Please enable JavaScript to view this site.

The System menu can be displayed in two views. The basic settings are shown in the Normal View. This view is the default view when opening the menu. A complete overview of all settings is provided in the Advanced view.

 

Sections on this page:

Introduction

Comment

IP addresses

IP ALIAS addresses

Name

Routing

DNS

SMTP loadbalancer

System Settings

Admin GUI

RestAPI

GINA GUI

Key server

Console login

Syslog settings

Log settings

Proxy settings

MPKI proxy settings

OCSP / CRL check settings

Time zone

Time and date

SNMP daemon

NRPE daemon

Zabbix Agent

Virtualisation tools

 

anchor link Introduction

 

empty

anchor link Note:

Under System there are machine-related settings. This means they are not synchronised in the cluster and thus have to be individually implemented on each cluster partner as needed.

 

empty

anchor link Attention:

If changes are to be made to the network configuration in a cluster, the cluster must first be dissolved (see also Remove From Cluster). After the changes have been completed, the cluster must then be formed again (see also Prepare For Cluster and/or Add This Device To Existing Cluster).

 

anchor link Advanced view

Clicking on the Advanced View button displays the advanced parameters. To collapse the extended display of the System menu item, click on the Normal View button in the advanced view.

 

anchor link Normal View

In this menu, the most important parameters of the LAN connection of the SEPPmail Secure E-Mail Gateway are configured. The data entered here also serves as basic setting for numerous additional settings of the SEPPmail Secure E-Mail Gateway system.

 

The following sections describe the Advanced View since it also includes all settings of the Normal View.

 

 

anchor link Comment (optional)

 

Input fields for the description and/or identification of the SEPPmail Secure E-Mail Gateway. These parameters are used for example as the subject line in the automatic data backup as well as by SNMP. Otherwise, these are purely informative. The entries are freely selectable and each is optional.

 

Parameters

Description

anchor link System description

Brief description of the system This is also displayed as the title in the browser and/or browser tab of the administration interface.

anchor link System location

Location of the system

anchor link System object ID

Proprietary ID of the system

anchor link System contact

Contact person for the system

anchor link System name

Name of the system

 

The changes made are saved via the Save button.

 

 

anchor link IP addresses

 

Parameters

Description

anchor link CheckBoxActive Interface 1

(changed in 13.0.0)

By default, this option is active.

Definition of the network settings for the first LAN adapter (for example LAN1 and/or eth0 or also vic0 in virtual environments).

 

empty

anchor link Note:

In the Advanced view... the IP addresses used by each interface are also displayed.

 

anchor link TYPE:DropDown

(for IPv4)

Defines the IPv4 address of the respective interface.

anchor link none

Deactivates IPv4.

anchor link Static IPv4

By default, this option is active.

The interface uses the IPv4 address to be specified in CIDR format.

anchor link DHCP

The IPv4 address is obtained by DHCP.

 

empty

anchor link Note:

If no DHCP server is available when the interface is started, the IPv4 address specified under Static IPv4 is used as fallback.

anchor link TYPE:DropDown

(for IPv6)

Defines the IPv6 address of the respective interface.

anchor link none

By default, this option is active.

Deactivates IPv6.

anchor link Static IPv6

The interface uses the IPv6 address to be specified in CIDR format.

anchor link DHCPv6

The IPv6 address is obtained by DHCPv6.

 

empty

anchor link Note:

If no DHCP server is available when the interface is started, the IPv6 address specified under Static IPv6 is used as fallback.

anchor link SLAAC

Creating an IPv6 address via autoconfiguration.

anchor link Media:DropDown

Connection speed of the interface.

anchor link 10baseT

Manually defining the type of Ethernet connection.

anchor link 10baseT

mediaopt full-duplex

anchor link 100baseT

anchor link 100baseT

mediaopt full-duplex

anchor link 1000baseT

anchor link 1000baseT

mediaopt full-duplex

anchor link autoselect

Recommended setting.

Automatic selection of the Ethernet connection based on the physical conditions (adapter used, cable, remote station).

anchor link MTU:

Input of a package size that may deviate from the default ("maximum transmission unit" (MTU), see also https://en.wikipedia.org/wiki/Maximum_transmission_unit)

anchor link CheckBoxInactive Interface

2 - 4

(optional)

By default, these options are inactive.

An interface configuration is displayed for each physically existing network interface.

Analogue to Interface 1 these are, for example

Interface 2 - LAN2 and/or eth1 or also vic1

Interface 3 - LAN3 and/or eth2 or also vic2

Interface 4 - LAN4 and/or eth3 or also vic3

The detailed settings are identical to Interface 1.

anchor link CheckBoxInactive Team / bond interfaces DropDown

(optional)

By default, this option is inactive.

By using this setting, several interfaces can be bundled and used as a single logical unit. There are different procedures in this respect:

anchor link broadcast

For failure safety.

Several switches can be used simultaneously.

anchor link failover

For failure safety.

Only one interface is active; in the event of a failure, the system switches to the next interface. Use of several switches possible.

anchor link lacp

Based on 802.3ad. Serves for load distribution and failure safety.

Bundling of multiple interfaces to increase the possible bandwidths. Connection to only one switch with corresponding protocol support possible.

anchor link loadbalance

Used for load distribution.

In the network, each remote peer is allocated an interface to be used.

anchor link roundrobin

Based on 802.3ad. Serves for load distribution and failure safety.

Available interfaces are used alternately in the transmission direction; in the receiving direction, the maximum speed of a single interface can be used.

anchor link Custom hosts file entries:

(optional)

Enables local name resolution. A combination of IP addresses and host name/s must be entered for this.

 

Format:

62.2.145.228 update.seppmail.ch support.seppmail.ch

193.239.220.29 pool.ntp.org

 

The changes made are saved via the Save button.

 

 

anchor link IP ALIAS addresses (optional)

 

If several SEPPmail Secure E-Mail Gateways are operated in a cluster network (see also Clustering Multiple Systems etc seqq.), they can be addressed together via one or even several virtual IP addresses. The position of the individual machine in this network is defined by the priority (Priority).

 

empty

anchor link Note:

In order to ensure the function of the CARP protocol, which serves as basis for the provision of virtual IP addresses, the following settings are to implemented for virtual appliances, if applicable:

Microsoft Hyper-V
Option "Enable the spoofing of MAC addresses" in the configuration of the virtual network card.
This option can be found in the Hyper-V settings of the virtual machine under "Network Card -> Advanced Features".
 

ESX:
"promiscuous mode" in the configuration of the virtual network card.
This option is to be set in the ESX settings as follows:

1.In the "vSphere Web Client", navigate to the appropriate "Host"
 

2.Select the tab "Manage"
 

3.Select "Virtual Switches" in the selection on the right-hand side of the tab
 

4.Select the "Switch"
 

5.Select the option "Edit Settings" by clicking on the pencil icon
 

6.Select "Security" in the selection in the right-hand side of the window
 

7.Option "Promiscuous mode" via the selection menu to "Accept" and confirm with "OK".
 

Depending on the ESX version, the security settings may have been split. In this case, the options

oPromiscuous mode
 

oFake transmission
 

oMAC address change
 

should be active on the vSwitch so that the CARP/VRRP can work correctly.

 

In redundant vSphere environments, "distributed virtual PortGroups" should be used (see also https://kb.vmware.com/s/article/2043160).

 

empty

anchor link Note:

The settings mentioned are also active for each physical switch so that no security risk is to be expected here.

If the implementation of these settings is still not possible for revision reasons, the operator must either

do without virtual IP addresses and a failover is to be ensured by other means

or a separate vSwitch is to be created for the SEPPmail appliances.

 

empty

anchor link Note:

Virtual IP addresses are used exclusively for externally addressing a cluster.

If an email is sent by a cluster machine, this is always done with the physical IP address of the respective machine.

 

Parameters

Description

anchor link CheckBoxInactive IP alias 0-3

 

By default, these options are inactive.

At this point, virtual IP addresses can be defined, which are usually used for cluster configurations (see also Clustering Multiple Systems et seqq.) (see Cluster).

For this purpose, each alias requires

1.an IP address

2.the network mask

3.the VHID (Virtual Host Identification)

4.the interface to which the alias is to be bound

5.the priority of the interface in the network (primary, secondary, backup)

to be specified.

 

IP address

Subnet

VHID

Interface

Password

Priority

Indication of the virtual IP address to which the systems should react.

Indication of the subnet as CIDR notation, for example

/24 for

C class

The VHID (Virtual Host Identification) must be the same for all machines which are also to react to the entered virtual IP, if applicable.

Indication of the network interface (see section IP addresses) to which the virtual IP is to be bound.

Optional CARP password.

If a password is set, it must be identical on all cluster partners.

Position of the individual machine within this network.

Possible values:

Primary

Secondary

Backup

 

empty

anchor link Attention:

Due to the design of VRRP/CARP, different "Clusters" are created in the case of the same VHID and different passwords.

In the most unfavourable case, this can lead to double IP addresses in the network. This is visible if several machines have the MASTER status for the same IP ALIAS.

For this reason, when using a CARP password, it is to be ensured at all times that the same password is used on all machines!

 

The changes made are saved via the Save button.

 

 

anchor link Name

(changed in 13.0.0)

 

The name of the system consists of the hostname and the domain, for example mycompany.tld.

These settings are the internal view, so they do not necessarily need to correspond to the data as it is valid from the Internet.

