Ajcody-Server-Misc-Topics

From Zimbra :: Wiki

Jump to: navigation, search
Attention.png - This article is NOT official Zimbra documentation. It is a user contribution and may include unsupported customizations, references, suggestions, or information.

Contents

Miscellaneous Server Topics

Actual Miscellaneous Server Topics Homepage

Please see Ajcody-Server-Misc-Topics

Mailbox Purge - Trash And Spam Lifetime And More


Other references to this topic:

Variables Around Lifetime And Purge

Some values will only exist in some version of ZCS. You can see what attributes you have on your version by checking /opt/zimbra/conf/attrs/zimbra-attrs.xml .

Where To Modify In Admin Console or ZWC
  • Admin Console
    • To configure global retention or deletion policies, go to the Configure>Global Settings>Retention Policy page.
    • To configure retention or deletion policies by COS, go to the Configure>Class of Service><COS>, Retention Policy page.
      • Make sure Enable COS-level policies instead of inheriting from the policy defined in Global Settings is enabled.
    • To configure retention or deletion policies by COS go to the Users properties section in the Admin console.
  • User Edits In ZWC
    • Right click on folder/object and click on Properties.
    • View the Retention tab.
  • Dumpster Specific
    • Admin functions
      • To enable this feature, go to the Configure>Class of service>[COSname], Features page, General Features section. Check Dumpster folder.
      • To set Visibility lifetime in dumpster for end user, go to the COS’s, Advanced page, Timeout Policy section.
      • To set Retention lifetime in dumpster before purging, go to the COS’s Advanced page, Email Retention Policy section.
    • User Interaction
      • Right click on Trash folder and click on Recover Deleted Items.
How Purges Function Vs Time Variables - Admin Variables
  • zimbraMailMessageLifetime
    • Lifetime of a mail message regardless of location. Number of days a message can remain in a folder before it is purged. This includes data in RSS folders.
    • Account / COS variable
    • The minimum configuration for email message lifetime is 30 days.
    • The default COS value is 0; email messages are not deleted.
  • zimbraMailPurgeSleepInterval
    • Purge thread activity is throttled by the zimbraMailPurgeSleepInterval server attribute. This value specifies the amount of time that the purge thread sleeps between subsequent purges.
    • Global / Server variable
    • If the interval is set to 0, purging is turned off.
    • The default value is "1m" (one minute).
  • zimbraMailDumpsterLifetime
    • Retention period of messages in the dumpster.
    • Account / COS variable
    • 0 means that all messages will be retained.
    • The default COS value is 30 days [30d].
    • Important - "zimbraMailDumpsterLifetime", specifies how long the messages will be kept in the dumpster. However, the deletion of the messages in the dumpster depends on whether the "zimbraDumpsterPurgeEnabled" is set to TRUE or FALSE. Ref Bug 88170#c6
    • Also, currently [8.0.6], there is no variable to control zimbraDumpsterPurge it uses change_date , from the RFE https://bugzilla.zimbra.com/show_bug.cgi?id=45284#c17 - "Dumpster data is purged with a configurable threshold, default 30 days. All items put into dumpster more than 30 days ago are purged. Note the threshold is for deletion time, not create or modified time." and "As mail_item rows are copied to dumpster, the mail_item_dumpster.change_date column is set to the deletion time. This is used by dumpster purge logic. It's okay to lose the last modified time info (which is the original meaning of change_date) because that information is not used once an items is put into dumpster."
  • zimbraMailPurgeUseChangeDate[Trash|Spam]
Basics On Editing Variables From CLI

From CLI as the zimbra user - [ su - zimbra ] .

  • User account
    • Get current variable
      • zmprov ga user@domain variable
    • Set to new value
      • zmprov ma user@domain variable value
  • Cos
    • Get current variable
      • zmprov gc COSname variable
    • Set to new value
      • zmprov mc COSname variable value
  • Server
    • Get current variable
      • zmprov gs Servername variable
    • Set to new value
      • zmprov ms Servername variable value
  • Global
    • Get current variable
      • zmprov gacf variable
    • Set to new value
      • zmprov mcf variable value
User Level Variables They Can Modify

The retention policy is specified by two sets of attributes on an account. The user retention policy set is set by the user and stored as duration attributes on the account:

  • zimbraPrefInboxReadLifetime
    • Retention period of read messages in the Inbox folder.
    • Account / COS variable
    • 0 means that all messages will be retained.
    • Default COS value is 0.
  • zimbraPrefInboxUnreadLifetime
    • Retention period of unread messages in the Inbox folder.
    • Account / COS variable
    • 0 means that all messages will be retained.
    • Default COS value is 0.
  • zimbraPrefSentLifetime
    • Retention period of messages in the Sent folder.
    • Account / COS variable
    • 0 means that all messages will be retained.
    • Default COS value is 0.
  • zimbraPrefJunkLifetime
    • Retention period of messages in the Junk folder.
    • This user-modifiable attribute works in conjunction with zimbraMailSpamLifetime, which is admin-modifiable. The shorter duration is used.
    • Account / COS variable
    • 0 means that all messages will be retained.
    • Default COS value is 0.
  • zimbraPrefTrashLifetime
    • Retention period of messages in the Trash folder.
    • This user-modifiable attribute works in conjunction with zimbraMailTrashLifetime, which is admin-modifiable. The shorter duration is used.
    • Account / COS variable
    • 0 means that all messages will be retained.
    • Default COS value is 0.
Admin Level Variables That Users Can't Modify

The system retention policy is set by the administrator. These attributes are also at the account/COS level, but not modifiable by the end user:

  • zimbraMailTrashLifetime
    • Retention period of messages in the Trash folder. Number of days a message remains in the Trash folder before it is purged.
    • Account / COS variable
      • This admin-modifiable attribute works in conjunction with zimbraPrefTrashLifetime, which is user-modifiable. The shorter duration is used.
    • 0 means that all messages will be retained.
    • The default COS value is 30 days [30d].
    • Note - This actually relates to ALL Trash folders and all Items in those trash folders. This is NOT restricted to just the Mail Trash Folder or to email messages in a trash folder.
  • zimbraMailSpamLifetime
    • Retention period of messages in the Junk folder. Number of days a message can remain in the Junk folder before it is purged.
    • Account / COS variable
      • This admin-modifiable attribute works in conjunction with zimbraPrefJunkLifetime, which is user-modifiable. The shorter duration is used.
    • 0 means that all messages will be retained.
    • The default COS value is 30 days [30d].
  • zimbraShareLifetime
    • Maximum allowed lifetime of shares to internal users or groups.
    • Account / COS variable
    • 0 indicates that there's no limit on an internal share's lifetime.
    • The default COS value is 0.
  • zimbraExternalShareLifetime
    • Maximum allowed lifetime of shares to external users.
    • Account / COS variable
    • 0 indicates that there's no limit on an external share's lifetime.
    • The default COS value is 0.
  • zimbraPublicShareLifetime
    • Maximum allowed lifetime of public shares.
    • Account / COS variable
    • 0 indicates that there's no limit on a public share's lifetime.
    • The default COS value is 0.
  • zimbraFileShareLifetime
    • Maximum allowed lifetime of file shares to internal users or groups.
    • Account / COS variable
    • 0 indicates that there's no limit on an internal file share's lifetime.
    • The default COS value is 0.
  • zimbraFileExternalShareLifetime
    • Maximum allowed lifetime of file shares to external users.
    • Account / COS variable
    • 0 indicates that there's no limit on an external file share's lifetime.
    • The default COS value is 90 days [90d].
  • zimbraFilePublicShareLifetime
    • Maximum allowed lifetime of public file shares.
    • Account / COS variable
    • 0 indicates that there's no limit on a public file share's lifetime.
    • The default COS value is 0.
  • zimbraFileLifetime
    • Period of inactivity after which a file gets deleted
    • Account / COS variable
  • zimbraFileVersionLifetime
    • How long a file version is kept around
    • Account / COS variable
Dumpster Specific
  • zimbraDumpsterEnabled
    • Enable or disable Dumpster.
    • Account / COS variable
    • The default COS value is FALSE.
  • zimbraDumpsterPurgeEnabled
    • Disables purging from dumpster when set to FALSE.
    • Account / COS variable
    • The default COS value is TRUE.
    • Created the following RFE also:
      • Better Clarity on zimbraDumpsterPurgeEnabled
        • https://bugzilla.zimbra.com/show_bug.cgi?id=88170
        • In regards to :
          • a) zimbraMailDumpsterLifetime
          • b) zimbraDumpsterPurgeEnabled
        • The first one, "zimbraMailDumpsterLifetime", specifies how long the messages will be kept in the dumpster. However, the deletion of the messages in the dumpster depends on whether the "zimbraDumpsterPurgeEnabled" is set to TRUE or FALSE.
        • The second one [zimbraDumpsterPurgeEnabled], basically enables the purge of messages until a period of time, set by the "zimbraMailDumpsterLifetime" parameter.
        • In other words, the messages in the dumpster will be purged, only if the zimbraDumpsterPurgeEnabled
  • zimbraMailDumpsterLifetime
    • Retention period of messages in the dumpster.
    • Account / COS variable
    • 0 means that all messages will be retained.
    • The default COS value is 30 days [30d].
    • Important - "zimbraMailDumpsterLifetime", specifies how long the messages will be kept in the dumpster. However, the deletion of the messages in the dumpster depends on whether the "zimbraDumpsterPurgeEnabled" is set to TRUE or FALSE. Ref Bug 88170#c6
    • Also, currently [8.0.6], there is no variable to control zimbraDumpsterPurge it uses change_date , from the RFE https://bugzilla.zimbra.com/show_bug.cgi?id=45284#c17 - "Dumpster data is purged with a configurable threshold, default 30 days. All items put into dumpster more than 30 days ago are purged. Note the threshold is for deletion time, not create or modified time." and "As mail_item rows are copied to dumpster, the mail_item_dumpster.change_date column is set to the deletion time. This is used by dumpster purge logic. It's okay to lose the last modified time info (which is the original meaning of change_date) because that information is not used once an items is put into dumpster."
  • zimbraDumpsterUserVisibleAge
    • Limits how much of a dumpster data is viewable by the end user, based on the age since being put in dumpster.
    • Account / COS variable
    • 0 means that all messages will be retained.
    • The default COS value is 30 days [30d].
Dumpster Specific Commands
Searching Dumpster
  • To search for an item in the dumpster folder, use the format below. The search field can be a date range: 'before:mm/dd/yyyy and after:mm/dd/yyyy' or emails from or to a particular person: 'from: Joe', etc. The -l # is the max. number of search returns, 25 is default.
Format:
 zmmailbox -z -m user@example.com s --dumpster -l <#> --types <message,contact,document> <search-field>

Example - Larger than 1kb in size, display a max. of 100 search results.
 zmmailbox -z -m admin@`zmhostname` s --dumpster -l 100 --types message larger:1kb

Example - Older than 30 days because we have zimbraMailDumpsterLifetime set to 30, we want to confirm 
if they are getting purged. Option to only display a max. of 100 search results.
 zmmailbox -z -m admin@`zmhostname` s --dumpster -l 100 --types message before:-30days

Example - using a mysql query against the change_date vs date, 30 days from Apr. 14th 2014
$ date +%s -d "03/14/2014 00:00:00"
  1394780400
$ date -d @1394780400
  Fri Mar 14 00:00:00 PDT 2014
$ mysql -e 'SELECT * FROM mboxgroup1.mail_item WHERE mailbox_id=1 AND change_date<=1394780400\G'
 - note, drop the \G if you just want the rows per line.


  • To see the dumpster contents via Mysql:
mysql -e "use mboxgroup5; select * from mail_item_dumpster where mailbox_id = 5\G;"
Delete Items From Dumpster
  • To delete items in the dumpster folder, type
zmmailbox -z -m user@example.com -A dumpsterDeleteItem <item-ids>
Delete All Items From Dumpster - User
  • Deletes all items in the dumpster for the user:
zmmailbox -z -m user@example.com -A emptyDumpster
Recover Items From Dumpster - CLI - Only Way For Non-Message Items
  • To recovery an item from the dumpster folder [by item-id]. Please note this from the RFE - https://bugzilla.zimbra.com/show_bug.cgi?id=45284#c17 : "Only messages, contacts, documents, appointment, tasks and chats can be put in dumpster. Other item types like folders, tags and conversations are deleted immediately. Folder contents are put into dumpster when folder is deleted. UI support is limited to message type only at this time. zmmailbox CLI can be used to work with other item types." Can be ri or recoverItem in string below :
zmmailbox -z -m user@example.com ri <item-ids>
Checking A Users Dumpster Total Size
$ su - zimbra

# Confirm your on the right zimbraMailHost server for the user

$ zmprov -l ga userA@domain zimbraMailHost
   zimbraMailHost: zcs806.us.DOMAIN.com

$ zmprov gmi userA@domain

   mailboxId: 30019
   quotaUsed: 169831

$ zmlocalconfig zimbra_mailbox_groups
   zimbra_mailbox_groups = 100

# Get the mboxgroup number for the user

$ expr 3 % 100
   19

$ mysql -N -e "use mboxgroup19; select sum(size) from mail_item_dumpster where mailbox_id = 30019;"                  
   +---------+
   | 7405838 |
   +---------+

# To get the total of the 'dumpster' ONLY from zmvolume 1 [default is primary message volume]. 
  Locator is a new db phrase, ZCS 5 bug 30550 - "Renamed "volume ID" to "locator" and made it a String" 
  and you'll also have "mail_item.volume_id and mail_item_dumpster.volume_id" now.

$ mysql -N -e "use mboxgroup19; select sum(size) from mail_item_dumpster where locator = 1 and mailbox_id = 30019;"                  
   +---------+
   | 1523425 |
   +---------+
Dumpster Related Bug-RFEs

User UI Elements To Manage Message Retention And Message Disposal - If User Is Enabled For It

If they right click on their mail folders and do "Edit Properties" , they should see in the pop up window a tab labeled "Retention" . Within that tab, they'll see:

[ ] Enabled Message Retention :  
    Messages in this folder which fall within the retention range will require 
    explicit confirmation before being deleted.

        Retention range: [ Custom ]  [    ]   [ years]

[ ] Enabled Message Disposal : 
    Messages in this folder which are older than the disposal threshold will 
    be subject to automated cleanup and deletion.

        Retention range: [ Custom ]  [    ]   [ years]

Setting A Default Domain For User Login


In the admin web console goto:

Configuration > Global Settings

On the General Information tab to the right you'll see a variable called "Default domain". This will be the assumed domain for user logins as well [as well as other functionality].

If you have multiple domains and want to allow users avoid having to type in their domainname with their login credentials you should look at Virtual Hosting.

For Multi-Domains, please see:

Virtual [vhost] Hosting


References

Non-Proxy [NGINX] Virtual Hosting

  • You can configure multiple virtual hostnames to host more than one domain name on a server. When you create a virtual host, users can log in without have to specify the domain name as part of their user name. Virtual hosts are configured from the administration console Domains>Virtual Hosts tab. The virtual host requires a valid DNS configuration with an A record. When users log in, they enter the virtual host name in the browser. For example, https://mail.example.com. When the Zimbra logon screen displays, users enter only their user name and password. The authentication request searches for a domain with that virtual host name. When the virtual host is found, the authentication is completed against that domain.
    • Example, you have a single ZCS setup and your going to host multiple domains. [This is only true with a single ZCS mailbox setup. ] You want your users of those domains to use the "domainname" throughout all client configurations and interactions with the mailserver. So the pop/imap/http url's use the mail domain they are in, rather than the physical hostname+domainname of the ZCS server.
      • You would configure in the /etc/hosts and/or DNS to resolve the domainname targets that the user will be using to point to the physical ip address of the ZCS server.
      • You would then in the admin web console of ZCS, setup the domains under the "Domain Virtual Hosts" section. And confirm the "default domain login" is properly setup for the users/domain users.

