Managing Domains

Note

Domains can be managed via the API as well.

Adding a Domain

Domains can be added by either importing them using a YAML file, via the API or by adding them using the Add domain form.

To add a domain by import refer to Import domains in to an organization. To add a domain via the API refer to the API documentation.

To add a domain using the Add domain form,

  1. Mouse over or Click Domains
  2. Click Add a domain
  3. Enter the domain details
  4. Click the Add domain Button

Updating a Domain

  1. Click Domains
  2. Select the domain > Click Edit under actions
  3. Update the details you want to change
  4. Click the Update Domain Button

Deleting a Domain

  1. Click Domains
  2. Select the domain > Click the Domain name
  3. Click Delete domain
  4. Click the Delete Domain Button

Exporting Domains

Domains can be exported to YAML, To export domains.

  1. Click Domains
  2. Click Export Domains
  3. Click Download the yaml file
  4. Save the YAML file to your computer

Domain Settings

Each domain has a range of additional settings that you can configure. These include Delivery Servers, User Delivery Servers, SmartHosts, Authentication Settings, Alias Domains, DKIM, Signatures

Delivery Servers

Delivery servers are the actual mail servers hosting the email accounts where messages processed by Baruwa need to be delivered.

Multiple servers per domain are supported and they can be configured to either load balance or fail over.

In load balance mode mail is sent to the group of servers in a round robin manner while in fail over mail is sent to the first in the list and only to the others if the first is not available.

Adding a delivery server

  1. Click Domains
  2. Select the domain > Click the actions Manage settings icon
  3. Click Add delivery server
  4. Enter server IP address or Hostname in the Server address field
  5. Select the protocol in the Protocol drop down
  6. Change the port in the Port field if your mail server does not use port 25
  7. Ensure the Enabled checkbox is checked
  8. Click the Add server button

Editing a delivery server

  1. Click Domains
  2. Select the domain > Click the Domain name
  3. Scroll to the bottom
  4. Select the delivery server > Click Edit
  5. Make changes
  6. Click the Update server button

Deleting a delivery server

  1. Click Domains
  2. Select the domain > Click the Domain name
  3. Scroll to the bottom under Delivery Servers
  4. Select the delivery server > Click Delete
  5. Click the Delete server button

User Delivery Servers

User Delivery servers are used to support split delivery of mail for users on a per user basis.

Multiple servers per domain are supported. The User Delivery servers are added to the domain to make them available for assignment to users within the domain.

Adding a User delivery server

  1. Click Domains
  2. Select the domain > Click the actions Manage settings icon
  3. Click Add User Delivery Server
  4. Enter server IP address or Hostname in the Server address field
  5. Select the protocol in the Protocol drop down
  6. Change the port in the Port field if your mail server does not use port 25
  7. Ensure the Enabled checkbox is checked
  8. Click the Add server button

Editing a User delivery server

  1. Click Domains
  2. Select the domain > Click the Domain name
  3. Scroll to the bottom
  4. Select the User delivery server > Click Edit
  5. Make changes
  6. Click the Update server button

Deleting a User delivery server

  1. Click Domains
  2. Select the domain > Click the Domain name
  3. Scroll to the bottom under User Delivery Servers
  4. Select the delivery server > Click Delete
  5. Click the Delete server button

SmartHosts

SmartHosts are used to route outbound email via a SmartHost as opposed to routing it via the DNS based lookup of the MX record.

Multiple SmartHosts per domain are supported.

Adding a SmartHost

  1. Click Domains
  2. Select the domain > Click the actions Manage settings icon
  3. Click Add SmartHosts
  4. Enter server IP address or Hostname in the Server address field
  5. Change the port in the Port field if your mail server does not use port 25
  6. Enter a description of the SmartHost
  7. Enter the SMTP-AUTH username and SMTP-AUTH password and Retype Password if using SMTP-AUTH.
  8. Ensure the Require TLS checkbox is checked if using SMTP-AUTH or service uses TLS.
  9. Ensure the Enabled checkbox is checked
  10. Click the Add SmartHost button

Editing a SmartHost

  1. Click Domains
  2. Select the domain > Click the Domain name
  3. Scroll to the bottom
  4. Select the SmartHost > Click Edit
  5. Make changes
  6. Click the Update SmartHost button

Deleting a SmartHost

  1. Click Domains
  2. Select the domain > Click the Domain name
  3. Scroll to the bottom under SmartHosts
  4. Select the SmartHost > Click Delete
  5. Click the Delete SmartHost button

Authentication Settings

Authentication settings allow users within a domain be be authenticated to an external authentication system.