 

Parameters

Description

DropDown

anchor link Use settings

The entries under Hostname and Domain are combined to form an FQDN, for example mycompany.tld.

anchor link Prefer DHCP settings

FQDN is obtained via DHCP.

empty

anchor link Note:

If no name is supplied by the DHCP server, an FQDN composed from Hostname and Domain is used.

anchor link Prefer DHCPv6 settings

FQDN is obtained via DHCPv6.

anchor link Hostname

Input of the hostname of the SEPPmail Secure E-Mail Gateway, for example securemail

anchor link Domain

Input of the domain of the SEPPmail Secure E-Mail Gateway system, for example mycompany.tld.

 

empty

LinkNote:

With the FQDN of this setting, the SEPPmail Secure E-Mail Gateway also registers with the "HELO".

If counterparts, as part of antispam or TLS - especially in Microsoft 365 infrastructures (if applicable, see also Integration Of MS Office365 While Maintaining ATP/EOP), check the name in the "HELO" command, the latter may have to contain a complete FQDN and match the applicant (see Name (CN) and/or Subject Alternate Name (SAN)) of the certificate entered under SSL.

If necessary, for SMTP server HELO string a name different from the host name given here can be entered.

 

The changes made are saved via the Save button.

 

 

anchor link Routing

 

Parameters

Description

anchor link Default gateway

Input of the gateway IP address via which all data packets are to be routed that are to be sent to destination addresses outside the local network segment.

 

empty

anchor link Note:

(new in 13.0.0)

The entry of a Default gateway outside of one’s own networks (see IP addresses) is also possible.

 

anchor link IP address (v4/v6)

anchor link DropDownInterface (optional)

anchor link CheckBoxInactive Prefer DHCP

Input of the Default gateway IP address.

 

empty

anchor link Note:

(new in 13.0.0)

The entry of a Default gateway outside of one’s own networks (see IP addresses) is also possible.

If the IP address is inside of a known network, it is not necessary to select the Interface (1-4) via which data packages should be routed to target addresses outside of the local network segments.

By default, this option is inactive.

If the option is activated, the Default gateway is obtained via DHCP.

 

empty

anchor link Note:

If no DHCP server is available, the IP address specified under IP address is used as fallback.

anchor link Static routes

(optional)

If connections to networks which cannot be reached via the default gateway are to be established, the corresponding networks can be defined with their respective subnetwork under Destination and the corresponding Gateway. These static IP routes have priority over the use of the default router (default gateway).

After saving a static route, a further input field is displayed.

 

anchor link Destination

anchor link Gateway

anchor link Interface (optional)

anchor link Priority (optional)

anchor link Enabled

Input of the IP target address, and/or network (CIDR) that should be reached.

Input of the Gateway IP address via which the Destination can be reached.

If the Gateway is inside of a known network, it is not necessary to select the Interface (1-4) via which data packages should be routed to target addresses outside of the local network segments.

Enter the Interface (1-4)via which the Destination should be reached.

Input of the priority, with which the given route should be used.
The higher the value, the higher the priority of the route.

By default, this option is active.

If this option is active, the route entry becomes active when it is saved (see also Active routes Flags "U")

 

anchor link Active routes

(new in 13.0.0)

The active routes are displayed separately in a table for IPv4 and IPv6.

 

anchor link Destination

anchor link Gateway

anchor link Flags

anchor link Refs

anchor link Use

anchor link Mtu

anchor link Prio

anchor link Iface

Gives the routing destination as IP address or net in CIDR notation.

"default" designates the route from the entry under Default gateway.

Specifies the gateway as IP, MAC address or link via which the Destination can be reached.

1

RTF_PROTO1

Protocol-specific routing flag #1

2

RTF_PROTO2

Protocol-specific routing flag #1

3

RTF_PROTO3

Protocol-specific routing flag #1

B

RTF_BLACKHOLE

discards packages (during updates)

b

RTF_BROADCAST

corresponds to a local broadcast address

C

RTF_CLONING

uses the clone of a route

c

RTF_CLONED

cloned route from RTF_CLONING

D

RTF_DYNAMIC

dynamically created (during a redirect)

G

RTF_GATEWAY

leads to a gateway

H

RTF_HOST

leads to a host

h

RTF_CACHED

references a gateway route

L

RTF_LLINFO

information available on connection level (like ethernet/MAC address)

l

RTF_LOCAL

corresponds to a local address

M

RTF_MODIFIED

modified by redirect

m

RTF_MULTICAST

corresponds to a multicast address

n

RTF_CONNECTED

interfaces route

P

RTF_MPATH

multipath route

R

RTF_REJECT

unreachable network or host

S

RTF_STATIC

manually added

T

RTF_MPLS

MPLS Route

U

RTF_UP

is active/valid

Indicates the number of references (uses) of the respective route.

Indicates the number of data packets that have been sent via this route since the last network initialisation.

Indicates the maximum package size that may deviate from the default (see MTU).

Indicates the priority, with which the given route should be used.
The higher the value, the higher the priority of the route.

Indicates the interface (see Interface 1) via which the route is established.

 

The changes made are saved via the Save button.

 

 

anchor link DNS

 

Parameters

Description

anchor link RadioButtonActive Use built-in DNS resolver

Default setting.

With this parameter, the system always attempts a DNS name resolution using the DNS root nameservers on the Internet. If this parameter has been selected, the resolution of DNS names may take a very long time, and the reaction of the SEPPmail Secure E-Mail Gateway can thus be delayed.

Generally, this setting is to be selected if the SEPPmail Secure E-Mail Gateway sends data directly to the Internet, that is without an intermediate relay.

anchor link RadioButtonInactive Use the following DNS servers

DNS queries for addresses for which the SEPPmail Secure E-Mail Gateway is not itself responsible are forwarded to superordinate DNS name servers. For this purpose, the SEPPmail Secure E-Mail Gateway should first route the DNS request to an internal DNS server in the proprietary network or the DNS servers of your Internet provider, which you can specify here.

anchor link CheckBoxInactive Disable early refresh of cache records (cache prefetch)

By default, this option is inactive.

Deactivates the prefilling of the DNS cache.

This may cause names to take longer to resolve, but the result may be more up-to-date.

anchor link DNSSEC validation

(new in 13.0.8)

By default, this option is set to "no".

If set to "auto", the SEPPmail Secure E-Mail Gateway acts as DNSSec Client and a default anchor for the DNS root zone is used. The DNS resolver then validates DNSSEC signatures and e.g. stops the processing in case of failed validation. If set to "yes", the trust anchor must be manually configured.

anchor link CheckBoxInactive Prefer IPv6 addresses in replies

By default, this option is inactive.

IPv6 responses from the DNS server are given preference.

anchor link Primary

Input of the first DNS server to which the SEPPmail Secure E-Mail Gateway is to forward DNS requests.

anchor link Alternate 1

(optional)

If the primary DNS server is unavailable or does not respond, the DNS request is routed to the alternative DNS server entered here.

anchor link Alternate 2

(optional)

If neither the primary nor the first alternative DNS server are available, the DNS request is forwarded to the second alternative DNS server entered here.

anchor link Search domain(s)

(optional)

Search list with domain names which are queried in the event of a DNS query one after the other.

anchor link add local zone

(optional)

Local zones are used when multiple forwarding and/or SMTP servers are to be addressed, but no local DNS server is available to resolve the required MX records.

After saving, a further input field is displayed.

 

In the example entries below, the domain pseudo.local would be preferably resolved in mail1.pseudo.local with the IP address 10.0.0.11 since it has a preference level 10. If the server mail1.pseudo.local is not available, the entry with the preference 20, thus mail2.pseudo.local with the IP address 10.0.0.12 is used.

 

Domain name

Pseudo domain name which is to be resolved internally with the SEPPmail Secure E-Mail Gateway as an MX record, for example pseudo.local

host:

Hostname, for example

mail1

mx:

Preference, for example

10

ip:

IP address of the first email server, for example 10.0.0.11

host:

Hostname, for example

mail2

mx:

Preference, for example

20

ip:

IP address of the second email server, for example 10.0.0.12

 

The changes made are saved via the Save button.

 

 

anchor link SMTP load balancer (optional)

 

Is used for load distribution when a cluster is operated. This section is only visible if the SEPPmail Secure E-Mail Gateway is already part of a cluster.

 

Parameters

Description

anchor link CheckBoxInactive Enable load balancer

 

By default, these options are inactive.

The SMTP load balancing only forwards emails to the entered cluster partners (see Distribute load to the following cluster members) once the defined simultaneous connections (see number of active connections before balancing) have been reached.

anchor link Distribute load to the following cluster members

At this point, the IP addresses of the cluster partners are entered for load balancing. The IP addresses are separated by a space in the input field.

 

empty

anchor link Attention:

When using several interfaces (see Interface 2- 4), make sure that only addresses of interfaces of the Cluster members are entered that are also used for the cluster communication (see also IP address)!

anchor link number of active connections before balancing (default: 4):

 

Definition of the number of simultaneous connections from which emails are to be forwarded to the registered cluster partners.This means that in the default setting (4), the fifth connection is forwarded to the first cluster partner entered under Distribute load to the following cluster members, the ninth connection is forwarded to the second cluster partner, and so on.

 

The changes made are saved via the Save button.

 

anchor link System Settings

(new in 14.0.0)

 

Offers two entries.

 

Parameter

Description

anchor link Support user console password

 

The password for the technical support user has to be entered here. This only affects the console password, not the one for the Admin GUI. (Note that the console uses the Swiss keyboard layout.)

anchor link Watchdog mail address

A custom watchdog sender address could be entered here.

In case of an empty value, 'watchdog@labnode1' is used as the watchdog sender mail address.

 

anchor link Admin GUI

 

Defines the settings for accessing the administration interface.

 

Parameters

Description

anchor link CheckBoxInactive HTTP port

 

This option is inactive by default and pre-set to 8080.

