Tag Archive zimbra

mm ByYOBIHAT TEAM

Zimbra Tips & Tricks

 

Tips & Tricks

Here few tips & tricks based on our Zimbra experience.

SNMP package is optional, and if you want to use it, you need to install on all servers, i decide to not use it.
In case that you need to reinstall the zm packages use

./install.sh –-platform-override

make sure during the zm installation to check if all password are correctly setted and the same at both server.
If you will not setup zimbra configuration correctly you will not be notify to apply configurations in a multiserver envirorment, so check all settings to make smoothly the connections between master and replica.
If you cant apply configuration on the replica server, and LDAP connections work correctly, go on the master LDAP server, as a Zimbra user, type:

/opt/zimbra/libexec/zmldapenablereplica

If you can’t apply configuration because doesn’t show [a] for apply it mean that doesn’t have connection with the other server, or you did’t complete the setup configuration so check all parameters.
After apply configuration you will be asked to save in a conf file, Save config in file: [/opt/zimbra/config.”numbers”] inside that you will find the actual running configuration. Check Timezone on both server and check password on master to be the same on replica

zmlocalconfig -s ldap_replication_password

Important: If you have installed Zimbra MTA on the LDAP server, configure the Amavis and the Postfix passwords.
To find these values, run:

zmlocalconfig -s ldap_amavis_password
zmlocalconfig -s ldap_postfix_password
zmlocalconfig -s ldap_nginx_password

Use ‘’ for insert the value and to change those value use:

zmlocalconfig -e ldap_nginx_password=’newvalue’

Other password value in zimbra:

antispam_mysql_password

antispam_mysql_root_password

client_ssl_truststore_password

ldap_amavis_password

ldap_bes_searcher_password

ldap_postfix_password

ldap_replication_password

ldap_root_password

ldap_nginx_password

mailbox_keystore_base_password

mailbox_keystore_password

mailbox_truststore_password

mysql_root_password

zimbra_ldap_password

zimbra_mysql_password

zimbra_vami_password

Note: Execution of ‘zmlocalconfig’ without argument shows present Zimbra configuration parameters and values. To see the local config, type:

zmlocalconfig

To check services status use as zimbra user:

zmcontrol (followed by) status start restart stop

To configure proxy use as zimbra user on both servers:

/opt/zimbra/libexec/zmproxyconfig -e -w -H zimbra1.demo.local

on the other

/opt/zimbra/libexec/zmproxyconfig -e -w -H zimbra2.demo.local

In this folder /opt/zimbra/libexec/ are saved all command of zimbra user, than if you search inside you will find the names of the commands and you can also use man to check the commands helps.

Zimbra infos

Firewall Configuration should be set to No firewall, and the Security Enhanced Linux (SELinux) should be disabled if you don’t know how to hardening.

Table 1 Zimbra Default Port Mapping

Postfix 25
HTTP 80
POP3 110
IMAP 143
LDAP 389
HTTPS 443
Tomcat IMAP SSL 993
Tomcat POP SSL 995
Tomcat LMTP 7025

 

Table 2 Attributes Mapped to Zimbra contact

Standard LDAP Attribute Zimbra Contact Field
co workCountry
company Company
givenName/gn firstName
sn lastName
cn fullName
initials initials
l workCity
physicalDeliveryOfficeName office
ou department
street, streetaddress workStreet
postalCode workPostalCode
telephoneNumber workPhone
st workState
title jobTitle
mail email
objectClass Not currently mapped

GAL Attributes in Zimbra
Two possible sources for GAL information are the Zimbra server and the Active Directory server. The relevant LDAP/Active Directory fields are referenced in the Zimbra schema under the same names as listed in the Active Directory schema.

LDAP Mapped Attributes table maps generic GAL search attributes to their Zimbra contact fields.

Zimbra GAL Search Parameters

Like authentication, GAL is configured on a per-domain basis. From the administration console, you can run the GAL Configuration Wizard to configure the domain’s attributes.

Modifying Attributes

The OpenLDAP directory should not be modified directly. Any additions, changes and deletions are made through the Zimbra administration console or from the CLI utility for provisioning, zmprov.

Users modify attributes for their entry (accounts) in the OpenLDAP directory when they change their options from the Zimbra Web Client.

Administrators can also modify LDAP attributes using the command-line tools described in Appendix A: Command-Line Utilities.

Important: Do not use any LDAP browsers to change the Zimbra LDAP content.

Overview of Installation Process

When you run the install script, the Zimbra install verifies that the correct prerequisite packages are installed.

Zimbra Core installs the libraries, utilities, and monitoring tools.

