Ajcody-User-Management-Topics: Difference between revisions
Line 818: | Line 818: | ||
The following should provide you with the necessary commands to manage these user configurations: | The following should provide you with the necessary commands to manage these user configurations: | ||
zmprov help command| grep -i data | zmprov help command| grep -i data | ||
createDataSource(cds) {name@domain} {ds-type} {ds-name} zimbraDataSourceEnabled {TRUE|FALSE} zimbraDataSourceFolderId {folder-id} [attr1 value1 [attr2 value2...]] | createDataSource(cds) {name@domain} {ds-type} {ds-name} zimbraDataSourceEnabled {TRUE|FALSE} zimbraDataSourceFolderId {folder-id} [attr1 value1 [attr2 value2...]] | ||
Line 824: | Line 823: | ||
getDataSources(gds) {name@domain|id} [arg1 [arg2...]] | getDataSources(gds) {name@domain|id} [arg1 [arg2...]] | ||
modifyDataSource(mds) {name@domain|id} {ds-name|ds-id} [attr1 value1 [attr2 value2...]] | modifyDataSource(mds) {name@domain|id} {ds-name|ds-id} [attr1 value1 [attr2 value2...]] | ||
zmprov help command| grep -i identit | zmprov help command| grep -i identit |
Revision as of 16:48, 26 May 2015
- This article is NOT official Zimbra documentation. It is a user contribution and may include unsupported customizations, references, suggestions, or information. |
User Management Topics
Actual User Management Topics Homepage
Please see Ajcody-User-Management-Topics
Resetting A User's Account From CLI
Resetting A Password
Standard Method
SetPassword [sp] from zmprov:
zmprov sp joe@domain.com test321
Resetting Users Auth Session - Force Disconnect
Please See First - In Case Of Compromised Accounts / Spammers
Note - Restarting the mta services will be important once you reset the password/s or lock the account. It's required to ensure the active connections will be closed and any existing auth tokens no longer are valid. See:
- Force currently active SMTP authenticated sessions to be renegotiated when locking an account
Changing the Users Password To Expire Session
See Resetting A Password Via CLI or change it via the admin console.
- "Auth token should be invalidated if a user resets their password"
Prior To 605 - Use CLI To Change zimbraAuthTokenValidityValue To Expire The Session
Change the zimbraAuthTokenValidityValue to a small time value:
su - zimbra zmprov ma <accountname> zimbraAuthTokenValidityValue 1 zmprov fc account <accountname>
This value gets stored in the auth token and compared on every request. Changing it will invalidate all outstanding auth tokens.
6.0.5+ You Have Admin Console Option
In the admin console, under the Manage Accounts window you can right click on the user name and choose "Expire Sessions".
- "Manually Invalidate Auth Token(s)"
User , Mailbox ID's, And Who Is What
ZimbraID [UserID] is system wide.
MailboxID is per server store.
To get the ZimbraID:
$ zmprov ga user@domain.com | grep -i zimbraid zimbraId: aeca260b-6faf-4cfe-b407-7673748aabf4 zimbraIdentityMaxNumEntries: 20
To get the MailboxID, get on the appropriate mailserver and:
zmprov gmi user@domain.com mailboxId: 3 quotaUsed: 251512
or globally:
/opt/zimbra/bin/mysql -e "use zimbra; select id from mailbox where account_id = 'UserID HERE including the leading 0'"
Other details can be found here:
http://wiki.zimbra.com/index.php?title=Account_mailbox_database_structure
Account & Domain Summary
Run zmaccts
Here's what it would return:
su - zimbra [zimbra@mail3 ~]$ zmaccts account status created last logon ------------------------------------ ----------- --------------- --------------- admin@mail3.internal.domain.com active 05/06/08 18:46 07/08/08 09:56 ajcody@mail3.internal.domain.com active 05/06/08 20:43 06/23/08 15:48 ajcody2@mail3.internal.domain.com active 05/28/08 11:48 06/30/08 17:44 forward@mail3.internal.domain.com active 05/06/08 21:06 05/29/08 17:24 ham.bidiob2mm@mail3.internal.domain.com active 05/06/08 18:47 never spam.rormmtcyy@mail3.internal.domain.com active 05/06/08 18:47 never wiki@mail3.internal.domain.com active 05/06/08 18:46 never account status created last logon ------------------------------------ ----------- --------------- --------------- secondary@secondary.internal.domain.com active 06/23/08 15:26 06/23/08 15:27 wiki@secondary.internal.domain.com active 06/23/08 15:25 never - domain summary - domain active closed locked maintenance total ----------------------- -------- -------- -------- ------------- -------- mail3.internal.domain 7 0 0 0 7 secondary.internal.domain 2 0 0 0 2
Last Logon comes from the variable zimbraLastLogonTimestamp . This is used to update the "Last Login Time" column in the admin web console as well. It also shows up with [ zmprov ga user@domain ]. Login's based upon session type would only be found in either audit.log or the mailbox.log files. It should have a reference to the user id and the session type for the login [ pop, imap, etc. ].