Allows unencrypted access to the configuration interface via the HTTP protocol.

anchor link CheckBoxActive HTTPS port

By default, this option is active and set to the value 8443.

Allows encrypted access to the configuration interface via the HTTPS protocol. The certificate used for access can be seen under SSL.

anchor link Admin GUI session timeout:

By default, this option is set to the value 1800.

Time in seconds until the automatic logout from the configuration interface due to inactivity.

After an automatic logout, the last opened configuration menu is displayed when logging in again.

anchor link Bind to IP addresses (use space to separate multiple IPv4 or IPv6 addresses)

By specifying the IP address of a specific network interface (see IP addresses Interface <n>), access to the administration interface can be restricted to this/these network interface(s).

Multiple addresses can be entered by separating them with spaces.

If, additionally, the SMTP traffic is to be bound to another interface (see Mail System SMTP Settings SMTP bind address), a clean separation of the administrative and user data traffic (emails) is thus achieved (keyword: administration network).

 

The changes made are saved via the Save button.

 

 

anchor link RestAPI

(new in 12.1)

 

Defines the settings for API access (see also API Functions and/or https://docs.seppmail.com/api/) to the SEPPmail Secure E-Mail Gateway.

 

Parameters

Description

anchor link CheckBoxInactive HTTPS port

By default, this option is inactive.

Enables API access via the HTTPS protocol on the specified port (8445 by default).

anchor link System RESTAPI keys

(changed in 13.0.0)

 

anchor link New API Token

If no configuration has been made yet, this is the first and only display. Otherwise, this field is below the accesses that have already been set up.

 

anchor link CheckBoxActive Active

By default, this option is active.

Activates the access to be generated automatically after creation.

anchor link Display name

By default, this input field is empty.

A meaningful name for the access to be set up should be entered here.

Via the trash button empty, the access can be deleted.

anchor link API token

By default, this input field is empty.

A token can be created via Generate further down in the section. Alternatively, a character string can also be entered here.

anchor link API secret

By default, this input field is empty.

The generation of an API token via Generate also generates an API secret. Alternatively, a character string can also be entered here.

Via the eye button empty, this secret is displayed

anchor link Access

In the subsections of this option, the access authorisations for the access to be created are assigned.

 

anchor link Modules with GET access DropDown

Selection menu for authorisation to individual empty API modules (see https://api.seppmail.com/#/).

Via the Get button empty information can be read out from SEPPmail Secure E-Mail Gateway.

 

anchor link Search

a search function for the available permissions is available via the input field.

anchor link (un)select all

by means of select all and/or unselect all, all permissions can be activated or deactivated simultaneously.

anchor link CheckBoxInactive Crypto / Key material

see SEPPmail API crypto (used to read out key material)

SwagGET /crypto/user/{email} (see also S/MIME and/or OpenPGP)

SwagGET /crypto/user/{email}/{serial_or_keyid} (see also S/MIME and/or OpenPGP)

SwagGET /crypto/domain/{domainName} (see also S/MIME domain encryption and/or OpenPGP domain encryption)

SwagGET /crypto/domain/{domainName}/{serial_or_keyid} (see also S/MIME domain encryption and/or OpenPGP domain encryption)

anchor link CheckBoxInactive

Crypto / MPKI

see SEPPmail API crypto (used to read out MPKI settings)

SwagGET /crypto/mpki (see also MPKI)

SwagGET /crypto/mpki/{mpkitype} (see also MPKI type)

anchor link CheckBoxInactive Customers

see SEPPmail API customer (used to read out customer (tenant) information)

SwagGET /customer (see also Customers)

SwagGET /customer/{customer} (see also Customer)

anchor link CheckBoxInactive Filter / Block- and Welcomelisting

For internal use!

see SEPPmail API filter / blwl

SwagGET /filter/blwl

SwagGET /filter/blwl/{listID}

anchor link CheckBoxInactive Filter / Config

For internal use!

see SEPPmail API filter / config

SwagGET /filter/config

SwagGET /filter/config/{scope}

anchor link CheckBoxInactive Filter / Override

For internal use!

see SEPPmail API filter / override

SwagGET /filter/override

SwagGET /filter/override/{scope}

anchor link CheckBoxInactive Groups

see SEPPmail API group (used to read out groups information)

SwagGET /group (see also Groups)

SwagGET /group/{name} (see also individual sections of the menu Groups)

SwagGET /mailsystem/manageddomain{domaineName}/group (see also List mailprocessing groups)

SwagGET /mailsystem/manageddomain{domaineName}/group/{name} (see also List mailprocessing groups)

anchor link CheckBoxInactive Mail Processing / Extended Fields

For internal use!

see SEPPmail API mail processing

SwagGET /mailprocessing/extendedFields (see also Extended fields)

anchor link CheckBoxInactive Mail System / Domain

see SEPPmail API mail system (used to read out information of managed email domains)

SwagGET /mailsystem/manageddomain (see also Edit Managed Domain)

anchor link CheckBoxInactive Mail System / Domain / Groups

see SEPPmail API mail system (used to read out groups information regarding email domains)

SwagGET /mailsystem/manageddomain{domaineName}/group (see also List mailprocessing groups)

SwagGET /mailsystem/manageddomain{domaineName}/group/{name} (see also List mailprocessing groups)

anchor link CheckBoxInactive Mail System / Settings

see SEPPmail API mail system (used to read out basic settings)

SwagGET /mailsystem/settings (see also Mail System)

SwagGET /mailsystem/settings/rbl (see also Blocklists)

SwagGET /mailsystem/settings/blwl (see also Manual blocklisting / welcomelisting)

SwagGET /mailsystem/settings/relaying (see also Relaying)

SwagGET /mailsystem/settings/relayingformanageddomain (see also Relaying)

SwagGET /mailsystem/settings/additionalcredentials (see also Additional credentials for managed domains)

anchor link CheckBoxInactive Mail System / TLSDomain

see SEPPmail API mail system (used to read out TLS settings of target systems)

SwagGET /mailsystem/tlsdomain (see also TLS settings and/or TLS settings)

 

anchor link CheckBoxInactive Mail System / Templates and Disclaimers

see SEPPmail API mail system (used to read out email and disclaimer templates)

SwagGET /mailsystem/template (see also List Template)

SwagGET /mailsystem/template/{name}/{includesType} (see also Edit Template)

SwagGET /mailsystem/disclaimer (see also List Disclaimer)

SwagGET /mailsystem/disclaimer/{name}/{includesType} (see also Edit Disclaimer)

anchor link CheckBoxInactive Statistics

see SEPPmail API statistics (used to read out statistics)

SwagGET /statistics (see also Statistics)

anchor link CheckBoxInactive

Users

see SEPPmail API user (used to read out internal users and their key material)

SwagGET /user (see also Users)

SwagGET /user/{email} (see also User 'user@domail.tld')

SwagGET /crypto/user/{email} (see also S/MIME and/or OpenPGP)

SwagGET /crypto/user/{email}/{serial_or_keyid} (see also S/MIME and/or OpenPGP)

anchor link CheckBoxInactive Webmail / Accounts

see SEPPmail API webmail (used to read out GINA users)

SwagGET /webmail/user (see also GINA Accounts and/or GINA User Details)

anchor link CheckBoxInactive Webmail / Domain

see SEPPmail API webmail (used to read out GINA domains).

SwagGET /webmail/domain (see also Change GINA Settings For)

SwagGET /webmail/domain/{domainname}/layout (see also Layout)

anchor link CheckBoxInactive Webmail / Settings

see SEPPmail API webmail (used to read out basic GINA settings)

SwagGET /webmail/settings (see also GINA Domains)

anchor link CheckBoxInactive Info /
Encryption Info

see SEPPmail API info (used to read out possible encryption methods for communication targets)

SwagGET /info/encryption

SwagGET /info/encryption/{encryptionMode}

SwagGET /info/encryption/{encryptionMode}/{encryptionRange}

(see also X.509 Certificates, OpenPGP Public Keys, Domain Certificates and GINA accounts)

anchor link Modules with ADD access DropDown

Selection menu for authorisation to individual SwagPOST API modules (see https://api.seppmail.com/#/).

Via SwagPOST configurations can be made on the SEPPmail Secure E-Mail Gateway.

anchor link Search

a search function for the available permissions is available via the input field.

anchor link (un)select all

by means of select all and/or unselect all, all permissions can be activated or deactivated simultaneously.

anchor link CheckBoxInactive Authentication

see SEPPmail API authenticate (is used to check possible REST accesses)

SwagPOST /auth (see also User RESTAPI keys)

anchor link CheckBoxInactive Crypto / Key material

see SEPPmail API crypto (used to define key material)

SwagPOST /crypto/mpki/{mpkitype}/addorupdate (see also Chain certificates Add or update...)

SwagPOST /crypto/mpki/{mpkitype}/{domainname} (see also MPKI managed domains)

SwagPOST /crypto/user/{email} (see also S/MIME Import S/MIME key and certificate... and/or OpenPGP Import OpenPGP key pair...)

