Table of Contents

3. Mail Server Architecture

3.1. Generic Server Configuration

3.1.1. Running Services

3.1.2. Other Generic Server Parameters

3.1.3. DNR Settings

3.2. Services and Modules

3.2.1. SMTP Receiving

3.2.2. Processing

3.2.3. SMTP Sending

3.2.4. POP3

3.2.5. IMAP

3.2.6. Logging

3.2.7. Reporting

3.2.7.1. Reporting Parameters

3.2.8. WebMail

3.2.9. Storage

3.2.10. FTP Backup Service

3.2.11. RPOP Service

3.3. Connectivity and Threading

3.3.1. Listeners

3.3.2. Rules

3.3.3. Threads

3.4. Clustering Support

3.4.1. Cluster Overview

3.4.1.1. LDAP Introduction

3.4.1.1.1. Basic Directory Setup

3.4.1.1.2. LDAP Entry Structure

3.4.1.1.3. LDAP Authentication

3.4.1.2. AXIGEN Mapping System

3.4.1.3. AXIGEN Authentication System

3.4.1.4. AXIGEN Front-End Services Setup

3.4.1.4.1. The SMTP Proxy

3.4.1.4.2. The IMAP and POP3 Proxies

3.4.1.4.3. The WebMail Proxy

3.4.1.4.4. Mapping Setup

3.4.1.5. AXIGEN Back-End Services Setup

3.4.2. LDAP Routing

3.4.2.1. Configuring Mapping Parameters

3.4.2.2. POP3 Proxy Service

3.4.2.3. IMAP Proxy Service

3.4.2.4. Webmail Proxy Service

3.4.3. AXIGEN LDAP Authentication

3.4.4. Integrating Active Directory into a cluster environment

3.4.5. Exotic Cluster Setups

3.5. Groupware and collaboration

3.5.1. Personal Organizer & AXIGEN Outlook Connector

3.5.2. Folders and permissions

Previous | Next | Up | Table of Contents

3.5.2. Folders and permissions

Starting with version 6.0 users are allowed to perform operations on folders (view its contents, add items, delete items etc.) if permissions on the respective folder were defined. By default all users have permissions on their own folders and can allow other users to access one or more of their personal folders with different permission levels (read only, read and write etc.). These permissions can be set either from WebMail or Outlook and can be granted to a user or a group of users (defined by the system administrator in WebAdmin).
IMPORTANT! The system administrator has the right to set permissions on any user or public folder.

Computing permissions

Each time the server needs to determine if a specific action on a specific resource is allowed or denied for a specific administrative user the following reasoning is used:
    - if the permission is set to deny on at least one of the parent folders in the chain, for the user or a group that the user belongs to, the permission will be denied
    - if the permission is not denied on any of parent folders in the chain but allowed on at least one, for the user and/or a group that the user belongs to, the permission will be allowed
    - if the permission is neutral (not set) on all parent folders in the chain, for the user and/or a group that the user belongs to, the permission will be denied
The Effective permissions tab will show the final result of this operation.

Permissions description

Read items - Folder is visible and its contained items can be read.
View items - Folder appears in hierarchy ("lookup").
Read folder content - Items in this folder may be read.
Share the read / unread status - Changes to the read / unread flag are seen by other users (does not apply for contacts, calendar, tasks, journal and notes folders).
Set / clear flags - Modify flags other than read / unread and deleted / not deleted (does not apply for contacts, calendar, tasks, journal and notes folders).
Add items - Add new items to folder (create new, move to, copy to). Both 'add items' and 'delete items' permissions are required for modifiying items.
Add sub-folders - Add new sub-folders below this folder (create new, move to, copy to).
Delete folder - Delete this folder, including all its contained items.
Delete items - Delete items in this folder. Both 'add items' and 'delete items' permissions are required for modifying items.
Mark items as deleted / not deleted - Modify the deleted / not deleted flag.
Expunge folder - Purge items marked with the deleted flag.
Manage permissions - Modify permissions on this folder.

Types of permissions

When new entities are created they can have two types of permissions:

1. Implicit permissions do not appear in the permissions list for resources, cannot be modified (they are resolved directly by the MACL engine) and cannot be overridden with an explicit 'DENY' from any level (above or below). These are:
  • the 'postmaster' user has 'all rights' on all public folders
  • the 'postmaster' user has 'Lookup' and 'Manage permissions' on all folders of all the accounts in its domain
  • the 'postmaster' user has 'all rights' on his mailbox (and all sub-folders)
  • each user has 'all rights' on his/her mailbox (and all sub-folders)
2. Default permissions are explicit, modifiable and appear when specific entities are created. They are:
  • newly created folder in the PF namespace or in a mailbox other than the creator's, the creator has 'all rights', with 'apply to sub-folders'
  • if the newly created public folder is created from the WebAdmin interface, no explicit permissions are set for it
  • when a new domain is created, the PF root contains the permission: 'all users in domain, allow, Lookup, apply to sub-folders'
Details on how to set folder permissions are available in the Setting Sharing Permissions chapter.
Top | Previous | Next | Up | Table of Contents