Zimbra Tips & Tricks

mm ByYOBIHAT TEAM

Zimbra Tips & Tricks

 

Tips & Tricks

Here few tips & tricks based on our Zimbra experience.

SNMP package is optional, and if you want to use it, you need to install on all servers, i decide to not use it.
In case that you need to reinstall the zm packages use

./install.sh –-platform-override

make sure during the zm installation to check if all password are correctly setted and the same at both server.
If you will not setup zimbra configuration correctly you will not be notify to apply configurations in a multiserver envirorment, so check all settings to make smoothly the connections between master and replica.
If you cant apply configuration on the replica server, and LDAP connections work correctly, go on the master LDAP server, as a Zimbra user, type:

/opt/zimbra/libexec/zmldapenablereplica

If you can’t apply configuration because doesn’t show [a] for apply it mean that doesn’t have connection with the other server, or you did’t complete the setup configuration so check all parameters.
After apply configuration you will be asked to save in a conf file, Save config in file: [/opt/zimbra/config.”numbers”] inside that you will find the actual running configuration. Check Timezone on both server and check password on master to be the same on replica

zmlocalconfig -s ldap_replication_password

Important: If you have installed Zimbra MTA on the LDAP server, configure the Amavis and the Postfix passwords.
To find these values, run:

zmlocalconfig -s ldap_amavis_password
zmlocalconfig -s ldap_postfix_password
zmlocalconfig -s ldap_nginx_password

Use ‘’ for insert the value and to change those value use:

zmlocalconfig -e ldap_nginx_password=’newvalue’

Other password value in zimbra:

antispam_mysql_password

antispam_mysql_root_password

client_ssl_truststore_password

ldap_amavis_password

ldap_bes_searcher_password

ldap_postfix_password

ldap_replication_password

ldap_root_password

ldap_nginx_password

mailbox_keystore_base_password

mailbox_keystore_password

mailbox_truststore_password

mysql_root_password

zimbra_ldap_password

zimbra_mysql_password

zimbra_vami_password

Note: Execution of ‘zmlocalconfig’ without argument shows present Zimbra configuration parameters and values. To see the local config, type:

zmlocalconfig

To check services status use as zimbra user:

zmcontrol (followed by) status start restart stop

To configure proxy use as zimbra user on both servers:

/opt/zimbra/libexec/zmproxyconfig -e -w -H zimbra1.demo.local

on the other

/opt/zimbra/libexec/zmproxyconfig -e -w -H zimbra2.demo.local

In this folder /opt/zimbra/libexec/ are saved all command of zimbra user, than if you search inside you will find the names of the commands and you can also use man to check the commands helps.

Zimbra infos

Firewall Configuration should be set to No firewall, and the Security Enhanced Linux (SELinux) should be disabled if you don’t know how to hardening.

Table 1 Zimbra Default Port Mapping

Postfix 25
HTTP 80
POP3 110
IMAP 143
LDAP 389
HTTPS 443
Tomcat IMAP SSL 993
Tomcat POP SSL 995
Tomcat LMTP 7025

 

Table 2 Attributes Mapped to Zimbra contact

Standard LDAP Attribute Zimbra Contact Field
co workCountry
company Company
givenName/gn firstName
sn lastName
cn fullName
initials initials
l workCity
physicalDeliveryOfficeName office
ou department
street, streetaddress workStreet
postalCode workPostalCode
telephoneNumber workPhone
st workState
title jobTitle
mail email
objectClass Not currently mapped

GAL Attributes in Zimbra
Two possible sources for GAL information are the Zimbra server and the Active Directory server. The relevant LDAP/Active Directory fields are referenced in the Zimbra schema under the same names as listed in the Active Directory schema.

LDAP Mapped Attributes table maps generic GAL search attributes to their Zimbra contact fields.

Zimbra GAL Search Parameters

Like authentication, GAL is configured on a per-domain basis. From the administration console, you can run the GAL Configuration Wizard to configure the domain’s attributes.

Modifying Attributes

The OpenLDAP directory should not be modified directly. Any additions, changes and deletions are made through the Zimbra administration console or from the CLI utility for provisioning, zmprov.