SwagPOST /crypto/domain/{domainName} (see also S/MIME domain encryption Import S/MIME key... and/or OpenPGP domain encryption Import OpenPGP key...)

anchor link CheckBoxInactive Customers

see SEPPmail API customer (used to define customer (tenant) information)

SwagPOST /customer (see also Customers)

SwagPOST /customer/{customer}/adminuser (see also Assign to this customer)

SwagPOST /customer/{customer}/mailroute (see also Assign to this customer)

SwagPOST /customer/{customer}/export (see also export button empty)

SwagPOST /customer/import (see also Import Customer)

anchor link CheckBoxInactive Filter / Block- and Welcomelisting

For internal use!

see SEPPmail API filter / blwl

SwagPOST /filter/blwl

anchor link CheckBoxInactive

Filter / Config

For internal use!

see SEPPmail API filter / config

SwagPOST /filter/config

anchor link CheckBoxInactive Filter / Override

For internal use!

see SEPPmail API filter / override

SwagPOST /filter/override

anchor link CheckBoxInactive Groups

see SEPPmail API group (used to define groups information)

SwagPOST /group (see also Groups Create new user group)

SwagPOST /group/{name}/member (see also individual sections of the menu Groups)

SwagPOST /mailsystem/manageddomain{domaineName}/group (see also List mailprocessing groups)

SwagPOST /mailsystem/manageddomain{domaineName}/group/{name}/member (see also List mailprocessing groups)

anchor link CheckBoxInactive Mail Processing / Extended Fields

For internal use!

see SEPPmail API mail processing

SwagPOST /mailsystem/manageddomain{domaineName}/group (see also List mailprocessing groups)

SwagPOST /mailsystem/manageddomain{domaineName}/group/{name}/member (see also List mailprocessing groups)

SwagPOST /mailprocessing/extendedFields (see also Extended fields)

anchor link CheckBoxInactive Mail System / Domain

see SEPPmail API mail system (used to create managed email domains)

SwagPOST /mailsystem/manageddomain (see also Add Managed Domain).

anchor link CheckBoxInactive Mail System / Domain / Groups

For internal use!

see SEPPmail API mail system

SwagPOST /mailsystem/manageddomain{domaineName}/group (see also List mailprocessing groups)

SwagPOST /mailsystem/manageddomain{domaineName}/group/{name}/member (see also List mailprocessing groups)

anchor link CheckBoxInactive Mail System / Settings

see SEPPmail API mail system (used to define basic settings)

SwagPOST /mailsystem/settings/rbl (see also Blocklists)

SwagPOST /mailsystem/settings/blwl (see also Manual blocklisting / welcomelisting)

SwagPOST /mailsystem/settings/relaying (see also Relaying)

SwagPOST /mailsystem/settings/relayingformanageddomain (see also Relaying)

SwagPOST /mailsystem/settings/additionalcredentials (see also Additional credentials for managed domains)

anchor link CheckBoxInactive Mail System / TLSDomain

see SEPPmail API mail system (used to define TLS settings of target systems)

SwagPOST /mailsystem/tlsdomain (see also TLS settings and/or TLS settings)

anchor link CheckBoxInactive Mail System / Templates and Disclaimers

see SEPPmail API mail system / template (used to create email and disclaimer templates)

SwagPOST /mailsystem/template (see also List Template Add)

SwagPOST /mailsystem/template/{name}/{includesType} (see also Inlines)

as well as SEPPmail API mail system / disclaimer

SwagPOST /mailsystem/disclaimer (see also List Disclaimer Add)

SwagPOST /mailsystem/disclaimer/{name}/{includesType} (see also Inlines)

anchor link CheckBoxInactive

Tools / LDIF import

For internal use!

see SEPPmail API tools

SwagPOST /tools/ldif_import

anchor link CheckBoxInactive

Users

see SEPPmail API user (used to create internal users and supply them with key material)

SwagPOST /user (see also Users Create new user account...)

SwagPOST /crypto/user/{email} (see also S/MIME Import S/MIME key and certificate... and/or OpenPGP Import OpenPGP key pair...)

anchor link CheckBoxInactive Webmail / Accounts

see SEPPmail API webmail (used to create GINA users)

SwagPOST /webmail/user (see also GINA Accounts and/or Import of GINA users)

anchor link CheckBoxInactive Webmail / Domain

see SEPPmail API webmail (used to create GINA domains).

SwagPOST /webmail/domain (see also Change GINA Settings For)

anchor link Modules with MODIFY access DropDown

Selection menu for authorisation to individual SwagPUT API modules (see https://api.seppmail.com/#/).

Via SwagPUT existing configurations on the SEPPmail Secure E-Mail Gateway can be changed.

anchor link Search

a search function for the available permissions is available via the input field.

anchor link (un)select all

by means of select all and/or unselect all, all permissions can be activated or deactivated simultaneously.

anchor link CheckBoxInactive Crypto / Key material

see SEPPmail API crypto (used to customise key material)

SwagPUT /crypto/mpki (see also MPKI)

SwagPUT /crypto/mpki/{mpkitype} (see also MPKI type)

SwagPUT /crypto/user/{email}/{serial_or_keyid} (see also S/MIME and/or OpenPGP)

SwagPUT /crypto/domain/{domainName}/{serial_or_keyid} (see also S/MIME domain encryption and/or OpenPGP domain encryption)

anchor link CheckBoxInactive Customers

see SEPPmail API customer (used to customise customer (tenant) information)

SwagPUT /customer/{customer} (see also Edit customer)

SwagPUT /customer/{customer}/adminuser (see also Remove from this customer and reassign to Default Customer)

SwagPUT /customer/{customer}/mailroute (see also Remove from this customer and reassign to Default Customer)

anchor link CheckBoxInactive Filter / Block- and Welcomelisting

For internal use!

see SEPPmail API filter / blwl

SwagPUT /filter/blwl/{listID}

anchor link CheckBoxInactive

Filter / Config

For internal use!

see SEPPmail API filter / config

SwagPUT /filter/config/{scope}

anchor link CheckBoxInactive Filter / Override

For internal use!

see SEPPmail API filter / override

SwagPUT /filter/override/{scope}

anchor link CheckBoxInactive Groups

see SEPPmail API group (used to customise the groups information)

SwagPUT /group/{name} (see also Groups Section <groupname>)

SwagPUT /group/{name}/member (see also individual sections of the menu Groups)

SwagPUT /mailsystem/manageddomain{domaineName}/group (see also List mailprocessing groups)

SwagPUT /mailsystem/manageddomain{domaineName}/group/{name} (see also List mailprocessing groups)

anchor link CheckBoxInactive Mail Processing / Extended Fields

For internal use!

see SEPPmail API mail processing

SwagPUT /mailsystem/manageddomain{domaineName}/group (see also List mailprocessing groups)

SwagPUT /mailsystem/manageddomain{domaineName}/group/{name} (see also List mailprocessing groups)

SwagPUT /mailprocessing/extendedFields (see also Extended fields)

anchor link CheckBoxInactive Mail System / Domain

see SEPPmail API mail system / managed domain (used to customise information of managed email domains)

SwagPUT /mailsystem/manageddomain/{domainname} (see also Edit Managed Domain).

anchor link CheckBoxInactive Mail System / Domain / Groups

For internal use!

see SEPPmail API mail system

SwagPUT /mailsystem/manageddomain{domaineName}/group (see also List mailprocessing groups)

SwagPUT /mailsystem/manageddomain{domaineName}/group/{name} (see also List mailprocessing groups)

anchor link CheckBoxInactive Mail System / Settings

see SEPPmail API mail system (used to customise basic settings)

SwagPUT /mailsystem/settings (see also Mail System)

SwagPUT /mailsystem/settings/rbl (see also Blocklists)

SwagPUT /mailsystem/settings/blwl (see also Manual blocklisting / welcomelisting)

SwagPUT /mailsystem/settings/relaying (see also Relaying)

SwagPUT /mailsystem/settings/relayingformanageddomain (see also Relaying)

SwagPUT /mailsystem/settings/additionalcredentials (see also Additional credentials for managed domains)

SwagPUT /mailsystem/settings/applymailconfig (see also Mail System)

anchor link CheckBoxInactive Mail System / TLSDomain

see SEPPmail API mail system (used to customise TLS settings of target systems)

SwagPUT /mailsystem/tlsdomain (see also TLS settings and/or TLS settings)

 

anchor link CheckBoxInactive Mail System / Templates and Disclaimers

see SEPPmail API mail system / template (used to customise email and disclaimer templates)

SwagPUT /mailsystem/template/{name} (see also Edit Template)

SwagPUT /mailsystem/template/{name}/{includesType} (see also Inlines)

as well as SEPPmail API mail system / disclaimer

SwagPUT /mailsystem/disclaimer{name} (see also Edit Disclaimer)

SwagPUT /mailsystem/disclaimer/{name}/{includesType} (see also Inlines)

anchor link CheckBoxInactive

Users

see SEPPmail API user (used to customise the internal users and their key material)

SwagPUT /user (see also User 'user@domain.tld')

SwagPUT /crypto/user/{email}/{serial_or_keyid} (see also S/MIME and/or OpenPGP)

anchor link CheckBoxInactive Webmail / Accounts

see SEPPmail API webmail (used to customise the GINA users)

SwagPUT /webmail/user/{email} (see also GINA User Details)

SwagPUT /webmail/user/{email}/resetpassword (see also Password)

anchor link CheckBoxInactive Webmail / Domain

see SEPPmail API webmail (used to customise the GINA domains).

SwagPUT /webmail/domain (see also Change GINA Settings For)

SwagPUT /webmail/domain/{domainname}/layout (see also Layout)

anchor link CheckBoxInactive Webmail / Settings

see SEPPmail API webmail (used to customise GINA settings)

SwagPUT /webmail/applywebmail (see also GINA Domains)

anchor link Modules with DELETE access DropDown

Selection menu for authorisation to individual SwagDELETE API modules (see https://api.seppmail.com/#/).

Via SwagDELETE existing configurations on the SEPPmail Secure E-Mail Gateway can be removed.