Proxy [NGINX] Virtual Hosting

General Description:

  • You can configure multiple virtual hostnames to host more than one domain name on a server. When you create a virtual host, users can log in without have to specify the domain name as part of their user name. Virtual hosts are configured from the administration console Domains>Virtual Hosts tab. The virtual host requires a valid DNS configuration with an A record. When users log in, they enter the virtual host name in the browser. For example, https://mail.example.com. When the Zimbra logon screen displays, users enter only their user name and password. The authentication request searches for a domain with that virtual host name. When the virtual host is found, the authentication is completed against that domain.
    • Exception. It would be possible to do the functions of Virtual Hosting without installing the zimbra proxy package. Using jetty directly for example. Our recommendation is to use the zimbra proxy package to achieve this though.
      • Example, you have a single ZCS setup and your going to host multiple domains. [This is only true with a single ZCS mailbox setup. ] You want your users of those domains to use the "domainname" throughout all client configurations and interactions with the mailserver. So the pop/imap/http url's use the mail domain they are in, rather than the physical hostname+domainname of the ZCS server.
        • You would configure in the /etc/hosts and/or DNS to resolve the domainname targets that the user will be using to point to the physical ip address of the ZCS server.
        • You would then in the admin web console of ZCS, setup the domains under the "Domain Virtual Hosts" section. And confirm the "default domain login" is properly setup for the users/domain users.


References:

Domain And User "Status" Changes


If you need to manually modify the status of a domain, for example - migration.

Checking Status - Mode Of Domain

If the domain is in "active" mode, the CLI output will show this.

zmprov gd domainname zimbraDomainStatus
zimbraDomainStatus: active

The variables are all lowercase by the way.

Setting A Domain To Maintenance Status - Modes

To set a domain to "maintenance" mode, you would do the following.

zmprov md domainname zimbraDomainStatus maintenance

Setting A Domain To Active Status - Modes

To set a domain to "maintenance" mode, you would do the following.

zmprov md domainname zimbraDomainStatus active

Descriptions Of Status - Modes

Here's the descriptions for each of the "status" or "modes":

  • Active. Active is the normal status for a mailbox account. Mail is delivered and users can log into the client interface.
  • Maintenance. When a mailbox status is set to maintenance, login is disabled, and mail addressed to the account is queued at the MTA. An account can be set to maintenance mode for backing up, importing or restoring the mailbox.
  • Locked. When a mailbox status is locked, the user cannot log in, but mail is still delivered to the account. The locked status can be set, if you suspect that a mail account has been hacked or is being used in an unauthorized manner.
  • Closed. When a mailbox status is closed, the login is disabled, and messages are bounced. This status is used to soft-delete an account before deleting the account from the server. A closed account does not change the account license.
  • LockOut. Users who try to log in and do not enter their correct password are locked out of their account after a specified number of consecutive failed login attempts. An account’s status is automatically changed to Lockout. How long the account is locked out is set by COS or Account configuration, but you can change the lockout status at any time.

Cross Mailbox Searches and Tracing


The crossmailbox search tool from the Admin web console requires the Archiving & Discovery package to be installed. The zmmboxsearch (CLI) doesn't require this. For A&D specific searches, there's also zmarchivesearch .

Notable RFE/Bugs

Searches And Timeout Variables - ZCS 6+

httpclient_soaphttptransport_so_timeout is set by default to 60 - in seconds. If you are using the -m "*" variable, to search for everyone, you might need to set this to 0 [no timeout] on the mailstore your doing the search from.

zmlocalconfig -e httpclient_soaphttptransport_so_timeout=0

Cross Mailbox Search

Events/errors will show in /opt/zimbra/log/mailbox.log

Search From the CLI

From the CLI, see zmmboxsearch help page

Here's an example use of the zmmboxsearch command:

su - zimbra
mkdir /tmp/testing
zmmboxsearch -m user1@mail3.internal.homeunix.com,user2@mail3.internal.homeunix.com -q "in:inbox" -d /tmp/testing/

Try using the formats I've written about here - Ajcody-Notes#Web_Client_Search - for the query string.

Search From the CLI - A&D Accounts - Even If Primary Account Was Deleted

Here's an example use of the zmmboxsearch command when you have all your archive accounts using the domain name of zimbra.homeunix.com.archive:

su - zimbra
mkdir /tmp/testing
zmmboxsearch -m `zmprov gaa | grep zimbra.homeunix.com.archive` -q "in:inbox" -d /tmp/testing/

Single A&D account search is this simple, for example. Primary account was user1@mail3.internal.homeunix.com with archive account being user1-20081211@mail3.internal.homeunix.com.archive. This will work even if the primary account, user1@mail3.internal.homeunix.com, was deleted.

su - zimbra
mkdir /tmp/testing
zmmboxsearch -m user1-20081211@mail3.internal.homeunix.com.archive -q "in:inbox" -d /tmp/testing/

If this isn't working, make sure the archive accounts still exist. Example uses my "archive" domain:

zmprov gaa | grep mail3.internal.homeunix.com.archive
Searches From Admin Web Console - Deleted Primary Account But A&D Account Still Exists

Please see the following:

Message Tracing

Please see the command help page for zmmsgtrace . This was pulled for ZCS 6, there is an existing RFE for a replacement or inclusion again:

Searches Limited To 500 or 1000 Maximum Results

Bugs:

There is a hard limit of returns being restricted to 500, per bug 43265 & 
58901 [fixed for ZCS8]. There is also a limit in ZCS 8, bug 82757, targeted 
for the JudasPriest release.

As a work around, download the zmmboxsearchx script located on bug 43265, 
it's listed as an attachment:

https://bugzilla.zimbra.com/show_bug.cgi?id=43265

This requires the following installed via CPAN as root and accept the default 
options suggested (http://www.cpan.org/modules/INSTALL.html):

Parallel::ForkManager
SOAP::Lite

e.g.:
cpan Parallel::ForkManager
cpan SOAP::Lite

Usage of the zmmboxsearchx script is similar to zmmboxsearch, but with some 
differences.

zimbra@zcs7-ga:/tmp/zmmboxsearchx-20100625/bin$ ./zmmboxsearchx
zmmboxsearchx: --query is required
zmmboxsearchx: use of --account, --searchdirectory or <userlistfile> is required
zmmboxsearchx: try --help option for more information

Usage:
zmmboxsearchx [options] [<userlistfile> ...]

Options: [*] == Required, [+] == Multiple vals OK, (val) == Default
--query <query_string> [*]query string
--dir <directory> directory to write messages to (no directory)
--account <acct> [+]account to include, comma separated values ok
--exclude <acct> [+]account to exclude, comma separated values ok
--exclude-file <file> [+]file listing accounts to exclude
--searchdirectory <filt> ldap filter to search for accounts
--server <hostname> mailbox server (LC:zimbra_zmprov_default_soap_server)
--limit <num> limit the total number of results returned (25)
--offset <num> offset in hit list to start at (0)
--proc <num> maximum number of child/worker processes to use (4)
--url <url> URL of soap service (LC:...)
--authuser <user> account for authentication (LC:zimbra_ldap_user)
--password <password> password for authuser (LC:zimbra_ldap_password)
--help display a brief help message
--man display the entire man page
--debug [<num>] verbose output useful for debugging
--verbose increase verbosity (increments --debug)

Note: LC:<key> means the default is read from localconfig if possible.

Start by verifying its functionality with just a small subset of the accounts on 
the system. Once you confirm it's operation, try broadening the search to a 
large listing of accounts or the * variable.

An example:

./zmmboxsearchx --proc 4 --query "whatever" --account "*" --d outputDir_path

Should it still not work, please try enabling the --debug and --verbose, and 
send us back some attachments containing the output.

