https://wiki.zimbra.com/api.php?action=feedcontributions&user=Jorge+de+la+Cruz&feedformat=atomZimbra :: Tech Center - User contributions [en]2024-03-29T05:19:55ZUser contributionsMediaWiki 1.39.0https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.8.6_HotFix&diff=65127Zimbra Releases/8.8.6 HotFix2018-02-23T13:49:32Z<p>Jorge de la Cruz: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Zimbra Collaboration 8.8.6 Hotfix =<br />
{{KB|{{ZC}}|{{ZCS 8.8}}|||}}<br />
<br />
==Purpose==<br />
This hotfix includes following fixes for on 8.8.6 GA:<br />
* [https://bugzilla.zimbra.com/show_bug.cgi?id=108414 '''Bug 108414'''] Null pointer Exception<br />
* [https://bugzilla.zimbra.com/show_bug.cgi?id=108839 '''Bug 108839'''] Address uncontrolled heap growth in ImapSessionManager::sessions<br />
<br />
Please re-check your ZCS version. This hotfix should only be applied on 8.8.6.GA.1906.<br />
Any issues after hotfix, you revert the changes by ./install_patch.sh -r<br />
<br />
'''IMPORTANT NOTES:''' <br />
*1. The install_patch.sh script should be run as root.<br />
*2. This patch may safely be installed on:<br />
**1. Unpatched 8.8.6GA.<br />
**2. 8.8.6GA that already has zcs-patch-8.8.6_GA_HF_108414 installed.<br />
<br />
==Resolution==<br />
To install the hotfix, first thing is to grab the hotfix from our [https://www.zimbra.com/downloads/ '''downloads'''] website - <br />
Second, as a root, unzip the package:<br />
# tar -xvzf zcs-patch-8.8.6_GA_HF_108839.tgz<br />
zcs-patch-8.8.6_GA_HF_108839/<br />
zcs-patch-8.8.6_GA_HF_108839/install_patch.sh<br />
zcs-patch-8.8.6_GA_HF_108839/patched_jars/<br />
zcs-patch-8.8.6_GA_HF_108839/README.txt<br />
zcs-patch-8.8.6_GA_HF_108839/patched_jars/zm-store-8.8.6.1516807620.jar<br />
<br />
Now, still as root, move to the new folder and run the patch:<br />
cd zcs-patch-8.8.6_GA_HF_108839<br />
./install_patch.sh <br />
You'll see an output like this one:<br />
Backing up jars.<br />
Installing Fix for Bug 108414 and 108839<br />
Installation completed. Please restart the mailbox.<br />
<br />
Final step, as zimbra user, is to restart the Zimbra services:<br />
su - zimbra<br />
zmmailboxdctl restart<br />
<br />
==Additional Content==<br />
* In case you want and extra help, the patch has the -h variable you can run:<br />
./install_patch.sh -h<br />
Usage: ./install_patch.sh [OPTION]<br />
./install_patch.sh install hotfix for Bug 108414 and 108839 on 8.8.6.GA.1906<br />
-r revert the patch.<br />
<br />
* To revert patch, in case of any issues, follow the next step, as root:<br />
./install_patch.sh -r<br />
Reverting fix for Bug 108414 and 108839<br />
Reverted the patch. Please restart the mailbox.<br />
<br />
And then as user zimbra:<br />
su - zimbra<br />
zmmailboxdctl restart<br />
<br />
{{Article Footer|Zimbra Collaboration 8.8.6|02/14/2018}}<br />
{{NeedSME|Jorge|SME2|Copyeditor}}</div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases&diff=65119Zimbra Releases2018-02-20T16:21:47Z<p>Jorge de la Cruz: </p>
<hr />
<div><ol class="breadcrumb"><br />
<li>[[Main Page|Zimbra Wiki]]</li><br />
<li class="active">{{PAGENAME}}</li><br />
</ol><br />
__NOTOC__<br />
<div class="col-md-12 ibox-content"><br />
=Zimbra Product Releases=<br />
==Zimbra Collaboration==<br />
Zimbra release notes are specific to each version of the server. Select your version from the list below to see the release notes for it.<br />
<div class="class="col-md-10""><br />
<table class="table table-hover table-bordered table-striped"><br />
<tr><br />
<th>Release</th><br />
<th>Codename</th><br />
<th>Patch Level</th><br />
<th>Third-Party Patch Level</th><br />
<th>General Availability</th><br />
<th>Download the Release Notes</th><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.8.6|8.8.6 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-success"><i class="fa fa-check"></i> 01/15/2018</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.8.6|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.8.6&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.8|8.8 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-success"><i class="fa fa-check"></i> 12/12/2017</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.8|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.8&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.11|8.7.11 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-success"><i class="fa fa-check"></i> 06/08/2017</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.7.11|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.11&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.10|8.7.10 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-success"><i class="fa fa-check"></i> 05/31/2017</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.7.10|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.10&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.9|8.7.9 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-success"><i class="fa fa-check"></i> 05/11/2017</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.7.9|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.9&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.8|8.7.8 Early Developer Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-success"><i class="fa fa-check"></i> 04/27/2017</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.7.8|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.8&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.7|8.7.7 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-success"><i class="fa fa-check"></i> 04/13/2017</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.7.7|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.7&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.6|8.7.6 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-success"><i class="fa fa-check"></i> 03/30/2017</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.7.6|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.6&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.5|8.7.5 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-success"><i class="fa fa-check"></i> 03/16/2017</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.7.5|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.5&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.4|8.7.4 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-success"><i class="fa fa-check"></i> 03/02/2017</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.7.4|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.4&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.3|8.7.3 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-success"><i class="fa fa-check"></i> 02/17/2017</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.7.3|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.3&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.2|8.7.2 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-success"><i class="fa fa-check"></i> 02/02/2017</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.7.2|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.2&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.1|8.7.1 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-success"><i class="fa fa-check"></i> 10/27/2016</span></td><br />
<td><i class="fa fa-file-text-o" style="color:red"></i> [[Zimbra_Releases/8.7.1|'''HTML''']] | <i class="fa fa-file-text-o"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.1&printable=yes '''PDF''']</td><br />
</tr><br />
<tr><br />
<tr><br />
<td>'''[[Zimbra_Releases/8.7.0|8.7.0 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-success"><i class="fa fa-check"></i> 07/13/2016</span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.7.0&printable=yes '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>'''[[Zimbra Releases/8.6.0|8.6.0 GA Release]]'''</td><br />
<td>JudasPriest</td><br />
<td>[[Zimbra_Releases/8.6.0_Patch9|'''Patch 9''']]</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of General Support 9/30/2018</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 12/15/2014</span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.6/ZCS_860_NE_ReleaseNotes_UpgradeInst.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> [http://zimbra.io/wikiold/Zimbra%20Collaboration%208.6.0%20Network%20Edition%20Release%20Notes%20-%20Zimbra,%20Inc_.epub '''ePub''']</td><br />
</tr><br />
<tr><br />
<td>8.5.1 GA Release</td><br />
<td>JudasPriest</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/30/2018</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 11/03/2014</span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.5/ZCS_851R2_NE_ReleaseNotes_UpgradeInst.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>8.5.0 GA Release</td><br />
<td>JudasPriest</td><br />
<td>Patch 2</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/30/2018</i></span><br /><span class="text-success"><i class="fa fa-check"></i> 08/28/2014</span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.5/ZCS_850_Rev2_NE_ReleaseNotes_UpgradeInst.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>8.0.9 GA Release</td><br />
<td>IronMaiden</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/10/2017</i></span><br /><span class="text-success"><i class="fa fa-check"> 11/03/2014</i></span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.0/ZCS_809R1_NE_ReleaseNotes_UpgradeInst.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>8.0.8 GA Release</td><br />
<td>IronMaiden</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/10/2017</i></span><br /><span class="text-success"><i class="fa fa-check"> 09/25/2014</i></span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.0/ZCS_808R1_NE_ReleaseNotes_UpgradeInst.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>8.0.7 GA Release</td><br />
<td>IronMaiden</td><br />
<td>Patch 2</td><br />
<td>ZCS 8.0.7 curl patch [https://bugzilla.zimbra.com/show_bug.cgi?id=88926#c11 <i class="fa fa-file-pdf-o" style="color:red"></i>] | [https://files.zimbra.com/downloads/security/zmcurl807-updater.sh <i class="fa fa-download"></i>] <br />OpenSSL Heartbleed and CVE-2014-0224<br /> (CCS Injection Vulnerability) Patch [http://community.zimbra.com/support/security/b/weblog/archive/2014/06/07/20140606-zimbra-security-advisory-on-cve-2014-0224-ccs-injection-vulnerability<br /> <i class="fa fa-file-pdf-o" style="color:red"></i> '''PDF'''] | [https://files.zimbra.com/downloads/security/zmopenssl-updater.sh <i class="fa fa-download"></i> '''Download Patch''']<br />
</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/10/2017</i></span><br /><span class="text-success"><i class="fa fa-check"> 04/08/2014</i></span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.0/ZCS_807_NE_ReleaseNotes_UpgradeInst.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>8.0.6 GA Release</td><br />
<td>IronMaiden</td><br />
<td>No released patches</td><br />
<td>OpenSSL Heartbleed and CVE-2014-0224<br /> (CCS Injection Vulnerability) Patch [https://community.zimbra.com/support/security/b/weblog/archive/2014/06/07/20140606-zimbra-security-advisory-on-cve-2014-0224-ccs-injection-vulnerability<br /> <i class="fa fa-file-pdf-o" style="color:red"></i> '''PDF'''] | [https://files.zimbra.com/downloads/security/zmopenssl-updater.sh <i class="fa fa-download"></i> '''Download Patch''']<br />
</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/10/2017</i></span><br /><span class="text-success"><i class="fa fa-check"> 12/03/2013</i></span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.0/ZCS_806R1_NE_ReleaseNotes_UpgradeInst.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>8.0.5 GA Release</td><br />
<td>IronMaiden</td><br />
<td>Patch 1</td><br />
<td>OpenSSL Heartbleed and CVE-2014-0224<br /> (CCS Injection Vulnerability) Patch [https://community.zimbra.com/support/security/b/weblog/archive/2014/06/07/20140606-zimbra-security-advisory-on-cve-2014-0224-ccs-injection-vulnerability<br /> <i class="fa fa-file-pdf-o" style="color:red"></i> '''PDF'''] | [https://files.zimbra.com/downloads/security/zmopenssl-updater.sh <i class="fa fa-download"></i> '''Download Patch''']<br />
</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/10/2017</i></span><br /><span class="text-success"><i class="fa fa-check"> 09/10/2013</i></span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.0/Zimbra_NE_Release_Notes_8.0.5.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>8.0.4 GA Release</td><br />
<td>IronMaiden</td><br />
<td>Patch 2</td><br />
<td>OpenSSL Heartbleed and CVE-2014-0224<br /> (CCS Injection Vulnerability) Patch [https://community.zimbra.com/support/security/b/weblog/archive/2014/06/07/20140606-zimbra-security-advisory-on-cve-2014-0224-ccs-injection-vulnerability<br /> <i class="fa fa-file-pdf-o" style="color:red"></i> '''PDF'''] | [https://files.zimbra.com/downloads/security/zmopenssl-updater.sh <i class="fa fa-download"></i> '''Download Patch''']<br />
</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/10/2017</i></span><br /><span class="text-success"><i class="fa fa-check"> 05/24/2013</i></span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.0/Zimbra_NE_Release_Notes_8.0.4.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>8.0.3 GA Release</td><br />
<td>IronMaiden</td><br />
<td>Patch 3</td><br />
<td>OpenSSL Heartbleed and CVE-2014-0224<br /> (CCS Injection Vulnerability) Patch [https://community.zimbra.com/support/security/b/weblog/archive/2014/06/07/20140606-zimbra-security-advisory-on-cve-2014-0224-ccs-injection-vulnerability<br /> <i class="fa fa-file-pdf-o" style="color:red"></i> '''PDF'''] | [https://files.zimbra.com/downloads/security/zmopenssl-updater.sh <i class="fa fa-download"></i> '''Download Patch''']<br />
</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/10/2017</i></span><br /><span class="text-success"><i class="fa fa-check"> 03/05/2013</i></span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.0/Zimbra_NE_Release_Notes_8.0.3.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>8.0.2 GA Release</td><br />
<td>IronMaiden</td><br />
<td>Patch 1</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/10/2017</i></span><br /><span class="text-success"><i class="fa fa-check"> 12/10/2012</i></span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.0/Zimbra_NE_Release_Notes_8.0.2.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>8.0.1 GA Release</td><br />
<td>IronMaiden</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/10/2017</i></span><br /><span class="text-success"><i class="fa fa-check"> 11/05/2012</i></span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.0/Zimbra_NE_Release_Notes_8.0.1.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>8.0.0 GA Release</td><br />
<td>IronMaiden</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 9/10/2017</i></span><br /><span class="text-success"><i class="fa fa-check"> 09/07/2012</i></span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/8.0/Zimbra_NE_Release_Notes_8.0.0.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
<tr><br />
<td>7.2.7 GA Release</td><br />
<td>Helix</td><br />
<td>No released patches</td><br />
<td>No released patches</td><br />
<td><span class="text-danger"><i class="fa fa-exclamation-triangle"> End of Technical Guidance 3/31/2015</i></span><br /><span class="text-success"><i class="fa fa-check"> 03/14/2014</i></span></td><br />
<td><i class="fa fa-file-pdf-o" style="color:red"></i> [https://files.zimbra.com/website/docs/7.2/Zimbra_OS_Release_Notes_Upgrade_7.2.7.pdf '''PDF'''] | <i class="fa fa-file-text-o"></i> ePub</td><br />
</tr><br />
</table><br />
</div><br />
</div><br />
{{FH}}</div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.6.0_Patch9&diff=65118Zimbra Releases/8.6.0 Patch92018-02-20T15:43:21Z<p>Jorge de la Cruz: Jorge de la Cruz moved page Zimbra Releases/8.6.0 Patch9 to Zimbra Releases/8.6.0/P9</p>
<hr />
<div>#REDIRECT [[Zimbra Releases/8.6.0/P9]]</div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.6.0/P9&diff=65117Zimbra Releases/8.6.0/P92018-02-20T15:43:20Z<p>Jorge de la Cruz: Jorge de la Cruz moved page Zimbra Releases/8.6.0 Patch9 to Zimbra Releases/8.6.0/P9</p>
<hr />
<div><ol class="breadcrumb"><br />
<li>[[Main Page|Zimbra Wiki]]</li><br />
<li>[[Zimbra Releases]]</li><br />
<li class="active">Zimbra Collaboration 8.6.0 Patch 9</li><br />
</ol><br />
__FORCETOC__<br />
<div class="col-md-12"><br />
<div class="col-md-9"><br />
<br />
=Zimbra Collaboration 8.6.0 Patch 9 GA Release=<br />
Check out the '''"[[#fixed|Fixed Issues]]"''' and '''"[[#security|Security Fixes]]"''' for this version of Zimbra Collaboration below. As always, you’re encouraged to tell us what you think in the Forums, or file a bug in '''[https://bugzilla.zimbra.com/enter_bug.cgi Bugzilla]'''. <br />
<br />
<div class="col-md-9"><br />
<br /><br />
<br />
<table class="table table-striped table-condensed"><br />
<tr><br />
<th colspan="2" class="info"><h4><div id="fixed">Fixed Issues [https://bugzilla.zimbra.com/buglist.cgi?chfield=bug_status&chfieldto=2018-2-10&chfieldvalue=RESOLVED&columnlist=product%2Ccomponent%2Cassigned_to%2Cbug_status%2Cresolution%2Cshort_desc%2Cchangeddate&f1=keywords&known_name=8_6_0_Patch9%20Fixed%20Issues&list_id=361578&o1=equals&query_format=advanced&v1=8_6_0_Patch9 <span style="color:white;font-size:0.66em">(Bugzilla query)</span>]</div></h4></th><br />
</tr><br />
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=101227 101227] </td><td class="col-md-10"> CPU load & latency when open mail with data:image/png:base64 inline image</td></tr><br />
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=104365 104365] </td><td class="col-md-10"> Update timezones.ics to tzdata2017b</td></tr><br />
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=97710 97710] </td><td class="col-md-10"> Tasks causing slowness from ZWC and consuming CPU resources</td></tr><br />
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=103797 103797] </td><td class="col-md-10"> Description of a previous appointment comes up when changing mode from plain-text to html</td></tr><br />
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=107289 107289] </td><td class="col-md-10"> Printing work week shows wrong time</td></tr><br />
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=107288 107288] </td><td class="col-md-10"> EWS caches and logs cleartext password</td></tr><br />
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=97460 97460] </td><td class="col-md-10"> Need visual cue and hyperlink for url links when composing message</td></tr><br />
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=100281 100281] </td><td class="col-md-10"> Deleted/canceled appts remain on calendar</td></tr><br />
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=101584 101584] </td><td class="col-md-10"> QuickAdd location using GAL is not saved correctly > only name is kept</td></tr><br />
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=107826 107826] </td><td class="col-md-10"> Implement GetStreamingEvents EWS API(Phase 1)</td></tr><br />
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=107499 107499] </td><td class="col-md-10"> EWS: Resolve Name should return all the contact information</td></tr><br />
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=97126 97126] </td><td class="col-md-10"> Script Error (this._sharesGroup is undefined) when click to "Edit Properties" folder menu</td></tr><br />
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=101023 101023] </td><td class="col-md-10"> zimbraHelpAdvancedURL, zimbraHelpStandardURL and zimbraHelpAdminURL does not work</td></tr><br />
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=107646 107646] </td><td class="col-md-10"> There is an unexpected logout for a session in the HTML client. </td></tr><br />
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=107925 107925] </td><td class="col-md-10"> Persistent XSS - snippet [CWE-79] </td></tr><br />
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=108265 108265] </td><td class="col-md-10"> Persistent XSS - message view as text [CWE-79] </td></tr><br />
</table><br />
<br />
<br />
=Security Fixes=<br />
<div id="security"></div><br />
Information about security fixes, security response policy and vulnerability rating classification are listed below. See the [https://wiki.zimbra.com/wiki/Zimbra_Security_Response_Policy Zimbra Security Response Policy] and the [https://wiki.zimbra.com/wiki/Zimbra_Vulnerability_Rating_Classification Zimbra Vulnerability Rating] Classification information below for details.<br />
<table class="table table-striped table-condensed"><br />
<tr><br />
<th style="background-color: #f15922; width: 80px;"><span style="color: #ffffff;">Bug#</span></th><br />
<th style="background-color: #f15922;"><span style="color: #ffffff;">Summary</span></th><br />
<th style="background-color: #f15922;"><span style="color: #ffffff;"><strong>CVE-ID</strong></span></th><br />
<th style="text-align: center; background-color: #f15922;"><span style="color: #ffffff;"><strong>CVSS<br>Score</strong></span></th><br />
<th style="text-align: center; background-color: #f15922;"><span style="color: #ffffff;"><strong>Zimbra<br>Rating</strong></span></th><br />
<th style="text-align: center; background-color: #f15922;"><span style="color: #ffffff;">Fix&nbsp;Release&nbsp;or <br>Patch&nbsp;Version</span></th><br />
</tr><br />
<tr><br />
<td class="col-md-1">[https://bugzilla.zimbra.com/show_bug.cgi?id=107925 107925]</td><br />
<td>Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td><br />
<td>CVE-2017-8802</td><br />
<td style="text-align: center; ">[https://nvd.nist.gov/cvss.cfm?calculator&amp;version=2&amp;vector=(AV:N/AC:H/Au:N/C:N/I:P/A:N) 3.5]</td><br />
<td style="text-align: center; ">Minor</td><br />
<td style="text-align: center; ">8.6 P9, 8.8.3</td><br />
</tr><br />
<tr><br />
<td class="col-md-1">[https://bugzilla.zimbra.com/show_bug.cgi?id=108265 108265]</td><br />
<td>Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td><br />
<td>CVE-2017-17703</td><br />
<td style="text-align: center; ">[https://nvd.nist.gov/cvss.cfm?calculator&amp;version=2&amp;vector=(AV:N/AC:H/Au:N/C:N/I:P/A:N) 3.5]</td><br />
<td style="text-align: center; ">Minor</td><br />
<td style="text-align: center; ">8.6 P9, 8.8.3</td><br />
</tr><br />
<br />
</table><br />
<br />
=Before Installing the Patch=<br />
Before installing the patch, consider the following:<br />
* Zimbra Collaboration patches can be found at https://www.zimbra.com/downloads/zimbracollaboration<br />
* Patches are cumulative, and delivered as a TGZ file.<br />
* A full backup should be performed before any patch is applied. There is no automated roll-back.<br />
* Zimlet patches can include removing existing Zimlets and redeploying the patched Zimlet.<br />
* Only files or Zimlets associated with installed packages will be installed from the patch.<br />
* Switch to user '''zimbra''' before using ZCS CLI commands.<br />
* '''Important!''' You cannot revert to the previous ZCS release after you upgrade to the patch.<br />
<br />
=Install the Patch =<br />
Note: This patch should be installed on all nodes running in your environment.<br />
<br />
'''1.''' Before you begin, confirm you have the following:<br />
* Zimbra Collaboration 8.6.0 GA installed<br />
* Zimbra Collaboration 8.6.0 Patch9 TGZ file<br />
<br />
'''2.''' Copy the patch.tgz file(s) to your server.<br />
<br />
'''3.''' Install Zimbra Collaboration 8.6.0 Patch9<br />
*a. Log in as root and cd to the directory where the tar file is saved. Type<br />
tar xzf zcs-patch-8.6.0_GA_XXX.tgz<br />
cd zcs-patch-8.6.0_GA_XX<br />
* b. As root, install the patch. Type<br />
./installPatch.sh<br />
* c. Switch to user zimbra<br />
su – zimbra<br />
* d. ZCS must be restarted to changes to take effect. Type<br />
zmcontrol restart<br />
<br />
'''Note:''' For users who have the web-client open and are running the FOSS edition, the refresh notice mightstate that you have changed to the NETWORK Edition; however, your feature set will remain FOSS only.<br />
<br />
</div><br />
</div><br />
<div class="col-md-3">{{GuidePosts}}</div><br />
</div></div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.8.6_HotFix_108839&diff=65103Zimbra Releases/8.8.6 HotFix 1088392018-02-14T18:19:38Z<p>Jorge de la Cruz: Jorge de la Cruz moved page Zimbra Releases/8.8.6 HotFix 108839 to Zimbra Releases/8.8.6 HotFix</p>
<hr />
<div>#REDIRECT [[Zimbra Releases/8.8.6 HotFix]]</div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.8.6_HotFix&diff=65102Zimbra Releases/8.8.6 HotFix2018-02-14T18:19:38Z<p>Jorge de la Cruz: Jorge de la Cruz moved page Zimbra Releases/8.8.6 HotFix 108839 to Zimbra Releases/8.8.6 HotFix</p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Zimbra Collaboration 8.8.6 Hotfix =<br />
{{KB|{{ZC}}|{{ZCS 8.8}}|||}}<br />
<br />
==Purpose==<br />
This hotfix includes following fixes for on 8.8.6 GA:<br />
* [https://bugzilla.zimbra.com/show_bug.cgi?id=108414 '''Bug 108414'''] Null pointer Exception<br />
* [https://bugzilla.zimbra.com/show_bug.cgi?id=108839 '''Bug 108839'''] Address uncontrolled heap growth in ImapSessionManager::sessions<br />
<br />
Please re-check your ZCS version. This hotfix should only be applied on 8.8.6.GA.1906.<br />
Any issues after hotfix, you revert the changes by ./install_patch.sh -r<br />
<br />
'''IMPORTANT NOTES:''' <br />
*1. The install_patch.sh script should be run as root.<br />
*2. This patch may safely be installed on:<br />
**1. Unpatched 8.8.6GA.<br />
**2. 8.8.6GA that already has zcs-patch-8.8.6_GA_HF_108414 installed.<br />
<br />
==Resolution==<br />
To install the hotfix, first thing is to grab the hotfix from our [https://www.zimbra.com/downloads/ '''downloads'''] website - <br />
Second, as a root, unzip the package:<br />
# tar -xvzf zcs-patch-8.8.6_GA_HF_108839.tgz<br />
zcs-patch-8.8.6_GA_HF_108839/<br />
zcs-patch-8.8.6_GA_HF_108839/install_patch.sh<br />
zcs-patch-8.8.6_GA_HF_108839/patched_jars/<br />
zcs-patch-8.8.6_GA_HF_108839/README.txt<br />
zcs-patch-8.8.6_GA_HF_108839/patched_jars/zm-store-8.8.6.1516807620.jar<br />
<br />
Now, still as root, move to the new folder and run the patch:<br />
cd zcs-patch-8.8.6_P1_HF_108839<br />
./install_patch.sh <br />
You'll see an output like this one:<br />
Backing up jars.<br />
Installing Fix for Bug 108414 and 108839<br />
Installation completed. Please restart the mailbox.<br />
<br />
Final step, as zimbra user, is to restart the Zimbra services:<br />
su - zimbra<br />
zmmailboxdctl restart<br />
<br />
==Additional Content==<br />
* In case you want and extra help, the patch has the -h variable you can run:<br />
./install_patch.sh -h<br />
Usage: ./install_patch.sh [OPTION]<br />
./install_patch.sh install hotfix for Bug 108414 and 108839 on 8.8.6.GA.1906<br />
-r revert the patch.<br />
<br />
* To revert patch, in case of any issues, follow the next step, as root:<br />
./install_patch.sh -r<br />
Reverting fix for Bug 108414 and 108839<br />
Reverted the patch. Please restart the mailbox.<br />
<br />
And then as user zimbra:<br />
su - zimbra<br />
zmmailboxdctl restart<br />
<br />
{{Article Footer|Zimbra Collaboration 8.8.6|02/14/2018}}<br />
{{NeedSME|Jorge|SME2|Copyeditor}}</div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.8.6_HotFix&diff=65101Zimbra Releases/8.8.6 HotFix2018-02-14T18:19:27Z<p>Jorge de la Cruz: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Zimbra Collaboration 8.8.6 Hotfix =<br />
{{KB|{{ZC}}|{{ZCS 8.8}}|||}}<br />
<br />
==Purpose==<br />
This hotfix includes following fixes for on 8.8.6 GA:<br />
* [https://bugzilla.zimbra.com/show_bug.cgi?id=108414 '''Bug 108414'''] Null pointer Exception<br />
* [https://bugzilla.zimbra.com/show_bug.cgi?id=108839 '''Bug 108839'''] Address uncontrolled heap growth in ImapSessionManager::sessions<br />
<br />
Please re-check your ZCS version. This hotfix should only be applied on 8.8.6.GA.1906.<br />
Any issues after hotfix, you revert the changes by ./install_patch.sh -r<br />
<br />
'''IMPORTANT NOTES:''' <br />
*1. The install_patch.sh script should be run as root.<br />
*2. This patch may safely be installed on:<br />
**1. Unpatched 8.8.6GA.<br />
**2. 8.8.6GA that already has zcs-patch-8.8.6_GA_HF_108414 installed.<br />
<br />
==Resolution==<br />
To install the hotfix, first thing is to grab the hotfix from our [https://www.zimbra.com/downloads/ '''downloads'''] website - <br />
Second, as a root, unzip the package:<br />
# tar -xvzf zcs-patch-8.8.6_GA_HF_108839.tgz<br />
zcs-patch-8.8.6_GA_HF_108839/<br />
zcs-patch-8.8.6_GA_HF_108839/install_patch.sh<br />
zcs-patch-8.8.6_GA_HF_108839/patched_jars/<br />
zcs-patch-8.8.6_GA_HF_108839/README.txt<br />
zcs-patch-8.8.6_GA_HF_108839/patched_jars/zm-store-8.8.6.1516807620.jar<br />
<br />
Now, still as root, move to the new folder and run the patch:<br />
cd zcs-patch-8.8.6_P1_HF_108839<br />
./install_patch.sh <br />
You'll see an output like this one:<br />
Backing up jars.<br />
Installing Fix for Bug 108414 and 108839<br />
Installation completed. Please restart the mailbox.<br />
<br />
Final step, as zimbra user, is to restart the Zimbra services:<br />
su - zimbra<br />
zmmailboxdctl restart<br />
<br />
==Additional Content==<br />
* In case you want and extra help, the patch has the -h variable you can run:<br />
./install_patch.sh -h<br />
Usage: ./install_patch.sh [OPTION]<br />
./install_patch.sh install hotfix for Bug 108414 and 108839 on 8.8.6.GA.1906<br />
-r revert the patch.<br />
<br />
* To revert patch, in case of any issues, follow the next step, as root:<br />
./install_patch.sh -r<br />
Reverting fix for Bug 108414 and 108839<br />
Reverted the patch. Please restart the mailbox.<br />
<br />
And then as user zimbra:<br />
su - zimbra<br />
zmmailboxdctl restart<br />
<br />
{{Article Footer|Zimbra Collaboration 8.8.6|02/14/2018}}<br />
{{NeedSME|Jorge|SME2|Copyeditor}}</div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.8.6_HotFix&diff=65100Zimbra Releases/8.8.6 HotFix2018-02-14T17:14:22Z<p>Jorge de la Cruz: Created page with "{{BC|Certified}} __FORCETOC__ <div class="col-md-12 ibox-content"> =Zimbra Collaboration 8.8.6 Hotfix 108839 = {{KB|{{ZC}}|{{ZCS 8.8}}|||}} ==Purpose== This hotfix includes f..."</p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Zimbra Collaboration 8.8.6 Hotfix 108839 =<br />
{{KB|{{ZC}}|{{ZCS 8.8}}|||}}<br />
<br />
==Purpose==<br />
This hotfix includes following fixes for on 8.8.6 GA:<br />
* [https://bugzilla.zimbra.com/show_bug.cgi?id=108414 '''Bug 108414'''] Null pointer Exception<br />
* [https://bugzilla.zimbra.com/show_bug.cgi?id=108839 '''Bug 108839'''] Address uncontrolled heap growth in ImapSessionManager::sessions<br />
<br />
Please re-check your ZCS version. This hotfix should only be applied on 8.8.6.GA.1906.<br />
Any issues after hotfix, you revert the changes by ./install_patch.sh -r<br />
<br />
'''IMPORTANT NOTES:''' <br />
*1. The install_patch.sh script should be run as root.<br />
*2. This patch may safely be installed on:<br />
**1. Unpatched 8.8.6GA.<br />
**2. 8.8.6GA that already has zcs-patch-8.8.6_GA_HF_108414 installed.<br />
<br />
==Resolution==<br />
To install the hotfix, first thing is to grab the hotfix from our [https://www.zimbra.com/downloads/ '''downloads'''] website - <br />
Second, as a root, unzip the package:<br />
# tar -xvzf zcs-patch-8.8.6_GA_HF_108839.tgz<br />
zcs-patch-8.8.6_GA_HF_108839/<br />
zcs-patch-8.8.6_GA_HF_108839/install_patch.sh<br />
zcs-patch-8.8.6_GA_HF_108839/patched_jars/<br />
zcs-patch-8.8.6_GA_HF_108839/README.txt<br />
zcs-patch-8.8.6_GA_HF_108839/patched_jars/zm-store-8.8.6.1516807620.jar<br />
<br />
Now, still as root, move to the new folder and run the patch:<br />
cd zcs-patch-8.8.6_P1_HF_108839<br />
./install_patch.sh <br />
You'll see an output like this one:<br />
Backing up jars.<br />
Installing Fix for Bug 108414 and 108839<br />
Installation completed. Please restart the mailbox.<br />
<br />
Final step, as zimbra user, is to restart the Zimbra services:<br />
su - zimbra<br />
zmmailboxdctl restart<br />
<br />
==Additional Content==<br />
* In case you want and extra help, the patch has the -h variable you can run:<br />
./install_patch.sh -h<br />
Usage: ./install_patch.sh [OPTION]<br />
./install_patch.sh install hotfix for Bug 108414 and 108839 on 8.8.6.GA.1906<br />
-r revert the patch.<br />
<br />
* To revert patch, in case of any issues, follow the next step, as root:<br />
./install_patch.sh -r<br />
Reverting fix for Bug 108414 and 108839<br />
Reverted the patch. Please restart the mailbox.<br />
<br />
And then as user zimbra:<br />
su - zimbra<br />
zmmailboxdctl restart<br />
<br />
{{Article Footer|Zimbra Collaboration 8.8.6|02/14/2018}}<br />
{{NeedSME|Jorge|SME2|Copyeditor}}</div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=Zimbra_Collaboration_8.6_-_Patches&diff=65082Zimbra Collaboration 8.6 - Patches2018-02-09T17:25:37Z<p>Jorge de la Cruz: /* Resolution */</p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Zimbra Collaboration 8.6 - Patches=<br />
{{KB|{{ZC}}|{{ZCS 8.6}}|||}}<br />
<br />
==Purpose==<br />
As Customer or Community user, it's not easy to find previous patches for ZCS 8.6<br />
<br />
==Resolution==<br />
Here you can find every Patch for ZCS 8.6, download it, and use it in case of rolling upgrades, etc.<br />
===ZCS 8.6 Patch 1===<br />
* https://files.zimbra.com/downloads/8.6.0_GA/zcs-patch-8.6.0_GA_1162.tgz <br />
* https://files.zimbra.com/downloads/8.6.0_GA/zcs-patch-8.6.0_GA_1162.tgz.md5 <br />
* https://files.zimbra.com/downloads/8.6.0_GA/zcs-patch-8.6.0_GA_1162.tgz.sha256<br />
<br />
===ZCS 8.6 Patch 2===<br />
* https://files.zimbra.com/downloads/8.6.0_GA/zcs-patch-8.6.0_GA_1169.tgz<br />
* https://files.zimbra.com/downloads/8.6.0_GA/zcs-patch-8.6.0_GA_1169.tgz.md5<br />
* https://files.zimbra.com/downloads/8.6.0_GA/zcs-patch-8.6.0_GA_1169.tgz.sha256<br />
<br />
===ZCS 8.6 Patch 3===<br />
* https://files.zimbra.com/downloads/8.6.0_GA/zcs-patch-8.6.0_GA_1178.tgz<br />
* https://files.zimbra.com/downloads/8.6.0_GA/zcs-patch-8.6.0_GA_1178.tgz.md5<br />
* https://files.zimbra.com/downloads/8.6.0_GA/zcs-patch-8.6.0_GA_1178.tgz.sha256<br />
<br />
===ZCS 8.6 Patch 4===<br />
* https://files.zimbra.com/downloads/8.6.0_GA/zcs-patch-8.6.0_GA_1182.tgz<br />
* https://files.zimbra.com/downloads/8.6.0_GA/zcs-patch-8.6.0_GA_1182.tgz.md5<br />