Zimbra LDAP installs the OpenLDAP software, an open source LDAP directory services.

Zimbra MTA installs the Postfix open source MTA, the Clam AntiVirus antivirus engine, the SpamAssassin junk mail filter, and the Amavisd-New content filter.

Zimbra Store installs the mailbox server, including Apache Tomcat, the servlet container for the Zimbra server.

Zimbra Spell installs the Aspell open source spelling checker. When Zimbra spell is installed, Zimbra-Apache is also installed.

Zimbra SNMP installs the SNMP package for monitoring. This package is optional.

Zimbra Logger installs tools for syslog aggregation, reporting, and message tracing.

 

The Zimbra server configuration is menu driven. The installation menu shows you the default configuration values. The menu displays the logical host name and email domain name [mailhost.example.com] as configured on the computer. You can change any of the values. For single server installs, the only value you must define is the administrator’s password. The password is used to log on to the Zimbra administration console.

Basic Configuration

The default configuration installs the Zimbra-LDAP, the Zimbra-MTA with anti-virus and anti-spam protection, the Zimbra mailbox server, the SNMP monitoring tools (optional), Zimbra-spell (optional), and the logger tool (optional), on one server.

The menu driven installation displays the components and their existing default values. During the installation process you can modify the information.

The table below describes the menu options

Table 2 Main Menu Options

1) Hostname The host name configured in the operating system installation.
2) LDAP master host The LDAP host name. On a single server installation this name is the same as the hostname.
3) LDAP port The default port is 389.
4) LDAP password The root LDAP password for the host. This password is automatically generated.
5) zimbra-ldap Configuration includes the following:
Create Domain – Yes. You can create one domain during installation and additional domains can be created from the administration console.
Domain to create – The default domain is the fully qualified hostname of the server. If you created a valid mail domain on your DNS server, enter it now. In most cases, you will accept the default.
6) zimbra-store Configuration includes the following.
Create Admin User – The administrator account is created during installation. This account is the first account provisioned on the Zimbra server and allows you to log on to the administration console.
Admin user to create – The default is admin@[mailhost.example.com].
Admin Password – You must set the admin account password. The password is case sensitive and must be a minimum of six characters. The administrator name, mail address, and password are required to log in to the administration console.
Enable automated spam training – By default, the automated spam training filter is enabled and two mail accounts are created.
1. Spam Training User to receive mail notification about mail that was not marked as junk, but should be.
2. Non-spam (HAM) training user to receive mail notification about mail that was marked as junk, but should not have been.
These addresses are automatically configured to work with the spam training filter. The accounts created have a randomly selected name. To recognize what the account is used for you may want to change this name.
Global Documents Account – The Global Documents account is automatically created when ZCS is installed. The Global Documents account holds the templates and the default Documents Notebook. The Documents feature is enabled from the COS or for individual accounts.
7) zimbra-mta The following options can be modified.
MTA Auth host. This is configured automatically if the MTA authentication server host is on the same server, but must be configured if the authentication server is not on the MTA.
Enable Spamassassin. Default is enabled.
Enable ClamAV. Default is enabled.
Notification address for AV alerts. Sets the notification address for AV alerts. You can either accept the default or create a new address. If you create a new address, remember to provision this address from the admin console. Note: If the virus notification address does not exist and your host name is the same as the domain name on the Zimbra server, the virus notifications queue in the Zimbra MTA server and cannot be delivered.
8) zimbra-snmp

(optional)

You can modify the following options
Enable SNMP notifications. The default is No. If you enter yes, you must enter the SNMP Trap hostname.
SNMP Trap hostname
Enable SMTP notification – The default is No.
SMTP Source email address – If you enter yes for SMTP notification, you must enter the SMTP source email address and SMTP Destination email address – destination email address.
9) zimbra-logger When installed, it is automatically enabled. This information is used to generate the statistics graphs and is used for message tracing.
10) zimbra-spell When installed, it is automatically enabled.(optional)
11) Enable default backup schedule For the Network Edition only, sets the schedule for Backup session to run as a full backup every Sunday at 1 a.m. and as incremental on the other days at 1 a.m.
r) Start servers after configuration When the installation and configuration is complete, if this is set to Yes, the Zimbra server is automatically started.
s) Save config to file At any time during the installation, you can save the configuration to file.
q) Quit Quit can be used at any time to quit the installation.