Administrative accounts can not be configured to use external authentication.

This can be used for centralized user management and to allow users to use existing authentication credentials instead of creating duplicate accounts on the Baruwa system.

The supported external authentication mechanisms include:

  • AD/LDAP
  • SMTP
  • POP3
  • IMAP
  • RADIUS
  • SAML2

The following mechanisms are planned but have not been implemented yet:

  • OAUTH

The AD/LDAP mechanism allows for the user details in the directory to be automatically updated to the Baruwa account created for them. These details include:

  • First name
  • Last name
  • Primary Email Address
  • Alias Email Addresses

Adding Authentication Settings

  1. Click Domains
  2. Select the domain > Click the actions Manage settings icon
  3. Click Add Authentication settings
  4. Enter server IP address or Hostname in the Server address field
  5. Select the Authentication protocol in the Protocol drop down
  6. Enter the port in the Port field
  7. Ensure the Enabled checkbox is checked
  8. Check the Split address checkbox if the username does not contain the domain part
  9. Enter a username map template if your usernames require translation e.g Webmin creates usernames like domainowner.username the template would be domainowner.%(user)s For available variables see Username map template variables
  10. Click the Add button

The AD/LDAP, SAML2 and RADIUS mechanisms require additional settings which can be added by Adding AD/LDAP Authentication additional settings, Adding SAML2 Authentication additional settings and Adding RADIUS Authentication additional settings.

Username map template variables

Username map templates allow you to map Baruwa logins to complex user naming schemes such as those used by web hosting control panels for virtual accounts.

The following variables are available to your username map template:

  • %(user)s - replaced by user part of the login
  • %(domain)s - replaced by the domain part of the login

Adding AD/LDAP Authentication additional settings

AD/LDAP authentication requires the following additional setting.

  • Base DN - The LDAP Directory Base DN
  • Username attribute - The username attribute, defaults to uid
  • Email attribute - The email attribute, defaults to mail
  • Bind DN - The BIND DN if Directory does not allow anonymous binds
  • Bind password - The BIND password
  • Use TLS - Use a TLS connection
  • Search for UserDN - Find the UserDN then Bind to that
  • Auth Search Filter - Filter used to find the UserDN, LDAP Search Filter Variables are supported
  • Auth Search Scope - Search Scope, defaults to subtree
  • Email Search Filter - Filter used to find email addresses, LDAP Search Filter Variables are supported
  • Email Search Scope - Search Scope, defaults to subtree

To Add AD/LDAP Authentication additional settings:

  1. Click Domains
  2. Select the domain > Click the Domain name
  3. Scroll to the bottom under Authentication Servers
  4. Select the LDAP Authentication server > Click Settings
  5. Enter the required settings
  6. Click the Save settings button

LDAP Search Filter Variables

The following variables are available for use in your LDAP search filters.

  • %n - login (user@domain)
  • %u - user (user part of the login)
  • %d - domain (domain part of the login)
  • %D - domainDN (domain DN)
Variable Auth Search Filter Email Search Filter
%n Available Not Available
%u Available Available
%d Available Available
%D Available Not Available

Adding RADIUS Authentication additional settings

The RADIUS protocol requires a shared secret between the client and the server, the additional settings allows you to configure this.

To Add RADIUS Authentication additional settings:

  1. Click Domains
  2. Select the domain > Click the Domain name
  3. Scroll to the bottom under Authentication Servers
  4. Select the RADIUS Authentication server > Click Settings
  5. Enter the shared secret in the Radius secret field
  6. Click the Save settings button

Adding SAML2 Authentication additional settings

The SAML2 protocol requires the following additional settings.