 

anchor link Search

a search function for the available permissions is available via the input field.

anchor link (un)select all

by means of select all and/or unselect all, all permissions can be activated or deactivated simultaneously.

anchor link CheckBoxInactive Crypto / Key material

see SEPPmail API crypto (used to remove key material)

SwagDELETE /crypto/mpki/{mpkitype}/{domainname} (see also MPKI managed domains)

SwagDELETE /crypto/user/{email}/{serial_or_keyid} (see also S/MIME and/or OpenPGP)

SwagDELETE /crypto/domain/{domainName}/{serial_or_keyid} (see also S/MIME domain encryption and/or OpenPGP domain encryption)

anchor link CheckBoxInactive Customers

see SEPPmail API customer (used to remove customer (tenant) information)

SwagDELETE /customer/{customer} (see also Delete Customer)

anchor link CheckBoxInactive Filter / Block- and Welcomelisting

For internal use!

see SEPPmail API filter / blwl

SwagDELETE /filter/blwl/{listID}

anchor link CheckBoxInactive

Filter / Config

For internal use!

see SEPPmail API filter / config

SwagDELETE /filter/config/{scope}

anchor link CheckBoxInactive Filter / Override

For internal use!

see SEPPmail API filter / override

SwagDELETE /filter/override/{scope}

anchor link CheckBoxInactive Groups

see SEPPmail API group (used to remove groups information)

SwagDELETE /group/{name} (see also individual sections of the menu Groups)

anchor link CheckBoxInactive Mail Processing / Extended Fields

For internal use!

see SEPPmail API mail processing

SwagDELETE /mailprocessing/extendedFields (see also Extended fields)

anchor link CheckBoxInactive Mail System / Domain

see SEPPmail API mail system / managed domain (used to remove information of managed email domains)

SwagDELETE /mailsystem/manageddomain/{domainname} (see also Add Managed Domain Delete domain).

anchor link CheckBoxInactive Mail System / Domain / Groups

For internal use!

see SEPPmail API mail system

SwagDELETE /mailsystem/manageddomain{domaineName}/group/{name} (see also List mailprocessing groups)

anchor link CheckBoxInactive Mail System / Settings

see SEPPmail API mail system (used to remove basic settings)

SwagDELETE /mailsystem/settings/rbl (see also Blocklists)

SwagDELETE /mailsystem/settings/blwl (see also Manual blocklisting / welcomelisting)

SwagDELETE /mailsystem/settings/relaying (see also Relaying)

SwagDELETE /mailsystem/settings/relayingformanageddomain (see also Relaying)

SwagDELETE /mailsystem/settings/additionalcredentials (see also Additional credentials for managed domains)

anchor link CheckBoxInactive Mail System / TLSDomain

see SEPPmail API mail system (used to remove TLS settings of target systems)

SwagDELETE /mailsystem/tlsdomain (see also TLS settings and/or TLS settings)

anchor link CheckBoxInactive Mail System / Templates and Disclaimers

see SEPPmail API mail system / template (used to remove email and disclaimer templates)

SwagDELETE /mailsystem/template/{name} (see also List Template delete)

as well as SEPPmail API mail system / disclaimer

SwagDELETE /mailsystem/disclaimer/{name} (see also List Disclaimer delete)

anchor link CheckBoxInactive Users

see SEPPmail API user (used to remove the internal users and their key material)

SwagDELETE /user/{email} (see also User 'user@domain.tld' Delete User)

anchor link CheckBoxInactive Webmail / Accounts

see SEPPmail API webmail (used to remove GINA users)

SwagDELETE /webmail/user/{email} (see also GINA User Details Delete Account)

anchor link CheckBoxInactive Webmail / Domain

see SEPPmail API webmail (used to remove GINA domains).

SwagDELETE /webmail/domain{domainname} (see also Change GINA Settings For Delete)

anchor link MSP token

CheckBoxInactive By default, this option is inactive.

If the option is activated, a token with access to all existing and future tenants is generated. The option Assigned tenants remains greyed out.

empty

 

LinkNote:

Visible only with activated client capability (see Customers).

anchor link Assigned tenants DropDown

In the selection menu...

 

anchor link Search

a search function for the available tenants is available via the input field.

anchor link select all

by means of select all all available tenants can be selected simultaneously.

anchor link Default Customer

The tenant "Default Customer" ([default], see Customers) is available in every client-capable system

anchor link <Customer>

There is a separate checkbox for each tenant created

 

Clicking on Generate generates an API token and an associated API secret.

Via the button Add the access is saved.

If access data have already been set up, they are displayed as created:

anchor link Active

By default, this option has the status set when it was created.

Activates/deactivates the respective access.

anchor link Display name

The Display name of existing accesses cannot be changed.

anchor link API token

The API token of existing accesses cannot be changed.

Via the copy button empty, the API token can be copied to the clipboard.

anchor link API secret

The API secret can be changed if necessary.

Via

the eye button empty the current secret is displayed.

the copy button empty the API secret can be copied to the clipboard.

the refresh button empty a new API secret can be generated.

anchor link Access

In the subsections of this option, the access permissions for the respective access can be adjusted.

The description of the subsections is identical to that of New API Token Access above and is therefore not listed here again.

anchor link User RESTAPI keys

(new in 13.0.0)

 

If a user is authenticated via the end point "/auth", this is also displayed here.

 

The changes made are saved via the Save button.

 

 

anchor link GINA GUI

 

Defines the settings for accessing the GINA portal.

 

empty

anchor link Note:

Irrespective of the ports set in the following options, the link contained in the html attachment of a GINA email will always direct to the default HTTPS port 443.

This is the only way to guarantee that the connection between the GINA recipient and the GINA portal is not blocked by a firewall.

The adjustability of the ports shall exclusively serve the enabling of an internal port-forwarding.

 

Parameters

Description

anchor link CheckBoxInactive HTTP port

This option is inactive by default and pre-set to 80.

Enables unencrypted access to the webmail interface of the SEPPmail Secure E-Mail Gateway (GINA) via the HTTP protocol.

 

empty

anchor link Attention:

The HTTP protocol should not be used to access the webmail interface from the Internet or from another non-secured network. This would enable the logging of web browser connections with webmail interfaces of the SEPPmail Secure E-Mail Gateway by unauthorised third parties.

This setting is normally only required if an upstream component terminates the SSL tunnel to the GINA portal.

anchor link CheckBoxActive HTTPS port

By default, this option is active and set to the value 443.

Enables encrypted access to the webmail interface of the SEPPmail Secure E-Mail Gateway (GINA) via the HTTPS protocol.

 

If the SEPPmail Secure E-Mail Gateway does not accept HTTPS requests directly from the Internet, the port can be adjusted in order to use a port-forwarding of an upstream security component, for instance.

 

empty

anchor link Attention:

The link within the "secure-email.html" from the GINA carrier email is statically set to port 443.
At this point, only by using the HTTPS standard port can the reliable connection back to the SEPPmail Secure E-Mail Gateway - even through possible intermediate firewalls - be ensured.

 

The certificate used for access can be seen under SSL, and/or, with activated "Virtual hosting" (see GINA Domains GINA settings) under CHANGE GINA SETTINGS FOR Secure GINA Host.

anchor link CheckBoxInactive Enable local https proxy, redirect unknown requests to

(optional)

By default, this option is inactive.

Provides access to the webmail subsystem (GINA portal) no longer directly but via the local SEPPmail Secure E-Mail Gateway reverse proxy. All requests not specified for the webmail are thereby forwarded to the specified server address. This allows, for example, access to an internal OWA server (Outlook Web Access) with only one external IP address. Similarly, ActiveSync connections to the internal Microsoft Exchange server can be forwarded through the reverse proxy.

 

empty

anchor link Note:

Only the IP address or the FQDN via which the following server is accessible may be entered here (no complete URL):

true

192.168.1.10

or

mycompany.local

false

192.168.1.10/owa

or

mycompany.local/owa

 

empty

anchor link Attention:

This setting also overrides entries made under CHANGE GINA SETTINGS FOR Extended settings Default Forward Page.

Additionally, problems may occur with RPC over HTTPS (for example Outlook Anywhere) under certain circumstances.

anchor link CheckBoxInactive Enable high-performance mode (RAM usage increases considerably)

This option is used to accelerate GINA.

 

empty

anchor link Note:

Using this option increases the required memory (RAM) and should only be activated if necessary.

 

The changes made are saved via the Save button.

 

 

anchor link Key server

 

Enables the automatic query of public keys of the local users.

 

Parameters

Description

anchor link CheckBoxInactive Enable S/MIME and PGP key server on port 1389 (LDAP) and 1636 (LDAPS)

By default, this option is inactive.

Activates the key server function of the SEPPmail Secure E-Mail Gateway. This makes the public keys, both S/MIME as well as OpenPGP, of the SEPPmail Secure E-Mail Gateway Users available to other systems, by means of LDAP via port 1389 and/or LDAPS via port 1636. For the secure communication via LDAPS, the certificate entered in the SSL will be used.

A query is possible as follows:

URI

<Protocol>://<FQDN from CHANGE GINA SETTINGS FOR [default] Secure GINA Host Hostname>

BindDN / BindPW

is not required

BaseDN

is not required, although "dc=keyserver" works.

 

empty

anchor link Note:

For using this key server function, it is recommended using an upstream firewall with a corresponding port mapping:

 

Source

Port

Target

Port

Internet

389

(LDAP)

SEPPmail Secure E-Mail Gateway

1389

(LDAP)

636

(LDAPS)

1636

(LDAPS)

 

The changes made are saved via the Save button.

 

 

anchor link Console Login (optional)

 

Defines the settings for accessing the console (command line interface, CLI) of the appliance.

 

Parameters

Description

anchor link CheckBoxInactive Disable console root login

By default, this option is inactive.