Description

–config -c <arg> File in which the configuration is stored
–default -d Show default values for keys listed in [args]
–edit -e Edit the configuration file, change keys and values specified. The [args] is in the key=value form.
–force -f Edit the keys whose change is known to be potentially dangerous
–help -h Shows the help for the usage options for this tool
–info -i Shows the documentation for the keys listed in [args]
–format -m <arg> Shows the values in one of these formats: plain (default), xml, shell, nokey.
–changed -n Shows the values for only those keys listed in the [args] that have been changed from their defaults
–path -p Shows which configuration file will be used
–quiet -q Suppress logging
–random -r This option is used with the edit option. Specified key is set to a random password string.
–show -s Forces the display of the password strings
–unset -u Remove a configuration key. If this is a key with compiled-in defaults, set its value to the empty string.
–expand -x Expand values

 

Table 1 Zimbra CLI Commands

The table below lists the CLI commands in /opt/zimbra/bin.

ldap Start, stop, or find the status of Zimbra LDAP
ldapsearch Perform a search on an LDAP server
logmysqladmin Send myslqadmin commands to the logger mysql
mailboxd Start, stop, find the status of the mailboxd server
mysql Enters interactive command-line MySQL session with the mailbox mysql
mysql.server Start, stop the SQL instance for the mailbox package
mysqladmin Send admin commands to MySQL
postconf Postfix command to view or modify the postfix configuration
postfix Start, stop, reload, flush, check, upgrade-configuration of postfix
qshape Examine postfix queue in relation to time and sender/recipient domain
zmaccts Lists the accounts and gives the status of accounts on the domain
zmamavisdctl Start, stop, restart, or find the status of the Amavis-D New
zmantispamctl Start, stop, reload, status for anti-spam service
zmantivirusctl Start, stop, reload, status for the anti-virus service
zmapachectl Start, stop, reload, or check status of Apache service (for spell check)
zmarchive config Command to view, modify, or configure archiving
zmarchivectl Start, stop, reload, status for archiving
zmarchivesearch Search archives on the account
zmauditswatchctl Start, stop, restart, reload, status of the auditswatch
zmbackup Performs full backups and incremental backups for a designated mail host.
zmbackupabort Stops a backup that is in process.
zmbackupquery Find a specific full backup set
zmblobchk Check consistency of the Zimbra blob store
zmcalchk Check consistency of appointments and attendees in the Zimbra calendar
zmcertmgr Manage self-signed and commercial certificates
zmclamdctl Start, stop, or find the status of Clam AV
zmcleaniplanetics Clean iPlanet ICS calendar files
zmcontrol (Start/Stop Service) Start, stop, status of the Zimbra servers. Also can use to find the Zimbra version installed.
zmconvertctl Start, stop, the conversion server or find the status of the converted attachments conversion/indexing
zmdumpenv General information about the server environment is displayed
zmgsautil Create, delete the GAL sync account and initiate manual syncs.
zmhostname Find the hostname of the Zimbra server
zmhsm Start, stop and status of a HSM session.
zmitemdatafile Extracts and packs tgz files that ZCS uses for REST import/export
zmjava Execute Java with Zimbra-specific environment settings
zmldappasswd Changes the LDAP password
zmlicense View and install your Zimbra license
zmlmtpinject Testing tool
zmlocalconfig Used to set or get the local configuration of a Zimbra server
zmloggerctl Start, stop, reload, or find the status of the Zimbra logger service
zmloggerhostmap Used to manually map a DNS hostname to a zmhostname.
zmlogswatchctl Start, stop, status of the swatch that is monitoring logging
zmmailbox Performs mailbox management tasks
zmmailboxdctl Start, stop, reload, or find the status of the mailbox components (mailboxd, MySQL, convert)
zmmailboxmove (Move Mailbox) Used to move selected mailboxes from one Zimbra server to another.
zmmboxsearch (Cross Mailbox Search) Search across mailboxes to find messages and attachments
zmmetadump Support tool that dumps an item’s metadata in a human-readable form
zmmtaconfigctl Start, stop, or find the status of the MTA configuration daemon
zmmtactl Start, stop, or find the status of the MTA
zmmypasswd Trace messages
zmmypasswd Change MySQL passwords
zmmysqlstatus Status of mailbox SQL instance
zmperditionctl Start, stop, or find the status of the perdition IMAP proxy
zmplayredo Performs data restore using backed up snapshots taken periodically. Users who use snapshots to backup and restore their information from a standby site use this command.
zmprov (Provisioning) Performs all provisioning tasks in Zimbra LDAP, including creating accounts, domains, distribution lists and aliases
zmproxyconfgen Generates configuration for the nginx proxy
zmproxyctl Start, stop, restart, and find the status of the IMAP proxy service
zmproxypurge Purges POP/IMAP routing information from one or more memcached servers
zmpython Ability to write Python scripts that access Zimbra Java libraries. It sets the ZCS class path and starts the Jython interpreter.
zmredodump Support tool for dumping contents of a redolog file for debugging purposes
zmrestore Performs full restores and incremental restores for a designated mail host
zmrestoreldap Restore accounts from the LDAP backup
zmrestoreoffline (Offline Restore) Performs full restore when the Zimbra server (i.e., the mailboxd process) is down
zmsaslauthdctl Start, stop, or find the status of saslauthd (authentication)
zmschedulebackup Schedule backups and add the command to your cron table
zmshutil Used for other zm scripts, do not use
zmskindeploy Deploy skins for accounts from the command line
zmsoap Print mail, account, and admin information in the SOAP format
zmspellctl Start, stop, or find the status of the spell check server
zmsshkeygen Generate Zimbra’s SSH encryption keys
zmstat-chart Generate charts from zmstat data collected in a directory
zmstat-chart-config Generate an .xml file with data included from the account setup
zmstat-chart-config Outputs an XML configuration that describes the current state of the data gathered from zmstat-chart to generate charts on the administration console.
zmstatctl Start, stop, check status, or rotate logs of zmstat data collectors
zmstorectl Start, stop, or find the status of Zimbra store services
zmswatchctl Start, stop, or find the status of the Swatch process, which is used in monitoring
zmsyslogsetup Used to setup system log config file
zmthrdump Initiate a thread dump and save the data to a file with a timestamp
zmtlsctl Set the Web server mode to the communication protocol options: HTTP, HTTPS or mixed
zmtrainsa Used to train the anti-spam filter to recognize what is spam or ham
zmtzupdate Provides mechanism to process timezone changes from the command line
zmupdateauthkeys Used to fetch the ssh encryption keys created by zmsshkeygen
zmvolume Manage storage volumes on your Zimbra Mailbox server
zmzimletctl Deploy and configure Zimlets

