.com/zimbra Zimbra clients] to configure SPF & DKIM. It may sound a bit daunting but is really not very complicated. This document will walk you through it.

IMPORTANT NOTE ABOUT TXT RECORD ENTRY: Depending on the syntax requirements of your DNS system you may have to include or omit the quotation marks for the record to be properly enabled. Other DNS entries on your domain should provide quick visual guidance on protocol. XMission DNS systems do ''not'' use quotation marks.

= SPF =
The following is the most commonly applied SPF (Sender Policy Framework) record for XMission email customers but it is imperative you understand how and why this is applied. IMPORTANT: It is critical that you read and understand all SPF information below before applying the record to your domain as you could break email delivery.

{| class="wikitable"
! Host !! Record Type !! Value
|-
| @ (base domain) || TXT || "v=spf1 a mx include:_spf.xmission.com ~all"
|}

== How It Works ==
Any SPF record is a string of one more more potential mail sources, prefixed by a character indicating the policy for mail source. An example of a common SPF record:

{| class="wikitable"
|+ Example Syntax
|-
! Host !! Record Type !! Value
|-
| @ (base domain) || TXT || "v=spf a mx ~all"
|}

In this case, it says that the A and MX records for the domain are allowed to send, and all other mail fails (but with a "softfail", so that mail isn't actually rejected). "a", "mx" and "all", are all individual mail sources. The "~" prefixed to the "all" source is a policy denoting that mail from the source should be considered a "SoftFail".

{| class="wikitable"
|+ Sources & Definitions
|-
! Flag !! Source Type
|-
| a || DNS A record
|-
| mx || MX record
|-
| ptr || PTR record
|-
| ip4 || IPv4 address or subnet
|-
| ip6 || IPv6 address or subnet
|-
| include || The contents of another domain's SPF record
|-
| all || Any mail source (generally used at the end to provide a default policy)
|}

{| class="wikitable"
|+ Prefix Characters
|-
! Prefix !! Definition
|-
| '''+''' || Pass (Valid for SPF)
|-
| '''-''' || Fail (Invalid, and reject mail)
|-
| '''~''' || SoftFail (Invalid, but still accept)
|-
| '''?''' || Neutral (...whatever...)
|}

XMission Shared Hosting clients can [https://wiki.xmission.com/Adding/Managing_DNS_Records learn to manage DNS records here.]

== Valid SPF for XMission ==
Any SPF record for a domain sending through XMission should contain "include:_spf.xmission.com".

If you prefer a less identifiable entry then a minimum inclusion would have the following two sources:

* ip4:166.70.13.0/24
* ip4:198.60.22.0/24

Note that the SPF record policy is a decision of the domain owner's. If they want to Fail or SoftFail on all, add other sources, etc., is up to them. We don't have a singular recommendation or requirement for SPF. If the customer '''only''' sends via XMission, the following SPF record is relatively safe:

{| class="wikitable"
! Host !! Record Type !! Value
|-
| @ (base domain) || TXT || "v=spf1 a mx include:_spf.xmission.com ~all"
|}

===Valid SPF for XMission with additional sending services===

Sometimes it is necessary to have mailing list or other services that need to send emails so having multiple SPF records be strung together becomes necessary. Fortunately the fairly lenient syntax of SPF records makes this easy to do, here is our default record compared to some merged records:

{| class="wikitable"
! Hosts Generating Emails !! Example of Merged SPF Record
|-
| Default XMission || v=spf1 a mx include:_spf.xmission.com ~all
|-
| XMission plus Mailchimp || v=spf1 include:_spf.xmission.com include:servers.mcsv.net ~all
|-
| XMission plus Gmail, plus Constant Contact || v=spf1 include:_spf.xmission.com include:_spf.google.com include:spf.constantcontact.com -all
|}

== Forwarding ==
'''Important note''' about forwarding (ie automatically redirecting mail from one email address to another, not hitting the forward button):

Forwarding (under most circumstances) <em>BREAKS</em> SPF. If a domain has a "-all" ("reject all other mail" aka "Fail") policy in their SPF record, mail will be rejected by any servers respecting SPF after the server performing the forward. Users should keep this in mind when choosing a policy. This is why we suggest "~all" ("SoftFail") when you initially configure SPF.

== Alias Domains ==
Domain aliases that are used for sending email with "From:" addresses will need SPF & DKIM records configured.

All customers are strongly encouraged to configure SPF & DKIM records for all alias domains and parked domains to prevent possible abuse.

= DKIM =
DomainKeys Identified Mail (DKIM) is similar to SPF in that it uses a TXT record on the domain to define a sending policy for that domain. Where it differs is that it uses public key cryptography with this sending policy. A public key is added to that TXT record and any message that is signed with the private key (and thus validates with the public key) is then considered valid.

'''DKIM will break automatic responders, like ''Out of Office'' or ''Vacation'' replies.''' This is due to how DKIM verifies the sender, and how automated replies are generated and sent. This is intentional, and is a consideration that needs to be made when limiting sending from your domain via DKIM.

== Adding DKIM to an XMission Domain ==
We have a single private key for XMission DKIM signing. We can sign DKIM with this key on any domain sending out through XMission. It works for Zimbra domains, virtmail, and SMTP relay. To enable this feature for a domain, two things need to happen:

* The domain needs proper DNS for our domainkey key (see below)
* The domain needs to be added to XMission routing config as one with DKIM signing.

== DKIM DNS ==
Add the following two TXT records to the domain.

'''Note''': Once added you must [https://xmission.com/contact contact] [mailto:support@xmission.com support@xmission.com] to add your domain to XMission's DKIM routing file and complete the process:

{| class="wikitable"
! Host !! Record Type !! Value
|-
| xmission._domainkey || TXT || "v=DKIM1; t=y; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzWmoe0tzQkSUzMqliwcQQ5zY1HKk4z+Wgp+dRCRe7MmSBPftE9r5Lx1QfTfF/J8gl4k9tFsUvUBap0fk1VGMYUG/2LynVuzpkCI4JlUKF5fbx+MDNZrVi0aX73Edjd9trU6NKldVnhNg1RixDLa4aB04XJviy6+3P1h3IHNaZ0QIDAQAB"
|-
| _domainkey || TXT || "t=y; o=~;"
|}

Reminder: XMission DNS systems do not require entry of the quotation marks on the records above. External DNS system may require quotation marks.

====Multiple Email Hosts with DKIM ====

It is possible to use more than one host with DKIM, though this is only possible if the DNS records used to announce the public key for the security handshake don't share subdomains with each other.

[[Category: Email]]

SPF and DKIM

2023-03-09T21:29:43Z

Benjii: /* DKIM */

SPF and DKIM are two important security methods domain owners have of "authorizing" specific email servers to send mail on their behalf. Besides providing greater deliverability of your messages, these mechanisms prevent fraudsters from sending spoofing emails as your domain.

These TXT records are entered by the domain owner wherever the domain's DNS record is managed, which may be with the registrar or hosting provider. DKIM (Domain Key Identified Mail) also adds public key cryptography for deeper validation.

XMission advises all [https://xmission.com/zimbra Zimbra clients] to configure SPF & DKIM. It may sound a bit daunting but is really not very complicated. This document will walk you through it.

IMPORTANT NOTE ABOUT TXT RECORD ENTRY: Depending on the syntax requirements of your DNS system you may have to include or omit the quotation marks for the record to be properly enabled. Other DNS entries on your domain should provide quick visual guidance on protocol. XMission DNS systems do ''not'' use quotation marks.

= SPF =
The following is the most commonly applied SPF (Sender Policy Framework) record for XMission email customers but it is imperative you understand how and why this is applied. IMPORTANT: It is critical that you read and understand all SPF information below before applying the record to your domain as you could break email delivery.

{| class="wikitable"
! Host !! Record Type !! Value
|-
| @ (base domain) || TXT || "v=spf1 a mx include:_spf.xmission.com ~all"
|}

== How It Works ==
Any SPF record is a string of one more more potential mail sources, prefixed by a character indicating the policy for mail source. An example of a common SPF record:

{| class="wikitable"
|+ Example Syntax
|-
! Host !! Record Type !! Value
|-
| @ (base domain) || TXT || "v=spf a mx ~all"
|}

In this case, it says that the A and MX records for the domain are allowed to send, and all other mail fails (but with a "softfail", so that mail isn't actually rejected). "a", "mx" and "all", are all individual mail sources. The "~" prefixed to the "all" source is a policy denoting that mail from the source should be considered a "SoftFail".

{| class="wikitable"
|+ Sources & Definitions
|-
! Flag !! Source Type
|-
| a || DNS A record
|-
| mx || MX record
|-
| ptr || PTR record
|-
| ip4 || IPv4 address or subnet
|-
| ip6 || IPv6 address or subnet
|-
| include || The contents of another domain's SPF record
|-
| all || Any mail source (generally used at the end to provide a default policy)
|}

{| class="wikitable"
|+ Prefix Characters
|-
! Prefix !! Definition
|-
| '''+''' || Pass (Valid for SPF)
|-
| '''-''' || Fail (Invalid, and reject mail)
|-
| '''~''' || SoftFail (Invalid, but still accept)
|-
| '''?''' || Neutral (...whatever...)
|}

XMission Shared Hosting clients can [https://wiki.xmission.com/Adding/Managing_DNS_Records learn to manage DNS records here.]

== Valid SPF for XMission ==
Any SPF record for a domain sending through XMission should contain "include:_spf.xmission.com".

If you prefer a less identifiable entry then a minimum inclusion would have the following two sources:

* ip4:166.70.13.0/24
* ip4:198.60.22.0/24

Note that the SPF record policy is a decision of the domain owner's. If they want to Fail or SoftFail on all, add other sources, etc., is up to them. We don't have a singular recommendation or requirement for SPF. If the customer '''only''' sends via XMission, the following SPF record is relatively safe:

{| class="wikitable"
! Host !! Record Type !! Value
|-
| @ (base domain) || TXT || "v=spf1 a mx include:_spf.xmission.com ~all"
|}

===Valid SPF for XMission with additional sending services===

Sometimes it is necessary to have mailing list or other services that need to send emails so having multiple SPF records be strung together becomes necessary. Fortunately the fairly lenient syntax of SPF records makes this easy to do, here is our default record compared to some merged records:

{| class="wikitable"
! Hosts Generating Emails !! Example of Merged SPF Record
|-
| Default XMission || v=spf1 a mx include:_spf.xmission.com ~all
|-
| XMission plus Mailchimp || v=spf1 include:_spf.xmission.com include:servers.mcsv.net ~all
|-
| XMission plus Gmail, plus Constant Contact || v=spf1 include:_spf.xmission.com include:_spf.google.com include:spf.constantcontact.com -all
|}

== Forwarding ==
'''Important note''' about forwarding (ie automatically redirecting mail from one email address to another, not hitting the forward button):

Forwarding (under most circumstances) <em>BREAKS</em> SPF. If a domain has a "-all" ("reject all other mail" aka "Fail") policy in their SPF record, mail will be rejected by any servers respecting SPF after the server performing the forward. Users should keep this in mind when choosing a policy. This is why we suggest "~all" ("SoftFail") when you initially configure SPF.

== Alias Domains ==
Domain aliases that are used for sending email with "From:" addresses will need SPF & DKIM records configured.

All customers are strongly encouraged to configure SPF & DKIM records for all alias domains and parked domains to prevent possible abuse.

= DKIM =
DomainKeys Identified Mail (DKIM) is similar to SPF in that it uses a TXT record on the domain to define a sending policy for that domain. Where it differs is that it uses public key cryptography with this sending policy. A public key is added to that TXT record and any message that is signed with the private key (and thus validates with the public key) is then considered valid.

'''DKIM will break automatic responders, like ''Out of Office'' or ''Vacation'' replies.''' This is due to how DKIM verifies the sender, and how automated replies are generated and sent. This is intentional, and is a consideration that needs to be made when limiting sending from your domain via DKIM.

== Adding DKIM to an XMission Domain ==
We have a single private key for XMission DKIM signing. We can sign DKIM with this key on any domain sending out through XMission. It works for Zimbra domains, virtmail, and SMTP relay. To enable this feature for a domain, two things need to happen:

* The domain needs proper DNS for our domainkey key (see below)
* The domain needs to be added to XMission routing config as one with DKIM signing.

== DKIM DNS ==
Add the following two TXT records to the domain. Once added you must [https://xmission.com/contact contact] [mailto:support@xmission.com support@xmission.com] to add your domain to XMission's DKIM routing file and complete the process:

{| class="wikitable"
! Host !! Record Type !! Value
|-
| xmission._domainkey || TXT || "v=DKIM1; t=y; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzWmoe0tzQkSUzMqliwcQQ5zY1HKk4z+Wgp+dRCRe7MmSBPftE9r5Lx1QfTfF/J8gl4k9tFsUvUBap0fk1VGMYUG/2LynVuzpkCI4JlUKF5fbx+MDNZrVi0aX73Edjd9trU6NKldVnhNg1RixDLa4aB04XJviy6+3P1h3IHNaZ0QIDAQAB"
|-
| _domainkey || TXT || "t=y; o=~;"
|}

Reminder: XMission DNS systems do not require entry of the quotation marks on the records above. External DNS system may require quotation marks.

'''Multiple Email Hosts with DKIM'''

It is possible to use more than one host with DKIM, though this is only possible if the DNS records used to announce the public key for the security handshake don't share subdomains with each other.

[[Category: Email]]

SPF and DKIM

2023-03-09T21:22:41Z

Benjii: /* How It Works */

SPF and DKIM are two important security methods domain owners have of "authorizing" specific email servers to send mail on their behalf. Besides providing greater deliverability of your messages, these mechanisms prevent fraudsters from sending spoofing emails as your domain.

These TXT records are entered by the domain owner wherever the domain's DNS record is managed, which may be with the registrar or hosting provider. DKIM (Domain Key Identified Mail) also adds public key cryptography for deeper validation.

XMission advises all [https://xmission.com/zimbra Zimbra clients] to configure SPF & DKIM. It may sound a bit daunting but is really not very complicated. This document will walk you through it.

IMPORTANT NOTE ABOUT TXT RECORD ENTRY: Depending on the syntax requirements of your DNS system you may have to include or omit the quotation marks for the record to be properly enabled. Other DNS entries on your domain should provide quick visual guidance on protocol. XMission DNS systems do ''not'' use quotation marks.

= SPF =
The following is the most commonly applied SPF (Sender Policy Framework) record for XMission email customers but it is imperative you understand how and why this is applied. IMPORTANT: It is critical that you read and understand all SPF information below before applying the record to your domain as you could break email delivery.

{| class="wikitable"
! Host !! Record Type !! Value
|-
| @ (base domain) || TXT || "v=spf1 a mx include:_spf.xmission.com ~all"
|}

== How It Works ==
Any SPF record is a string of one more more potential mail sources, prefixed by a character indicating the policy for mail source. An example of a common SPF record:

{| class="wikitable"
|+ Example Syntax
|-
! Host !! Record Type !! Value
|-
| @ (base domain) || TXT || "v=spf a mx ~all"
|}

In this case, it says that the A and MX records for the domain are allowed to send, and all other mail fails (but with a "softfail", so that mail isn't actually rejected). "a", "mx" and "all", are all individual mail sources. The "~" prefixed to the "all" source is a policy denoting that mail from the source should be considered a "SoftFail".