Deactivates access to the console (command line interface, CLI) of the SEPPmail Secure E-Mail Gateway.
 

empty

anchor link Note:

When activating this parameter, please note that, in this case, deliberate access to the system is also no longer possible in the event of an error.

anchor link CheckBoxInactive Redirect console to serial port

By default, this option is inactive.

Enables access to the command line interface (CLI) via the serial port.

 

empty

anchor link Note:

For the serial connection, the baud rate 115200 is to be selected. No additional settings are required.

 

The changes made are saved via the Save button.

 

empty

Note:

In order for changes made here to become active, a Reboot is necessary.

 

 

anchor link Syslog settings (optional)

 

Enables the forwarding of log entries to a syslog server. Multiple servers can be entered and separated by a semicolon ";". By default, the port UDP/514 is used for transmitting the messages.

If necessary, the protocol as well as the target port can be optionally specified in the format [protocol]host[:port], for example tcp://192.168.10.60:1514.

 

empty

anchor link Note:

Backups do not contain logs. In order to store them permanently and securely, it is recommended to set up the export of logs to an external system here.

 

 

Parameters

Description

anchor link Forward maillog and authlog to this syslog server

SysLog server to which the SEPPmail Secure E-Mail Gateway is to send email, authentication and system logs.

anchor link Forward GUI audit log to this syslog server

SysLog server to which the SEPPmail Secure E-Mail Gateway is to send logs of the activities from the administration interface.

anchor link Forward GINA log to this syslog server:

SysLog server to which the SEPPmail Secure E-Mail Gateway should send GINA protocols.

anchor link CheckBoxInactive Disable logging to local maillog

By default, this option is inactive.

Deactivates both the local creation of the mail log as well as the relevant statistics.

 

The changes made are saved via the Save button.

 

 

anchor link Log settings (optional)

 

Parameters

Description

anchor link Log Cleanup

 

Automatically delete log archives older than Input days

 

This option is inactive by default and pre-set to 1095.

Automatically deletes all Logs that are older than the set number of days. Automatically deleting the log archives

can help avoid setting up a "full" log partition.

ensures compliance with revision requirements regarding the retention of data.

 

Values from 1 to 3650 are accepted as input.

The input of value 30 causes the default log rotation to be used. With this rotation, when the email log reaches a size of 30 MB (for the GINA log a size of 10 MB), the log is first archived and a new log file is started in each case. Since it is therefore not possible to delete exactly to the day, this procedure is primarily suitable to prevent the log partition from getting full.

When a value 29 is set, on the other hand, the log rotates on a daily basis. This makes this procedure suitable for complying with revision specifications regarding the data retention period.

 

empty

anchor link Note:

In client-capable systems, it is to be taken into account that these logs are no longer available for the client admin on the appliance.

anchor link Log Archive Type

(new in 14.0.0)

Select between File (maillog index files generated from the maillog files, default) or DB for the faster database approach, where maillog index files have been written to a database. In the DB case, it is possible to page through the log data.

 

The changes made are saved via the Save button.

 

 

anchor link Proxy settings (optional)

 

Here, the corresponding settings are to be made only if direct access of the appliance to the Internet is impossible via SSH (see Use direct connection on port 22 outgoing (preferred)).

 

empty

anchor link Note:

The settings made here are also used to obtain signature files of the Protection Pack, if applicable.

 

If the connection is established via a proxy, the port 22 connection is tunnelled via HTTPS.

Access can then no longer be tested directly via the Rudimentary System Commands option "6) Port probe").

To this end, after calling up the option under

Enter Server:

enter the IP address

127.0.0.1

and under

Enter Port:

enter the number

23

.

The reply

Connection to 127.0.0.1 23 port [tcp/telnet] succeeded!

should be shown if this was completed successfully.

If not, the SEPPmail Secure E-Mail Gateway cannot establish the connection to the proxy server. In this case, the proxy settings would have to be checked again.

If this check is successful but the connection is not established in the administration interface, it can be assumed that the request is stuck at the proxy.

 

 

Parameters

Description

anchor link Proxy server

Hostname or IP address of the proxy server via which the SSH communication is to be routed.

anchor link Proxy port

Destination port of the proxy server, for example 8080 or 8081

anchor link Proxy user

(optional)

User name for the login to the proxy server, if necessary.

anchor link Proxy password

(optional)

Password for the login to the proxy server.

anchor link RadioButtonActive Use direct connection on port 22 outgoing (preferred)

Default setting.

This option must be activated if an SSH connection to the Internet is possible directly and without any detours, via a proxy server.

anchor link RadioButtonInactive Connect through SOCKS 4 proxy

This option must be activated to tunnel SSH connections through a generic SOCKS proxy. This option can be used if direct access to the Internet via SSH is regulated but the connection to the Internet is possible via a SOCKS proxy (version 4).

anchor link RadioButtonInactive Connect through SOCKS 5 proxy

This option must be activated to tunnel SSH connections through a generic SOCKS proxy. This option can be used if direct access to the Internet via SSH is regulated but the connection to the Internet is possible via a SOCKS proxy (version 5).

anchor link RadioButtonInactive Connect through HTTP proxy

This option must be enabled to tunnel SSH connections through an HTTP proxy. This option can be used if direct access to the Internet via the SSH is regulated, but the connection to the Internet is possible via an HTTP proxy.

anchor link RadioButtonInactive Connect through Telnet proxy

This option must be enabled to tunnel SSH connections through a Telnet proxy. This option can be used if direct access to the Internet via SSH is regulated, but the connection to the Internet is possible via a Telnet proxy.

anchor link RadioButtonInactive Use port 80 instead of 22

This option must be activated if an HTTP connection directly to the Internet is possible. The SSH connection then uses TCP port 80 (HTTP) instead of TCP 22 (SSH).

 

The changes made are saved via the Save button.

 

 

anchor link MPKI proxy settings (optional)

 

Here, the corresponding settings only have to be made if direct access of the corresponding MPKI interface to the issuing certification authority (CA) is impossible.

 

Parameters

Description

anchor link MPKI proxy server

Hostname or IP address of the proxy server via which the communication with the certification authority via HTTPS port 443 is to be established.

anchor link MPKI proxy port

Destination port of the proxy server, for example 8080 or 8081.

anchor link MPKI proxy user

(optional)

User name for the login to the proxy server, if necessary.

anchor link MPKI proxy password

(optional)

Password for the login to the proxy server.

anchor link RadioButtonActive Use direct connection (preferred)

Default setting.

This option must be activated if the connection to the certification authority via the Internet is possible directly and without any detour by means of a proxy server via HTTPS port 443.

anchor link RadioButtonInactive Connect through SOCKS 4 proxy

This option must be enabled to tunnel connections to the certification authority through a generic SOCKS proxy. This option can be used if direct access to the Internet is regulated, but the Internet connection is possible via a SOCKS proxy (version 4).

anchor link RadioButtonInactive Connect through SOCKS 5 proxy

This option must be enabled to tunnel connections to the certification authority through a generic SOCKS proxy. This option can be used if direct access to the Internet is regulated, but the Internet connection is possible via a SOCKS proxy (version 5).

anchor link RadioButtonInactive Connect through HTTP proxy

This option must be enabled to tunnel connections to the certification authority through an HTTP proxy. This option can be used if direct access to the Internet is regulated, but the Internet connection is possible via an HTTP proxy.

 

The changes made are saved via the Save button.

 

 

anchor link OCSP / CRL check settings (optional)

 

This section can be used to activate the validity check of the certificate by means of revocation lists ("certificate revocation list" short "CRL") and/or the Online Certificate Status Protocol (OCSP). For obtaining this information, access to the issuing certification authority (CA) is required in each case. If the appliance does not have direct access to the Internet, a connection via a proxy server can be configured in addition.

 

empty

anchor link Note:

If the GINA certificate (see SSL) requires stapling (if needed, please also refer to https://de.wikipedia.org/wiki/Online_Certificate_Status_Protocol_stapling), the option Connect through HTTP proxy has to be active to guarantee that it functions correctly. When using this setting, possible entries under Proxy user and/or Proxy password are not transmitted to the entered Proxy server.

 

Parameters

Description

anchor link CheckBoxActive Enable OCSP / CRL checks for S/MIME certificates.

By default, this option is active.

Activates the verification of certificates via OCSP/CRL.

 

empty

anchor link Note:

Certificates are automatically always checked when they are used, but no more than once per hour.

The issuing certification authority then gives feedback as per RFC 2560 as to when

the last revocation check was implemented (This Update)

the next revocation check will take place (Next Update)
(if Next Update is not available, this means that new revocation information is provided by the certification authority on a permanent basis)

the time when this request was signed (Produced At).

The results of the checks can be found in the certificate details in the menus X-509 Certificates and X.509 Root Certificates.

anchor link Proxy server

 

Hostname or IP address of the proxy server via which the HTTP/HTTPS communication to the CA is to be established.

anchor link Proxy port

Destination port of the proxy server, for example 8080 or 8081

anchor link Proxy user

(optional)

User name for the login to the proxy server, if necessary.

anchor link Proxy password

(optional)

Password for the login to the proxy server.

anchor link RadioButtonActive Use direct connection

Default setting.

