Here few tips & tricks based on our Zimbra experience.
SNMP package is optional, and if you want to use it, you need to install on all servers, i decide to not use it.
In case that you need to reinstall the zm packages use
make sure during the zm installation to check if all password are correctly setted and the same at both server.
If you will not setup zimbra configuration correctly you will not be notify to apply configurations in a multiserver envirorment, so check all settings to make smoothly the connections between master and replica.
If you cant apply configuration on the replica server, and LDAP connections work correctly, go on the master LDAP server, as a Zimbra user, type:
If you can’t apply configuration because doesn’t show [a] for apply it mean that doesn’t have connection with the other server, or you did’t complete the setup configuration so check all parameters.
After apply configuration you will be asked to save in a conf file, Save config in file: [/opt/zimbra/config.”numbers”] inside that you will find the actual running configuration. Check Timezone on both server and check password on master to be the same on replica
zmlocalconfig -s ldap_replication_password
Important: If you have installed Zimbra MTA on the LDAP server, configure the Amavis and the Postfix passwords.
To find these values, run:
zmlocalconfig -s ldap_amavis_password zmlocalconfig -s ldap_postfix_password zmlocalconfig -s ldap_nginx_password
Use ‘’ for insert the value and to change those value use:
zmlocalconfig -e ldap_nginx_password=’newvalue’
Other password value in zimbra:
antispam_mysql_password antispam_mysql_root_password client_ssl_truststore_password ldap_amavis_password ldap_bes_searcher_password ldap_postfix_password ldap_replication_password ldap_root_password ldap_nginx_password mailbox_keystore_base_password mailbox_keystore_password mailbox_truststore_password mysql_root_password zimbra_ldap_password zimbra_mysql_password zimbra_vami_password
Note: Execution of ‘zmlocalconfig’ without argument shows present Zimbra configuration parameters and values. To see the local config, type:
To check services status use as zimbra user:
zmcontrol (followed by) status start restart stop
To configure proxy use as zimbra user on both servers:
/opt/zimbra/libexec/zmproxyconfig -e -w -H zimbra1.demo.local
on the other
/opt/zimbra/libexec/zmproxyconfig -e -w -H zimbra2.demo.local
In this folder /opt/zimbra/libexec/ are saved all command of zimbra user, than if you search inside you will find the names of the commands and you can also use man to check the commands helps.
|Tomcat IMAP SSL||993|
|Tomcat POP SSL||995|
|Standard LDAP Attribute||Zimbra Contact Field|
|objectClass||Not currently mapped|
GAL Attributes in Zimbra
Two possible sources for GAL information are the Zimbra server and the Active Directory server. The relevant LDAP/Active Directory fields are referenced in the Zimbra schema under the same names as listed in the Active Directory schema.
LDAP Mapped Attributes table maps generic GAL search attributes to their Zimbra contact fields.
Like authentication, GAL is configured on a per-domain basis. From the administration console, you can run the GAL Configuration Wizard to configure the domain’s attributes.
The OpenLDAP directory should not be modified directly. Any additions, changes and deletions are made through the Zimbra administration console or from the CLI utility for provisioning, zmprov.
Users modify attributes for their entry (accounts) in the OpenLDAP directory when they change their options from the Zimbra Web Client.
Administrators can also modify LDAP attributes using the command-line tools described in Appendix A: Command-Line Utilities.
Important: Do not use any LDAP browsers to change the Zimbra LDAP content.
When you run the install script, the Zimbra install verifies that the correct prerequisite packages are installed.
Zimbra LDAP installs the OpenLDAP software, an open source LDAP directory services.
Zimbra Spell installs the Aspell open source spelling checker. When Zimbra spell is installed, Zimbra-Apache is also installed.
Zimbra SNMP installs the SNMP package for monitoring. This package is optional.
Zimbra Logger installs tools for syslog aggregation, reporting, and message tracing.
The Zimbra server configuration is menu driven. The installation menu shows you the default configuration values. The menu displays the logical host name and email domain name [mailhost.example.com] as configured on the computer. You can change any of the values. For single server installs, the only value you must define is the administrator’s password. The password is used to log on to the Zimbra administration console.
The default configuration installs the Zimbra-LDAP, the Zimbra-MTA with anti-virus and anti-spam protection, the Zimbra mailbox server, the SNMP monitoring tools (optional), Zimbra-spell (optional), and the logger tool (optional), on one server.
|1) Hostname||The host name configured in the operating system installation.|
|2) LDAP master host||The LDAP host name. On a single server installation this name is the same as the hostname.|
|3) LDAP port||The default port is 389.|
|4) LDAP password||The root LDAP password for the host. This password is automatically generated.|
|5) zimbra-ldap||Configuration includes the following:
Create Domain – Yes. You can create one domain during installation and additional domains can be created from the administration console.
Domain to create – The default domain is the fully qualified hostname of the server. If you created a valid mail domain on your DNS server, enter it now. In most cases, you will accept the default.
|6) zimbra-store||Configuration includes the following.
