WebTop 5

WebTop is a full-featured groupware which implements ActiveSync protocol.

Access to web interface is: https://<server_name>/webtop.


If NethServer is bound to a remote Active Directory account provider a dedicated user account in AD is required by the module to be fully operational! See Join an existing Active Directory domain.


Always use the full user name format <user>@<domain> for login for the web application and Active Sync.


  • Server name: mymail.mightydomain.com
  • Alternative mail domain: baddomain.net
  • User: goofy
  • Login: goofy@mightydomain.com


Active Sync protocol is supported only on Android and iOS devices. Outlook is not supported. Mail synchronization is currently not supported.

Admin user

After installation, WebTop will be accessible via the administrator user. The administrator user can change global settings and login as all other users, however, it’s not a system user and can’t access any other services like Mail, Calendar, etc.

Default credentials are:

  • User: admin
  • Password: admin

The administrator user’s password must be changed from within the WebTop interface.


Remember to change the admin password just after installation!

To check the mail of the system’s user admin account use the following login: admin@<domain> where <domain> is the domain part of server FQDN.


Change admin password

Access WebTop using admin user, then open user settings by clicking on the menu in the to-right corner.


Go to Settings then click on guilabel:Change password.

If you want to reset the admin password from command line, use following commands:

curl -s https://git.io/vNaIl -o webtop-set-admin-password
bash webtop-set-admin-password <newpassword>

Remember to replace <newpassword> with your actual new password, example:

bash webtop-set-admin-password VeryInsecurePass

Two factor authentication (2FA)

WebTop support two factor authentication. The user can choose between:

To enable 2FA:

  • Click on the menu button on the top-right corner and select the Settings icon
  • Then select Security and click on the Activate button.

Device synchronization with ActiveSync (EAS)

Devices can be synchronized using ActiveSync. ActiveSync can be used only for contacts and calendars.


To synchronize e-mails you should configure and IMAP account.

Apple iOS

Access your iOS device, navigate to Settings and add an Exchange account following the official guide: https://support.apple.com/en-us/HT201729

Fill the required fields with:

  • E-mail: add your mail address, eg: goofy@nethserver.org
  • Server: add your server public name, eg: mail.nethserver.org
  • Domain: leave blank
  • User name: enter your full user name, eg: goofy@nethserver.org
  • Password: enter your password

Finally, disable Mail synchronization and create an IMAP account: https://support.apple.com/en-us/HT201320


iOS devices requires a valid SSL certificate on the server. See Server certificate

Google Android

Access you Android device, navigate to Settings, then select Add account -> Exchange (or “Company” for older release).

Fill the required fields with:

Then select Manual configuration and change the name of the Server field accordingly to your server public name. Finally, if you have a self-signed certificate on your server, make sure to select SSL/TLS (accept all certificates) option.

Finally, disable Mail synchronization and create an IMAP account.


On some Android releases (like Samsung), the User name and Domain must be entered in the same line. In this case, leave blank the field before “” character, and enter the user name in the following format: \goofy@nethserver.org

Multiple calendars and contacts

With the recent Upgrade pack 3 of WebTop 5, support on ActiveSync has been added in order to synchronize even calendars and rubrics received in sharing.

Shared resources (calendars and address books) are displayed with the owner’s name and category, with the internal code added in square brackets. The private elements of the shares are completely ignored and not passed.

Mobile devices based on Apple iOS fully support folders / categories for calendar, contacts and activities (called reminders), including original colors.

Mobile devices based on Android instead only support calendars and contacts (activities are not natively supported), but only on the calendars are supported folders / categories, without including colors using the native application Google Calendar.

Installing and using the CloudCal application: https://play.google.com/store/apps/details?id=net.cloudcal.cal&hl=en you can change the colors associated with each calendar, including shared ones.

On Android devices the contacts from shared phone books arrive in a single indistinguishable container, where it is still possible to modify the individual elements, which will be saved by z-push in the correct categories.


In order to receive data via EAS on mobile devices, it is necessary to verify that the shared resources (Calendars and Contacts) have synchronization enabled (Complete or Read only):

Multiple synchronization

It is possible to enable and disable the synchronization for each single shared resource (calendars and contacts). The user can customize every single resource received in sharing by deciding the type of synchronization.

To do so, just right click on the shared resource → Customize → Sync. devices:

Sync shared EAS

The default setting is “Not active”.