RFE To Expand zmaccts Output And Options
Please see the following RFE I made:
- "zmaccts to include more options"
Zmmailbox Stuff
RFE's And Bugs To Review
Please see these RFE's first:
- "Admin (zimbra) account to be able to setup resources for accounts (auto-acceptance)"
- http://bugzilla.zimbra.com/show_bug.cgi?id=25740
- Was marked a dup of the work being done for bug7473
- "Share management and discovery"
- "New share property that grants the user the ability to work on email but unable to delete or empty folders"
- http://bugzilla.zimbra.com/show_bug.cgi?id=31466
- In comment 4, I made an extensive suggestion on expanding the permission variables one could use.
- http://bugzilla.zimbra.com/show_bug.cgi?id=31466
Some other's to look at:
- "Expand permission share model"
- "Allow/disallow sharing to all authenticated users via user interface"
- "Calendar Share permission refinement - ability to accept/decline but NOT edit/remove"
- "Revoked view permissions not removed until after logout"
- "RFE - Ability for anyone (not just people with a share) to view some meeting details of resources"
- "After revoking calendar permissions, the web UI still shows the share still exists."
- "Cannot remove sharing permissions for mail folders"
- "Allow non-user "public" folders"
- "share ownership to disti-group -- not just end-user -- delegation (folder, calendar, doc/wiki, task, project)"
- "Global Admin control for Zimbra shared resources (and subscription) -- folders, calendar, address book, task, project, documents"
- "share roles - custom (editor / author) levels"
- "Notification of shared resources for distribution list members"
To See All Folders For A User
Do the following for the user:
[zimbra@mail3 ~]$ zmmailbox -z -m ajcody@DOMAIN gaf Id View Unread Msg Count Path ---------- ---- ---------- ---------- ---------- 1 conv 0 0 / 16 docu 0 2 /Briefcase 10 appo 0 1 /Calendar 14 mess 0 0 /Chats 7 cont 0 0 /Contacts 6 mess 0 0 /Drafts 13 cont 0 9 /Emailed Contacts 2 mess 0 11 /Inbox 4 mess 0 0 /Junk 344 mess 0 0 /Junk E-mail 12 wiki 0 0 /Notebook 302 appo 0 0 /Restored 5 mess 0 15 /Sent 420 mess 0 0 /Share 421 mess 0 0 /Share/Share1 422 mess 0 0 /Share/Share1/Share1-1 423 mess 0 0 /Share/Share2 424 mess 0 0 /Share/Share2/Share2-1 15 task 0 2 /Tasks 3 conv 0 0 /Trash
Do the following for the user [ I'm cutting some of the output to keep it short ]:
[zimbra@mail3 ~]$ zmmailbox -z -m ajcody@DOMAIN gaf -v { "id": "1", "name": "USER_ROOT", "path": "/", "parentId": "11", "flags": null, "color": "defaultColor", "unreadCount": 0, "messageCount": 0, "view": "conversation", "url": null, "effectivePermissions": null, "children": [ { #### CUT HERE #### { "id": "5", "name": "Sent", "path": "/Sent", "parentId": "1", "flags": null, "color": "defaultColor", "unreadCount": 0, "messageCount": 15, "view": "message", "url": null, "effectivePermissions": null }, { "id": "420", "name": "Share", "path": "/Share", "parentId": "1", "flags": "i", "color": "defaultColor", "unreadCount": 0, "messageCount": 0, "view": "message", "url": null, "effectivePermissions": null, "grants": [ { "type": "usr", "name": "ajcody2@mail3.internal.domain.com", "id": "88fd808e-a526-419d-9eda-ad50100d23b6", "permissions": "rwidx", "args": null }, { "type": "all", "name": null, "id": null, "permissions": "rwx", "args": null } ], "children": [ { "id": "421", "name": "Share1", "path": "/Share/Share1", "parentId": "420", "flags": "i", "color": "defaultColor", "unreadCount": 