This option must be activated if an HTTP/HTTPS connection directly to the internet is possible without a proxy server.

anchor link RadioButtonInactive Connect through SOCKS 4 proxy

This option must be enabled to tunnel HTTP/HTTPS connections through a generic SOCKS proxy. This option can be used if direct access to the Internet is regulated via HTTP/HTTPS, but an Internet connection is possible via a SOCKS proxy (version 4).

anchor link RadioButtonInactive Connect through SOCKS 5 proxy

This option must be enabled to tunnel HTTP/HTTPS connections through a generic SOCKS proxy. This option can be used if direct access to the Internet is regulated via HTTP/HTTPS, but an Internet connection is possible via a SOCKS proxy (version 5).

anchor link RadioButtonInactive Connect through HTTP proxy

This option must be enabled to tunnel HTTP/HTTPS connections through an HTTP proxy. This option can be used if direct access via HTTP/HTTPS to the Internet is regulated, but an Internet connection is possible via an HTTP proxy.

 

empty

anchor link Attention:

Certificates are not used only if they have been checked by means of OCSP or CRL and have been revoked.

If a certificate cannot be checked using OCSP or CRL, it is still used.

 

The changes made are saved via the Save button.

 

 

anchor link Time zone

 

Parameters

Description

anchor link Time zone selection

Selection of the time zone applicable to the location of the SEPPmail Secure E-Mail Gateway. The switch between summer and winter time is carried out automatically.

 

The changes made are saved via the Save button.

 

 

anchor link Time and date

 

Parameters

Description

anchor link RadioButtonInactive No time sync

With this setting, only the internal system time will be used. This can be set via Set date and time manually. There is no automatic synchronisation with other systems!

anchor link RadioButtonActive Use virtual host time or attached sensor

Default setting.

With this setting, the time for virtual appliances would be compared to the host system if this is supported by the host system. With hardware systems, the corresponding sensor would be used for the comparison.

anchor link RadioButtonInactive Set remote NTP server

Default setting.

The date and time will be synchronised with the time server given under Server via the NTP protocol, target port UDP 123.

 

empty

anchor link Note:
When setting up a Cluster, this option is mandatory on all cluster members. Here, the same time servers are to be entered in the same order on all cluster partners.

The selected time zone (see Time zone) is not relevant for the synchronisation in the cluster.

 

anchor link Server

By default, it is pre-defined as pool.ntp.org.

Hostname or IP address  (IPv4 oder IPv6) of a time server. Several servers can be entered, separated by spaces.
If a target on the Internet is specified, access is to be ensured (see Setting Up The Firewall/Router).

Where appropriate, the specification of a host name which is resolved into several time servers (pool) is advantageous for ensuring availability.

If Internet time servers are used, local servers should be used whenever possible, for example de.pool.ntp.org instead of only pool.ntp.org.

anchor link CheckBoxInactive Periodic updates

By default, this option is inactive.

Periodically adjust the clock to avoid drift in virtual machines leads to a periodic adjustment of the time with the virtualisation host.

 

empty

anchor link Note:

Especially in the case of Hyper-V Guest systems, a constant clock drift of several seconds per minute is noticeable in individual cases, even if the host system is not under load. If the times of the system deviate too much, NTP sets a correction of the system time since NTP regards excessive differences from its initially set time as error.

anchor link RadioButtonInactive Set date and time manually

If no NTP access is available, the current date and current time can be entered here manually.

 

anchor link Date

Current date in the format: dd.mm.yyyy

anchor link Time

Current time in the format: hh:mm:ss

 

The changes made are saved via the Save button.

 

 

anchor link SNMP daemon (optional)

 

If no entry is made for snmp v1/2 read-only community nor for snmp v1/2 Read-write Community, SNMP v1/2 is deactivated.

For the SNMP v3 encryption, AES is used for authentication, while SHA is used as an algorithm.

 

empty

anchor link Note:

When monitoring partition utilisation, it should be noted that only those partitions are taken into account that are also listed under Home Disk statistics. All other partitions are read-only and up to 100% occupied. Monitoring these partitions would therefore lead to permanent messages.

 

Parameters

Description

anchor link CheckBoxInactive Enable SNMP

By default, this option is inactive.

Activates the SNMP Daemon on the SEPPmail Secure E-Mail Gateway. Thus, the SNMP protocol with tools, e.g. snmpwalk, can be used to call up information via the SEPPmail Secure E-Mail Gateway.

anchor link Listen address

IP address - IPv4 or IPv6 - to which the SNMP monitoring connects. Generally, this is the IP address of the SEPPmail Secure E-Mail Gateway. Entering several addresses is not possible.

anchor link snmp v1/2 read-only community

Password for read-only access to the SNMP data.

anchor link snmp v1/2 read-write community

Password for read-write access to the SNMP data.

anchor link snmp v3 user

User name for SNMP v3 access

anchor link snmp v3 password

Password (user and privacy) for the SNMP v3 access. This must contain at least eight characters.

anchor link Download MIBs

Via the button, the management information bases (MIB) of the SEPPmail Secure E-Mail Gateway can be downloaded as a ZIP file.
 

In addition, the following OIDs are available for monitoring further functions:

.1.3.6.1.4.1.8072.1.3.2.1.0 = INTEGER: 10

 

.1.3.6.1.4.1.8072.1.3.2.2.1.3.11.109.97.105.108.115.80.103.112.68.101.99.0 = STRING: mailsPgpDec

 

.1.3.6.1.4.1.8072.1.3.2.2.1.3.11.109.97.105.108.115.80.103.112.69.110.99.0 = STRING: mailsPgpEnc

 

.1.3.6.1.4.1.8072.1.3.2.2.1.3.13.109.97.105.108.115.83.109.105.109.101.68.101.99.0 = STRING: mailsSmimeDec

 

.1.3.6.1.4.1.8072.1.3.2.2.1.3.13.109.97.105.108.115.83.109.105.109.101.69.110.99.0 = STRING: mailsSmimeEnc

 

.1.3.6.1.4.1.8072.1.3.2.2.1.3.14.109.97.105.108.115.68.111.109.97.105.110.68.101.99.0 = STRING: mailsDomainDec

 

.1.3.6.1.4.1.8072.1.3.2.2.1.3.14.109.97.105.108.115.68.111.109.97.105.110.69.110.99.0 = STRING: mailsDomainEnc

 

.1.3.6.1.4.1.8072.1.3.2.2.1.3.14.109.97.105.108.115.80.114.111.99.101.115.115.101.100.0 = STRING: mailsProcessed

.1.3.6.1.4.1.8072.1.3.2.3.1.1.18.109.97.105.108.101.117.101.65.99.116.105.118.101.0 = STRING: mailsInQueueActive

.1.3.6.1.4.1.8072.1.3.2.3.1.1.20.109.97.105.108.101.117.101.68.101.102.101.114.114.101.100.0 = STRING: mailsInQueueDeferred

 

.1.3.6.1.4.1.8072.1.3.2.2.1.3.20.109.97.105.108.101.117.101.73.110.99.111.109.105.110.103.0 = STRING: mailsInQueueIncoming

 

.1.3.6.1.4.1.8072.1.3.2.3.1.1.11.109.97.105.108.115.80.103.112.68.101.99.0 = STRING: 17

 

.1.3.6.1.4.1.8072.1.3.2.3.1.1.11.109.97.105.108.115.80.103.112.69.110.99.0 = STRING: 14

 

.1.3.6.1.4.1.8072.1.3.2.3.1.1.13.109.97.105.108.115.83.109.105.109.101.68.101.99.0 = STRING: 0

 

.1.3.6.1.4.1.8072.1.3.2.3.1.1.13.109.97.105.108.115.83.109.105.109.101.69.110.99.0 = STRING: 0

 

.1.3.6.1.4.1.8072.1.3.2.3.1.1.14.109.97.105.108.115.68.111.109.97.105.110.68.101.99.0 = STRING: 0

 

.1.3.6.1.4.1.8072.1.3.2.3.1.1.14.109.97.105.108.115.68.111.109.97.105.110.69.110.99.0 = STRING: 2

 

.1.3.6.1.4.1.8072.1.3.2.3.1.1.14.109.97.105.108.115.80.114.111.99.101.115.115.101.100.0 = STRING: 6409

.1.3.6.1.4.1.8072.1.3.2.2.1.3.18.109.97.105.108.101.117.101.65.99.116.105.118.101.0 = STRING: 0

.1.3.6.1.4.1.8072.1.3.2.2.1.3.20.109.97.105.108.101.117.101.68.101.102.101.114.114.101.100.0 = STRING: 0

 

.1.3.6.1.4.1.8072.1.3.2.3.1.1.20.109.97.105.108.101.117.101.73.110.99.111.109.105.110.103.0 = STRING: 0

 

empty

anchor link Note:

The indicated OIDs each return a character string (STRING) with the corresponding value.

This is due to a custom MIB format of net-snmp. The actual values are provided by a second, related OID, for example:

1.3.6.1.4.1.8072.1.3.2.2.1.3.11.109.97.105.108.115.80.103.112.68.101.99.0 -> "mailsPgpDec"

1.3.6.1.4.1.8072.1.3.2.3.1.1.11.109.97.105.108.115.80.103.112.68.101.99.0 -> value mailsPgpDec

 

empty

anchor link Note:

Meaning of the strings

mailsInQueueIncoming
-- new message queue

mailsInQueueActive
-- messages scheduled for delivery

mailsInQueueDeferred
-- messages postponed for later delivery

 

The changes made are saved via the Save button.

 

 

anchor link NRPE daemon (optional)

 

In this section, the NRPE (Nagios Remote Plugin Executor) for monitoring the SEPPmail Secure E-Mail Gateway via Nagios is configured.

 

empty

anchor link Note:

When monitoring partition utilisation, it should be noted that only those partitions are taken into account that are also listed under Home Disk statistics. All other partitions are read-only and up to 100% occupied. Monitoring these partitions would therefore lead to permanent messages.

 

Parameters

Description

anchor link CheckBoxInactive Enable Nagios Remote Plugin Executor

By default, this option is inactive.