:About getting the search results back into ZCS so someone could view them from ZWC:

zmmboxsearchx does use a local directory on the system. You could then use the 
following to inject those msg's back into a ZCS account for your compliance 
officers to view.

To create a folder into the account you want the results to be displayed see the 
below example to create a folder, using the cf option.

zmmailbox -z -m destination_account@domain.com cf -V message /SearchResults_XXX

You would then cd to the directory you had the search dump the messages in and 
then do something like :

for i in * ; do zmmailbox -z -m destination_account@domain.com addMessage /SearchResults_XXX $i ; done

You should double check against an actual search if the * will work, I don't recall 
offhand it uses subdirectories and if all of the search results will end up with *.msg's.

destination_account@domain.com should be replaced with the email account the compliance 
officer will want to use to view the injected messages. It could be their account or a new 
one that you then share to them.

/SearchResults_XXX would be replaced with the directory you want the messages to be stored in.

Deferred Emails - Error Of Connection Refused


Your having emails deferred and you check the /opt/log/zimbra.log file and see something like:

Sep  2 05:17:56 mail postfix/qmgr[12229]: 56A793151483: to=<USER@DOMAIN.net>, relay=none, delay=29404, delays=29404/0.08/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to 127.0.0.1[127.0.0.1]: Connection refused)

Things to do to help trouble shoot the issue:

  • Please confirm that iptables and selinux aren't running or are configured properly.
    • service iptables status
    • sestatus
  • Can you telnet to the different ports for example? port 25?
  • What's your /etc/hosts look like and is the format correct - confirm localhost entry is right?
    • cat /etc/hosts
  • Check for hostname issues:
    • hostname YOUR_FQDN
    • hostname -t MX YOUR_DOMAINNAME
    • cat /etc/resolv.conf
  • Give the output of the following as well - replace YOUR_SERVER_NAME:
    • zmprov gs YOUR_SERVER_NAME | grep -i mta
  • Have you tried to disable DNS lookups? [zimbraMtaDnsLookupsEnabled]
    • zmprov ms YOUR_SERVER_NAME zimbraMtaDnsLookupsEnabled FALSE
  • What's the current status of zimbra services?
    • zmcontrol status
  • If you can restart zimbra - while starting zimbra get logging events that might be related to issue or other errors/warnings:
    • zmcontrol stop
    • tail -f /opt/zimbra/log/mailbox.log & /opt/zimbra/log/zmmailboxd.out & /var/log/zimbra.log
    • zmcontrol start
  • Have you tried to disable antivirus and antispam to see if queue flushes?
    • Amavis
      • zmamavisdctl status
      • zmamavisdctl stop
      • zmamavisdctl start
    • Clam
      • zmclamdctl stop
      • zmclamdctl start
  • Give the following output - as root:
    • netstat -lntp
    • lsof | grep TCP
  • Checking postfix for deferred and command to flush:
    • postqueue -p
    • postqueue -f

What's my time and timezone?


I wrote up the steps to make sure the ZCS server is using the correct time and timezone here:

http://wiki.zimbra.com/index.php?title=Time_Zones_in_ZCS#The_server_OS

Volumes & zmvolume


Basic Concepts

From Mike's forum post. Modified a little.

Each Zimbra mailbox server is configured with one index & message volume (NE can add secondary HSM volumes).

A volume will state it's condition as "current" as either true or false.

When a new message is delivered or created, the message is saved in the current message volume. Additional message volumes can be created, but only one is configured as the current volume where new messages are stored. If the volume is in danger of becoming full, you can configure a new current message volume. The new current message volume would then receive all the new messages. New messages are never stored in the previous volume once it's current value is set to false. A current volume cannot be deleted - via zmvolume. If there are accounts with messages referencing the older volume it should not be deleted until you point the volume path to wherever you've now moved the items.

Each mailbox is assigned to a permanent index directory on the current index volume. When an account is created, the current index volume is automatically defined for the account. You cannot change which index volume the account is assigned. As volumes become full, you can create a new current index volume for new accounts. When a new index volume is added as current, the older index volume is no longer assigned new accounts. Index volumes not marked current are still actively in use as the index volumes for accounts assigned to them - unlike the message volumes. Any index volume that is referenced by a mailbox as it's index volume cannot be deleted.

The Network Edition has the HSM (Hierarchical Storage Management) feature which involves moving data to other storage locations automatically after x amount of time. Messages and attachments are moved from a primary volume to the current secondary volume based on the age of the message; completely transparent to the user.

(Also a handy tidbit of info: collapsing message volumes - first tip is good for HSM > back to store, Klug's also points out that you can essentially use the same concept of Adam's wiki page [see below]; making it a subdirectory of the new filesystem location keeps it simple.)

The admin console > server > volumes tab is straight forward, make sure you have permission to write to the target location - see also: CLI_zmvolume (-l and -dc arguments display your volumes)

If you're curious how to view that in the DB:

su - zimbra
mysql
select * from zimbra.volume;

Notable RFEs

How To Move A User's Data To Another Volume

Notable RFE's to make moving user data to another volume easier:

Using zmsoap Example

See the following:

How To Go About Changing Volume Paths

List your current volume details

zmvolume -l

Make your directories to the "new" volume path. For example:

mkdir /san/mount/index /san/mount/store
chown zimbra:zimbra /san/mount/index /san/mount/store

Shutdown zimbra so we can move the data.

zmcontrol stop

Now move all the old data and then make symbolic links from old to new.

mv /opt/zimbra/index/* /san/mount/index/
mv /opt/zimbra/store/* /san/mount/store/
rmdir /opt/zimbra/store /opt/zimbra/index
ln -s /san/mount/index /opt/zimbra/index
ln -s /san/mount/store /opt/zimbra/store

Start zimbra back up.

zmcontrol start
  • Goto the admin web console , Configuration > Servers > server-name > Volumes Tab.
    • Select index volume
      • Click edit
        • Modify the path to the new path
    • Select store volume
      • Click edit
        • Modify the path to the new path
  • Click on Save in the upper left hand section.
To Modify Volume From CLI After Data Move

See what the details are of your volumes:

zmvolume -l /opt/zimbra/index
and
zmvolume -l /opt/zimbra/store
   Volume id: 2
       name: index1
       type: index
       path: /opt/zimbra/index
 compressed: false
    current: true

  Volume id: 1
       name: message1
       type: primaryMessage
       path: /opt/zimbra/store
 compressed: false
    current: true

Let's say your sym links are the ones shown above:

/opt/zimbra/index
/opt/zimbra/store

And your new directory paths are:

/mnt/nas/index
/mnt/nas/store

You would run the following to modify the volumes to use the real directory paths rather than the sym links.

zmvolume -e -id 2 -p /mnt/nas/index
zmvolume -e -id 1 -p /mnt/nas/store

Convertd


Version 1 Performance Issues - Upgrade To Version 2

From release notes:

An alternative implementation of the convertd daemon used for text extraction and conversion to HTML is now available as beta in 5.0.7. The new implementation is Apache multi-process based, as opposed to the original implementation which was multi-threaded. When libraries used to handle attachments fail or crash, the multi-process implementation allows for better availability. Since the new implementation is still in beta, the older multi- threaded implementation continues to be the default. If you are experiencing a high number of 400 (try again) error codes during LMTP delivery, or if you are seeing too many kvoop processes consuming memory, you can try the new Apache-based convertd.

Note - ALL mailstores must be running the same version of convertd. Multi-mailstore environments must plan upgrades/switch simultaneously.