* https://files.zimbra.com/downloads/8.6.0_GA/zcs-patch-8.6.0_GA_1182.tgz.sha256<br />
<br />
===ZCS 8.6 Patch 5===<br />
* https://files.zimbra.com/downloads/8.6.0_GA/zcs-patch-8.6.0_GA_1191.tgz<br />
* https://files.zimbra.com/downloads/8.6.0_GA/zcs-patch-8.6.0_GA_1191.tgz.md5<br />
* https://files.zimbra.com/downloads/8.6.0_GA/zcs-patch-8.6.0_GA_1191.tgz.sha256<br />
<br />
===ZCS 8.6 Patch 6===<br />
* https://files.zimbra.com/downloads/8.6.0_GA/zcs-patch-8.6.0_GA_1194.tgz<br />
* https://files.zimbra.com/downloads/8.6.0_GA/zcs-patch-8.6.0_GA_1194.tgz.md5<br />
* https://files.zimbra.com/downloads/8.6.0_GA/zcs-patch-8.6.0_GA_1194.tgz.sha256<br />
<br />
===ZCS 8.6 Patch 7===<br />
* https://files.zimbra.com/downloads/8.6.0_GA/zcs-patch-8.6.0_GA_1200.tgz<br />
* https://files.zimbra.com/downloads/8.6.0_GA/zcs-patch-8.6.0_GA_1200.tgz.md5<br />
* https://files.zimbra.com/downloads/8.6.0_GA/zcs-patch-8.6.0_GA_1200.tgz.sha256<br />
<br />
===ZCS 8.6 Patch 8===<br />
* https://files.zimbra.com/downloads/8.6.0_GA/zcs-patch-8.6.0_GA_1211.tgz <br />
* https://files.zimbra.com/downloads/8.6.0_GA/zcs-patch-8.6.0_GA_1211.tgz.md5 <br />
* https://files.zimbra.com/downloads/8.6.0_GA/zcs-patch-8.6.0_GA_1211.tgz.sha256<br />
<br />
===ZCS 8.6 Patch 9===<br />
* https://files.zimbra.com/downloads/8.6.0_GA/zcs-patch-8.6.0_GA_1224.tgz<br />
* https://files.zimbra.com/downloads/8.6.0_GA/zcs-patch-8.6.0_GA_1224.tgz.md5<br />
* https://files.zimbra.com/downloads/8.6.0_GA/zcs-patch-8.6.0_GA_1224.tgz.sha256<br />
<br />
==Additional Content==<br />
* Bugzilla Search - https://bugzilla.zimbra.com/buglist.cgi?bug_status=RESOLVED&bug_status=VERIFIED&bug_status=CLOSED&keywords=8_6_0_Patch%2C%208_6_0_Patch2%2C%208_6_0_Patch3%2C%208_6_0_Patch4%2C%208_6_0_Patch5%2C%208_6_0_Patch6%2C%208_6_0_Patch7%2C%208_6_0_Patch8%2C%20&keywords_type=anywords&list_id=329284&query_format=advanced&short_desc=bits&short_desc_type=anywordssubstr<br />
<br />
<br />
{{Article Footer|Zimbra Collaboration 8.6|01/28/2017}}<br />
{{NeedSME|Jorge|SME2|Copyeditor}}</div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.6.0/P9&diff=65069Zimbra Releases/8.6.0/P92018-02-09T13:22:35Z<p>Jorge de la Cruz: </p>
<hr />
<div><ol class="breadcrumb"><br />
<li>[[Main Page|Zimbra Wiki]]</li><br />
<li>[[Zimbra Releases]]</li><br />
<li class="active">Zimbra Collaboration 8.6.0 Patch 9</li><br />
</ol><br />
__FORCETOC__<br />
<div class="col-md-12"><br />
<div class="col-md-9"><br />
<br />
=Zimbra Collaboration 8.6.0 Patch 9 GA Release=<br />
Check out the '''"[[#fixed|Fixed Issues]]"''' for this version of Zimbra Collaboration below. As always, you’re encouraged to tell us what you think in the Forums, or file a bug in '''[https://bugzilla.zimbra.com/enter_bug.cgi Bugzilla]'''. <br />
<br />
<div class="alert alert-dark fade in"> <p>'''NOTE: If you are upgrading and/or migrating from an older version of Zimbra to Zimbra 8.8 Production Ready, please read [https://wiki.zimbra.com/wiki/Zimbra_Next_Generation_Modules/Things_To_Know_Before_Upgrading "Things to Know Before Upgrading"] and [https://wiki.zimbra.com/wiki/Zimbra_Next_Generation_Modules/First_Steps_with_the_Zimbra_NG_Modules "First Steps with the Zimbra NG Modules"] for critical information before you upgrade.'''</p></div> <br />
<br />
<br /><br />
<br />
<table class="table table-striped table-condensed"><br />
<tr><br />
<th colspan="2" class="info"><h4><div id="fixed">Fixed Issues<span style="color:white;font-size:0.66em">(Bugzilla query)</span>]</div></h4></th><br />
</tr><br />
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=101227 101227] </td><td class="col-md-10"> CPU load & latency when open mail with data:image/png:base64 inline image</td></tr><br />
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=104365 104365] </td><td class="col-md-10"> Update timezones.ics to tzdata2017b</td></tr><br />
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=97710 97710] </td><td class="col-md-10"> Tasks causing slowness from ZWC and consuming CPU resources</td></tr><br />
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=103797 103797] </td><td class="col-md-10"> Description of a previous appointment comes up when changing mode from plain-text to html</td></tr><br />
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=107289 107289] </td><td class="col-md-10"> Printing work week shows wrong time</td></tr><br />
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=107288 107288] </td><td class="col-md-10"> EWS caches and logs cleartext password</td></tr><br />
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=97460 97460] </td><td class="col-md-10"> Need visual cue and hyperlink for url links when composing message</td></tr><br />
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=100281 100281] </td><td class="col-md-10"> Deleted/canceled appts remain on calendar</td></tr><br />
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=101584 101584] </td><td class="col-md-10"> QuickAdd location using GAL is not saved correctly > only name is kept</td></tr><br />
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=107826 107826] </td><td class="col-md-10"> Implement GetStreamingEvents EWS API(Phase 1)</td></tr><br />
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=107499 107499] </td><td class="col-md-10"> EWS: Resolve Name should return all the contact information</td></tr><br />
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=97126 97126] </td><td class="col-md-10"> Script Error (this._sharesGroup is undefined) when click to "Edit Properties" folder menu</td></tr><br />
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=101023 101023] </td><td class="col-md-10"> zimbraHelpAdvancedURL, zimbraHelpStandardURL and zimbraHelpAdminURL does not work</td></tr><br />
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=107646 107646] </td><td class="col-md-10"> There is an unexpected logout for a session in the HTML client. </td></tr><br />
</table><br />
<br />
<br />
==Quick note: Open Source repo==<br />
Downloading and building our Zimbra Code? Keep reading... Starting ZCS 8.7.6 and above we have new steps to download, build and see our code via Github:<br />
*https://github.com/Zimbra/zm-build<br />
<br />
<br />
</div><br />
<div class="col-md-3">{{GuidePosts}}</div><br />
</div></div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=Zimbra_Releases/8.6.0/P9&diff=65068Zimbra Releases/8.6.0/P92018-02-09T13:17:44Z<p>Jorge de la Cruz: </p>
<hr />
<div>=Zimbra Collaboration 8.6.0 Patch 9 GA Release=<br />
Check out the '''"[[#fixed|Fixed Issues]]"''' for this version of Zimbra Collaboration below. As always, you’re encouraged to tell us what you think in the Forums, or file a bug in '''[https://bugzilla.zimbra.com/enter_bug.cgi Bugzilla]'''. <br />
<br />
<div class="alert alert-dark fade in"> <p>'''NOTE: If you are upgrading and/or migrating from an older version of Zimbra to Zimbra 8.8 Production Ready, please read [https://wiki.zimbra.com/wiki/Zimbra_Next_Generation_Modules/Things_To_Know_Before_Upgrading "Things to Know Before Upgrading"] and [https://wiki.zimbra.com/wiki/Zimbra_Next_Generation_Modules/First_Steps_with_the_Zimbra_NG_Modules "First Steps with the Zimbra NG Modules"] for critical information before you upgrade.'''</p></div> <br />
<div class="col-md-9"><br />
<br />
<br /><br />
<br />
<table class="table table-striped table-condensed"><br />
<tr><br />
<th colspan="2" class="info"><h4><div id="fixed">Fixed Issues<span style="color:white;font-size:0.66em">(Bugzilla query)</span>]</div></h4></th><br />
</tr><br />
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=101227 101227] </td><td class="col-md-10"> CPU load & latency when open mail with data:image/png:base64 inline image</td></tr><br />
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=104365 104365] </td><td class="col-md-10"> Update timezones.ics to tzdata2017b</td></tr><br />
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=97710 97710] </td><td class="col-md-10"> Tasks causing slowness from ZWC and consuming CPU resources</td></tr><br />
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=103797 103797] </td><td class="col-md-10"> Description of a previous appointment comes up when changing mode from plain-text to html</td></tr><br />
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=107289 107289] </td><td class="col-md-10"> Printing work week shows wrong time</td></tr><br />
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=107288 107288] </td><td class="col-md-10"> EWS caches and logs cleartext password</td></tr><br />
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=97460 97460] </td><td class="col-md-10"> Need visual cue and hyperlink for url links when composing message</td></tr><br />
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=100281 100281] </td><td class="col-md-10"> Deleted/canceled appts remain on calendar</td></tr><br />
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=101584 101584] </td><td class="col-md-10"> QuickAdd location using GAL is not saved correctly > only name is kept</td></tr><br />
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=107826 107826] </td><td class="col-md-10"> Implement GetStreamingEvents EWS API(Phase 1)</td></tr><br />
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=107499 107499] </td><td class="col-md-10"> EWS: Resolve Name should return all the contact information</td></tr><br />
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=97126 97126] </td><td class="col-md-10"> Script Error (this._sharesGroup is undefined) when click to "Edit Properties" folder menu</td></tr><br />
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=101023 101023] </td><td class="col-md-10"> zimbraHelpAdvancedURL, zimbraHelpStandardURL and zimbraHelpAdminURL does not work</td></tr><br />
<tr><td class="col-md-1"> [https://bugzilla.zimbra.com/show_bug.cgi?id=107646 107646] </td><td class="col-md-10"> There is an unexpected logout for a session in the HTML client. </td></tr><br />
</table><br />
<br />
<br />
<br />
==Quick note: Open Source repo==<br />
Downloading and building our Zimbra Code? Keep reading... Starting ZCS 8.7.6 and above we have new steps to download, build and see our code via Github:<br />
*https://github.com/Zimbra/zm-build<br />
<br />
</div><br />
<br />
{{GuidePosts}}</div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=Zimbra_Suite_Plus/Changelog&diff=65042Zimbra Suite Plus/Changelog2018-01-22T22:16:51Z<p>Jorge de la Cruz: </p>
<hr />
<div><div class="col-md-12"><br></div><br />
<div class="col-md-12"><br></div><br />
<ol class="breadcrumb"><br />
<li>[[Main Page|Zimbra Wiki]]</li><br />
<li>[[Zimbra_Suite_Plus]]</li><br />
<li class="active">Changelog</li><br />
</ol><br />
__NOTOC__<br />
<div class="col-md-12"><br /></div><br />
<div class="col-md-9"><br />
<h2 class="title-header" style="padding-bottom: 9px; border-bottom: 4px solid #0087c3;">Zimbra Suite Plus - Changelog</h2><br />
<div class="col-md-12"><br />
<div class="ibox-content"><br />
<div class="post animated fadeInLeft animation-delay-8" style="padding-top:5px"><br />
<div class="panel panel-default"><br />
<div class="panel-body"><br />
<h5 class="post-title">Product Information</h5><br />
<div class="row"><br />
'''Latest Version: '''<br />
{| border="1" style="text-align:center;"<br />
|'''Zimbra Suite Plus'''<br />
|-<br />
| {{ZSPVERSION}}<br />
|}<br />
<br />
'''Release Date:'''<br />
{| border="1" style="text-align:center;"<br />
|'''Zimbra Suite Plus'''<br />
<br />
|-<br />
| {{ZSPRELEASE}} <br />
|}<br />
<br />
== Changelog ==<br />
===Version 2.6.2===<br />
'''General'''<br />
* This release is fully compatible with Zimbra 8.8.6.<br />
* This is a bugfix release, upgrading is highly suggested.<br />
<br />
'''Backup+'''<br />
* Fixed an error in the CoherencyCheck operation which caused objects to be treated as corrupted when their parent directory was not in the backup.<br />
<br />
'''Mobile+'''<br />
* "conv" type folders are now supported<br />
* Improved error handling when the parsing of a badly formatted date fails<br />
* Fixed a bug affecting Android devices that caused Invitations to be sent without proper organizer data<br />
* X-Originating-IP header for Active sync emails now complies to the zimbraSmtpSendAddOriginatingIP setting<br />
* When the organizer edits appointment from a mobile device all attendees' status is now reset to "awaiting response"<br />
* Added a workaround to properly handle broken emails with bad root Content-Transfer-Encoding<br />
* The mobile ping logic has been improved to avoid the current ping to fail when a calendar item gets deleted during the synchronization<br />
* Inline attachments from original message on SmartReply action are now included<br />
* The "completed" flag is now properly handled (synchronize as complete on other active sync devices, remove flag on Zimbra)<br />
<br />
'''HSM+'''<br />
* Fixed an issue that could cause the scheduled "Apply HSM" option to fail when Zextras Backup is not licensed <br />
* Fixed a bug in the deletion of s3 stores from web ui and CLI<br />
<br />
'''Admin+'''<br />
* Fixed an issue that could prevent the "View Mail" feature to be properly displayed by Delegated Admins<br />
<br />
<br />
===Version 2.6.1===<br />
'''General'''<br />
* The doMailboxMove command has undergone significant changes. Namely, he source mailbox is not deleted from the source server after the move anymore and remains dormant.<br />
** Two new CLI commands have been added to respectively show and delete "leftover" mailboxes (see below).<br />
<br />
'''Backup'''<br />
* Fixed a server configuration backup issue that could cause the operation to crash when parsing unexpected files.<br />
* Fixed an issue that could cause a "NullPointer Exception" error when dealing with "searchFolder" items. <br />
<br />
'''Mobile'''<br />
* Recurring appointments based on the "N-th day of the month" are now supported.<br />
* Several behaviours and actions regarding Shared Folders have been normalised and improved, now working as intended:<br />
** Creating a subfolder of remote folder works as expected<br />
** Moving a mountpoint's subfolder to the same mountpoint works as expected<br />
** Moving a mountpoint properly moves it in the local mailbox.<br />
** Moving a mountpoint's subfolder to another mountpoint (even on same mailbox) returns an error.<br />
** Renaming s mountpoint's subfolder works as expected.<br />
** Renaming a mountpoint properly renames the mountpoint in the local mailbox.<br />
** Deleting a mountpoint disables the mobile synchronization for that mountpoint.<br />
** Deleting a mountpoint's subfolder returns an error.<br />
* Fixed an issue that could cause item moves from a shared to a local folder to fail.<br />
* Fixed an issue that could prevent the deletion of a contact's image to fail.<br />
* Fixed an issue that could cause an unexpected behaviour when forwarding meeting invites.<br />
* Fixed an issue that could cause forwarded recurring meeting invitations to sync only the first meeting instance.<br />
* Fixed a workflow inconsistency that could prevent iOS 11 devices to be able to reply to emails.<br />
* Fixed an issue that could cause invitations to a single instance of a recurring appointment not to send the invitation email.<br />
* Several small issues and corner cases with a very low chance of affecting real-life environments have been fixed.<br />
<br />
'''HSM'''<br />
* HSM+ is now forcibly disabled should a third-party storage manager be detected.<br />
* Moving a mailbox to another server won't delete the mailbox from the source server anymore.<br />
** Added the `getMovedMailboxes" command to show a list of "orphaned" moved mailboxes.<br />
** Added the `doPurgeMailbox` to remove "orphaned" moved mailboxes.<br />
<br />
'''Admin'''<br />
* Autocomplete is now available when adding a COS in the "Edit Domain" dialog. <br />
* Several small issues and UI glitches with a very medium-to-low chance of affecting real-life environments have been fixed.<br />
<br />
===Version 2.6.0===<br />
'''New Features'''<br />
* The new "Mailbox Move" feature has been added to the HSM+ module, allowing to move mailboxes between servers in multiserver environments.<br />
* The "LDAP Backup" feature has been added to the SmartScan: at the end of the execution, all LDAP data and configuration will be backed up in the "server" directory of the backup path.<br />
<br />
'''General'''<br />
*Starting from this release, new versions of Zimbra Suite Plus will only be compatible with Zimbra 8+.<br />
*Fixed a XSS vulnerability in the COS and Account view.<br />
*Improved the stability of the built-in configuration manager.<br />
*All communication between servers belonging to the same infrastructure are now both encrypted and authenticated.<br />
<br />
'''Backup'''<br />
*Fixed an issue that could cause a blocking "Null Pointer Exception" when restoring shared items.<br />
*Fixed a bug that could cause the restore of folders shared through a distribution list to fail when doing incremental migrations.<br />
<br />
'''Mobile'''<br />
*Any relevant UI element will now properly be blocked or hidden if the module is disabled.<br />
*The code for ICS-to-EAS conversion for recurring items has been rewritten to be much more reliable when dealing with badly formatted recurrences.<br />
*Items in EAS folders can now be moved to Local folders (only on clients that support this feature).<br />
*Fixed a bug that could cause Task and Calendar items not to be properly updated when the item contained HTML code.<br />
*Fixed a bug that could cause tasks created via SOAP API not to be synchronised.<br />
<br />
'''HSM'''<br />
*It's now impossible to create any S3 volume if the proper S3 cache directory doesn't exist.<br />
*Fixed a glitch that could cause the "New" volume button to become unclickable.<br />
<br />
'''Admin'''<br />
No changes here<br />
<br />
===Version 2.4.9===<br />
'''New Features'''<br />
* Zimbra Collaboration Suite 8.7.9 is now supported.<br />
** Due to its "non-GA" status, Zimbra Collaboration Suite 8.7.8 is not supported by Zimbra Suite Plus nor it will be in the future.<br />
<br />
'''General'''<br />
* This is a "bugfix and compatibility" release.<br />
<br />
'''Backup+'''<br />
* Fixed an issue with the "Server customizations backup" sub-operation: in case of an error, the wrong exception was displayed.<br />
<br />
'''Mobile+'''<br />
* Fixed an issue that could cause iOS devices to ignore meeting changes until those are accepted.<br />
* Fixed an issue that could cause forwarding or replying to an email on mobile devices if the "include original message" option was selected on the client.<br />
<br />
'''HSM+'''<br />
* Fixed a parsing issue for pdf document that could, in some very specific and hard to reproduce cases, to cause mailboxd OOM errors.<br />
* Fixed a possible deadlock that could happen when using an S3 bucket as a secondary volume.<br />
<br />
'''Admin+'''<br />
* Fixed an issue that could cause an Admin+ operation to fail returning a "Generic Error: Remove Delegation Setting Operationfailed. Admin settings may be in an inconsistent state." error if the Zimbra Suite Plus Administration Zimlet was not properly installed.<br />
<br />
<br />
===Version 2.4.8===<br />
'''New Features'''<br />
* Zimbra Collaboration Suite 8.7.6 is now supported.<br />
<br />
'''IMPORTANT INFORMATION FOR ZIMBRA 8.7.6 USERS'''<br />
<br />
'''Zimbra 8.7.6 includes a technical preview of the Chat and Drive Zimbra component, powered by Zextras.'''<br />
<br />
* '''The ZAL version used by chat and drive has a known issue that has been solved in version 1.11.7+. To fix the issue, copy the ''zal.jar'' package from ''/opt/zimbra/lib/ext/zextras/ to /opt/zimbra/lib/ext/zimbradrive/'' and ''/opt/zimbra/lib/ext/openchat/''. Then, restart the mailboxd for the appropriate ZAL versions to be loaded.'''<br />
<br />
'''General'''<br />
* This is a "bugfix and compatibility" release.<br />
<br />
'''Mobile+'''<br />
* Fixed an issue that blocks synchronization from the webclient to iOS caused by wrong PARTSTAT(participant status).<br />
<br />
'''Admin+'''<br />
* Fixed an issue that causes the Admin Migration operation to fail.<br />
<br />
===Version 2.4.7===<br />
'''New Features'''<br />
* Zimbra Collaboration Suite 8.7.5 is now supported.<br />
<br />
'''Mobile'''<br />
* Fixed an issue that could cause some appointments not to be displayed as “accepted” on iOS if they have been accepted from web interface.<br />
<br />
===Version 2.4.6===<br />
'''New Features'''<br />
* Zimbra Collaboration Suite 8.7.4 is now supported.<br />
<br />
'''General'''<br />
* This is a "bugfix and compatibility" release.<br />
* Fixed an issue that could cause the corruption of gzip files downloaded from a briefcase.<br />
<br />
'''Backup'''<br />
* Fixed an issue which could cause restores to end abruptly when dealing with some large or complex items (such as recurring events with attachments and several edits)<br />
<br />
'''Mobile'''<br />
Hooray, no fixes here!<br />
<br />
'''HSM'''<br />
* Fixed a "Null Pointer Exception" error that could appear during the HSM Move.<br />
<br />
'''Admin'''<br />
* Hooray, no fixes here!<br />
<br />
===Version 2.4.5===<br />
'''New Features'''<br />
* Zimbra Collaboration Suite 8.7.3 is now supported.<br />
<br />
'''Backup'''<br />
* Fixed an issue which could prevent tags and buddies not to be properly restored.<br />
* Fixed a bug which caused the Delegated Admin status not to be restored during External Restores.<br />
<br />
'''Mobile'''<br />
* Improved folder management code to avoid the synchronization to fail on accounts with a large number of folders (over 200).<br />
* Added a workaround to generate proper calendar invites when Outlook 203/2016 send an empty invitation.<br />
<br />
'''HSM''' <br />
* Hooray, no fixes here!<br />
<br />
'''Admin'''<br />
* Fixed a trivial bug which caused some rights not to be removed when revoking Delegated Admin rights from a user.<br />
* Added some missing group rights.<br />
<br />
===Version 2.4.4===<br />
'''General''' <br />
* Zimbra Collaboration Suite 8.7.2 is now supported.<br />
* Backup Plus's External Restore can now restore multiple accounts at the same time, improving restore speed by up to 4 times. This feature is only available via CLI through the "concurrent_accounts" parameter of the doExternalRestore command. <br />
* Access to configuration for core features, Mobile Plus on multistore infrastructures has been improved, especially when one of the mailboxd fails. <br />
* Administration Plus Zimlet: Fixed some drag&drop issues on Zimbra 8.7.x. <br />
* Fixed a bug that caused small UI issues in the Zimbra Suite Plus Administration Zimlet on multistore environments. <br />
* Fixed a bug that could cause the all modules in the Zimbra Suite Plus Administration Zimlet to be grayed out after adding a new mailboxd server to the infrastructure. <br />
* Fixed a bug which lead to unexcepted errors in SOAP which affects only 8.6.0p7 and 8.6.0p8.<br />
* Fixed a bug which prevented the user to use the Zimbra Suite Plus Account View or Zimbra Suite Plus COS View.<br />
<br />
'''Backup''' <br />
* Improved RealTime Scanner's "slowdown" detection. <br />
* Signature Length and Maximum Number of Contacts will now be ignored when restoring an account. <br />
* Fixed an issue that wrongly caused some BLOBs to be reported as missing by the SmartScan if the doMoveBlobs Zimbra Suite Plus Powerstore operation was running during the SmartScan. <br />
* Fixed a bug that could cause Restore On New operations to fail if the "Apply HSM Policies" was selected and the current secondary volume was an S3 Volume. <br />
* Fixed a bug that could cause tag colors not to be properly restored. <br />
* Changed the way skipped items are counted on restore logs/notifications to avoid reporting as skipped a restored folder which contains an item whose itemID is lower than the folder's itemID itself. <br />
<br />
'''Mobile''' <br />
* Fixed a bug that could cause "Nine for Android" clients not to properly sync calendars. <br />
* Added several information to the output of the "getDeviceInfo" CLI command. <br />
* Fixed a bug which prevented the user to update appointments created via CalDav, from mobile devices.<br />
<br />
'''Powerstore''' <br />
* Fixed a bug which could cause to use incorrect encoding in html email previews.<br />
<br />
'''Admin''' <br />
* Fixed a bug which could cause a Delegated Admin to be unable to delete mailboxes on multistore environments if the target mailbox was hosted on a different server than the the one the DA was logged into. <br />
<br />
===Version 2.4.2===<br />
'''New Features'''<br />
* Zimbra Collaboration Suite 8.7.1 is now supported.<br />
<br />
===Version 2.4.1===<br />
'''New Features'''<br />
* Official support for Dell-EMC's ECS storage (S3 compatible)<br />
<br />
'''General'''<br />
* Uninstalling Zimbra Suite Plus now undeploys the Client Zimlet as well.<br />
<br />
'''Backup Plus'''<br />
* Fixed a bug that could cause an External Restore to fail with a "no such domain" error.<br />
* Fixed a bug that could cause the "getItem" CLI command to fail when using a target different from the current Backup Path.<br />
* Fixed a bug that could cause tags not to be properly restored when importing a Zimbra 7.x dataset into Zimbra 8.x.<br />
* Logging has been improved to reduce backup messages on the mailbox.log file when deleting a mailbox.<br />
* Operation queue improvement: if a Restore on New Account is running, subsequent operations of the same type with the same source won't be queued anymore. <br />
<br />
'''Mobile Plus'''<br />
* Added several server-side workarounds for calendar issues affecting the stock client in iOS 10.x.<br />
* Added a server-side workaround to solve some clients' issues with appointment forwarding.<br />
* Fixed an issue that could cause a timezone error when creating appointments from an EAS client.<br />
* Fixed a bug that could cause emails sent through Zimbra Mobile+ to have a broken message preview in the Zimbra Web Client.<br />
<br />
'''HSM Plus'''<br />
* Fixed a logic loophole that caused HSM Plus to override Zimbra's default storage classes even when the module was unlicensed/disabled. This caused issues with the "zmhsm", "zmblobchk" and "zmmboxmove" commands, now those commands work properly if HSM+ is unlicensed or disabled, while if the module is licensed and enabled you can use the HSM+ equivalents, "zxsuite hsm doMoveBlobs" and "zxsuite hsm doCheckBlobs". <br />
* Fixed a bug that caused some items not to be properly deleted from an S3 bucket when a mailbox was deleted.<br />
* Fixed a bug that could cause the Volume Deduplication operation not to detect and delete all duplicate files.<br />
* Several UI fixes and input santitization.<br />
* The behaviour of all HSM+ CLI commands has been standardized and now volume names can be used everywhere instead of volumeIDs.<br />
* All HSM+ operations now properly support dumpster folders.<br />
* The "Compression Threshold" value can now be set to "0".<br />
* The S3 caching engine has been optimized to remove a delay that was briefly affecting performances right after lowering the cache value.<br />
<br />
'''Admin Plus'''<br />
* Fixed a bug that could cause an error when setting a quota value to "Unlimited" in Delegated Admins and Domain Limits.<br />
* Delegated admins can now see Alias Domain information for the domains they manage.<br />
<br />
<br />
===Version 2.4.0===<br />
'''Zimbra Suite Plus'''<br />
<br />
General<br />
* Nailgun has been removed, now the Zimbra Suite Plus CLI uses a custom built engine which is way faster and more responsive.<br />
** The "--offline" option is being refactored, thus it has been removed and will be added back when the refactoring is completed.<br />
* Several wizards have been expanded and improved by adding an additional step at the beginning that fully explains the operation's functioning and options. <br />
* ''Licensing Notice: any license created on or after September 8th 2016 is only compatible with Zimbra Suite Plus 2.4.0 and higher.'' <br />
<br />
Zimbra Backup Plus<br />
* Noticeable performance improvements in the RealTime Scanner and External Backup features.<br />
* Concurrency has been improved, allowing more backup operations to run together.<br />
* Fixed a bug that caused a licensing error to appear when trying to add a new account on a limited domain when the limit has been reached, now the appropriate error is shown.<br />
<br />
Zimbra Mobile Plus<br />
* Free/busy support extended to any mobile client that supports this feature (ResolveRecipient Exchange ActiveSync command).<br />
* Expanded the workaround for the incorrect date displayed by emails sent from Yahoo to include more cases.<br />
* Fixed a bug that could cause synchronization issues if one or more address books under the "Email Contacts" folders exist. <br />
<br />
Zimbra HSM Plus<br />
* S3 support: now Secondary volumes can be hosted on Amazon S3 buckets.<br />
* Attachment indexing.<br />
* Noticeable performance improvements in any operation that moves BLOBs (HSM and Volume to Volume move)<br />
* Changed the write error threshold to a percentage value (5%) instead of a fixed value.<br />
<br />
Zimbra Admin Plus<br />
* The Zimbra Admin Plus module can now be used on Zimbra Network Edition 8.6 and higher instead of Zimbra's own ACL management system.<br />
* New distributed configuration backend to heavily reduce the response time of the module.<br />
<br />
===Version 2.2.5===<br />
'''Zimbra Suite Plus'''<br />
<br />
General<br />
* This is the first stable Zimbra Suite Plus release compatible with Zimbra Collaboration 8.7.0. Yaaaaay!<br />
* Fixed a bug that could cause "wrong target" error to appear several times in the log when a node when a node isn't reachable for more than a minute.<br />
* Improved proxying recovery when a mailboxd server goes down in a 5-10+ mailboxd environment, now Zimbra Suite Plus will take less time to detect the server when it comes back up.<br />
<br />
Zimbra Backup Plus<br />
* Fixed a UI bug that caused the wrong date to be displayed in "Restore on New Account" and "Undelete" wizards when the "Use least date available" option was selected.<br />
* Fixed a bug that could cause tags with numeric names not to be properly imported when migrating from Zimbra 7.x to Zimbra 8.x<br />
<br />
Zimbra Mobile Plus<br />
* Fixed a harmless bug that could cause "ping" command responses to have duplicate http headers.<br />
* Added a workaround for an Outlook 2013/2016 issue that could cause calendar items to "flicker" (vanish and re-appear randomly) in the main Calendar window.<br />
* Added a workaround for an iOS issue that could cause sent emails to include an empty "Text/Plain" section before the actual content.<br />
* Added a workaround to make sure that emails with bad encoding are synchronized and displayed in Android and WP10.<br />
* Added a workaround to avoid an issue with dates reported on emails sent by Yahoo addresses and synchronized with Outlook 2013/2016.<br />
* Added a workaround to make sure that emails containing only an attachment (no other mime sections) are synchronized and displayed properly in Android.<br />
* Added a workaround to an incorrect behaviour of Microsoft Outlook which sends emails encoded with the gb2312 charset containing characters from the gb18030, which are now properly displayed.<br />
* Added a workaround to avoid the creation of "no duration" appointments (same Start and End date/time) to avoid issues in the Zimbra WebClient and in some EAS implementations.<br />
<br />
Zimbra HSM Plus<br />
* Added a default value of 4096 bytes to the "Compression Threshold" valule in "New Volume" GUI.<br />
<br />
Zimbra Admin Plus<br />
* Hooray, no fixes here!<br />
<br />
'''Zimbra Suite Migration Tool'''<br />
* This is the first stable Zimbra Suite Migration Tool release compatible with Zimbra Collaboration 8.7.0.<br />
</div><br />
</div><br />
<div class="col-md-9"><br />
<div class="panel-footer"><br />
<p><i class="fa fa-clock-o"></i> Aug 25, 2016 - [https://www.zimbra.com/zimbra-suite-plus/ Know more »]</p><br />
</div><br />
</div><br />
</div><br />
</div><br />
</div><br />
</div><br />
</div><br />
<div class="col-md-3"><br /></div><br />
<div class="col-md-3"><br />
<div class="panel panel-zimbrared-light-border"> <br />
<div class="panel-heading"> <br />
<h3 class="panel-title"><i class="fa fa-gear pull-left"></i> Zimbra Suite Plus</h3> <br />
</div><br />
<div class="panel-body"><br />
{{ZSP}}<br />
</div><br />
</div><br />
</div><br />
<div class="col-md-3"><br />
<div class="panel panel-primary-light-border"> <br />
<div class="panel-heading"> <br />
<h3 class="panel-title"><i class="fa fa-info-circle pull-left"></i> Zimbra Suite Plus Resources</h3> <br />
</div><br />
<div class="panel-body"><br />
{{ZSL}}<br />
</div><br />
</div><br />
</div><br />
<div class="clearfix"></div><br />
<div class="col-md-12"><br></div><br />
{{FH}}</div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=ZRT_incorrectly_reporting&diff=65039ZRT incorrectly reporting2018-01-18T17:44:51Z<p>Jorge de la Cruz: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=ZRT Incorrectly Reporting=<br />
<hr><br />
{{KB|{{ZC}}|{{ZCS 8.8}}|{{ZCS 8.7}}|{{ZCS 8.6}}|}}<br />
<br />
==Problem==<br />
ZRT incorrectly reporting for account edition's.<br />
<br />
==Solution==<br />
You can get all user account edition's from the file - "'''mailboxes.csv'''" which is existed on the ZRT installed directory. <br><br />
For example default directory is<br />
/opt/zrt/<br />
<br />
Then the file Location will be :- <br />
/opt/zrt/mailboxes.csv<br />
<br />
And then you can filter your search as per account edition, for example :- <br />
cat /opt/zrt/mailboxes.csv | awk -F',' '{print $1 " " $3}' <br />
<br />
<br />
<br />
<br />
Submitted by: Sourabh Bhushan<br />
{{Article Footer|ZCS 8.8, 8.7, 8.6|8/8/2017}}<br />
{{NeedSME|Sourabh|SME2|Copyeditor}}</div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=Zimlet_Developers_Guide:Zimbra_JavaScript_API_Reference&diff=65038Zimlet Developers Guide:Zimbra JavaScript API Reference2018-01-18T17:44:01Z<p>Jorge de la Cruz: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Zimlet Developers Guide: Zimbra JavaScript API Reference=<br />