Users modify attributes for their entry (accounts) in the OpenLDAP directory when they change their options from the Zimbra Web Client.

Administrators can also modify LDAP attributes using the command-line tools described in Appendix A: Command-Line Utilities.

Important: Do not use any LDAP browsers to change the Zimbra LDAP content.

Overview of Installation Process

When you run the install script, the Zimbra install verifies that the correct prerequisite packages are installed.

Zimbra Core installs the libraries, utilities, and monitoring tools.

Zimbra LDAP installs the OpenLDAP software, an open source LDAP directory services.

Zimbra MTA installs the Postfix open source MTA, the Clam AntiVirus antivirus engine, the SpamAssassin junk mail filter, and the Amavisd-New content filter.

Zimbra Store installs the mailbox server, including Apache Tomcat, the servlet container for the Zimbra server.

Zimbra Spell installs the Aspell open source spelling checker. When Zimbra spell is installed, Zimbra-Apache is also installed.

Zimbra SNMP installs the SNMP package for monitoring. This package is optional.

Zimbra Logger installs tools for syslog aggregation, reporting, and message tracing.

 

The Zimbra server configuration is menu driven. The installation menu shows you the default configuration values. The menu displays the logical host name and email domain name [mailhost.example.com] as configured on the computer. You can change any of the values. For single server installs, the only value you must define is the administrator’s password. The password is used to log on to the Zimbra administration console.

Basic Configuration

The default configuration installs the Zimbra-LDAP, the Zimbra-MTA with anti-virus and anti-spam protection, the Zimbra mailbox server, the SNMP monitoring tools (optional), Zimbra-spell (optional), and the logger tool (optional), on one server.

The menu driven installation displays the components and their existing default values. During the installation process you can modify the information.

The table below describes the menu options

Table 2 Main Menu Options

1) Hostname The host name configured in the operating system installation.
2) LDAP master host The LDAP host name. On a single server installation this name is the same as the hostname.
3) LDAP port The default port is 389.
4) LDAP password The root LDAP password for the host. This password is automatically generated.
5) zimbra-ldap Configuration includes the following:
Create Domain – Yes. You can create one domain during installation and additional domains can be created from the administration console.
Domain to create – The default domain is the fully qualified hostname of the server. If you created a valid mail domain on your DNS server, enter it now. In most cases, you will accept the default.
6) zimbra-store Configuration includes the following.
Create Admin User – The administrator account is created during installation. This account is the first account provisioned on the Zimbra server and allows you to log on to the administration console.
Admin user to create – The default is admin@[mailhost.example.com].
Admin Password – You must set the admin account password. The password is case sensitive and must be a minimum of six characters. The administrator name, mail address, and password are required to log in to the administration console.
Enable automated spam training – By default, the automated spam training filter is enabled and two mail accounts are created.
1. Spam Training User to receive mail notification about mail that was not marked as junk, but should be.
2. Non-spam (HAM) training user to receive mail notification about mail that was marked as junk, but should not have been.
These addresses are automatically configured to work with the spam training filter. The accounts created have a randomly selected name. To recognize what the account is used for you may want to change this name.
Global Documents Account – The Global Documents account is automatically created when ZCS is installed. The Global Documents account holds the templates and the default Documents Notebook. The Documents feature is enabled from the COS or for individual accounts.
7) zimbra-mta The following options can be modified.
MTA Auth host. This is configured automatically if the MTA authentication server host is on the same server, but must be configured if the authentication server is not on the MTA.
Enable Spamassassin. Default is enabled.
Enable ClamAV. Default is enabled.
Notification address for AV alerts. Sets the notification address for AV alerts. You can either accept the default or create a new address. If you create a new address, remember to provision this address from the admin console. Note: If the virus notification address does not exist and your host name is the same as the domain name on the Zimbra server, the virus notifications queue in the Zimbra MTA server and cannot be delivered.
8) zimbra-snmp

(optional)