  • You must install the new zimbra-convertd package for it to be available.
    • This is that reference during the installer about convertd. The basic convertd (v1) package is apart of zimbra-core.
  • kvoop is when your running version 1 of convertd.
    •  ps auxwww | grep -i kvoop
  • Run the script you want. For 5.0.7+ , this script will now shutdown and restart necessary service components.
    • Run /opt/zimbra/convertd/bin/upgrade_v2 to upgrade.
    • Run /opt/zimbra/convertd/bin/downgrade_v1 to downgrade.
  • Pre 5.0.7, you'll need to manually stop / start service components.
    • Restart zimbra or one might be able to get away with just restarting convertd and mailstore.
      • zmcontrol stop
      • zmcontrol start

High CPU Usage By Convertd - kvraster

Example situation might described as:

We are running Zimbra with 3 mailstore servers, and all 3 mailstore servers installed with convertd. But i am seeing one of mailstore using most of the resource for convertd (Java). I found 2 of the process running and using 79% and 67% of CPU (2 CPU) on the server and overall CPU usage of the server is 93%. Do we can fix this, or do i need to add more processors for this server?
Here the info i get from top command.
16265 zimbra 18 0 3355m 21m 8552 S 79 0.2 10176:49 java -Djava.awt.headless=true -classpath /opt/zimbra/keyview/ExportSDK/bin kvraster /opt/zimbra/convertd/convert/11/i
15995 zimbra 18 0 3355m 21m 8552 S 67 0.2 10171:12 java -Djava.awt.headless=true -classpath /opt/zimbra/keyview/ExportSDK/bin kvraster /opt/zimbra/convertd/convert/11/i

Developer response:

Autonomy uses java for some image conversion which can be resource intensive. Convertd has a processing timeout but it currently just calls _exit() and does not signal any children.
Steps that can help resolve this
  1. Just kill these runaway children.
    • They are not doing anything useful and are stuck in some Sun code
  2. Upgrade to ZCS 608+
    • It has a newer Autonomy SDK that does resolve some crashes and other problems
  3. Make sure they are running a current Java release that might fix some bugs in image conversions
  4. Set ConvertDebugLevel to 3 in convertd's conf file to save files that timeout.
    • If reproducible, we can enter bugs with Autonomy
  5. If the problem keeps recurring, we can build a convertd that attempts to signal children after a processing timeout. I'll look at that for Helix

Domain Rename Issues


We have a command to rename a "domain" and the resources within it - unfortunately it doesn't handle ALL of the different components for various reasons. Specifically Documents and Calendars [more down below].

Review this RFE that was done when they implemented the renameDomain command.

http://bugzilla.zimbra.com/show_bug.cgi?id=7655

Note comment 21 & 22 (confirming what QA'd). The syntax is

zmprov -l rd testold.com testnew.com

Problem With Documents

Problems that arise with Documents are explained here, comment #1 has workaround.

http://bugzilla.zimbra.com/show_bug.cgi?id=25873

Problem With Calendar & Appointments

Now, the very unfortunate part about calendars with a domainname change/move.

The root issue here's seems to be more about the calendar standards and practices with the use of the "Organizer" field and notifications. You'll see 3 "work arounds" in comment 2 of bug 26736.

Export/Importing of the calendar data is shown here:

http://wiki.zimbra.com/index.php?title=User_Migration

This part specifically :

http://wiki.zimbra.com/index.php?title=User_Migration#Copy_Calendar_From_One_Zimbra_User_to_Another

Instant Messaging

ZCS Service Can't Start Because Of Port In Use


Either CLI output or logs will note the port in question. The following commands can help identify what other service/application is causing the problem and conflict with the ZCS service.

This example shows port 995 causing a problem and uses nmap , netstat, and lsof to find details about what is 'running' on port 995. In this example, mailboxd wasn't able to start because of it.

[zimbra@zimbra1 log]$ nmap -P0 -p995 localhost

Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2012-10-05 16:46 EDT
Interesting ports on localhost.localdomain (127.0.0.1):
PORT    STATE SERVICE
995/tcp open  pop3s

[root@zimbra1 log]# netstat -tupl | grep pop
tcp        0      0 *:pop3s       *:*     LISTEN    9293/rpc.statd  

[root@zimbra1 log]# lsof -i :995
COMMAND    PID    USER   FD   TYPE DEVICE SIZE NODE NAME
rpc.statd 9293 rpcuser    8u  IPv4  21045       TCP *:pop3s (LISTEN)

### search by port with netstat , this is the way it should look when rpc didn't steal the port ###

[root@zimbra1 log]# netstat -plnt | grep 995
tcp        0      0 :::995  :::*   LISTEN      16520/java 

Changing Default Port 80 - No Proxy In Use And Single Server Example


Review the zmtlsctl wiki page to determine the http/https use.

* CLI_zmtlsctl_to_set_Web_Server_Mode

This example changes 80 to 60081 and 443 to 60443.

Confirm current port use/access and that no iptables/firewall are in use:

**as root**
lsof -P -n -i :80 -i :443
iptables -L
  **Policy As Accepted & None Blocked**
cat /etc/selinux/config
  **SELINUX=disable**

Make sure your not running the zimbra proxy service:

**as zimbra**
zmprov gs `zmhostname` | grep ServiceEnabled

Resolve any issues above before continuing.

Now, make any changes to the Web Server Mode you need in regards to http and https.

For example, I'll change mine to "mixed"

**as zimbra**
zmtlsctl mixed

Now let's change the ports in use [zimbraMtaAuthHost is a valid mailbox server hostname if your a multi-server ZCS environment]:

zmprov ms mail.yourdomain.com zimbraMailPort 60081
zmprov ms mail.yourdomain.com zimbraMailSSLPort 60443
zmprov ms mail.yourdomain.com zimbraMtaAuthHost mail.yourdomain.com
zmcontrol stop
zmcontrol start

And now confirm the changes:

**as root**
 lsof -P -n -i :60081 -i :60443

Themes, Branding, Logos, And Other UI Customizations


Main Wiki Page: Skins

Please see:

Finding Skins Variable From CLI

What skins are available [zimbraInstalledSkin]:

[zimbra@mail3 ~]$ zmprov gacf | grep -i skin
zimbraInstalledSkin: bones
zimbraInstalledSkin: sky
zimbraInstalledSkin: lemongrass
zimbraInstalledSkin: lavender
zimbraInstalledSkin: yahoo
zimbraInstalledSkin: waves
zimbraInstalledSkin: bare
zimbraInstalledSkin: sand
zimbraInstalledSkin: steel
zimbraInstalledSkin: hotrod
zimbraInstalledSkin: beach

Can Users Change Their Skin? This depends on their COS and the COS Value [zimbraFeatureSkinChangeEnabled]:

[[zimbra@mail3 ~]$ zmprov gac
default
[zimbra@mail3 ~]$ zmprov gc default | grep -i skin
zimbraFeatureSkinChangeEnabled: TRUE
[zimbra@mail3 ~]$ zmprov gac
default
[zimbra@mail3 ~]$ zmprov gc default | grep -i skinchange
zimbraFeatureSkinChangeEnabled: TRUE

What is the default skin for the cos [zimbraPrefSkin]:

[zimbra@mail3 ~]$ zmprov gc default | grep -i prefskin
zimbraPrefSkin: beach

To Modify the default skin for a cos:

zmprov mc [cos name] zimbraPrefSkin Name_Of_Skin


Sending Email From The CLI (Command line) On Zimbra Server


Make a txt file:

vi /tmp/email.txt

Put in something like:

To: test2@null.com
Subject: Test message
From: test@null.com
Body of message goes here

And then using the zimbra/postfix command for this, it would be:

/opt/zimbra/postfix/sbin/sendmail -t < /tmp/email.txt

or this, if that didn't work:

/opt/zimbra/postfix/sbin/sendmail -Am -t < /tmp/email.txt

I see the -Am referenced in the /opt/zimbra/conf/swatchrc.in file, but the man page for sendmail (zimbra/postfix) doesn't give clarity on this option.

Role Based Administration - Expansion Of Permission & Function Model For Admin Roles


Please see the following:

Spammers


Disconnect Web Session Spammer Hijacked

These might be related:

Looks like they need some Votes/Comments

Mass Importing / Exporting Of Things (Tasks, Notes, Documents, Briefcase, etc.)