0, "messageCount": 0, "view": "message", "url": null, "effectivePermissions": null, "grants": [ { "type": "usr", "name": "ajcody2@mail3.internal.domain.com", "id": "88fd808e-a526-419d-9eda-ad50100d23b6", "permissions": "rwidx", "args": null }, { "type": "usr", "name": "admin@mail3.internal.domain.com", "id": "5ab13330-2e9b-4a45-9b30-de2c70858265", "permissions": "rwidx", "args": null } ], "children": [ { "id": "422", "name": "Share1-1", "path": "/Share/Share1/Share1-1", "parentId": "421", "flags": null, "color": "defaultColor", "unreadCount": 0, "messageCount": 0, "view": "message", "url": null, "effectivePermissions": null } ] }, { "id": "423", "name": "Share2", "path": "/Share/Share2", "parentId": "420", "flags": null, "color": "defaultColor", "unreadCount": 0, "messageCount": 0, "view": "message", "url": null, "effectivePermissions": null, "children": [ { "id": "424", "name": "Share2-1", "path": "/Share/Share2/Share2-1", "parentId": "423", "flags": null, "color": "defaultColor", "unreadCount": 0, "messageCount": 0, "view": "message", "url": null, "effectivePermissions": null } ### CUT HERE ### ] }
RFE I filed for zmmailbox to have options for this and "recursive".
- "zmmailbox folder should have option to remove ALL shares & recursive option"
Here's a script I wrote. Remove the echo statements to actually run the commands.
#!/bin/bash USER="ajcody@mail3.internal.domain.com" SHARE="/Shared" GETPERM="zmmailbox -z -m $USER gfg $SHARE" MODPERM="zmmailbox -z -m $USER mfg $SHARE" DUMBPASS="34lkoso" NEWPERM=none $GETPERM | egrep -i 'all|guest|public|accoun|domain|group' | gawk '{print $2 " " $3}' | while read SHAREPERM do TYPE=`echo $SHAREPERM|awk '{print $1}'` DISPLAY=`echo $SHAREPERM|awk '{print $2}'` case $TYPE in accoun) echo $MODPERM account $DISPLAY $NEWPERM ;; guest) echo $MODPERM $TYPE $DISPLAY $DUMBPASS $NEWPERM ;; all) echo $MODPERM $TYPE $NEWPERM ;; *) echo $MODPERM $SHAREPERM $NEWPERM ;; esac done
Ouput of an example:
[zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.domain.com gfg /Shared Permissions Type Display ----------- ------ ------- r all r guest ajcody@domain.com r accoun admin@mail3.internal.domain.com r group mydl@mail3.internal.domain.com r domain mail3.internal.domain.com [zimbra@mail3 ~]$ /tmp/remove-share.sh zmmailbox -z -m ajcody@mail3.internal.domain.com mfg /Shared all none zmmailbox -z -m ajcody@mail3.internal.domain.com mfg /Shared guest ajcody@domain.com none zmmailbox -z -m ajcody@mail3.internal.domain.com mfg /Shared account admin@mail3.internal.domain.com none zmmailbox -z -m ajcody@mail3.internal.domain.com mfg /Shared group mydl@mail3.internal.domain.com none zmmailbox -z -m ajcody@mail3.internal.domain.com mfg /Shared domain mail3.internal.domain.com none
I then removed the echo statements:
[zimbra@mail3 ~]$ vi /tmp/remove-share.sh [zimbra@mail3 ~]$ /tmp/remove-share.sh [zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.domain.com gfg /Shared Permissions Type Display ----------- ------ ------- [zimbra@mail3 ~]$
Please TEST this on a test box or a test account before running against a production situation. ZCS version change and commands might act different. Also note, this is a user contributed script and not one from Zimbra developers or the support staff. Also - the wiki formatting might throw of the script and could require you to fix before it runs correctly.
Script is called - zmshares - and should be named such.