{{KB|{{ZC}}|{{ZCS 8.8}}|{{ZCS 8.7}}{{ZCS 8.6}}||}}<br />
{| cellspacing="0" cellpadding="5" style="border: 1px solid rgb(153, 153, 170); margin: 0pt 0.5em 0.5em 0pt; float: none; background-color: rgb(249, 249, 255);"<br />
|[[Image:zdg-6-menu-icon-zimbra.jpg|20px]]<br />
|[[ZCS 6.0:Zimlet Developers Guide:Introduction|Introduction]]<br />
|style="border-left: 1px solid rgb(153, 153, 170);"|[[Image:zdg-6-menu-icon-green-flag.png|20px]]<br />
|[[ZCS 6.0:Zimlet Developers Guide:Getting Started|Getting Started]]<br />
|style="border-left: 1px solid rgb(153, 153, 170);"|[[Image:zdg-6-menu-icon-terminal.png|20px]]<br />
|[[ZCS 6.0:Zimlet Developers Guide:Dev Environment Setup|Dev Environment Setup]]<br />
|style="border-left: 1px solid rgb(153, 153, 170);"|[[Image:zdg-6-menu-icon-gear.png|20px]]<br />
|[[ZCS 6.0:Zimlet Developers Guide:Developing Zimlets|Developing Zimlets]]<br />
|style="border-left: 1px solid rgb(153, 153, 170);"|[[Image:zdg-6-menu-icon-advanced.jpg|20px]]<br />
|[[ZCS 6.0:Zimlet Developers Guide:Advanced Concepts|Advanced Concepts]]<br />
|style="border-left: 1px solid rgb(153, 153, 170);"|[[Image:zdg-6-menu-icon-library.jpg|20px]]<br />
{|<br />
|[[ZCS 6.0:Zimlet Developers Guide:Zimlet API Specifications|API Specifications]]<br />
|-<br />
|[[ZCS 6.0:Zimlet Developers Guide:Zimlet Definition File Reference|Zimlet Definition File Reference]]<br />
|<br />
|-<br />
|[[ZCS 6.0:Zimlet Developers Guide:Zimlet Configuration File Reference|Zimlet Configuration File Reference]]<br />
|-<br />
|'''Zimlet JavaScript API Reference'''<br />
|-<br />
|[http://wiki.zimbra.com/index.php?title=ZCS_6.0:Zimbra_REST_API_Reference Zimbra REST API Reference]<br />
|}<br />
<br />
|style="border-left: 1px solid rgb(153, 153, 170);"|[[Image:zdg-6-menu-icon-checkbox.jpg|20px]]<br />
|[[ZCS 6.0:Zimlet Developers Guide:Example Zimlets|Example Zimlets]]<br />
|}<br />
<br />
''Note: The following are links to the online Zimlet JavaScript API Reference materials. The classes, functions and overall APIs are subject to change with each ZCS release.'' <br />
<br />
== ZCS 8.8.0 ==<br />
<br />
'''JsDoc''': [https://files.zimbra.com/docs/zimlet/zcs/8.8.0/jsapi-zimbra-doc/index.html HTML] | [https://files.zimbra.com/docs/zimlet/zcs/8.8.0/jsapi-zimbra-doc.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/zimlet/zcs/8.8.0/jsapi-changelog/index.html HTML] | [https://files.zimbra.com/docs/zimlet/zcs/8.8.0/jsapi-changelog.zip ZIP]<br />
<br />
== ZCS 8.7.0 ==<br />
<br />
'''JsDoc''': [https://files.zimbra.com/docs/zimlet/zcs/8.7.0/jsapi-zimbra-doc/index.html HTML] | [https://files.zimbra.com/docs/zimlet/zcs/8.7.0/jsapi-zimbra-doc.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/zimlet/zcs/8.7.0/jsapi-changelog/index.html HTML] | [https://files.zimbra.com/docs/zimlet/zcs/8.7.0/jsapi-changelog.zip ZIP]<br />
<br />
== ZCS 8.6.0 ==<br />
<br />
'''JsDoc''': [https://files.zimbra.com/docs/zimlet/zcs/8.6.0/jsapi-zimbra-doc/index.html HTML] | [https://files.zimbra.com/docs/zimlet/zcs/8.6.0/jsapi-zimbra-doc860.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/zimlet/zcs/8.6.0/jsapi-changelog/index.html HTML] | [https://files.zimbra.com/docs/zimlet/zcs/8.6.0/jsapi-changelog.zip ZIP]<br />
<br />
== ZCS 8.5.1 ==<br />
<br />
'''JsDoc''': [https://files.zimbra.com/docs/zimlet/zcs/8.5.1/jsapi-zimbra-doc/index.html HTML] | [https://files.zimbra.com/docs/zimlet/zcs/8.5.1/jsapi-zimbra-doc851.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/zimlet/zcs/8.5.1/jsapi-changelog/index.html HTML] | [https://files.zimbra.com/docs/zimlet/zcs/8.5.1/jsapi-changelog.zip ZIP]<br />
<br />
== ZCS 8.0.9 ==<br />
<br />
'''JsDoc''': [https://files.zimbra.com/docs/zimlet/zcs/8.0.9/jsapi-zimbra-doc/index.html HTML] | [https://files.zimbra.com/docs/zimlet/zcs/8.0.9/jsapi-zimbra-doc809.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/zimlet/zcs/8.0.9/jsapi-changelog/index.html HTML] | [https://files.zimbra.com/docs/zimlet/zcs/8.0.9/jsapi-changelog809.zip ZIP]<br />
<br />
== ZCS 8.0.7 ==<br />
<br />
'''JsDoc''': [https://files.zimbra.com/docs/zimlet/zcs/8.0.7/jsdocs/index.html HTML] | [https://files.zimbra.com/docs/zimlet/zcs/8.0.7/jsapi-zimbra-doc-807.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/zimlet/zcs/8.0.7/changelog/index.html HTML] | [https://files.zimbra.com/docs/zimlet/zcs/8.0.7/jsapi-changelog-807.zip ZIP]<br />
<br />
== ZCS 8.0.6 ==<br />
<br />
'''JsDoc''': [https://files.zimbra.com/docs/zimlet/zcs/8.0.6/jsdocs/index.html HTML] | [https://files.zimbra.com/docs/zimlet/zcs/8.0.6/jsapi-zimbra-doc-806.zip ZIP]<br />
<br />
'''Change Log''': [http://files.zimbra.com/docs/zimlet/zcs/8.0.6/changelog/index.html HTML] | [http://files.zimbra.com/docs/zimlet/zcs/8.0.6/jsapi-changelog-806.zip ZIP]<br />
<br />
== ZCS 8.0.5 ==<br />
<br />
'''JsDoc''': [https://files.zimbra.com/docs/zimlet/zcs/8.0.5/jsdocs/index.html HTML] | [https://files.zimbra.com/docs/zimlet/zcs/8.0.5/jsapi-zimbra-doc-805.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/zimlet/zcs/8.0.5/changelog/index.html HTML] | [https://files.zimbra.com/docs/zimlet/zcs/8.0.5/jsapi-changelog-805.zip ZIP]<br />
<br />
== ZCS 8.0.4 ==<br />
<br />
'''JsDoc''': [https://files.zimbra.com/docs/zimlet/zcs/8.0.4/jsdocs/index.html HTML] | [https://files.zimbra.com/docs/zimlet/zcs/8.0.4/jsapi-zimbra-doc-804.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/zimlet/zcs/8.0.4/changelog/index.html HTML] | [https://files.zimbra.com/docs/zimlet/zcs/8.0.4/jsapi-changelog-804.zip ZIP]<br />
<br />
Note 8.0.3 and 8.0.2 were not available.<br />
<br />
== ZCS 8.0.0 ==<br />
<br />
'''JsDoc''': [https://files.zimbra.com/docs/zimlet/zcs/8.0.0/jsdocs/index.html HTML] | [https://files.zimbra.com/docs/zimlet/zcs/8.0.0/jsapi-zimbra-doc-80.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/zimlet/zcs/8.0.0/changelog/index.html HTML] | [https://files.zimbra.com/docs/zimlet/zcs/8.0.0/jsapi-changelog-80.zip ZIP]<br />
<br />
== ZCS 7.2.4 ==<br />
<br />
'''JsDoc''': [https://files.zimbra.com/docs/zimlet/zcs/7.2.4/jsdocs/index.html HTML] | [https://files.zimbra.com/docs/zimlet/zcs/7.2.4/jsapi-zimbra-doc-724.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/zimlet/zcs/7.2.4/changelog/index.html HTML] | [https://files.zimbra.com/docs/zimlet/zcs/7.2.4/jsapi-changelog-724.zip ZIP]<br />
<br />
== ZCS 7.2.2 ==<br />
<br />
'''JsDoc''': [https://files.zimbra.com/docs/zimlet/zcs/7.2.2/jsdocs/index.html HTML] | [https://files.zimbra.com/docs/zimlet/zcs/7.2.2/jsapi-zimbra-doc-722.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/zimlet/zcs/7.2.2/changelog/index.html HTML] | [https://files.zimbra.com/docs/zimlet/zcs/7.2.2/jsapi-changelog722.zip ZIP]<br />
<br />
== ZCS 7.2.1 ==<br />
<br />
'''JsDoc''': [https://files.zimbra.com/docs/zimlet/zcs/7.2.1/jsdocs/index.html HTML] | [https://files.zimbra.com/docs/zimlet/zcs/7.2.1/jsapi-zimbra-doc-721.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/zimlet/zcs/7.2.1/changelog/index.html HTML] | [https://files.zimbra.com/docs/zimlet/zcs/7.2.1/jsapi-changelog-721.zip ZIP]<br />
<br />
== ZCS 7.2.0 ==<br />
<br />
'''JsDoc''': [https://files.zimbra.com/docs/zimlet/zcs/7.2.0/jsdocs/index.html HTML] | [https://files.zimbra.com/docs/zimlet/zcs/7.2.0/jsapi-zimbra-doc-720.zip ZIP]<br />
<br />
'''Change Log''': [http://files.zimbra.com/docs/zimlet/zcs/7.2.0/changelog/index.html HTML] | [http://files.zimbra.com/docs/zimlet/zcs/7.2.0/jsapi-changelog-720.zip ZIP]<br />
<br />
== ZCS 7.1.4 ==<br />
<br />
'''JsDoc''': [https://files.zimbra.com/docs/zimlet/zcs/7.1.4/jsdocs/index.html HTML] | [https://files.zimbra.com/docs/zimlet/zcs/7.1.4/jsapi-zimbra-doc-714.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/zimlet/zcs/7.1.4/changelog/index.html HTML] | [https://files.zimbra.com/docs/zimlet/zcs/7.1.4/jsapi-changelog-714.zip ZIP]<br />
<br />
== ZCS 7.1.3 ==<br />
<br />
'''JsDoc''': [https://files.zimbra.com/docs/zimlet/zcs/7.1.3/jsdocs/index.html HTML] | [https://files.zimbra.com/docs/zimlet/zcs/7.1.3/jsapi-zimbra-doc-713.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/zimlet/zcs/7.1.3/changelog/index.html HTML] | [https://files.zimbra.com/docs/zimlet/zcs/7.1.3/jsapi-changelog-713.zip ZIP]<br />
<br />
== ZCS 7.1.2 ==<br />
<br />
'''JsDoc''': [https://files.zimbra.com/docs/zimlet/zcs/7.1.2/jsdocs/index.html HTML] | [https://files.zimbra.com/docs/zimlet/zcs/7.1.2/jsapi-zimbra-doc-712.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/zimlet/zcs/7.1.2/changelog/index.html HTML] | [https://files.zimbra.com/docs/zimlet/zcs/7.1.2/jsapi-changelog-712.zip ZIP]<br />
<br />
== ZCS 7.1.1 ==<br />
<br />
'''JsDoc''': [https://files.zimbra.com/docs/zimlet/zcs/7.1.1/jsdocs/index.html HTML] | [https://files.zimbra.com/docs/zimlet/zcs/7.1.1/jsapi-zimbra-doc-711.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/zimlet/zcs/7.1.1/changelog/index.html HTML] | [https://files.zimbra.com/docs/zimlet/zcs/7.1.1/jsapi-changelog-711.zip ZIP]<br />
<br />
== ZCS 7.0.0 ==<br />
<br />
'''JsDoc''': [https://files.zimbra.com/docs/zimlet/zcs/7.0.0/jsdocs/index.html HTML] | [https://files.zimbra.com/docs/zimlet/zcs/7.0.0/jsapi-zimbra-doc.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/zimlet/zcs/7.0.0/changelog/index.html HTML] | [https://files.zimbra.com/docs/zimlet/zcs/7.0.0/jsapi-changelog.zip ZIP]<br />
<br />
== ZCS 6.0.16 ==<br />
<br />
'''JsDoc''': [https://files.zimbra.com/docs/zimlet/zcs/6.0.16/jsdocs/index.html HTML] | [https://files.zimbra.com/docs/zimlet/zcs/6.0.16/jsapi-zimbra-doc-6016.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/zimlet/zcs/6.0.16/changelog/index.html HTML] | [https://files.zimbra.com/docs/zimlet/zcs/6.0.16/jsapi-changelog-6016.zip ZIP]<br />
<br />
== ZCS 6.0.15 ==<br />
<br />
'''JsDoc''': [https://files.zimbra.com/docs/zimlet/zcs/6.0.15/jsdocs/index.html HTML] | [https://files.zimbra.com/docs/zimlet/zcs/6.0.15/jsapi-zimbra-doc-6015.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/zimlet/zcs/6.0.15/changelog/index.html HTML] | [https://files.zimbra.com/docs/zimlet/zcs/6.0.15/jsapi-changelog-6015.zip ZIP]<br />
<br />
== ZCS 6.0.14 ==<br />
<br />
'''JsDoc''': [https://files.zimbra.com/docs/zimlet/zcs/6.0.14/jsdocs/index.html HTML] | [https://files.zimbra.com/docs/zimlet/zcs/6.0.14/jsapi-zimbra-doc-6014.zip ZIP]<br />
<br />
'''Change Log''': [http://files.zimbra.com/docs/zimlet/zcs/6.0.14/changelog/index.html HTML] | [http://files.zimbra.com/docs/zimlet/zcs/6.0.14/jsapi-changelog-6014.zip ZIP]<br />
<br />
== ZCS 6.0.8 ==<br />
<br />
'''JsDoc''': [https://files.zimbra.com/docs/zimlet/zcs/6.0.8/jsdocs/index.html HTML] | [https://files.zimbra.com/docs/zimlet/zcs/6.0.8/jsapi-zimbra-doc-608.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/zimlet/zcs/6.0.8/changelog/index.html HTML] | [https://files.zimbra.com/docs/zimlet/zcs/6.0.8/jsapi-changelog-608.zip ZIP]<br />
<br />
== ZCS 6.0.7 ==<br />
<br />
'''JsDoc''': [https://files.zimbra.com/docs/zimlet/zcs/6.0.7/jsdocs/index.html HTML] | [https://files.zimbra.com/docs/zimlet/zcs/6.0.7/jsapi-zimbra-doc-607.zip ZIP]<br />
<br />
'''Change Log''': [https://files.zimbra.com/docs/zimlet/zcs/6.0.7/changelog/index.html HTML] | [https://files.zimbra.com/docs/zimlet/zcs/6.0.7/jsapi-changelog-607.zip ZIP]<br />
<br />
== ZCS 6.0.6 ==<br />
<br />
'''JsDoc''': [https://files.zimbra.com/docs/zimlet/zcs/6.0.6/jsdocs/index.html HTML] | [https://files.zimbra.com/docs/zimlet/zcs/6.0.6/jsapi-zimbra-doc-606.zip ZIP]<br />
<br />
<br />
{{Article Footer|Zimbra Collaboration Server 8.8, 8.7, 8.6|4/2014}}<br />
<br />
[[Category:ZCS 8.8]]<br />
[[Category:ZCS 8.7]]<br />
[[Category:ZCS 8.6]]<br />
[[Category:ZCS 8.5]]<br />
[[Category:ZCS 8.0]]<br />
[[Category:ZCS 7.0]]<br />
[[Category:ZCS 6.0]]</div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=Zimbra_Two-factor_authentication&diff=65037Zimbra Two-factor authentication2018-01-18T17:43:28Z<p>Jorge de la Cruz: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Zimbra Two-factor authentication=<br />
{{KB|{{ZC}}|{{ZCS 8.8}}|{{ZCS 8.7}}|{{ZCS 8.6}}|}}<br />
<br />
Coming with Zimbra Collaboration 8.7 (only in Network Edition) is an exciting new feature: two-factor authentication (also known as 2FA). Two-factor authentication is a technology that provides identification of users with the combination of two different components. These components may be something that the user knows (like a password, UserID, etc) and something that the user possesses (a good example can be a smartphone, or USB-key, etc.)<br />
<br />
[[File:Zcs87-2fa-diagram.png]]<br />
<br />
==How it works==<br />
The use of two-factor authentication to prove your users’ identity is based on the premise that an unauthorized actor is unlikely to be able to supply both factors required for access. If, in an authentication attempt, at least one of the components is missing or incorrect, the user’s identity is not established with sufficient certainty and access to the user Zimbra Mailbox being protected by two-factor authentication remains blocked.<br />
<br />
[https://en.wikipedia.org/wiki/Two-factor_authentication (source: Wikipedia)]<br />
<br />
==How to enable it==<br />
<br />
'''Note''': [https://bugzilla.zimbra.com/show_bug.cgi?id=105056 Bug 105056] noted a problem that can occur during a rolling upgrade if two factor authentication is enabled before all mailbox servers have been upgraded to 8.7. In particular, pre-8.7 mailbox servers are not compatible with 2FA.<br />
<br />
Accordingly, it is recommended that 2FA is not enabled until all mailbox servers have been upgraded to 8.7.<br />
<br />
===Two-factor authentication Requires A License Key===<br />
To see if your Zimbra server has the two-factor authentication enabled, you can check from the CLI. If you want this feature and currently do not have it as a part of your license, '''please contact your regional sales manager''', so you can get a new license issued, with the feature enabled. - Please note the related bugs posted below. <br />
zmlicense -p | egrep -i 'Twofactor'<br />
TwoFactorAuthAccountsLimit=10000<br />
<br />
If you need to install the new license, you should do the following after installing the license to get the two-factor authentication working:<br />
zmprov fc license<br />
<br />
Or a full Zimbra Collaboration restart :<br />
zmcontrol restart<br />
<br />
=== Admin Console===<br />
The two-factor authentication feature must be enabled in the Admin Console, and it can be enabled at User or Class-of-service level. This allows precise control over the users Security. Therefore, you can enable this feature just for the most critical Mailboxes in the environment, to all users, etc.<br />
<br />
To enable it in the Admin Console: '''Home > Configure > Class of service > yourCOSname > Advanced > Two Factor Authentication'''<br />
<br />
Use the check-boxes to:<br />
* Enable two-factor authentication: enable or disable the two-factor authentication feature. User will have to setup two-factor authentication using Web Client after enable step.<br />
* Require two-step authentication: all users will need to configure the 2FA<br />
* Number of one-time codes to generate (per each user)<br />
* Enable application passcodes: for legacy applications that don’t support 2FA. You can generate exceptions codes for them.<br />
<br />
[[File:Zcs87-2fa-001.png]]<br />
<br />
===How to enable two-factor authentication feature (User Web Client)===<br />
Once the Admin has been enabled and configured the 2FA, users will see a new option under '''Preferences > Accounts > Account Security''', called '''Setup two-step authentication'''<br />
<br />
[[File:Zcs87-2fa-002.png]]<br />
<br />
If the user clicks on the '''Setup two-step authentication link''', the configuration process will begin.<br />
<br />
The first step shows a brief description about two-step authentication. The user must click on Begin Setup.<br />
<br />
[[File:Zcs87-2fa-003.png]]<br />
<br />
Next step will be introduce the user current password, if you remember the theory of 2FA, this will be “the component the user knows”. Once the user wrote the password, click on Next.<br />
<br />
[[File:Zcs87-2fa-004.png]]<br />
<br />
The next step retrieves the other component the user must have, in this case an app in the smartphone. The Two Factor authentication wizard will show a Wiki link with the OTP Apps Zimbra recommends to use.<br />
<br />
[[File:Zcs87-2fa-005.png]]<br />
<br />
Once the user has installed the App, the 2FA wizard will show a unique key that the user must enter in the Smartphone OTP App.<br />
<br />
[[File:Zcs87-2fa-006.png]]<br />
<br />
===How to Install and Configure an OTP smartphone app===<br />
In this example, I will use Google authenticator, but please visit our Wiki where you can find other options. In the App Store or Play Store, search by Google authenticator, then click '''Install'''.<br />
<br />
[[File:Zcs87-2fa-010.png|250px]]<br />
<br />
Once the app is installed, open it, and click '''Begin Setup'''.<br />
<br />
[[File:Zcs87-2fa-011.png|250px]]<br />
<br />
The app will ask if you want to configure a Manual entry or Scan a barcode. Zimbra Collaboration 8.7 supports only manual entry for now. However, [https://bugzilla.zimbra.com/show_bug.cgi?id=99511 keep in mind the next Bug] where it is being discussed to add the option to support barcodes.<br />
<br />
[[File:Zcs87-2fa-012.png|250px]]<br />
<br />
To configure the App, the users must add an email address and the unique Key from the Zimbra Web Client.<br />
<br />
[[File:Zcs87-2fa-013.png|250px]]<br />
<br />
All done! Now the app is configured and will show a 6-digit code that changes after 15 seconds.<br />
<br />
[[File:Zcs87-2fa-014.png|250px]]<br />
<br />
====Finishing the configuration in the Web Client====<br />
Once the user has the App configured and showing the 6 digit code, the user can enter the Code in the wizard window and click Next.<br />
<br />
[[File:Zcs87-2fa-007.png]]<br />
<br />
The two-step authentication feature is now enabled, and the user will be prompted for a code in each new Browser, smartphone, computer, or app where he or she tries to access the account.<br />
<br />
[[File:Zcs87-2fa-008.png]]<br />
<br />
In the users’ '''Preferences > Accounts > Account Security''' (if the Admin has enabled these options under the COS), the user will see more options like the one-time codes, Trusted devices, and Applications.<br />
as<br />
<br />
[[File:Zcs87-2fa-009.png]]<br />
<br />
==Testing Zimbra Two-factor authentication==<br />
===Testing a new Web Browser session in a new Computer===<br />
If the user now goes to another Web Browser, computer, smartphone, or if he or she tries to configure Zimbra Desktop, the user will successfully pass the two-factory authentication. For example on the Web Client:<br />
One-time Codes<br />
<br />
[[File:Zcs87-2fa-015.png]]<br />
<br />
With the two-factor authentication enabled, there may be a situation when the smartphone doesn’t have battery to answer the code challenge, or the device has been lost, etc. For cases like this, Zimbra introduces the One-time codes functionality. This function allow users to generate multiple codes to use in case of emergency. The total number of one-time codes can be configured by the Admin.<br />
<br />
The user can click on the One-time codes View option to see the codes. The user must keep the codes secure (written somewhere, in another device, etc.).<br />
<br />
[[File:Zcs87-2fa-016.png]]<br />
<br />
===Testing Zimbra Desktop with 2FA===<br />
* Pending<br />
===Testing Zimbra Connector for Outlook with 2FA===<br />
* Pending<br />
<br />
==Trusted Devices==<br />
Zimbra Web Client and Zimbra Touch Client can be specified trusted during the second stage of two-factor authentication. Once the computer/device is trusted user will only need to provide standard credentials, bypassing the two-factor code. <br />
<br />
===How to trust a computer/device===<br />
Once the user enters two-factor code in the login screen the user will have to select the check box '''Trust this computer''' and click Verify to trust the current computer/device. User can trust more than one computer/device. <br />
<br />
[[File:Trusted_Devices_1.jpg]]<br />
<br />
===How to revoke trusted computer/device===<br />
Once the user trust some computer/device user can revoke the trusted computer/device by navigating to '''Preferences > Accounts > Trusted Devices''' in Zimbra Web Client. User can revoke trust for the current device by clicking '''revoke this device''' link and all other trusted devices by clicking '''revoke all other devices''' link.<br />
<br />
[[File:Trusted_Devices_2.jpg]]<br />
<br />
==Application Passcode==<br />
Clients such as IMAP or ActiveSync do not support the UI flow needed for TOTP authentication. For these users need to generate application passcode. <br />
<br />
Application passcodes:<br />
* Randomly generated.<br />
* Can be created by giving a label and revoked by their label.<br />
* Changing account password will revoke all application passcodes.<br />
<br />
===How to create an application passcode===<br />
User can create an application passcode by navigating to '''Preferences > Accounts > Applications''' and selecting '''Add Application Code''' button. User can enter the application name in the Add Application Code dialog and click Next. Application passcode will get generated and it can be used to sign in to your account.<br />
<br />
[[File:Application_specific_passcode.png]]<br />
<br />
===How to revoke an application passcode===<br />
Once the user generates application passcode user can revoke it by navigating to '''Preferences > Accounts > Applications''' in Zimbra Web Client. User can revoke this application passcode after selecting the required name in the list.<br />
<br />
[[File:Application_passcode.png]]<br />
<br />
==Known Issues==<br />
<br />
'''Zimbra bugs'''<br />
<br />
[https://bugzilla.zimbra.com/show_bug.cgi?id=103824 Bug 103824] {AUTH} Provide 2FA configuration capability in ZCO<br />
<br />
[https://bugzilla.zimbra.com/show_bug.cgi?id=104144 Bug 104144] 2fa:ReferenceError: AjxDebug is not defined when zimbraFeatureTwoFactorAuthRequired in multinode rolling upgrade environment<br />
<br />
[https://bugzilla.zimbra.com/show_bug.cgi?id=104648 Bug 104648] allow clearing 2FA data from admin console<br />
<br />
[https://bugzilla.zimbra.com/show_bug.cgi?id=105678 Bug 105678] Application specific password entry should be purged when 2FA disabled from Admin Console<br />
<br />
'''Notes'''<br />
<br />
Disabling two-factor authentication using Admin console does not clear user's two-factor data. Admin can disable user's two-factor authentication in case user is facing issues with authentication using TOTP/scratch codes. Re-enabling user's two-factor authentication using Admin console after user's problem has got resolved will allow user to use two-factor authentication.<br />
In future, [https://bugzilla.zimbra.com/show_bug.cgi?id=104648 Bug 104648] will allow Admin to clear user's two-factor data.<br />
<br />
'''Third party issues'''<br />
<br />
'''Issue - Mail client issues with application passcode'''<br />
<br />
Scenario: User's zimbra account is configured on EWS Apple Mail and Thunderbird (IMAP/POP3). User enables 2FA using Web client, adds application passcodes for Apple Mail and Thunderbird applications. <br />
<br />
Expected behavior: <br />
Both clients (Apple Mail) and Thunderbird should prompt for new password, user if enters application passcode, authentication should succeed.<br />
<br />
Current behavior: <br />
* EWS Apple Mail app complains about connection failure and provides option to enter new password, wherein entering correct application passcode does not work. Only option is to Edit Account and provide new password, which works correctly.<br />
<br />
* Thunderbird (IMAP/POP3) prompts for new password after some time (after few minutes or sometimes after restarting client)<br />
<br />
==Additonal Content==<br />
* <br />
==Identified Support Issues==<br />
* No Support issues reported yet.<br />
<br />
{{Article Footer|Zimbra Collaboration Suite 8.7|02/03/2016}}<br />
{{NeedSME|SME1|SME2|Copyeditor}}<br />
[[Category:ZCS 8.7]]</div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=Zimbra_dependencies_per_Operating_System&diff=65036Zimbra dependencies per Operating System2018-01-18T17:43:21Z<p>Jorge de la Cruz: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Zimbra dependencies per Operating System=<br />
{{KB|{{ZC}}||{{ZCS 8.8}}{{ZCS 8.7}}|{{ZCS 8.6}}|{{ZCS 8.0}}}}<br />
{{WIP}}<br />
==Purpose==<br />
Before installing Zimbra Collaboration 8.0.x, 8.5.x, 8.6.x or later, some dependencies must be installed. The specific dependencies can vary per operating system.<br />
<br />
==Resolution==<br />
Below is a list by Zimbra Collaboration version and operating system of the required dependencies:<br />
<br />
===Zimbra 8.7.x and above===<br />
Starting from Zimbra Collaboration 8.7 and above, Zimbra relies in our own repository packaging system, which means the Zimbra installation script take care of the OS dependencies automatically.<br />
<br />
===Zimbra 8.6.x===<br />
<br />
'''Ubuntu 14.04'''<br />
sudo apt-get install -y netcat-openbsd sudo libidn11 libpcre3 libgmp10 libexpat1 libstdc++6 libperl5.18 libaio1 resolvconf unzip pax sysstat sqlite3<br />
<br />
*Add the libreoffice package to use the High Fidelity Document Preview feature<br />
<br />
'''Ubuntu 12.04'''<br />
sudo apt-get install -y netcat-openbsd sudo libidn11 libpcre3 libgmp3c2 libexpat1 libstdc++6 libperl5.14 libaio1 resolvconf unzip pax perl-5.10.1 sysstat sqlite3<br />
<br />
*Add the libreoffice package to use the High Fidelity Document Preview feature<br />
<br />
'''RHEL7 64'''<br />
yum install nmap-ncat sudo libidn gmp libaio libstdc++ unzip perl-5.10.1 sysstat sqlite<br />
<br />
*Add the libreoffice and libreoffice-headless package to use the High Fidelity Document Preview feature<br />
<br />
'''RHEL6 64'''<br />
yum install nc sudo libidn gmp libaio libstdc++ unzip perl-core perl-5.16.3 sysstat sqlite<br />
<br />
*Add the libreoffice and libreoffice-headless package to use the High Fidelity Document Preview feature<br />
<br />
'''SLES11 64'''<br />
perl-5.10.0 sysstat sqlite3<br />
<br />
*Add the libreoffice package to use the High Fidelity Document Preview feature<br />
<br />
===Zimbra 8.0.x===<br />
<br />
'''Ubuntu 14.04'''<br />
sudo apt-get install -y netcat-openbsd sudo libidn11 libpcre3 libgmp10 libexpat1 libstdc++6 libperl5.18 libaio1 unzip pax sysstat sqlite3<br />
<br />
'''Ubuntu 12.04'''<br />
sudo apt-get install -y netcat-openbsd sudo libidn11 libpcre3 libgmp3c2 libexpat1 libstdc++6 libperl5.14 libaio1 pax perl-5.14.2 sysstat sqlite3<br />
<br />
'''Ubuntu 10.04'''<br />
sudo apt-get install -y netcat-openbsd sudo libidn11 libpcre3 libgmp3c2 libexpat1 libstdc++6 libperl5.10 libaio1 pax perl-5.10.1 sysstat sqlite3<br />
<br />
'''RHEL7 64'''<br />
yum install nmap-ncat sudo libidn gmp libaio libstdc++ unzip perl-core perl-5.16.3 sysstat sqlite<br />
<br />
'''RHEL6 64'''<br />
yum install nc sudo libidn gmp libaio perl-5.10.1 sysstat sqlite<br />
<br />
'''SLES11 64'''<br />
netcat sudo libidn gmp libaio perl-5.10.0 sysstat sqlite3<br />
<br />
==Additional Content==<br />
No additional content.<br />
<br />
{{Article Footer|Zimbra Collaboration 8.7, 8.6, 8.0|02/20/2015}}<br />
{{NeedSME|Fred|Jorge|Jenny}}</div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=Zimbra_Server_Roles_Overview&diff=65035Zimbra Server Roles Overview2018-01-18T17:42:31Z<p>Jorge de la Cruz: </p>
<hr />
<div>{{BC|Community Sandbox}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
= Zimbra Server Roles Overview =<br />
{{KB|{{Unsupported}}|{{ZCS 8.8}}|{{ZCS 8.7}}|{{ZCS 8.6}}|}}<br />
{{WIP}}<br />
Below the roles, with a small description, that you can find in Zimbra with their acronym.<br />
<br />
==Message Transfer Agent (MTA) ==<br />
The Zimbra MTA (Mail Transfer Agent) receives mail via SMTP and routes each message, using Local Mail Transfer Protocol (LMTP), to the appropriate Zimbra mailstore server.<br />
The Zimbra MTA server includes the following programs:<br />
* Postfix for mail routing<br />
* ClamAV Antivirus engine<br />
* Amavis Content filter<br />
* SpamAssassin and DSPAM, Spam filters.<br />
<br />
== Proxy Server (Proxy) ==<br />
The Zimbra Proxy is a high performance POP/IMAP/HTTP Nginx proxy server that allows end users to access their Zimbra Collaboration Server (ZCS) account using end clients such as Web Browsers, SmartPhone, Outlook, Thunderbird, or other POP/IMAP end client software. End users can connect using HTTP/S, ActiveSync, EWS, POP3/S and IMAP/S.<br />
<br />
== Mailstore (MBS) ==<br />
The Mailstore is where all email messages and file attachments reside. Messages are stored in MIME format as regular files on the message file system (MFS). A message that is sent to multiple recipients who have accounts on one mailbox server is stored only once in the file system (thereby reducing storage overhead). The data store is a MariaDB database where internal mailbox IDs are linked with user accounts. The data store maps the mailbox IDs to users’ OpenLDAP accounts. This database contains each user’s set of tag definitions, folders, calendar schedules and contacts, as well as the status of each mail message - read, unread, tags associated to message, and folder the message resides in. Index and search technology is provided through Lucene and index files are maintained for each individual mailbox.<br />
<br />
== LDAP Master (LDAP M) ==<br />
ZCS has its own OpenLDAP integrated solution as part of our architecture at point of install. The Zimbra LDAP directory service is used to look up email delivery addresses both from internal and external LDAP servers as well. ZCS supports the proxying of user login and access to the Global Address List (GAL) to an existing enterprise directory such as Microsoft Active Directory or other LDAP-compliant directories. Zimbra support LDAP Multi-Master role to <br />
provide the same level of service if an incident occurs on the first LDAP Master.<br />
<br />
== LDAP Replicas (LDAP R)==<br />
To provide scalability and redundancy the Master LDAP server can be horizontally scaled by deploying multiple LDAP Replica servers.<br />
<br />
{{Article Footer|Zimbra Collaboration Suite 8.5, 8.6, 8.7|07/15/2015}}<br />
{{NeedSME|SME1|SME2|Copyeditor}}</div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=Zimbra_Collaboration_repository&diff=65033Zimbra Collaboration repository2018-01-18T17:40:27Z<p>Jorge de la Cruz: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Zimbra Collaboration Repository=<br />
{{KB|{{ZC}}|{{ZCS 8.8}}|{{ZCS 8.7}}||}}<br />
<br />
=How it works=<br />
Starting in Zimbra Collaboration 8.7, Zimbra uses repositories for 3rd party packages, in the first step towards having the whole product fully installable from repositories.<br />
<br />
[[File:Zimbra-repository.png|800px]]<br />
<br />
=How to create a local repository=<br />
Many Customers do not allow Internet access from their servers to the Internet, which means Zimbra's 8.7 installer will not be able to reach the Zimbra repository and be able to finish the Installation.<br />
<br />
In order to successfully install Zimbra 8.7 within such a network, this Wiki will cover all the steps needed to create a local Zimbra mirror where a Company can clone our repo to a mirror, and the rest of the internal servers will take the needed packages locally from the mirror server. Section B in the image above is an example of this type of layout.<br />
<br />
==Creating a local repository using an Ubuntu OS==<br />
Follow these steps to create a local repository or mirror using Ubuntu OS for the dedicated server.<br />
<br />
First step will be sure we have the latest packages:<br />
apt-get update<br />
===Installing Python===<br />
Then we need to install the python packages:<br />
apt-get install python-pip<br />
<br />
===Installing Amazon Web Services CLI===<br />
Once we have installed python, it's time to install the Amazon Web Services CLI, by running the next command<br />
pip install awscli<br />
<br />
===Cloning the packages from our Official Repository ===<br />
It's time to download all the packages from our official Repository to the local folder, first step it's create the local folder<br />
root@repo:~#mkdir /var/repositories<br />
root@repo:~#cd /var/repositories<br />
====Cloning the packages for Ubuntu====<br />
If you are planning to install Zimbra on your Ubuntu VM/Servers, then run the next command to download the Ubuntu packages:<br />
root@repo:~# /usr/local/bin/aws s3 sync s3://repo.zimbra.com/apt/87 ./apt/87 --no-sign-request --delete<br />
====Cloning the packages for RHEL/CentOS====<br />
If you are planning to install Zimbra on your RHEL/CentOS VM/Servers, then run the next command to download the RHEL/CentOS packages:<br />
root@repo:~#aws s3 sync s3://repo.zimbra.com/rpm/87 ./rpm/87 --no-sign-request --delete<br />
<br />
===Installing & configuring Nginx===<br />
Then we need to serve the packages using nginx, let's start for the basic steps to install nginx:<br />
root@repo:~# apt-get install nginx<br />
<br />
Zimbra strongly recommends using a valid SSL certificate for the repository server. Put the '''zimbra-wilcard.crt''' (must contain the CRT and the CA) and the '''zimbra-wilcard.key''' inside the next folder:<br />
root@repo:~# mkdir /etc/nginx/certs<br />
Let's go now to configure our Nginx server, first backup the default config and create a new one:<br />
root@repo:~# mv /etc/nginx/sites-available/default /etc/nginx/sites-available/default.bak<br />
root@repo:~# touch /etc/nginx/sites-available/default<br />
You can use the next example to fill your Repository configuration<br />
<pre>root@repo:~# vi /etc/nginx/sites-available/default<br />
server {<br />
listen 443 ssl;<br />
ssl_certificate /etc/nginx/certs/zimbra-wilcard.crt;<br />
ssl_certificate_key /etc/nginx/certs/zimbra-wilcard.key;<br />
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;<br />
ssl_ciphers HIGH:!aNULL:!MD5;<br />
## Let your repository be the root directory<br />
root /var/repositories;<br />