{| class="wikitable"
|+ Sources & Definitions
|-
! Flag !! Source Type
|-
| a || DNS A record
|-
| mx || MX record
|-
| ptr || PTR record
|-
| ip4 || IPv4 address or subnet
|-
| ip6 || IPv6 address or subnet
|-
| include || The contents of another domain's SPF record
|-
| all || Any mail source (generally used at the end to provide a default policy)
|}

{| class="wikitable"
|+ Prefix Characters
|-
! Prefix !! Definition
|-
| '''+''' || Pass (Valid for SPF)
|-
| '''-''' || Fail (Invalid, and reject mail)
|-
| '''~''' || SoftFail (Invalid, but still accept)
|-
| '''?''' || Neutral (...whatever...)
|}

XMission Shared Hosting clients can [https://wiki.xmission.com/Adding/Managing_DNS_Records learn to manage DNS records here.]

== Valid SPF for XMission ==
Any SPF record for a domain sending through XMission should contain "include:_spf.xmission.com".

If you prefer a less identifiable entry then a minimum inclusion would have the following two sources:

* ip4:166.70.13.0/24
* ip4:198.60.22.0/24

Note that the SPF record policy is a decision of the domain owner's. If they want to Fail or SoftFail on all, add other sources, etc., is up to them. We don't have a singular recommendation or requirement for SPF. If the customer '''only''' sends via XMission, the following SPF record is relatively safe:

{| class="wikitable"
! Host !! Record Type !! Value
|-
| @ (base domain) || TXT || "v=spf1 a mx include:_spf.xmission.com ~all"
|}

===Valid SPF for XMission with additional sending services===

Sometimes it is necessary to have mailing list or other services that need to send emails so having multiple SPF records be strung together becomes necessary. Fortunately the fairly lenient syntax of SPF records makes this easy to do, here is our default record compared to some merged records:

{| class="wikitable"
! Hosts Generating Emails !! Example of Merged SPF Record
|-
| Default XMission || v=spf1 a mx include:_spf.xmission.com ~all
|-
| XMission plus Mailchimp || v=spf1 include:_spf.xmission.com include:servers.mcsv.net ~all
|-
| XMission plus Gmail, plus Constant Contact || v=spf1 include:_spf.xmission.com include:_spf.google.com include:spf.constantcontact.com -all
|}

== Forwarding ==
'''Important note''' about forwarding (ie automatically redirecting mail from one email address to another, not hitting the forward button):

Forwarding (under most circumstances) <em>BREAKS</em> SPF. If a domain has a "-all" ("reject all other mail" aka "Fail") policy in their SPF record, mail will be rejected by any servers respecting SPF after the server performing the forward. Users should keep this in mind when choosing a policy. This is why we suggest "~all" ("SoftFail") when you initially configure SPF.

== Alias Domains ==
Domain aliases that are used for sending email with "From:" addresses will need SPF & DKIM records configured.

All customers are strongly encouraged to configure SPF & DKIM records for all alias domains and parked domains to prevent possible abuse.

= DKIM =

== How DKIM Works ==
DKIM is similar to SPF in that it uses a TXT record on the domain to define a sending policy for that domain. Where it differs is that it uses public key cryptography with this sending policy. A public key is added to that TXT record and any message that is signed with the private key (and thus validates with the public key) is then considered valid.

'''DKIM will break automatic responders, like ''Out of Office'' or ''Vacation'' replies.''' This is due to how DKIM verifies the sender, and how automated replies are generated and sent. This is intentional, and is a consideration that needs to be made when limiting sending from your domain via DKIM.

== Adding DKIM to an XMission Domain ==
We have a single private key for XMission DKIM signing. We can sign DKIM with this key on any domain sending out through XMission. It works for Zimbra domains, virtmail, and SMTP relay. To enable this feature for a domain, two things need to happen:

* The domain needs proper DNS for our domainkey key (see below)
* The domain needs to be added to XMission routing config as one with DKIM signing.

== DKIM DNS ==
Add the following two TXT records to the domain. Once added you must [https://xmission.com/contact contact] [mailto:support@xmission.com support@xmission.com] to add your domain to XMission's DKIM routing file and complete the process:

{| class="wikitable"
! Host !! Record Type !! Value
|-
| xmission._domainkey || TXT || "v=DKIM1; t=y; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzWmoe0tzQkSUzMqliwcQQ5zY1HKk4z+Wgp+dRCRe7MmSBPftE9r5Lx1QfTfF/J8gl4k9tFsUvUBap0fk1VGMYUG/2LynVuzpkCI4JlUKF5fbx+MDNZrVi0aX73Edjd9trU6NKldVnhNg1RixDLa4aB04XJviy6+3P1h3IHNaZ0QIDAQAB"
|-
| _domainkey || TXT || "t=y; o=~;"
|}

Reminder: XMission DNS systems do not require entry of the quotation marks on the records above. External DNS system may require quotation marks.

'''Multiple Email Hosts with DKIM'''

It is possible to use more than one host with DKIM, though this is only possible if the DNS records used to announce the public key for the security handshake don't share subdomains with each other.

[[Category: Email]]

SPF and DKIM

2023-03-09T19:11:30Z

Benjii: /* Valid SPF for XMission */

SPF and DKIM are two important security methods domain owners have of "authorizing" specific email servers to send mail on their behalf. Besides providing greater deliverability of your messages, these mechanisms prevent fraudsters from sending spoofing emails as your domain.

These TXT records are entered by the domain owner wherever the domain's DNS record is managed, which may be with the registrar or hosting provider. DKIM (Domain Key Identified Mail) also adds public key cryptography for deeper validation.

XMission advises all [https://xmission.com/zimbra Zimbra clients] to configure SPF & DKIM. It may sound a bit daunting but is really not very complicated. This document will walk you through it.

IMPORTANT NOTE ABOUT TXT RECORD ENTRY: Depending on the syntax requirements of your DNS system you may have to include or omit the quotation marks for the record to be properly enabled. Other DNS entries on your domain should provide quick visual guidance on protocol. XMission DNS systems do ''not'' use quotation marks.

= SPF =
The following is the most commonly applied SPF (Sender Policy Framework) record for XMission email customers but it is imperative you understand how and why this is applied. IMPORTANT: It is critical that you read and understand all SPF information below before applying the record to your domain as you could break email delivery.

{| class="wikitable"
! Host !! Record Type !! Value
|-
| @ (base domain) || TXT || "v=spf1 a mx include:_spf.xmission.com ~all"
|}

== How It Works ==
Any SPF record is a string of one more more potential mail sources, prefixed by a character indicating the policy for mail source. An example of a common SPF record:

{| class="wikitable"
|+ Example Syntax
|-
! Host !! Record Type !! Value
|-
| @ (base domain) || TXT || "v=spf a mx ~all"
|}

In this case, it says that the A and MX records for the domain are allowed to send, and all other mail fails (but with a "softfail", so that mail isn't actually rejected). "a", "mx" and "all", are all individual mail sources. The "~" prefixed to the "all" source is a policy denoting that mail from the source should be considered a "SoftFail".

The sources are:

* a - A DNS A record
* mx - An MX record
* ptr - A PTR record
* ip4 - An ipv4 address or subnet
* ip6 - An ipv6 address or subnet
* include - The contents of another domain's SPF record
* all - Any mail source (generally used at the end to provide a default policy)

The prefix characters are:

* + - Pass (Valid for SPF)
* - - Fail (Invalid, and reject mail)
* ~ - SoftFail (Invalid, but still accept)
* ? - Neutral (...whatever...)

XMission shared hosting clients can [https://wiki.xmission.com/Adding/Managing_DNS_Records learn to manage DNS records here.]

== Valid SPF for XMission ==
Any SPF record for a domain sending through XMission should contain "include:_spf.xmission.com".

If you prefer a less identifiable entry then a minimum inclusion would have the following two sources:

* ip4:166.70.13.0/24
* ip4:198.60.22.0/24

Note that the SPF record policy is a decision of the domain owner's. If they want to Fail or SoftFail on all, add other sources, etc., is up to them. We don't have a singular recommendation or requirement for SPF. If the customer '''only''' sends via XMission, the following SPF record is relatively safe:

{| class="wikitable"
! Host !! Record Type !! Value
|-
| @ (base domain) || TXT || "v=spf1 a mx include:_spf.xmission.com ~all"
|}

===Valid SPF for XMission with additional sending services===

Sometimes it is necessary to have mailing list or other services that need to send emails so having multiple SPF records be strung together becomes necessary. Fortunately the fairly lenient syntax of SPF records makes this easy to do, here is our default record compared to some merged records:

{| class="wikitable"
! Hosts Generating Emails !! Example of Merged SPF Record
|-
| Default XMission || v=spf1 a mx include:_spf.xmission.com ~all
|-
| XMission plus Mailchimp || v=spf1 include:_spf.xmission.com include:servers.mcsv.net ~all
|-
| XMission plus Gmail, plus Constant Contact || v=spf1 include:_spf.xmission.com include:_spf.google.com include:spf.constantcontact.com -all
|}

== Forwarding ==
'''Important note''' about forwarding (ie automatically redirecting mail from one email address to another, not hitting the forward button):

Forwarding (under most circumstances) <em>BREAKS</em> SPF. If a domain has a "-all" ("reject all other mail" aka "Fail") policy in their SPF record, mail will be rejected by any servers respecting SPF after the server performing the forward. Users should keep this in mind when choosing a policy. This is why we suggest "~all" ("SoftFail") when you initially configure SPF.

== Alias Domains ==
Domain aliases that are used for sending email with "From:" addresses will need SPF & DKIM records configured.

All customers are strongly encouraged to configure SPF & DKIM records for all alias domains and parked domains to prevent possible abuse.

= DKIM =

== How DKIM Works ==
DKIM is similar to SPF in that it uses a TXT record on the domain to define a sending policy for that domain. Where it differs is that it uses public key cryptography with this sending policy. A public key is added to that TXT record and any message that is signed with the private key (and thus validates with the public key) is then considered valid.

'''DKIM will break automatic responders, like ''Out of Office'' or ''Vacation'' replies.''' This is due to how DKIM verifies the sender, and how automated replies are generated and sent. This is intentional, and is a consideration that needs to be made when limiting sending from your domain via DKIM.

== Adding DKIM to an XMission Domain ==
We have a single private key for XMission DKIM signing. We can sign DKIM with this key on any domain sending out through XMission. It works for Zimbra domains, virtmail, and SMTP relay. To enable this feature for a domain, two things need to happen:

* The domain needs proper DNS for our domainkey key (see below)
* The domain needs to be added to XMission routing config as one with DKIM signing.

== DKIM DNS ==
Add the following two TXT records to the domain. Once added you must [https://xmission.com/contact contact] [mailto:support@xmission.com support@xmission.com] to add your domain to XMission's DKIM routing file and complete the process:

{| class="wikitable"
! Host !! Record Type !! Value
|-
| xmission._domainkey || TXT || "v=DKIM1; t=y; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzWmoe0tzQkSUzMqliwcQQ5zY1HKk4z+Wgp+dRCRe7MmSBPftE9r5Lx1QfTfF/J8gl4k9tFsUvUBap0fk1VGMYUG/2LynVuzpkCI4JlUKF5fbx+MDNZrVi0aX73Edjd9trU6NKldVnhNg1RixDLa4aB04XJviy6+3P1h3IHNaZ0QIDAQAB"
|-
| _domainkey || TXT || "t=y; o=~;"
|}

Reminder: XMission DNS systems do not require entry of the quotation marks on the records above. External DNS system may require quotation marks.

'''Multiple Email Hosts with DKIM'''

It is possible to use more than one host with DKIM, though this is only possible if the DNS records used to announce the public key for the security handshake don't share subdomains with each other.

[[Category: Email]]

SPF and DKIM

2023-03-01T19:31:05Z

Benjii:

SPF and DKIM are two important security methods domain owners have of "authorizing" specific email servers to send mail on their behalf. Besides providing greater deliverability of your messages, these mechanisms prevent fraudsters from sending spoofing emails as your domain.

These TXT records are entered by the domain owner wherever the domain's DNS record is managed, which may be with the registrar or hosting provider. DKIM (Domain Key Identified Mail) also adds public key cryptography for deeper validation.

XMission advises all [https://xmission.com/zimbra Zimbra clients] to configure SPF & DKIM. It may sound a bit daunting but is really not very complicated. This document will walk you through it.

IMPORTANT NOTE ABOUT TXT RECORD ENTRY: Depending on the syntax requirements of your DNS system you may have to include or omit the quotation marks for the record to be properly enabled. Other DNS entries on your domain should provide quick visual guidance on protocol. XMission DNS systems do ''not'' use quotation marks.

= SPF =
The following is the most commonly applied SPF (Sender Policy Framework) record for XMission email customers but it is imperative you understand how and why this is applied. IMPORTANT: It is critical that you read and understand all SPF information below before applying the record to your domain as you could break email delivery.

{| class="wikitable"
! Host !! Record Type !! Value
|-
| @ (base domain) || TXT || "v=spf1 a mx include:_spf.xmission.com ~all"
|}

== How It Works ==
Any SPF record is a string of one more more potential mail sources, prefixed by a character indicating the policy for mail source. An example of a common SPF record:

{| class="wikitable"
|+ Example Syntax
|-
! Host !! Record Type !! Value
|-
| @ (base domain) || TXT || "v=spf a mx ~all"
|}

In this case, it says that the A and MX records for the domain are allowed to send, and all other mail fails (but with a "softfail", so that mail isn't actually rejected). "a", "mx" and "all", are all individual mail sources. The "~" prefixed to the "all" source is a policy denoting that mail from the source should be considered a "SoftFail".

The sources are:

* a - A DNS A record
* mx - An MX record
* ptr - A PTR record
* ip4 - An ipv4 address or subnet
* ip6 - An ipv6 address or subnet
* include - The contents of another domain's SPF record
* all - Any mail source (generally used at the end to provide a default policy)

The prefix characters are:

* + - Pass (Valid for SPF)
* - - Fail (Invalid, and reject mail)
* ~ - SoftFail (Invalid, but still accept)
* ? - Neutral (...whatever...)

XMission shared hosting clients can [https://wiki.xmission.com/Adding/Managing_DNS_Records learn to manage DNS records here.]

== Valid SPF for XMission ==
Any SPF record for a domain sending through XMission should contain "include:_spf.xmission.com".

If you prefer a less identifiable entry then a minimum inclusion would have the following two sources:

* ip4:166.70.13.0/24
* ip4:198.60.22.0/24

Note that the SPF record policy is a decision of the domain owner's. If they want to Fail or SoftFail on all, add other sources, etc., is up to them. We don't have a singular recommendation or requirement for SPF. If the customer '''only''' sends via XMission, the following SPF record is relatively safe:

{| class="wikitable"
! Host !! Record Type !! Value
|-
| @ (base domain) || TXT || "v=spf1 a mx include:_spf.xmission.com ~all"
|}

'''Valid SPF for XMission with additional sending services'''

SPF Record Merging

Some customers have mailing list or other email sending requirement that require a number of records be strung together in the SPF record. Fortunately the fairly lenient syntax of SPF records makes this easy to do, here is our default record compared to some merged records:

Default XMission: "v=spf1 a mx include:_spf.xmission.com ~all"

XMission plus Mailchimp: "v=spf1 include:_spf.xmission.com include:servers.mcsv.net ~all"

XMission plus Gmail, plus Constant Contact: "v=spf1 include:_spf.xmission.com include:_spf.google.com include:spf.constantcontact.com -all"

== Forwarding ==
'''Important note''' about forwarding (ie automatically redirecting mail from one email address to another, not hitting the forward button):

Forwarding (under most circumstances) <em>BREAKS</em> SPF. If a domain has a "-all" ("reject all other mail" aka "Fail") policy in their SPF record, mail will be rejected by any servers respecting SPF after the server performing the forward. Users should keep this in mind when choosing a policy. This is why we suggest "~all" ("SoftFail") when you initially configure SPF.