If you use non-ASCII characters in the CLI, in order for the characters to display correctly, you must change this setting to the desired UTF-8 before running the CLI command. To change this, type:

export LC_All=<UTF_locale>

Important: The default locale on the zimbra user system account is LANG=C. This setting is necessary for starting ZCS services. Changing the default LANG=C setting may cause performance issues with amavisd-new and the IM services may fail to start.

 

Some of the content is from zimbra official documentation site.

—>>> ENJOY!!! <<<—

mm ByYOBIHAT TEAM

Install Zimbra Collaboration 8.6 multiserver in Centos 7

System Requirements for Zimbra Installation

The official website recommends the following hardware specification for Zimbra open-source edition.

-Intel/AMD 2.0 GHz 64-bit CPU

-A minimum of 8GB of RAM for a single server installation

-10 GB disk space for software and logs, and additional disk space for mail storage and temporary files

-At least 4GB of RAM for each server if you split the server in 2, but all depend of the kind of services you decide to install on each machine.

General Requirements

-Firewall Configuration should be set to “No firewall”.

-RAID-5 is not recommended for installations with more than 100 accounts.

-SSH client software to transfer and install the Zimbra Collaboration software.

-Valid DNS configured with an A record and MX record.

-Servers should be configured to run Network Time Protocol (NTP) on a scheduled basis.

Installation step by step

On both centos VM update the OS, install all packages needed for zimbra install, and disable firewall and sendmail services

yum update -y 
yum install net-tools usbutils firewalld wget nc perl perl-core ntpl nmap sudo libidn gmp libaio libstdc++ unzip sysstat sqlite -y 
yum erase postfix
systemctl stop sendmail
systemctl disable sendmail
systemctl stop firewalld
systemctl disable firewalld

Add following entries to your both host files to change selinux config

vi /etc/selinux/config

change line SELINUX=permissive

Add following entries to your both host files

vi /etc/hosts
10.0.17.101      zimbra1.demo.local    zimbra1
10.0.17.102      zimbra2.demo.local    zimbra2

and remove all ipv6 relations comment or delete all ::1
Make static address in your NIC on all servers

vi /etc/sysconfig/network-scripts/ifcfg-………

Remove ipv6 configuration in file

vi /etc/sysctl.conf

Append the text below at the end of the file

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

Apply and if print 1 everything related to ipv6 is disabled and you can reboot

sysctl -p
reboot

Now create and mount the partition will store the data of your mail system, if you are not familiar to this please search on internet to understand better what you are doing.
The server that need the second hard drive to store email data is the server where you are going to install zimbra store service, in our case the server 1.
We suppone that /dev/sda is your main linux HDD and /dev/sdb/ is the second disk that will be mounted on /opt/zimbra.
The above command will help you to understand the status of your system

fdisk -l
lsblk
lvs
pvdisplay /dev/sd...
vgdisplay vg...