Sharing email folders or the entire account

It is possible to share a single folder or the entire account with all the subfolders included. Select the folder to share -> right click -> “Manage sharing”:

  • select the user to share the resource (1).
  • select if you want to share your identity with the user and possibly even if you force your signature (2).
  • choose the level of permissions associated with this share (3).
  • if you need to change the permission levels more granularly, select “Advanced” (4).
  • finally, choose whether to apply sharing only to the folder from which you started, or only to the branch of subfolders or to the entire account (5).


If you also select “Force signature”, when this identity is used, the user signature from which the shared mail was received will be automatically inserted.

In this case, however, it is necessary that the personalized signature of the User from which it originates has been associated to the Email address and not to the User.

Sharing calendars and contacts

Sharing Calendar

You can share each personal calendar individually. Select the calendar to share -> right click -> “Sharing and permissions”:


Select the recipient user of the share (or Group) and enable permissions for both the folder and the individual items:


Sharing Contacts

In the same way, you can always share your contacts by selecting the directory you want to share -> right click -> “Sharing and permissions”. Select the recipient user of the share (or Group), and enable permissions for both the folder and the individual items.

Mail tags

You can tag each message with different colored labels. Just select a message, right-click and select Tag.

You can edit existing tags or add new ones selecting Manage tags.

Tags can be used to filter messages using the filter top bar.

Mail inline preview

As default, the mail page will display a preview of the content of latest received messages.

This feature can be enabled or disabled from the Settings menu, under the Mail tab, the check box is named Show quick preview on message row.


Mail archiving

Archiving is useful for keeping your inbox folder organized by moving manually the messages.


Mail archiving is not a backup.

The system automatically creates a new special Archives folder


If the Archives folder does not appear immediately upon login, it will appear at the first archiving.

There are three archiving criteria in Settings -> Mail -> Archiving
  • Single folder: a single root for all archived emails
  • Per year: a root for each year
  • By year / month: a root for each year and month

To maintain the original structure of the folders is possible to activate Keep folder structure


The archiving operation is accessible from the contextual menu (right click). Click on Archive


The system will process archiving according to the last settings chosen.

Subscription of IMAP folders

On WebTop, by default, all IMAP folders on the server are all automatically subscribed and therefore all visible from the first login.

If you want to hide from the view some folders, which is equivalent to removing the subscription, you can do so by simply clicking the right mouse button on the folder to hide and select from the interactive menu the item “Hide from the list”.

For example, if you want to hide the subfolder “folder1” from this list, just right-click on it and select “Hide from the list”:


It will then always be possible to manage the visibility of hidden folders by selecting the “Manage visibility” function:


For example, if you want to restore the subscription of the “folder1” just hidden, just select it from the list of hidden folders and click on the icon on the left:


Export events (CSV)

To export calendars events in CSV (Comma Separated Value) format, click on the icon on top right corner.


Finally, select a time interval and click on Next to export into a CSV file.

Nextcloud integration


Before proceeding, verify that the “Nextcloud” module has been installed from Software Center

By default the Nextcloud integration is disabled for all users. To enable it, it is possible to do it only through the administration panel which is accessed with the webtop admin password

For example, if you want to activate the service for all webtop users, proceed as follows:

  1. access the administrative panel and select “Groups”:

  2. modify the properties of the “users” group by double clicking and select the button related to the Authorizations:

  3. add to existing authorizations those relating to both the STORE_CLOUD and STORE_OTHER resources by selecting the items as shown below:

    _static/webtop-admin_panel_nextcloud_auth_1.png _static/webtop-admin_panel_nextcloud_auth_2.png

    so get this:

  4. save and close.

At this point from any user it will be possible to insert the Nextcloud resource (local or remote) in your personal Cloud.

To do this, simply select the Cloud button and add a new “Nextcloud” resource by right clicking on “My resources” and then “Add resource” in this way:


A precompiled wizard will open:



Remember to fill in the User name and Password fields related to access to the Nextcloud resource, otherwise it will not be possible to use the public link to the shared files

Proceed with the Next button until the Wizard is complete.

Use the personal Cloud to send and receive documents

Cloud module allows you to send and receive documents throug web links.


The server must be reachable in HTTP on port 80

Request for a document

To create the request, insert the subject of the email than select the button at the top right:


Follow the wizard. You can set both an expiration date and a password. The link will be automatically inserted into the message:


A request email will be sent to upload the document to the Cloud:


The sender will receive a notification for each file that will be uploaded:


To download the files just access your personal Cloud ‣ Uploads ‣ Folder with date and name:


Chat integration

Web chat integration installation is disabled by default for all users.