== Alias Domains ==
Domain aliases that are used for sending email with "From:" addresses will need SPF & DKIM records configured.

All customers are strongly encouraged to configure SPF & DKIM records for all alias domains and parked domains to prevent possible abuse.

= DKIM =

== How DKIM Works ==
DKIM is similar to SPF in that it uses a TXT record on the domain to define a sending policy for that domain. Where it differs is that it uses public key cryptography with this sending policy. A public key is added to that TXT record and any message that is signed with the private key (and thus validates with the public key) is then considered valid.

'''DKIM will break automatic responders, like ''Out of Office'' or ''Vacation'' replies.''' This is due to how DKIM verifies the sender, and how automated replies are generated and sent. This is intentional, and is a consideration that needs to be made when limiting sending from your domain via DKIM.

== Adding DKIM to an XMission Domain ==
We have a single private key for XMission DKIM signing. We can sign DKIM with this key on any domain sending out through XMission. It works for Zimbra domains, virtmail, and SMTP relay. To enable this feature for a domain, two things need to happen:

* The domain needs proper DNS for our domainkey key (see below)
* The domain needs to be added to XMission routing config as one with DKIM signing.

== DKIM DNS ==
Add the following two TXT records to the domain. Once added you must [https://xmission.com/contact contact] [mailto:support@xmission.com support@xmission.com] to add your domain to XMission's DKIM routing file and complete the process:

{| class="wikitable"
! Host !! Record Type !! Value
|-
| xmission._domainkey || TXT || "v=DKIM1; t=y; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzWmoe0tzQkSUzMqliwcQQ5zY1HKk4z+Wgp+dRCRe7MmSBPftE9r5Lx1QfTfF/J8gl4k9tFsUvUBap0fk1VGMYUG/2LynVuzpkCI4JlUKF5fbx+MDNZrVi0aX73Edjd9trU6NKldVnhNg1RixDLa4aB04XJviy6+3P1h3IHNaZ0QIDAQAB"
|-
| _domainkey || TXT || "t=y; o=~;"
|}

Reminder: XMission DNS systems do not require entry of the quotation marks on the records above. External DNS system may require quotation marks.

'''Multiple Email Hosts with DKIM'''

It is possible to use more than one host with DKIM, though this is only possible if the DNS records used to announce the public key for the security handshake don't share subdomains with each other.

[[Category: Email]]

Zimbra Email Client Configurations

2023-02-09T21:36:40Z

Benjii:

__TOC__

These easy to follow instructions will help you configure your favorite client for use with your Zimbra email service.<br/>
For greater convenience, you can always access your mail at https://zimbra.xmission.com/

For more help, reference the video repository of helpful tips on the [https://www.youtube.com/channel/UCcB648SoNlCNvyIh4arcTGg Zimbra YouTube Channel].

== Recommended Email Settings==
<p>XMission always recommends an IMAP email configuration [https://xmission.com/blog/2009/02/09/why-imap-rules heres why.]</p>
{| style="text-align: left; border: 1px solid #ccc;" cellspacing="0" cellpadding="2"
! style="border-bottom:1px solid #ccc; background-color: #eef; padding:2px 8px" colspan=2 | Incoming Server Information:
! style="border-style: solid; border-width: 0 0 1px 1px; border-color:#ccc; background-color: #eef; padding:2px 8px" colspan=2 | Outgoing Server Information:
|-
|style="padding:2px 8px" |Server Type: || IMAP
|style="border-left:1px solid #ccc; padding:2px 8px" | Server Type: || SMTP
|-
|style="padding:2px 8px" |Hostname: || zimbra.xmission.com
|style="border-left:1px solid #ccc; padding:2px 8px" | Hostname: || zimbra.xmission.com  
|-
|style="padding:2px 8px" |Port: || 993
|style="border-left:1px solid #ccc; padding:2px 8px" | Port: || 587
|-
|style="padding:2px 8px" |Enable encryption: || YES
|style="border-left:1px solid #ccc; padding:2px 8px" | Enable encryption: || YES
|-
|style="padding:2px 8px" |Authenticate Using: || Password
|style="border-left:1px solid #ccc; padding:2px 8px" | Requires Authentication: || YES
|-
|style="padding:2px 8px" |Login User Name: || Full email address  
|style="border-left:1px solid #ccc; padding:2px 8px" |Login User Name || Full email address
|-
|style="padding:2px 8px" |Alternate Port: || 143, SSL POP3 995  
|style="border-left:1px solid #ccc; padding:2px 8px" |Alternate Port: || 465 (For older systems, no longer supported)
|-
|}
{|
|-
||Webmail Interface: |||[https://zimbra.xmission.com/ https://zimbra.xmission.com/]
|-
||Admin Interface: |||[https://zimbraadmin.xmission.com https://zimbraadmin.xmission.com]
|-
||Folders: ||| Sent Mail = "Sent", Drafts = "Drafts", Trash = "Trash", Spam = "Junk"
|-
||MX Record: ||| mx.xmission.com
|}

- Please note that some free wireless hotspots may block SSL without an extra fee. If you cannot send or receive while on certain wifi networks (especially ones in airports or public spaces) please check their terms and conditions and ensure they are not blocking SSL connections.<br/><br/>

==Videos==
*[https://www.youtube.com/watch?v=vIshNacUSLU Setting up Zimbra Email on Mac using IMAP]

==Windows 10 / 8.x / 7 / Vista==
*[[Hosted_Email:Outlook_2013|Outlook 2013/2016/365]]
*[[Hosted_Email:Outlook_2010|Outlook 2010]]
*[[Hosted_Email:Outlook_Connector|Outlook Connector for Zimbra Premium]] and Personal Premium Zimbra accounts
*[[Hosted_Email:Thunderbird_Zimbra_41|Thunderbird 41]]

====Archive Windows====
The following Microsoft Widows mail applications are out of date and no longer supported beyond the settings provided below.
Zimbra platform does not guarantee compatibility on all legacy mail applications as many are outside RFE compliance and lack proper security.
* Windows XP - Mail applications on this OS will still work but are no longer supported
*[[Hosted_Email:Outlook_2007|Outlook 2007]] <- Please upgrade your mail application to a current version.
*[[Outlook 2003]] <- Please upgrade your mail application to a current version.
*[[Hosted_Email:Windows_Mail|Windows Live Mail]] <- Please upgrade your mail application to a current version.
*[[Hosted_Email:Outlook_Express|Outlook Express]] <- Please upgrade your mail application to a current version.
*[[Hosted_Email:Thunderbird_Setup|Thunderbird 3]] <-- Please upgrade your mail application to a current version.

==Mac OS==
These settings are compatible across the bulk all OS X versions.
*[[Hosted_Email:Outlook_Exchange_on_Mac|Outlook Exchange on Mac]] - For Personal Premium and Zimbra Business accounts
*[[Hosted_Email:MacMail_16.x|Mac Mail 16.x]] - IMAP setup
** Video Tutorial - [https://www.youtube.com/watch?v=vIshNacUSLU Setting up Zimbra on Mac Mail]
*[[Hosted_Email:Thunderbird_Mac|Thunderbird Mac]]
*[[Hosted_Email:Mutt|Mutt]]

====Archive Mac OS====
The following Mac mail applications are out of date and no longer supported beyond the settings provided below.
Zimbra platform does not guarantee compatibility on all legacy mail applications as many are outside RFE compliance and lack proper security.
*[[Hosted_Email:MacMail_10.x|Mac Mail 10.x]] Same settings for Mail 11.X and 12.X.
*[[Hosted_Email:MacMail_9.x|Mac Mail 9.x]]
**[[Hosted_Email:Calendar_Sync_OSX|Calendar Sync]] - for Personal Premium and Zimbra Business accounts
**[[Hosted_Email:Contacts_Sync_OSX|Contacts Sync]] - for Personal Premium and Zimbra Business accounts
*[[Hosted_Email:MacMail_7.x|Mac Mail 7.x]]
*[[Hosted_Email:MacMail_3|Mac Mail 3.x]]

==Linux==
*[[Hosted_Email:Thunderbird_Setup_Linux|Thunderbird Linux]]
*[[Hosted_Email:Evolution|Evolution Mail]]

==Mobile==
*[[Hosted Email Base:iOS|Apple iOS Devices - iPhone/iPad]] - Zimbra Base and Standard Accounts
*[[Hosted_Email:iOS|Apple iOS Devices - iPhone/iPad]] - Zimbra Premium Account configuration with Profile
*[[Apple iOS Devices - iPhone iPad with Exchange]] - Zimbra Business Premium, XMission.com Personal Zimbra email, & Consumer Edition w/ ActiveSync, Exchange setting
*[[Hosted_Email:Android|Android]]
*[[Android Portable Devices with Microsoft Exchange]] - Zimbra Business Premium, XMission.com Personal Zimbra, and Consumer Edition w/ ActiveSync, Exchange setting
*[[Hosted_Email:Windows_Mobile|Windows Mobile & Windows Phone 8]]
*[[Hosted_Email:BlackBerry|BlackBerry IMAP]]

== Other ==
*[[Hosted_Email:Mutt|Mutt]] Terminal based. Works on Linux and Mac OS.
* Zimbra Desktop - Zimbra deprecating at end of 2019. Use configuration settings provided at top of page.

== Convert from POP to IMAP ==
* Thunderbird POP to IMAP process: https://support.mozilla.org/en-US/kb/switch-pop-imap-account
* [[Windows Outlook 2007 POP to Zimbra IMAP]] Essentially same instructions for 2003.
* [[Outlook Express POP to Zimbra IMAP]]
* [[Windows Live Mail POP to Zimbra IMAP]]

[[Category:Client Email Configuration|Zimbra]]
[[Category:Zimbra]]

Zimbra Archive and Discovery

2023-01-27T18:46:27Z

Benjii:

=Zimbra Archiving=
XMission Zimbra hosting now fully supports Archiving.
Zimbra Archiving is an optional feature that enables archiving of messages that were delivered to or sent by Zimbra Collaboration.

Archiving is setup on a per/account basis. When this feature is enabled for an account, a copy of all email from or to that account is forked at the MTA and a copy of the message is delivered to their archive mailbox.

Zimbra archiving can be set up to create archiving accounts that are maintained within Zimbra Collaboration or to work with third-party archiving systems using SMTP forwarding to send messages to a third-party archive server. For third-party archiving, Zimbra Collaboration is configured to act as the forwarding agent.

==Pricing==
The current rate of Archive licensed accounts is $1.50 per/month per/mailbox.
Additional quota is $0.10 per/gig of anything above 20GB.

==Enabling Archiving For Your Accounts==
In [https://wiki.xmission.com/Hosted_Email:_Admin_Panel Zimbra's admin interface],
# Search for the desired user you'd like to enable A&D for.
# Right-click their account, select '''edit'''
# In the left-hand column that features all their account options, select '''archiving''' and if their status displays "'''enable archiving: No'''" You can click on the button that says "'''Enable archiving'''"

You will also need to create the new target archive mailbox,
# Click "'''create'''" and it should automatically generate your new archiving account.
# Highlight that account in the list, and then click "'''Select'''"
# You should see the field "Currently archived to" be filled in with that newly created archive box. '''Save'''
After closing out of the account and when you search the user again, you should be able to see two entries in the search results; their regular account, and a separate archive account.

We recommend you verify archiving is working properly by sending a test message to their account, and then proxy the archive mailbox to ensure your test is dropped in there as well. You can proxy a mailbox by right-clicking on the highlighted account and selecting "View mail"

====Retention for Archived accounts====
Our mail retention policy remains the same even for archived accounts. If a archive mailbox is deleted, mailbox data will be purged 45 days after.

==Discovery==
If you are trying to locate specific messages across accounts or domains, our helpful support staff is available to conduct a cross-mailbox search for you.

You'll need to submit a support ticket via email to ''support@xmission.com'' for a request of a cross-mailbox search. You can also head to [http://xmission.com/support Support Resource Center] and under the section titled '''Other Useful Links''' click on '''Email Support/ Open Ticket'''

The criteria you'll want to include to our support staff when making this request would be anything that would help us get relevant hits in the search.
* Sender
* Recipient
* Potential dates of delivery
* If the message had any attachments or not.

Please note that at this time cross-mailbox search requests will not be handled via phone and chat, only through an emailed support ticket.

[[Category:Zimbra]]

Zimbra Archive and Discovery

2023-01-27T18:45:36Z

Benjii:

=Zimbra Archiving=
XMission Zimbra hosting now fully supports Archiving.
Zimbra Archiving is an optional feature that enables archiving of messages that were delivered to or sent by Zimbra Collaboration.

Archiving is setup on a per/account basis. When this feature is enabled for an account, a copy of all email from or to that account is forked at the MTA and a copy of the message is delivered to their archive mailbox.

Zimbra archiving can be set up to create archiving accounts that are maintained within Zimbra Collaboration or to work with third-party archiving systems using SMTP forwarding to send messages to a third-party archive server. For third-party archiving, Zimbra Collaboration is configured to act as the forwarding agent.

==Pricing==
The current rate of Archive licensed accounts is $1.50 per/month per/mailbox.
Additional quota is $0.10 per/gig of anything above 20GB.

==Enabling Archiving For Your Accounts==
In [https://wiki.xmission.com/Hosted_Email:_Admin_Panel Zimbra's admin interface],
# Search for the desired user you'd like to enable A&D for.
# Right-click their account, select '''edit'''
# In the left-hand column that features all their account options, select '''archiving''' and if their status displays "'''enable archiving: No'''" You can click on the button that says "'''Enable archiving'''"

You will also need to create the new target archive mailbox,
# Click "'''create'''" and it should automatically generate your new archiving account.
# Highlight that account in the list, and then click "'''Select''"
# You should see the field "Currently archived to" be filled in with that newly created archive box. '''Save'''
After closing out of the account and when you search the user again, you should be able to see two entries in the search results; their regular account, and a separate archive account.

We recommend you verify archiving is working properly by sending a test message to their account, and then proxy the archive mailbox to ensure your test is dropped in there as well. You can proxy a mailbox by right-clicking on the highlighted account and selecting "View mail"

====Retention for Archived accounts====
Our mail retention policy remains the same even for archived accounts. If a archive mailbox is deleted, mailbox data will be purged 45 days after.

==Discovery==
If you are trying to locate specific messages across accounts or domains, our helpful support staff is available to conduct a cross-mailbox search for you.

You'll need to submit a support ticket via email to ''support@xmission.com'' for a request of a cross-mailbox search. You can also head to [http://xmission.com/support Support Resource Center] and under the section titled '''Other Useful Links''' click on '''Email Support/ Open Ticket'''

The criteria you'll want to include to our support staff when making this request would be anything that would help us get relevant hits in the search.
* Sender
* Recipient
* Potential dates of delivery
* If the message had any attachments or not.

Please note that at this time cross-mailbox search requests will not be handled via phone and chat, only through an emailed support ticket.