Create Admin User – The administrator account is created during installation. This account is the first account provisioned on the Zimbra server and allows you to log on to the administration console.
Admin user to create – The default is admin@[mailhost.example.com].
Admin Password – You must set the admin account password. The password is case sensitive and must be a minimum of six characters. The administrator name, mail address, and password are required to log in to the administration console.
Enable automated spam training – By default, the automated spam training filter is enabled and two mail accounts are created.
1. Spam Training User to receive mail notification about mail that was not marked as junk, but should be.
2. Non-spam (HAM) training user to receive mail notification about mail that was marked as junk, but should not have been.
These addresses are automatically configured to work with the spam training filter. The accounts created have a randomly selected name. To recognize what the account is used for you may want to change this name.
Global Documents Account – The Global Documents account is automatically created when ZCS is installed. The Global Documents account holds the templates and the default Documents Notebook. The Documents feature is enabled from the COS or for individual accounts.
|7) zimbra-mta||The following options can be modified.
MTA Auth host. This is configured automatically if the MTA authentication server host is on the same server, but must be configured if the authentication server is not on the MTA.
Enable Spamassassin. Default is enabled.
Enable ClamAV. Default is enabled.
Notification address for AV alerts. Sets the notification address for AV alerts. You can either accept the default or create a new address. If you create a new address, remember to provision this address from the admin console. Note: If the virus notification address does not exist and your host name is the same as the domain name on the Zimbra server, the virus notifications queue in the Zimbra MTA server and cannot be delivered.
|8) zimbra-snmp||You can modify the following options
Enable SNMP notifications. The default is No. If you enter yes, you must enter the SNMP Trap hostname.
SNMP Trap hostname
Enable SMTP notification – The default is No.
SMTP Source email address – If you enter yes for SMTP notification, you must enter the SMTP source email address and SMTP Destination email address – destination email address.
|9) zimbra-logger||When installed, it is automatically enabled. This information is used to generate the statistics graphs and is used for message tracing.|
|10) zimbra-spell||When installed, it is automatically enabled.(optional)|
|11) Enable default backup schedule||For the Network Edition only, sets the schedule for Backup session to run as a full backup every Sunday at 1 a.m. and as incremental on the other days at 1 a.m.|
|r) Start servers after configuration||When the installation and configuration is complete, if this is set to Yes, the Zimbra server is automatically started.|
|s) Save config to file||At any time during the installation, you can save the configuration to file.|
|q) Quit||Quit can be used at any time to quit the installation.|
|–config||-c||<arg> File in which the configuration is stored|
|–default||-d||Show default values for keys listed in [args]|
|–edit||-e||Edit the configuration file, change keys and values specified. The [args] is in the key=value form.|
|–force||-f||Edit the keys whose change is known to be potentially dangerous|
|–help||-h||Shows the help for the usage options for this tool|
|–info||-i||Shows the documentation for the keys listed in [args]|
|–format||-m||<arg> Shows the values in one of these formats: plain (default), xml, shell, nokey.|
|–changed||-n||Shows the values for only those keys listed in the [args] that have been changed from their defaults|
|–path||-p||Shows which configuration file will be used|
|–random||-r||This option is used with the edit option. Specified key is set to a random password string.|
|–show||-s||Forces the display of the password strings|
|–unset||-u||Remove a configuration key. If this is a key with compiled-in defaults, set its value to the empty string.|
|ldap||Start, stop, or find the status of Zimbra LDAP|
|ldapsearch||Perform a search on an LDAP server|
|logmysqladmin||Send myslqadmin commands to the logger mysql|
|mailboxd||Start, stop, find the status of the mailboxd server|
|mysql||Enters interactive command-line MySQL session with the mailbox mysql|
|mysql.server||Start, stop the SQL instance for the mailbox package|
|mysqladmin||Send admin commands to MySQL|
|postconf||Postfix command to view or modify the postfix configuration|
|postfix||Start, stop, reload, flush, check, upgrade-configuration of postfix|
|qshape||Examine postfix queue in relation to time and sender/recipient domain|
|zmaccts||Lists the accounts and gives the status of accounts on the domain|
|zmamavisdctl||Start, stop, restart, or find the status of the Amavis-D New|
|zmantispamctl||Start, stop, reload, status for anti-spam service|
|zmantivirusctl||Start, stop, reload, status for the anti-virus service|
|zmapachectl||Start, stop, reload, or check status of Apache service (for spell check)|
|zmarchive config||Command to view, modify, or configure archiving|
|zmarchivectl||Start, stop, reload, status for archiving|