<br />
## Always good to log<br />
access_log /var/log/nginx/repo.access.log;<br />
error_log /var/log/nginx/repo.error.log;<br />
<br />
## Prevent access to Reprepro's files<br />
location ~ /(db|conf) {<br />
deny all;<br />
return 404;<br />
}<br />
}</pre><br />
And, restart your nginx service<br />
<pre>root@repo:~# service nginx restart<br />
* Restarting nginx nginx<br />
...done.</pre><br />
<br />
==Creating a local repository using a RHEL/CentOS==<br />
Pending<br />
===Installing Python===<br />
Then we need to install the python packages: <br />
yum install python-pip<br />
<br />
===Installing Amazon Web Services CLI===<br />
Once we have installed python, it's time to install the Amazon Web Services CLI, by running the next command<br />
pip install awscli<br />
<br />
===Cloning the packages from our Official Repository ===<br />
It's time to download all the packages from our official Repository to the local folder, first step it's create the local folder<br />
<br />
root@repo:~#mkdir /var/repositories<br />
root@repo:~#cd /var/repositories<br />
<br />
====Cloning the packages for Ubuntu====<br />
If you are planning to install Zimbra on your Ubuntu VM/Servers, then run the next command to download the Ubuntu packages:<br />
<br />
root@repo:~# aws s3 sync s3://repo.zimbra.com/apt/87 ./apt/87 --no-sign-request --delete<br />
<br />
====Cloning the packages for RHEL/CentOS====<br />
If you are planning to install Zimbra on your RHEL/CentOS VM/Servers, then run the next command to download the RHEL/CentOS packages:<br />
<br />
root@repo:~# aws s3 sync s3://repo.zimbra.com/rpm/87 ./rpm/87 --no-sign-request --delete<br />
<br />
===Installing & configuring Nginx===<br />
Then we need to serve the packages using nginx, let's start for the basic steps to install nginx:<br />
<br />
root@repo:~# yum install nginx<br />
<br />
Zimbra strongly recommends using a valid SSL certificate for the repository server. Put the zimbra-wilcard.crt (must contain the CRT and the CA) and the zimbra-wilcard.key inside the next folder:<br />
<br />
root@repo:~# mkdir /etc/nginx/certs<br />
<br />
Let's go now to configure our Nginx server, first backup the default config and create a new one:<br />
<br />
root@repo:~# mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.bak<br />
root@repo:~# mv /etc/nginx/conf.d/ssl.conf /etc/nginx/conf.d/ssl.conf.bak<br />
root@repo:~# touch /etc/nginx/conf.d/default.conf<br />
<br />
You can use the next example to fill your Repository configuration<br />
<br />
root@repo:~# cat > /etc/nginx/conf.d/default.conf <<EOF<br />
server {<br />
listen 443 ssl;<br />
ssl_certificate /etc/nginx/certs/zimbra-wilcard.crt;<br />
ssl_certificate_key /etc/nginx/certs/zimbra-wilcard.key;<br />
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;<br />
ssl_ciphers HIGH:!aNULL:!MD5;<br />
## Let your repository be the root directory<br />
root /var/repositories;<br />
<br />
## Always good to log<br />
access_log /var/log/nginx/repo.access.log;<br />
error_log /var/log/nginx/repo.error.log;<br />
<br />
## Prevent access to Reprepro's files<br />
location ~ /(db|conf) {<br />
deny all;<br />
return 404;<br />
}<br />
}<br />
EOF<br />
<br />
And, restart your nginx service<br />
<br />
root@repo:~# service nginx restart<br />
* Restarting nginx nginx<br />
...done.<br />
<br />
=How to configure the Zimbra Server for Ubuntu=<br />
In this demo scenario, will install a new instance of Zimbra Collaboration server with Ubuntu as the operating system<br />
<br />
==Configure the sources list==<br />
You must add your local repository to your Ubuntu Configuration, please note you must change (kernel of) precise to trusty (Ubuntu 14.04) if you are running Ubuntu 12.04:<br />
root@zimbra86:~/# cat > /etc/apt/sources.list.d/zimbra.list << EOF<br />
deb [arch=amd64] https://repo.domain.tld/apt/87 trusty zimbra<br />
deb-src [arch=amd64] https://repo.domain.tld/apt/87 trusty zimbra<br />
EOF<br />
<br />
==Adding the Zimbra Repository key==<br />
You must add the next Zimbra key to the apt keychain<br />
root@zimbra86:~# apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 9BE6ED79<br />
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/tmp.FfpLxMcUiQ --no-auto-check-trustdb --trust-model always --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyserver keyserver.ubuntu.com --recv-keys 9BE6ED79<br />
gpg: requesting key 9BE6ED79 from hkp server keyserver.ubuntu.com<br />
gpg: key 9BE6ED79: public key "Zimbra Packaging Services <packaging-devel@zimbra.com>" imported<br />
gpg: Total number processed: 1<br />
gpg: imported: 1 (RSA: 1)<br />
<br />
==Check if the Zimbra Server is ready==<br />
You can check if everything is alright by running the next commands, where you can search by one Zimbra package:<br />
root@repo:~# apt-get update<br />
root@repo:~# aptitude search zimbra-nginx<br />
p zimbra-nginx - nginx Binaries <br />
p zimbra-nginx-dbg - nginx binary debug information<br />
<br />
=How to configure the Zimbra Server for RHEL/CentOS =<br />
In this demo scenario, will install a new instance of Zimbra Collaboration server with RHEL/CentOS as the operating system<br />
<br />
==Configure the yum repository==<br />
You must add your local repository to your RHEL/CentOS Configuration :<br />
root@zimbra86:~# cat > /etc/yum.repos.d/zimbra.repo <<EOF<br />
[zimbra]<br />
name=Zimbra RPM Repository<br />
baseurl=https://repo.domain.tld/rpm/87/rhel\$releasever<br />
gpgcheck=1<br />
enabled=1 <br />
EOF<br />
<br />
==Adding the Zimbra Repository key==<br />
You must add the next Zimbra key to the apt keychain<br />
root@zimbra86:~# rpm --import https://files.zimbra.com/downloads/security/public.key<br />
<br />
== (Optional) Enable Selinux ==<br />
In order to make the repository works with Selinux you can add the repository folder into the http security context :<br />
chcon -Rt httpd_sys_content_t /var/repositories/<br />
<br />
== (Optional) Enable Yum with Self Signed Certificate ==<br />
In order to make the repository works with the self signed certificate you need to add this option to your /etc/yum.conf :<br />
sslverify=false<br />
<br />
==Check if the Zimbra Server is ready==<br />
You can check if everything is alright by running the next commands, where you can search by one Zimbra package:<br />
root@zimbra86:~# yum search zimbra<br />
zimbra-altermime.x86_64 : Zimbra's altermime build<br />
zimbra-amavis-logwatch.x86_64 : Zimbra's amavis-logwatch build<br />
zimbra-amavisd.x86_64 : Zimbra's amavisd build<br />
<br />
=Installing Zimbra Collaboration 8.7=<br />
Last but not least, download the Zimbra Collaboration 8.7 package and run the '''./install.sh''' as usual.<br />
*Note: You will not need to install the OS dependencies like in the past, the new Zimbra Collaboration 8.7 installation script take care of it<br />
<br />
During the question about use '''Zimbra's package repository''', '''type N''', so the system will use your local repository<br />
Use Zimbra's package repository [Y] n<br />
<br />
The installation will continue as usual, and will finish properly.<br />
<br />
=Keep the local Repository up to date=<br />
The challenge while using local repository is keep it up to date, you must run the next commands always before run any upgrade or update on the Zimbra Servers<br />
aws s3 sync s3://repo.zimbra.com/apt/87 /var/repositories/apt/87 --no-sign-request --delete<br />
aws s3 sync s3://repo.zimbra.com/rpm/87 /var/repositories/rpm/87 --no-sign-request --delete<br />
<br />
== Using Cron ==<br />
You can keep up to date your repository by putting theses lines into your crontab to update the local repo at 3:30 am every day :<br />
<br />
30 3 * * * /usr/bin/aws s3 sync s3://repo.zimbra.com/apt/87 /var/repositories/apt/87 --no-sign-request --delete<br />
30 3 * * * /usr/bin/aws s3 sync s3://repo.zimbra.com/rpm/87 /var/repositories/rpm/87 --no-sign-request --delete<br />
<br />
=Known issues=<br />
==SSL issues==<br />
This error it's not related to Zimbra, but sometimes if you don't have a valid CA, or the CA is missing in the .crt file that you use for Nginx, when run apt-get update on the Zimbra server you can see the next error:<br />
W: Failed to fetch https://repo.domain.tld/87/dists/precise/zimbra/source/Sources server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none<br />
You can fix it by adding your CA inside the '''/etc/ssl/certs/ca-certificates.crt''' on the Zimbra server<br />
<br />
==Identified Support Issues==<br />
* No Support issues reported yet.<br />
<br />
{{Article Footer|Zimbra Collaboration Suite 8.7|04/04/2016}}<br />
{{NeedSME|Jorge|SME2|Copyeditor}}<br />
[[Category:ZCS 8.7]]</div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=Zimbra_Collaboration_Postscreen&diff=65032Zimbra Collaboration Postscreen2018-01-18T17:40:09Z<p>Jorge de la Cruz: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Zimbra Collaboration Postscreen=<br />
{{KB|{{ZC}}|{{ZCS 8.8}}|{{ZCS 8.7}}||}}<br />
<br />
Starting with Zimbra Collaboration 8.7 and above, Zimbra introduces Postscreen like an additional Anti-SPAM strategy. Zimbra Postscreen provides additional protection against mail server overload. One postscreen process handles multiple inbound SMTP connections, and decides which clients may talk to a Post-fix SMTP server process. By keeping spambots away, postscreen leaves more SMTP server processes available for legitimate clients, and delays the onset of server overload conditions.<br />
<br />
Zimbra Collaboration Postscreen should not be used on SMTP ports that receive mail from end-user clients (MUAs). In a typical deployment, postscreen handles the MX service on TCP port 25, while MUA clients submit mail via the submission service on TCP port 587 which requires client authentication. Alternatively, a site could set up a dedicated, non-postscreen, "port 25" server that provides submission service and client authentication, but no MX service.<br />
<br />
Zimbra Collaboration Postscreen maintains a temporary white-list for clients that have passed a number of tests. When an SMTP client IP address iswhitelisted, postscreen hands off the connection immediately to a Postfix SMTP server process. This minimizes the overhead for legitimate mail.<br />
<br />
In a typical production setting, postscreen is configured to reject mail from clients that fail one or more tests. Zimbra Collaboration Postscreen logs rejected mail with the client address, helo, sender and recipient information.<br />
<br />
Zimbra Collaboration Postscreen is not an SMTP proxy; this is intentional. The purpose is to keep spambots away from Postfix SMTP server processes, while minimizing overhead for legitimate traffic.<br />
<br />
==How it works==<br />
===Scenario without Postscreen===<br />
A typical scenario without Postscreen, and without other Anti-SPAM security, will suffer of this common Problem, where bot and zombies talks with all the smtpd listeners that Zimbra is offering.<br />
<br />
In this scenario, the good connections, or called '''other''' in this diagram, must wait until the bot or zombie finishes the communication, which sometimes can create a Timeout Error on Postfix for the good connections:<br />
Mar 01 19:29:54 zimbrauk postfix/smtpd[24266]: timeout after RCPT from mail.example.com[60.60.60.70]<br />
<br />
[[File:Postscreen-001.png]]<br />
<br />
===Scenario with Postscreen===<br />
A typical scenario with Postscreen, where bot and zombies talks with Postscreen, who do all the basic checks, and who can deny the connection if the message is clearly from a bot or zombie, if the connection is not in the temporary whitelist, Postscreen will pass the Email to the local Anti-SPAM and Anti-Virus engines, who can accept it or deny it as usual. You can see how is the Mail Flow in Postscreen on the section below.<br />
<br />
In this scenario, the good connections, or called '''other''' in this diagram, pass the Postscreen security and talks directly with the smtp daemon, who will scan the Email as usual with the AS/AV. All the bot or zombie are rejected by default.<br />
<br />
[[File:Postscreen-002.png]]<br />
<br />
===Postscreen workflow===<br />
See attached the workflow for Zimbra Collaboration Postscreen<br />
<br />
[[File:Postscreen-003.png]]<br />
<br />
==Zimbra attributes for Postscreen==<br />
Here you can find all the new attributes for Postscreen, and the link to the original Postfix description help per attribute.<br />
<br />
Please note the difference between the ignore, enforce and drop for certain attributes:<br />
* '''ignore (default) -''' Ignore this result. Allow other tests to complete. Repeat this test the next time the client connects. This option is useful for testing and collecting statistics without blocking mail.<br />
* '''enforce -''' Allow other tests to complete. Reject attempts to deliver mail with a 550 SMTP reply, and log the helo/sender/recipient information. Repeat this test the next time the client connects.<br />
* '''drop -''' Drop the connection immediately with a 521 SMTP reply. Repeat this test the next time the client connects.<br />
<br />
{| class="wikitable"<br />
! align="left" style="color:white;" bgcolor="#1785c2" text-align: left;" | Name<br />
! align="left" style="color:white;" bgcolor="#1785c2" text-align: left;" | Description<br />
! align="left" style="color:white;" bgcolor="#1785c2" text-align: center;" | Type<br />
! align="left" style="color:white;" bgcolor="#1785c2" text-align: center;" | Optional in<br />
! align="left" style="color:white;" bgcolor="#1785c2" text-align: center;" | Default value<br />
! align="left" style="color:white;" bgcolor="#1785c2" text-align: center;" | Options<br />
|-<br />
| zimbraMtaPostscreenAccessList<br />
| Value for postconf [http://www.postfix.org/postconf.5.html#postscreen_access_list '''postscreen_access_list''']. Single valued, commas,separated list.<br />
| style="text-align: center;" | string<br />
| style="text-align: center;" | server,globalConfig<br />
| style="text-align: center;" | permit_mynetworks<br />
| style="text-align: center;" | <br />
|-<br />
| zimbraMtaPostscreenBareNewlineAction<br />
| Value for postconf [http://www.postfix.org/postconf.5.html#postscreen_bare_newline_action '''postscreen_bare_newline_action'''].<br />
| style="text-align: center;" | enum<br />
| style="text-align: center;" | server,globalConfig<br />
| style="text-align: center;" | ignore<br />
| style="text-align: center;" | ignore,enforce,drop<br />
|-<br />
| zimbraMtaPostscreenBareNewlineEnable<br />
| Value for postconf [http://www.postfix.org/postconf.5.html#postscreen_bare_newline_enable '''postscreen_bare_newline_enable'''].<br />
| style="text-align: center;" | enum<br />
| style="text-align: center;" | server,globalConfig<br />
| style="text-align: center;" | no<br />
| style="text-align: center;" | yes,no<br />
|-<br />
| zimbraMtaPostscreenBareNewlineTTL<br />
| Value for postconf [http://www.postfix.org/postconf.5.html#postscreen_bare_newline_ttl '''postscreen_bare_newline_ttl'''].<br />
| style="text-align: center;" | string<br />
| style="text-align: center;" | server,globalConfig<br />
| style="text-align: center;" | 30d<br />
| style="text-align: center;" | <br />
|-<br />
| zimbraMtaPostscreenBlacklistAction<br />
| Value for postconf [http://www.postfix.org/postconf.5.html#postscreen_blacklist_action '''postscreen_blacklist_action'''].<br />
| style="text-align: center;" | enum<br />
| style="text-align: center;" | server,globalConfig<br />
| style="text-align: center;" | ignore<br />
| style="text-align: center;" | ignore,enforce,drop<br />
|-<br />
| zimbraMtaPostscreenCacheCleanupInterval<br />
| Value for postconf [http://www.postfix.org/postconf.5.html#postscreen_cache_cleanup_interval '''postscreen_cache_cleanup_interval'''].<br />
| style="text-align: center;" | string<br />
| style="text-align: center;" | server,globalConfig<br />
| style="text-align: center;" | 12h<br />
| style="text-align: center;" | <br />
|-<br />
| zimbraMtaPostscreenCacheRetentionTime<br />
| Value for postconf [http://www.postfix.org/postconf.5.html#postscreen_cache_retention_time '''postscreen_cache_retention_time'''].<br />
| style="text-align: center;" | string<br />
| style="text-align: center;" | server,globalConfig<br />
| style="text-align: center;" | 7d<br />
| style="text-align: center;" | <br />
|-<br />
| zimbraMtaPostscreenCommandCountLimit<br />
| Value for postconf [http://www.postfix.org/postconf.5.html#postscreen_command_count_limit '''postscreen_command_count_limit'''].<br />
| style="text-align: center;" | integer<br />
| style="text-align: center;" | server,globalConfig<br />
| style="text-align: center;" | 20<br />
| style="text-align: center;" | <br />
|-<br />
| zimbraMtaPostscreenDnsblAction<br />
| Value for postconf [http://www.postfix.org/postconf.5.html#postscreen_dnsbl_action '''postscreen_dnsbl_action'''].<br />
| style="text-align: center;" | enum<br />
| style="text-align: center;" | server,globalConfig<br />
| style="text-align: center;" | ignore<br />
| style="text-align: center;" | ignore,enforce,drop<br />
|-<br />
| zimbraMtaPostscreenDnsblSites<br />
| Value for postconf [http://www.postfix.org/postconf.5.html#postscreen_dnsbl_sites '''postscreen_dnsbl_sites''']. Multi valued, one DNSBL,value pair per attribute value.<br />
| style="text-align: center;" | string<br />
| style="text-align: center;" | server,globalConfig<br />
| style="text-align: center;" | <br />
| style="text-align: center;" | <br />
|-<br />
| zimbraMtaPostscreenDnsblThreshold<br />
| Value for postconf [http://www.postfix.org/postconf.5.html#postscreen_dnsbl_threshold '''postscreen_dnsbl_threshold'''].<br />
| style="text-align: center;" | integer<br />
| style="text-align: center;" | server,globalConfig<br />
| style="text-align: center;" | 1<br />
| style="text-align: center;" | <br />
|-<br />
| zimbraMtaPostscreenDnsblTTL<br />
| Value for postconf [http://www.postfix.org/postconf.5.html#postscreen_dnsbl_ttl '''postscreen_dnsbl_ttl'''].<br />
| style="text-align: center;" | string<br />
| style="text-align: center;" | server,globalConfig<br />
| style="text-align: center;" | 1h<br />
| style="text-align: center;" | <br />
|-<br />
| zimbraMtaPostscreenDnsblWhitelistThreshold<br />
| Value for postconf [http://www.postfix.org/postconf.5.html#postscreen_dnsbl_whitelist_threshold '''postscreen_dnsbl_whitelist_threshold'''].<br />
| style="text-align: center;" | integer<br />
| style="text-align: center;" | server,globalConfig<br />
| style="text-align: center;" | 0<br />
| style="text-align: center;" | <br />
|-<br />
| zimbraMtaPostscreenGreetAction<br />
| Value for postconf [http://www.postfix.org/postconf.5.html#postscreen_greet_action '''postscreen_greet_action'''].<br />
| style="text-align: center;" | enum<br />
| style="text-align: center;" | server,globalConfig<br />
| style="text-align: center;" | ignore<br />
| style="text-align: center;" | ignore,enforce,drop<br />
|-<br />
| zimbraMtaPostscreenGreetTTL<br />
| Value for postconf [http://www.postfix.org/postconf.5.html#postscreen_greet_ttl '''postscreen_greet_ttl'''].<br />
| style="text-align: center;" | string<br />
| style="text-align: center;" | server,globalConfig<br />
| style="text-align: center;" | 1d<br />
| style="text-align: center;" | <br />
|-<br />
| zimbraMtaPostscreenNonSmtpCommandAction<br />
| Value for postconf [http://www.postfix.org/postconf.5.html#postscreen_non_smtp_command_action '''postscreen_non_smtp_command_action'''].<br />
| style="text-align: center;" | enum<br />
| style="text-align: center;" | server,globalConfig<br />
| style="text-align: center;" | drop<br />
| style="text-align: center;" | ignore,enforce,drop<br />
|-<br />
| zimbraMtaPostscreenNonSmtpCommandEnable<br />
| Value for postconf [http://www.postfix.org/postconf.5.html#postscreen_non_smtp_command_enable '''postscreen_non_smtp_command_enable'''].<br />
| style="text-align: center;" | enum<br />
| style="text-align: center;" | server,globalConfig<br />
| style="text-align: center;" | no<br />
| style="text-align: center;" | yes,no<br />
|-<br />
| zimbraMtaPostscreenNonSmtpCommandTTL<br />
| Value for postconf [http://www.postfix.org/postconf.5.html#postscreen_non_smtp_command_ttl '''postscreen_non_smtp_command_ttl'''].<br />
| style="text-align: center;" | string<br />
| style="text-align: center;" | server,globalConfig<br />
| style="text-align: center;" | 30d<br />
| style="text-align: center;" | <br />
|-<br />
| zimbraMtaPostscreenPipeliningAction<br />
| Value for postconf [http://www.postfix.org/postconf.5.html#postscreen_pipelining_action '''postscreen_pipelining_action'''].<br />
| style="text-align: center;" | enum<br />
| style="text-align: center;" | server,globalConfig<br />
| style="text-align: center;" | enforce<br />
| style="text-align: center;" | ignore,enforce,drop<br />
|-<br />
| zimbraMtaPostscreenPipeliningEnable<br />
| Value for postconf [http://www.postfix.org/postconf.5.html#postscreen_pipelining_enable '''postscreen_pipelining_enable'''].<br />
| style="text-align: center;" | enum<br />
| style="text-align: center;" | server,globalConfig<br />
| style="text-align: center;" | no<br />
| style="text-align: center;" | yes,no<br />
|-<br />
| zimbraMtaPostscreenPipeliningTTL<br />
| Value for postconf [http://www.postfix.org/postconf.5.html#postscreen_pipelining_ttl '''postscreen_pipelining_ttl'''].<br />
| style="text-align: center;" | string<br />
| style="text-align: center;" | server,globalConfig<br />
| style="text-align: center;" | 30d<br />
| style="text-align: center;" | <br />
|-<br />
| zimbraMtaPostscreenWatchdogTimeout<br />
| Value for postconf [http://www.postfix.org/postconf.5.html#postscreen_watchdog_timeout '''postscreen_watchdog_timeout'''].<br />
| style="text-align: center;" | string<br />
| style="text-align: center;" | server,globalConfig<br />
| style="text-align: center;" | 10s<br />
| style="text-align: center;" | <br />
|-<br />
| zimbraMtaPostscreenWhitelistInterfaces<br />
| Value for postconf [http://www.postfix.org/postconf.5.html#postscreen_whitelist_interfaces '''postscreen_whitelist_interfaces''']. Single valued,,comma separated list.<br />
| style="text-align: center;" | string<br />
| style="text-align: center;" | server,globalConfig<br />
| style="text-align: center;" | static:all<br />
| style="text-align: center;" | <br />
|-<br />
| zimbraMtaPostscreenDnsblMinTTL<br />
| Value for postconf [http://www.postfix.org/postconf.5.html#postscreen_dnsbl_min_ttl '''postscreen_dnsbl_min_ttl'''].<br />
| style="text-align: center;" | tbd<br />
| style="text-align: center;" | server,globalConfig<br />
| style="text-align: center;" | tbd<br />
| style="text-align: center;" | 60s<br />
|-<br />
| zimbraMtaPostscreenDnsblMaxTTL<br />
| Value for postconf [http://www.postfix.org/postconf.5.html#postscreen_dnsbl_max_ttl '''postscreen_dnsbl_max_ttl'''].<br />
| style="text-align: center;" | tbd<br />
| style="text-align: center;" | server,globalConfig<br />
| style="text-align: center;" | tbd<br />
| style="text-align: center;" | tbd<br />
|-<br />
| zimbraMtaPostscreenUpstreamProxyProtocol<br />
| Value for postconf [http://www.postfix.org/postconf.5.html#postscreen_upstream_proxy_protocol '''postscreen_upstream_proxy_protocol''']. Single valued, commas,separated list.<br />
| style="text-align: center;" | enum<br />
| style="text-align: center;" | server,globalConfig<br />
| style="text-align: center;" | <br />
| style="text-align: center;" | <br />
|}<br />
<br />
==How to enable it==<br />
Zimbra Collaboration Postscreen comes enabled by default in ZCS 8.7 or above, take a look to the previous Table where find all the defaults values per each Postscreen attribute.<br />
<br />
===Quick Example configuring Postscreen===<br />
Each scenario can be different, so please tune the next values according to your own Environment, in this case all values are set at GlobalConfig level:<br />
This configuration is '''medium/high level''', enforcing a few attributes instead of ignore, change them to drop for higher level of security<br />
zmprov mcf zimbraMtaPostscreenAccessList permit_mynetworks<br />
zmprov mcf zimbraMtaPostscreenBareNewlineAction ignore<br />
zmprov mcf zimbraMtaPostscreenBareNewlineEnable no<br />
zmprov mcf zimbraMtaPostscreenBareNewlineTTL 30d<br />
zmprov mcf zimbraMtaPostscreenBlacklistAction ignore<br />
zmprov mcf zimbraMtaPostscreenCacheCleanupInterval 12h<br />
zmprov mcf zimbraMtaPostscreenCacheRetentionTime 7d<br />
zmprov mcf zimbraMtaPostscreenCommandCountLimit 20<br />
zmprov mcf zimbraMtaPostscreenDnsblAction enforce<br />
zmprov mcf zimbraMtaPostscreenDnsblSites 'b.barracudacentral.org=127.0.0.2*7' zimbraMtaPostscreenDnsblSites 'dnsbl.inps.de=127.0.0.2*7' zimbraMtaPostscreenDnsblSites 'zen.spamhaus.org=127.0.0.[10;11]*8' zimbraMtaPostscreenDnsblSites 'zen.spamhaus.org=127.0.0.[4..7]*6' zimbraMtaPostscreenDnsblSites 'zen.spamhaus.org=127.0.0.3*4' zimbraMtaPostscreenDnsblSites 'zen.spamhaus.org=127.0.0.2*3' zimbraMtaPostscreenDnsblSites 'list.dnswl.org=127.0.[0..255].0*-2' zimbraMtaPostscreenDnsblSites 'list.dnswl.org=127.0.[0..255].1*-3' zimbraMtaPostscreenDnsblSites 'list.dnswl.org=127.0.[0..255].2*-4' zimbraMtaPostscreenDnsblSites 'list.dnswl.org=127.0.[0..255].3*-5' zimbraMtaPostscreenDnsblSites 'bl.mailspike.net=127.0.0.2*5' zimbraMtaPostscreenDnsblSites 'bl.mailspike.net=127.0.0.[10;11;12]*4' zimbraMtaPostscreenDnsblSites 'wl.mailspike.net=127.0.0.[18;19;20]*-2' zimbraMtaPostscreenDnsblSites 'dnsbl.sorbs.net=127.0.0.10*8' zimbraMtaPostscreenDnsblSites 'dnsbl.sorbs.net=127.0.0.5*6' zimbraMtaPostscreenDnsblSites 'dnsbl.sorbs.net=127.0.0.7*3' zimbraMtaPostscreenDnsblSites 'dnsbl.sorbs.net=127.0.0.8*2' zimbraMtaPostscreenDnsblSites 'dnsbl.sorbs.net=127.0.0.6*2' zimbraMtaPostscreenDnsblSites 'dnsbl.sorbs.net=127.0.0.9*2'<br />
zmprov mcf zimbraMtaPostscreenDnsblTTL 5m<br />
zmprov mcf zimbraMtaPostscreenDnsblThreshold 8<br />
zmprov mcf zimbraMtaPostscreenDnsblTimeout 10s<br />
zmprov mcf zimbraMtaPostscreenDnsblWhitelistThreshold 0<br />
zmprov mcf zimbraMtaPostscreenGreetAction enforce<br />
zmprov mcf zimbraMtaPostscreenGreetTTL 1d<br />
zmprov mcf zimbraMtaPostscreenNonSmtpCommandAction drop<br />
zmprov mcf zimbraMtaPostscreenNonSmtpCommandEnable no<br />
zmprov mcf zimbraMtaPostscreenNonSmtpCommandTTL 30d<br />
zmprov mcf zimbraMtaPostscreenPipeliningAction enforce<br />
zmprov mcf zimbraMtaPostscreenPipeliningEnable no<br />
zmprov mcf zimbraMtaPostscreenPipeliningTTL 30d<br />
zmprov mcf zimbraMtaPostscreenWatchdogTimeout 10s<br />
zmprov mcf zimbraMtaPostscreenWhitelistInterfaces static:all<br />
<br />
==Testing the Zimbra Collaboration Postscreen==<br />
Customers might want to set up the DNSBLs first, for example, but leave it on ignore. Postscreen will log what it would have done, but not do anything. Once you are satisfied it looks correct, then you can set values to enforce or drop in certain cases.<br />
<br />
A real-world log example where you can see the error '''550''' from postscreen:<br />
<pre>Mar 1 02:03:26 edge01 postfix/postscreen[23154]: DNSBL rank 28 for [112.90.37.251]:20438 <br />
Mar 1 02:03:26 edge01 postfix/postscreen[23154]: CONNECT from [10.210.0.161]:58010 to [10.210.0.174]:25 <br />
Mar 1 02:03:26 edge01 postfix/postscreen[23154]: WHITELISTED [10.210.0.161]:58010 <br />
Mar 1 02:03:27 edge01 postfix/postscreen[23154]: NOQUEUE: reject: RCPT from [112.90.37.251]:20438: 550 5.7.1 Service unavailable; client [112.90.37.251] blocked using zen.spamhaus.org; from=<hfxdgdsggfvfg@gmail.com>, to=<support@zimbra.com>, proto=ESMTP, helo=<gmail.com><br />
Mar 1 02:03:27 edge01 postfix/postscreen[23154]: DISCONNECT [112.90.37.251]:20438 </pre><br />
===IP Whitelist and Blacklist using Postscreen===<br />
You can use now Postfix to whitelist or Blacklist IPs in an easier way by following the next steps:<br />
* Create '''/opt/zimbra/conf/postfix/postscreen_wblist'''<br />
* Add entries to it. I've only used it as a blacklist. The IP range should be on [https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#CIDR_notation CIDR] format:<br />
# Rules are evaluated in the order as specified.<br />
# Blacklist 60.70.80.* except 60.70.80.91.<br />
60.70.80.91/32 permit<br />
60.70.80.0/24 reject<br />
70.70.70.0/24 reject<br />
* Set postscreen to use it:<br />
zmprov mcf zimbraMtaPostscreenAccessList "permit_mynetworks, cidr:/opt/zimbra/conf/postscreen_wblist"<br />
zmprov mcf zimbraMtaPostscreenBlacklistAction enforce<br />
<br />
* Wait for zmconfigd to pick up the change (60 seconds top)<br />
* After the 60 seconds, or a manual restart of the MTA services, you will see something like this on the Log:<br />
Jun 29 05:16:22 edge04e postfix/postscreen[7546]: BLACKLISTED [70.70.70.100]:55699<br />
<br />
==Quick note on for MTA on Cloud Environments==<br />
If you are using Amazon’s Elastic Load Balancer for handling SMTP traffic include simple load-based autoscaling, load distribution that’s aware of distribution across availability zones, you will need to configure the <br />
zmprov mcf zimbraMtaPostscreenUpstreamProxyProtocol haproxy<br />
<br />
And then, verify the change it's in progress:<br />
<pre>tail -f /var/log/zimbra.log<br />
Jun 24 17:24:29 zre-ldap004 zmconfigd[17944]: Fetching All configs<br />
Jun 24 17:24:29 zre-ldap004 zmconfigd[17944]: All configs fetched in 0.08 seconds<br />
Jun 24 17:24:33 zre-ldap004 zmconfigd[17944]: Watchdog: service antivirus status is OK.<br />
Jun 24 17:24:33 zre-ldap004 zmconfigd[17944]: Var zimbraMtaPostscreenUpstreamProxyProtocol changed from 'None' -> 'haproxy'<br />
Jun 24 17:24:33 zre-ldap004 zmconfigd[17944]: Rewrote: /opt/zimbra/common/conf/tag_as_originating.re with mode 440 (0.01 sec)<br />
Jun 24 17:24:33 zre-ldap004 zmconfigd[17944]: Rewrote: /opt/zimbra/conf/postfix_header_checks with mode 440 (0.00 sec)<br />
Jun 24 17:24:33 zre-ldap004 zmconfigd[17944]: Rewrote: /opt/zimbra/common/conf/tag_as_foreign.re with mode 440 (0.01 sec)<br />
Jun 24 17:24:33 zre-ldap004 zmconfigd[17944]: Rewrote: /opt/zimbra/common/conf/master.cf with mode 440 (0.01 sec)<br />
Jun 24 17:24:33 zre-ldap004 zmconfigd[17944]: Rewrote: /opt/zimbra/conf/mta_milter_options with mode 440 (0.00 sec)<br />
Jun 24 17:24:36 zre-ldap004 zmconfigd[17944]: All rewrite threads completed in 2.93 sec<br />
Jun 24 17:24:36 zre-ldap004 zmconfigd[17944]: controlProcess mta restart (-1)<br />
Jun 24 17:24:36 zre-ldap004 zmconfigd[17944]: CONTROL mta: bin/zmmtactl reload norewrite<br />
Jun 24 17:24:36 zre-ldap004 zmconfigd[17944]: mta reload initiated from zmconfigd<br />
Jun 24 17:24:36 zre-ldap004 saslauthd[20153]: server_exit : master exited: 20153<br />
Jun 24 17:24:37 zre-ldap004 saslauthd[2925]: detach_tty : master pid is: 2925<br />
Jun 24 17:24:37 zre-ldap004 saslauthd[2925]: ipc_init : listening on socket: /opt/zimbra/data/sasl2/state/mux<br />
Jun 24 17:24:38 zre-ldap004 /postfix-script[2959]: refreshing the Postfix mail system<br />
Jun 24 17:24:38 zre-ldap004 postfix/master[20304]: reload -- version 3.1.1, configuration /opt/zimbra/common/conf<br />
Jun 24 17:24:38 zre-ldap004 zmconfigd[17944]: All restarts completed in 1.82 sec</pre><br />
<br />
And verify by running this command:<br />
postconf postscreen_upstream_proxy_protocol<br />
postscreen_upstream_proxy_protocol = haproxy<br />
<br />
[https://www.agari.com/scaling-postfix-on-aws-with-elastic-load-balancing/ '''More information here''']<br />
<br />
==Additonal Content==<br />
* See the [http://www.postfix.org/postscreen.8.html '''Official Postfix Postscreen page''']<br />
* Rob0's Postscreen Configuration [http://rob0.nodns4.us/postscreen.html A non-official but real-world example ]<br />
<br />
==Identified Support Issues==<br />
* No Support issues reported yet.<br />
<br />
{{Article Footer|Zimbra Collaboration Suite 8.7|01/03/2016}}<br />
{{NeedSME|SME1|SME2|Copyeditor}}<br />
[[Category:ZCS 8.7]]<br />
[[Category: Postscreen]]</div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=Zimbra_Chat/How_to_configure_an_XMPP_Client_with_Zimbra_Chat&diff=65031Zimbra Chat/How to configure an XMPP Client with Zimbra Chat2018-01-18T17:39:15Z<p>Jorge de la Cruz: </p>
<hr />
<div><div class="col-md-12"><br></div><br />
<ol class="breadcrumb"><br />
<li>[[Main Page|Zimbra Wiki]]</li><br />
<li>[[Zimbra_Chat]]</li><br />
<li class="active">How to configure an XMPP client with Zimbra Chat</li><br />
</ol><br />
__FORCETOC__<br />
<div class="col-md-9 ibox-content"><br />
=How to configure an XMPP client with Zimbra Chat=<br />
{{KB|{{ZC}}|{{ZCS 8.8}}|{{ZCS 8.7}}||}}<br />
{{WIP}}<br />
<br />
Zimbra Chat integrates an IM server and client into Zimbra, the world’s most popular Open Source Collaboration platform. Now your business can harness chat from within the communication tool they use the most - email. Your users can communicate within the Zimbra Web Client, and desktop and mobile users can connect via XMPP. Zimbra Chat works out-of-the-box! Enable the Zimbra Chat Zimlet, and your users are ready to start chatting.<br />
<br />
==How it works==<br />
Zimbra Chat includes a server extension which creates a XMPP Server inside Zimbra Collaboration, allowing the users to communicate between them using this XMPP server. As Zimbra Chat is a pure open and standard XMPP Server, users can benefit of connect to Zimbra Chat using their favorite XMPP Desktop or Mobile applications.<br />
<br />
On this illustration you can see how Zimbra users, internal Desktop, and external devices altogether connect trough Zimbra Chat to deliver a secure and private 1/1 text chat conversations:<br />
<br />
[[File:Zimbra-chat-xmpp.png|600px]]<br />
<br />
<br />
==Prerequisites==<br />
Before performing a configuration these prerequisites must be fulfilled:<br />
* A working '''Zimbra Collaboration 8.7.6 or higher version Environment'''<br />
* Knowledge and understanding of your network infrastructure setup, especially in regard to your Firewall and DNS settings<br />
* Access to DNS management to create the required DNS settings<br />
* Access to Firewall management to enable required communication between the user and the Zimbra server/s<br />
* '''Optional''' - A commercial certificate matching the certificate requirements described below<br />
<br />
==Mac OS X==<br />
===Adium===<br />
