The Best Open Source Email & Collaboration Software

Deutsch Deutsch down

Frequently Asked Questions

Using the zarafa-admin tool you can modify user information.

Log on to the Zarafa server using PuTTY (or another SSH client) or directly with a console and give the following command:

zarafa-admin -u <username>
[-U <new username>]
[-p <new password>]

The settings between [ ] are optional and can be used to modify the following properties:

-U <new username>

Modify a users username.

-p <new password>

Modify a users password.

-e <e-mail>

Modify a users primary email address.

-f <full name>

Modify a users full name.

-a <0|1>

With this option you can set whether a user is an administrator. 0 disables admin rights, 1 enables admin rights.


Hints and tips

If you don’t know the exact username in Zarafa, you can view all users by giving the following command:

zarafa-admin –l

The Zarafa server use by default port 236. To use an encrypted connection you need to enable port 237 and create ssl certificates.

The webaccess runs on the a default Apache webserver, so port 80 or 443.

When SELinux is enabled, this is blocking your connection from the webserver to the Zarafa server.

You may solve this by allowing Apache to make network connections:

setsebool httpd_can_network_connect=1

or by disabling SELinux altogether:

setenforce permissive

When you choose to disable SELinux, you will also want to edit /etc/sysconfig/selinux to disable it for reboots too.


Hints en Tips

More information about Selinux can be found here:

A update from Debian GNU/Linux 4.0r3 "Etch" and Ubuntu 8.04 will remove Zarafa, by upgrading libvmime0

Calculating upgrade... Done
The following packages will be REMOVED:
zarafa zarafa-webaccess
The following NEW packages will be installed:
The following packages will be upgraded:
1 upgraded, 1 newly installed, 2 to remove and 0 not upgraded.
Need to get 944kB of archives.
After unpacking 16.2MB disk space will be freed.
Do you want to continue [Y/n]?


Since the libvmime API of 0.7 and 0.8 is completely different, we indeed hold the upgrade from Debian Etch back.

However, this is not an issue, since no other package in Debian depends on 0.8. You can set the libvmime0 package on hold with the command

echo libvmime0 hold | dpkg --set-selections

There are three different user plug-ins for Zarafa; the UNIX, the LDAP and the internal DB plug-in:

* The UNIX plug-in uses information from /etc/passwd, /etc/group and /etc/shadow. This means that only the Linux users can get access to Zarafa. By setting a uid range of wich users are added to Zarafa. In the same way you can add groups to Zarafa. Users with a special shell (default /bin/false) will be added as non-active user. With the Unix plug-in is it necessary to add additional information like email address, admin option and user quota settings in the database. This information needs to be added to the database with the Zarafa-admin tool. The uid would be stored in the data to make a link between the Linux users and the information in the database.

* The LDAP plug-in uses information from a LDAP or ADS server. All information about users, groups and membership can be retrieved from the LDAP or ADS server. The managing of the users and groups has to be done in LDAP or ADS. Only the uid would be stored in the Zarafa database, other data would receive from LDAP or ADS.

* The DB plug-in would be installed by default and need no more configuration. All user information would store in the database. The managing has to be done with the zarafa-admin tool.

Sending a file of 2Mb or larger using the Webaccess is not possible by default. This is caused by a limitation in PHP, which is the language used to build the Webaccess. The limit of PHP can be enlarged, but this should be done in the PHP configuration file.

When you want to send an email with an attachment larger than 8 MB, you can still use Outlook which doesn't have this limitation.

The value which needs to be changed in the php.ini file is: 'max_upload_filesize'.

max_upload_filesize = 16M

Technically this is possible, but you always need to have a commercial Zarafa package for Outlook support. These packages are only available for the default supported distributions.

Zarafa has been developed purely for Linux. However, if you are a developer, you may help us by providing the probably small but necessary changes to Zarafa, so it will run on your platform.

No, the Zarafa 6.0x and 6.1x clients are forward compatible with the new 6.20 version. However, you will still need a license.