|zmarchivesearch||Search archives on the account|
|zmauditswatchctl||Start, stop, restart, reload, status of the auditswatch|
|zmbackup||Performs full backups and incremental backups for a designated mail host.|
|zmbackupabort||Stops a backup that is in process.|
|zmbackupquery||Find a specific full backup set|
|zmblobchk||Check consistency of the Zimbra blob store|
|zmcalchk||Check consistency of appointments and attendees in the Zimbra calendar|
|zmcertmgr||Manage self-signed and commercial certificates|
|zmclamdctl||Start, stop, or find the status of Clam AV|
|zmcleaniplanetics||Clean iPlanet ICS calendar files|
|zmcontrol (Start/Stop Service)||Start, stop, status of the Zimbra servers. Also can use to find the Zimbra version installed.|
|zmconvertctl||Start, stop, the conversion server or find the status of the converted attachments conversion/indexing|
|zmdumpenv||General information about the server environment is displayed|
|zmgsautil||Create, delete the GAL sync account and initiate manual syncs.|
|zmhostname||Find the hostname of the Zimbra server|
|zmhsm||Start, stop and status of a HSM session.|
|zmitemdatafile||Extracts and packs tgz files that ZCS uses for REST import/export|
|zmjava||Execute Java with Zimbra-specific environment settings|
|zmldappasswd||Changes the LDAP password|
|zmlicense||View and install your Zimbra license|
|zmlocalconfig||Used to set or get the local configuration of a Zimbra server|
|zmloggerctl||Start, stop, reload, or find the status of the Zimbra logger service|
|zmloggerhostmap||Used to manually map a DNS hostname to a zmhostname.|
|zmlogswatchctl||Start, stop, status of the swatch that is monitoring logging|
|zmmailbox||Performs mailbox management tasks|
|zmmailboxdctl||Start, stop, reload, or find the status of the mailbox components (mailboxd, MySQL, convert)|
|zmmailboxmove (Move Mailbox)||Used to move selected mailboxes from one Zimbra server to another.|
|zmmboxsearch (Cross Mailbox Search)||Search across mailboxes to find messages and attachments|
|zmmetadump||Support tool that dumps an item’s metadata in a human-readable form|
|zmmtaconfigctl||Start, stop, or find the status of the MTA configuration daemon|
|zmmtactl||Start, stop, or find the status of the MTA|
|zmmypasswd||Change MySQL passwords|
|zmmysqlstatus||Status of mailbox SQL instance|
|zmperditionctl||Start, stop, or find the status of the perdition IMAP proxy|
|zmplayredo||Performs data restore using backed up snapshots taken periodically. Users who use snapshots to backup and restore their information from a standby site use this command.|
|zmprov (Provisioning)||Performs all provisioning tasks in Zimbra LDAP, including creating accounts, domains, distribution lists and aliases|
|zmproxyconfgen||Generates configuration for the nginx proxy|
|zmproxyctl||Start, stop, restart, and find the status of the IMAP proxy service|
|zmproxypurge||Purges POP/IMAP routing information from one or more memcached servers|
|zmpython||Ability to write Python scripts that access Zimbra Java libraries. It sets the ZCS class path and starts the Jython interpreter.|
|zmredodump||Support tool for dumping contents of a redolog file for debugging purposes|
|zmrestore||Performs full restores and incremental restores for a designated mail host|
|zmrestoreldap||Restore accounts from the LDAP backup|
|zmrestoreoffline (Offline Restore)||Performs full restore when the Zimbra server (i.e., the mailboxd process) is down|
|zmsaslauthdctl||Start, stop, or find the status of saslauthd (authentication)|
|zmschedulebackup||Schedule backups and add the command to your cron table|
|zmshutil||Used for other zm scripts, do not use|
|zmskindeploy||Deploy skins for accounts from the command line|
|zmsoap||Print mail, account, and admin information in the SOAP format|
|zmspellctl||Start, stop, or find the status of the spell check server|
|zmsshkeygen||Generate Zimbra’s SSH encryption keys|
|zmstat-chart||Generate charts from zmstat data collected in a directory|
|zmstat-chart-config||Generate an .xml file with data included from the account setup|
|zmstat-chart-config||Outputs an XML configuration that describes the current state of the data gathered from zmstat-chart to generate charts on the administration console.|
|zmstatctl||Start, stop, check status, or rotate logs of zmstat data collectors|
|zmstorectl||Start, stop, or find the status of Zimbra store services|
|zmswatchctl||Start, stop, or find the status of the Swatch process, which is used in monitoring|
|zmsyslogsetup||Used to setup system log config file|
|zmthrdump||Initiate a thread dump and save the data to a file with a timestamp|
|zmtlsctl||Set the Web server mode to the communication protocol options: HTTP, HTTPS or mixed|
|zmtrainsa||Used to train the anti-spam filter to recognize what is spam or ham|
|zmtzupdate||Provides mechanism to process timezone changes from the command line|
|zmupdateauthkeys||Used to fetch the ssh encryption keys created by zmsshkeygen|
|zmvolume||Manage storage volumes on your Zimbra Mailbox server|
|zmzimletctl||Deploy and configure Zimlets|
Important: The default locale on the zimbra user system account is LANG=C. This setting is necessary for starting ZCS services. Changing the default LANG=C setting may cause performance issues with amavisd-new and the IM services may fail to start.
Some of the content is from zimbra official documentation site.
—>>> ENJOY!!! <<<—