Adium is one of the best XMPP client for Mac OS X, it's free and open source, and you can [https://adium.im/ '''download it from here'''].<br />
<br />
Open Adium and go to the Accounts view, or if new, go to File > Add Account > XMPP<br />
<br />
[[File:Zimbra-chat-xmpp-001.png|600px]]<br />
<br />
On Jabber ID, introduce your full email address and your password and click in the Options tab<br />
<br />
[[File:Zimbra-chat-xmpp-002.png|600px]]<br />
<br />
On '''Connection Server''' introduce the FQDN of your Zimbra Server, keep the default port, '''5222''', if your Email Administrator haven't told you the opposite, and check '''Require SSL/TLS''', and you might want to check '''Do strict certificate checks''' if you are using a Commercial SSL<br />
<br />
[[File:Zimbra-chat-xmpp-003.png|600px]]<br />
<br />
You can go back and connect your account, after a few seconds you will see that now it's online:<br />
<br />
[[File:Zimbra-chat-xmpp-004.png|600px]]<br />
<br />
You can start your 1/1 conversations, configure your presence, etc:<br />
<br />
[[File:Zimbra-chat-xmpp-005.png|600px]]<br />
<br />
==Windows==<br />
Steps on how to configure Windows coming soon<br />
==Linux==<br />
Steps on how to configure Linux coming soon<br />
==iOS==<br />
Steps on how to configure iOS coming soon<br />
==Android==<br />
Steps on how to configure Android coming soon<br />
<br />
==Identified Support Issues==<br />
* No reported issues at the moment<br />
</div><br />
<div class="col-md-3"><br /></div><br />
<div class="col-md-3"><br />
<div class="panel panel-zimbrared-light-border"> <br />
<div class="panel-heading"> <br />
<h3 class="panel-title"><i class="fa fa-gear pull-left"></i> Zimbra Chat</h3> <br />
</div><br />
<div class="panel-body"><br />
{{ZCHAT}}<br />
</div><br />
</div><br />
</div><br />
<div class="col-md-3"><br />
<div class="panel panel-primary-light-border"> <br />
<div class="panel-heading"> <br />
<h3 class="panel-title"><i class="fa fa-info-circle pull-left"></i> Zimbra Chat Resources</h3> <br />
</div><br />
<div class="panel-body"><br />
{{ZCHATL}}<br />
</div><br />
</div><br />
</div><br />
<div class="clearfix"></div><br />
{{Article Footer|Zimbra Collaboration Suite 8.7.6+|04/05/2017}}<br />
{{NeedSME|Jorge|SME2|Copyeditor}}<br />
[[Category:Zimbra_Chat]]<br />
[[Category:ZCS 8.7]]</div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=Zimbra_Chat/How_to_configure_an_XMPP_Client_with_Zimbra_Chat&diff=65030Zimbra Chat/How to configure an XMPP Client with Zimbra Chat2018-01-18T17:39:05Z<p>Jorge de la Cruz: </p>
<hr />
<div><div class="col-md-12"><br></div><br />
<ol class="breadcrumb"><br />
<li>[[Main Page|Zimbra Wiki]]</li><br />
<li>[[Zimbra_Chat]]</li><br />
<li class="active">How to configure an XMPP client with Zimbra Chat</li><br />
</ol><br />
__FORCETOC__<br />
<div class="col-md-9 ibox-content"><br />
=How to configure an XMPP client with Zimbra Chat=<br />
{{KB|{{ZC}}|{{ZCS 8.7}}|{{ZCS 8.7}}||}}<br />
{{WIP}}<br />
<br />
Zimbra Chat integrates an IM server and client into Zimbra, the world’s most popular Open Source Collaboration platform. Now your business can harness chat from within the communication tool they use the most - email. Your users can communicate within the Zimbra Web Client, and desktop and mobile users can connect via XMPP. Zimbra Chat works out-of-the-box! Enable the Zimbra Chat Zimlet, and your users are ready to start chatting.<br />
<br />
==How it works==<br />
Zimbra Chat includes a server extension which creates a XMPP Server inside Zimbra Collaboration, allowing the users to communicate between them using this XMPP server. As Zimbra Chat is a pure open and standard XMPP Server, users can benefit of connect to Zimbra Chat using their favorite XMPP Desktop or Mobile applications.<br />
<br />
On this illustration you can see how Zimbra users, internal Desktop, and external devices altogether connect trough Zimbra Chat to deliver a secure and private 1/1 text chat conversations:<br />
<br />
[[File:Zimbra-chat-xmpp.png|600px]]<br />
<br />
<br />
==Prerequisites==<br />
Before performing a configuration these prerequisites must be fulfilled:<br />
* A working '''Zimbra Collaboration 8.7.6 or higher version Environment'''<br />
* Knowledge and understanding of your network infrastructure setup, especially in regard to your Firewall and DNS settings<br />
* Access to DNS management to create the required DNS settings<br />
* Access to Firewall management to enable required communication between the user and the Zimbra server/s<br />
* '''Optional''' - A commercial certificate matching the certificate requirements described below<br />
<br />
==Mac OS X==<br />
===Adium===<br />
Adium is one of the best XMPP client for Mac OS X, it's free and open source, and you can [https://adium.im/ '''download it from here'''].<br />
<br />
Open Adium and go to the Accounts view, or if new, go to File > Add Account > XMPP<br />
<br />
[[File:Zimbra-chat-xmpp-001.png|600px]]<br />
<br />
On Jabber ID, introduce your full email address and your password and click in the Options tab<br />
<br />
[[File:Zimbra-chat-xmpp-002.png|600px]]<br />
<br />
On '''Connection Server''' introduce the FQDN of your Zimbra Server, keep the default port, '''5222''', if your Email Administrator haven't told you the opposite, and check '''Require SSL/TLS''', and you might want to check '''Do strict certificate checks''' if you are using a Commercial SSL<br />
<br />
[[File:Zimbra-chat-xmpp-003.png|600px]]<br />
<br />
You can go back and connect your account, after a few seconds you will see that now it's online:<br />
<br />
[[File:Zimbra-chat-xmpp-004.png|600px]]<br />
<br />
You can start your 1/1 conversations, configure your presence, etc:<br />
<br />
[[File:Zimbra-chat-xmpp-005.png|600px]]<br />
<br />
==Windows==<br />
Steps on how to configure Windows coming soon<br />
==Linux==<br />
Steps on how to configure Linux coming soon<br />
==iOS==<br />
Steps on how to configure iOS coming soon<br />
==Android==<br />
Steps on how to configure Android coming soon<br />
<br />
==Identified Support Issues==<br />
* No reported issues at the moment<br />
</div><br />
<div class="col-md-3"><br /></div><br />
<div class="col-md-3"><br />
<div class="panel panel-zimbrared-light-border"> <br />
<div class="panel-heading"> <br />
<h3 class="panel-title"><i class="fa fa-gear pull-left"></i> Zimbra Chat</h3> <br />
</div><br />
<div class="panel-body"><br />
{{ZCHAT}}<br />
</div><br />
</div><br />
</div><br />
<div class="col-md-3"><br />
<div class="panel panel-primary-light-border"> <br />
<div class="panel-heading"> <br />
<h3 class="panel-title"><i class="fa fa-info-circle pull-left"></i> Zimbra Chat Resources</h3> <br />
</div><br />
<div class="panel-body"><br />
{{ZCHATL}}<br />
</div><br />
</div><br />
</div><br />
<div class="clearfix"></div><br />
{{Article Footer|Zimbra Collaboration Suite 8.7.6+|04/05/2017}}<br />
{{NeedSME|Jorge|SME2|Copyeditor}}<br />
[[Category:Zimbra_Chat]]<br />
[[Category:ZCS 8.7]]</div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=Zimbra_Admin_and_Web_Client_not_load,_it_is_blank&diff=65029Zimbra Admin and Web Client not load, it is blank2018-01-18T17:38:36Z<p>Jorge de la Cruz: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Zimbra Admin and Web Client not load, it is blank=<br />
{{KB|{{ZC}}|{{ZCS 8.8}}|{{ZCS 8.7}}|{{ZCS 8.6}}|}}<br />
==Purpose==<br />
After upgrade to ZCS 8.6, or ZCS 8.7.0 or 8.7.1, the Admin UI and the Web Client only loads an empty page, it was working before without issue before the upgrade.<br />
<br />
You can also check that you are facing the issue described here, if you also run the next commands and see this results<br />
zmmailbox -z -m account@example.com gaf<br />
ERROR: service.PROXY_ERROR (error while proxying request to target server: HTTP/1.1 404 Not Found)<br />
<br />
zmprov fc all<br />
ERROR: service.INVALID_REQUEST (invalid request: can only be used with SOAP)<br />
<br />
Another way to check and debug this error, is by trying to load the Web Client from the Zimbra Server<br />
<pre>curl -v http://localhost:80<br />
* Rebuilt URL to: http://localhost:80/<br />
* Trying ::1...<br />
* connect to ::1 port 80 failed: Connection refused<br />
* Trying 127.0.0.1...<br />
* Connected to localhost (127.0.0.1) port 80 (#0)<br />
> GET / HTTP/1.1<br />
> Host: localhost<br />
> User-Agent: curl/7.49.1<br />
> Accept: */*<br />
><br />
< HTTP/1.1 404 Not Found<br />
< Date: Sun, 24 Jul 2016 20:09:19 GMT<br />
< Content-Type: text/html<br />
< Content-Length: 440<br />
<<br />
<HTML><br />
<HEAD><br />
<TITLE>Error 404 - Not Found</TITLE><br />
<BODY><br />
<H2>Error 404 - Not Found.</H2><br />
No context on this server matched or handled this request.<BR>Contexts known to this server are: <ul><li><a href="/zimlet">/zimlet&nbsp;--->&nbsp;o.e.j.w.WebAppContext@6973b51b{/zimlet,[file:///opt/zimbra/jetty-distribution-9.3.5.v20151012/webapps/zimlet/, file:///opt/zimbra/zimlets-deployed/],AVAILABLE}{/zimlet}</a></li><br />
</ul><hr><br />
</BODY><br />
</HTML><br />
* Connection #0 to host localhost left intact</pre><br />
==Resolution==<br />
Run the next simple commands to fix the issue:<br />
zmprov ms `zmhostname` +zimbraServiceEnabled service<br />
zmprov ms `zmhostname` +zimbraServiceEnabled zimbra<br />
zmprov ms `zmhostname` +zimbraServiceEnabled zimbraAdmin<br />
zmprov ms `zmhostname` +zimbraServiceEnabled zimlet<br />
zmcontrol restart<br />
<br />
==Additional Content==<br />
* Thank you to DualBoot to debug the issue and came with a solution on the Forums - [https://forums.zimbra.org/viewtopic.php?f=15&t=59852&start=20#p269440 https://forums.zimbra.org/viewtopic.php?f=15&t=59852&start=20#p269440]<br />
<br />
{{Article Footer|Zimbra Collaboration 8.7.1, 8.7, 8.6|11/06/2016}}<br />
{{NeedSME|Jorge|SME2|Copyeditor}}</div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=Unable_to_Sync_Folders_with_the_server_on_MAC_OUTLOK_through_IMAP&diff=65028Unable to Sync Folders with the server on MAC OUTLOK through IMAP2018-01-18T17:38:20Z<p>Jorge de la Cruz: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Unable to Sync Folders with the server on MAC OUTLOK through IMAP=<br />
{{KB|{{ZC}}|{{ZCS 8.8}}|{{ZCS 8.7}}|{{ZCS 8.6}}|}}<br />
<br />
== Problem: ==<br />
Unable to Sync Folders with the server on Mac Outlook thru IMAP.<br />
<br />
== Solution:==<br />
Each folder has to be individually subscribed, as shown below:<br />
<br />
To do so,<br />
* '''1).''' On the Tools menu, click IMAP Folders.<br />
* '''2).''' In the left pane of the Folder Browser, under IMAP, click the account.All folders that exist on the mail server are displayed. <br />
** Currently subscribed folders are shown in bold text.<br />
* '''3).''' Click on subscribe:<br />
<br />
[[File:1000px-ImapSubscribe.png]]<br />
<br />
<br />
<br />
<br />
Submitted by: Shashank Tewari<br />
{{Article Footer|ZCS 8.8, 87, 8.6|8/8/2017}}<br />
{{NeedSME|Shashank|SME2|Copyeditor}}</div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=Unable_to_create_Zimbra_profile_with_Outlook_2016&diff=65027Unable to create Zimbra profile with Outlook 20162018-01-18T17:38:05Z<p>Jorge de la Cruz: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Unable to create Zimbra profile with Outlook 2016=<br />
{{KB|{{ZC}}|{{ZCS 8.8}}|{{ZCS 8.7}}||}}<br />
<br />
==Issue==<br />
Starting with MS Outlook Version 16.0.8431.2046 (approx.) it is no longer possible to select "Other Accounts" in Outlook account setup dialog. Thus it makes it impossible to create Zimbra Profiles although the Zimbra OLK was installed correctly/successfully. <br />
<br />
Bug https://bugzilla.zimbra.com/show_bug.cgi?id=108476 is filed for the same<br />
<br />
==Resolution== <br />
<br />
<br />
To workaround the issue you need to disable simplified Account Creation in Outlook 2016.<br />
<br />
===Method 1:===<br />
Steps to disable simplified Account Creation in Outlook 2016:<br />
* Exit Outlook.<br />
* Start Registry Editor. To do this, use one of the following procedures, as appropriate for your version of Windows.<br />
** Windows 10, Windows 8.1 and Windows 8: Press Windows Key + R to open a Run dialog box. Type regedit.exe, and then click OK.<br />
** Windows 7: Click Start, type regedit.exe in the search box, and then press Enter.<br />
* In Registry Editor, locate and then click the following subkey in the registry: <br />
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Setup. <br />
* After you select the key that is specified in step 3, point to New on the Edit menu, and then DWORD (32-bit) Value.<br />
* Type DisableOffice365SimplifiedAccountCreation, and then press Enter.<br />
* Right-click DisableOffice365SimplifiedAccountCreation, and then click Modify.<br />
* In the Value data box, type 1, and then click OK.<br />
* On the File menu, click Exit to exit Registry Editor.<br />
<br />
<br />
===Method 2:=== <br />
<br />
* Exit Outlook <br />
* Click on Windows button <br />
* Search "cmd" and right click and select "Run as Administrator" <br />
* Copy below text on command terminal and press enter to create/add required registry key. <br />
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Setup /v DisableOffice365SimplifiedAccountCreation /t REG_DWORD /d 1 /f<br />
* Exit from command terminal. <br />
* Now launch Outlook and you will get old way to select "Other Accounts" in account setup dialog. <br />
<br />
<br />
{{Article Footer|Zimbra Collaboration 8.7, 8.6, | 03/10/2017}}<br />
{{NeedSME|Raunaq|Jorge|COPY EDITOR}}</div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=TOTPApps&diff=65026TOTPApps2018-01-18T17:37:15Z<p>Jorge de la Cruz: </p>
<hr />
<div>{{BC|Community Sandbox}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Zimbra Collaboration Supported TOTPApps for 2FA=<br />
{{KB|{{Unsupported}}|{{ZCS 8.8}}|{{ZCS 8.7}}|||}}<br />
{{WIP}}<br />
<br />
Starting with Zimbra Collaboration 8.7 and above, Zimbra introduces [[Zimbra_Two-factor_authentication|Two Factor Authentication]], this Wiki has been created with the intention of orientate Customers about what TOTP applications should work with Zimbra collaboration Two factor authentication feature.<br />
<br />
[[Zimbra_Two-factor_authentication|Zimbra Two Factor Authentication]] implements the algorithm specified in [http://www.rfc-base.org/rfc-6238.html RFC 6238], and any app implementing this algorithm should work.<br />
<br />
==Tested Applications==<br />
The Zimbra QA Engineers has been tested the next applications for your convenience:<br />
{| class="wikitable"<br />
! <i class="fa fa-apple"></i> iOS<br />
! <i class="fa fa-android"></i> Android<br />
! <i class="fa fa-windows"></i> Desktop, Computer<br />
|-<br />
| [https://itunes.apple.com/app/google-authenticator/id388497605?mt=8 Google Authenticator]<br />
| [https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2Google Authenticator]<br />
| [https://www.microsoft.com/en-gb/store/apps/authenticator/9wzdncrfj3rj Authenticator]<br />
|-<br />
| [https://itunes.apple.com/app/authy/id494168017?mt=8 Authy]<br />
| [https://play.google.com/store/apps/details?id=com.authy.authy Authy]<br />
| [https://www.microsoft.com/en-gb/store/apps/virtual-tokenfactor/9nblggh0jbwv Virtual TokenFactor]<br />
|-<br />
|[https://itunes.apple.com/en/app/freeotp-authenticator/id872559395?mt=8 Red Hat FreeOTP]<br />
|[https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp Red Hat FreeOTP]<br />
|[https://www.yubico.com/support/knowledge-base/categories/downloads/ Yubico]<br />
|}<br />
<br />
==Additonal Content==<br />
* <br />
==Identified Support Issues==<br />
* No Support issues reported yet.<br />
<br />
{{Article Footer|Zimbra Collaboration Suite 8.7|03/03/2016}}<br />
{{NeedSME|Jorge|SME2|Copyeditor}}<br />
[[Category:ZCS 8.7]]</div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=Tab_key_doesn%27t_input_the_tab_character_when_in_compose,_instead_it_moves_focus_to_another_button&diff=65025Tab key doesn't input the tab character when in compose, instead it moves focus to another button2018-01-18T17:36:30Z<p>Jorge de la Cruz: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Tab key doesn't input the tab character when in compose, instead it moves focus to another button=<br />
{{KB|{{ZC}}|{{ZCS 8.8}}|{{ZCS 8.7}}||}}<br />
==Purpose==<br />
Tab key doesn't input the tab character when in compose, instead it moves focus to another button.<br />
<br />
==Resolution==<br />
This was changed due to accessibility reasons, so that blind users can move out of the compose window. But since a lot of users would like to use the tab character as well, a preference option for this was introduced in 8.7.<br />
<br />
To set it, go to preferences and check this option:<br />
'''"Pressing the Tab key enters a tab in the editor (rather than moving focus)"'''<br />
<br />
Or enable it from the command line:<br />
zmprov ma user@example.com zimbraPrefTabInEditorEnabled TRUE<br />
<br />
==Additional Content==<br />
* No related content.<br />
<br />
<br />
{{Article Footer|Zimbra Collaboration 8.7|05/28/2015}}<br />
{{NeedSME|SME1|SME2|Copyeditor}}</div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=Tab_key_doesn%27t_input_the_tab_character_when_in_compose,_instead_it_moves_focus_to_another_button&diff=65024Tab key doesn't input the tab character when in compose, instead it moves focus to another button2018-01-18T17:36:17Z<p>Jorge de la Cruz: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Tab key doesn't input the tab character when in compose, instead it moves focus to another button=<br />
{{KB|{{ZC}}|{{ZCS 8.8}}|{{ZCS 8.7}}|{|}}<br />
==Purpose==<br />
Tab key doesn't input the tab character when in compose, instead it moves focus to another button.<br />
<br />
==Resolution==<br />
This was changed due to accessibility reasons, so that blind users can move out of the compose window. But since a lot of users would like to use the tab character as well, a preference option for this was introduced in 8.7.<br />
<br />
To set it, go to preferences and check this option:<br />
'''"Pressing the Tab key enters a tab in the editor (rather than moving focus)"'''<br />
<br />
Or enable it from the command line:<br />
zmprov ma user@example.com zimbraPrefTabInEditorEnabled TRUE<br />
<br />
==Additional Content==<br />
* No related content.<br />
<br />
<br />
{{Article Footer|Zimbra Collaboration 8.7|05/28/2015}}<br />
{{NeedSME|SME1|SME2|Copyeditor}}</div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=Steps_to_recreate_spam_ham_n_quarantine_accounts&diff=65023Steps to recreate spam ham n quarantine accounts2018-01-18T17:35:40Z<p>Jorge de la Cruz: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Steps to recreate spam, ham and quarantine accounts=<br />
{{KB|{{ZC}}|{{ZCS 8.8}}|{{ZCS 8.7}}|{{ZCS 8.6}}|}}<br />
<br />
==Problem==<br />
Accidentally deleted spam,ham and quarantine accounts from the server and backup is not available.<br />
<br />
==Solution==<br />
Steps to re-create spam,ham and quarantine accounts : <br />
<br />
'''1).''' First we have to find out previous accounts' name from global config.<br />
su - zimbra <br />
zmprov -l gacf zimbraAmavisQuarantineAccount zimbraSpamIsSpamAccount zimbraSpamIsNotSpamAccount<br />
<br />
'''2).''' Above command will give us previously configured accounts' name which we can use to re-create accounts. <br />
<br />
Spam Account:<br />
zmprov ca <SPAM-ACCOUNT@YOURDOMAIN.COM> <PASSWORD> amavisBypassSpamChecks TRUE zimbraAttachmentsIndexingEnabled FALSE zimbraIsSystemAccount TRUE zimbraIsSystemResource TRUE zimbraHideInGal TRUE description 'System account for spam training.'<br />
<br />
Ham Account:<br />
zmprov ca <HAM-ACCOUNT@YOURDOMAIN.COM> <PASSWORD> amavisBypassSpamChecks TRUE zimbraAttachmentsIndexingEnabled FALSE zimbraIsSystemAccount TRUE zimbraIsSystemResource TRUE zimbraHideInGal TRUE description 'System account for Non-Spam (Ham) training.'<br />
<br />
Quarantine Account:<br />
zmprov ca <VIRUS-QUARANTINE-ACCOUNT@YOURDOMAIN.COM> <PASSWORD> amavisBypassSpamChecks TRUE zimbraAttachmentsIndexingEnabled FALSE zimbraIsSystemAccount TRUE zimbraIsSystemResource TRUE zimbraHideInGal TRUE zimbraMailMessageLifetime 30d description 'System account for Anti-virus quarantine.'<br />
<br />
If you don't want to re-create accounts with old name then we can create new accounts in that format which is used by the installation script, like spam.<random number> and ham.<random number>.<br />
<br />
Following command will create spam,ham and quarantine account with random password and will add random string in account name.<br />
zmprov ca spam.`strings /dev/urandom | tr -dc _A-Z-a-z-0-9 | head -c10`@YOURDOMAIN.COM "`strings /dev/urandom | tr -dc _A-Z-a-z-0-9 | head -c10`" amavisBypassSpamChecks TRUE zimbraAttachmentsIndexingEnabled FALSE zimbraIsSystemAccount TRUE zimbraIsSystemResource TRUE zimbraHideInGal TRUE description 'System account for spam training.'<br />
<br />
zmprov ca ham.`strings /dev/urandom | tr -dc _A-Z-a-z-0-9 | head -c10`@YOURDOMAIN.COM "`strings /dev/urandom | tr -dc _A-Z-a-z-0-9 | head -c10`" amavisBypassSpamChecks TRUE zimbraAttachmentsIndexingEnabled FALSE zimbraIsSystemAccount TRUE zimbraIsSystemResource TRUE zimbraHideInGal TRUE description 'System account for Non-Spam (Ham) training.'<br />
<br />
zmprov ca virus-quarantine.`strings /dev/urandom | tr -dc _A-Z-a-z-0-9 | head -c10`@YOURDOMAIN.COM "`strings /dev/urandom | tr -dc _A-Z-a-z-0-9 | head -c10`" amavisBypassSpamChecks TRUE zimbraAttachmentsIndexingEnabled FALSE zimbraIsSystemAccount: TRUE zimbraIsSystemResource TRUE zimbraHideInGal TRUE zimbraMailMessageLifetime 30d description 'System account for Anti-virus quarantine.'<br />
<br />
'''3).''' Now we have to set newly created accounts' name in global config, before this we have to check exact name of newly created accounts.<br />
zmprov -l gaa | egrep -i 'spam|ham|virus-quarantine'<br />
<br />
zmprov mcf zimbraSpamIsSpamAccount <SPAM-ACCOUNT@YOURDOMAIN.COM> zimbraSpamIsNotSpamAccount <HAM-ACCOUNT@YOURDOMAIN.COM> zimbraAmavisQuarantineAccount <VIRUS-QUARANTINE-ACCOUNT@YOURDOMAIN.COM><br />
<br />
zmprov fc config<br />
OR<br />
zmcontrol restart<br />
'''Note:''' Replace '''YOURDOMAIN.COM''' with the actual primary domain name according to your environment.<br />
<br />
<br />
<br />
<br />
Submitted by: Heera Singh Koranga<br />
{{Article Footer|ZCS 8.8, 8.7, 8.6|8/8/2017}}<br />
{{NeedSME|Heera|SME2|Copyeditor}}<br />
[[Category:Troubleshooting MTA]]</div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=Steps_to_configure_per_domain_disclaimer_on_ZCS_8.5_and_higher_versions&diff=65022Steps to configure per domain disclaimer on ZCS 8.5 and higher versions2018-01-18T17:35:24Z<p>Jorge de la Cruz: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Steps to enable domain disclaimer in ZCS 8.5 and higher versions=<br />
<hr><br />
{{KB|{{ZC}}|{{ZCS 8.8}}|{{ZCS 8.7}}|{{ZCS 8.6}}|{{ZCS 8.5}}|}}<br />
<br />
== Steps to enable discliamer for a domain ==<br />
'''1).''' Enabled disclaimer feature on global configuration:-<br />
zmprov mcf zimbraDomainMandatoryMailSignatureEnabled TRUE<br />
<br />
'''2).''' Add plain text and HTML disclaimer to the domain:- <br />
<pre><br />
zmprov md DOMAIN.COM zimbraAmavisDomainDisclaimerText "text disclamer" <br />
zmprov md DOMAIN.COM zimbraAmavisDomainDisclaimerHTML "<html><body><h1>HTML Disclaimer</h1><br> <h1>User 1</h1><br>phone number here</body></html>" <br />
</pre><br />
<br />
'''3).''' After adding disclaimer to the LDAP server, enable/generate domain disclaimer files for altermime on MTA server:- <br />
./libexec/zmaltermimeconfig -e DOMAIN.COM<br />
<br />
If multiple MTAs configured in ZCS environment then run below command on remaining MTA servers:-<br />
./libexec/zmaltermimeconfig<br />
<br />
<br />
==Steps to disable disclaimer from a domain==<br />
'''1).''' Run on first MTA server as zimbra user:-<br />
./libexec/zmaltermimeconfig -d DOMAIN.COM<br />
<br />
Run on other MTA servers:-<br />
./libexec/zmaltermimeconfig<br />
<br />
<br><br />
'''2).''' Completely disable disclaimer feature:-<br />
zmprov mcf zimbraDomainMandatoryMailSignatureEnabled FALSE <br />
zmprov fc all<br />
<br />
'''Note:'''<br />
Replace '''DOMAIN.COM''' with the actual domain name according to your environment.<br />
<br />
<br />
<br />
Submitted by: Heera Singh Koranga<br />
{{Article Footer|ZCS 8.8, 8.7, 8.6, 8.5|8/8/2017}}<br />
{{NeedSME|Heera|SME2|Copyeditor}}<br />
[[Category:Troubleshooting MTA]]</div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=Smime_error_codes&diff=65021Smime error codes2018-01-18T17:34:55Z<p>Jorge de la Cruz: </p>
<hr />
<div>=SMIME Error Codes=<br />
{{KB|{{ZC}}|{{ZCS 8.8}}|{{ZCS 8.7}}||}}<br />
<br />
<br />
==List of possible error codes during signing==<br />
<br />
smime.LOAD_CERTIFICATE_FAILED : Failed to load users certificate<br />
<br />
smime.MULTIPLE_CERTIFICATES_FOUND : If the certID is not provided in SendSecureMessage request and there are multiple user certificates.<br />
<br />
smime.USER_CERT_EXPIRED : Users certificate is expired<br />
<br />
smime.USER_CERT_NOT_YET_VALID : Users certificate validity period has not yet started<br />
<br />
smime.USER_CERT_REVOKED : Users certificate has been revoked<br />
<br />
smime.USER_CERT_NOT_TRUSTED : Users certificate is not trusted by any existing trust anchors<br />
<br />
smime.USER_CERT_EMAIL_ADDRESS_NOT_MATCHING : The email ID in certificate not matching with users email ID<br />
<br />
smime.CERT_VALIDATION_FAILED : The users certificate validation failed<br />
<br />
smime.MSG_SIGNING_FAILED : Message signing failed due to some other reason<br />
<br />
<br />
==List of possible error codes during signature verification==<br />
<br />
SIGNER_DIGEST_MISMATCH : If the original message was tampered<br />
<br />
VERIFIER_NOT_VALID_AT_SIGNING_TIME : The message was signed with invalid/expired certificate<br />
<br />
CERTIFICATE_EXPIRED : The signers certificate has been expired<br />
<br />
CERTIFICATE_NOT_YET_VALID : The signers certificate validity period has not yet started<br />
<br />
CERTIFICATE_REVOKED : The signers certificate has been revoked<br />
<br />
CERTIFICATE_NOT_TRUSTED : The signers certificate is not trusted by any existing trust anchors<br />
<br />
CERTIFICATE_EMAIL_ADDRESS_NOT_MATCHING : The email ID in certificate not matching with signers email ID<br />
<br />
CERTIFICATE_VALIDATION_FAILED : The signer certificate validation failed<br />
<br />
INVALID_SIGNATURE : The signature is not valid<br />
<br />
SIGNATURE_VALIDATION_FAILED : The signature is valid, but it does not prove the signer identity<br />
<br />
==List of possible error codes during encryption==<br />
<br />
smime.RECIPIENT_SMIME_CERT_NOT_FOUND : If no valid certificate found for one or more recipients<br />
<br />
smime.MSG_ENCRYPTION_FAILED : Message encryption failed due to some other reason<br />
<br />
<br />
==List of possible error codes during decryption==<br />
<br />
LOAD_CERTIFICATE_FAILED : Failed to load users certificate<br />
<br />
LOAD_PRIVATE_KEY_FAILED : Failed to load users private key<br />
<br />
DECRYPTION_FAILED : Message decryption failed for any other reason<br />
<br />
USER_CERT_MISMATCH : message was not encrypted with user's current certificate</div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=OOO:-Enable_Internal_Only_Reply&diff=65020OOO:-Enable Internal Only Reply2018-01-18T17:34:23Z<p>Jorge de la Cruz: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Out of Office - Enable internal only reply / Suppress external sender reply=<br />
{{KB|{{ZC}}|{{ZCS 8.8}}|{{ZCS 8.7}}||}}<br />
<br />
== Purpose ==<br />
<br />
The user can disable OOO reply for external sender.<br />
<br />
OOO reply is not sent to external sender, when the user enables OOO for the account.<br />
<br />
External senders are specified by zimbraInternalSendersDomain and zimbraPrefExternalSendersType.<br />
<br />
This is sometimes justified for privacy and corporate spam blocking reasons. <br />
<br />
See also:-<br />
https://bugzilla.zimbra.com/show_bug.cgi?id=66677<br />
<br />
== Resolution ==<br />
<br />
Using CLI, we can also enable this using :<br />
<br />
<pre><br />
zmprov ma user1@domain.com zimbraPrefOutOfOfficeSuppressExternalReply TRUE<br />
</pre><br />
<br />
<br />
And, with UI more easily :<br />
<br />
<br />
[[Image:Out_of_Office_-_enable_internal_only_reply.png]]<br />
<br />
==Additional Content==<br />
* No related content.<br />
<br />
<br />
{{Article Footer|Zimbra Collaboration 8.7|06/21/2016}}</div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=Multiple_SSL_Certificates,_Server_Name_Indication_(SNI)_for_HTTPS&diff=65019Multiple SSL Certificates, Server Name Indication (SNI) for HTTPS2018-01-18T17:33:56Z<p>Jorge de la Cruz: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Multiple SSL Certificates, Server Name Indication (SNI) for HTTPS=<br />
{{KB|{{ZC}}|{{ZCS 8.8}}|{{ZCS 8.7}}||}}<br />
<div class="alert alert-dark fade in"> <p><strong>Note: This feature will not enable SSL Certificate for IMAP/POP or smtps connections. [https://bugzilla.zimbra.com/show_bug.cgi?id=103362 RFE #103362]</strong> </p></div> <br />
<br />
[https://en.wikipedia.org/wiki/Server_Name_Indication '''Server Name Indication (SNI)'''] is an extension to the TLS computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process. This allows a server to present multiple certificates on the same IP address and TCP port number and hence allows multiple secure (HTTPS) websites (or any other Service over TLS) to be served off the same IP address without requiring all those sites to use the same certificate. It is the conceptual equivalent to HTTP/1.1 name-based virtual hosting, but for HTTPS. The desired hostname is not encrypted, so an eavesdropper can see which site is being requested.<br />
<br />
To make SNI useful, as with any protocol, the vast majority of visitors must use web browsers that implement it. Users whose browsers do not implement SNI are presented with a default certificate and hence are likely to receive certificate warnings. [https://en.wikipedia.org/wiki/Server_Name_Indication Source:Wikipedia]<br />
<br />
==Getting Started==<br />
Zimbra Collaboration supports SSL SNI starting at the 8.7 Release. The support requires and uses features of the Proxy service (which is actually required by Zimbra Collaboration 8.7 anyway)<br />
[[File:Zimbra-ssl-sni-001.png]]<br />
<br />
==Prerequisites==<br />
* Zimbra proxy service must be installed and enabled on the server. In a multi server environment, these steps should be performed on the proxy node<br />
* You should have a signed certificate + matching key pair and the trusted chain certs from your CA (Certificate Authority) (This is a common issue, so please, make sure you check your files before deploying them)<br />
* You can bind Multiple SSL Certificates to just one ipv4 address, which will pair to the respective domain names. For example:<br />
1.1.1.1 => example.com<br />
1.1.1.1=> otherdomain.com<br />
and you could even have another IPv4 address, for Customer reasons with other group of SSL Certificates, even different type of SSL Certificates:<br />
3.3.3.3 => yetanotherdomain.com (A Comodo Wildcard SSL Certificate)<br />
3.3.3.3 => thisisanotherdomain.com (A free Let's Encrypt SSL Certificate)<br />
3.3.3.3 => customer001.net (A RapidSSL Certificate)<br />
etc.<br />
<br />
===Browser support for SNI===<br />
The following browsers do offer support for SNI, however Zimbra hasn't tested all of them, it is the responsibility of the web-browser, to support the application part of SNI :<br />
{|class="wikitable sortable"<br />
! Software !! Type !! Supported !! Notes !! Supported since<br />
|-<br />
| Internet Explorer || Web browser || <i class="fa fa-check-circle"></i> || Since version 7 on Vista (not supported on XP) || 2006<br />
|-<br />
| Mozilla Firefox || Web browser || <i class="fa fa-check-circle"></i> || Since version 2.0 [https://bugzilla.mozilla.org/show_bug.cgi?id=116169#c26 Reference 116169] || 2006<br />
|-<br />
| curl || Command-line tool and library || <i class="fa fa-check-circle"></i> || Since version 7.18.1 || 2008<br />
|-<br />
| Safari || Web browser || <i class="fa fa-check-circle"></i> || Not supported on XP ||<br />
|-<br />
| Google Chrome || Web browser || <i class="fa fa-check-circle"></i> || Since 6.0 || 2010<br />
|-<br />
| BlackBerry OS || Web browser || <i class="fa fa-check-circle"></i> || 7.2 or later ||<br />
|-<br />
| Windows Mobile || Web browser ||<i class="fa fa-check-circle"></i> || Some time after 6.5<ref>{{cite web|url=http://blogs.msdn.com/b/ieinternals/archive/2009/12/07/certificate-name-mismatch-warnings-and-server-name-indication.aspx |title=Understanding Certificate Name Mismatches |publisher=Blogs.msdn.com |date= |accessdate=2011-03-08}}</ref> ||<br />
|-<br />
| Android default browser || Web browser || <i class="fa fa-check-circle"></i> || Honeycomb (3.x) for tablets and Ice Cream Sandwich (4.x) for phones<ref>{{cite web|url=https://code.google.com/p/android/issues/detail?id=12908 |title=Android issue 1290 - Https websites that support Server Name Indication (SNI) don't work |publisher=Code.google.com |date=2010-12-01 |accessdate=2011-12-13}}</ref> || 2011<br />
|-<br />
| wget || Command-line tool || <i class="fa fa-check-circle"></i> || Since version 1.14 || 2012<br />
|-<br />
| Nokia Browser for Symbian || Web browser || <i class="fa fa-times"></i> || ||<br />
|-<br />
| Opera Mobile || Web browser || <i class="fa fa-times"></i> || Not supported on Series60 ||<br />
|-<br />
|}<br />
<br />
==Configuring the IP address per domain==<br />
* 1. Add the new domain, in this case '''example.com'''. Set '''zimbraVirtualHostName''' to '''mail.example.com''' and '''zimbraVirtualIPAddress''' to '''1.2.3.4'''. Make sure the zimbraVirtualHostName is set to the name which will be used to access the domain (URL) and the SSL certificate is signed for the same name.<br />
zmprov md example.com zimbraVirtualHostName mail.example.com zimbraVirtualIPAddress 1.2.3.4<br />
<br />
'''NOTE: If the server is behind a firewall and NAT'ed with an external address, make sure external requests for "mail.example.com" hit the aliased IP address and not the actual local IP address of server.'''<br />
<br />
