Hocky-Notes

Introduction

Those are notes i took while setting-up a POC for our corporate envt.
The installed version is ZCS 5.0.16 on RHEL 4.
We have a proxy to connect to the internet.

Installation

walkthrough

preparation

  • check the documentation from zimbra site for pre-requisites
  • set the proxy
export http_proxy=http://example.com
  • get the package
wget -cv http://h.yimg.com/lo/downloads/5.0.16_GA/zcs-NETWORK-5.0.16_GA_2922.RHEL4.20090429013859.tgz
  • get the md5
wget -cv http://h.yimg.com/lo/downloads/5.0.16_GA/zcs-NETWORK-5.0.16_GA_2922.RHEL4.20090429013859.tgz.md5
  • check md5
md5sum -c zcs-NETWORK-5.0.16_GA_2922.RHEL4.20090429013859.tgz.md5
> zcs-NETWORK-5.0.16_GA_2922.RHEL4.20090429013859.tgz: OK
  • untar
  • copy the license file on the server, you will need it
  • if your infrastructure guys insist on installing in an alternate directory use a bind in /etc/fstab, for instance:
/prd/live /opt/zimbra auto bind

and then

mkdir /opt/zimbra
mount -a

install

  • have the installation .PDFs from Zimbra website ready
  • run install.sh as root

bugs

/etc/hosts file issue

The install program (install.sh) checks that all entries in the hosts file are of the format: <ip> <fqdn> <name> even the entries which have nothing to do with the name of the server.

You may have to remove temporarily (or comment out) the offending lines and restore them after the installation has completed successfully.

That happened to me with version 5.0.16 NE.


Tags: error installation hosts install

proxy stuff

freshclam

it's there:

vi /opt/zimbra/conf/freshclam.conf.in

To setup the proper proxy information for freshclam (the process which fetch the signatures updates for clamav) you have to modify the freshclam.conf.in file, not freshclam.conf

Check the log to make sure everything is ok :

less /opt/zimbra/log/freshclam.log

proxy out for zimlets

If zimlets need to access the internet from behind a proxy, you have to set this variable up:

zmprov mcf zimbraHttpProxyURL http://my.proxy:80

mcf = zimbra wide, it can also be set by server

zimlets

Notes links

The standard zimlet com_zimbra_url can mess-up with the Notes urls Notes://2134564984561321 if this is the case, deactivate it

desktop zimlets

To install zimlets on a linux zimbra desktop (ZD), run the following command:

java -cp jetty/lib/log4j-1.2.8.jar:jetty/common/lib/commons-httpclient-3.0.jar:jetty/common/lib/mail.jar:jetty/common/lib/commons-logging.jar:jetty/common/lib/commons-codec-1.3.jar:jetty/common/lib/json.jar:jetty/common/lib/dom4j-1.5.jar:jetty/common/lib/zimbracommon.jar:jetty/webapps/service/WEB-INF/lib/zimbrastore.jar -Dzimbra.config=conf/localconfig.xml com.zimbra.cs.zimlet.ZimletUtil deploy <path2zimlet>/<zimlet>.zip

Windows: replace / by \ and : by ;

This sort of worked for me with Ubuntu 9.04 & ZD v1.0 build 1593: it installs without error message but then i don't see all zimlets installed in ZD (3 out of 4 are visible). Bug in the zimlet or install that needs another product ?

configuration

backups

Tried the standard

zmschedulebackup -R f "0 1 * * 7" i "0 1 * * 1-6" d 1m "0 0 * * *"

as the zimbra user

if the answer is ...

You (zimbra) are not allowed to use this program (crontab)

you must add the zimbra user to /etc/cron.allow (and/or remove it from cron.deny)

vi /etc/cron.allow

CLI to set to default save plan:

zmschedulebackup -D

CLI review current save plan:

zmschedulebackup -q

https only

We want to encrypt all network communications (you don't want the CEO mails being eavesdropped do you ?): Users can connect in http but they are re-directed to https and stay there.

zmtlsctl redirect
zmcontrol stop
zmcontrol start

GAL

Set the GAL as mixed: internal + external and bind the external to an existing LDAP.

All done via the web UI in 5.0.16.


Caveat: I suppose this can have an impact on performances depending on the search string.


Note: There is a parameter to setup in the user preferences/address book to have dynamic GAL look-up.

SSO

We wanted to be able to connect through our current sso solution:

  • the user connects to the company portal and logs in
  • he clicks on a link to Zimbra
  • we redirect him to his mailbox

We used the preauth feature to achieve that.