#!/usr/bin/env perl # # # This program was written by Pablo Garaitonandia on Nov. 26 2012. # This program is for viewing and deleting all the shares that a user # may have in the event that removing the many shares a user has is # time consuming. # This was written on a system running Zimbra 7.2.0, RHEL 5.8, with perl v5.8.8 use strict; use warnings; use Getopt::Long; my $id=getpwuid($<); my $help=0; my $user_id=0; my $option=0; my @shares; sub view_share; sub del_share; chomp $id; if ($id ne "zimbra") { print STDERR "Error: must be run as zimbra user\n"; exit (1); } GetOptions( 'h|help' => \$help, 'u|uid=s' => \$user_id, 'o|option=s'=> \$option, ) or die "Incorrect usage!\n"; # Check for usage, definition, and correct argument types if ((defined ($user_id) && ($user_id =~ /([a-z0-9]+@[a-z.]+\.[a-z.]+)/gi)) && (defined ($option) && (($option eq "delete") || ($option eq "view")))) { print "\n$option: shares for $user_id \n\n"; } elsif ($help) { usage(); } else { usage(1); } if ($option eq "view"){ view_share();} if ($option eq "delete"){ del_share();} sub view_share { open(VIEW, "/opt/zimbra/bin/zmprov getShareInfo $user_id |"); print <VIEW>; } sub del_share { open(SHARES, "zmprov getShareInfo $user_id |awk '{print substr(\$0,70,6) ,substr(\$0,131,36), substr(\$0,168,15)}' | awk 'NR>2' |"); @shares = <SHARES>; if (!(@shares)){ print "EXITING: User has no shares to delete. \n\n"; exit (1); } foreach my $share (@shares){ my @line = split(/\s+/, $share); if (defined ($line[2])){ print "zmmailbox -z -m $user_id mfg $line[0] account $line[1] none\n"; system("/opt/zimbra/bin/zmmailbox -z -m $user_id mfg $line[0] account $line[1] none") == 0 or die "Command Failed"; } else { print "zmmailbox -z -m $user_id mfg $line[0] account \"\" none\n"; system("zmmailbox -z -m $user_id mfg $line[0] account \"\" none") == 0 or die "Command Failed"; } } } sub usage { my ($msg) = (@_); $msg && print STDERR "\nINCORRECT USAGE: $msg\n"; print STDERR <<USAGE; zmshares -u username\@domain -o (delete|view) Where: -u: (user\@domain) The full user id with domain for user. -o: (delete|view) Delete or view ALL shares for the user USAGE exit (1); } __END__
- I've yet to test these against all items (resources) listed in bug 25740 and work as expected.
To see current perms
zmmailbox -z -m faxfinder@example.com gfg /Inbox
To modify perms:
- r = read
- w = write
- i = insert
- d = delete
- x = accept/decline invites
- a = administer
zmmailbox -z -m faxfinder@example.com mfg /Inbox account user@example.com rwidx
To confirm perms are set:
zmmailbox -z -m faxfinder@example.com gfg /Inbox
To mount "folder" into a user account that was given permission:
zmmailbox -z -m user@example.com cm --view message "/Incoming_Faxes" faxfinder@example.com /Inbox
To confirm folder is mounted:
zmmailbox -z -m user@example.com gaf
Additions notes/options see:
zmmailbox help folder
For mfg it shows it can take the below as a target:
- account {name}
- group {name} *This could be a DL?*
- domain {name}
- all
- public
- guest
Scripting note to do this with multiple users:
- zmmailbox cm could use the zmprov gaa to provide a list of all accounts, this would include system & archive (if exist) accounts though.
How To Turn Off Sharing
You can enable / disable sharing from admin console:
- Admin console --> class of service --> select the CoS (eg default) --> features --> general features --> check/uncheck 'Sharing' option
Alternatively, this can be achieved by having the following CoS attribute either 'TRUE' or 'FALSE', from command line: zimbraFeatureSharingEnabled
Searches With zmmailbox
Special Note If Your Search String Needs Spaces
Here is an example using the correct format to include required spaces to have your search do what you want. For instance, many shared folders will end up using, by default, spaces in the folder name.
$ zmmailbox -z -m ajcody@`zmhostname` gaf | grep appo 10 appo 0 0 /Calendar 263 appo 0 2 /Large Share's Calendar (large-share@mail71.DOMAIN.com:10) $ zmmailbox -z -m ajcody@`zmhostname` s -t appo in:"\"Large Share's Calendar"\" num: 2, more: false Id Type From Subject Date ---------------------------------------- ---- ---------- --------------------- ------ 1. 799efb72-2e6b-400a-8881-c5f9d7c282b1:265 appo <na> Test On Thu 10/28/10 00:02 2. 799efb72-2e6b-400a-8881-c5f9d7c282b1:263 appo <na> test for friday 10/28/10 00:02
Note, the "\"Text1 Text2"\" is for a [s option] search string query, when querying for the folder name with other zmmailbox options - normal quoting works. For example:
$ zmmailbox -z -m ajcody@`zmhostname` gfg "Large Share's Calendar" Permissions Type Display ----------- -------- ------- rwidxa account ajcody@mail71.DOMAIN.com
Search For Messages And Then Delete Them
Here's some examples to grab the message id's from a search and then put them in a variable to use for the delete command.