You can modify the following options
Enable SNMP notifications. The default is No. If you enter yes, you must enter the SNMP Trap hostname.
SNMP Trap hostname
Enable SMTP notification – The default is No.
SMTP Source email address – If you enter yes for SMTP notification, you must enter the SMTP source email address and SMTP Destination email address – destination email address.
9) zimbra-logger When installed, it is automatically enabled. This information is used to generate the statistics graphs and is used for message tracing.
10) zimbra-spell When installed, it is automatically enabled.(optional)
11) Enable default backup schedule For the Network Edition only, sets the schedule for Backup session to run as a full backup every Sunday at 1 a.m. and as incremental on the other days at 1 a.m.
r) Start servers after configuration When the installation and configuration is complete, if this is set to Yes, the Zimbra server is automatically started.
s) Save config to file At any time during the installation, you can save the configuration to file.
q) Quit Quit can be used at any time to quit the installation.

Description

–config -c <arg> File in which the configuration is stored
–default -d Show default values for keys listed in [args]
–edit -e Edit the configuration file, change keys and values specified. The [args] is in the key=value form.
–force -f Edit the keys whose change is known to be potentially dangerous
–help -h Shows the help for the usage options for this tool
–info -i Shows the documentation for the keys listed in [args]
–format -m <arg> Shows the values in one of these formats: plain (default), xml, shell, nokey.
–changed -n Shows the values for only those keys listed in the [args] that have been changed from their defaults
–path -p Shows which configuration file will be used
–quiet -q Suppress logging
–random -r This option is used with the edit option. Specified key is set to a random password string.
–show -s Forces the display of the password strings
–unset -u Remove a configuration key. If this is a key with compiled-in defaults, set its value to the empty string.
–expand -x Expand values

 

Table 1 Zimbra CLI Commands

The table below lists the CLI commands in /opt/zimbra/bin.