Activates the Nagios Daemon on the SEPPmail Secure E-Mail Gateway for monitoring the system.

anchor link Listen address

Input of the IP address - IPv4 or IPv6 - to which the NRPE client should connect. Entering several addresses is not possible. If no input is made, the daemon listens on all existing interfaces ( IP addresses).

(corresponds to the parameter "server_address=" in the NRPE configuration file "nrpe.cfg")

anchor link Listen port

(above 1024)

Port on which the SEPPmail Secure E-Mail Gateway expects NRPE queries. By default, this is port 5666. If a port other than the default port is used, it is to be ensured that it is not used by another service and is higher than 1024.

If an already occupied port is accidentally used, a watchdog would report that the service is no longer running.

(corresponds to the parameter "server_port=" in the NRPE configuration file "nrpe.cfg")

anchor link Allowed

hosts/networks

Entry of the IP addresses or subnetworks authorised for the query. The entry is made in the format 192.168.0.0/24 or 2a00::/112. Several entries can be separated by a comma. If no entry is made, requests are accepted from any address.

(corresponds to the parameter "allowed_hosts=" in the NRPE configuration file "nrpe.cfg")

anchor link Advanced Settings

By activating the option Allow remote command arguments, the SEPPmail Secure E-Mail Gateway also accepts the arguments transmitted with the queries of the NRPE clients.

(corresponds to the parameter "dont_blame_nrpe=1" in the NRPE configuration file "nrpe.cfg")

 

empty

anchor link Attention:

Activating this option can lead to security risks, such as

an unauthorised reading of published values

the reading of actually private values, which are made possible by a weak security gap in the command execution

execution of third-party programmes, which are possible due to a severe security gap in the command execution

 

The changes made are saved via the Save button.

 

The following Nagios plugins are integrated into the SEPPmail Secure E-Mail Gateway for use with variable parameters. Using variable parameters is made possible by activating the option Allow remote command arguments. The parameters listed for the command are to be transferred mandatorily.

anchor link 

Command

Parameters

Description

check_disk

-w $ARG1$

Threshold value (in %) for free disk space below which the message "warning" is issued (for example "20%").

-c $ARG2$

Threshold value (in %) for free disk space below which the message "critical" is issued (for example "10%").

-p $ARG3$

Path of the file system to be checked (for example "/var/log").

check_swap

-w $ARG1$

Threshold value (in %) for free swap space below which the message "warning" is issued (for example "60%").

-c $ARG2$

Threshold value (in %) for free swap space below which the message "critical" is issued (for example "40%").

check_mailq

-w $ARG1$

Threshold value for the number of emails in the queue upon the exceedance of which the message "warning" is issued (for example "1000").

-c $ARG2$

Threshold value for the number of emails in the queue upon the exceedance of which the message "critical" is issued (for example "1500").

check_load

-w $ARG1$

Threshold value for the system utilisation [avg1,avg5,avg15], upon the exceedance of which the message "warning" is issued (for example "15,20,20").

-c $ARG2$

Threshold value for the system utilisation [avg1,avg5,avg15], upon the exceedance of which the message "critical" is issued (for example "20,25,35").

check_procs

-w $ARG1$

Threshold value for the number of processes upon the exceedance of which the message "warning" is issued (for example "5").

-c $ARG2$

Threshold value for the number of processes upon the exceedance of which the message "critical" is issued (for example "10").

-s $ARG3$

Indication of the processes to be monitored (e.g. "Z" for zombie processes).

check_tcp

-H $ARG1$

Indication of the IP address to which the TCP connection is to be checked (for example localhost). "localhost").

-p $ARG2$

Indication of the port to be checked (for example "25").

check_telnet

-H $ARG1$

Indication of the IP address to which the Telnet connection is to be checked (for example "localhost").

-P $ARG2$

Indication of the port to be checked (for example "25").

-M $ARG3$

Indication of the banner string to be checked (for example "ESMTP").

Table: Plugins with variable parameters

 

The plugins which continue to be integrated may also be used if the option Allow remote command arguments is deactivated. These are then to be used without parameters.

 

Command

Specification Parameters

Description

check_disk_tmp_static

-w 10%

See table

Plugins with variable parameters

Command

check_disk

-c 5%

-p /tmp

check_disk_db_static

-w 25%

-c 10%

-p /var/ldap.ENCRYPTED

check_disk_log_static

-w 25%

-c 10%

-p /var/log

check_disk_mq_static

-w 40%

-c 10%

-p /var/mailqueue

check_mailq_static

-w 100

See table

Plugins with variable parameters

Command

check_mailq

-c 250

-M postfix

check_telnet_static

-H localhost

See table

Plugins with variable parameters

Command

check_telnet

-P 25

-M ESMTP

check_zombie_procs_static

-w 5

See table

Plugins with variable parameters

Command

check_procs

-c 10

-s Z

check_load_static

-w 5,10,15

See table

Plugins with variable parameters

Command

check_load

-c 20,25,30

Table: Plugins with static parameters

 

 

anchor link Zabbix Agent (optional)

(new in 13.0.0)

 

In this section, the configuration of the Zabbix agent is carried out, which is responsible for monitoring the SEPPmail Secure E-Mail Gateway via the Zabbix Monitoring Tool.

 

Parameters

Description

anchor link CheckBoxInactive Enable zabbix Remote Plugin Executor

By default, this option is inactive.

Activates the Zabbix Agent. With this, the basic default options of Zabbix (see also https://www.zabbix.com) are available.

Further options can be defined under Options.

anchor link Listen address

Input of the IP Addresses of the interface on which the agent is to accept requests from the Zabbix monitoring tool.

Multiple entry of IP addresses is possible, so that both IPv4 and IPv6 addresses can be used in parallel. As separator, use a comma ",".

anchor link Listen port (above 10024, default is 10050)

Input of the IP port on which the agent is to accept requests from the Zabbix monitoring tool on the Listen address set above.

anchor link Hosts/networks

Input of the IP address(es), or IP network(s) in CIDR notation, from which the SEPPmail Secure E-Mail Gateway is to accept requests from Zabbix.

anchor link Options

By default, additional options for monitoring the postfix are already predefined:

UserParameter=postfix.holdtotal,sudo /usr/local/sepp/scripts/zbx_qshape.pl hold T

UserParameter=postfix.hold5,sudo /usr/local/sepp/scripts/zbx_qshape.pl hold 5

UserParameter=postfix.hold10,sudo /usr/local/sepp/scripts/zbx_qshape.pl hold 10

UserParameter=postfix.hold20,sudo /usr/local/sepp/scripts/zbx_qshape.pl hold 20

UserParameter=postfix.deferredtotal,sudo /usr/local/sepp/scripts/zbx_qshape.pl deferred T

UserParameter=postfix.deferred5,sudo /usr/local/sepp/scripts/zbx_qshape.pl deferred 5

UserParameter=postfix.deferred10,sudo /usr/local/sepp/scripts/zbx_qshape.pl deferred 10

UserParameter=postfix.deferred20,sudo /usr/local/sepp/scripts/zbx_qshape.pl deferred 20

UserParameter=postfix.activetotal,sudo /usr/local/sepp/scripts/zbx_qshape.pl active T

UserParameter=postfix.active5,sudo /usr/local/sepp/scripts/zbx_qshape.pl active 5

UserParameter=postfix.active10,sudo /usr/local/sepp/scripts/zbx_qshape.pl active 10

UserParameter=postfix.active20,sudo /usr/local/sepp/scripts/zbx_qshape.pl active 2

 

These can be extended, if necessary.

If the options are to remain empty, a blank " " is to be entered.

If the input field remains empty, the default values are restored.

 

The changes made are saved via the Save button.

 

 

anchor link Virtualisation tools (Detected Environment: <Virtualiser>) (optional)

(changed in 13.0.0)

 

This section is only available on virtual appliances.

The respective options are active depending on the virtualisation host used (see note in the section name). All other options are greyed out.

 

Parameters

Description

anchor link VMware Virtual Platform

 

 

anchor link CheckBoxActive Enable VMware tools (restart to activate setting)

By default, this option is active.

An OS kernel with integrated VMware tools is used. These tools may cause problems in a few constellations under ESX as well as with some backup tools which use "quiescing". For this reason, they can be deactivated.

Any change made here will only become active once the SEPPmail Secure E-Mail Gateway has been restarted.

anchor link Microsoft Azure

 

anchor link CheckBoxInactive Enable Microsoft Azure guest agent

By default, this option is inactive.

Activates the Microsoft Azure Linux Agent. The monitoring functions of the Azure Fabric Controller are thus also available.

It is not possible to make any settings in this way.

 

empty

Attention:

Activating this option can lead to a Temporary High Utilisation Of The Database Partition.

anchor link CheckBoxInactive Fetch network information for the first interface from DHCP on every startup

(removed in 13.0.4)

No longer necessary, the normal DHCP-based network settings are used.

 

 

anchor link Qemu and Nutanix

 

Disable vioscsi driver (Check if startup hangs on vioscsi, change disk controller to IDE first)

By default, this option is inactive.

If start problems happen with "vioscsi", proceed as follows: in the virtualisation environment, first the network controller setting "vioscsi" needs to be changed to "IDE" and after restart the option needs to be activated.

 

empty

anchor link Note:

The support of Xen tools is provided by default.

 

The changes made are saved via the Save button.

 

 

If several sections have been edited, via the button Save and apply all all can be saved globally.

 
  

Keyboard Navigation

F7 for caret browsing
Hold ALT and press letter

This Info: ALT+q
Topic Header: ALT+t
Topic Body: ALT+b
Contents: ALT+c
Search: ALT+s
Exit Menu/Up: ESC