==Verifying and Preparing the Certificates==<br />
We should have three files received from the CA (might vary depending on the Certificate Authority). The server (domain) certificate, and two chain certs. Also, you should have an existing key file (which was used to generate the csr)<br />
* 1. Save the '''example.com certificate''', '''key''' and '''chain files''' to a directory '''/tmp/example.com.''' You can receive single or multiple chain certs from your CA. Here we have two chain certs from the CA. i.e. example.com.root.crt and example.com.intermediate.crt.<br />
ls /tmp/example.com<br />
example.com.key<br />
example.com.crt<br />
example.com.root.crt<br />
example.com.intermediate.crt<br />
<br />
* 2. Add the chain certs to a single file called example.com_ca.crt<br />
cat example.com.root.crt example.com.intermediate.crt >> example.com_ca.crt<br />
<br />
* 3. Confirm if the key and certificate matches and chain certs completes the trust. As zimbra user:<br />
/opt/zimbra/bin/zmcertmgr verifycrt comm /tmp/example.com/example.com.key /tmp/example.com/example.com.crt /tmp/example.com/example.com_ca.crt<br />
<br />
<br />
** Check the output, it should say something like this. If not, make sure you have the correct key and chain cert files.<br />
** Verifying '/tmp/example.com.crt' against '/tmp/example.com.key'<br />
Certificate '/tmp/example.com.crt' and private key '/tmp/example.com.key' match.<br />
** Verifying '/tmp/example.com.crt' against '/tmp/example.com_ca.crt'<br />
Valid certificate chain: /tmp/example.com.crt: OK<br />
<br />
==Deploying the Certificate or Certificates on the domain==<br />
* 1. Add the domain certificate and chain files to a single file called '''example.com.bundle'''<br />
cat example.com.crt example.com_ca.crt >> example.com.bundle<br />
<br />
* 2. Run the following command as the '''zimbra''' user to save the certificates and key in LDAP:<br />
/opt/zimbra/libexec/zmdomaincertmgr savecrt example.com example.com.bundle example.com.key<br />
** Saving domain config key zimbraSSLCertificate...done.<br />
** Saving domain config key zimbraSSLPrivateKey...done.<br />
** The syntax is:<br />
/opt/zimbra/libexec/zmdomaincertmgr savecrt <domainname> <certificate with chain certs> <keyfile><br />
<br />
* 3. Run the following command as the '''zimbra''' user to deploy the domain certificate. This will save the certificate and key as '''/opt/zimbra/conf/domaincerts/example.com''':<br />
/opt/zimbra/libexec/zmdomaincertmgr deploycrts<br />
** Deploying cert for example.com...done.<br />
<br />
== Proxy Check ==<br />
Run these commands on proxy hosts, or on the server if it's Single Server: <br />
* zimbraReverseProxySNIEnabled should be set to TRUE in server and global config. <br />
zmprov mcf zimbraReverseProxySNIEnabled TRUE<br />
<br />
== Re-write and restart Proxy ==<br />
* Restart the proxy to re-write the changes to proxy config<br />
zmproxyctl restart<br />
<br />
* Once the restart is successfull, try to access the domain using the URL which is set in "zimbraVirtualHostName" over https. And check the certificate loaded in the browser. In this case the URL will be https://example.com<br />
<br />
=Testing=<br />
You can go now to a Web browser and check that for each different '''zimbraVirtualHostName''', you see a different SSL certificate and that its details are correct for that virtualhostname.<br />
<br />
=Troubleshooting=<br />
* If you do not see the correct domain cert by accessing the domain with its zimbraVirtualHostName (example.com). Make sure that the https connection from the Internet/intranet is going to the server's local IP address which is defined in '''zimbraVirtualIPAddress''', and make sure you have activated '''zimbraReverseProxySNIEnabled''' to '''TRUE'''<br />
<br />
* If you are using multiple proxy servers or adding new proxy servers, make sure you copy all the contents of '''/opt/zimbra/conf/domaincerts/''' to all the proxy servers. '''Otherwise the proxy service will fail to start.'''<br />
<br />
=Known Issues=<br />
* [https://bugzilla.zimbra.com/show_bug.cgi?id=102913 Bug 102913 - '''Multiple SSL domains on single server (SNI) for HTTPS connections''']<br />
* [https://bugzilla.zimbra.com/show_bug.cgi?id=103362 Bug 103362 - '''Multiple SSL domains on single server (SNI) for IMAPS/POP3S connections''']<br />
<br />
{{Article Footer|Zimbra Collaboration Suite 8.7|03/05/2016}}<br />
{{NeedSME|Jorge|SME2|Copyeditor}}<br />
<br />
[[Category:Certified]]<br />
[[Category:Certificates]]<br />
[[Category:ZCS 8.7]]</div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=Manual_activation&diff=65018Manual activation2018-01-18T17:33:21Z<p>Jorge de la Cruz: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
= Manual Activation =<br />
{{KB|{{ZC}}|{{ZCS 8.8}}|{{ZCS 8.7}}|{{ZCS 8.6}}|}}<br />
{{WIP}}<br />
== Purpose ==<br />
Use the license file you received from Zimbra to generate a new activation file.<br />
<br />
== Process ==<br />
1. Upload the license file to the Zimbra server using a utility like WinSCP and enter:<br />
<br />
su - zimbra<br />
zmlicense -i /path/to/license/file<br />
<br />
2. Get the information required (fingerprint, activation ID, license ID and version) for the manual activation from the Admin Console at:<br />
*; Global Settings ⇒ License ⇒ Manually Activate License<br />
<br />
3. Go to '''https://support.zimbra.com''' and log in, go to the license page. Enter the required information and download the .xml file.<br />
<br />
4. Upload the .xml file to the Zimbra server and enter:<br />
zmlicense -A /path/to/activation/file<br />
<br />
5. Check for successful activation with:<br />
zmlicense -t<br />
<br />
== Work Around If This Can't Be Done During An Upgrade/Install ==<br />
<br />
Please use the <code>--skip-activation-check</code> option with <code>./install.sh</code><br />
<br />
{{Article Footer|Zimbra Collaboration 8.6, 8.5, 8.0|04/16/2014}}<br />
{{NeedSME|SME1|SME2|Copyeditor}}</div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=Installing_a_LetsEncrypt_SSL_Certificate&diff=65017Installing a LetsEncrypt SSL Certificate2018-01-18T17:32:57Z<p>Jorge de la Cruz: </p>
<hr />
<div>{{BC|Community Sandbox}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Installing a Let's Encrypt SSL Certificate=<br />
{{KB|{{Unsupported}}|{{ZCS 8.8}}|{{ZCS 8.7}}|}}<br />
<br />
[[File:Letsencrypt-en.png|1024px]]<br />
<br />
==Purpose==<br />
Step by Step Wiki/KB article to install a Let's Encrypt Commercial Certificate. <br />
'''Disclaimer'''<br />
The Let’s Encrypt Client is '''BETA SOFTWARE'''. It contains plenty of bugs and rough edges, and it should be tested thoroughly in staging environments before use on production systems.<br />
For more information regarding the status of the project, please see https://letsencrypt.org. Be sure to check out the [https://community.letsencrypt.org/t/frequently-asked-questions-faq/26#topic-title Frequently Asked Questions (FAQ)].<br />
<br />
==Resolution==<br />
Let’s Encrypt is a new Certificate Authority: It’s free, automated, and open. It could be an option to protect Zimbra Servers with a valid SSL certificate; however, please be aware that is a Beta for now. Some stuff could not work or have issues, so use it at your own risk.<br />
<br />
===Installing Let's Encrypt on a Zimbra Server===<br />
Let's Encrypt must be installed on one Linux machine to obtain the proper SSL Certificate, CA Intermediate, and Private Key. It is not required that it be on the same Zimbra Server, but it could save time and help to obtain the renewals, etc.<br />
* First Step is to stop the jetty or nginx service at Zimbra level<br />
zmproxyctl stop<br />
zmmailboxdctl stop<br />
* Second step is to Install git on the Server (apt-get install git/yum install git), and then do a git clone of the project on the folder we want<br />
** Note: On RedHat/CentOS 6 you will need to enable the EPEL repository before install.<br />
git clone https://github.com/letsencrypt/letsencrypt<br />
cd letsencrypt<br />
* Let's now run Let's Encrypt in auto mode and use the certonly option, because for now the project can't automatically install the cert on Zimbra servers.<br />
root@zimbra86:~/tmp/letsencrypt# ./letsencrypt-auto certonly --standalone<br />
If you need to have multiple hostnames on the same SSL, so a Multi-SAN, SSL, please run instead, where -d are your domains:<br />
root@zimbra86:~/tmp/letsencrypt# ./letsencrypt-auto certonly --standalone -d xmpp.example.com -d conference.example.com<br />
** (This step only happens the first time. This process will not occur when renewing the SSL Certificate if using the same machine.) The process will download all of the OS dependencies that Let's Encrypt needs, and after a few minutes:<br />
<pre>Creating virtual environment...<br />
Updating letsencrypt and virtual environment dependencies...../root/.local/share/letsencrypt/local/lib/python2.7/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.<br />
InsecurePlatformWarning<br />
./root/.local/share/letsencrypt/local/lib/python2.7/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.<br />
InsecurePlatformWarning<br />
</pre><br />
*** The process will ask for an Email Address in case of emergency contact or to recover the lost key.<br />
<br />
[[File:Letsencrypt-002.png]]<br />
<br />
*** The process will ask if we agree with the ToS.<br />
<br />
[[File:Letsencrypt-003.png]]<br />
<br />
**** In case we run a renewal, or a request for a new FQDN, the process will just take a few seconds.<br />
Updating letsencrypt and virtual environment dependencies.......<br />
Running with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt certonly<br />
*** Let's Encrypt will prompt for the domain to protect, in this lab case (zimbra86.zimbra.io):<br />
<br />
[[File:Letsencrypt-004.png]]<br />
<br />
* The process will take a few seconds to validate and then will end:<br />
<pre>IMPORTANT NOTES:<br />
- Congratulations! Your certificate and chain have been saved at<br />
/etc/letsencrypt/live/zimbra86.zimbra.io/fullchain.pem. Your cert<br />
will expire on 2016-03-04. To obtain a new version of the<br />
certificate in the future, simply run Let's Encrypt again.<br />
- If like Let's Encrypt, please consider supporting our work by:<br />
<br />
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate<br />
Donating to EFF: https://eff.org/donate-le</pre><br />
<br />
===Where are the SSL Certificate Files?===<br />
You can find all your files under '''/etc/letsencrypt/live/$domain''', where $domain is the fqdn you used during the process:<br />
<pre>root@zimbra86:/etc/letsencrypt/live/zimbra86.zimbra.io# ls -al<br />
total 8<br />
drwxr-xr-x 2 root root 4096 Dec 5 16:46 .<br />
drwx------ 3 root root 4096 Dec 5 16:46 ..<br />
lrwxrwxrwx 1 root root 42 Dec 5 16:46 cert.pem -> ../../archive/zimbra86.zimbra.io/cert1.pem<br />
lrwxrwxrwx 1 root root 43 Dec 5 16:46 chain.pem -> ../../archive/zimbra86.zimbra.io/chain1.pem<br />
lrwxrwxrwx 1 root root 47 Dec 5 16:46 fullchain.pem -> ../../archive/zimbra86.zimbra.io/fullchain1.pem<br />
lrwxrwxrwx 1 root root 45 Dec 5 16:46 privkey.pem -> ../../archive/zimbra86.zimbra.io/privkey1.pem</pre><br />
<br />
'''cert.pem''' is the certificate<br />
<br />
'''chain.pem''' is the chain<br />
<br />
'''fullchain.pem''' is the concatenation of cert.pem + chain.pem<br />
<br />
'''privkey.pem''' is the private key<br />
<br />
Please keep in mind that the private key is only for you.<br />
<br />
===Build the proper Intermediate CA plus Root CA===<br />
Let's Encrypt is almost perfect, but during the files the process built, they just add the chain.pem file without the root CA.<br />
You must to use the IdenTrust root Certificate and merge it after the chain.pem<br />
* [https://www.identrust.com/certificates/trustid/root-download-x3.html https://www.identrust.com/certificates/trustid/root-download-x3.html]<br />
Your chain.pem should look like:<br />
<pre><br />
-----BEGIN CERTIFICATE-----<br />
YOURCHAIN<br />
-----END CERTIFICATE-----<br />
-----BEGIN CERTIFICATE-----<br />
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/<br />
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT<br />
DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow<br />
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD<br />
Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB<br />
AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O<br />
rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq<br />
OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b<br />
xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw<br />
7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD<br />
aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV<br />
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG<br />
SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69<br />
ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr<br />
AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz<br />
R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5<br />
JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo<br />
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ<br />
-----END CERTIFICATE-----</pre><br />
To sum up: chain.pem has to be concatened with the root CA. First the chain and the end of the file the root CA. The order is important.<br />
<br />
===Verify your commercial certificate. ===<br />
Copy all the Let's Encrypt folder with all files '''/etc/letsencrypt/live/$domain''' into /opt/zimbra/ssl/letsencrypt:<br />
root@mail2:~# mkdir /opt/zimbra/ssl/letsencrypt<br />
root@mail2:~# cp /etc/letsencrypt/live/mail2.next.zimbra.io/* /opt/zimbra/ssl/letsencrypt/<br />
root@mail2:~# chown zimbra:zimbra /opt/zimbra/ssl/letsencrypt/*<br />
root@mail2:~# ls -la /opt/zimbra/ssl/letsencrypt/<br />
total 24<br />
drwxr-xr-x 2 root root 4096 Jul 15 22:59 .<br />
drwxr-xr-x 8 zimbra zimbra 4096 Jul 15 22:59 ..<br />
-rw-r--r-- 1 zimbra zimbra 1809 Jul 15 22:59 cert.pem<br />
-rw-r--r-- 1 zimbra zimbra 2847 Jul 15 22:59 chain.pem<br />
-rw-r--r-- 1 zimbra zimbra 3456 Jul 15 22:59 fullchain.pem<br />
-rw-r--r-- 1 zimbra zimbra 1704 Jul 15 22:59 privkey.pem<br />
====Zimbra Collaboration 8.7 and above====<br />
As '''zimbra''' user<br />
<pre>zimbra@zimbra87:/opt/zimbra/ssl/letsencrypt/# /opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem chain.pem <br />
** Verifying cert.pem against privkey.pem<br />
Certificate (cert.pem) and private key (privkey.pem) match.<br />
Valid Certificate: cert.pem: OK</pre><br />
<br />
====Zimbra Collaboration 8.6 and previous====<br />
As '''root''' user<br />
<pre>root@zimbra86:/opt/zimbra/ssl/letsencrypt/# /opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem chain.pem <br />
** Verifying cert.pem against privkey.pem<br />
Certificate (cert.pem) and private key (privkey.pem) match.<br />
Valid Certificate: cert.pem: OK</pre><br />
<br />
===Deploy the new Let's Encrypt SSL certificate===<br />
====Backup Zimbra SSL directory====<br />
Before deploying a good practice is to make a backup.<br />
cp -a /opt/zimbra/ssl/zimbra /opt/zimbra/ssl/zimbra.$(date "+%Y%m%d")<br />
====Copy the private key under Zimbra SSL path====<br />
Before deploying the SSL Certificate, you need to move the privkey.pem under the Zimbra SSL commercial path, like this:<br />
cp /opt/zimbra/ssl/letsencrypt/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key<br />
<br />
====Final SSL deployment====<br />
Then deploy the certificate as follows: <br />
=====Zimbra Collaboration 8.7 and above=====<br />
As '''zimbra''' user<br />
<pre>zimbra@mail2://opt/zimbra/ssl/letsencrypt/$ /opt/zimbra/bin/zmcertmgr deploycrt comm cert.pem chain.pem <br />
** Verifying 'cert.pem' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'<br />
Certificate 'cert.pem' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.<br />
** Verifying 'cert.pem' against 'chain.pem'<br />
Valid certificate chain: cert.pem: OK<br />
** Copying 'cert.pem' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt'<br />
** Copying 'chain.pem' to '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt'<br />
** Appending ca chain 'chain.pem' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt'<br />
** Importing cert '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' as 'zcs-user-commercial_ca' into cacerts '/opt/zimbra/common/lib/jvm/java/jre/lib/security/cacerts'<br />
** NOTE: restart mailboxd to use the imported certificate.<br />
** Saving config key 'zimbraSSLCertificate' via zmprov modifyServer mail2.next.zimbra.io...failed (rc=1)<br />
** Installing ldap certificate '/opt/zimbra/conf/slapd.crt' and key '/opt/zimbra/conf/slapd.key'<br />
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/slapd.crt'<br />
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/slapd.key'<br />
** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12'<br />
** Creating keystore '/opt/zimbra/mailboxd/etc/keystore'<br />
** Installing mta certificate '/opt/zimbra/conf/smtpd.crt' and key '/opt/zimbra/conf/smtpd.key'<br />
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/smtpd.crt'<br />
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/smtpd.key'<br />
** Installing proxy certificate '/opt/zimbra/conf/nginx.crt' and key '/opt/zimbra/conf/nginx.key'<br />
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/nginx.crt'<br />
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/nginx.key'<br />
** NOTE: restart services to use the new certificates.<br />
** Cleaning up 3 files from '/opt/zimbra/conf/ca'<br />
** Removing /opt/zimbra/conf/ca/41b01cbb.0<br />
** Removing /opt/zimbra/conf/ca/ca.key<br />
** Removing /opt/zimbra/conf/ca/ca.pem<br />
** Copying CA to /opt/zimbra/conf/ca<br />
** Copying '/opt/zimbra/ssl/zimbra/ca/ca.key' to '/opt/zimbra/conf/ca/ca.key'<br />
** Copying '/opt/zimbra/ssl/zimbra/ca/ca.pem' to '/opt/zimbra/conf/ca/ca.pem'<br />
** Creating CA hash symlink '41b01cbb.0' -> 'ca.pem'<br />
** Creating /opt/zimbra/conf/ca/commercial_ca_1.crt<br />
** Creating CA hash symlink '4f06f81d.0' -> 'commercial_ca_1.crt'<br />
** Creating /opt/zimbra/conf/ca/commercial_ca_2.crt<br />
** Creating CA hash symlink '2e5ac55d.0' -> 'commercial_ca_2.crt'</pre> <br />
=====Zimbra Collaboration 8.6 and previous=====<br />
As '''root''' user<br />
<pre>root@zimbra86:/opt/zimbra/ssl/letsencrypt/# /opt/zimbra/bin/zmcertmgr deploycrt comm cert.pem chain.pem <br />
** Verifying cert.pem against /opt/zimbra/ssl/zimbra/commercial/commercial.key<br />
Certificate (cert.pem) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.<br />
Valid Certificate: cert.pem: OK<br />
** Copying cert.pem to /opt/zimbra/ssl/zimbra/commercial/commercial.crt<br />
** Appending ca chain chain.pem to /opt/zimbra/ssl/zimbra/commercial/commercial.crt<br />
** Importing certificate /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt to CACERTS as zcs-user-commercial_ca...done.<br />
** NOTE: mailboxd must be restarted in order to use the imported certificate.<br />
** Saving server config key zimbraSSLCertificate...failed.<br />
** Saving server config key zimbraSSLPrivateKey...failed.<br />
** Installing mta certificate and key...done.<br />
** Installing slapd certificate and key...done.<br />
** Installing proxy certificate and key...done.<br />
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.<br />
** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.<br />
** Installing CA to /opt/zimbra/conf/ca...done.</pre><br />
<br />
Then you need to restart the services, which will restart the nginx or jetty you stopped before:<br />
zmcontrol restart<br />
<br />
===Test the new SSL Certificate===<br />
The last step is to go to your Web Browser and open the URL of your Zimbra server where you installed the Let's Encrypt SSL Certificate:<br />
<br />
[[File:Letsencrypt-006.png|1024px]]<br />
<br />
You can expand the Certificate Information to see the new SSL Certificate your server is using:<br />
<br />
[[File:Letsencrypt-007.png]]<br />
<br />
===Test the new SSL Certificate with OpenSSL===<br />
You can use openssl cli tools to check and test the new SSL certificate:<br />
echo QUIT | openssl s_client -connect $domain:443 | openssl x509 -noout -text | less<br />
where $domain is the fqdn you used during the process<br />
<br />
===Building Multi-SAN SSL Certificate and complex scenarios===<br />
You can do almost everything you need, like Subject Alt Names, different domains, etc. But to see more about this, visit [https://letsencrypt.org/ the web of the official project].<br />
<br />
Here is an example using two FQDN:<br />
./letsencrypt-auto certonly --standalone -d fqdn1 -d fqdn2<br />
<br />
===Verifying SSL certificate is not expired===<br />
SSL certificates issued by let's encrypt are valid for 90 days during the BETA phase.<br />
You need to check the expiration of your SSL certificate. We can suggest using monitoring tools like Nagios. With nagios plugins there's a command which can check the expiration:<br />
/usr/lib/nagios/plugins/check_http --sni -H '<FQDN>' -C 30,14<br />
A warning will be issued 30 days before the expiration, a critical will be issued 14 days before the expiration.<br />
<br />
Here is a nagios config file excerpt:<br />
define command{<br />
command_name check_https_vhost<br />
command_line /usr/lib/nagios/plugins/check_http --sni -H '$ARG1$' -C 30,14<br />
}<br />
<br />
define service{<br />
use generic-service<br />
host_name <FQDN><br />
service_description SSL <FQDN><br />
check_command check_https_vhost!<FQDN><br />
}<br />
<br />
==Additional Content==<br />
* Let's Encrypt User Manual - https://letsencrypt.readthedocs.org/en/latest/using.html<br />
* Let's Encrypt Official Project - https://letsencrypt.org/<br />
<br />
=Automatic methods=<br />
Since Letsencrypt has gone public several scripts were created to automate the deployment of free SSL certificates in Zimbra. In order of appearance:<br />
<br />
* [https://github.com/VojtechMyslivec/letsencrypt-zimbra/ Vojtěch Myslivec on GitHub] <br />
* Grown from a long discussion on the [https://forums.zimbra.org/viewtopic.php?f=15&t=60781 forum] [https://github.com/JimDunphy/deploy-zimbra-letsencrypt.sh Jim Dunphy developed a script] based on Neilpang's acme.sh script<br />
* A nearly fully automated script developed by [https://github.com/yetopen/certbot-zimbra Maxxer@YetOpen on GitHub]<br />
<br />
{{Article Footer|Zimbra Collaboration 8.6, 8.5|12/05/2015}}<br />
{{NeedSME|Jorge|SME2|Copyeditor}}<br />
<br />
[[Category:Certificates]]</div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=Incoming_Mail_Problems&diff=65016Incoming Mail Problems2018-01-18T17:32:34Z<p>Jorge de la Cruz: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Troubleshooting incoming mail problems=<br />
{{KB|{{ZC}}|{{ZCS 8.8}}|{{ZCS 8.7}}|{{ZCS 8.6}}|}}<br />
<br />
==Problem==<br />
If you're having trouble receiving mail from outside, you need to find out where the message is failing.<br />
<br />
When sending your test message, check the [[Log Files]], especially /var/log/zimbra.log, on your [[MTA]] server.<br />
<br />
It's often helpful to tail the logfile as you send the message:<br />
tail -f /var/log/zimbra.log<br />
<br />
If you see ''nothing'' logged (no connection, nothing) then the problem likely either [[DNS]] or your firewall.<br />
==Resolution==<br />
=== Firewall ===<br />
To troubleshoot your firewall, it helps to have an account on a system outside of your network.<br />
<br />
For mail to flow inbound, servers on the internet need to connect to your [[MTA]] on port 25.<br />
<br />
=== [[DNS]] issues ===<br />
The mail domain that your user accounts are created under must have an MX record. To test this:<br />
host -t mx ''domain''<br />
<br />
The IP address returned should be the IP (public or private) of your MTA. If it's the public address, make sure that the Firewall is forwarding port 25 to the [[MTA]].<br />
<br />
=== Mail is delivered to the [[MTA]], but not to the mailbox ===<br />
If there is a line in the /var/log/zimbra.log like:<br />
postfix/lmtp ... deferred ... connection refused<br />
<br />
There is no connection to port 7025 to perform Local Mail Transfer Protocol (LMTP) delivery.<br />
<br />
This is nearly always caused by a host that is configured on private IP Space (or using NAT) and that does not have an interface for the public IP address the server resides on. This can be easily fixed by simply using native IP address lookups for lmtp rather than DNS. Alternatively, you could have your internal network's domain name configured to lookup differently internally than it does externally. Using that method is beyond the scope of this document.<br />
<br />
==== Zimbra Collaboration 8.5 or above ====<br />
ZCS 8.5 or above onwards this attribute is now in ldap - zimbraMtaLmtpHostLookup<br />
zmprov ms mtaserver.com zimbraMtaLmtpHostLookup native<br />
<br />
In case that you are using Single Server, be aware always of the Global Config as well:<br />
zmprov mcf zimbraMtaLmtpHostLookup native<br />
<br />
Once this is done, you'll need to restart the mta:<br />
zmmtactl restart<br />
<br />
==== Zimbra Collaboration 8.0 or previous ====<br />
To lookup lmtp addresses natively instead of by DNS, simply modify the following localconfig values on all mta's:<br />
zmlocalconfig -e postfix_lmtp_host_lookup=native<br />
<br />
Once this is done, you'll need to restart the mta:<br />
zmmtactl restart<br />
=== Expected behavior ===<br />
Postfix will now lookup IP's for lmtp natively rather than in DNS, so you'll just need to ensure the host is properly configured in /etc/hosts and things will work correctly.<br />
<br />
{{Article Footer|ZCS 8.7, 8.6, 8.0|1/13/2012}}<br />
{{NeedSME|Jorge|SME2|Copyeditor}}<br />
[[Category:Troubleshooting MTA]]</div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=How_to_configure_Zimbra_S/MIME_in_Windows&diff=65015How to configure Zimbra S/MIME in Windows2018-01-18T17:31:27Z<p>Jorge de la Cruz: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=How to configure Zimbra S/MIME in Windows=<br />
{{KB|{{ZC}}|{{ZCS 8.8}}|{{ZCS 8.7}}|{{ZCS 8.6}}|}}<br />
<br />
==Enhancement in Zimbra 8.7==<br />
Zimbra has fixed an issue when Customers are using Zimbra Collaboration Web Client, with S/MIME over Windows and the Firefox browser.<br />
<br />
[[File:Zimbrasmime-firefox-001.png]]<br />
<br />
Since Zimbra Collaboration 8.7, Zimbra uses for Windows the Windows cryptography (CryptoAPI).<br />
<br />
In the past, the SSL certificate needs to be installed in the Web Browser, since 8.7 the SSL Certificate needs to be installed on the Windows Local Store., and can be used for all Browsers in the Computer, doing easier the SSL Certificate Management.<br />
<br />
==Export the SSL Certificate from Mozilla Firefox==<br />
The first step is exporting the actual SSL Certificate from the Mozilla Firefox Web Browser. <br />
<br />
Click in the '''right icon''', and then Click in '''Options'''.<br />
<br />
[[File:Zimbrasmime-firefox-002.png]]<br />
<br />
Now, go to '''Advanced''' tab, and click in the sub-tab '''Certificates''', then click in '''View Certificates'''.<br />
<br />
[[File:Zimbrasmime-firefox-003.png]]<br />
<br />
In the tab '''Your Certificates''', you will find the SSL Certificate ready to export, please click in '''Backup'''.<br />
<br />
[[File:Zimbrasmime-firefox-004.png]]<br />
<br />
Then select a name and save it in the Folder that you want, press '''Save'''.<br />
<br />
[[File:Zimbrasmime-firefox-005.png]]<br />
<br />
Enter a '''password''' for your Private Key, please remember this password in the future. Press '''OK'''.<br />
<br />
[[File:Zimbrasmime-firefox-006.png]]<br />
<br />
And then, the SSL Certificate is ready to Import into the Windows Store. Press '''OK'''.<br />
<br />
[[File:Zimbrasmime-firefox-007.png]]<br />
<br />
==Install the SSL Certificate in Windows Store==<br />
We need to have the Certificate in our Computer, in .p12 .pfx, or other valid certificate extension.<br />
<br />
'''Right Click''' over the file and press '''Install PFX''' (a double click will do the same effect)<br />
<br />
[[File:Zimbrasmime-firefox-008.png]]<br />
<br />
In the next image of the Certificate Import Wizard, press '''Next'''.<br />
<br />
[[File:Zimbrasmime-firefox-009.png]]<br />
<br />
Press '''Next''' in this step, please be sure that the SSL Certificate is correct, review the name and path.<br />
<br />
[[File:Zimbrasmime-firefox-010.png]]<br />
<br />
This step is important, '''you need to introduce the password from your Private Key''', and also, if you think that in the future '''you will need to export the Certificate, please mark the second checkbox''', also the third one and press '''Next'''.<br />
<br />
[[File:Zimbrasmime-firefox-011.png]]<br />
<br />
Let the Automatically select option and press '''Next'''.<br />
<br />
[[File:Zimbrasmime-firefox-012.png]]<br />
<br />
This step, is a overview with all the steps, press '''Finish'''.<br />
<br />
[[File:Zimbrasmime-firefox-013.png]]<br />
<br />
Congratulations, the SSL Certificate is now installed in your Windows Store.<br />
<br />
[[File:Zimbrasmime-firefox-014.png]]<br />
<br />
==Doing a test in Windows with Firefox and Zimbra Collaboration 8.7, using S/MIME in the Web Client==<br />
Once we’ve installed the SSL Certificate in our Windows Store, we can open Firefox, open our Web Client with the Zimbra Server FQDN. You can use Internet Explorer, or Chrome, etc.<br />
<br />
Then '''compose a New Email''', fill the To, Subject and Body fields and select the '''Sign''' option. <br />
<br />
[[File:Zimbrasmime-firefox-015.png]]<br />
<br />
The person to you sent the email, will be able to see the SSL signature.<br />
<br />
[[File:Zimbrasmime-firefox-016.png]]<br />
<br />
Here is other example using Internet Explorer in Windows with Zimbra Collaboration 8.7, using the Web Client, now Zimbra uses the CryptoAPI.<br />
<br />
[[File:Zimbrasmime-firefox-017.png]]<br />
<br />
Here the same Zimbra Collaboration Server 8.7, using a Mac and Chrome Web browser, we can see that we are using now NSS, without any problem.<br />
<br />
[[File:Zimbrasmime-firefox-018.png]]<br />
<br />
==Check/Troubleshoot SSL Certificate in Windows Store==<br />
This steps are always welcome to be sure if our SSL Certificate is valid, for how many time, etc.<br />
<br />
Click in the '''Windows button''' and write '''mmc''', you will see the '''mmc.exe''', please do click to open it.<br />
<br />
[[File:Zimbrasmime-firefox-019.png]]<br />
<br />
Once the '''MMC''' is open, click in '''File – Add/Remove Snap-in.'''<br />
<br />
[[File:Zimbrasmime-firefox-020.png]]<br />
<br />
From the '''Available snap-ins list''', please select the '''Certificates''' and click '''Add'''.<br />
<br />
[[File:Zimbrasmime-firefox-021.png]]<br />
<br />
Select now the '''My user account''' and press '''Finish'''.<br />
<br />
[[File:Zimbrasmime-firefox-022.png]]<br />
<br />
You need to open the Personal Folder, and the Certificates sub folder and there we can find our SSL Certificates.<br />
<br />
[[File:Zimbrasmime-firefox-023.png]]<br />
<br />
You can do double click to open it and see much more details.<br />
<br />
[[File:Zimbrasmime-firefox-024.png]]<br />
<br />
==References==<br />
* [https://bugzilla.zimbra.com/show_bug.cgi?id=95628 '''Bug 95628''' - S/MIME: not working with Firefox on Windows]<br />
<br />
{{Article Footer|Zimbra Collaboration Suite 8.6|05/04/2016}}<br />
{{NeedSME|Jorge|SME2|Copyeditor}}<br />
[[Category:ZCS 8.7]]</div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=How_to_bypass_local_network_with_amavis&diff=65014How to bypass local network with amavis2018-01-18T17:30:43Z<p>Jorge de la Cruz: </p>
<hr />
<div>=How to bypass local network with amavis=<br />
{{KB|{{ZC}}|{{ZCS 8.8}}|{{ZCS 8.7}}||}}<br />
<br />
<br />
==Purpose==<br />
<br />
This article explains how to bypass or white-list certain IP ranges, either because they are known to be trusted and internal, or because they provide specific services that should not be checked for spam. <br />
<br />
<br />
==Resolution==<br />
<br />
By default, the bypass is not enabled, and we need to enable it as follows: <br />
<br />
zmprov mcf zimbraAmavisOriginatingBypassSA TRUE <br />
<br />
When its enabled, we need to restart the following services: <br />
<br />
zmantispamctl restart <br />
zmantivirusctl restart <br />
zmamavisdctl restart <br />
<br />
<br />
Once set, amavis bypasses SpamAssassin for all messages originating internal trusted networks. These networks are configured by modifying the server configuration attribute zimbraMtaMyNetworks:<br />
<br />
<attr id="311" name="zimbraMtaMyNetworks" type="astring" max="10240" cardinality="multi" optionalIn="globalConfig,server" flags="serverInherited" requiresRestart="mta"><br />
<desc>value of postfix mynetworks</desc><br />
</attr><br />
<br />
<br />
To retrieve current settings:<br />
<br />
1. postconf mynetworks<br />
2. zmprov gs `zmhostname` zimbraMtaMyNetworks<br />
<br />
<br />
Configure MTA networks:<br />
<br />
zmprov ms `zmhostname` zimbraMtaMyNetworks '127.0.0.0/8 10.0.0.0/8 192.168.0.0/16'<br />
<br />
(note: zmconfigd will automatically restart the MTA processes after this change is made).<br />
<br />
The zimbraMtaMyNetworks configuration is then included in Amavis in @mynetworks, which causes those IPs to be white-listed.<br />
<br />
<br />
<br />
==Additional Information==<br />
<br />
$ zmprov desc -a zimbraAmavisOriginatingBypassSA<br />
zimbraAmavisOriginatingBypassSA<br />
Whether or not Amavis should Bypass SpamAsassin for originating email.<br />
Defaults to FALSE<br />
<br />
type : boolean<br />
value :<br />
callback :<br />
immutable : false<br />
cardinality : single<br />
requiredIn :<br />
optionalIn : globalConfig,server<br />
flags : serverInherited<br />
defaults : FALSE<br />
min :<br />
max :<br />
id : 1464<br />
requiresRestart : mta<br />
since : 8.5.0<br />
deprecatedSince :<br />
<br />
<br />
<br />
{{Article Footer|Zimbra Collaboration 8.7|03/1/2017}}<br />
{{NeedSME|SME1|SME2|Copyeditor}}</div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=How_to_%22fix%22_system%27s_sendmail_to_use_that_of_zimbra&diff=65013How to "fix" system's sendmail to use that of zimbra2018-01-18T17:30:20Z<p>Jorge de la Cruz: </p>
<hr />