Other reference: King0770-Notes#Removing_Messages_with_Zmmailbox_based_on_the_Subject
Note - Crossmailbox Search And Delete Is Currently An RFE
See the following :
- RFE: Bulk deletion of a mail - crossmailbox
First - Default Search Returns Only 25 Results
From zmmailbox [help search] & zmmailboxsearch
--limit (optional) -l Sets the limit for the number of results returned. The default is 25.
Example Search With A From And To Date - Multiple Variable Search
This allows you to restrict your search in-between a date range.
zmmailbox -z -m user@domain.com s -t message -l 999 "before:6/15/2011 and after:6/9/2011"
Note - If your trying to do this for a tgz export, please see the following :
Example Search With To Field
[zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com s -t message "To: Adam" num: 4, more: false Id Type From Subject Date ---- ---- -------------------- -------------------------------------------------- -------------- 1. 269 mess Adam Re: 8-7-08 11:37 AM to both outside accounts 08/07/08 11:57 2. 268 mess Adam Re: 8-7-08 11:37 AM to both outside accounts 08/07/08 11:39 3. 266 mess Adam Re: 8-7-08 11:37 AM to both outside accounts 08/07/08 11:38 4. 263 mess Adam Re: test on 8-7-08 to zimbra account 08/07/08 11:37 [zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com s -t message "To: Adam" |awk '{ if (NR!=1) {print}}'| grep mess | awk '{ print $2 "," }' | tr -d '\n' 269,268,266,263, [zimbra@mail3 ~]$ message=`zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com s -t message "To: Adam" |awk '{ if (NR!=1) {print}}'| grep mess | awk '{ print $2 "," }' | tr -d '\n'` [zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com dm `echo $message` [zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com s -t message "To: Adam" num: 0, more: false
Example Search With From Field
[zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com s -t message "From: Adam" num: 8, more: false Id Type From Subject Date ---- ---- -------------------- -------------------------------------------------- -------------- 1. 464 mess Adam test 3 10/02/08 11:43 2. 463 mess Adam test 2 10/02/08 11:43 3. 462 mess Adam test 1 10/02/08 11:43 4. 461 mess Adam test 09/29/08 16:18 5. 460 mess Adam test for mailbox log 09/29/08 16:17 6. 265 mess Adam 8-7-08 11:37 AM to both outside accounts 08/07/08 11:38 7. 261 mess Adam test on 8-7-08 to zimbra account 08/07/08 11:36 8. 257 mess Adam test from zimbra on 8-7-08 08/07/08 11:27 [zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com s -t message "From: Adam" |awk '{ if (NR!=1) {print}}'| grep mess | awk '{ print $2 "," }' | tr -d '\n' 464,463,462,461,460,265,261,257, [zimbra@mail3 ~]$ message=`zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com s -t message "From: Adam" |awk '{ if (NR!=1) {print}}'| grep mess | awk '{ print $2 "," }' | tr -d '\n'` [zimbra@mail3 ~]$ echo $message 464,463,462,461,460,265,261,257, [zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com dm `echo $message` [zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com s -t message "From: Adam" num: 0, more: false [zimbra@mail3 ~]$
More Search Possibilities
Please see [Search Tips]
Export & Import Of Users Data In TGZ Format
Please see Ajcody-Migration-Notes#ZCS_User_to_Another_ZCS_Server_-_With_Rest_.26_TGZ
Seeing What & Where Of A Message ID
If your need to figure out what the actual email/message is from a logging event.
For example, log shows:
2009-03-03 22:04:58,969 INFO [btpool0-5532] [name=USER@DOMAIN.com;mid=8;ip=10.0.0.1;ua=ZimbraWebClient - IE6 (Win)/5.0.11_GA_2695.UBUNTU8_64;] mailop - moving Message (id=10955) to Folder Trash (id=3)
To see the details of the message, do the following:
zmmailbox -z -m USER@DOMAIN gm 10955 Id: 10955 Conversation-Id: 11155 Folder: /Trash Subject: FW: How are you doing? From: User External <USER@DOMAIN.com> To: <USER@DOMAIN.com> ...etc...