[[Category:Zimbra]]

Zimbra Connect

2023-01-27T18:32:05Z

Benjii:

=Zimbra Connect=
Zimbra Connect integrates a fully fledged corporate instant messaging platform inside the Zimbra WebClient, including Group and Corporate Messaging, File Sharing, Screen Sharing and Video Chat capabilities.

==Features==
* Message delivery and read awareness
* 1-to-1 Instant Messaging
* Group Messaging
* Corporate Messaging (Spaces and Channels)
* Group Video Calls
* Channel Video calls
* File Sharing
* Screen Sharing
* Emojis

==How to Enable Connect for Your Users==
In the [https://wiki.xmission.com/Hosted_Email:_Admin_Panel Zimbra Admin console],
# search for the desired user you'd like to enable Connect for.
# Right-click their account, select '''edit'''
# In their '''general information''' settings change their Class of Service from what is currently listed to '''xmprofessional''' (which is a premium level mailbox + connect & archiving features)
# Next, from the left-hand column for mailbox edit options, select the section that says "'''Connect'''"
There you can enable and disable the Connect option for your user's mailbox. You can also set available Zimbra Connect parameters such as the ability to save all chat history, enabling video chat instead of audio only, etc.

==Troubleshooting==
A good place to verify settings is found in the actual mailbox by proxying the account, then selecting the Connect tab and then clicking on the gear sprocket icon to view settings.

[[File:Connect_prefs.png|450px]]

Under '''Meetings''', you can enable/disable the microphone and camera. This will likely be a large percentage of problems for accounts to be able to access audio and video for Connect meetings. Simply click on "Enable microphone" and "Enable camera" to select the desired devices for meetings.

[[File:Connect_settings.png|450px]]

If the audio or video is not working, verify the correct device for the microphone and camera are selected, as that will likely be a large percentage of problems for end-users to be able to access audio and video for connect meetings. This is usually determined by the browser. Below are links for where to find those settings for common browsers.

: https://support.google.com/chrome/answer/2693767?hl=en&co=GENIE.Platform%3DDesktop
: https://support.mozilla.org/en-US/kb/how-manage-your-camera-and-microphone-permissions
: https://support.apple.com/guide/safari/websites-ibrwe2159f50/mac

If you run into any other issues related to our Connect feature, please don't hesitate to reach out to our Technical Support department 24/7 for assistance.

[[Category:Zimbra]]

Shell Access

2023-01-12T18:45:08Z

Benjii: /* What are some basics on setting permissions with "chmod"? */

==How do I activate my shell account?==
To activate your shell account, simply contact accounting or technical support.

==Why isn't shell access on by default?==
Having shell access enabled by default on all accounts presents a security risk. A shell account gives the user a direct window into our system. By minimizing the number of active shell accounts, we minimize the risk of compromising our system.

==Can I choose my shell type?==
Yes. You can choose from bash, tcsh, sh, zsh, csh, and ksh. We recommend using either bash or csh, at first, since they're the most user-friendly.

==What is SSH and how do I use it?==
SSH is a secure shell. Using it is differs, depending on the operating system. Mac OS X is probably the easiest. Nothing special has to be installed. Simply open a terminal window and <tt>ssh username@shell.xmission.com</tt>. Accept the key and enter your password. For most Windows operating systems, an SSH client must be used. There are many SSH clients on the market and a few are "freeware". PuTTY is a recommended free SSH client for Windows. Some places to look for additional SSH software would be Download.com and Tucows.com.

==Why don't my screen and text work properly?==
There are two typical problems that occur during a telnet session. The first and most common problem is incorrect terminal emulation. The second problem occurs after a screen has been messed up by viewing a binary file.

The most commonly used terminal emulation is vt100, though vt220 is supported and recommended. To change the terminal emulation of your telnet application, view the preferences and choose either vt100 or vt220. However, even after specifying the terminal emulation for your telnet application, you may still have problems correctly displaying columns and rows. For this, you'll need to define the default size of your window in your run commands (explained below]). When trying to fix a screen after viewing a binary file, run <tt>fixvt</tt> at a command prompt.

==What are some common commands I'll need to know when using the UNIX shell?==
The most common commands you'll need to know are <tt>cd</tt> (changes your directory), <tt>pwd</tt> (shows your current directory path), and <tt>ls</tt> (lists the contents of the current directory). For a more complete list of common commands, please see our Common Commands page.

==Why do I get "command not found" when using a command I'm sure should work? ==
It's possible that you don't have the paths to the command directories defined correctly in your run commands. For instructions on defining the correct paths, see below.

==How do I edit my shell run commands (rc) file?==
Your shell run commands are found in a file named ''.cshrc'' (for c shell), ''.bashrc'' (for borne shell), ''.kshrc'' (for korn shell), etc. This file will be located in your home directory (/home/users/u/username). It contains commands that are run when you first log on to set your paths, environment variables, and aliases. Before changing ANY rc file, it's recommended you make a back-up copy.

To set or edit your paths, edit your run commands file with a text editor (pico, vi, ed, etc.). Your paths will be defined after the command <tt>set path =</tt>. The default paths should be <tt>/bin /usr/local/bin /usr/bin</tt>. If you'd like to add a path, simply add it to the end, separated by a space. (e.g.: /home/users/u/username/morecommands/) If you'd like to edit what information is displayed in your prompt, edit the <tt>set prompt=</tt> variable. A useful way to define your prompt is to have it display your current directory. To do this, remove the default <tt>set prompt=</tt> and enter this in its place:

<tt>alias cd 'cd \!* ; set prompt="'hostname':'pwd'> "'</tt> To edit your environment variables, first type <tt>env</tt> at a command prompt to show your current variables. If you'd like to change any of these, enter the definition after a new "setenv" line. The proper syntax, as you'll see in the default settings, is:

<tt>setenv VARIABLE_NAME path/or/command:/2nd/path/or/command/</tt> Adding an alias is fairly simple. If you'd like a certain command to be run when you type something in at the command prompt, you'd enter that here. The proper syntax is:

<tt>alias aliasedcommand 'realcommand -options'</tt> This is also where you define your terminal emulation settings.
<tt>setenv TERM vt100 </tt>(sets terminal type)
<tt>/bin/stty rows 24 </tt>(sets number of rows)
<tt>/bin/stty cols 80 </tt>(sets number of columns)
<tt>/bin/stty erase ^H </tt>(sets backspace command)

==What are all these files in my home directory, and what are they for?==
If you do a complete list, showing hidden files, of your home directory, you will notice that there are several files already there. The files are listed and explained in the table below. Some of these files will not be there by default, but only appear if the application that uses them is run.

===Types===
rc run commands/preferences (usually, but not always)

===Files===
.cshrc shell run commands(for csh or tcsh) .gopherrc gopher preferences .login shell preferences (read after run commands at login) .newsrc news preferences .nn Network News Reader preferences .pinerc Pine preferences (pine is primarily used for email) .tin Threaded Internetwork News preferences

===Directories===
bin can contain scripts or binary executables ftp your personal directory for file transfer mail Email is stored here (used by pine and others) news articles are saved here by default public_html your web pages

==How can I alter the information shown in my prompt?==
If you use tcsh, changing the prompt is as simple as entering the command:

<tt>set prompt="options"</tt>

However, with other shells, you will need to edit the <tt>set prompt=</tt> line in your shell run commands file (shown above).

==What program can I use to read email from a shell? ==

Probably the most popular options are ''mutt'' (recommended) and ''pine'', but ''elm'', ''mail/rmail'', and ''emacs'' are also available. At a command prompt, run the command <tt>mutt</tt>, <tt>pine</tt>, or <tt>elm</tt> and the mail client will open, also creating either a /mail (pine and elm) or /Mail (mutt) directory. Using mail/rmail
or emacs isn't quite as intuitive. It's recommended that you read the manual before using. (Type <tt>man mail</tt> or <tt>man emacs</tt> at a command prompt.)

==What program can I use to read news (Usenet) from a shell?==
The newsreaders available on shell are slrn, tin, nn, pine, nmh, trn, and emacs. The most popular ones would be slrn, tin, nn, and pine. We recommend slrn, since it's the only one that still has development. For more information on how to use any of these programs, type "man" followed by the program name at the command prompt (e.g.: <tt>man tin</tt>).

==How do I kill a process? ==
Before you kill a processes, you have to have its processes ID. You get this by typing "ps" at the command prompt. Once you've determined which one of your processes is the one you want to kill, type <tt>kill -9 PID</tt> (where PID is the actual processes ID) at the command prompt.

==Is there a way to transfer files to and from my XMission account other than FTP?==
Although FTP is the recommended way to transfer files to and from your XMission account, it's not the only way. SFTP (ssh ftp) works directly to shell.xmission.com.

==How do I compress and decompress files? ==
The method you'll use to decompress a file is determined by looking at the file extension. The instructions below show how to decompress the file in the current directory. For further information, see the
manual for each program (tar, bzip, unzip, gzip, uncompress).

<tt>file.tar </tt><tt>tar xvf file.tar</tt>

<tt>file.Z </tt> <tt>uncompress file.Z</tt>

<tt>file.gz </tt> <tt>gzip -d file.gz</tt>

<tt>file.zip </tt> <tt>unzip file.zip</tt>

<tt>file.bz2 </tt> <tt>bzip2 -d file.bz2</tt>

If there is a combination of formats, such as file.tar.gz, you can
either pipe one command to the other (e.g. <tt>gzip -d file.tar.gz | tar
xvf</tt>), or see if the option is supported by tar (<tt>man tar</tt>>. Using the command
<tt>tar xvfz file.tar.gz</tt> will handle both the gzip compression and the
tar compression. When piping a .Z file, however, be sure to use <tt>zcat
file.Z</tt> (the equivalent of <tt>uncompress -c file.Z</tt>, which writes to standard
output the files that were compressed). A similar rule applies to
bzip2, where you should use <tt>bzcat file.bz2</tt> (equal to <tt>bzip2 -dc file.bz2</tt>)
when piping the output to another command.

==What are some basics on setting permissions with "chmod"?==

First, an understanding of file/directory ownership is needed. Each
file or directory has a user (also the owner) and a group. The owner
of your files should always be your XMission username. The groups
you'll need to know are www (which gives the web server access to
the files) and users (which gives any of XMission's users, from shell,
access to the files). There's also the category, others, that includes
any user or group.

Permissions are based on those three categories: owner, group, and
others. When you do a long listing of the file (<tt>ls -l filename</tt>), the
permissions will be displayed to the left. The format is shown as
such:

<tt>-rw-r--r-- 1 acctname group 1949 Sep
19 2000 file.html</tt>

The first space defines weather the file is a simple file (shown with a hyphen) or a directory (shown with a d). The next three spaces represent the permissions (highlighted in red)
for the owner, the next three are for the group, and the last three
are for others. The letters represent what kind of permissions are
allowed.

'''r ''' = Read (view and make copies)

'''w ''' = Write (make changes to or delete)

'''x ''' = Execute (run program/script)
When using "chmod" to change permissions, you will need to specify
the category by using one or a combination of the following letters:

'''u ''' = User (Owner)

'''g ''' = Group

'''o ''' = Others

'''a ''' = All (same as using "ugo")
To change the permissions, execute "chmod" with the following parameters:

<tt>chmod who+/-/=permission file</tt>

The plus (+) adds the following permission, the minus (-) removes
it, and the (=) adds it, discarding any previous permissions. Some
examples:

<tt>chmod g+r file.html</tt> (adds read access for group)

<tt>chmod go-r file.html</tt> (removes read access from group and
others)

<tt>chmod a=x file.html</tt> (replaces existing permissions with read
access for all)

<tt>chmod g+rx file.html</tt> (adds read and execute access for group)
There is another way to change permissions without having to write
out <tt>chmod who+/-/=permission file</tt> every time. This method uses a 3-digit octal
number. Determining the octal number is fairly easy after some practice.
To start, refer to the chart below.

===Symbol Octal===

---0 --x1 -w-2 -wx3 r--4 r-x5 rw-6 rwx7

For example, if you'd like to set the permissions on file.html
to be <tt>-rw-r--r--</tt> you would determine the octal number
like this (skip the first space in the set):
<tt>rw-</tt> = 6, <tt>r--</tt> = 4, <tt>r--</tt> = 4. The octal
number is 644.

To execute the command, type:

chmod 644 file.html
'''Note''': This would be the same as using:

chmod a+r file.html

chmod u+x file.html

(if no permissions were previously set).

Changing ownership and the group of a file would normally be done with "chown" and "chgrp". However, because these commands are restricted to the user and group being specified, you're unable to use them on XMission (because you're only one user and you're only a member of one group). However, if you'd like a file to belong to the group www, you can either create it in or upload it to your public_html directory. This will set the group, by default, to www.

[[Category:FAQ|Shell Access]]
[[Category:Troubleshooting]]
[[Category:Getting Started]]

Juniper

2022-11-30T21:02:43Z

Benjii:

{{archived}}

===Juniper PPPoE Proceedure===

Juniper users a hierarchical configuration and the PPPoE settings fall under the interfaces section. In this example we will be using the fast ethernet port 0/0/1 for the WAN interface and the final configuration will look like:
<pre>
interfaces {
fe-0/0/1 {
unit 0 {
encapsulation ppp-over-ether;
}
}
pp0 {
unit 0 {
ppp-options {
pap {
local-password "dkwoxslxqpz";##SECRET-DATA
local-name "username";
passive;
}
}
pppoe-options {
underlying-interface fe-0/0/1.0;
auto-reconnect 10;
client;
idle-timeout 0;
}
family inet {
negotiate-address;
mtu 1492;
}
family inet6 {
mtu 1492;
dhcpv6-client {
client-type statefull;
client-ia-type ia-pd;
client-ia-type ia-na;
update-router-advertisement {
interface pp0.0;
}
client-identifier duid-type duid-ll;
req-option domain;
}
}
}
}
security {
flow {
tcp-mss {
all-tcp {
mss 1452;
}
}
}
}
</pre>

'''Below is a walk through on what commands to enter:'''

You will want to ssh / telnet to the router and be at the CLI (command line interface):
<pre>
--- JUNOS 11.4xxxx built 2011-05-15 22:21:00 UTC
{master}
user@router>
</pre>

We will need to be in the edit mode at this point:
<pre>
user@router>edit

Entering configuration mode
Users currently editing the configuration:
{master}[edit]
user@router#
</pre>

Now we will want to set the interface FastEthernet 0/0/1 to use PPPoE encapsulation:
<pre>
user@router#edit interfaces fe-0/0/1 unit 0

{master}[edit interfaces fe-0/0/1 unit 0]
user@router#set encapsulation ppp-over-ether;
user@router#exit

{master}[edit]
user@router#
</pre>

Next we will want to edit the ppp pap options pp0 interface:
<pre>
user@router#edit interfaces pp0 unit 0 ppp-options pap

{master}[edit interfaces pp0 unit 0 ppp-options pap]
user@router#set access-profile ppp-profile
user@router#set local-password "xmission password"
user@router#set local-name "xmission username"
user@router#set passive
user@router#exit

{master}
user@router#
</pre>

Now we will want to configure the pppoe options:
<pre>
user@router#edit interfaces pp0 unit 0 pppoe-options

{master}[edit interfaces pp0 unit 0 pppoe-options]
user@router#set underlying-interface fe-0/0/1.0
user@router#set auto-reconnect 10
user@router#set client
user@router#set idle-timeout 0
user@router#exit

{master}
user@router#
</pre>

Last we will want to set the ip address, in this example we will use auto negotiate:
<pre>
user@router#edit interfaces pp0 unit 0 family-inet

{master}[edit interfaces pp0 unit 0 family-inet]
user@router#set negotiate-address
user@router#set mtu 1492
user@router#exit

{master}
user@router#
</pre>

If you have ipv6 use the following
<pre>
user@router#edit interfaces pp0 unit 0 family inet6

{master}[edit interfaces pp0 unit 0 family inet6]
user@router#set mtu 1492
user@router#set dhcpv6-client client-type statefull
user@router#set dhcpv6-client client-ia-type ia-pd
user@router#set dhcpv6-client client-ia-type ia-nd
user@router#set dhcpv6-client update-router-advertisement interface pp0.0
user@router#set dhcpv6-client client-identifier duid-type duid-ll
user@router#set dhcpv6-client req-option domain
user@router#exit

{master}
user@router#
</pre>

Commit these changes and exit edit mode.