<div>{{BC|Community Sandbox}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=How to fix system's sendmail to use that of Zimbra=<br />
{{KB|{{Unsupported}}|{{ZCS 8.8}}||{{ZCS 8.7}}|{{ZCS 8.6}}|}}<br />
<br />
'''This article is valid is outdated for version 8.0 and later. The zimbra-mta package registers itself as an alternative in those versions.'''<br />
<br />
For Zimbra Collaboration 8.7 and CentOS, use the next:<br />
<pre>[root@zimbra ~]# /usr/sbin/alternatives --install /usr/sbin/sendmail mta /opt/zimbra/common/sbin/sendmail 25 \<br />
--slave /usr/bin/mailq mta-mailq /opt/zimbra/common/sbin/mailq \<br />
--slave /usr/bin/newaliases mta-newaliases /opt/zimbra/common/sbin/newaliases \<br />
--slave /usr/share/man/man1/mailq.1.gz mta-mailqman /opt/zimbra/common/share/man/man1/mailq.1 \<br />
--slave /usr/share/man/man1/newaliases.1.gz mta-newaliasesman /opt/zimbra/common/share/man/man1/newaliases.1 \<br />
--slave /usr/share/man/man8/sendmail.8.gz mta-sendmailman /opt/zimbra/common/share/man/man1/sendmail.1 \<br />
--slave /usr/share/man/man5/aliases.5.gz mta-aliasesman /opt/zimbra/common/share/man/man5/aliases.5 \<br />
--initscript zimbra<br />
</pre><br />
<br />
First check what's there now:<br />
[root@zimbra ~]# ls -l /usr/sbin/sendmail<br />
lrwxrwxrwx 1 root root 21 Jun 23 12:21 /usr/sbin/sendmail -> /etc/alternatives/mta<br />
<br />
[root@zimbra ~]# update-alternatives --display mta<br />
mta - status is auto. <br />
link currently points to /usr/sbin/sendmail.sendmail<br />
/usr/sbin/sendmail.sendmail - priority 90 <br />
slave mta-mailq: /usr/bin/mailq.sendmail <br />
slave mta-newaliases: /usr/bin/newaliases.sendmail <br />
slave mta-rmail: /usr/bin/rmail.sendmail <br />
slave mta-sendmail: /usr/lib/sendmail.sendmail <br />
slave mta-pam: /etc/pam.d/smtp.sendmail <br />
slave mta-sendmailman: /usr/share/man/man8/sendmail.sendmail.8.gz<br />
slave mta-mailqman: /usr/share/man/man1/mailq.sendmail.1.gz <br />
slave mta-newaliasesman: /usr/share/man/man1/newaliases.sendmail.1.gz<br />
slave mta-aliasesman: /usr/share/man/man5/aliases.sendmail.5.gz <br />
Current `best' version is /usr/sbin/sendmail.sendmail. <br />
<br />
Then install alternative and check it:<br />
[root@zimbra ~]# update-alternatives --install /usr/sbin/sendmail mta-sendmail /opt/zimbra/postfix/sbin/sendmail 25<br />
[root@zimbra ~]# update-alternatives --display mta-sendmail<br />
mta-sendmail - status is auto.<br />
link currently points to /opt/zimbra/postfix/sbin/sendmail<br />
/opt/zimbra/postfix/sbin/sendmail - priority 25<br />
Current `best' version is /opt/zimbra/postfix/sbin/sendmail.<br />
<br />
If on RHEL or CentOS, use the following:<br />
<br />
[root@zimbra ~]# /usr/sbin/alternatives --install /usr/sbin/sendmail mta /opt/zimbra/postfix/sbin/sendmail 25 \<br />
--slave /usr/bin/mailq mta-mailq /opt/zimbra/postfix/sbin/mailq \<br />
--slave /usr/bin/newaliases mta-newaliases /opt/zimbra/postfix/sbin/newaliases \<br />
--slave /usr/share/man/man1/mailq.1.gz mta-mailqman /opt/zimbra/postfix/man/man1/mailq.1 \<br />
--slave /usr/share/man/man1/newaliases.1.gz mta-newaliasesman /opt/zimbra/postfix/man/man1/newaliases.1 \<br />
--slave /usr/share/man/man8/sendmail.8.gz mta-sendmailman /opt/zimbra/postfix/man/man1/sendmail.1 \<br />
--slave /usr/share/man/man5/aliases.5.gz mta-aliasesman /opt/zimbra/postfix/share/man/man5/aliases.5 \<br />
--initscript zimbra<br />
[root@zimbra ~]# /usr/sbin/alternatives --config mta<br />
<br />
This will fix logwatch and any other locallly generated emails on RHEL/CentOS systems.<br />
<br />
{{Article Footer|Unknown|8/20/2008}}<br />
<br />
[[Category:MTA]]<br />
[[Category:Customizing ZCS]]<br />
[[Category:Debian]]<br />
[[Category:CentOS]]<br />
[[Category:logwatch]]<br />
[[Category:RHEL]]</div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=Hide_the_links_to_the_default_helps&diff=65012Hide the links to the default helps2018-01-18T17:29:41Z<p>Jorge de la Cruz: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Hide the links to the default helps=<br />
{{KB|{{ZC}}|{{ZCS 8.8}}|{{ZCS 8.7}}|{{ZCS 8.6}}|}}<br />
==Purpose==<br />
How to hide hyperlinks to the Product Help, Help Center Online, and/or New Features which are listed in the pull-down menu on the Advanced web client. <br />
<br />
[[Image:Docs_66645.png]]<br />
<br />
==Resolution==<br />
The zimbraWebClientSupportedHelps handles that help page links should be displayed in the pull-down menu. The zimbraWebClientSupportedHelps takes multiple values as follows:<br />
{| class="wikitable" style="margin-left: 5px; margin-right: auto;"<br />
!Name || Description<br />
|- <br />
| <pre>productHelp</pre><br />
| Show the link to Product Help<br />
|- <br />
| <pre>onlineHelp</pre><br />
| Show the link to Help Central Online<br />
|- <br />
| <pre>newFeatures</pre><br />
| Show the link to New Features<br />
|}<br />
<br />
For example, if you want to show the Product Help, and New Features, but hide the Help Central Online, you can set up:<br />
zmprov mcf +zimbraWebClientSupportedHelps productHelp<br />
zmprov mcf +zimbraWebClientSupportedHelps newFeatures<br />
zmprov mcf -zimbraWebClientSupportedHelps onlineHelp<br />
<br />
This configuration key is applicable system-wide (global), and domain-wide.<br />
<br />
==Additional Content==<br />
* No related content.<br />
<br />
<br />
{{Article Footer|Zimbra Collaboration 8.7|06/20/2016}}</div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=Get_all_user%27s_mailbox_size_from_CLI&diff=65011Get all user's mailbox size from CLI2018-01-18T17:29:27Z<p>Jorge de la Cruz: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Get all user's mailbox size from CLI=<br />
{{KB|{{ZC}}|{{ZCS 8.8}}|{{ZCS 8.7}}|{{ZCS 8.6}}|}}<br />
==Purpose==<br />
How to check and findout all user's mailbox size.<br />
<br />
==Resolution==<br />
Run following command as zimbra user to check all user's mailbox size:-<br />
<pre>su - zimbra<br />
all_accounts=`zmprov -l gaa`; for account in $all_accounts; do mbox_size=`zmmailbox -z -m $account gms`; echo "Mailbox size of $account = $mbox_size"; done ;</pre><br />
<br />
After running above commands you will get output in the below format:-<br />
<pre><br />
Mailbox size of user@example.com = 5.72 KB<br />
Mailbox size of user2@example.com = 1.38 KB<br />
Mailbox size of test@example.com = 0 B<br />
Mailbox size of test2@mydomain.com = 19.27 MB<br />
Mailbox size of supporttest@supportlab.in = 162.15 KB<br />
</pre><br />
<br />
==Additional Content==<br />
* No related content.<br />
<br />
<br />
{{Article Footer|Zimbra Collaboration 8.6, 8.5, 8.0|04/28/2015}}<br />
{{NeedSME|SME1|SME2|Copyeditor}}</div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=Exporting_all_addresses&diff=65010Exporting all addresses2018-01-18T17:29:13Z<p>Jorge de la Cruz: </p>
<hr />
<div>{{BC|Community Sandbox}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Exporting all addresses=<br />
{{KB|{{ZC}}|{{ZCS 8.8}}|{{ZCS 8.7}}|{{ZCS 8.6}}|}}<br />
<br />
Exporting all addresses (mailboxes, aliases and distribution lists) is a vital tool if you have a backup MX and only want it to accept email for valid recipients. One reason for that is to stop spammers who simply use a dictionary of common names to generate recipient email addresses which would flood a backup MX with undeliverable email. Some anti-spam providers (e.g. Postini) have automatic provisioning processes for making this possible.<br />
<br />
A naive process of extracting mailboxes looks like this:<br />
/opt/zimbra/bin/zmaccts | grep 'active' | egrep -v '^\W+' | awk '{print $1}'<br />
<br />
Unfortunately, this doesn't give distribution lists and aliases, so a more sophisticated approach is necessary, for which there is no specific tool and requires using the ldap tool thus:<br />
<br />
'''In ZCS 8.7 and above:'''<br />
/opt/zimbra/common/bin/ldapsearch -LLL -x -D"`/opt/zimbra/bin/zmlocalconfig -s zimbra_ldap_userdn | \<br />
awk '{print $3}'`" -w"`/opt/zimbra/bin/zmlocalconfig -s zimbra_ldap_password | \<br />
awk '{print $3}'`" -H `/opt/zimbra/bin/zmlocalconfig ldap_url | \<br />
awk '{print $3}'` $* | \<br />
grep ^mail | \<br />
awk '{print $2}' | \<br />
sort > zimbra_recipients.list<br />
<br />
'''In ZCS 8.6 or below:'''<br />
/opt/zimbra/openldap/bin/ldapsearch -LLL -x -D"`/opt/zimbra/bin/zmlocalconfig -s zimbra_ldap_userdn | \<br />
awk '{print $3}'`" -w"`/opt/zimbra/bin/zmlocalconfig -s zimbra_ldap_password | \<br />
awk '{print $3}'`" -H `/opt/zimbra/bin/zmlocalconfig ldap_url | \<br />
awk '{print $3}'` $* | \<br />
grep ^mail | \<br />
awk '{print $2}' | \<br />
sort > zimbra_recipients.list<br />
<br />
If your backup MX is exim, then you need to add the following to the config file:<br />
accept<br />
local_parts = /etc/exim/zimbra_valid_emails.list<br />
domains = +relay_to_domains<br />
deny<br />
The list of recipients needs to be converted to a form that exim will process, e.g.<br />
sed -e 's/^/^/' -e 's/\./\\\./' -e 's/@.*$/$/' > exim_valid_emails.list < zimbra_recipients.list<br />
<br />
=More Methods=<br />
More methods here: <br />
*https://forums.zimbra.org/viewtopic.php?t=28953<br />
<br />
{{Article_Footer|unknown|1/3/2008}}<br />
<br />
[[Category:Anti-spam]]<br />
[[Category:Backup and Restore]]<br />
[[Category:Migration]]</div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=Building_Zimbra_using_Git&diff=65009Building Zimbra using Git2018-01-18T17:28:41Z<p>Jorge de la Cruz: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
= Building Zimbra using Git =<br />
{{KB|{{ZC}}|{{ZCS 8.8}}|{{ZCS 8.7}}|{{ZCS 8.6}}|}}<br />
<br />
==General Information==<br />
The git fusion server gives users access to download and build/modify Zimbra source code for Open Source products. Building Zimbra Collaboration Suite from Zimbra's git fusion server requires advanced knowledge of troubleshooting. It is not available for Network Edition components. Changes cannot be committed to the git fusion server.<br />
<br />
By building Zimbra, you agree to Zimbra's licensing terms. Building from source is not covered under the [http://www.zimbra.com/license/zimbra_public_eula.html ZEUL], unlike pre-compiled binaries, but rather the Open Source licenses as descrived on the [http://www.zimbra.com/license/ licensing] page. Please read the page on [http://www.zimbra.com/community/contribute.html contributing] if you plan to submit back any patches.<br />
<br />
Technical support for source building can be found in the [https://community.zimbra.com/collaboration/f/1885 Zimbra Developers community].<br />
<br />
By default, you will only be able to build "out of the box" with supported operating systems (see list on [http://www.zimbra.com/downloads/zimbra-collaboration-open-source site] or files in ZimbraBuild/defs). However, you may be able to modify the source to get Zimbra to build on your OS of choice.<br />
<br />
==Initial Setup==<br />
At it's simplest, to obtain the source you need to essentially:<br />
* Install git<br />
** <tt>yum install git</tt> (RHEL, SLES, etc)<br />
** <tt>apt-get install git</tt> (Ubuntu, etc)<br />
==ZCS 8.7.6 and above==<br />
Starting ZCS 8.7.6 and above we have moved all our repositories to our public GitHub, so we have changed the way you can download, review and of course build the product, you can find all the details here:<br />
* [https://github.com/Zimbra/zm-build https://github.com/Zimbra/zm-build]<br />
<br />
<br />
==ZCS 8.7.2 to 8.7.5==<br />
=== Accessing git using ssh ===<br />
* Obtain the git ssh access keys.<br />
mkdir -p /tmp/zimbra-git1<br />
cd /tmp/zimbra-git1<br />
wget https://files.zimbra.com/downloads/git-fusion/zimbra-git1-ssh.tgz<br />
tar xfz zimbra-git1-ssh.tgz<br />
<br />
* Add the access keys to your own user account:<br />
cd ~/.ssh<br />
cp /tmp/zimbra-git1/id_rsa_git1* .<br />
<br />
* Add the following ~/.ssh/config. Create the file if it doesn't exist:<br />
Host zimbra-git1<br />
User public<br />
Hostname git.zimbra.com<br />
IdentityFile ~/.ssh/id_rsa_git1<br />
IdentitiesOnly yes<br />
Port 1067<br />
<br />
* Ensure the permissions on the config file are correct<br />
chmod 600 ~/.ssh/config<br />
chmod 600 ~/.ssh/id_rsa_git1<br />
<br />
* List of all repos available:<br />
https://git.zimbra.com/repos/zimbra-foss-ge872/<br />
<br />
=== Obtaining the source to Zimbra Collaboration Suite ===<br />
The source code for ZCS is retrieved from git.zimbra.com as described above.<br />
<br />
To obtain the source:<br />
mkdir -p ~/git<br />
cd ~/git<br />
<br />
=== Cloning using SSH. Requires SSH access keys above ===<br />
You will need to clone one by one, or make an script for it, you can find the list here: https://git.zimbra.com/repos/zimbra-foss-ge872/<br />
git clone git@zimbra-git1:zm-zcs<br />
git clone git@zimbra-git1:zm-store<br />
git clone git@zimbra-git1:zm-common<br />
git clone git@zimbra-git1:zm-client<br />
git clone git@zimbra-git1:zm-soap<br />
etc<br />
<br />
'''Note: Code is just published as it is. Objective is people should able to see the code changes. <br />
There are some tweaks required to get it build. We are working on restructuring.'''<br />
<br />
==ZCS 8.7.1 and below==<br />
=== Accessing git using ssh ===<br />
* Obtain the git ssh access keys.<br />
mkdir -p /tmp/zimbra-git<br />
cd /tmp/zimbra-git<br />
wget https://files.zimbra.com/downloads/git-fusion/zimbra-git-ssh.tgz<br />
tar xfz zimbra-git*<br />
<br />
* Add the access keys to your own user account:<br />
cd ~/.ssh<br />
cp /tmp/zimbra-git/id_rsa_git* .<br />
<br />
* Add the following ~/.ssh/config. Create the file if it doesn't exist:<br />
Host zimbra-git<br />
User public<br />
Hostname git.zimbra.com<br />
IdentityFile ~/.ssh/id_rsa_git<br />
IdentitiesOnly yes<br />
Port 1067<br />
<br />
* Ensure the permissions on the config file are correct<br />
chmod 600 ~/.ssh/config<br />
chmod 600 ~/.ssh/id_rsa_git<br />
<br />
=== Obtaining the source to Zimbra Collaboration Suite ===<br />
The source code for ZCS is retrieved from git.zimbra.com as described above.<br />
<br />
To obtain the source:<br />
mkdir -p ~/git<br />
cd ~/git<br />
<br />
=== Cloning using SSH. Requires SSH access keys above ===<br />
git clone git@zimbra-git:zimbra-foss<br />
<br />
=== Cloning using anonymous HTTPS ===<br />
'''For ZCS 8.7.1 and below repos'''<br />
git clone https://git.zimbra.com/repos/zimbra-foss/.git<br />
<br />
===Source for the "main" branch===<br />
* main is the development branch.<br />
<br />
The 'main' branch, (often referred to as mainline) contains the latest code - if your interested in seeing pre-release software check it out.<br />
<br />
It is constantly in flux (for instance we might stagger spec files to avoid the need to always rebuild ThirdParty), if you're hitting a error in the Zimbra build side the first thing to do is re-sync, as we typically resolve these fast.<br />
<br />
It is the default branch in use after doing a checkout of '''zimbra-foss'''<br />
<br />
=== Listing available branches ===<br />
The '''zimbra-foss''' repo contains all the available release branches. You can obtain a list of the branches via:<br />
git branch -a<br />
<br />
Example output (abbreviated)<br />
* main-foss<br />
remotes/origin/HEAD -> origin/main-foss<br />
remotes/origin/frank-foss<br />
remotes/origin/franklin-5010-foss<br />
remotes/origin/franklin-5011-foss<br />
remotes/origin/franklin-5012-foss<br />
remotes/origin/franklin-5013-foss<br />
remotes/origin/franklin-5014-foss<br />
remotes/origin/franklin-5015-foss<br />
remotes/origin/franklin-5016-foss<br />
remotes/origin/franklin-5017-foss<br />
remotes/origin/franklin-5018-foss<br />
remotes/origin/franklin-5019-foss<br />
remotes/origin/franklin-5020-foss<br />
<br />
The branch with a '''*''' in front of it is your active checkout.<br />
<br />
=== Changing the active checkout ===<br />
To change the active branch, you use the '''git checkout''' command, and supply the release you are interested in.<br />
<br />
For example, to switch to the IRONMAIDEN 8.0.7 release branch, one would execute:<br />
git checkout ironmaiden-807-foss<br />
<br />
===Updating an existing clone===<br />
To update an already existing clone:<br />
cd ~/git/zimbra-foss<br />
git pull<br />
<br />
===Building Zimbra Collaboration Server===<br />
To build Zimbra Collaboration Server, the "buildZCS.sh" script can be used, that is located in the ZimbraBuild directory after the checkout completes.<br />
<br />
The first time you go to build, it is recommended to execute<br />
cd ~/git/zimbra-foss/ZimbraBuild<br />
<br />
==== ZCS 8.6 and prior ====<br />
./buildZCS.sh -t -u<br />
<br />
This will help you through adding Ant & JDK, check dependencies, build ThridParty using a public CPAN mirror for Perl, then start the ZCS build process. It requires sudo access to install the various required binaries and libraries for build (The -u option).<br />
<br />
This will help you through adding Ant & the required Java JDK. It is no longer necessary to build Third Party to build ZCS with 8.7 and later.<br />
<br />
For 8.6 and previous, if the server already has the various required binaries and libraries installed, then:<br />
cd ~/git/zimbra-foss/ZimbraBuild<br />
./buildZCS.sh -t<br />
<br />
Can be used to just build out Third Party and ZCS.<br />
<br />
If Third Party has already been built, and simply rebuilding ZCS is desired, this can be achieved with:<br />
cd ~/git/zimbra-foss/ZimbraBuild<br />
./buildZCS.sh<br />
<br />
<br />
=== ZCS 8.7 and 8.7.1 ===<br />
./buildZCS.sh<br />
<br />
This will help you through adding Ant & JDK. Note that JAVA_HOME will need to be set correctly to the location of the JDK.<br />
<br />
==== Third party packages ====<br />
If working on adding recognition for a new OS, it will be necessary to build out a related 3rd party package repository. The overall build process is located on github, and there is a vagrant profile also noted on github for helping with the process. More documentation will be provided soon, as the github migration is still underway.<br />
<br />
Relevant URLs:<br />
* https://github.com/Zimbra/packages<br />
* https://github.com/Zimbra/zimbra-build<br />
* https://github.com/Zimbra/vagrant-provision-zimbra<br />
<br />
==Building with Maven==<br />
Starting with ZCS 9.0/KISS the Java projects are built using Maven. <br />
<br />
See [[Building Zimbra with Maven]] for more details.<br />
<br />
==Building Zimbra Desktop==<br />
* [[Building Zimbra Desktop on Linux]]<br />
* [[Building Zimbra Desktop on Windows (win32)]]<br />
* [[Building Zimbra Desktop on Macintosh (OS 10.4.6+)]]<br />
<br />
==Troubleshooting==<br />
Search the forums for any recent reports or create a new thread letting us know and we'll get right on it.<br />
<br />
==Contributions==<br />
See https://www.zimbra.com/open-source/contribute<br />
<br />
{{Article Footer|unknown|7/7/2014}}<br />
<br />
[[Category: Build]]</div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=Best_Practices_on_Email_Protection:_SPF,_DKIM_and_DMARC&diff=65008Best Practices on Email Protection: SPF, DKIM and DMARC2018-01-18T17:28:25Z<p>Jorge de la Cruz: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
= Best Practices on Email Protection: SPF, DKIM and DMARC =<br />
{{KB|{{ZC}}|{{ZCS 8.8}}|{{ZCS 8.7}}|{{ZCS 8.6}}|}}<br />
<br />
Once we installed Zimbra Collaboration, we need to be aware of some additional configurations that will allow us to send emails to other Email systems with an improve Security, such Gmail, Hotmail, Yahoo!, etc.<br />
This Wiki article will show the different Email Protection resources that exists, depends of the volume of sent email, will be better to implement only one, or two, or maybe all of them, depends.<br />
<br />
==SPF==<br />
Sender Policy Framework (SPF) is an email validation system, designed to prevent unwanted emails using a spoofing system. To check this common security problem, SPF going to verify the source IP of the email and compare it with a DNS TXT record with a SPF content.<br />
[[File:Zimbra-spf.png|800px]]<br />
<br />
===Where needs to be configured?===<br />
SPF needs to be configured in the Public DNS<br />
<br />
===How to configure it?===<br />
First of all, generate the TXT SPF DNS entry (using [http://www.mailradar.com/spf/ the Mailradar SPF Tool], or something similar), for example with the domain called domain.com and have 3 different entries to add:<br />
* The A entry - mail.domain.com<br />
* The MX entry - srvmta.domain.com<br />
* The IPv4 entry - 60.70.80.90<br />
<br />
If in your email system you are using external services like Mailchimp, Salesforce, etc. add them in the include part, for example:<br />
*include:servers.mcsv.net (Mailchimp)<br />
*include:_spf.salesforce.com (Salesforce)<br />
*include:_spf.google.com (Google Apps)<br />
<br />
An example will looks like:<br />
[[File:Zimbra-spf002.png]]<br />
<br />
===Understand the "all" feature in the SPF entry===<br />
SPF can be configured in different ways, since '''neutral''' to '''hard fail'''. Almost 98% of domains are using the ~all (softfail) that means even if something of the SPF entry is wrong against the source Mailserver, mark the mail only like softfail. Here, the complete table to understand the feature '''all''' in the SPF<br />
{| width=100% border=1<br />
! bgcolor="#0087c3"| Parameter<br />
! bgcolor="#0087c3"| Result<br />
! bgcolor="#0087c3"| Means<br />
|-<br />
| +all<br />
| pass<br />
| Permits all the email, like have nothing configured.<br />
|-<br />
| -all<br />
| fail<br />
| Will only mark the email like pass if the source Email Server fits exactly, IP, MX, etc. with the SPF entry.<br />
|-<br />
| ~all<br />
| softfail<br />
| Allows to send the email, and if something is wrong will mark it like softfail.<br />
|-<br />
| ?all<br />
| neutral<br />
| Without policy<br />
|}<br />
<br />
===Difference between ~all and -all===<br />
If your domain is under an SPAM attack trying to spoofing your domain, try to change the SPF to -all for a while, and reset to ~all when the attack ends.<br />
Keep selected the -all if you want to be strict with the SPF entry and you are sure that your DNS entry is correct.<br />
<br />
===How to test it===<br />
Have a lot of SPF tools to check if the DNS entry is correct, for example:<br />
* '''[http://tools.wordtothewise.com/spf http://tools.wordtothewise.com/spf]''' (will show an overview of all the allowed IPS that can send using the domain)<br />
* '''[http://www.kitterman.com/spf/validate.html http://www.kitterman.com/spf/validate.html]''' (Simple but effective, will show the SPF DNs entry and also the result: pass, softfail, fail, neutral, etc.)<br />
* '''[http://mxtoolbox.com/ http://mxtoolbox.com/]''' A Classic<br />
<br />
===Deprecated SPF RR, use TXT RR only===<br />
In April 2014, the SPF DNS record was deprecated in the RFC, and the correct way to implement the SPF is using only a TXT DNS record. <br />
For example, this '''was a valid DNS entries before April 2014''', TXT and SPF:<br />
[[File:Zimbra-spf005.png]]<br />
<br />
And here the RFC text where you can find the part about use only TXT:<br />
[[File:Zimbra-spf006.png]]<br />
<br />
* '''[http://tools.ietf.org/html/rfc4408 RFC before April 2014]'''<br />
* '''[http://tools.ietf.org/html/rfc7208 RFC after April 2014]'''<br />
<br />
==DKIM==<br />
DomainKeys Identified Mail (DKIM), is a method to associate the domain name and the email, allowing to a person or company assume the responsibiltity of the email. <br />
<br />
[[File:Zimbra-dkim.png|800px]]<br />
<br />
===Where needs to be configured?===<br />
DKIM needs to be generated per domain in our Zimbra Server, and needs to be configured in the public DNS of each domain.<br />
<br />
===How to configure it?===<br />
To configure properly DKIM, please follow the next Wiki - [[Configuring_for_DKIM_Signing]]<br />
<br />
Once have the DKIM generated in Zimbra, add the info in the public DNS, will looks like:<br />
<br />
[[File:Zimbra-dkim-002.png]]<br />
<br />
===How to test it===<br />
Have multiple websites to test it, for example:<br />
* [http://dkimvalidator.com http://dkimvalidator.com] You need to send a email, once you have the DKIM configured, then in the website will found a section called DKIM and the result in the end, if the test is passed or not.<br />
<br />
===2048-bit signatures starting ZCS 8.7.x===<br />
Starting ZCS 8.7.x Zimbra generates a 2048-bit key, after run the next command (mind the -a if it's the first time, and -u if you are updating the DKIM):<br />
/opt/zimbra/libexec/zmdkimkeyutil -a -d yourdomain.com<br />
<br />
You will observe something like the next (with your own information):<br />
<pre>DKIM Data added to LDAP for domain zimbra.io with selector 25D766CE-CEAC-11E7-B087-020B6DB9DD9A<br />
Public signature to enter into DNS:<br />
25D766CE-CEAC-11E7-B087-020B6DB9DD9A._domainkey IN TXT ( "v=DKIM1; k=rsa; "<br />
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwA4vVMiV3/14hRMzbKNnBKNThqxTWLi2E5NqqHLccIJg/P33yqwgGVKKUM9HFfXZ8urz6/dl8oNG3oxs73W1sgWHrFRo3ZayHsuUMe+DLyt8wtyR/RUae0nvd6Z6t0lPwujXWBrRS/FeMg/IGA8ExBKjD+aAYdQfH/lhlDGzumTXgbSB0KMzlpOjcum2Aes69rEiR744GGaPb2"<br />
"X3MxK8vjpeMIx16n2tADb0wKKP19WTF0at5HCP8F4SFflLUPJMOC1Be9FCWjTjNr1qrRZTwCwC7OC9tnV7SsKKXG+8D6hu39Tm5U1GLzpKvLMIv14b6MWsU9cV/iVKH+hQq4YRowIDAQAB" ) ; ----- DKIM key 25D766CE-CEAC-11E7-B087-020B6DB9DD9A for zimbra.io</pre><br />
<br />
By default, DNS Servers only accepts 255 characters on every TXT entry, so depending on the DNS Server you are using you will need to do one of the next:<br />
* On cPanel UI it's as easy at creating one new TXT entry with the selector, and on the value all together like "v=DKIM1; k=rsa; p=ALL-THE-CODE-"<br />
[[File:Dkim-2048.png]]<br />
* If using old version of Bind, or other DNS Server based in CLI, you can try by adding the DNS entry on the next format:<br />
25D766CE-CEAC-11E7-B087-020B6DB9DD9A._domainkey IN TXT ("v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w..."<br />
25D766CE-CEAC-11E7-B087-020B6DB9DD9A._domainkey IN TXT "...AQAB")<br />
* Another way some DNS Servers might work are the next one:<br />
25D766CE-CEAC-11E7-B087-020B6DB9DD9A._domainkey IN TXT ("v=DKIM1;k=rsa; p="<br />
"MIIBIjANBgkqhkiG9w..."<br />
"...AQAB") <br />
<br />
====How to check that you have a valid DKIM signature====<br />
You can check if you have a valid DKIM by using for example the next URL - http://dkimcore.org/tools/keycheck.html :<br />
Introduce your selector and your domain and click on check<br />
<br />
[[File:Dkim-2048-001.png]]<br />
<br />
After a few seconds you will see the result:<br />
<br />
[[File:Dkim-2048-002.png]]<br />
<br />
==DMARC==<br />
DMARC, which stands for “Domain-based Message Authentication, Reporting & Conformance”, is a technical specification created by a group of organizations that want to help reduce the potential for email-based abuse by solving a couple of long-standing operational, deployment, and reporting issues related to email authentication protocols.<br />
<br />
DMARC standardizes how email receivers perform email authentication using the well-known SPF and DKIM mechanisms. This means that senders will experience consistent authentication results for their messages at AOL, Gmail, Hotmail, Yahoo! and any other email receiver implementing DMARC. We hope this will encourage senders to more broadly authenticate their outbound email which can make email a more reliable way to communicate.<br />
<br />
[[File:Zimbra-DMARC.png|800px]]<br />
<br />
Text and Image inspired from [http://dmarc.org the Official dmarc org website]<br />
<br />
===Where needs to be configured?===<br />
The DMARC needs to be configured in the public DNS.<br />
<br />
===How to configure it?===<br />
The DMARC record can be generated in multiple websites, for example [http://www.kitterman.com/dmarc/assistant.html http://www.kitterman.com/dmarc/assistant.html]<br />
<br />
Using the domain example.com, a possible option can be the next, please note that all the default options will be included implicit, even if you don't select them in the generator:<br />
<br />
[[File:Zimbra-DMARC-002.png]]<br />
<br />
This configuration will generate the next DNS entry<br />
*DMARC record for: example.com<br />
*Record should be published at _dmarc.example.com<br />
*v=DMARC1; p=quarantine; rua=dmarc@example.com; ruf=dmarc@example.com; sp=quarantine <br />
<br />
And will looks like this in a DNS with web interface:<br />
<br />
[[File:Zimbra-DMARC-003.png|800px]]<br />
<br />
===How to test it===<br />
One of the best Sites to test the DMARC is the next link - '''[https://dmarcian.com/dmarc-inspector/google.com https://dmarcian.com/dmarc-inspector/google.com]''' is coming with the google.com domain per default. This website will show you all the DMARC information about your domain.<br />
<br />
==rDNS==<br />
The reverse DNS resolution (rDNS) is a determination of the domain name that is associated to an IP. Some email companies like AOL, for example, will reject any email that doesn't have a valid rDNS.<br />
<br />
[[File:Zimbra-rDNS.png]]<br />
<br />
===Where needs to be configured?===<br />
To have a perfect match between the rDNS and the SMTP Banner of the server, need to have the next:<br />
* In the public DNS of the ISP provider. Or if you have control of the public DNS of your IP range, then you can add the rDNS by yourself. <br />
* In the Zimbra Server, need to edit the HELO to match between it and the rDNS record.<br />
<br />
===How to configure it?===<br />
To modify the Public DNS to match the IP and the rDNS, you need to contact with your ISP provider, or if you have acces to edit the DNS record of your IP, then change it by yourself.<br />
For example, if you have the IP 60.60.60.60 and needs to resolve to mail.example.com.<br />
<br />
To edit the SMTP Banner and match it with the external rDNS. Need to edit the next in Zimbra:<br />
'''Zimbra 8.0.X'''<br />
zmlocalconfig -e postfix_smtpd_banner="mail.example.com"<br />
zmcontrol restart<br />
<br />
'''Zimbra 8.5, 8.6, and above'''<br />
zmprov ms `zmhostname` zimbraMtaSmtpdBanner mail.example.com<br />
zmcontrol restart<br />
<br />
===How to test it===<br />
Use the next tool - '''[http://mxtoolbox.com/ReverseLookup.aspx http://mxtoolbox.com/ReverseLookup.aspx]''' and fill it with your Public IP, if you have everything well configured, will return the name that you want.<br />
<br />
==Identified Support Issues==<br />
<br />
<br />
<br />
<br />
<br />
<br />
----<br />
<br />
{{Article Footer|Zimbra Collaboration Suite 8.6, 8.5|04/07/2015}}</div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=Category:ZCS_8.8&diff=65007Category:ZCS 8.82018-01-18T17:25:53Z<p>Jorge de la Cruz: Created blank page</p>
<hr />
<div></div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=ZAD&diff=65006ZAD2018-01-18T17:25:27Z<p>Jorge de la Cruz: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Zimbra Archiving and Discovery=<br />
{{KB|{{ZC}}|{{ZCS 8.8}}|{{ZCS 8.7}}|{{ZCS 8.6}}|}}<br />
<br />
Zimbra Archiving and Discovery is an optional feature that enables you archive messages that were delivered to or sent by Zimbra Collaboration and to search across mailboxes.<br />
<br />
The installation of the archiving feature provides the ZCS discovery tool (also known as cross mailbox search) and sets the attributes that allow archiving to be enabled on the Zimbra MTAs.<br />
Archiving is configured on a per account basis. Each account enabled for archiving requires a Zimbra archive license. When archiving is enabled for an account, a copy of all email from or to that account is forked at the MTA, and a copy of the message is delivered to a predefined archive mailbox. The archiving process is transparent to account users.<br />
<br />
Discovery allows you to conduct a search for email messages across live and archived mailboxes and copy the results to a specified mailbox.<br />
<br />
[[File:Zimbra-archive-001.png|800px]]<br />
<br />
==Getting Started==<br />
Zimbra Archiving and Discovery is available since Zimbra Collaboration 7.0 servers and above. There are two components to the product, you must have both installed to use Zimbra Archiving and Discovery:<br />
# The Archiving component - this ships on the Zimbra Collaboration 7.0 and later servers.<br />
# The Discovery component - this is a separate module to download for the Admin Console UI<br />
<br />
===What if I am a Zimbra Customer already?===<br />
First, contact [https://www.zimbra.com/get-help Sales] to let us know you are interested in trying Zimbra Archiving and Discovery and to discuss pricing and product details. <br />
<br />
After working with us, assuming you have ZC already running you can [http://www.zimbra.com/products/downloads.html download] and install the Discovery module in the Admin Console. From there you can begin using the product to set up archive accounts and run cross mailbox searches.<br />
<br />
===What do I do if I do not have Zimbra yet?===<br />
Go to the [http://www.zimbra.com/products/download_network.html Network Trial] page and register for the ZC trial; indicate in the registration form you wish to try Zimbra Archiving and Discovery and our sales team will follow up with you on pricing and product questions.<br />
<br />
[http://www.zimbra.com/products/downloads.html Download] both ZCS Network Edition and the Discovery Module for the Admin Console and follow the installation instructions.<br />
<br />
==How Archiving Works==<br />
When a message is sent or received by a user, the message is always routed through the Postfix MTA. The Postfix MTA allows integrating software that can perform actions on messages that are in flight. When archiving is enabled for the sender or the recipient of messages, Zimbra Archiving integrates with an MTA hook and the Amavisd-New utility to fork a copy of the message.<br />
The “does recipient or sender have archiving enabled” check is performed on the SMTP standard envelope and not on the From or To/Cc headers. Since checks are performed on the envelope, Bcc copies and messages sent to distribution lists are captured.<br />
For example, if User A sends a message to User B, and if User B has archiving enabled, the MTA delivers two messages — one to User B’s mailbox and one to User B’s archive mailbox. The message received in User B’s mailbox looks normal, as shown in the following example:<br />