This is documented here: http://wiki.zimbra.com/index.php?title=Preauth



information below is obsolete for our implementation

to be removed after server cleanup


I used this information: http://wiki.zimbra.com/index.php?title=Zimbra_with_Apache_using_mod_jk#For_Zimbra_5.0

  • Installed jetty-ajp-6.1.5.jar in /opt/zimbra/jetty/lib/ext/.
  • Changed the owner to zimbra:zimbra

Next, edit the file /opt/zimbra/jetty/etc/jetty.xml.in:

  • Search for these lines:
<!-- =========================================================== -->
<!-- Set connectors                                              -->
<!-- =========================================================== -->
  • Below them, add the following:
   <Call name="addConnector">
     <Arg>
       <New id="ajp" class="org.mortbay.jetty.ajp.Ajp13SocketConnector">
         <Set name="port">8009</Set>
       </New>
     </Arg>
   </Call>


Then, edit the file /opt/zimbra/jetty/etc/service.web.xml.in:

  • Search for instances of the allowed.ports parameter, which will look like this:
<init-param>
 <param-name>allowed.ports</param-name>
 <param-value>%%zimbraMailPort%%, %%zimbraMailSSLPort%%, 7070, 7443, 7071</param-value>
</init-param>
  • If the parameter value already contains %%zimbraMailPort%% and %%zimbraMailSSLPort%%, as above, then add port 8009 to the end of the list, like this:
...
  <param-value>%%zimbraMailPort%%, %%zimbraMailSSLPort%%, 7070, 7443, 7071, 8009</param-value>
...
  • If you wish to enable access to the Zimbra administrative web interface, then also perform the above step on any instance of allowed.ports in which the value already contains 7071.


Finally, restart the application server :

zmmailboxdctl restart

bcc to the old mailserver during the testing phase

in /opt/zimbra/postfix/conf create a file called sender_bcc and add the users you want to copy/send to

employee@zimbra.domain.com employee@oldmailapp.domain.com

in /opt/zimbra/postfix/conf/main.conf add

sender_bcc_maps = hash:/opt/zimbra/postfix/conf/sender_bcc

then run as zimbra user

postmap /opt/zimbra/postfix/conf/sender_bcc

restart postfix -

postfix reload


You may do the same with a recipient_bcc map if needed.


from old domain

in our test setup we change the originator to the non-test domain address

this is done by assigning a unique canonical address to the user + smtp generic map (doing it directly in the canonical address field created loops with our convoluted test set-up)

Certificates stuff

You have to be root for all of this.

To prevent the warnings linked to the self-signing, i created a csr to get it signed by our company CA:

./zmcertmgr createcsr comm -new -subject "/C=FR/O=xxxx/OU=xxxx/CN=xxxx.xxx.fr" -subjectAltNames xxxx.xxx.fr


Bug: If you don't specify -subjectAltNames then you get an error:

Subject does not start with '/'.

In our company we get a single file containing both the cert for the server and the ca chain, so i had to cut the file in two parts, one for the cert and the other for the ca.

Install the cert

/opt/zimbra/bin/zmcertmgr deploycrt comm certfromcomm.crt commercial_ca.crt

Monitoring / Tuning

  • Verifiy that zmstat is running:
zmstatctl status

(returns nothing if down in v5.0.16) or

Running: zmstat-mtaqueue
Running: zmstat-proc
Running: zmstat-fd
Running: zmstat-vm
Running: zmstat-convertd
Running: zmstat-cpu
Running: zmstat-mysql
  • Generate stats of the day:
zmstat-chart -s /opt/zimbra/zmstat --start-at "09/30/2009 00:00:00" -d ~/zmstat/charts
  • Copy the schema to your PC:
pscp -r zimbra@x.x.x.x:/opt/zimbra/zmstat/charts .
  • Enjoy: open charts/index.html

command line stuff

To remove all content (all mails and other) from an account:

for f in `zmmailbox -z -m account@domain.com gaf |awk '/\// {print $5}'|sort|uniq` ; 
do zmmailbox -z -m account@domain.com emptyFolder $f ; 
done


Accounts data (including the creation date):

zmaccts

Assign a COS to several accounts at the same time

for a in account1@domain.com account2@domain.com; do zmprov sac $a newcos; done

Size of the backups, in the backup/sessions directory:

for f in `ls` ; do du -sh $f ;done

links

Desktop

http://wiki.zimbra.com/index.php?title=Yahoo!_Zimbra_Desktop

Themes, skins

http://files.zimbra.com/docs/skins/Themes.html


Note that changes you make to the skin framework will not necessarily survive major upgrades to the ZWC product. 


skins

Slight customisation:

cd /opt/zimbra/jetty/webapps/zimbra/skins/
mkdir customskin
cp -r steel/* customskin
cd customskin
vi skin.properties

modify the lines

SkinName        = customskin
SkinVersion     = 1

uncomment the lines

LogoImgDir      = /zimbra/skins/@SkinName@/logos
LogoURL         = http://www.yourcompany.com

save

copy your new logo files to the logos directory (if you have the network edition)

Logo files are :

  • 450 x 100 pixels
  • 120 x 35 pixels

rename files

mv logo450x100.png LoginBanner.png
mv logo120x35.png AppBanner.png
cd /opt/zimbra/jetty/webapps/zimbra/skins/
zmskindeploy customskin/

you have to restart the mailbox to see the changes (+ don't forget to change the skin in the user prefs)

customisation for zdesktop

the instructions for the server customisation don't work for the windows desktop because the command zmskindeploy does not exist for zimbra desktop

Miscellaneous

If you need to reset permission

/opt/zimbra/libexec/zmfixperms --extended -verbose

extended and verbose are optional

Might be a good idea to

zmcontrol stop 

before running this...

todo

  • explore zimlets stuff
  • check character sets
  • check default language
Jump to: navigation, search