Notes

Please see, Ajcody-Client-Topics#Import_.26_Export_Notes_.26_Journal

Documents And Briefcase

Please see, Bulk Upload To Briefcase

Inter-Domain (Company To Company) Item Access [Sharing?] Via Rest


From /opt/zimbra/doc/rest.txt :

2. Inter-domain

To access items across domains that span Zimbra installations, use the
exact same naming convention.

For example, if companyA installs Zimbra, and companyB installs Zimbra, someone at
companyA should be able to reference an item from companyB using the same syntax:

/home/john.smith@companyB.com/shared/contacts

this can be accomplished with DNS SRV records. For example, companyB.com could
publish a SRV record for _zimbra._tcp:

_zimbra._tcp.companyB.com. SRV   10  5   80      zimbra.companyB.com

The Zimbra proxy at companyA can then detect that companyB.com is not a local Zimbra
domain, and do a DNS lookup for:

_zimbra._tcp.companyB.com

And get back "zimbra.companyB.com" as the name of the Zimbra sever to
direct the request to. It would then do the equivalent of:

http://zimbra.companyB.com/home/john.smith@companyB.com/shared/contacts

Rest Url's And Spaces , White Spaces, %20


From /opt/zimbra/doc/rest.txt :

ISSUES/NOTES

2. user-friendly item "ids"? It would be nice to have user-friendly names
   for items inside of a folder, such as (+ is url-encoded form of a space):

  /home/roland/calendar/Staff+Meeting
  /home/roland/contacts/Roland+Schemers
  /home/roland/inbox/Important+Meeting

  Exchange allows this type of naming, need to determine how/if we'd want to do
  this, and how to deal with collisions like it does.

  Might need to come up with a per-item query-param string, or use search:

  /home/roland/contacts/?query="Roland Schemers"

Faster Way To Get Directory Size On Filesytem - find vs du


Note - if your having issues with your disk/partitions getting full, you might also want to consult Ajcody-Backup-Restore-Issues#Basic_Backup_Information_To_Submit_To_Support .

Instead of using:

du -sh .

Try this instead:

find . -printf %k"\n" | awk '{  sum += $1 } END { print sum }'

For example [as root]:

for i in `find /opt/zimbra -maxdepth 1 -type d`; \
do export sum=`find $i -printf %k"\n" | awk '{  sum += $1 } END { print sum kb }'`; \
echo -e "$sum kb\t$i"; export sum=; done | sort -rn | head -n 20

 [example output below]
6007764 kb      /opt/zimbra
1966620 kb      /opt/zimbra/db
837160 kb       /opt/zimbra/backup
680932 kb       /opt/zimbra/jetty-distribution-7.6.12.v20130726
387140 kb       /opt/zimbra/data
286160 kb       /opt/zimbra/jdk-1.7.0_45
211080 kb       /opt/zimbra/store
207172 kb       /opt/zimbra/zmstat
178628 kb       /opt/zimbra/logger
162280 kb       /opt/zimbra/mta
155700 kb       /opt/zimbra/bdb-5.2.36
116520 kb       /opt/zimbra/aspell-0.60.6.1
98820 kb        /opt/zimbra/mysql-standard-5.5.32-pc-linux-gnu-i686-glibc23
79408 kb        /opt/zimbra/zimbramon
72608 kb        /opt/zimbra/lib
66940 kb        /opt/zimbra/keyview-10.13.0.0
66488 kb        /opt/zimbra/clamav-0.97.8
64676 kb        /opt/zimbra/httpd-2.4.4
47408 kb        /opt/zimbra/store2
47164 kb        /opt/zimbra/index

Free Busy, FreeBusy, FB, F/B Topics


References

Current references for server topics for FB are:

Client Configuration topics for FB are:

Free Busy Support Requirement Clarifications

Please see the following:

Miscellaneous Bugs And Related RFEs

Please see:


WedDAV Topics

Actual WebDAV Homepage

Please see Ajcody-WebDAV

WebDAV & Davfs2 - Briefcase - Documents - Notebook

At this time, I can not find anything in our documentation that states that Zimbra via WebDAV can replace a file server 100% and that it is a supported and promised feature & function of Zimbra. What is supported, seems to be the narrow action of "reading" objects from WebDAV. But the full functionality to grant complex permissions and shares, write files remotely, and expansive support for the various OS's and WebDAV clients is beyond official support at this time. If you believe differently, please share the source on this wiki page "Discussion" section.

Resources

Third Party Webdav Clients


Adam Recommends For File Transfers
Anyclient - Java GUI - Free

Anyclient seems to work against Zimbra reliably for file transfers between the workstation and the server. It is like a ftp client though, so it will not seamlessly integrate into your applications or your OS's file browser. That will most likely need to wait until we can resolve the bugs surrounding the native webdav client for the major OS's.

Cadaver - CLI - Free

cadaver is a command-line WebDAV client for Unix. It supports file upload, download, on-screen display, namespace operations (move/copy), collection creation and deletion, and locking operations. The file locking operations will not work against Zimbra at this time [6-2010] and I still find I can't remove some of those ._ files that the Mac makes. They usually end up in the Trash on Zimbra and you can remove them via ZWC > Trash > Empty Trash .

References:

Other Clients
Free
Commercial

General Bugs And RFE's


From Release Notes 6.0.3

  • Briefcase Spreadsheet and Presentation functions are beta for 6.0.0
DAV Related
Document Sorting In ZWC
Unsorted

Max File Upload Size

This impacts your webdav operations in regards to the maximum size the files can be.


Check the following variable:

zmprov gacf zimbraFileUploadMaxSize

To edit:

zmprov mcf zimbraFileUploadMaxSize 100000000 

Also, with ZCS 6+ :

zmprov gacf zimbraMailContentMaxSize

To edit:

zmprov mcf zimbraMailContentMaxSize 100000000

Apple - Mac


Apple - Mac Bugs & RFE's
Webdav Connect Via Mac Finder

On a Mac, I've confirmed this process works for read. It appears it can write files [sometimes] but in the end it will not do it correctly. My test had left a file saved incorrectly and also left a dot [.*] file that could be seen in ZWC. I've added some of my testing notes to bug 40924 .

  • Right Mouse Click or Ctrl+Mouse Button on Finder, this will bring up the option panel
    • Click on "Connect To Server"
      • Server Address Examples:
      • You'll be prompted to either do anonymous/guest or to login. username or usernamer@domain will work.
        • Webdav mounts will show up on the CLI as well. Using http://SERVERNAME/dav/USERNAME as an example, you'll get:
          • /Volumes/USERNAME
          • Using the CLI, you can then use shell tools to test file modification. I found that TextEdit wouldn't [most of the time] show the webdav path so I could save a new file there. Doh! Do a File > Save As and then to the right of the Save As field click on the down arrow. This will present the full filesystem for browsing. Webdav mounts would be listed under the shared section.
            • This attempt from the CLI gave open/create errors also:
            • cd /Volumes/ajcody/Briefcase
            • touch textedit-cli.rtf
            • open -e textedit-cli.rtf
            • /Applications/TextEdit.app/Contents/MacOS/TextEdit textedit-cli.rtf
          • That failed for me on 10.6.3
        • Cadaver for Mac, http://cadaver.darwinports.com/ , was a nice tool to use as well for testing.
Mounting WebDAV via CLI With mount_webdav

You can also access the webdav mount over the CLI. See man mount_webdav for details. In theory, you would just mount it and use it like any other mounted volume. This doesn't seem to bypass any existing issues though with webdav on mac against a zimbra server.

Dot And Temp Files Being Made On WebDAV Mount

Normally, one would use this method - Mac OS X v10.4 and later: How to prevent .DS_Store file creation over network connections - to prevent dot files from being made on remote/network mounts. This doesn't seem to work on OSX 10.6.3 when mounting with Finder.

