Admin

Admin Dashboard Overview

A tour of the Opterius Mail admin panel dashboard, navigation, and the separation between admin and webmail sessions.

Last updated 2026-04-12
  • Two Independent Login Systems
  • Admin Panel URL Security

    • Admin Dashboard Overview

    The admin dashboard at /admin is the central hub for managing every aspect of your mail server through Opterius Mail. This article explains what the dashboard shows, how to navigate the admin panel, and how the admin session relates to the webmail session.

    Dashboard Widgets

    When you log in at /admin, the dashboard displays a summary of your mail environment at a glance:

    Widget Description
    Total Domains Count of all domains in the mail_domains table.
    Total Accounts Count of all active accounts in mail_accounts.
    2FA Enabled Number of mail accounts that have TOTP two-factor authentication active.
    Recent Syncs Last 5–10 account sync events received from the Panel agent (only shown when Panel integration is active). Each entry shows the action (create/delete/password), the affected address, and the timestamp.
    Mail Queue Depth Current count of messages in the Postfix queue (mailq output). A non-zero value that grows over time may indicate a delivery problem.
    Recent Log Entries Last few lines from /var/log/mail.log, color-coded by status.

    Navigation

    The admin panel sidebar contains the following sections:

    Domains

    Manage the mail domains hosted on this server. Add new domains, edit catch-all settings, view per-domain account and alias counts, and delete domains. See Managing Mail Domains.

    Accounts

    Full list of email accounts across all domains. Create, edit, delete, and force-reset passwords. When Panel integration is active, each account shows its last sync time and sync source. See Managing Mail Accounts.

    Aliases

    Configure address aliases — additional email addresses that forward to an existing account. Supports catch-all aliases (*@example.com). See Email Aliases.

    Groups

    Create distribution addresses that deliver to multiple recipients simultaneously. See Creating Mail Groups.

    Autoresponders

    Set up out-of-office or vacation replies on behalf of any account. Supports date ranges and per-sender deduplication. See Setting Up Autoresponders.

    DKIM

    Generate RSA key pairs per domain, view the DNS TXT records that need to be added, and verify propagation. See DKIM Signing.

    Spam

    View Rspamd statistics, configure score thresholds, manage allowlists and blocklists, and link to the Rspamd dashboard. Only visible when RSPAMD_URL is configured. See Spam Filtering.

    Queue & Logs

    Two sub-pages:

    • Queue — browse and manage the Postfix mail queue. Retry or delete individual messages, flush the entire queue.
    • Logs — tail and filter /var/log/mail.log.

    See Mail Queue Management and Viewing Mail Logs.

    Settings

    Sub-sections for: admin accounts (create/edit/delete admins), admin 2FA, export/backup, and application configuration overrides.

    Two Independent Login Systems

    Opterius Mail maintains two completely separate authentication sessions:

    /           → Webmail (IMAP session — authenticated via ImapGuard)
/admin      → Admin panel (DB session — authenticated via admins table)

    These sessions do not interact. Logging in at /admin does not give you access to any user's webmail. Logging in at / as a mail user does not give you access to the admin panel.

    Practical consequences:

    • An admin who also has a personal email account must log in twice — once at /admin with their admin username/password, and once at / with their email address and mail password.
    • Clearing browser cookies for one session does not affect the other.
    • 2FA is configured separately for admin accounts (Admin → Settings → My Account) and for webmail users (webmail → Settings → Security).
    • The admin panel has no ability to read, modify, or delete the contents of any user's mailbox. Admin operations are limited to account metadata (credentials, quota, aliases, etc.).

    Admin Panel URL Security

    In production, the admin panel should not be publicly accessible without additional protection. Recommended approaches:

    1. IP allowlist at the Nginx level — restrict /admin to your office or VPN IP range.
    2. HTTP Basic Auth as a second factor at the Nginx level.
    3. VPN-only access — bind the admin panel to a private interface.

    The installer does not apply any of these restrictions automatically. Configuring them is the server administrator's responsibility.

    Previous
    ← First Admin Setup
    Next
    Managing Mail Domains →