ldap Start, stop, or find the status of Zimbra LDAP
ldapsearch Perform a search on an LDAP server
logmysqladmin Send myslqadmin commands to the logger mysql
mailboxd Start, stop, find the status of the mailboxd server
mysql Enters interactive command-line MySQL session with the mailbox mysql
mysql.server Start, stop the SQL instance for the mailbox package
mysqladmin Send admin commands to MySQL
postconf Postfix command to view or modify the postfix configuration
postfix Start, stop, reload, flush, check, upgrade-configuration of postfix
qshape Examine postfix queue in relation to time and sender/recipient domain
zmaccts Lists the accounts and gives the status of accounts on the domain
zmamavisdctl Start, stop, restart, or find the status of the Amavis-D New
zmantispamctl Start, stop, reload, status for anti-spam service
zmantivirusctl Start, stop, reload, status for the anti-virus service
zmapachectl Start, stop, reload, or check status of Apache service (for spell check)
zmarchive config Command to view, modify, or configure archiving
zmarchivectl Start, stop, reload, status for archiving
zmarchivesearch Search archives on the account
zmauditswatchctl Start, stop, restart, reload, status of the auditswatch
zmbackup Performs full backups and incremental backups for a designated mail host.
zmbackupabort Stops a backup that is in process.
zmbackupquery Find a specific full backup set
zmblobchk Check consistency of the Zimbra blob store
zmcalchk Check consistency of appointments and attendees in the Zimbra calendar
zmcertmgr Manage self-signed and commercial certificates
zmclamdctl Start, stop, or find the status of Clam AV
zmcleaniplanetics Clean iPlanet ICS calendar files
zmcontrol (Start/Stop Service) Start, stop, status of the Zimbra servers. Also can use to find the Zimbra version installed.
zmconvertctl Start, stop, the conversion server or find the status of the converted attachments conversion/indexing
zmdumpenv General information about the server environment is displayed
zmgsautil Create, delete the GAL sync account and initiate manual syncs.
zmhostname Find the hostname of the Zimbra server
zmhsm Start, stop and status of a HSM session.
zmitemdatafile Extracts and packs tgz files that ZCS uses for REST import/export
zmjava Execute Java with Zimbra-specific environment settings
zmldappasswd Changes the LDAP password
zmlicense View and install your Zimbra license
zmlmtpinject Testing tool
zmlocalconfig Used to set or get the local configuration of a Zimbra server
zmloggerctl Start, stop, reload, or find the status of the Zimbra logger service
zmloggerhostmap Used to manually map a DNS hostname to a zmhostname.
zmlogswatchctl Start, stop, status of the swatch that is monitoring logging
zmmailbox Performs mailbox management tasks
zmmailboxdctl Start, stop, reload, or find the status of the mailbox components (mailboxd, MySQL, convert)
zmmailboxmove (Move Mailbox) Used to move selected mailboxes from one Zimbra server to another.
zmmboxsearch (Cross Mailbox Search) Search across mailboxes to find messages and attachments
zmmetadump Support tool that dumps an item’s metadata in a human-readable form
zmmtaconfigctl Start, stop, or find the status of the MTA configuration daemon
zmmtactl Start, stop, or find the status of the MTA
zmmypasswd Trace messages
zmmypasswd Change MySQL passwords
zmmysqlstatus Status of mailbox SQL instance
zmperditionctl Start, stop, or find the status of the perdition IMAP proxy
zmplayredo Performs data restore using backed up snapshots taken periodically. Users who use snapshots to backup and restore their information from a standby site use this command.
zmprov (Provisioning) Performs all provisioning tasks in Zimbra LDAP, including creating accounts, domains, distribution lists and aliases
zmproxyconfgen Generates configuration for the nginx proxy
zmproxyctl Start, stop, restart, and find the status of the IMAP proxy service
zmproxypurge Purges POP/IMAP routing information from one or more memcached servers
zmpython Ability to write Python scripts that access Zimbra Java libraries. It sets the ZCS class path and starts the Jython interpreter.
zmredodump Support tool for dumping contents of a redolog file for debugging purposes
zmrestore Performs full restores and incremental restores for a designated mail host
zmrestoreldap Restore accounts from the LDAP backup
zmrestoreoffline (Offline Restore) Performs full restore when the Zimbra server (i.e., the mailboxd process) is down
zmsaslauthdctl Start, stop, or find the status of saslauthd (authentication)
zmschedulebackup Schedule backups and add the command to your cron table
zmshutil Used for other zm scripts, do not use
zmskindeploy Deploy skins for accounts from the command line
zmsoap Print mail, account, and admin information in the SOAP format
zmspellctl Start, stop, or find the status of the spell check server
zmsshkeygen Generate Zimbra’s SSH encryption keys
zmstat-chart Generate charts from zmstat data collected in a directory
zmstat-chart-config Generate an .xml file with data included from the account setup
zmstat-chart-config Outputs an XML configuration that describes the current state of the data gathered from zmstat-chart to generate charts on the administration console.
zmstatctl Start, stop, check status, or rotate logs of zmstat data collectors
zmstorectl Start, stop, or find the status of Zimbra store services
zmswatchctl Start, stop, or find the status of the Swatch process, which is used in monitoring
zmsyslogsetup Used to setup system log config file
zmthrdump Initiate a thread dump and save the data to a file with a timestamp
zmtlsctl Set the Web server mode to the communication protocol options: HTTP, HTTPS or mixed
zmtrainsa Used to train the anti-spam filter to recognize what is spam or ham
zmtzupdate Provides mechanism to process timezone changes from the command line
zmupdateauthkeys Used to fetch the ssh encryption keys created by zmsshkeygen
zmvolume Manage storage volumes on your Zimbra Mailbox server
zmzimletctl Deploy and configure Zimlets

If you use non-ASCII characters in the CLI, in order for the characters to display correctly, you must change this setting to the desired UTF-8 before running the CLI command. To change this, type:

export LC_All=<UTF_locale>

Important: The default locale on the zimbra user system account is LANG=C. This setting is necessary for starting ZCS services. Changing the default LANG=C setting may cause performance issues with amavisd-new and the IM services may fail to start.

 

Some of the content is from zimbra official documentation site.

—>>> ENJOY!!! <<<—

About the author

mm

YOBIHAT TEAM author

YOBIHAT TEAM is a group of expertise IT (Programmers, System & Network engineer, Optic Fiber Technician, Graphics, Blogger and Users) who follow Open Source philosophy, and will drive you in deep with the YOBICLOUD platform for DevOps.

Leave a Reply

three × 1 =