Also, the command - dot_clean - does not remove these ._ files over a webdav mount. See also, Mac OS X: Apple Double Format Creates File Name With the Prefix '._'. This Confluence thread reports the same issue - Add a preference to hide "hidden" files in the attachments and they end up recommending to use another WebDAV client - Transmit [$] or AnyClient [Free].

TinkerTool

I don't have time to test this at this time, but I see that Tinkertool has an option under "Finder" for:

  • Network Access
    • Don't create hidden .DS_Store files over a network connection
      • Note: Affected network folders will no longer store comments, labels, icon positions or similar Finder attributes.

Seems to cause this change:

$ defaults read com.apple.desktopservices
{
    DSDontWriteNetworkStores = true;
}

 [ Now uncheck the option in Tinkertool and click on the Relaunch Finder option. ]

$ defaults read com.apple.desktopservices
2010-12-21 06:17:24.200 defaults[18855:903] 
Domain com.apple.desktopservices does not exist

Reference:

Windows - General


Windows Bugs & RFE's
References
Internet Explorer - IE

These various syntax tests either gives an error about access, page not found, or does output an xml type page listing details about the briefcase/notebook contents. It does not however, give it in a usable format - page indexing - where one could download the file so one could view it.

http/s ://$MAILSERVER/service/dav/$USERNAME
http/s ://$MAILSERVER/service/dav/$USERNAME@$DOMAIN
http/s ://$MAILSERVER/service/dav/$USERNAME%40$DOMAIN
http/s ://$MAILSERVER/dav/$USERNAME/Briefcase/
http/s ://$MAILSERVER/dav/$USERNAME/Notebook/
webdav/s ://$MAILSERVER/dav/$USERNAME/Briefcase/
webdav/s ://$MAILSERVER/dav/$USERNAME/Notebook/
Internet Explorer - IE - WinXp Trick

Something I found in regards to Windows XP here and here:

Note: When connecting over non-SSL connections, append a “/#” to the URL here. Windows XP has two built-in methods 
for connecting via WebDAV. Appending /# is a workaround that forces the use of the Web Folder Client connection, 
which will authenticate successfully to the WebDav-enabled folder as configured here.  
[ example: http://ZIMBRA-SERVER/dav/USER@DOMAIN/Briefcase/# or http://ZIMBRA-SERVER/dav/USER@DOMAIN/Briefcase# ]
How-To For Windows 7, ZCS 6.0.6, And Mapping Webdav Drive

References for this section:

I'm leaving some notes here concerning other versions of Windows but your better off consulting WebDAV for non-windows 7 versions rather than here.

IE Performance Work Around

On Windows 7, all requests to WebDAV receive a 3 second delay in the Windows explorer. This makes WebDAV in Windows7 Explorer extremely slow. To fix this, you'll need to change IE's proxy settings:

Open IE : Tools : Internet Options : Connections : LAN settings : 
Un-check Automatically detect settings : Click Ok :Click Ok 
Setup Authentication Type For Webdav

By default, the Mini-Redirector uses Digest authentication. You can change this to Basic authentication in Windows 7 registry.

To confirm webdav is accessible from the windows 7 client and if it requires https or can also use http, test the following links -- adjusting for your zimbra server name and the user. You'll be prompted for login information if you aren't logged into ZWC already when attempting these - login user the USER@DOMAIN format with the user Zimbra password. These should work both under IE8 and Firefox 3. These url's will just show a simple xml/text file with details about the resource.

http://ZIMBRA-SERVER/dav/USER@DOMAIN/Briefcase [this 'path' is the primary use for webdav]
http://ZIMBRA-SERVER/dav/USER@DOMAIN/Notebook
http://ZIMBRA-SERVER/dav/USER@DOMAIN/Calendar
http://ZIMBRA-SERVER/dav/USER@DOMAIN/Tasks
http://ZIMBRA-SERVER/dav/USER@DOMAIN/Contacts

To change the authentication style, edit the Windows registry [Windows 7, Vista, WinXP]:

Choose "Run" in the start menu and type: "regedit" 
Windows 7 & Vista Reg Path:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters\BasicAuthLevel
Windows XP Reg Path:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters\UseBasicAuth
--
default is set to 1 [good if your using commercial certificate and require https:// for authentication for zimbra]
change to 2 to allow basic authentication [http:// for zimbra]
The mapping for the value is described as:
* 0 - Basic authentication disabled
* 1 [dword:00000001] - Basic authentication enabled for SSL shares only [https]
* 2 [dword:00000002] or greater - Basic authentication enabled for SSL [https] shares and for non-SSL [http] shares
Turn Off File Locking - Optional

Optional: To turn off locking [Windows 7 only?]:

Choose "Run" in the start menu and type: "regedit"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters] 
"SupportLocking"=dword:00000000

The Mini-Redirector included in Windows 7 and Vista fully supports SSL and the port can be different from 80. Windows XP only supports port 80.

Confirm WebClient Service To Automatic

Make sure the "WebClient" service is started:

Use "Start->Run->services.msc" and confirm the service "WebClient" is set to automatic.

Restart Windows now.

Mounting The Zimbra WebDAV Share Via File Explorer

You should of restarted the windows box after changing and registry values.

  • Open Windows Explorer, Start > Run > explorer.exe
  • And then do, Tools > Map Network Drive
  • Drive Letter - pick a letter you want to use
  • Folder Path example:
    • Again - Briefcase is your primary webdav folder for Zimbra read/write use, others are just shown as examples for viewing.
      • UNC examples
        • \\ZIMBRA-SERVER@80\dav\USER@DOMAIN\Briefcase
        • \\ZIMBRA-SERVER@80\dav\USER@DOMAIN\Notebook
        • \\ZIMBRA-SERVER@80\dav\USER@DOMAIN\Tasks
        • \\ZIMBRA-SERVER@80\dav\USER@DOMAIN\Calendar
        • \\ZIMBRA-SERVER@80\dav\USER@DOMAIN\Contacts
  • Reconnect at logon - your choice.
  • "Connect using different credentials"
    • If you check this box, you might you need to enter your username and password twice before you see the share.
    • I was able to remount shares without checking it, but I believe Windows had already cached my authentication details at that point.
Mounting The Zimbra WebDAV Share Via CMD
C:\Users\ajcody>net use p: http://ZIMBRA-SERVER/dav/USER/Calendar /user:USER /persistent:yes

Enter the password for 'USER' to connect to 'ZIMBRA-SERVER':
The command completed successfully.

C:\Users\ajcody>dir p:\
 Volume in drive P has no label.
 Volume Serial Number is 0000-0000

 Directory of p:\

04/28/2010  07:50 AM    <DIR>          .
04/28/2010  07:50 AM    <DIR>          ..
The parameter is incorrect.
??,☼                   0 39bd19c5-e71d-4cd2-9777-badf118b34c9.ics
               1 File(s)              0 bytes
               2 Dir(s)  104,353,939,456 bytes free

How-To For Windows 7, ZCS 6.0.6, And Webdrive

Download evaluation version from url below and installed it. My version was 9.12:

I have the registry settings already set on my Windows 7 machine as described above prior to doing this test.

Setup a new site using:

  • Enter the name for the site you will be connecting to:
    • I put in mail59-briefcase since mail59 is my test server and I would be connecting to my briefcase
  • Drive Letter
    • I went with the default that was selected - W
  • Next
  • Server type
    • WebDAV
    • Left "connect securely" unchecked. If you require https to login to zimbra, you'll want to check this.
  • Enter the URL for the Server
  • Next
  • For username, I put in : ajcody
  • For password, put in my zimbra password
  • left the "save password" checked.
  • Clicked on the "Test Connection" and confirmed it worked.
  • Next
  • Checked the "connect to site now"
  • Checked the "connect at login/startup"
  • Finished

The default properties that are setup seem to cause some issues with renames and so forth. Left some ugly cache files as well. I adjusted the properties like below and things seem to work well with them like this. Open up the "Properties" section for the new site you just made.