When a new user is added to the server, the standard folders are created in the language of the server. When you want to change the standard folders for a user to a different language, you have to change the /etc/zarafa/userscript/createuser script. This has to be done before the user is created in the Zarafa database.
If you want to change the standard folders to, for example, Dutch (nl_NL) you can add the following line to the createuser script:

export LC_MESSAGE=nl_NL.utf8

or replace ‘zarafa-admin --create-store "${ZARAFA_USER}"’ with:

zarafa-admin --lang nl_NL.utf8 --create-store "${ZARAFA_USER}"

When you are using Debian, you have to install the locales before you change the createuser file:

dpkg-reconfigure locales

When the standard folders of an existing user are in the wrong language, they can be changed with Outlook (XP/2003 or higher) to the correct language. It is important that the language of Outlook is the same as the language that you want for your standard folders.

* Close Outlook
* Click on Start > Run
* Type here: Outlook.exe /resetfoldernames

Outlook will start with the standard folders in the same language as Outlook. From now on the standard folders will be in this language.

To upgrade a single company to a multicompany environment where all existing users are placed into the same company, the following actions must be taken:

Make a backup of the Zarafa database. Enable multicompany in the Zarafa configuration files. Restart the Zarafa server. Create a new company, using LDAP or the zarafa-admin tool.
Use zarafa-admin --list-companies to make sure the new company is visible in the new environment. Stop the Zarafa server.

Note: The following 3 queries are only needed when the server has version 6.1x or 6.2x.

Execute the following SQL queries in the Zarafa database:

UPDATE users SET company = (SELECT id FROM users WHERE object_type=4)
WHERE (object_type = 1 OR object_type = 2 OR object_type = 5) AND id > 2;

UPDATE stores SET company = (SELECT id FROM users WHERE object_type=4)
WHERE user_id > 2;

UPDATE stores SET user_id = (SELECT id FROM users WHERE object_type=4) ,
user_name = (SELECT externid FROM users WHERE object_type=4) WHERE user_id = 1;

Note: The following query needs to be executed for every multicompany version (6.1x and up).
When using the DB plugin, the following query is also required:

SELECT p.value FROM object AS o JOIN objectproperty AS p ON
WHERE o.objecttype = 4 AND p.propname='companyname'

INSERT INTO objectproperty (objectid, propname, `value`) SELECT id,
'companyid', (SELECT p.value FROM object AS o JOIN objectproperty AS p ON WHERE o.objecttype = 4 AND p.propname='companyname') FROM
object WHERE objecttype != 4;

After this the Zarafa server can be started again, and the users should be, once again, visible with:

'zarafa-admin -l'

I am using Active Directory for user information for Zarafa. With the commando ‘zarafa-admin –l’ can I retrieve a list with Zarafa users, however it is not possible for (certain) users to log in into the webaccess or Outlook, what is wrong?

In Active Directory it is possible to set, for every user on which computer he/she may login. For verification of the username and password of a user, a computer will bind to the Active Directory. When the name or ip-address is not in the list of computers, the username and password is not verified by the Active Directory. The same would happen when the name or ip-address of the Zarafa server is not available in the list of computers, so the user cannot login to Zarafa.

For checking/changing this, you can take the following steps:

  • Open the active directory users and groups configuration window.
  • Open the settings of a user, by double clicking on the username.
  • Go to the tab ‘Account’ and click on the ‘Log On To’ button.
  • Add the name or ip-address of the Zarafa server by ‘computer name’ if the option ‘the following computers’ is selected. When ‘All computers’ is selected, it should be possible for this user to login on all the computers in the network, including the Zarafa server.

To integrate Zarafa with an Active Directory server, you need to specify the LDAP search queries in the ldap.cfg file. From these search queries, Zarafa can locate the users and groups in the ADS.

To ensure the LDAP search queries are as fast as possible, we advise you to specify a subfolder in the LDAP structure, where all users are located. By specifying the subfolder in the ADS, the LDAP search does not need to search the complete tree.

By default, Zarafa generates an Outlook store for every found user in the LDAP tree. When users in the ADS do not use Zarafa, you should put them in a separate folder in the ADS, where Zarafa does not search for users.