Message Count Mismatches
Message Count Via zmprov
To see a listing of message count in folders, replace USER@DOMAIN w/ user:
zmmailbox -z -m USER@DOMAIN gaf
You can also do something like this:
zmmailbox -z -m USER@DOMAIN s -t mess in:"FOLDER_IN_QUESTION"
If the folder has spaces, use the following format : "\"Large Share's Calendar"\"
zmprov rmc RecalculateMailboxCounts
From the zmprov help for rmc:
RecalculateMailboxCounts rmc {name@domain|id} When unread message count and quota usage are out of sync with the data in the mailbox, use this command to immediately recalculate the mailbox quota usage and unread messages count. Important: Recalculating mailbox quota usage and message count should be schedule to run in off peak hours and used on one mailbox at a time. Example: $zmprov rmc user@domain
Users should log into a new ZWC session after this was done.
If User Is Using IMAP Client
We have some bugs/rfe's in regards to how various IMAP clients operate with their delete/purge and it's impact on the our message counting.
Here's a recent one:
- "Item count should account for \Deleted IMAP messages"
- http://bugzilla.zimbra.com/show_bug.cgi?id=20620
- Resolved with 6.0.8
- http://bugzilla.zimbra.com/show_bug.cgi?id=20620
One work around was by configuring the IMAP client to move messages to a Trash/Deleted Items folder [if available] and to delete/purge messages immediately or upon sign off.
Check The Message Blobs On The File System
This is more of a sanity check, confirming the user does have what you would estimate for message blobs on the file system under their message store path.
See: Ajcody-Mysql-Topics#How_To_Locate_Users_Mailstore_and_Message_Store_Directory
You might also see "No Such Blob" messages in the ZWC client and the mailbox.log file.
See: Ajcody-Notes-No-Such-Blob
Make Sure Your Not Auto-purging Messages
These are set at the global or server level.
zmprov gacf | egrep "zimbraMailPurgeSleepInterval|zimbraMailTrashLifetime|\ zimbraMailSpamLifetime|zimbraMailMessageLifetime" zmprov gs server.domain.com | egrep "zimbraMailPurgeSleepInterval|\ zimbraMailTrashLifetime|zimbraMailSpamLifetime|zimbraMailMessageLifetime"
These at the user level:
zmprov ga user@domain | egrep "zimbraPrefInboxReadLifetime|zimbraPrefInboxUnreadLifetime|\ zimbraPrefSentLifetime|zimbraPrefJunkLifetime|zimbraPrefTrashLifetime"
Reference:
Managing Legal Requests for Information
Description:
- The ZCS legal intercept feature is used to obtain copies of email messages that are sent, received, or saved as drafts from targeted accounts and send these message to a designated “shadow” email address. Legal Intercept can be configured to send the complete content of the message or to send only the header information. When a targeted account sends, receives, or saves a draft message, an intercept message is automatically created to forward copies of the messages as attachments to the specified email address.
Please see:
- http://www.zimbra.com/docs/ne/latest/administration_guide/managing_other_zcs_features.8.1.html
- http://wiki.zimbra.com/index.php?title=Legal_Intercept
- http://bugzilla.zimbra.com/show_bug.cgi?id=17539
Persona, Identities, Send As, Send On Behalf Of Issues
For ZCS 8 And Above You Must Grant ACL Rights For sendAs and sendAsDistList for internal users
This section below only applies to versions ZCS 6 and ZCS 7. For ZCS 8 and above, the zimbraAllowFromAddress variable only is valid for external accounts and can NOT be used for internal users or ZCS distribution lists [DL's]. Please see the following for ZCS 8+
CLI Commands To Manage Persona, Identities, External Account
The following should provide you with the necessary commands to manage these user configurations:
zmprov help command| grep -i data createDataSource(cds) {name@domain} {ds-type} {ds-name} zimbraDataSourceEnabled {TRUE|FALSE} zimbraDataSourceFolderId {folder-id} [attr1 value1 [attr2 value2...]] deleteDataSource(dds) {name@domain|id} {ds-name|ds-id} getDataSources(gds) {name@domain|id} [arg1 [arg2...]] modifyDataSource(mds) {name@domain|id} {ds-name|ds-id} [attr1 value1 [attr2 value2...]]
zmprov help command| grep -i identit createIdentity(cid) {name@domain} {identity-name} [attr1 value1 [attr2 value2...]] deleteIdentity(did) {name@domain|id} {identity-name} getIdentities(gid) {name@domain|id} [arg1 [arg...]] modifyIdentity(mid) {name@domain|id} {identity-name} [attr1 value1 [attr2 value2...]]