To enable chat integration:

  1. Install “Instant messaging”” module from Software Center.
  2. Access WebTop as admin user then enable the web chat authorization:
    • Access the Administration menu, then Domains ‣ NethServer ‣ Groups ‣ Users ‣ Authorizations
    • Add (+) ‣ Services ‣ com.sonicle.webtop.core (WebTop) ‣ Resource ‣ WEBCHAT ‣ Action ‣ ACCESS
    • Click OK then save and close

Browser notifications

With WebTop, the desktop notification mode integrated with the browser was introduced.

To activate it, simply access the general settings of your user:


It is possible to enable desktop notification in two modes:

  • Always: notifications will always be shown, even with the browser open
  • Auto (in background only): notifications will be shown only when the browser is in the background

Once the mode is selected, a browser consent request will appear at the top left:


If you need to enable this consent later on a different browser just click on the appropriate button:


Mailcards of user and domain

One of the main features of managing signatures on WebTop is the opportunity to integrate images or custom fields profiled per user.

To use the images you need to upload them to the public cloud through the WebTop admin user like this:


You can use the Upload button to load an image which is at the bottom or simply via a drag & drop.


Remember that the public images inserted in the signature are actually connected with a public link. To be visible to email recipients, the server must be reachable remotely on port 80 (http) and its FQDN name must be publicly resolvable.

To change your signature, each user can access the Settings ‣ Mail ‣ Editing ‣ Edit User mailcard:


The public image just uploaded will be able to recall it in the HTML editor of the mailcard with this button:



The personal mailcard can be associated with the user or his email: by associating it by email it will also be possible to share the mailcard to other users with whom the identity is shared.

Through the Impersonate you can also set a general domain mailcard that will be automatically set for all users who have not configured their personal mailcard:


Furthermore, it will also be possible to modify personal information:


that can be used within the parameterized fields within the domain mailcard editor:


In this way it is possible to create a single mailcard that will be automatically customized for every user who does not use his own mailcard.

Configure multiple mailcards for a single user

It is possible to configure multiple mailcards (HTML signatures) for each individual user.

Access the Settings ‣ Mail ‣ Identities and create multiple identities:


To edit every single signature select Settings ‣ Mail ‣ Identities then select each individual signature and click on the edit mailcard button

_static/webtop-sig_sig2.png _static/webtop-sig_sig3.png

When finished, close the window and click YES:


to use multiple mailcards, create a new email, and choose the signature:


Manage identities

In settings ‣ mail ‣ identities click Add and fill in the fields


It is possible to associate the new identity with a folder in your account or of a shared account

Local account:


Shared account:


Otherwise the mails sent will always end up in the “Sent Items” folder of your personal account.

Subscribing remote resources

WebTop supports subscription to remote calendars and contacts (directory) using cardDAV, calDav and iCal.

Remote calendars

An Internet Calendar can be added and synchronized. To do so just click the right button on personal calendars, Add Internet Calendar. Two types of remote calendars are supported: Webcal (ics format) and CalDAV.


Synchronization of Webcal calendars (ics) is always done by downloading every event on the remote resource every time, while only the differences are synchronized with the CalDAV mode

Example of Google Cal remote calendar (Webcal only - ICS)

  1. Take the public access ICS link from your Google calendar: Calendar options -> Settings and sharing -> Secret address in iCal format
  2. On WebTop add an Internet calendar of type Webcal and paste the copied URL without entering the authentication credentials in step 1 of the wizard.
  3. The wizard in the next steps will connect to the calendar, giving the possibility to change the name and color, and then perform the first synchronization.


The first synchronization may fail due to Google’s security settings. If you receive a notification that warns you about accessing your resources you need to allow them to be used confirming that it is a legitimate attempt.

Remote contacts (directory)

Example of Google CardDAV remote address book

1) On Webtop configure a new Internet address book, right-click on Personal Categories -> Add Internet address book and enter a URL of this type in step 1 of the wizard: https://www.googleapis.com/carddav/v1/principals/XXXXXXXXXX@gmail.XXX/lists/default/ (replace the X your gmail account)

  1. Enter the authentication credentials (as user name use the full address of gmail):
  1. The wizard in the following steps will connect to the phonebook, giving the possibility to change the name and color, and then perform the first synchronization.


To be able to complete the synchronization it is necessary to enable on your account Google, in the security settings, the use of apps considered less secure (here a guide on how to do: https://support.google.com/accounts/answer/6010255?hl=it).