To specify groups for Zarafa, we advise you to create a separate folder in the LDAP tree and create all the Zarafa groups in this folder. By creating a specific folder for groups, not all the Windows system groups are visible in Zarafa.

An example ADS configuration file is found in /usr/share/zarafa/ads.cfg. This file can be used as a template for ADS servers.

Read more about Active Directory integration in the Zarafa LDAP whitepaper.

When the data from LDAP is used for Zarafa, only the value of the unique LDAP attribute is stored in the Zarafa database. When other user data is needed, Zarafa retrieves this from LDAP by searching on the value of the unique LDAP attribute. When a user is removed from LDAP, that value of the unique LDAP attribute will also be removed from LDAP. To make sure that the users which are removed from LDAP will also be removed from Zarafa, Zarafa will look to the existing values of the unique LDAP attribute. When one of those values is removed from LDAP the user will also be removed from Zarafa. When there is a new value, a new user would be created in Zarafa.

When the value of the unique attribute is changed, for Zarafa this means that the user is deleted and a new user is created.  This will result in deleting the ‘old’ store of the user and creating a new store. The old store will move to the Admin folder in the public store.

In the LDAP documentation you can find the solution to change the unique attribute for groups, as well as for users.

The default behavior of Microsoft Windows Server 2003 is to remember old passwords for one hour after a password change.

It is noted by Microsoft that no security weakness is caused by this kind of behavior, as long as only one user knows both passwords.

Existing components that are designed to use Kerberos for authentication are not affected.

Unofficially it is done for replication between 2 or more domain controllers. Standard domain controllers replicate every 15 minutes.

Additional information:

To upgrade from a demo version of Zarafa to an official subscription, you only need to replace the following file in the demo subscription key, with a full subscription number: /etc/zarafa/license/base

The Zarafa base subscription is default located in /etc/zarafa/license/base. When you want to add Client Access subscription to the server, you need to do the following steps:

1. Add a new file in the license directory: touch /etc/zarafa/license/1

2. Register the CAL on the Zarafa Portal

3. Add the CAL numbers to this file: echo 379AS24442 > /etc/zarafa/license/1

When you have more than one CAL, you have to create an extra file with the corresponding serial.

The first three users that connect to the community versions with Outlook can only use Outlook. All other users can only connect via webaccess, imap/pop3 or Z-Push.

Subscription numbers can be converted on the Zarafa Portal. To access the Zarafa Portal you need a login account. On the Zarafa Portal you can also download the Zarafa supported software.

Unfortuantely this is not possible. When you want to use a Zarafa supported edition you have to buy a subscription for all users that are created in your Zarafa system.

This is a provider issue, probably caused by the proxying of the data by the telecom operator.

Many mobiles may show the ‘Bad request from mobile’ error when synchronizing their mobile with a server via z-push. This is not a problem with z-push or the mobile, but is caused by proxy-software run by your telecom operator.

Workaround: Due to the way that SSL works, you can setup your connection to use SSL, and your connection will not be proxied by your telecom operator. Set up your z-push server to accept SSL connections, and set your PDA to use the  SSL-encrypted connection.


Use debconf to configure Exim4 for which domains Exim should consider itself as the final destination. You can do this with the following command:

dpkg-reconfigure plow exim4

Create a file called 700_exim4-config_zarafa in the directory /etc/exim4/conf.d/router. Add the following text in the file:

debug_print = "R: zarafa for $local_part@$domain"
driver = accept
domains = +local_domains
transport = zarafa_pipe
require_files = +/usr/bin/zarafa-dagent

Create a file called 30_exim4-config_zarafa_pipe in the directory /etc/exim4/conf.d/transport. Add the following lines to the file:

debug_print = "T: zarafa_pipe for $local_part@$domain"
driver = pipe
path = "/bin:/usr/bin:/usr/local/bin"
command = "/usr/bin/zarafa-dagent $local_part"

Finally you need to add the following line to the file /etc/exim4/update-exim4.conf:


Now start the update-exim4.conf script and reload Exim4 with the following commands:

etc/init.d/exim4 restart 

When you do not have a local MTA configured on the server with Zarafa installed, you need to run the Zarafa-dagent via Fetchmail. In fetchmail configuration file you should at the following option: mda "/usr/sbin/zarafa-dagent username"

See a full example fetchmail configuration below:

    protocol pop3
    no dns
    username john
    password 'password'
    to *
    set postmaster user
    mda "/usr/bin/zarafa-dagent john"

The fetchmail configuration should be made for every user individual.

