Mail server in Zentyal – Understanding differences between Mail and Groupware modules

Many people get confused when installed Zentyal about the differences between Zentyal Mail and Zentyal Groupware modules.

Zentyal provides mail functionality through Zentyal Mail module. It uses Postfix as the daemon to provide smtp functionality, and Dovecot as the daemon for POP3(s) and IMAP(s) functionalities. Where are mails stored? It stores mail files in /var/vmail/. You can enable which services (POP/IMAP) you want to have enabled in the Zentyal GUI:


Finally, you can use Zentyal Webmail module in order for your users to be able to check email using a browser. Zentyal uses Roundcube for this.

Zentyal Groupware (zarafa)provides as well mail functionality. Zarafa will store mail on its database (Zarafa MySQL database when using Zentyal 3.0),and provides Webaccess as the interface for webmail. So What’s the difference with them?

  • Zarafa provides you an address book with your LDAP users, so they don’t need to include their collegues by hand.
  • Zarafa allows you to use (collaborative) calendar where you can write and share your day-by-day events.
  • And the main one: Zarafa provides you with the possibility of allowing your users to use Exchange accounts for your domain (using the so-called Outlook Connectors) and to use their mobiles for Exchange accounts (using z-push).

So far so easy isn’t it? But many people get confused when configuring these. In order to clarify these, we’ll try to make clearer how Zarafa works, so configuration should be easier.
We’ll take for this a simple environment, with no Mailfilter module involved (as it will be transparent for this), and Zentyal Mail, Webmail, Zentyal Zarafa and Zentyal Webaccess (which is installed when installed zentyal-zarafa module)

For the first step, let’s take an environment with Zentyal Mail with POP3, Secure POP3, IMAP, and IMAPS configured and Zentyal Webmail modules. In this environment we have a single domain, say zentyal-domain.loc, and three users:

  • john@zentyal-domain.loc
  • doe@zentyal-domain.loc
  • foo@zentyal-domain.loc

User john retrieves his mail through a Thunderbird/Outlook client with IMAP  and when he’s abroad, he checks it using it IMAPS on its mobile)

User doe retrieves his mail through POP3, and when he is abroad he checks it using IMAPS on its mobile)

User foo check his mail using webmail.

So, in this state-of-things any user can check his email using any method he might prefer (POP3, POP3S, IMAP, IMAPS or Webmail). But now we install the Zarafa module, and a new user bar@zentyal-domain.loc , and we define this user as a Zarafa user:



So, our user goes straight away to its Thunderbird mail client, and configures it but…gets nothing. We know that the should at least have received the welcome to the company email, so… what might have happened? He also checks webmail… and he finds the same result.

As we had told standard mail stores mail in /var/vmail while Zarafa does in MySQL. When a user is marked as non-Zarafa user its mail is sent to the filesystem, and if it is a Zarafa user mail is sent to MySQL. Now let us have a look to the first screenshot of this article. Yes, we still have enabled POP3, POP3S, IMAP and IMAPS. So meanwhile  we keep this configuration, no client can be used to check a zarafa account (unless using a Exchange account with an Outlook connector) as every method is still reserved for standard mail.  About the webmail, well you might have guessed, you user should point his browser to /webaccess (or /webapp, if webapp has been installed)  in order to check Zarafa mail, as Webmail module only checks standard mail.

So, in order for our user bar to be able to use Thunderbird, we have to disable in mail configuration some service. For our example we’ll leave the secure protocols for mail.


After saving changes, you’ll be able to enable the POP3 and IMAP gateways for Zarafa, and our user will be able to check Zarafa mail using these protocols. Don’t try enabling any gateway without disabling first on mail module config, as it will logically complain, as  the same port cannot be bind by two services:


Deja un comentario