Let’s create the partition on /dev/sdb/ and mount on /opt/zimbra

mkdir /opt/zimbra
pvcreate /dev/sdb
pvdisplay /dev/sdb
vgcreate vg1 /dev/sdb
lvcreate -l 100%FREE -n zmstore vg0
mkfs.ext4 /dev/vg0/zmstore
blkid /dev/vg1/* >> /etc/fstab

once the UUID is sent in append to /etc/fstab open the file and delete the title sent as in the example

vi /etc/fstab
example:    UUID=00000xxxx-xxxxxx-xxxxxxxx              /opt/zimbra      ext4      defaults     0 0

After save the file mount and check if is mounted correctly

mount -a
mount | grep opt
lsblk

If everything is ok we are ready to install zimbra, go the folder you decide to use for download zimbra packages

cd /home/
wget https://files.zimbra.com/downloads/8.6.0_GA/zcs-8.6.0_GA_1153.RHEL7_64.20141215151110.tgz
tar xzvf zcs-8.6.0_GA_1153.RHEL7_64.20141215151110.tgz
cd zcs-8.6.0_GA_1153.RHEL7_64.20141215151110
./install.sh

in this case we are going to split the zimbra mail server in 2 different server with different services running on the servers, you can decide to use more servers depends of your needs, Let’s install

Services to install in server 1

cd zcs-…
./install.sh

Do you agree with the terms of the software license agreement? [N] Y

Select the packages to install Install zimbra-ldap [Y] y

Install zimbra-logger [Y] y

Install zimbra-mta [Y] N

Install zimbra-dnscache [N] N

Install zimbra-snmp [Y] N

Install zimbra-store [Y] y

Install zimbra-apache [Y] y

Install zimbra-spell [Y] y

Install zimbra-memcached [Y] y

Install zimbra-proxy [Y] N

after install edit the field marked with **** before to save change timezone change default ldap admin password and make sure all password are set save config and apply. Before to start with second server apply config here and test with:

zmcontrol status

Services to install in second server

cd zcs-…
./install.sh

Do you agree with the terms of the software license agreement? [N] Y

Select the packages to install Install zimbra-ldap [Y] n

Install zimbra-logger [Y] n

Install zimbra-mta [Y] y

Install zimbra-dnscache [N] y

Install zimbra-snmp [Y] N

Install zimbra-store [Y] n

Install zimbra-apache [Y] n

Install zimbra-spell [Y] n

Install zimbra-memcached [Y] y

Install zimbra-proxy [Y] y

before to save change timezone, check ldap_master_host change default ldap admin password as the other server and check all password on the other server with zmlocalconfig -s (password to know).

Set Up the SSH Keys – both servers

We need to manually populate ssh keys on each server

su - zimbra
zmupdateauthkeys

Enabling Server Statistics – both servers

In order for the server statistics to display on the administration console, the syslog configuration files must be modified. On each server, as root, type

/opt/zimbra/libexec/zmsyslogsetup

Verify configuration

zmcontrol status

Setting up proxy zimbra1.demo.local

zimbra1.demo.local

su zimbra
/opt/zimbra/libexec/zmproxyconfig -e -m -H mailboxsrv.demo...
/opt/zimbra/libexec/zmproxyconfig -e -w -H mailboxsrv.demo...

mtasrv.demo…

su zimbra
/opt/zimbra/libexec/zmproxyconfig -e -m -H mtasrv.demo...
/opt/zimbra/libexec/zmproxyconfig -e -w -H mtasrv.demo...
zmcontrol restart

Common Steps to Run Servers Properly

Once installation is complete, do the common following steps on each server to function properly.
 1: Restart and Enable crond service

systemctl restart crond
systemctl enable crond

 2: Open rsyslog.conf file and uncomment following two lines and restart service

vim /etc/rsyslog.conf
$ModLoad imudp
$UDPServerRun 514
# Provides TCP syslog reception 
$ModLoad imtcp 
$InputTCPServerRun 514

service rsyslog restart

 3: Restart and Enable rsyslog service

systemctl restart rsyslog
systemctl enable rsyslog

 4: Now run the below command to update rsyslog

/opt/zimbra/libexec/zmsyslogsetup
updateSyslog: Updating /etc/rsyslog.conf...done.

If the installation are successful  you can access via web:

https://zimbra1.demo.local:443

for a webmail

https://zimbra2.demo.local:7071/zimbraAdmin

for admin managment site

(use your own link).

 

—>>> ENJOY!!! <<<—