[[Category:UTOPIA Troubleshooting|Juniper]]
[[Category:UTOPIA]]
[[Category:PPPoE]]

Email attachments

2022-11-24T17:46:04Z

Benjii: /* Maximum Recipient Limit */

==Email security and attachments==
XMission rejects email attachments with commonly malicious file formats as a security measure to prevent potential viruses from impacting customers. Rejecting emails with executable files, for example file.exe, will protect you from possibly receiving malicious software containing a virus or malware.

This blocking is applied to all ''inbound and outbound'' email with attachments. A reject notice will automatically be sent to any sender attempting to send to, or from, the XMission mail system.

Business customers with hosted Zimbra email do not have attachments blocked between accounts on their domain.

==Blocked file types==
Rejected files end in: '''scr, vbs, dll, exe, shs, bat, lnk, pif, chm, hta, com, cmd, reg, js, cpl, jsp, vbe, sys, btm, pfr, vb'''

==Maximum Attachment Sizes==
XMission allows email attachments with the following sizes:

* Up to 10 MB for @xmission.com accounts via [https://webmail.xmission.com Webmail.XMission.com].
* Up to 50 MB for @xmission.com email sent with mail applications.
* Up to 50 MB for our hosted Zimbra email.
* Up to 100 MB for our hosted Zimbra email to another one of our hosted Zimbra email accounts.
'''Note: MIME encoding will change the size of the of the attachment significantly.'''

== Maximum Recipient Limit ==
* Up to 500 on [https://zimbra.xmission.com Zimbra] via web interface.
* Up to 1000 using a mail application.
To send in larger increments, please inquire with our sales department about our [[Mailing Lists]] product.

==Learn more==
Learn how XMission [http://transmission.xmission.com/2013/08/14/how-xmission-spam-and-virus-filtering-works filters for viruses and spam].

[[Category: Email]]

Email attachments

2022-11-24T00:20:49Z

Benjii:

==Email security and attachments==
XMission rejects email attachments with commonly malicious file formats as a security measure to prevent potential viruses from impacting customers. Rejecting emails with executable files, for example file.exe, will protect you from possibly receiving malicious software containing a virus or malware.

This blocking is applied to all ''inbound and outbound'' email with attachments. A reject notice will automatically be sent to any sender attempting to send to, or from, the XMission mail system.

Business customers with hosted Zimbra email do not have attachments blocked between accounts on their domain.

==Blocked file types==
Rejected files end in: '''scr, vbs, dll, exe, shs, bat, lnk, pif, chm, hta, com, cmd, reg, js, cpl, jsp, vbe, sys, btm, pfr, vb'''

==Maximum Attachment Sizes==
XMission allows email attachments with the following sizes:

* Up to 10 MB for @xmission.com accounts via [https://webmail.xmission.com Webmail.XMission.com].
* Up to 50 MB for @xmission.com email sent with mail applications.
* Up to 50 MB for our hosted Zimbra email.
* Up to 100 MB for our hosted Zimbra email to another one of our hosted Zimbra email accounts.
'''Note: MIME encoding will change the size of the of the attachment significantly.'''

== Maximum Recipient Limit ==
* Up to 500 on [https://zimbra.xmission.com Zimbra] via web interface.
* Up to 1000 using a mail application.
To send in larger increments, please inquire with our sales department about our Mailing List product.

==Learn more==
Learn how XMission [http://transmission.xmission.com/2013/08/14/how-xmission-spam-and-virus-filtering-works filters for viruses and spam].

[[Category: Email]]

Email

2022-11-17T16:57:27Z

Benjii:

<h3>Information</h3>
*[[Zimbra Domain Email and Collaboration Suite|Zimbra Email and Collaboration Suite]]
*[https://xmission.com/blog/?s=zimbra Zimbra power tips on our XMission blog]
*[[Hosted_Email:Zimbra_Self-Service_Account_Recovery|Zimbra Self-Service Account Recovery]]
*[[Zimbra_Two-Factor_Authentication| Zimbra Two-Factor Authentication]]
*[[Zimbra Cloud]] Supported by XMission

<h3>Setup Instructions</h3>
*[[Client_Configuration_for_%40XMission.com_Email|XMission.com Email Configuration Instructions]]
*[[Zimbra_Email_Client_Configurations|Zimbra Email Configuration Instructions]]
*[[General Email Settings]]
*[[New_Webmail_Interface|XMission webmail help for @xmission.com email accounts]]

<h3> Miscellaneous</h3>
*[[Delist Request | Request delisting from XMission RBL blocklist.]]
*[[Suffix_support | Suffix support adds unlimited address options to your XMission email]]
*[[Email attachments | Security: Why certain email attachments are blocked by XMission.]]
*[[LDAP/Active Directory | Authenticating XMission hosted Zimbra with customer LDAP/Active Directory.]]
*[[Phishing_and_Email_Scams | Protect yourself from phishing.]]

[[Category:Email]]

Hosted Email:iOS

2022-11-10T23:16:16Z

Benjii:

This iOS profile is specific to Premium Edition mailboxes on the XMission Zimbra Collaboration platform.

==== Download the Profile ====
Download the XMission email profile by loading this webpage on your iOS device and then
'''[https://asset.xmission.com/xmission-zimbra-premium-signed.mobileconfig tapping here]'''.

This profile will sync all your Mail, Contacts, personal Calendars, as well as the Notes and Reminders the iOS device provides.

This profile will not sync any calendars shared with you by other mailboxes on your domain.

''Note:'' Clients with any shared calendars should [https://wiki.xmission.com/Hosted_Email:iOS#Profile_for_Multiple_Calendars use this calendar sharing profile linked below]. or disable calendars and reminders in the iOS settings and then manually configure those using CalDAV.

Shortcut: [http://url.xmission.com/iosp http://url.xmission.com/iosp] is an easily shareable link to use when installing.

==== You will see the "Install Profile" for XMission Zimbra Premium launch. Tap the '''Install''' button. ====
[[Image:Ios-zimbra-premium-1.png]]

==== Enter your device's lock code or password: ====
[[Image:Ios-zimbra-premium-2.png]]

==== Enter your email address: ====

If you have purchased Hosted Email for another domain other than @xmission.com, enter that email address with that domain.

[[Image:Ios-zimbra-premium-3.png]]

==== Enter your email address again: ====
If you have purchased Hosted Email for another domain other than @xmission.com, enter that email address with that domain.

[[Image:Ios-zimbra-premium-4.png]]

==== Enter your password: ====

[[Image:Ios-zimbra-premium-5.png]]

[[Category:Client Email Configuration|XMission Email|iPhone / iPad]]
[[Category:XMission Email|iPhone / iPad]]

=== Deleting the Profile ===
If you no longer want this configuration on your device, you can remove the profile.

# Go into Settings
# Click General
# Click on "VPN & Device Management"
# Click on the XMission profile
# Remove the Profile.

=== Profile for Multiple Calendars ===

Hosted Email clients with shared calendars should utilize this profile by '''[https://asset.xmission.com/xmission-zimbra-premium-caldav-signed.mobileconfig tapping here]'''.

Requirements:

You '''must disable''' the Calendars and Reminders inside iOS "Mail" and "Calendar" Settings for "XMission Zimbra Mail & Contacts". The "XMission Zimbra Calendars & Reminders" entry will provide this functionality.

Turn off the "[ ] Enable delegation for Apple iCal CalDAV client" setting inside Zimbra webmail Preferences / Calendar. Be sure to "Save" the setting inside webmail and then refresh your calendars on the iOS device.

Recommended Routers

2022-08-26T15:39:32Z

Benjii:

== Recommended Routers ==

When it comes to your connection, your router is one of the most important devices you can add to your home network. We know that routers are not cheap, however in order to meet the demand of your daily wifi needs, you may need to invest a little more money in a router that will cover your entire home with little dead spots.

'''Keep in mind that while any gigabit router is compatible, XMission recommends the following products based on feedback from our staff and customers. The products below are not required for service. You should choose a router that fits your budget. '''

* Please remember XMission cannot guarantee advertised speeds over a wireless connection. When available we recommend the use of Ethernet Cables.

<hr>

{|
| style="width: 375px;padding:5px;text-align:center;vertical-align:top;" | [[File:AsusAX5700-w.jpg|200px]]
| style="width: 375px;padding:5px;text-align:left;vertical-align:top;" | ''' [https://amzn.to/3ynwJXm ASUS AX-5700]: '''
'''Specifications:'''
<br>'''Brand:''' ASUS
<br>'''Model:''' AX-5700
<br>'''WiFi:''' WiFi 6/Dual-band
<br>'''Antennas:''' 3 - Removable
<br>'''Ports:''' 1 WAN / 1 Multi-Gig WAN / 4 LAN gigabit / 2 USB 3.0
<br>'''Price:''' $249.99 - Amazon
<br>'''[https://www.asus.com/us/Networking-IoT-Servers/WiFi-Routers/ASUS-Gaming-Routers/RT-AX86U/techspec/ Product Specifications]'''
<br>'''[https://www.asus.com/us/Networking-IoT-Servers/WiFi-Routers/ASUS-Gaming-Routers/RT-AX86U/HelpDesk_Manual/ User Guide]'''
<br>'''Includes:'''
* Comercial-grade home network security
* Lifetime free ASUS AIProtection Pro, powered by Trend Micro
* WPA3
* Advanced Parental Controls
|}
<br><br>
{|
| style="width: 375px;padding:5px;text-align:center;vertical-align:top;" |[[File:NetgearOrbi-w.jpg|200px]]
| style="width: 375px;padding:5px;text-align:left;vertical-align:top;" | '''[https://amzn.to/39U69f8 Netgear Orbi Wifi 6]'''
'''Specifications:'''
<br>'''Brand:''' NETGEAR
<br>'''Model:''' Orbi WiFi 6
<br>'''WiFi:''' WiFi 6/Tri-band
<br>'''Antennas:''' 8
<br>'''Ports:''' 1 Multi-Gig WAN / 3 LAN on router / 2 LAN on satellite
<br>'''Price:''' $349.99 - Amazon
<br>'''[https://www.netgear.com/home/wifi/mesh/rbk752/ Product Specifications]'''
<br>'''[http://www.downloads.netgear.com/files/GDC/RBK752/RBK752_UM_EN.pdf User Guide]'''
<br>'''Includes:'''
* NETGEAR Armor cybersecurity by Bitdefender 30-day free trial
* NETGEAR Smart Parental Controls 30-day free trial
* Easy setup in minutes with Orbi App
|}
<br><br>
{|
| style="width: 375px;padding:5px;text-align:center;vertical-align:top;" |[[File:TplinkAX6000-w.jpg|200px]]
| style="width: 375px;padding:5px;text-align:left;vertical-align:top;" | '''[https://amzn.to/3HXlgkD TP-Link AX6000]'''
'''Specifications:'''
<br>'''Brand:''' TP-Link
<br>'''Model:''' AX-6000
<br>'''WiFi:''' WiFi 6/Dual-band
<br>'''Antennas:''' 8
<br>'''Ports:''' 1 Multi-Gig WAN / 8 LAN gigabit / 1 USB-A 3.0 / 1 USB-C 3.0
<br>'''Price:''' $259.99 - Amazon
<br>'''[https://www.tp-link.com/us/home-networking/wifi-router/archer-ax6000/#specifications Product Specifications]'''
<br>'''[https://www.tp-link.com/us/support/download/archer-ax6000/ User Guide]'''
<br>'''Includes:'''
* Free lifetime subscriptions to TP-LINK HomeCare
* Next-level Antivirus
* Robust Parental Controls
* QoS
|}
<br><br>
{|
| style="width: 375px;padding:5px;text-align:center;vertical-align:top;" | [[File:TplinkDecoX20-w.jpg|200px]]
| style="width: 375px;padding:5px;text-align:left;vertical-align:top;" | '''[https://amzn.to/3nlbj6Z Mesh Deco X20] '''
'''Specifications:'''
<br>'''Brand:''' TP-Link
<br>'''Model:''' Mesh Deco X20
<br>'''WiFi:''' WiFi 6/Dual-band
<br>'''Antennas:''' 4
<br>'''Ports:''' 1 Gig WAN / 1 LAN gigabit / 2 LAN gigabit per satelite
<br>'''Price:''' $179.99 - Amazon 2-pack / $199 - Amazon 3-pack
<br>'''[https://www.tp-link.com/us/deco-mesh-wifi/product-family/deco-x20/#specifications Product Specifications]'''
<br>'''[https://www.tp-link.com/us/support/download/deco-x20/ User Guide]'''
<br>'''Includes:'''
* Free lifetime subscriptions to TP-LINK HomeCare
* Malicious Site Checker
* Infected Device Isolation
* SPI Firewall
* Parental Controls
|}

<br><br>
{|
| style="width: 375px;padding:5px;text-align:center;vertical-align:top;" | [[File:LinksysVelop-w.jpg|200px]]
| style="width: 375px;padding:5px;text-align:left;vertical-align:top;" | '''[https://amzn.to/3HTSHVb Linksys Velop Mesh] '''
'''Specifications:'''
<br>'''Brand:''' Linksys
<br>'''Model:''' Velop AX4000 Tri Band Mesh
<br>'''WiFi:''' WiFi 6/Tri-band
<br>'''Antennas:''' 8
<br>'''Ports:''' 1 Gig WAN / 3 LAN gigabit / USB 3.0 per unit
<br>'''Price:''' $579.99- Amazon 2-pack
<br>'''[https://www.linksys.com/us/velop-ax4000-tri-band-mesh-wifi-6-system-mx8000/p/p-mx8000/ Product Specifications]'''
<br>'''[https://downloads.linksys.com/support/assets/userguide/MX4000Series_UserGuide_INTL_LNKPG-00755_RevB00.pdf User Guide]'''
<br>'''Includes:'''
* Easy setup with Linksys app
* Parental Controls
* Separate guest access
* Linksys Seal

|}
<br><br>
{|
| style="width: 375px;padding:5px;text-align:center;vertical-align:top;" | [[File:NetgearNighthawk-w.jpg|200px]]
| style="width: 375px;padding:5px;text-align:left;vertical-align:top;" | '''[https://amzn.to/3nrpJCt NETGEAR Nighthawk AX5400] '''
'''Specifications:'''
<br>'''Brand:''' NETGEAR
<br>'''Model:''' Nighthawk Pro AX5400
<br>'''WiFi:''' WiFi 6/Dual-band
<br>'''Antennas:''' 4 - Removeable
<br>'''Ports:''' 1 Gig WAN / 4 LAN gigabit / USB 3.0
<br>'''Price:''' $299.99- Amazon
<br>'''[https://www.netgear.com/home/wifi/routers/rax50/ Product Specifications]'''
<br>'''[https://www.downloads.netgear.com/files/GDC/RAX50/RAX50_UM_EN.pdf User Guide]'''
<br>'''Includes:'''
* Easy Setup with Nighthawk App
* NETGEAR Smart Parental Controls
* NETGEAR Armor
|}
<br><br>
{|
| style="width: 375px;padding:5px;text-align:center;vertical-align:top;" | [[File:AsusRog-w.jpg|200px]]
| style="width: 375px;padding:5px;text-align:left;vertical-align:top;" | '''[https://amzn.to/3u5vCcr ASUS ROG Rapture AX11000] '''
'''Specifications:'''
<br>'''Brand:''' ASUS
<br>'''Model:''' ROG Rapture WiFi 6 Gaming Router
<br>'''WiFi:''' WiFi 6/Dual-band
<br>'''Antennas:''' 8 - Removeable
<br>'''Ports:''' 1 Gig WAN / 2.5 Gig LAN / 4 LAN gigabit / USB 3.0
<br>'''Price:''' $349.99- Amazon
<br>'''[https://rog.asus.com/us/networking/rog-rapture-gt-ax11000-model/spec Product Specifications]'''
<br>'''[https://rog.asus.com/us/networking/rog-rapture-gt-ax11000-model/helpdesk_manual User Guide]'''
<br>'''Includes:'''
* AiProtection Pro by Trend Micro
* Easy Port forwarding
* Simultaneous Gaming and VPN
* ASUS AiMesh Compatible
|}

== Routers on a budget ==
We know that you may not be able to afford the best router out there. So we chose a few that will work when you are in a pinch.