See here for more information about Fetchmail.

To run both Zarafa and Cyrus on a single machine, please follow these steps:

  • To use Postfix with multiple transport providers you need to use a transport table. Add the following line to the Postfix file:
    zarafa  unix   -      n       n       -       -      
    pipe user=vmail argv=/usr/bin/zarafa-dagent ${user} 
  • Comment the mailbox_command and mailbox_transport in the Postfix Add the following line to the Postfix
    transport_maps = hash:/etc/postfix/transport 
  • In the file /etc/postfix/transport you can add email addresses with the corresponding transport provider. For example:   zarafa      cyrus 
  • After you have made changes to the transport table you need to run the command "postmap /etc/postfix/transport" to create the hash file.

Now all mail for is delivered to Zarafa and the email for is delivered to Cyrus.

It is possible to configure sendmail to use the zarafa-dagent directly. The configuration files for sendmail can usually be found in /etc/mail, The required m4 files can be found in /usr/share/sendmail/cf or /usr/share/sendmail-cf (the exact location is distribution specific). The instructions below assume the m4 files are located in /usr/share/sendmail/cf/, so please make sure the files created below are stored in the for your distribution correct location.

First, the sendmail zarafa mailer needs to be created. To do this, a new file should be created which contains the data below. This file should be saved to /usr/share/sendmail/cf/mailer/zarafa.m4:

#   Mailer for Zarafa

        `define(`ZARAFA_MAILER_ARGS', zarafa-dagent $u)')
###   Zarafa Mailer specification   ###

VERSIONID(`@(#)zarafa.m4        31-Aug-2007')

S=15, R=25, T=X-Phone/X-ZARAFA/X-Unix,


Secondly, the local_zarafa feature needs to be created. This feature will allow the zarafa-dagent to deliver mail from localhost. Save the data below to /usr/share/sendmail/cf/feature/local_zarafa.m4:


VERSIONID(`@(#)zarafa.m4        31-Aug-2007')


        `errprint(`*** FEATURE(local_zarafa) must
occur before MAILER(local)

        ifelse(defn(`_ARG_'), `',

ifelse(len(X`'_ARG2_), `1', `zarafa-dagent $u', _ARG2_))

The last part is enabling the Zarafa dagent in sendmail. To enable the Zarafa dagent delivery from localhost, add the following lines to /etc/mail/


To enable the Zarafa dagent for all other deliveries add the following lines to


After the creation and editing of these files, the configuration needs to be activated. Execute the following command:


This will generate the file and reload sendmail. If the zarafa-spooler was already running, this too needs to be restarted:

/etc/init.d/zarafa-spooler restart

In the postfix configuration file "", add the following rule:

zarafa unix - n n - - pipe 
 flags= user=vmail argv=/usr/bin/procmail -a ${user}

After that, edit the postfix configuration file "" and add the following line:

mailbox_transport = zarafa 

When that is completed, edit the procmail configuration file "/etc/procmailrc" and add the following lines:

:0w* ^X-Spam-Status: Yes 
| zarafa-dagent -j $USER

| zarafa-dagent $USER

After this, restart postfix by issuing the command: 

/etc/init.d/postfix reload 

To adjust the column width, follow these steps:

  • Click Start and click Run.
  • In the Open box, type regedit, and then click OK.
  • In the Registry Editor navigate to the following key:
  • HKEY_CURRENT_USER\Software\Microsoft\Exchange\Client\Options
  • With the Options subkey selected, on the Edit menu, point to New, and then click DWORD Value.
  • For the name, type AddressBookColWidth, and then press ENTER.
  • Double-click AddressBookColWidth, and in the Value data box, type the width you want. You may have to change this setting until you arrive at the number that best suits your needs. A recommended starting point is 79.
  • Click OK to save your entry.