Bugs And RFE's To Look At
Send As Issues
- "support sendAs right on server (as opposed to on-behalf-of)"
- http://bugzilla.zimbra.com/show_bug.cgi?id=22819
- "Composer should allow user to send message as self if replying on-behalf-of"
- "Implement "sendAs" rights for user accounts"
- http://bugzilla.zimbra.com/show_bug.cgi?id=22819
- "save copy of send-as message to sent-as user's Sent folder"
On Behalf Of Issues
- "send on behalf of for delegate access for ZWC"
- "reply to message in shared subfolder doesn't follow typical on behalf of behavior"
- "Need "Send on behalf of" pref"
- "Make the checkbox configurable for "Sent on behalf of""
Persona Setup With Send As [zimbraAllowFromAddress] Rights Rather Than On Behalf Of
This section below only applies to versions ZCS 6 and ZCS 7. For ZCS 8 and above, the zimbraAllowFromAddress variable only is valid for external accounts and can NOT be used for internal users or ZCS distribution lists [DL's]. Please see the following for ZCS 8+
- This was tested against ZCS 6.0.8p1 .
Attribute descriptions - 608 :
zimbra-attrs.xml:<attr id="427" name="zimbraAllowAnyFromAddress" type="boolean" cardinality="single" optionalIn="account,cos" flags="accountInfo,accountInherited"> zimbra-attrs.xml:<attr id="428" name="zimbraAllowFromAddress" type="email" max="256" cardinality="multi" optionalIn="account" flags="accountInfo,domainAdminModifiable">
- First, created a test user account:
- ajcody@rr608.zimbra.DOMAIN.com
- In the admin web console, under the users preferences tab :
- Sending Mail > checked : "Allow sending email from any address"
zmprov ma ajcody@rr608.zimbra.DOMAIN.com zimbraAllowAnyFromAddress TRUE
- Note, this could be setup in a COS as well and then assign the users you want to that COS
- If this is to permissive, because it does allow the user to send as anybody, then you'll want to do this instead:
zmprov ma ajcody@rr608.zimbra.DOMAIN.com zimbraAllowAnyFromAddress FALSE
zmprov ma ajcody@rr608.zimbra.DOMAIN.com zimbraAllowFromAddress personal-dl@rr608.zimbra.DOMAIN.com
- Note - bug alert.
- Testing shown that you could still have a persona setup for a particular address that wasn't set for the zimbraAllowFromAddress variable and zimbraAllowAnyFromAddress is set as FALSE. You'll be able to select it when composing a message and the message is sent with no error. But, what happens is the email is delivered to the recipient with your primary account details rather than the persona's.
- Note - bug alert.
- Sending Mail > checked : "Allow sending email from any address"
- In the admin web console, under the users preferences tab :
- ajcody@rr608.zimbra.DOMAIN.com
- If your only using a DL for the mail traffic, you would:
- Create a new DL :
- persona-dl@rr608.zimbra.DOMAIN.com
- checked "Can receive email"
- Added a user/s to the DL:
- ajcody@rr608.zimbra.DOMAIN.com
- persona-dl@rr608.zimbra.DOMAIN.com
- Create a new DL :
- Now, once that is done we can setup the persona for our "test user" - ajcody. Login as testuser
- Create a Folder called "Persona DL" and then a filter rule to move all emails with persona-dl@rr608.zimbra.DOMAIN.com to the "Persona DL" folder.
- Under the users perferences, Mail > Accounts > Add Persona button:
- Persona Name : Persona DL
- From : Persona DL # personal-dl@rr608.zimbra.DOMAIN.com
- Reply-To : Persona DL # personal-dl@rr608.zimbra.DOMAIN.com
- Use this persona:
- check "when replying or forwarding messages sent to: Persona DL # personal-dl@rr608.zimbra.DOMAIN.com
- check "when replying or forwarding messages in folder(s) : Personal DL
- Persona Name : Persona DL
- Under the users perferences, Mail > Accounts > Add Persona button:
- Create a Folder called "Persona DL" and then a filter rule to move all emails with persona-dl@rr608.zimbra.DOMAIN.com to the "Persona DL" folder.