  • File
    • check - Encode filenames in UTF-8
    • check - Cache temporary MS Office files
    • check - Ignore Desktop.ini files
    • uncheck - Enable NTFS File Security [for applications requiring NT security]
    • check - Cache small writes by applications
    • check - Test for Write Access when files are created
  • Ok

Disconnect the map drive if it is and reconnect it.

Linux


Linux Webdav Bug/RFE's
Mounting WebDAV
mount.davfs - davfs2

Summary: Isn't working reliably. Appears to mount drive but shortly after I encounter problems. Doing a df -h will show the mount path but with the error of "Transport endpoint is not connected". Can umount if I use the -f flag as root.


Ubuntu example:

apt-get install davfs2
sudo dpkg-reconfigure davfs2
 ** SUID bit set so non-root users can mount.

You can customize davfs's behavior in /etc/davfs2/davfs2.conf . These config files will also exist in the user's home directory if you want to enable them there - $HOME/.davfs2/ . If you setup davfs2 for suid, then you'll want to note this option in davfs2.conf below. You'll want to add the unix usernames that will be doing the webdav mounts in the group mentioned in that variable in /etc/group .

dav_group     users

I've also read that davfs2 users object titles for filenames, meaning that if two 'objects' have the same title then only one will be displayed on the filesystem. To fix, edit /etc/davfs2/davfs2.conf and add or change:

use_displayname 0

Another option you might want to set in davfs2.conf is below. Some references to turning off locking states it as a mount option - -o nolocks , this no longer works or is available with mount with my testing. [Most likely you'll want to add this to the users $HOME/.davfs2/davfs2.conf file]

# use_locks 1 [default is 1, meaning it's on]
use_locks 0

Setup mount point as user, ajcody in example:

mkdir -p /home/ajcody/davfs/mail59

Test mounting via the CLI, example:

mount -t davfs 'http://192.168.0.59/dav/ajcody' /home/ajcody/davfs/mail59

Example in /etc/fstab :

http://192.168.0.59/dav/ajcody /home/ajcody/davfs/mail59   davfs   rw,noexec,nosuid,noauto,nodev,user 0 0

Once in /etc/fstab, the user can do the following - using example:

mount /home/ajcody/davfs/mail59
fusedav

On Ubuntu, easy as doing a :

apt-get install fusedav . 

Then vi /etc/fuse.conf and set the option for - user_allow_other .

Example from CLI:

[as ajcody]
mkdir -p /home/ajcody/davfs/mail59
fusedav -u username -p password http://192.168.0.59/av/ajcody /home/ajcody/davfs/mail59
wdfs

If you have wdfs installed, then you can add a line like this in /etc/fstab:

wdfs#http://192.168.0.59/dav/ajcody /home/ajcody/davfs/mail59   fuse rw,noexec,nosuid,noauto,nodev,user,owner 0 0
Gnome Apps
Evolution And WebDAV
Nautilus - Gnome File Manager

To setup a webdav connection:

  • File > Connect to Server
    • Service Type = Webdav (HTTP) or Secure Webdav (HTTPS)
    • Server = [example] 192.168.0.59 or mail59.zimbra.DOMAIN.com
    • Port = 80 for HTTP , 443 for HTTPS
    • Folder = dav/ajcody or dav/ajcody/Briefcase
    • User Name = [example] ajcody or ajcody@mail59.zimbra.DOMAIN.com
    • Check the "Add bookmark" box
      • Bookmark name = this is the name that will show up under Nautilus Places sidebar

The path that is establish if you were to manual type it in the path/url box would be:

dav://ajcody@192.168.0.59/dav/ajcody

Which can also be witnessed with the CLI command for gvfs mounts:

$ gvfs-mount -l
Drive(0): CD/DVD/HDDVD Drive
  Type: GProxyDrive (GProxyVolumeMonitorGdu)
Mount(0): WebDAV on 192.168.0.59 -> dav://ajcody@192.168.0.59/dav/ajcody
  Type: GDaemonMount

This seems to work for file opening and browsing.

Nautilus For KDE Workstation

For example, if you use Kubuntu, just install nautilus like:

sudo apt-get install nautilus

You can then launch from the cli to test out by doing:

nautilus

Here's a little bit that is sorta stupid. Nautilus will actually cache the webdav data in this location [for example] :

/home/ajcody/.gvfs/WebDAV on 192.168.0.59/

I can use konquerer/dolphin to then browse to /home/ajcody/.gvfs/WebDAV on 192.168.0.59/Briefcase/ and open files that would normally fail if I mounted the webdav location directly in dolphin. At least for a jpg file I'm testing against. For .doc files, I found OOo would fail but I could use Abiword just fine. This is probably tied to cache files OOo is trying to make vs Abiword not creating them.

Nautilus - GVFS And FUSE - FUSEDAV

Basic Package names: gvfs-fuse fuse fusedav

Reference to tracks bugs tied to GVFS-FUSE, GVFS-Webdav Backend:

There are some gvfs commands you can use as well to trouble shoot issues with gvfs/fuse-dav and Nautilus:

gvfs-cat            gvfs-ls             gvfs-mount          gvfs-rm             gvfs-tree
gvfs-copy           gvfs-mkdir          gvfs-move           gvfs-save           
gvfs-info           gvfs-monitor-dir    gvfs-open           gvfs-set-attribute  
gvfs-less           gvfs-monitor-file   gvfs-rename         gvfs-trash
KDE Apps
Bugs Against KDE
KNetAttach

Manual for KNetAttach , which can do webdav mounts. The manual states: "Network folders show up in a special location of Konqueror and Dolphin called a virtual folder. This virtual folder is accessed by typing remote:/ in the location bar or by selecting Network from the Places panel. You will then be able to see any folders which have been previously added and you also will be able to use the wizard to add new ones."

To use with Dolphin, you'll see on the left an object/icon called Network. Click on that and in the main body of Dolphin you should see an object called "Add Network Folder" now to configure a webdav mount.

To use with Konqueror, enabled the sidebar. Settings > Sidebar or F9 . On the left, look for the icon called Network. The, from the top bar - Go > Network Folders . You'll see the "Add Network Folder" object now to configure a webdav mount.

KDE3 - Konqueror3

This works for read access, but not write. Though it does seems to allow you to create a "New Folder" when you right-click on the page and do Select New > Folder. The other options - Text File, etc. - fail as well as drop and drag.

  • Open Konquerer
  • Put in the appropriate url and authenticate when popup shows
    • webdav/s://SERVERNAME/dav/USERNAME/Briefcase
KDE4 - Konqueror4

This doesn't seem to work with reads or writes.

  • Open Konquerer
  • Put in the appropriate url and authenticate when popup shows
    • webdav/s://SERVERNAME/dav/USERNAME/Briefcase
    • webdav/s://SERVERNAME/service/dav/USERNAME/Briefcase
    • http/s://SERVERNAME/dav/USERNAME/Briefcase
    • http/s://SERVERNAME/service/dav/USERNAME/Briefcase

The http will output the properties of the destination but doesn't actually give a file listing.

Firefox

These various syntax tests either gives an error about access, page not found, or does output an xml type page listing details about the briefcase/notebook contents. It does not however, give it in a usable format - page indexing - where one could download the file so one could view it.

http/s ://$MAILSERVER/service/dav/$USERNAME
http/s ://$MAILSERVER/service/dav/$USERNAME@$DOMAIN
http/s ://$MAILSERVER/service/dav/$USERNAME%40$DOMAIN
http/s ://$MAILSERVER/dav/$USERNAME/Briefcase/
http/s ://$MAILSERVER/dav/$USERNAME/Notebook/
webdav/s ://$MAILSERVER/dav/$USERNAME/Briefcase/
webdav/s ://$MAILSERVER/dav/$USERNAME/Notebook/

RSS


Notable Bugs And RFE's

Zimbra And Alfresco


Providing reference URL for those that might be interesting in doing this. This wouldn't be an issue that Zimbra support handles though, just trying to be helpful to those that aren't afraid to go it alone.

Personal tools