Leave the Registry Editor open and switch to Outlook. Open the Address Book and see if the column width is acceptable.
If not, close the Address Book, leave Outlook running, and switch back to the Registry Editor to adjust the DWORD Value until you arrive at the column width you want.
As you make adjustments all column widths in the Address Book are adjusted. If the value is too large, such as 1025, you may notice some of the right-most columns disappear.

The complete mailbox added to the Folder list can be removed from Outlook. This can be done by navigating in Outlook to: Tools > Email Accounts > Remove or display existing accounts > Next Here, select Zarafa client and click Change.... A new window will be opened. Click the tab Advanced, select the name of the user of which the mailbox should be removed and click the Delete button. When you select OK and Finish you will leave the window and Outlook will be available again.

If after the creation of the user profiles in Outlook the public store is created, this store will not be visible to the users whose Outlook profile have been previously created. Without access to the public store, the freebusy times will not be available either. The same problem can occur when migrating from old pst files, where the same profile is being used with Zarafa. The profile will reuse the old data which do not contain the public store. In order to make the freebusy data available again, new profiles should be created.

The Zarafa Migration Tool performs a migration by opening each user’s store in the data source (exchange.pst or Scalix db), travesing over the MAPI folder structure migrating each message and folder. This means that all data from the data source will be migrated, including mail, attachments, appointments, tasks, contacts etc. The Zarafa Migration Tool will also check if the message/folder already exists at the destination (a Zarafa Server or a .pst file) to avoid duplicates. The tool will not create users on the Zarafa Collaboration Platform, it assumes that the users to which the administrator wants to migrate data to already exist on the Zarafa Server.

More info can be found in the Zarafa Migrator Manual at

Problem: I just updated Zarafa to a new version and now I get reminders that I didn't ask for.

Solution: Outlook has a table for all reminders.This table will be completed during the update with reminder information for all possible calendar items with a reminder. Old reminders will be (re-)activated and are hard to remove.

To remove these old reminders, close Outlook and perform the following steps: Click on Start > Run and enter: outlook.exe /cleanreminders. Then click OK to start Outlook. During start-up, Outlook will clean the reminder table.

If reminders do not work at all after this command, you will need to close Outlook again, and perform the following steps:Click on Start > Run and enter: outlook.exe /resetfolders. Then, click OK to start Outlook. After this step, your reminders should work as expected.

When SELinux is enabled, this is blocking your connection from the webserver to the Zarafa server.

You may solve this by allowing Apache to make network connections:

setsebool httpd_can_network_connect=1

or by disabling SELinux altogether:

setenforce permissive

When you choose to disable SELinux, you will also want to edit /etc/sysconfig/selinux to disable it for reboots too.


Hints en Tips

More information about Selinux can be found here:

Sending a file of 2Mb or larger using the Webaccess is not possible by default. This is caused by a limitation in PHP, which is the language used to build the Webaccess. The limit of PHP can be enlarged, but this should be done in the PHP configuration file.

When you want to send an email with an attachment larger than 8 MB, you can still use Outlook which doesn't have this limitation.

The value which needs to be changed in the php.ini file is: 'max_upload_filesize'.

max_upload_filesize = 16M

Officially we support Mozilla Firefox 3.6 up to the latest version, and Internet Explorer version 6* to 8. We recommend Firefox as it is more secure and performs better.

Although not officially supported most modern browsers are known to simply work with the Zarafa WebAccess. Starting from ZCP-7.0 we plan to add Google Chrome and Apple Safari to the list of officially supported browsers.

*) Our next generation WebAccess, of which a beta will be part of ZCP-7.0.0, will not support IE6.

This happening because the option ‘Allow script to: Disable or replace context menus’ is disabled in FireFox. To enable this option go to:

Tools > Options > Content 

Make sure that 'Enable JavaScript' and click on the button ‘Advanced’ behind ‘Enable JavaScript’. Here is it possible to enable the option ‘Disable or replace context menus’.

The archive stores need to be linked to active users via the Zarafa Archiver individually, this step can be added to the create users script.