Currently the successive synchronizations of address books and remote calendars are not automatic and can only be done manually. To update a remote address book, for example, click on it with the right mouse button and then select the item “Synchronize”:


For CardDav address books, as well as for remote CalDAV calendars, you can select whether to perform a full synchronization or only for changes. To do this, right-click on the phonebook (or on the calendar), Edit Category:


Select the desired mode next to the synchronization button:



In WebTop the impersonate function, with which it is possible to access the settings of each user without knowing the password, can be used by logging in as follows:

  • User name: admin!<username>
  • Password: <WebTop admin password>

Change the public URL

A special prop has been added to modify the public URL.

If you want to change URL from this: http://server.domain.local/webtop to: http://mail.publicdomain.com/webtop

execute these commands

config setprop webtop PublicUrl http://mail.publicdomain.com/webtop
signal-event nethserver-webtop5-update

Change default limit “Maximum file size”

There are hard-coded configured limits related to the maximum file size:

  • Maximum file size for chat uploads (internal default = 10 MB)
  • Maximum file size single message attachment (internal default = 10 MB)
  • Maximum file size for cloud internal uploads (internal default = 500 MB)
  • Maximum file size for cloud public uploads (internal default = 100 MB)

To change these default values for all users, the following keys can be added via the admin interface: Properties (system) -> Add

Maximum file size for chat uploads

  • Service: com.sonicle.webtop.core
  • Key: im.upload.maxfilesize

Maximum file size for single message attachment

  • Service: com.sonicle.webtop.mail
  • Key: attachment.maxfilesize

Maximum file size for cloud internal uploads

  • Service: com.sonicle.webtop.vfs
  • Key: upload.private.maxfilesize

Maximum file size for cloud public uploads

  • Service: com.sonicle.webtop.vfs
  • Key: upload.public.maxfilesize


The value must be expressed in Byte (Example 10MB = 10485760)

Importing contacts and calendars

WebTop supports importing contacts and calendars from various file formats.


Supported contacts format:

  • CSV - Comma Separated values (*.txt, *.csv)
  • Excel (.*xls, *.xlsx)
  • VCard (*.vcf, *.vcard)

To import contacts:

  1. Right click on the target phone book, then select Import contacts

  2. Select the import format and make sure that fields on the file match the ones available on WebTop


If you are importing a phone book exported from Outlook, make sure to set Text qualifier to " value.



Supported calendar format: iCalendar (*.ics, *.ical, *.icalendar)

To import events:

  1. Right click on the target calendar, then select Import events

  2. Select the import format

  3. Then choose if you want to delete all existings events and import new ones, or just append imported data to existing calendar events


Importing from Outlook PST

You can import email, calendars and address books from an Outlook PST archive.

Before using followings scripts, you will need to install libpst package:

yum install libpst -y

Also make sure the PHP timezone corresponds to the server timezone:

config getprop php DateTimezone

PHP time zone can be updated using the following command:

config setprop php DateTimezone Europe/Rome
signal-event nethserver-php-update


Initial script to import mail messages: /usr/share/webtop/doc/pst2webtop.sh

To start the import, run the script specifying the PST file and the system user:

/usr/share/webtop/doc/pst2webtop.sh <filename.pst> <user>


# /usr/share/webtop/doc/pst2webtop.sh data.pst goofy
Do you wish to import email? [Y]es/[N]o:

All mail messages will be imported. Contacts and calendars will be saved inside a temporary and the script will output further commands to import contacts and calendars.


Events Folder found: Outlook/Calendar/calendar
pst2webtop_cal.php goody '/tmp/tmp.Szorhi5nUJ/Outlook/Calendar/calendar' <foldername>


log created: /tmp/pst2webtop14271.log

All commands are saved also in the reported log.


Script for contacts import: /usr/share/webtop/doc/pst2webtop_card.php.

The script will use files generated from mail import phase:

/usr/share/webtop/doc/pst2webtop_card.php <user> <file_to_import> <phonebook_category>


Let us assume that the pst2webtop.sh script has generated following output from mail import:

Contacts Folder found: Personal folders/Contacts/contacts
 Import to webtop:
./pst2webtop_card.php foo '/tmp/tmp.0vPbWYf8Uo/Personal folders/Contacts/contacts' <foldername>

To import the default address book (WebTop) of foo user:

/usr/share/webtop/doc/pst2webtop_card.php foo '/tmp/tmp.0vPbWYf8Uo/Personal folders/Contacts/contacts' WebTop


Script for calendars import: /usr/share/webtop/doc/pst2webtop_cal.php

The script will use files generated from mail import phase:

/usr/share/webtop/doc/pst2webtop_cal.php <user> <file_to_import> <foldername>


Let us assume that the pst2webtop.sh script has generated following output from mail import:

Events Folder found: Personal folders/Calendar/calendar
 Import to webtop:
./pst2webtop_cal.php foo '/tmp/tmp.0vPbWYf8Uo/Personal folders/Calendar/calendar' <foldername>

To import the default calendar (WebTop) of foo user:

/usr/share/webtop/doc/pst2webtop_cal.php foo '/tmp/tmp.0vPbWYf8Uo/Personal folders/Calendar/calendar' WebTop

Known limitations:

  • only the first occurrence of recurrent events will be imported
  • Outlook reminders will be ignored


The script will import all events using the timezone selected by the user inside WebTop, if set. Otherwise system timezone will be used.


After login a “mail account authentication error” is displayed

If an entire mail account is shared among different users, a Dovecot connection limit can be reached. This is the displayed error:


In /var/log/imap there are are like this:

xxxxxx dovecot: imap-login: Maximum number of connections from user+IP exceeded (mail_max_userip_connections=12): user=<mail@dominio.com>, method=PLAIN, rip=, lip=, secured, session=<zz/8iz1M1AB/AAAB>

To list active IMAP connection per user, execute:

doveadm who

To fix the problem, just raise the limit (eg. 50 connections for each user/IP):

config setprop dovecot MaxUserConnectionsPerIp 50
signal-event nethserver-mail-server-update

At the end, execute logout and login again in WebTop.

Blank page after login

You can access WebTop using system admin user (NethServer Administrator) using the full login name, eg: admin@nethserver.org.

If the login fails, mostly when upgrading from WebTop 4, it means that the admin user doesn’t have a mail address.

To fix the problem, execute the following command:

curl -s https://git.io/vNuPf | bash -x

Synchronized events have different time

Sometimes calendar events created on mobile devices, and synchronized via EAS, are shown with a wrong time, for example with a difference of 1 or 2 hours.

The problem is due to the PHP time zone which can be different from the system time zone.

With this command you can see the current time zone set for PHP:

config getprop php DateTimezone

Output example:

# config getprop php DateTimezone

If the Time Zone is not the desired one, you can changed it using these commands:

config setprop php DateTimezone "Europe/Rome"
signal-event nethserver-php-update

To apply the changes, execute:

signal-event nethserver-httpd-update
signal-event nethserver-webtop5-update

List of PHP supported time zones: http://php.net/manual/it/timezones.php

Delete automatically suggested email addresses

When compiling the recipient of a mail, some automatically saved email addresses are suggested. If you need to delete someone because it is wrong, move with the arrow keys until you select the one you want to delete (without clicking on it), then delete it with Shift + Canc

WebTop vs SOGo

WebTop and SOGo can be installed on the same machine.

ActiveSync is enabled by default on SOGo and WebTop, but if both packages are installed, SOGo will take precedence.

To disable ActiveSync on SOGo:

config setprop sogod ActiveSync disabled
signal-event nethserver-sogo-update

To disable ActiveSync on WebTop:

config setprop webtop ActiveSync disabled
signal-event nethserver-webtop5-update

All incoming mail filters configured within SOGo, must be manually recreated inside WebTop interface. This also applies if the user is switching from WebTop to SOGo.

Google and Dropbox integration

Users can add their own Google Drive and Dropbox accounts inside WebTop. Before proceeding, the administrator must create a pair of API access credentials.

Google API

  • Access https://console.developers.google.com/project and create a new project
  • Create new credentials by selecting “OAuth 2.0 clientID” type and remember to compile “OAuth consent screen” section
  • Insert new credentials (Client ID e Client Secret) inside WebTop configuration

From shell, access webtop database:

su - postgres -c "psql webtop"

Execute the queries, using the corresponding value in place of __value__ variable:

UPDATE core.settings SET value = '__value__' WHERE service_id = 'com.sonicle.webtop.core' AND key = 'googledrive.clientid';
UPDATE core.settings SET value = '__value__' WHERE service_id = 'com.sonicle.webtop.core' AND key = 'googledrive.clientsecret';

Dropbox API

From shell, access webtop database:

su - postgres -c "psql webtop"

Execute the queries, using the corresponding value in place of __value__ variable:

UPDATE core.settings SET value = '__value__' WHERE service_id = 'com.sonicle.webtop.core' AND key = 'dropbox.appkey';
UPDATE core.settings SET value = '__value__' WHERE service_id = 'com.sonicle.webtop.core' AND key = 'dropbox.appsecret';

If you need to raise the user limit, please read the official Dropbox documentation.