{|
| style="width: 375px;padding:5px;text-align:center;vertical-align:top;" | [[File:Netgearax6700-w.jpg|200px]]
| style="width: 375px;padding:5px;text-align:left;vertical-align:top;" | '''[https://amzn.to/39Wybqp NETGEAR AX1800] '''
'''Specifications:'''
<br>'''Brand:''' NETGEAR
<br>'''Model:''' AX1800 4-Stream Wifi 6 Router
<br>'''WiFi:''' WiFi 6/Dual-band
<br>'''Antennas:''' 3
<br>'''Ports:''' 1 Gig WAN / 4 LAN gigabit
<br>'''Price:''' $119.99- Amazon
<br>'''[https://www.netgear.com/home/wifi/routers/rax10/ Product Specifications]'''
<br>'''[https://www.downloads.netgear.com/files/GDC/RAX10/RAX10_UM_EN.pdf User Guide]'''
<br>'''Includes:'''
* Easy setup with Nighthawk App
* Additional add ons:
** NETGEWAR Armor $99 / year
** NETGEAR Smart Parental Controls $34.99/ year
|}

<br><br>
{|
| style="width: 375px;padding:5px;text-align:center;vertical-align:top;" | [[File:LinksysEA7500.jpg|200px]]
| style="width: 375px;padding:5px;text-align:left;vertical-align:top;" | '''[https://amzn.to/3y1IPUC Linksys EA7300] '''
'''Specifications:'''
<br>'''Brand:''' Linksys
<br>'''Model:''' EA7300
<br>'''WiFi:''' Dual-band
<br>'''Antennas:''' 3
<br>'''Ports:''' 1 Gig WAN / 4 LAN gigabit / USB 3.0
<br>'''Price:''' $129.99 - Amazon
<br>'''[https://www.linksys.com/us/p/P-EA7500/ Product Specifications]'''
<br>'''[http://downloads.linksys.com/downloads/userguide/EA7500-MUG_International_20160610.pdf User Guide]'''
<br>'''Includes:'''
* Easy Setup
* Simultaneous dual band ( 2.4 + 5 GHZ )
* MU-MIMO simultaneously streaming and gamin on multiple devices

|}
<hr>
* Model numbers may vary depending on the most recent revision from the manufacturer and may have different firmware versions.

== Enterprise ==
For intermediate users, or those who would like to take advantage of the full capabilities of the XMission Network, we recommend Ubiquiti's UniFi wireless line: a proprietary mesh-like network environment, commonly used in enterprise-level deployments. XMission's office and some staffers use Ubiquiti for wireless access points.

{|
| style="width: 375px;padding:5px;text-align:center;vertical-align:top;" | [[File:Er-x-01_grande.png|200px]]
| style="width: 375px;padding:5px;text-align:left;vertical-align:top;" | '''[https://amzn.to/3dxPDml EdgeRouter X] '''
'''Specifications:'''
<br>'''Brand:''' Ubiquiti Networks
<br>'''Model:''' ER-X
<br>'''WiFi:''' None
<br>'''Antennas:''' 0
<br>'''Ports:''' 5 Gb ports / 1 data/PoE input port, 3 data ports, 1 data/PoE passthrough port.
<br>'''Price:''' $129.99 - Amazon
<br>'''[https://store.ui.com/collections/operator-edgemax-routers/products/edgerouter-x Product Specifications]'''
<br>'''[https://dl.ubnt.com/guides/edgemax/EdgeRouter_ER-X_QSG.pdf User Guide]'''

|}

<br><br>
{|
| style="width: 375px;padding:5px;text-align:center;vertical-align:top;" | [[File:ER-10X.png|200px]]
| style="width: 375px;padding:5px;text-align:left;vertical-align:top;" | '''[https://amzn.to/3pm4ROk EdgeRouter 10X] '''
'''Specifications:'''
<br>'''Brand:''' Ubiquiti Networks
<br>'''Model:''' ER-10X
<br>'''WiFi:''' None
<br>'''Antennas:''' 0
<br>'''Ports:''' 1 RJ45 Serial Port / 10 Ethernet Ports / Port 0 Supports PoE in / Port 9 Supports PoE out
<br>'''Price:''' $129.99 - Amazon
<br>'''[https://store.ui.com/collections/routing-switching/products/edgerouter-10x Product Specifications]'''
<br>'''[https://dl.ubnt.com/qsg/ER-10X/ER-10X_EN.html User Guide]'''

|}

== Placement of your router ==
The placement of your router is very important. Your wireless signal will need to travel from your router to where you are in your home. Putting your router in a utility closet is probably not the best choice, if your utility closet is in your basement and you spend all day upstairs. You may want to reconsider a more central location for your router. Materials such as concrete, metal, brick and sheetrock - you know the stuff your walls are made from - can and will impact the strength of your wireless signal.

== Router Issues ==
If you continue to have issues with your current router, it may be time to upgrade. If after talking with our support department and we have walked you through factory resetting your router and updating the firmware with no change to performance, then it may be time to get a new router. You can visit our [[Router and Wireless Troubleshooting]] guide to help you further.

[[Category: Troubleshooting]]
[[Category: UTOPIA]]
[[Category: UTOPIA Troubleshooting‏‎]]

Zimbra Email Client Configurations

2022-07-14T19:07:01Z

Benjii:

__TOC__

These easy to follow instructions will help you configure your favorite client for use with your Zimbra email service.<br/>
For greater convenience, you can always access your mail at https://zimbra.xmission.com/

For more help, reference the video repository of helpful tips on the [https://www.youtube.com/channel/UCcB648SoNlCNvyIh4arcTGg Zimbra YouTube Channel].

<h2 style="padding-top:1.5em">Recommended Email Settings</h2>
<p>XMission always recommends an IMAP email configuration [https://xmission.com/blog/2009/02/09/why-imap-rules heres why.]</p>
{| style="text-align: left; border: 1px solid #ccc;" cellspacing="0" cellpadding="2"
! style="border-bottom:1px solid #ccc; background-color: #eef; padding:2px 8px" colspan=2 | Incoming Server Information:
! style="border-style: solid; border-width: 0 0 1px 1px; border-color:#ccc; background-color: #eef; padding:2px 8px" colspan=2 | Outgoing Server Information:
|-
|style="padding:2px 8px" |Server Type: || IMAP
|style="border-left:1px solid #ccc; padding:2px 8px" | Server Type: || SMTP
|-
|style="padding:2px 8px" |Hostname: || zimbra.xmission.com
|style="border-left:1px solid #ccc; padding:2px 8px" | Hostname: || zimbra.xmission.com  
|-
|style="padding:2px 8px" |Port: || 993
|style="border-left:1px solid #ccc; padding:2px 8px" | Port: || 587
|-
|style="padding:2px 8px" |Enable encryption: || Yes.
|style="border-left:1px solid #ccc; padding:2px 8px" | Enable encryption: || Yes. (TLS/SSL)
|-
|style="padding:2px 8px" |Authenticate Using: || Password
|style="border-left:1px solid #ccc; padding:2px 8px" | Requires Authentication: || Yes
|-
|style="padding:2px 8px" |Login User Name: || Your full email address  
|style="border-left:1px solid #ccc; padding:2px 8px" |Login User Name || Your full email address
|-
|style="padding:2px 8px" |Alternate Port: || 143  
|style="border-left:1px solid #ccc; padding:2px 8px" |
|}
{|
|-
||Webmail Interface: |||[https://zimbra.xmission.com/ https://zimbra.xmission.com/]
|-
||Admin Interface: |||[https://zimbraadmin.xmission.com https://zimbraadmin.xmission.com]
|-
||Folders: ||| Sent Mail = "Sent", Drafts = "Drafts", Trash = "Trash", Spam = "Junk"
|-
||MX Record: ||| mx.xmission.com
|}

- Please note that some free wireless hotspots may block SSL without an extra fee. If you cannot send or receive while on certain wifi networks (especially ones in airports or public spaces) please check their terms and conditions and ensure they are not blocking SSL connections.<br/><br/>

<h2>Videos</h2>
*[https://www.youtube.com/watch?v=vIshNacUSLU Setting up Zimbra Email on Mac using IMAP]

<h2>Windows 10 / 8.x / 7 / Vista</h2>
*[[Hosted_Email:Outlook_2013|Outlook 2013/2016/365]]
*[[Hosted_Email:Outlook_2010|Outlook 2010]]
*[[Hosted_Email:Outlook_Connector|Outlook Connector for Zimbra Premium]] and Personal Premium Zimbra accounts
*[[Hosted_Email:Thunderbird_Zimbra_41|Thunderbird 41]]

'''Archive Windows'''
The following Microsoft Widows mail applications are out of date and no longer supported beyond the settings provided below.
Zimbra platform does not guarantee compatibility on all legacy mail applications as many are outside RFE compliance and lack proper security.
* Windows XP - Mail applications on this OS will still work but are no longer supported
*[[Hosted_Email:Outlook_2007|Outlook 2007]] <- Please upgrade your mail application to a current version.
*[[Outlook 2003]] <- Please upgrade your mail application to a current version.
*[[Hosted_Email:Windows_Mail|Windows Live Mail]] <- Please upgrade your mail application to a current version.
*[[Hosted_Email:Outlook_Express|Outlook Express]] <- Please upgrade your mail application to a current version.
*[[Hosted_Email:Thunderbird_Setup|Thunderbird 3]] <-- Please upgrade your mail application to a current version.

<h2>Mac OS</h2> These settings are compatible across the bulk all OS X versions.
*[[Hosted_Email:Outlook_Exchange_on_Mac|Outlook Exchange on Mac]] - For Personal Premium and Zimbra Business accounts
*[[Hosted_Email:MacMail_10.x|Mac Mail 10.x]] Same settings for Mail 11.X and 12.X.
** Video Tutorial - [https://www.youtube.com/watch?v=vIshNacUSLU Setting up Zimbra on Mac Mail]
*[[Hosted_Email:MacMail_9.x|Mac Mail 9.x]]
**[[Hosted_Email:Calendar_Sync_OSX|Calendar Sync]] - for Personal Premium and Zimbra Business accounts
**[[Hosted_Email:Contacts_Sync_OSX|Contacts Sync]] - for Personal Premium and Zimbra Business accounts
*[[Hosted_Email:Thunderbird_Mac|Thunderbird Mac]]
*[[Hosted_Email:Mutt|Mutt]]

'''Archive Mac OS'''
The following Mac mail applications are out of date and no longer supported beyond the settings provided below.
Zimbra platform does not guarantee compatibility on all legacy mail applications as many are outside RFE compliance and lack proper security.
*[[Hosted_Email:MacMail_7.x|Mac Mail 7.x]]
*[[Hosted_Email:MacMail_3|Mac Mail 3.x]]

<h2>Linux</h2>
*[[Hosted_Email:Thunderbird_Setup_Linux|Thunderbird Linux]]
*[[Hosted_Email:Evolution|Evolution Mail]]

<h2>Mobile</h2>
*[[Hosted Email Base:iOS|Apple iOS Devices - iPhone/iPad]] - Zimbra Base and Standard Accounts
*[[Hosted_Email:iOS|Apple iOS Devices - iPhone/iPad]] - Zimbra Premium Account configuration with Profile
*[[Apple iOS Devices - iPhone iPad with Exchange]] - Zimbra Business Premium, XMission.com Personal Zimbra email, & Consumer Edition w/ ActiveSync, Exchange setting
*[[Hosted_Email:Android|Android]]
*[[Android Portable Devices with Microsoft Exchange]] - Zimbra Business Premium, XMission.com Personal Zimbra, and Consumer Edition w/ ActiveSync, Exchange setting
*[[Hosted_Email:Windows_Mobile|Windows Mobile & Windows Phone 8]]
*[[Hosted_Email:BlackBerry|BlackBerry IMAP]]

<h2> Other </h2>

*[[Hosted_Email:Mutt|Mutt]] Terminal based. Works on Linux and Mac OS.
* Zimbra Desktop - Zimbra deprecating at end of 2019. Use configuration settings provided at top of page.

<h2> Convert from POP to IMAP </h2>

* Thunderbird POP to IMAP process: https://support.mozilla.org/en-US/kb/switch-pop-imap-account
* [[Windows Outlook 2007 POP to Zimbra IMAP]] Essentially same instructions for 2003.
* [[Outlook Express POP to Zimbra IMAP]]
* [[Windows Live Mail POP to Zimbra IMAP]]

[[Category:Client Email Configuration|Zimbra]]
[[Category:Zimbra]]

Zimbra Two-Factor Authentication

2022-06-02T02:31:07Z

Benjii: /* How to revoke trusted computer/device */

='''Two Factor Authentication or 2FA'''=

All XMission Zimbra email accounts support a beneficial security practice known as '''two-factor authentication''' (aka, 2FA). This includes both '''base and premium accounts'''. Two-factor authentication provides mailbox protection by combining something you know (your password) and something have (your smartphone or USB-key, etc.) Once configured you will utilize the 2FA authentication with all devices and programs you use for accessing email. All major platforms support and encourage the use of 2FA.

[[File:2fa-diagram-zimbra87.png | 700px | Image (c) Zimbra]]

XMission email customers can opt-out of password yearly password changes by implementing two-factor authentication (2FA).

Once set, your password will never expire unless you disable the advanced authentication.

'''NOTE''': Should you disable 2FA, your password will automatically be set to expire within 30 days and you will have to update your password.

='''How it works'''=
By using both a password and a PIN code from a trusted device, like a smartphone, 2FA adds layers of login security to the account. This helps with preventing brute-forcing passwords, or if your password gets leaked/exposed/found from another site, if you use the same password on multiple systems.

In simple terms, two-factor authentication prevents unauthorized users from accessing the system because they are very unlikely to have both variables to access the account. The password and PIN are needed to login. The PIN is sent to the mailbox owner's smartphone, through something like the Google Authenticator app. If either variable is missing, access is denied.

