In my recent posts, I’ve shared some configurations and thoughts on Zentyal 7.0 as an email server, and also mentioned the arrival of Zentyal 8. Since then, I’ve deployed several Zentyal-based mail servers — and realized there are still a few tweaks I’ve applied but never documented. So here they are.
1. Separate mail.log from syslog
By default, Zentyal writes mail logs both to /var/log/mail.log and the system’s main syslog. This duplication can put unnecessary strain on both disk I/O and system load. It took me a while to notice, but excluding mail.log from the syslog is definitely the better approach.
2. Unified Certificate for Dovecot and SOGo
Managing certificates can be messy, but you can simplify it by ensuring both Dovecot and the SOGo web interface use the same certificate/key pair. This is best done by adjusting the relevant stubs to point to the correct files. Copy the relevant stubs to /etc/zentyal/stubs/ directory, and edit thm. While a simple restart is enough for the web server, for mail services, it’s better to restart via the Zentyal shell using:
zs mail restart
3. Tuning SOGo’s Prefork Workers
SOGo is a core part of Zentyal’s groupware experience, and out-of-the-box it may be a bit underpowered. Even though I only made minimal tweaks, increasing the PREFORK value in /etc/zentyal/sogo.conf made a big difference. Zentyal copies this setting into /etc/default/sogo, so you only need to change it in one place. I bumped it to 50, after noticing sporadic unavailability of the webmail interface.
4. Clean Up the Default Web Root
While /SOGo properly brings up the webmail interface, accessing the root of your web server typically shows the default system HTML page — which isn’t exactly professional. Instead of redirecting to webmail, consider serving an empty or minimal placeholder page at /. Users who need the webmail will know how to find it.
I could also dive into proper TLS versions, cipher suite hardening, and recommended tools to audit these — but that’s a topic for another post.
+1. Manual Forwarding with sogo.sieve
Email forwarding can be crucial — sometimes even business-critical. While users can set up basic forwarding rules through the SOGo web interface, there are cases where you need more flexibility or want to apply rules programmatically.
In that case, it’s good to know where Zentyal stores these settings. You’ll find the user’s Maildir under:
var/vmail/yourdomain.tld/username/At this level, there’s a file named sogo.sieve and a symlink pointing to it called sieve-script. You can directly edit sogo.sieve to create advanced forwarding rules or filtering logic.
⚠️ Important: Changes made here won’t be reflected back in the SOGo web interface — so if the user modifies their mail settings in the webmail afterward, your edits may be overwritten.