- Things to note when using persona
- A new message in the "From" section will give a drop down for your persona choice.
- It's best to create a mail filter rule to put related messages for the persona account into a folder and then in the persona choose the option about using the persona as the default when replying to messages in that folder.
This section below only applies to versions ZCS 6 and ZCS 7. For ZCS 8 and above, the zimbraAllowFromAddress variable only is valid for external accounts and can NOT be used for internal users or ZCS distribution lists [DL's]. Please see the following for ZCS 8+
- The below how-to was tested against ZCS 6.0.8p1 .
- First, created a test user account:
- ajcody@rr608.zimbra.DOMAIN.com
- In the admin web console, under the users preferences tab :
- Sending Mail > checked : "Allow sending email from any address"
zmprov ma ajcody@rr608.zimbra.DOMAIN.com zimbraAllowAnyFromAddress TRUE
- Note, this could be setup in a COS as well and then assign the users you want to that COS
- If this is to permissive, because it does allow the user to send as anybody, then you'll want to do this instead:
zmprov ma ajcody@rr608.zimbra.DOMAIN.com zimbraAllowAnyFromAddress FALSE
zmprov ma ajcody@rr608.zimbra.DOMAIN.com zimbraAllowFromAddress personal-source@rr608.zimbra.DOMAIN.com
- Note - bug alert.
- Testing shown that you could still have a persona setup for a particular address that wasn't set for the zimbraAllowFromAddress variable and zimbraAllowAnyFromAddress is set as FALSE. You'll be able to select it when composing a message and the message is sent with no error. But, what happens is the email is delivered to the recipient with your primary account details rather than the persona's.
- Note - bug alert.
- Sending Mail > checked : "Allow sending email from any address"
- In the admin web console, under the users preferences tab :
- ajcody@rr608.zimbra.DOMAIN.com
- If I was only using a "shared mailbox" for the mail traffic, I would:
- First create a DL that will have the user accounts you want to share this 'new' mailbox [Inbox]:
- Create a new DL:
- persona-share@rr608.zimbra.DOMAIN.com
- checked "Can receive email"
- Added a user to the DL:
- ajcody@rr608.zimbra.DOMAIN.com
- persona-share@rr608.zimbra.DOMAIN.com
- Create a new DL:
- First create a DL that will have the user accounts you want to share this 'new' mailbox [Inbox]:
- The create a new account/mailbox that others will share:
- persona-source@rr608.zimbra.DOMAIN.com
- From the 'admin console', do "View Mail" on the new account
- Share the Inbox to the DL : persona-share@rr608.zimbra.DOMAIN.com w/ Manager or Admin Rights
- From the 'admin console', do "View Mail" on the new account
- persona-source@rr608.zimbra.DOMAIN.com
- Log back into the 'test user' acocunt - ajcody@rr608.zimbra.DOMAIN.com
- Accept the share and confirm you see the "Inbox" from the "persona-source" account.
- Then, under the users perferences, Mail > Accounts > Add Persona button::
- Persona Name : Persona Source
- From : Persona Source # persona-source@rr608.zimbra.DOMAIN.com
- Reply-To : Persona Source # persona-source@rr608.zimbra.DOMAIN.com
- Use this persona:
- check "when replying or forwarding messages sent to: persona-source@rr608.zimbra.DOMAIN.com
- check "when replying or forwarding messages in folder(s) : Persona Source's Inbox
- Persona Name : Persona Source
- Then, under the users perferences, Mail > Accounts > Add Persona button::
- Accept the share and confirm you see the "Inbox" from the "persona-source" account.
- Things to note when using persona
- A new message in the "From" section will give a drop down for your persona choice.
- It's best to create a mail filter rule to put related messages for the persona account into a folder and then in the persona choose the option about using the persona as the default when replying to messages in that folder.
- Need An RFE/BUG Report? - When you have a shared mailbox folder, the 'normal' operation when replying to messages from that folder is to send them "on behalf of". You don't want this option, since your wanting to use the persona rules. You might need to "uncheck" the box under the new message that says:
- uncheck box for "Send this message on behalf of: persona-source@rr608.zimbra.DOMAIN.com"
- I couldn't find a way to have this "unchecked" as the default.
Sieve Rules
Administrating Rules For Users - CLI
Please see King0770-Notes-Sieve_Rules_By_Proxy