='''2FA Video Tutorial'''=

Watch this official Zimbra.com video on configuring 2FA inside webmail: https://youtu.be/_eEwnnaEvMU

='''How to enable for the Modern interface'''=

Two-factor authentication is included by default for all XMission Zimbra accounts. This means all '''base and premium''' accounts can use it. Two-factor has to be enabled from the online Zimbra webmail interface for all accounts.

* To enable 2FA go to: '''Settings > Accounts > Select "Primary" Account > Set up two-factor authentication'''

[[file:2FA-01-Setup.png]]

* The first step shows a brief description about two-step authentication. Simply click the '''"Setup two-step authentication ..."''' link to begin the configuration process.

[[file:2FA-02-Setup-PassConfirmation.png]]

* The next step will ask for your current password. Enter and click on '''Next'''.

* Next it will establish the second component the user must have, (the "what you have" such as a smartphone application or usb key). The Two Factor authentication wizard will show a Wiki link with the OTP Apps Zimbra recommends. In this example we will be authenticating with your smartphone. ([https://xmission.com/blog/2017/02/08/6-steps-to-zimbra-two-factor-authentication-with-yubikey Reference this blog post on 2FA with a USB key].)

[[file:2FA-03-Setup-InstallAuthApp.png]]

* Once you have installed the smartphone app, the Zimbra 2FA wizard will show a unique key that the you must enter in the Smartphone OTP App unless you use the QR code instead to connect the app.

[[file:2FA-04-ConnectQR.png]]

=='''How to Install and Configure an OTP smartphone app'''==

In this example, we use Google authenticator, but please visit the Zimbra Wiki where you can find other options.

=== Google Authenticator ===
In the App Store or Play Store, search by Google authenticator, then click Install.
: [https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en_US&gl=US Google Play Store - Google Authenticator]
: [https://apps.apple.com/us/app/google-authenticator/id388497605 App Store - Google Authenticator]

* Once the app is installed, open it, and click '''Get Started'''.

[[file:GoogleAuth-01.jpg|300px]]

* The app will ask if you want to scan a QR code or enter the setup key.

[[file:GoogleAuth-02.jpg|300px]]

* All done! Now the app is configured and will show a 6-digit code that changes after 15 seconds.

=='''Finishing the configuration in the Web Client'''==

* Once the user has the App configured and showing the 6 digit code, the user can enter the Code in the wizard window and click '''Next'''.

[[file:2FA-05-Setup-EnterAuthCode.png]]

* The two-step authentication feature is now enabled, and the user will be prompted for a code in each new Browser, smartphone, computer, or app where he or she tries to access the account.

[[file:2FA-06-Setup-Successful.png]]

* In the users’ Settings > Accounts > Select "Primary" Account (if the Admin has enabled these options under the COS), the user will see more options like the one-time codes, Trusted devices, and Applications.

=='''Testing Zimbra Two-factor authentication'''==

We recommend testing from a new web browser session on another computer.

Time to test from another web browser, computer, smartphone, or the Zimbra Desktop application, you should successfully pass the two-factor authentication process.

For example on the Web Client: One-time Codes

[[file:OneTimeCodes.png]]

<span style="color: #ff0000;"><strong>NOTE:</strong></span> With the two-factor authentication enabled, there may be a situation where you don't have the secondary device (phone/usb key). This is where Zimbra allows the use of one-time codes. This feature allows you to generate multiple codes to use in case of emergency. The total number of one-time codes can be configured by XMission. If you need these refreshed let us know.

From the Settings section of the Primary account for Two-Factor authentication you will find the "One-time Codes" option, click '''View''' to see your available codes. You must keep the codes secure (written somewhere, in another device, etc.). Just be certain it is an absolutely secure area where others won't find it.

=='''Trusted Devices'''==

Zimbra Web Client and Zimbra Touch Client can be configured as trusted devices during the second challenge stage of two-factor authentication. Once the computer/device is established as trusted you will only need to provide standard credentials, bypassing the two-factor code.

[[file:TrustedDevices.png]]

=='''How to trust a computer/device'''==

Once the user enters two-factor code in the login screen the user will have to select the check box '''Trust this computer''' and click '''Verify''' to trust the current computer/device. User can trust more than one computer/device.

[[file:HowToTrust.png]]

=='''How to revoke trusted computer/device'''==

You can easily revoke a trusted computer/device in Settings > Accounts > Select "Primary" Account > Trusted Devices found in your Zimbra webmail. Revoke trust for any selected device by clicking "revoke this device" link or get rid of them all by clicking on "revoke all other devices" link.

[[file:2FA-06-Setup-Successful.png]]

=='''Application Passcode'''==

Clients such as IMAP or ActiveSync do not support the UI flow needed for TOTP authentication. This means that you will need to use the Application Code section to create codes for IMAP and ActiveSync use. For these users need to generate application passcode.

===Application passcodes:===

Randomly generated.
Can be created by giving a label and revoked by their label.
Changing account password will revoke all application passcodes.

===How to create an application passcode===

* Users can create an application passcode by navigating to '''Settings > Accounts > Select "Primary" Account''' and selecting '''"Add a passcode"''' button.

[[file:AppPasscode-01-AddingPasscode.png]]

* Next enter the application name you desire in the '''"Add a passcode"''' dialog and click '''Next'''.

[[file:AppPasscode-02-AddPasscode.png]]

* Application passcode will get generated, then it can be used to sign in to your account from that device.

[[file:AppPasscode-03-PasscodeForApp.png]]

==Revoking Application Codes==

Once the user generates application passcode user can revoke it by navigating to '''Settings > Accounts > Select "Primary" Account''' in Zimbra Web Client. Users can revoke this application passcode after selecting the required name in the list.

='''How to enable for the Classic interface'''=

Two-factor authentication is included by default for all XMission Zimbra accounts. This means all '''base and premium''' accounts can use it. Two-factor has to be enabled from the online Zimbra webmail interface for all accounts.

* To enable 2FA go to: '''Preferences > Accounts > Account Security, Setup two-step authentication'''

[[file:2fa_XM_Zimbra_AccountSecurity.png| Image (c) Zimbra]]

* Simply click the "Setup two-step authentication ..." link to begin the configuration process.

* The first step shows a brief description about two-step authentication. Next click on '''Begin Setup'''.

[[File:2fa_XM_Zimbra_Begin_Setup.png| Image (c) Zimbra]]

* The next step will ask for your current password. Enter and click on '''Next'''.

* Next it will establish the second component the user must have, (the "what you have" such as a smartphone application or usb key). The Two Factor authentication wizard will show a Wiki link with the OTP Apps Zimbra recommends. In this example we will be authenticating with your smartphone. ([https://xmission.com/blog/2017/02/08/6-steps-to-zimbra-two-factor-authentication-with-yubikey Reference this blog post on 2FA with a USB key].)

* Once you have installed the smartphone app, the Zimbra 2FA wizard will show a unique key that the you must enter in the Smartphone OTP App.

[[File:2fa_XM_Zimbra_code_example.png| Image (c) Zimbra]]

=='''How to Install and Configure an OTP smartphone app'''==

In this example, we use Google authenticator, but please visit the Zimbra Wiki where you can find other options.

=== Google Authenticator ===
In the App Store or Play Store, search by Google authenticator, then click Install.
: [https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en_US&gl=US Google Play Store - Google Authenticator]
: [https://apps.apple.com/us/app/google-authenticator/id388497605 App Store - Google Authenticator]

* Once the app is installed, open it, and click '''Get Started'''.

[[file:GoogleAuth-01.jpg|300px]]

* The app will ask if you want to scan a QR code or enter the setup key.

[[file:GoogleAuth-02.jpg|300px]]

* All done! Now the app is configured and will show a 6-digit code that changes after 15 seconds.

=='''Finishing the configuration in the Web Client'''==

* Once the user has the App configured and showing the 6 digit code, the user can enter the Code in the wizard window and click Next.

[[File:2fa6.png| Image (c) Zimbra]]

* The two-step authentication feature is now enabled, and the user will be prompted for a code in each new Browser, smartphone, computer, or app where he or she tries to access the account.

[[File:2fa7.png| Image (c) Zimbra]]

* In the users’ Preferences > Accounts > Account Security (if the Admin has enabled these options under the COS), the user will see more options like the one-time codes, Trusted devices, and Applications.

[[File:2fa8.png| Image (c) Zimbra]]

=='''Testing Zimbra Two-factor authentication'''==

We recommend testing from a new web browser session on another computer.

Time to test from another web browser, computer, smartphone, or the Zimbra Desktop application, you should successfully pass the two-factor authentication process.

For example on the Web Client: One-time Codes

[[File:2fa10.png| Image (c) Zimbra]]

<span style="color: #ff0000;"><strong>NOTE:</strong></span> With the two-factor authentication enabled, there may be a situation where you don't have the secondary device (phone/usb key). This is where Zimbra allows the use of one-time codes. This feature allows you to generate multiple codes to use in case of emergency. The total number of one-time codes can be configured by XMission. If you need these refreshed let us know.

From the Preferences settings for 2FA you will find "One-time Codes" option, click '''View''' to see your available codes. You must keep the codes secure (written somewhere, in another device, etc.). Just be certain it is an absolutely secure area where others won't find it.

=='''Trusted Devices'''==

Zimbra Web Client and Zimbra Touch Client can be configured as trusted devices during the second challenge stage of two-factor authentication. Once the computer/device is established as trusted you will only need to provide standard credentials, bypassing the two-factor code.

[[File:Trusteddevices2.png]]

=='''How to trust a computer/device'''==

Once the user enters two-factor code in the login screen the user will have to select the check box '''Trust this computer''' and click '''Verify''' to trust the current computer/device. User can trust more than one computer/device.

[[File:Trusteddevices1.png]]

=='''How to revoke trusted computer/device'''==

You can easily revoke a trusted computer/device in Preferences > Accounts > Trusted Devices found in your Zimbra webmail. Revoke trust for any selected device by clicking "revoke this device" link or get rid of them all by clicking on "revoke all other devices" link.

[[File:Trusteddevices3.png]]

=='''Application Passcode'''==

Clients such as IMAP or ActiveSync do not support the UI flow needed for TOTP authentication. This means that you will need to use the Application Code section to create codes for IMAP and ActiveSync use. For these users need to generate application passcode.

===Application passcodes:===

Randomly generated.
Can be created by giving a label and revoked by their label.
Changing account password will revoke all application passcodes.

===How to create an application passcode===

* Users can create an application passcode by navigating to '''Preferences > Accounts > Applications''' and selecting Add Application Code button.

[[File:Appcode1.png]]

* Next enter the application name you desire in the '''"Add Application Code"''' dialog and click Next.

[[File:Appcode2.png]]

* Application passcode will get generated, then it can be used to sign in to your account from that device.

[[File:Appcode3.png]]

==Revoking Application Codes==

Once the user generates application passcode user can revoke it by navigating to '''Preferences > Accounts > Applications''' in Zimbra Web Client. Users can revoke this application passcode after selecting the required name in the list.

=Known Issues=

===Zimbra bugs===

[https://bugzilla.zimbra.com/show_bug.cgi?id=103824 Bug 103824] {AUTH} Provide 2FA configuration capability in ZCO

[https://bugzilla.zimbra.com/show_bug.cgi?id=104144 Bug 104144] 2fa:ReferenceError: AjxDebug is not defined when zimbraFeatureTwoFactorAuthRequired in multinode rolling upgrade environment

[https://bugzilla.zimbra.com/show_bug.cgi?id=104648 Bug 104648] allow clearing 2FA data from admin console

[https://bugzilla.zimbra.com/show_bug.cgi?id=105678 Bug 105678] Application specific password entry should be purged when 2FA disabled from Admin Console

===Notes===

Disabling two-factor authentication using Admin console does not clear user's two-factor data. Admin can disable user's two-factor authentication in case user is facing issues with authentication using TOTP/scratch codes. Re-enabling user's two-factor authentication using Admin console after user's problem has got resolved will allow user to use two-factor authentication. In future, Bug 104648 will allow Admin to clear user's two-factor data.

===Third party issues===

Issue - Mail client issues with application passcode

Scenario: User's zimbra account is configured on EWS Apple Mail and Thunderbird (IMAP/POP3). User enables 2FA using Web client, adds application passcodes for Apple Mail and Thunderbird applications.

Expected behavior: Both clients (Apple Mail) and Thunderbird should prompt for new password, user if enters application passcode, authentication should succeed.

Current behavior:

EWS Apple Mail app complains about connection failure and provides option to enter new password, wherein entering correct application passcode does not work. Only option is to Edit Account and provide new password, which works correctly.

Thunderbird (IMAP/POP3) prompts for new password after some time (after few minutes or sometimes after restarting client)

===Failed Login Attempts===

Please note, use of Two-Factor Authentication (2FA) does not prevent account suspension due to exceeding [https://wiki.xmission.com/Hosted_Email:_Admin_Panel#Password_Expiration_and_Failed_Login_Attempts failed login attempts] limits.

[[Category:Email]]
[[Category:Zimbra]]

Zimbra Two-Factor Authentication

2022-05-06T22:42:22Z

Benjii:

='''Two Factor Authentication or 2FA'''=

All XMission Zimbra email accounts support a beneficial security practice known as '''two-factor authentication''' (aka, 2FA). This includes both '''base and premium accounts'''. Two-factor authentication provides mailbox protection by combining something you know (your password) and something have (your smartphone or USB-key, etc.) Once configured you will utilize the 2FA authentication with all devices and programs you use for accessing email. All major platforms support and encourage the use of 2FA.

[[File:2fa-diagram-zimbra87.png | 700px | Image (c) Zimbra]]

XMission email customers can opt-out of password yearly password changes by implementing two-factor authentication (2FA).

Once set, your password will never expire unless you disable the advanced authentication.

'''NOTE''': Should you disable 2FA, your password will automatically be set to expire within 30 days and you will have to update your password.

='''How it works'''=
By using both a password and a PIN code from a trusted device, like a smartphone, 2FA adds layers of login security to the account. This helps with preventing brute-forcing passwords, or if your password gets leaked/exposed/found from another site, if you use the same password on multiple systems.

In simple terms, two-factor authentication prevents unauthorized users from accessing the system because they are very unlikely to have both variables to access the account. The password and PIN are needed to login. The PIN is sent to the mailbox owner's smartphone, through something like the Google Authenticator app. If either variable is missing, access is denied.

='''2FA Video Tutorial'''=

Watch this official Zimbra.com video on configuring 2FA inside webmail: https://youtu.be/_eEwnnaEvMU

='''How to enable for the Modern interface'''=

Two-factor authentication is included by default for all XMission Zimbra accounts. This means all '''base and premium''' accounts can use it. Two-factor has to be enabled from the online Zimbra webmail interface for all accounts.

* To enable 2FA go to: '''Settings > Accounts > Select "Primary" Account > Set up two-factor authentication'''

[[file:2FA-01-Setup.png]]

* The first step shows a brief description about two-step authentication. Simply click the '''"Setup two-step authentication ..."''' link to begin the configuration process.

[[file:2FA-02-Setup-PassConfirmation.png]]

* The next step will ask for your current password. Enter and click on '''Next'''.

* Next it will establish the second component the user must have, (the "what you have" such as a smartphone application or usb key). The Two Factor authentication wizard will show a Wiki link with the OTP Apps Zimbra recommends. In this example we will be authenticating with your smartphone. ([https://xmission.com/blog/2017/02/08/6-steps-to-zimbra-two-factor-authentication-with-yubikey Reference this blog post on 2FA with a USB key].)