  • IDP entityID This is the SAML entityID
  • IDP Sign-in page URL This is the SSO login end point
  • IDP Sign-out page URL This is the SLO logout end point
  • IDP certificate This is the IDP’s certificate

To Add SAML2 Authentication additional settings:

  1. Click Domains
  2. Select the domain > Click the Domain name
  3. Scroll to the bottom under Authentication Servers
  4. Select the SAML2 Authentication server > Click Settings
  5. Enter the required settings
  6. Click the Save settings button

The metadata for the domain’s SP endpoint is available at the url:

https://<baruwa-hostname>/a/metadata/<domain-name>

You can configure your IDP to provide the following attributes which will be used to update the users local Baruwa profile.

  • urn:oid:0.9.2342.19200300.100.1.3: Email aliases
  • urn:oid:2.5.4.4: Surname
  • urn:oid:2.5.4.42: Given Name

The NameID provided by the IDP should be the users email address.

The current Baruwa implementation supports the following bindings.

  • SP to IDP - HTTP Redirect Binding
  • IDP to SP - HTTP Redirect Binding, HTTP POST Binding

Alias Domains

Some organisations have email addressed to the same account using different domain names, Alias domains allow users access to all their messages regardless of the domain name under a single login.

By adding an alias to a domain name, Baruwa will accept and process email for that domain alias as well. This simplifies configuration in cases where an organisation owns multiple domains for example example.com, example.net and example.org. You can add example.com as a domain and then add the others as domain aliases of example.com.

Adding an Alias Domain

  1. Click Domains
  2. Select the domain > Click the actions Manage settings icon
  3. Click Add Alias Domain
  4. Enter Alias domain name in the Domain alias name field
  5. Ensure the Enabled checkbox is checked
  6. Click the Add button

DKIM

DomainKeys Identified Mail (DKIM) is a method for associating a domain name to an email message, thereby allowing a person, role, or organization to claim some responsibility for the message. The association is set up by means of a digital signature which can be validated by recipients. Wikipidia

Baruwa allows you to manage the digital signatures within the interfaces and signs any outbound messages for which DKIM is enabled.

Generate DKIM Keys

To generate DKIM keys for a domain,

  1. Click Domains
  2. Select the domain > Click the actions Manage settings icon
  3. Click DKIM > Generate DKIM keys
  4. Select DNS record and add to you DNS zone

Enable DKIM signing

  1. Make sure your have followed the steps in Generate DKIM Keys
  2. Click Domains
  3. Select the domain > Click the actions Manage settings icon
  4. Click DKIM > Enable/Disable DKIM signing
  5. Ensure the Enabled checkbox is checked
  6. Click the Submit button

Regenerate DKIM keys

  1. Click Domains
  2. Select the domain > Click the actions Manage settings icon
  3. Click DKIM > Regenerate DKIM keys
  4. Select DNS record and update your DNS zone

Signatures

Baruwa can manage email signatures / disclaimers that are added to messages that are sent outbound through it. Both HTML and Text signatures are supported. HTML signatures can contain a single embedded image.

Adding Signatures/Disclaimers

  1. Click Domains
  2. Select the domain > Click the actions Manage settings icon
  3. Click Signatures > Add signature
  4. Select Signature type from the drop down
  5. Enter signature content
  6. Ensure the Enabled checkbox is checked
  7. Click the Add signature button

Importing Accounts

Accounts can be imported into a domain using a YAML file.

  1. Click Domains
  2. Select the domain > Click the actions Manage settings icon
  3. Click Import accounts
  4. Browse for the YAML file by clicking Browse next to the YAML file field
  5. Click the Import Button

Exporting Accounts

Accounts can be exported from a domain to a YAML file.

  1. Click Domains
  2. Select the domain > Click the actions Manage settings icon
  3. Click Export accounts
  4. Click Download the YAML file
  5. Save the file to your computer

Rulesets

Note

Domain specific rule sets are not implemented yet.

Searching for Domains

If you have a large number of domains you can search for a domain by name.

  1. Click Domains
  2. Enter the Domains name in the search box
  3. Click the Search Button

Bulk domain management

To enable, disable or delete multiple domains:

  1. Click Domains
  2. Use the checkbox to select the domains
  3. Select enable or disable or delete at the top
  4. Click the Submit button