Yes a trail application form for a serial is available at the portal site, it initially allows for 25 users for 90 days usage. This can be expanded at request to the product manager/ sales; b. Currently the package is available on the portal only

No, although in practice for real archiving of little use, you can archive to your own server.

A stub is a pointer left in the primairy ZCP server that points to the actual message inside the Zarafa Archiver server. When selected the message in the primairy ZCP store is "de-stubbed", which presents the user with the content that has been retrieved internally form the Zarafa Archiver server. All this without the user having to do anything special.

The stubbed messages are represented by an archive icon to enable quick recognition of these messages.

Yes all attachments are transferred to the archive server as well, and when the Archiver does a complete move or stub action on a message removed from the primary ZCP server

Yes, the current version is ready for normal usage. We intent to add a few utilities extra’s in the solution next month like rights replication for delegate permissions, administrative aids etc. Using customer feedback we will priorities other features.

The Zarafa Archiver-1.0beta solution is available since ZCP 6.40.8 and per release of ZCP 7.0.0.

Feedback is valuable to Zarafa and this requires usage of beta version to interact with end users, in combination with Zarafa ZCP final versions. The Zarafa Archiver solution is in use already at various live ZCP installations large and small.

Yes, this is possible. However when the quota is reached no messages will be archived anymore, so it’s recommended to set no quota on the archive mailboxes.

When no user is available for the archive store, it can be copied to a subfolder of the PublicStore, or can be unhooked and remain a orphaned-store untill it is needed

You can get an Archiver license for as many users as you want, but minimum 20. The amount of Archiver users does not have to be equal to the amount of Zarafa users, but it must be less. So if you have a Zarafa license for 100 users, you can get an Archiver license for anywhere between 20 and 100 users (in multiples of 5).

Yes you can, and it enables the multiserver capability, even though you have a Professional license.

Yes, all archives are initially read-only to the linked user and accessible by opening them as a shared store (or permanently as delegate store).

Yes you can, but in that case, the stubbing feature is not enabled, and you cannot open the archive as delatege store in your own account.

Yes, it is possible to combine more archive stores via the Archiver to 1, or archive an active archive-store to long-term storage.

No, this is not possible, you cannot use an Archiver subscription with a Zarafa Standard edition.

With Zarafa Archiver the archiving is done in steps, where each is optional and configurable in age, and can be skipped or joined with an adjacent step. The steps are 0: no archive, 1: archive-copy, 2: archive-stub, 3: archive-move, 4: archive-purge. The order of these cannot be altered.

Yes, you can search in your own store, the content of any stubbed messages will be included.

You order in the webshop as you would for ZCP licenses, the process is identical, except for the requirement to link a Zarafa Archiver license to a ZCP license.

Yes, in order to have a Zarafa Archiver subscription and to have it supported, a valid and supported ZCP subscription is required.

No, a valid and supported ZCP license is always needed for any Zarafa Archiver license subscription.

Yes, you can have a 1:1 archive setup, a multiuser:1 archive, and even a manyuser:manyarchive construction.

An archive store is a similar mail store as a normal ZCP user has, but is only used to replicate the user store to, and has a structure internally to contain the archive of one or more user stores. This store is located on the Zarafa Archiver server.

The de-stubbing feature, crucial to the transparent and seamless integration with the personal mail store, is only available and supported in licensed Zarafa Archiver installations, in addition to the multiserver feature that is enabled.

Yes, the Zarafa Archiver feature development is by another roadmap then ZCP.

Yes, the archive feature is licensed under the AGPL-v3 license.

Yes it does, that is why Zarafa has increased the allowed inactive user count to 150% of the licensed ZCP users, as opposed to before when this was 50%.

The lowest number of users in a Zarafa Archiver license is 20.

The difference is in the multiserver part, when adding a Zarafa Archiver license to a professional licensed ZCP the multiserver feature is enabled allowing for 1 supported archive server, not a multiserver primary install.

The supported Zarafa Archiver requires ZCP professional edition or Enterprise addition


Jobs at Zarafa

View zarafa tour 2013 video

Zarafa customers