[[file:2FA-03-Setup-InstallAuthApp.png]]

* Once you have installed the smartphone app, the Zimbra 2FA wizard will show a unique key that the you must enter in the Smartphone OTP App unless you use the QR code instead to connect the app.

[[file:2FA-04-ConnectQR.png]]

=='''How to Install and Configure an OTP smartphone app'''==

In this example, we use Google authenticator, but please visit the Zimbra Wiki where you can find other options.

=== Google Authenticator ===
In the App Store or Play Store, search by Google authenticator, then click Install.
: [https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en_US&gl=US Google Play Store - Google Authenticator]
: [https://apps.apple.com/us/app/google-authenticator/id388497605 App Store - Google Authenticator]

* Once the app is installed, open it, and click '''Get Started'''.

[[file:GoogleAuth-01.jpg|300px]]

* The app will ask if you want to scan a QR code or enter the setup key.

[[file:GoogleAuth-02.jpg|300px]]

* All done! Now the app is configured and will show a 6-digit code that changes after 15 seconds.

=='''Finishing the configuration in the Web Client'''==

* Once the user has the App configured and showing the 6 digit code, the user can enter the Code in the wizard window and click '''Next'''.

[[file:2FA-05-Setup-EnterAuthCode.png]]

* The two-step authentication feature is now enabled, and the user will be prompted for a code in each new Browser, smartphone, computer, or app where he or she tries to access the account.

[[file:2FA-06-Setup-Successful.png]]

* In the users’ Settings > Accounts > Select "Primary" Account (if the Admin has enabled these options under the COS), the user will see more options like the one-time codes, Trusted devices, and Applications.

=='''Testing Zimbra Two-factor authentication'''==

We recommend testing from a new web browser session on another computer.

Time to test from another web browser, computer, smartphone, or the Zimbra Desktop application, you should successfully pass the two-factor authentication process.

For example on the Web Client: One-time Codes

[[file:OneTimeCodes.png]]

<span style="color: #ff0000;"><strong>NOTE:</strong></span> With the two-factor authentication enabled, there may be a situation where you don't have the secondary device (phone/usb key). This is where Zimbra allows the use of one-time codes. This feature allows you to generate multiple codes to use in case of emergency. The total number of one-time codes can be configured by XMission. If you need these refreshed let us know.

From the Settings section of the Primary account for Two-Factor authentication you will find the "One-time Codes" option, click '''View''' to see your available codes. You must keep the codes secure (written somewhere, in another device, etc.). Just be certain it is an absolutely secure area where others won't find it.

=='''Trusted Devices'''==

Zimbra Web Client and Zimbra Touch Client can be configured as trusted devices during the second challenge stage of two-factor authentication. Once the computer/device is established as trusted you will only need to provide standard credentials, bypassing the two-factor code.

[[file:TrustedDevices.png]]

=='''How to trust a computer/device'''==

Once the user enters two-factor code in the login screen the user will have to select the check box '''Trust this computer''' and click '''Verify''' to trust the current computer/device. User can trust more than one computer/device.

[[file:HowToTrust.png]]

=='''How to revoke trusted computer/device'''==

You can easily revoke a trusted computer/device in Settings > Accounts > Select "Primary" Account > Trusted Devices found in your Zimbra webmail. Revoke trust for any selected device by clicking "revoke this device" link or get rid of them all by clicking on "revoke all other devices" link.

[[file:RevokeTrust.png]]

=='''Application Passcode'''==

Clients such as IMAP or ActiveSync do not support the UI flow needed for TOTP authentication. This means that you will need to use the Application Code section to create codes for IMAP and ActiveSync use. For these users need to generate application passcode.

===Application passcodes:===

Randomly generated.
Can be created by giving a label and revoked by their label.
Changing account password will revoke all application passcodes.

===How to create an application passcode===

* Users can create an application passcode by navigating to '''Settings > Accounts > Select "Primary" Account''' and selecting '''"Add a passcode"''' button.

[[file:AppPasscode-01-AddingPasscode.png]]

* Next enter the application name you desire in the '''"Add a passcode"''' dialog and click '''Next'''.

[[file:AppPasscode-02-AddPasscode.png]]

* Application passcode will get generated, then it can be used to sign in to your account from that device.

[[file:AppPasscode-03-PasscodeForApp.png]]

==Revoking Application Codes==

Once the user generates application passcode user can revoke it by navigating to '''Settings > Accounts > Select "Primary" Account''' in Zimbra Web Client. Users can revoke this application passcode after selecting the required name in the list.

='''How to enable for the Classic interface'''=

Two-factor authentication is included by default for all XMission Zimbra accounts. This means all '''base and premium''' accounts can use it. Two-factor has to be enabled from the online Zimbra webmail interface for all accounts.

* To enable 2FA go to: '''Preferences > Accounts > Account Security, Setup two-step authentication'''

[[file:2fa_XM_Zimbra_AccountSecurity.png| Image (c) Zimbra]]

* Simply click the "Setup two-step authentication ..." link to begin the configuration process.

* The first step shows a brief description about two-step authentication. Next click on '''Begin Setup'''.

[[File:2fa_XM_Zimbra_Begin_Setup.png| Image (c) Zimbra]]

* The next step will ask for your current password. Enter and click on '''Next'''.

* Next it will establish the second component the user must have, (the "what you have" such as a smartphone application or usb key). The Two Factor authentication wizard will show a Wiki link with the OTP Apps Zimbra recommends. In this example we will be authenticating with your smartphone. ([https://xmission.com/blog/2017/02/08/6-steps-to-zimbra-two-factor-authentication-with-yubikey Reference this blog post on 2FA with a USB key].)

* Once you have installed the smartphone app, the Zimbra 2FA wizard will show a unique key that the you must enter in the Smartphone OTP App.

[[File:2fa_XM_Zimbra_code_example.png| Image (c) Zimbra]]

=='''How to Install and Configure an OTP smartphone app'''==

In this example, we use Google authenticator, but please visit the Zimbra Wiki where you can find other options.

=== Google Authenticator ===
In the App Store or Play Store, search by Google authenticator, then click Install.
: [https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en_US&gl=US Google Play Store - Google Authenticator]
: [https://apps.apple.com/us/app/google-authenticator/id388497605 App Store - Google Authenticator]

* Once the app is installed, open it, and click '''Get Started'''.

[[file:GoogleAuth-01.jpg|300px]]

* The app will ask if you want to scan a QR code or enter the setup key.

[[file:GoogleAuth-02.jpg|300px]]

* All done! Now the app is configured and will show a 6-digit code that changes after 15 seconds.

=='''Finishing the configuration in the Web Client'''==

* Once the user has the App configured and showing the 6 digit code, the user can enter the Code in the wizard window and click Next.

[[File:2fa6.png| Image (c) Zimbra]]

* The two-step authentication feature is now enabled, and the user will be prompted for a code in each new Browser, smartphone, computer, or app where he or she tries to access the account.

[[File:2fa7.png| Image (c) Zimbra]]

* In the users’ Preferences > Accounts > Account Security (if the Admin has enabled these options under the COS), the user will see more options like the one-time codes, Trusted devices, and Applications.

[[File:2fa8.png| Image (c) Zimbra]]

=='''Testing Zimbra Two-factor authentication'''==

We recommend testing from a new web browser session on another computer.

Time to test from another web browser, computer, smartphone, or the Zimbra Desktop application, you should successfully pass the two-factor authentication process.

For example on the Web Client: One-time Codes

[[File:2fa10.png| Image (c) Zimbra]]

<span style="color: #ff0000;"><strong>NOTE:</strong></span> With the two-factor authentication enabled, there may be a situation where you don't have the secondary device (phone/usb key). This is where Zimbra allows the use of one-time codes. This feature allows you to generate multiple codes to use in case of emergency. The total number of one-time codes can be configured by XMission. If you need these refreshed let us know.

From the Preferences settings for 2FA you will find "One-time Codes" option, click '''View''' to see your available codes. You must keep the codes secure (written somewhere, in another device, etc.). Just be certain it is an absolutely secure area where others won't find it.

=='''Trusted Devices'''==

Zimbra Web Client and Zimbra Touch Client can be configured as trusted devices during the second challenge stage of two-factor authentication. Once the computer/device is established as trusted you will only need to provide standard credentials, bypassing the two-factor code.

[[File:Trusteddevices2.png]]

=='''How to trust a computer/device'''==

Once the user enters two-factor code in the login screen the user will have to select the check box '''Trust this computer''' and click '''Verify''' to trust the current computer/device. User can trust more than one computer/device.

[[File:Trusteddevices1.png]]

=='''How to revoke trusted computer/device'''==

You can easily revoke a trusted computer/device in Preferences > Accounts > Trusted Devices found in your Zimbra webmail. Revoke trust for any selected device by clicking "revoke this device" link or get rid of them all by clicking on "revoke all other devices" link.

[[File:Trusteddevices3.png]]

=='''Application Passcode'''==

Clients such as IMAP or ActiveSync do not support the UI flow needed for TOTP authentication. This means that you will need to use the Application Code section to create codes for IMAP and ActiveSync use. For these users need to generate application passcode.

===Application passcodes:===

Randomly generated.
Can be created by giving a label and revoked by their label.
Changing account password will revoke all application passcodes.

===How to create an application passcode===

* Users can create an application passcode by navigating to '''Preferences > Accounts > Applications''' and selecting Add Application Code button.

[[File:Appcode1.png]]

* Next enter the application name you desire in the '''"Add Application Code"''' dialog and click Next.

[[File:Appcode2.png]]

* Application passcode will get generated, then it can be used to sign in to your account from that device.

[[File:Appcode3.png]]

==Revoking Application Codes==

Once the user generates application passcode user can revoke it by navigating to '''Preferences > Accounts > Applications''' in Zimbra Web Client. Users can revoke this application passcode after selecting the required name in the list.

=Known Issues=

===Zimbra bugs===

[https://bugzilla.zimbra.com/show_bug.cgi?id=103824 Bug 103824] {AUTH} Provide 2FA configuration capability in ZCO

[https://bugzilla.zimbra.com/show_bug.cgi?id=104144 Bug 104144] 2fa:ReferenceError: AjxDebug is not defined when zimbraFeatureTwoFactorAuthRequired in multinode rolling upgrade environment

[https://bugzilla.zimbra.com/show_bug.cgi?id=104648 Bug 104648] allow clearing 2FA data from admin console

[https://bugzilla.zimbra.com/show_bug.cgi?id=105678 Bug 105678] Application specific password entry should be purged when 2FA disabled from Admin Console

===Notes===

Disabling two-factor authentication using Admin console does not clear user's two-factor data. Admin can disable user's two-factor authentication in case user is facing issues with authentication using TOTP/scratch codes. Re-enabling user's two-factor authentication using Admin console after user's problem has got resolved will allow user to use two-factor authentication. In future, Bug 104648 will allow Admin to clear user's two-factor data.

===Third party issues===

Issue - Mail client issues with application passcode

Scenario: User's zimbra account is configured on EWS Apple Mail and Thunderbird (IMAP/POP3). User enables 2FA using Web client, adds application passcodes for Apple Mail and Thunderbird applications.

Expected behavior: Both clients (Apple Mail) and Thunderbird should prompt for new password, user if enters application passcode, authentication should succeed.

Current behavior:

EWS Apple Mail app complains about connection failure and provides option to enter new password, wherein entering correct application passcode does not work. Only option is to Edit Account and provide new password, which works correctly.

Thunderbird (IMAP/POP3) prompts for new password after some time (after few minutes or sometimes after restarting client)

===Failed Login Attempts===

Please note, use of Two-Factor Authentication (2FA) does not prevent account suspension due to exceeding [https://wiki.xmission.com/Hosted_Email:_Admin_Panel#Password_Expiration_and_Failed_Login_Attempts failed login attempts] limits.

[[Category:Email]]
[[Category:Zimbra]]

File:TrustedDevices.png

2022-05-05T23:51:25Z

Benjii: Trust devices can be reviewed and have their trust revoked in this section of the Zimbra Modern interface's settings.

Trust devices can be reviewed and have their trust revoked in this section of the Zimbra Modern interface's settings.

File:OneTimePasscode.png

2022-05-05T23:50:52Z

Benjii: Locating the one time codes in the Zimbra Modern interface.

Locating the one time codes in the Zimbra Modern interface.

File:OneTimeCodes.png

2022-05-05T23:50:05Z

Benjii: The 2FA settings on the Modern interface will allow the user of one time passcodes that are presented in this format.

The 2FA settings on the Modern interface will allow the user of one time passcodes that are presented in this format.

File:HowToTrust.png

2022-05-05T23:49:13Z

Benjii: When logging in to the website, it will ask for a code from the authentication app.

When logging in to the website, it will ask for a code from the authentication app.

File:GoogleAuth-02.jpg

2022-05-05T23:48:17Z

Benjii: The Google Authenticator app will prompt to either put in the key or to scan the QR code.

The Google Authenticator app will prompt to either put in the key or to scan the QR code.

File:GoogleAuth-01.jpg

2022-05-05T23:45:52Z

Benjii: Brand new google authentication app page to begin the setup process.

Brand new google authentication app page to begin the setup process.

File:AppPasscode-03-PasscodeForApp.png

2022-05-05T23:43:03Z

Benjii: The screen will provide a passcode to use in place of the normal mailbox's password when connecting it to the protected mailbox.

The screen will provide a passcode to use in place of the normal mailbox's password when connecting it to the protected mailbox.

File:AppPasscode-02-AddPasscode.png

2022-05-05T23:41:25Z

Benjii: When generating the passcode for a particular application, you will want to provide it a descriptive name for easy review.

When generating the passcode for a particular application, you will want to provide it a descriptive name for easy review.

File:AppPasscode-01-AddingPasscode.png

2022-05-05T23:40:03Z

Benjii: To generate an application specfic passcode, the settings page will provide an option here.

To generate an application specfic passcode, the settings page will provide an option here.

File:2FA-06-Setup-Successful.png

2022-05-05T23:37:22Z

Benjii: After successfully verifying you will be presented with a completion screen looking like this.

After successfully verifying you will be presented with a completion screen looking like this.

File:2FA-05-Setup-EnterAuthCode.png

2022-05-05T23:36:48Z

Benjii: To confirm the authentication app is successfully connected, enter the code generated by the app.

To confirm the authentication app is successfully connected, enter the code generated by the app.

File:2FA-04-ConnectQR.png

2022-05-05T23:35:16Z

Benjii: Authentication app can be connected to the 2FA service by entering a key or easily scanning a QR code.

Authentication app can be connected to the 2FA service by entering a key or easily scanning a QR code.

File:2FA-03-Setup-InstallAuthApp.png

2022-05-05T21:56:36Z

Benjii: Prompt to install an authentication app to use in conjunction with Zimbra's 2FA service.

Prompt to install an authentication app to use in conjunction with Zimbra's 2FA service.

File:2FA-02-Setup-PassConfirmation.png

2022-05-05T21:55:25Z

Benjii: Password prompt that occurs after initiating the 2FA setup.

Password prompt that occurs after initiating the 2FA setup.

File:2FA-01-Setup.png

2022-05-05T21:54:30Z

Benjii: Using the Zimbra Modern interface the window to setup Two-Factor authentication looks like this.

Using the Zimbra Modern interface the window to setup Two-Factor authentication looks like this.