<pre>Received: from localhost (localhost.localdomain [127.0.0.1])…<br />
From: userA@example.com<br />
To:userB@example.com<br />
Subject: New License Key<br />
Message-ID: <015f01c717fe$70f042d1$b1d6f61d@thom><br />
Date: Mon, 04 Nov 2008 23:48:18 -0000<br />
<br />
Hi B,<br />
Can you send me the license key for the software again?<br />
Thanks, A</pre><br />
<br />
The message received in User B’s archive mailbox contains additional X-Envelope-From and X-Envelope-To headers. These headers show the real email address the message was sent from and each of the email addresses that the message was sent to.<br />
<pre>Received: from localhost (localhost.localdomain [127.0.0.1])…<br />
From: userA@example.com<br />
To:userB@example.com<br />
Subject: New License Key<br />
Message-ID: <015f01c717fe$70f042d1$b1d6f61d@thom><br />
X-Envelope-From: userA@example.com<br />
X-Envelope-To: userB@example.com<br />
Date: Mon, 04 Nov 2008 23:48:18 -0000<br />
<br />
Hi B,<br />
Can you send me the license key for the software again?<br />
Thanks, A</pre><br />
<br />
Zimbra archiving can be set up to create archiving accounts that are maintained within Zimbra Collaboration or to work with third-party archiving systems using SMTP forwarding to send messages to a third-party archive server. For third-party archiving, Zimbra Collaboration is configured to act as the forwarding agent. <br />
<br />
==How Discovery Works==<br />
The discovery feature of Archiving and Discovery is used to search across live* and archive mailboxes for email messages and attachments. The discovery tool can be run from the administration console and the results are copied to a target mailbox that you specify.<br />
<br />
[[File:Zimbra-discovery-001.png|800px]]<br />
<br />
* A live mailbox is an account on the system other than archive accounts and system accounts.<br />
You can search outgoing and incoming email by '''date, from, to, cc, subject, keywords,''' and '''attachments'''. You can also create queries to search by '''name, dates and time ranges, distribution list, aliases'''.<br />
<br />
===Example of Discovery===<br />
In this example want to search all the messages from usera to userb that are located in the archive mailbox called userb'''DATE'''@'''DOMAIN'''.archive.<br />
<br />
*1.- In the Admin Console go under '''Tools > Search Mail''' (This is the Admin Zimlet that Archive & Discovery includes)<br />
*2.- Click on the '''right settings icon''' and select '''new'''.<br />
*3.- Then you can add the search string by yourself or create a new one doing click in the Advanced tab, adding the parameters that you want like from or to, date, etc.<br />
In this example also select the '''dedicated Archive Mailbox''', and for the target of the search, in this example select admin, and the folder name, you can also restrict the search per account, so you can search only in the userb'''DATE'''@'''DOMAIN'''.archive account, then click in top-right corner '''Run search'''.<br />
<br />
[[File:Zimbra-discovery-002.png|800px]]<br />
<br />
*4.- Search results are placed in a target mailbox. You can organize your search results by creating different target mailboxes or by creating individual folders within a target mailbox for each search you run. X-zimbra-Source header information is added to each message header that is copied to the targeted mailbox. This header label includes the account ID, the account name, and the server that the account resides on.<br />
<br />
You can see the results of the search by logging on to the target mailbox address.<br />
<br />
[[File:Zimbra-discovery-003.png|800px]]<br />
<br />
==Installing the Archiving Package==<br />
You can install the archiving package on an existing single-server deployment or on a multi-server deployment.<br />
If the mailbox server and the MTA server reside on the same node, you configure and enable archiving as a single process. If your mailbox and MTA servers are on separate nodes, the zimbra-archive package is installed first on at least one mailbox server and then the archiving component is enabled on each MTA in the deployment.<br />
<br />
'''Note: zimbra-archive''' (the package/rpm you see from the installer) should be installed on all mailstores which you want to use for cross mailbox search. This also sets the zimbraComponentAvailable archiving config attribute which allows the mta(s) to turn on archiving. zimbra-archive is not installed directly on the mta, it's just enabled.<br />
<br />
===Install Archiving in a Single-Server Environment===<br />
The following scenario assumes that the LDAP, MTA, mailstore and archiving servers are on the same node.<br />
* 1. Refer to the Zimbra Collaboration Single Server Installation Guide to open an SSH connection to the Zimbra Collaboration server. Log on to the server as root and run the ./install.sh command to begin the upgrade process.<br />
* 2. Accept the license agreement and type Yes to run the upgrade.<br />
* 3. Type Yes for zimbra-archiving when presented with the packages to be installed.<br />
The upgrade process begins and the archiving package is installed. At this point, the Discovery feature is installed and can be used.<br />
* 4. To enable archiving, switch user to zimbra and enable archiving on the server.<br />
zmprov ms `zmhostname` +zimbraServiceEnabled archiving<br />
* 5. Restart the server.<br />
zmcontrol restart<br />
<br />
===Install zimbra-archiving in a Multi-Server Environment===<br />
The following upgrade scenario is adding a new server that is dedicated as a archiving server to your Zimbra Collaboration environment.<br />
Before beginning the install process, record the following information. You need this information when you install the archiving server. Run the zmlocalconfig -s command to find the information.<br />
<pre>LDAP Admin Password ____________<br />
LDAP Hostname _____________<br />
LDAP Port _____________</pre><br />
Refer to the Multiple-Server Installation chapter in the Zimbra Collaboration Multi-Server Installation guide for detailed steps on installing the packages.<br />
* 1. Open an SSH connection to the mailbox server that is being configured for archiving. Log on to the server as root and unpack the Zimbra software. Run the ./install.sh command to begin the install process.<br />
* 2. Type y and press Enter to install the following packages:<br />
** zimbra-store<br />
** zimbra-archiving<br />
The zimbra-core package is installed by default.<br />
* 3. Type y and press Enter to modify the system.<br />
* 4. The Main menu displays the default entries for the Zimbra component you are installing. To expand the menu, type x and press Enter.<br />
* 5. Select the Common Configuration menu and configure the LDAP Hostname, LDAP password, and LDAP port.<br />
* 6. Select the zimbra-store menu and configure the Admin password and the License file location.<br />
<br />
Complete the installation process following the steps in the Multi-server Installation guide, under Installing Zimbra Mailbox Server.<br />
<br />
At this point, the Discovery feature is installed and can be used.<br />
<br />
==Manage Archiving From the Administration Console==<br />
===Enable Archiving using the Admin Console===<br />
After Archiving is installed, you can set up archiving and manage it from the Administration Console. Go to the '''Home > Configure > Global Settings > MTA''' page and in the '''Archiving Configuration''' section, check '''Enable archiving'''.<br />
<br />
[[File:Zimbra-archive-002.png|800px]]<br />
<br />
Go now to the MTA server and enable the Service in '''Home > Configure > Servers > MTASERVER > Services'''<br />
<br />
[[File:Zimbra-archive-003.png|800px]]<br />
<br />
* The the mailbox server and the must be restarted. Type:<br />
zmcontrol restart<br />
<br />
===Enable Archiving using the CLI===<br />
To enable Archiving using CLI, switch user to zimbra and enable archiving on the MTA server. <br />
* a. To enable archiving type:<br />
zmprov ms <zmhostname> +zimbraServiceInstalled archiving +zimbraServiceEnabled archiving<br />
* b. The server must be restarted. Type:<br />
zmcontrol restart<br />
<br />
Repeate for each MTA server<br />
<br />
===Trick to see if the Archiving is enabled===<br />
You can see if the Archiving is enabled searching inside the amavis config file '''/opt/zimbra/conf/amavisd.conf''' an seeing if was modified correctly, you should see on the mta: <br />
more /opt/zimbra/conf/amavisd.conf | grep '$archive_quarantine_method'<br />
$archive_quarantine_method = 'smtp:[127.0.0.1]:10025';<br />
<br />
In case that you see '''#$archive_quarantine_method = 'smtp:[127.0.0.1]:10025';''' with the '''#''' icon behind the line, that means that is commented and the Archiving is not enabled in the MTA.<br />
<br />
==Creating a Dedicated Archive COS==<br />
You can configure attributes in the COS to set mailbox features, quotas, and passwords, turn off spam and virus checks, and hide the archive accounts from GAL<br />
* 1. Go to Configure > Class of Service and in the gear icon menu select New.<br />
<br />
[[File:Zimbra-archive-004.png|800px]]<br />
<br />
* 2. Change '''Features''' and '''Preferences''' as required for an Archiving COS. For example:<br />
You can remove all the Features and General Features, except the '''Mail''' and '''Preferences'''.<br />
<br />
[[File:Zimbra-archive-005.png|800px]]<br />
<br />
* 3. If you have a dedicated archive server, in the Server Pool page, deselect the archiver server from the list. In a multi-server deployment with a dedicated archive server, the server should be removed from the COS server pool so that the archive server is not randomly assigned to new accounts.<br />
<br />
For example, in the archive_COS:<br />
<br />
[[File:Zimbra-archive-007.png|800px]]<br />
<br />
But, please remove the dedicated archive server from the other COS, like the default COS, etc, to prevent that regular accounts can be created there:<br />
<br />
[[File:Zimbra-archive-010.png|800px]]<br />
<br />
'''Note:'''<br />
These steps to remove the server from the server pool are not done in a single-server deployment. Creating a dedicated archiving COS is a good idea as this makes it easy to create archive mailboxes that are configured the same.<br />
* 4. Modify the options on the Advanced page if required.<br />
<br />
[[File:Zimbra-archive-008.png|800px]]<br />
<br />
* 5. In the Archiving page, check the Enable archiving box to make this COS an archiving cos.<br />
<br />
[[File:Zimbra-archive-009.png|800px]]<br />
<br />
* 6. If you want to change the format for the naming scheme for archive accounts, modify the two template fields. See the '''Set Up Archive Account Name''' section for more information.<br />
* 7. Click Finish.<br />
<br />
==Set Up Archive Account Name==<br />
You use attributes to create and manage the naming scheme for archive accounts. You can set up these attributes either by COS or by account. For COS, these attributes can be changed from the administration console, COS or individual account’s Archiving page.<br />
* Account date template. Sets the date format used in the name template. The default is yyyyMMdd. Adding the date to the account name makes it easier to roll off older data from the system to backups.<br />
* Account name template. Sets up how the archive mailbox name is created. The default value is ${USER} ${DATE}@${DOMAIN}.archive. The archive account address would be like this example: user-20070510@example.com.archive. If you change the default value, you must use syntax that creates a valid email address. We recommend that you add .archive to all archive accounts to create archive mailboxes in a non-routable domain to prevent spoofing of the archives.<br />
<br />
When the template based on the zimbraArchiveAccountDateTemplate attribute is set up, amavisArchiveQuarantineAccount is updated to the new template name when zmconfigarchive is run.<br />
==Administering the archive server==<br />
The amavisd-new server process controls account archiving as well as antivirus and antispam processes. The zmarchivectl command can be used to start, stop, restart or obtain the status of the amavisd-new server process that controls account archiving. Caution should be taken when starting or stopping the archiving process as it is a shared server process between archiving, antivirus, and antispam processes. Performing actions on any of them affect any of the other services that may be enabled in your deployment.<br />
<br />
If you want to disable archiving and not antivirus, or antispam services, disable the respective service either through the CLI or through the Administration Console.<br />
<br />
==Set Up Archiving for a Users Mailbox==<br />
Four attributes are related to the archive feature for accounts. Two that configure a mailbox and two template attributes to construct the archive account names.<br />
To set up archiving for a mailbox two attributes are configured on the primary user’s mailbox. One attributed enables archiving and the second shows where messages are being archived.<br />
* '''Currently archived to''' — The current archive address. Archiving is to a single account. If this is unset, archiving is not enabled.<br />
* '''Archived accounts''' — Any previous and current archive addresses that this mailbox was archived to. containing all the accounts that have been archived for the given account.<br />
<br />
==Archive Mailboxes==<br />
You can create an archive mailbox with or without an assigned COS. You can also forward archive email to a third-party.<br />
<br />
'''Note:'''<br />
Accounts with archiving enabled are counted against the number of Zimbra licenses purchased for archiving. To see current license information, go to the administration console, Global Settings > License page. Archive mailboxes are listed in the administration console along with the live accounts.<br />
<br />
[[File:Zimbra-archive-011.png|800px]]<br />
<br />
==Create an archive mailbox and assign a COS==<br />
Archive accounts are created based on the Zimbra Archive name templates.<br />
* The attribute zimbraIsSystemResource is added to the archive account and set to TRUE.<br />
* The archive account is displayed in the administration console.<br />
* When a message is received in a mailbox with archiving enabled, a copy of the message is sent to the archive mailbox.<br />
** 1. Log on as zimbra.<br />
** 2. Type <br />
zmarchiveconfig enable <account@example.com> archive-cos <archive><br />
<br />
Then if you return to the Admin Console, you can see the new userb@example.com.archive in the list:<br />
<br />
[[File:Zimbra-archive-013.png|800px]]<br />
<br />
You can go the userB mailbox and click into the Archiving section, and you can see the Archiving feature enabled, and the Mailbox where the emails are redirecting to archiving purposes.<br />
<br />
[[File:Zimbra-archive-012.png|800px]]<br />
<br />
==Create an Archive Mailbox with No COS or Password==<br />
If the archive account is not assigned a COS, the following settings are set by default.<br />
* Mailbox quota is set to 0, unlimited quota.<br />
* Spam and virus checks are disabled.<br />
* Hide in GAL is enabled, so the archive account does not display in the GAL<br />
** 1. Log on as '''zimbra'''<br />
** 2. Type <br />
zmarchiveconfig enable <user@example.com><br />
<br />
==Enable Archive Forwarding to a Third-party Archiving Server==<br />
If the archive account is not maintained within Zimbra Collaboration, you do not need to set a password, COS, or other attributes.<br />
** 1. Log on as '''zimbra'''<br />
** 2. Type <br />
zmarchiveconfig enable <account@example.com> archive-address account-archive@offsiteserver.com archive-create false<br />
<br />
==Searching Across Mailboxes==<br />
When the archiving and discovery feature is installed, you can search across mailboxes either from the administration console or through the command line interface.<br />
<br />
'''Note:'''<br />
You do not need to have any archive mailboxes configured to search across mailboxes, but the Archive package must be installed.<br />
You can assign a user to run the mailbox searches from the administration console by creating a delegated administrator with rights to access the mailbox search tool. <br />
<br />
==Cross Mailbox Search from the Administration Console==<br />
The discovery tool, Search Mail, is added to Tools and Migration on the Navigation pane when the archiving package is added. To set up a cross mailbox search, in Search Mail, go to the gear icon and select New. You configure the following information.<br />
* Server name. The server name to be searched.<br />
* Target mailbox and folders. One target mailbox and folder are created automatically. You can use this mailbox for all your search results and create new folders for each search, or you can create a new target mailbox for each separate search.<br />
A target mailbox is like any other mailbox and can have any features or preferences that are defined by the COS or by account. Target mailboxes are listed in the administration console Accounts list. You might want to give the target mailboxes account names that identifies them as target mailboxes for cross-mailbox searches and configure a COS specific for target mailboxes to be able to manage access.<br />
* Limit the number of messages returned by the search. The default is 500 results.<br />
* You can select to send an email notification when the search is completed. The email notification includes the search task ID and status on the subject line and you can specify the type of information to include in the message, such as the number of messages found, the list of addresses resulting from the search and the search query used.<br />
* Select which mailboxes to search. When you check Select accounts to search, you select which account addresses to search.<br />
* Create the search query. You can search outgoing and incoming email by date, from, to, cc, subject, keywords, and attachments. Advanced can be used to quickly create a query to search by name, dates and time ranges, distribution list, aliases.<br />
<br />
When searching archive messages, you can search by the envelope address using the envfrom and envto query language extensions.<br />
<br />
As the search runs, the Search Mailbox Content pane lists the search and the status. Click Refresh to update this page.<br />
Delete the search task when it is completed because it occupies server memory. When the server is restarted, past searches are deleted.<br />
<br />
When you use the discovery feature in the administration console, the tool makes copies of messages in the target mailbox you create. The messages occupy server space, increasing the size of your server. You might want to delete these messages from the target mailbox when they are no longer needed.<br />
<br />
==Troubleshooting==<br />
===Checking by CLI if the archive is enabled per account===<br />
You can run the next command to see by CLI if a user has enabled the archive, what is the archive mailbox, etc.:<br />
<pre>zmprov ga userb@example.com | grep -i archive<br />
amavisArchiveQuarantineTo: userb-20150604@example.com.archive<br />
zimbraArchiveAccount: userb-20150604@example.com.archive<br />
zimbraArchiveAccountDateTemplate: yyyyMMdd<br />
zimbraArchiveAccountNameTemplate: ${USER}-${DATE}@${DOMAIN}.archive<br />
zimbraArchiveEnabled: TRUE<br />
zimbraZimletAvailableZimlets: +com_zimbra_mailarchive</pre><br />
<br />
The archive account should exist and reference to lmpt instead smtp:<br />
zimbra@zimbra-sn-u14-10:~$ zmprov ga userb-20150604@example.com.archive | grep -i trans<br />
zimbraMailTransport: lmtp:zimbra-sn-u14-11.example.com:7025<br />
<br />
<strong>If Enable Archiving is NOT displayed in the Admin Console > Global Settings > MTA > Archiving Configuration<br><br />
Make sure the com_zimbra_archive extension is installed.</strong><br><br />
<pre><br />
cd /opt/zimbra/zimlets-network<br />
zmzimletctl deploy com_zimbra_archive.zip<br />
zmmailboxdctl restart</pre><br />
<br />
==Known Issues==<br />
===Bug 96467===<br />
[https://bugzilla.zimbra.com/show_bug.cgi?id=96467 '''Bug 96467 - " NO_SUCH_COS " in Web GUI if you try to assign COS to any domain/user''']<br />
===service.UNKNOWN_DOCUMENT Error When Trying Search===<br />
The service.UNKNOWN_DOCUMENT error generally means that there is no handler for specified document. Try redeploying the zimlet, restarting the mailboxd service and let us know how it goes. The xmbxsearch zimlet is located in /opt/zimbra/zimlets-network directory.<br />
su - zimbra<br />
cd /opt/zimbra/zimlets-network<br />
zmzimletctl undeploy zimbra_xmbxsearch.zip<br />
zmzimletctl deploy zimbra_xmbxsearch.zip<br />
zmmailboxdctl restart<br />
<br />
<br />
{{Article Footer|Zimbra Collaboration 8.6, 8.5, 8.0|7/3/2007}}<br />
<br />
[[Category:Archive & Discovery]]<br />
[[Category:ZCS 8.6]]<br />
[[Category:ZCS 8.5]]<br />
[[Category:ZCS 8.0]]</div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=DNS_caching_service_(dnscache)&diff=65005DNS caching service (dnscache)2018-01-18T17:25:03Z<p>Jorge de la Cruz: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=DNS caching service (dnscache)=<br />
{{KB|{{ZC}}|{{ZCS 8.8}}|{{ZCS 8.7}}|{{ZCS 8.6}}|}}<br />
<br />
Starting with Zimbra Collaboration 8.5 and above, there is now a DNS caching service available for installation. It is specifically targeted for MTA nodes, and could be perfect for Single-Server Installations. Three of our supported features are raly heavily on DNS lookups:<br />
* DKIM verification<br />
* SpamAssassin Scoring<br />
* Postfix RBLs for spam blocking <br />
<br />
[[File:Zimbra-dnscache.png|800px]]<br />
<br />
However, remote sites that provide the SpamAssassin scoring and Postfix RBLs do *not* like heavy DNS traffic overloading their servers as DNS-Blocklists often run on the "free for some" model and/or they may limit the number of queries you can perform to maximize resources. <br />
Prolonged over-use of their DNS systems will in fact get your MTAs blacklisted from using those services, severely reducing the effectiveness of said services. <br />
<br />
==How it works==<br />
'''dnscache''' adds into the MTA servers a local DNS cache server that can keep all the external DNS request, using it the MTA server only need to ask one time to obtain the DNS info of the external domains, and the next times instead ask the Public DNS, the MTA will ask itself saving bandwidth and keep the MTA out of be blacklisted for high DNS request traffic.<br />
<br />
==How to enable it==<br />
To ensure you do not have your MTAs blacklisted the DNS caching package is now part of Zimbra Collaboration. General setup:<br />
Answer [Y] to install zimbra-dnscache<br />
When prompted, list the IP(s) of the sites local DNS servers <br />
<br />
The installer will automatically reconfigure the DNS cache as the primary resolver for the OS.<br />
<br />
If you didn't select any DNS server IP, the '''dnscache''' will use the Google DNS by default (8.8.8.8)<br />
<br />
You can start, stop, restart, reload or see the status using the next command like Zimbra user:<br />
/opt/zimbra/bin/zmdnscachectl<br />
<br />
'''NOTE: SHOULD NOT BE INSTALLED ON SYSTEMS THAT ALREADY HAVE BIND OR OTHER DNS SERVICES INSTALLED.''' Instead, the client should configure such servers to also act as a DNS cache. <br />
<br />
===Check the DNSMasterIP===<br />
You can check the DNSMasterIP that your '''dnscache''' is using, you can have more than one:<br />
zmprov getServer `zmhostname` | grep DNSMasterIP<br />
zimbraDNSMasterIP: 8.8.8.8<br />
<br />
===Add a DNSMasterIP===<br />
You can also add more DNSMasterIP anytime if you need it, in case that you add some new internal DNS Server, or if you want to have more than the Google ones, for example:<br />
zmprov ms `zmhostname` +zimbraDNSMasterIP 8.8.8.8<br />
<br />
===Remove a DNSMasterIP===<br />
If you want to remove a DNSMasterIP that was introduced wrong, or because the DNS server is not longer available, etc, run the next command:<br />
zmprov ms `zmhostname` -zimbraDNSMasterIP 8.8.8.8<br />
<br />
==Testing the DNS caching service (dnscache)==<br />
For example, let's try to make a DNS request about mail.google.com:<br />
'''First time once request the DNS''', is taking 62ms because the MTA asks the dnscache, and the dnscache ask the public DNS:<br />
<pre>root@lab1:/home/oper# host -a mail.google.com<br />
Trying "mail.google.com"<br />
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5818<br />
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0<br />
<br />
;; QUESTION SECTION:<br />
;mail.google.com. IN ANY<br />
<br />
;; ANSWER SECTION:<br />
mail.google.com. 21599 IN TXT "google-site-verification=PncXpRKRCAlDAdlesTtNFf6k9TvgxgcRfojdaKkEACY"<br />
mail.google.com. 21599 IN CNAME googlemail.l.google.com.<br />
<br />
Received 141 bytes from 127.0.0.1#53 in 62 ms</pre><br />
'''Second time once request the DNS''', is taking 0ms because the MTA asks the dnscache, and the dnscache have the info already cached, using 0ms not latency, neither bandwidth:<br />
<pre>root@lab1:/home/oper# host -a mail.google.com<br />
Trying "mail.google.com"<br />
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52424<br />
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0<br />
<br />
;; QUESTION SECTION:<br />
;mail.google.com. IN ANY<br />
<br />
;; ANSWER SECTION:<br />
mail.google.com. 21593 IN TXT "google-site-verification=PncXpRKRCAlDAdlesTtNFf6k9TvgxgcRfojdaKkEACY"<br />
mail.google.com. 21593 IN CNAME googlemail.l.google.com.<br />
<br />
Received 141 bytes from 127.0.0.1#53 in 0 ms<br />
</pre><br />
<br />
==Additonal Content==<br />
* See the [https://bugzilla.zimbra.com/show_bug.cgi?id=83670 '''Bug 83670'''] related to this new Feature.<br />
* Want to read more about DNSBlocklists, or how you can have troubles without dnscache? - [https://wiki.apache.org/spamassassin/DnsBlocklists https://wiki.apache.org/spamassassin/DnsBlocklists]<br />
* Using the [https://files.zimbra.com/docs/config-guide/index.html '''Config Guide'''], Zimbra Collaboration added some new attributes for the DNS caching Service:<br />
{| class="wikitable"<br />
! align="left" style="color:white;" bgcolor="#0087c3" |ID<br />
! align="left" style="color:white;" bgcolor="#0087c3" |Name<br />
! align="left" style="color:white;" bgcolor="#0087c3" |Type<br />
! align="left" style="color:white;" bgcolor="#0087c3" |Since<br />
! align="left" style="color:white;" bgcolor="#0087c3" |Description<br />
|-<br />
|'''1569'''<br />
| zimbraDNSMasterIP<br />
| string<br />
| 8.5.0<br />
| IP Address(es) of the root DNS servers to be used by the DNS cache service<br />
|-<br />
| '''1584'''<br />
| zimbraDNSUseTCP<br />
| enum<br />
| 8.5.0<br />
| For zimbra dnscache, whether or not to use TCP. Defaults to yes<br />
|-<br />
| '''1586'''<br />
| zimbraDNSUseUDP<br />
| enum<br />
| 8.5.0<br />
| For zimbra dnscache, whether or not to use UDP. Defaults to yes<br />
|-<br />
| '''1597'''<br />
| zimbraDNSTCPUpstream<br />
| enum<br />
| 8.5.0<br />
| For zimbra dnscache, whether or not to only use TCP when talking to the upstream Master DNS servers. Defaults to no<br />
|} <br />
<br />
==Identified Support Issues==<br />
* No Support issues reported yet.<br />
<br />
{{Article Footer|Zimbra Collaboration Suite 8.5|08/04/2014}}<br />
{{NeedSME|SME1|SME2|Copyeditor}}</div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=Installing_a_RapidSSL_Commercial_Certificate&diff=65004Installing a RapidSSL Commercial Certificate2018-01-18T17:24:46Z<p>Jorge de la Cruz: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Installing a RapidSSL Commercial Certificate=<br />
{{KB|{{ZC}}|{{ZCS 8.8}}|{{ZCS 8.7}}|{{ZCS 8.6}}|}}<br />
<br />
==Purpose==<br />
Step by Step Wiki/KB article to install a RapidSSL Commercial Certificate<br />
<br />
==Resolution==<br />
When you buy a GeoTrust (RapidSSL)SSL certificate, Geotrust will send to you some RapidSSL intermediate CA certificate (usually called IntermediateCA.cer), in case that you miss some of them, here are the links:<br />
* GeoTrust Intermediate Root Certificates for RapidSSL - [https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=INFO1548 https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=INFO1548] Please note that depending of your RSA you need to select between the different options: SHA-1 SSL, SHA-2 (under SHA-1 Root) and SHA-2 (under SHA-2 Root)<br />
* GeoTrust Root Certificates - [https://www.geotrust.com/resources/root-certificates/ https://www.geotrust.com/resources/root-certificates/]<br />
<br />
'''We strongly recommend to use the Intermediate Root Certificates provided from your vendor, and add just the '''Root 2''' Geotrust Global CA at the end.'''<br />
===Example with RSA SHA-2 (under SHA-1 Root) ===<br />
You need to download this two files , in this order:<br />
* '''RapidSSL Intermediate CA Certificates''' - [https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&actp=CROSSLINK&id=SO26457 https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&actp=CROSSLINK&id=SO26457]<br />
* '''Root 2''' - GeoTrust Global CA (.pem format) - [https://www.geotrust.com/resources/root_certificates/certificates/GeoTrust_Global_CA.pem https://www.geotrust.com/resources/root_certificates/certificates/GeoTrust_Global_CA.pem]<br />
<br />
===Preparing the commercial_ca.crt===<br />
Certificates were assembled as follows: <br />
cat [RapidSSL intermediate CA] [GeoTrust Global CA] > commercial_ca.crt <br />
<br />
'''Note''' All the next commands should be run as zimbra user starting ZCS 8.7 and above, and as a root user in ZCS 8.6 and below.<br />
<br />
You will be able to successfully verify the certificate using the following:<br />
/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key mail-cert ./commercial_ca.crt<br />
<br />
Where 'mail-cert' is the certificate that was issued to the server based on the CSR, and "commercial_ca.crt" is the bundle assembled from the RapidSSL intermediate CA certificate and the link above.<br />
<br />
===Deploy the new SSL RapidSSL certificate===<br />
Then deploy the certificate as follows: <br />
/opt/zimbra/bin/zmcertmgr deploycrt comm mail-cert ./commercial_ca.crt<br />
<br />
Then you need to restart the services <br />
zmcontrol restart<br />
<br />
===Common error===<br />
If you see the next error ''error 20 at 0 depth lookup:unable to get local issuer certificate'' like here:<br />
** Verifying 'ssl_certificate.cer' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'<br />
Certificate 'ssl_certificate.cer' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.<br />
** Verifying 'ssl_certificate.cer' against 'commercial_ca2.crt'<br />
ERROR: Unable to validate certificate chain: ssl_certificate.cer: CN = your.domain.com<br />
error 20 at 0 depth lookup:unable to get local issuer certificate<br />
<br />
It means you don't have the proper IntermediateCA and Root file, please refer to the first section of this Wiki, or [https://www.geotrust.com/support/ '''contact GeoTrust'''] in order to them to provide the proper and updated IntermediateCA to you, usually they send a '''IntermediateCA.cer''' file.<br />
<br />
==Additional Content==<br />
* No related content<br />
<br />
{{Article Footer|Zimbra Collaboration 8.6, 8.5, 8.0|11/19/2009}}<br />
{{NeedSME|Jorge|SME2|Copyeditor}}<br />
<br />
[[Category:Certificates]]</div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=Installing_a_Comodo_SSL_Certificate_on_Zimbra_Collaboration&diff=65003Installing a Comodo SSL Certificate on Zimbra Collaboration2018-01-18T17:24:12Z<p>Jorge de la Cruz: /* Using the CLI */</p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
= Installing a Comodo SSL Certificate on Zimbra Collaboration=<br />
{{KB|{{ZC}}|{{ZCS 8.8}}|{{ZCS 8.7}}|{{ZCS 8.6}}|}}<br />
{{WIP}}<br />
=Installing a Comodo SSL Certificate=<br />
Use the article as a guide to installing a Comodo issued SSL certificate with the zmcertmgr tool or the Admin Console. <br />
==Using the CLI==<br />
* 1. Get the bundle from Comodo in crt format, or sometimes like a zip file. Is always good call or write Comodo and obtain the proper Bundle, but you can also download each file from the next URL (SHA2 files) - '''https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/620/1/'''<br />
* 2. Place the bundle on your Zimbra mailbox server. You should receive, or [https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/620/1/ download], the next files:<br />
** AddTrustExternalCARoot.crt<br />
** COMODORSAAddTrustCA.crt<br />
** COMODORSADomainValidationSecureServerCA.crt<br />
** my_domain_com.crt files<br />
<br />
'''Note''' the root and intermediate files may have different names depends of the SSL Certificate, like PositiveSSL, etc.<br />
<br />
'''Note 2''' all the below commands should be run '''as zimbra user starting ZCS 8.7 and above, and as a root user in ZCS 8.6 and below'''.<br />
<br />
* 3. Cat the CA certs to form a single CA certificate chain file<br />
cat AddTrustExternalCARoot.crt COMODORSAAddTrustCA.crt COMODORSADomainValidationSecureServerCA.crt > /tmp/commercial_ca.crt<br />
* 4. Place the SSL certificate in /tmp/commercial.crt. <br />
cp my_domain_com.crt /tmp/commercial.crt<br />
* 5. Check that your SSL certificate, your private key and the Intermediate CA are OK, this step is important and you should not continue if you receive an error here:<br />
<pre>/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /tmp/commercial.crt /tmp/commercial_ca.crt <br />
** Verifying /tmp/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key<br />
Certificate (/tmp/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.<br />
Valid Certificate: /tmp/commercial.crt: OK</pre><br />
* 6. Deploy the commercial certificate with zmcertmgr as the root user.<br />
<pre>/opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/commercial.crt /tmp/commercial_ca.crt <br />
** Verifying /tmp/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key<br />
Certificate (/tmp/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.<br />
Valid Certificate: /tmp/commercial.crt: OK<br />
** Copying /tmp/commercial.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt<br />
** Appending ca chain /tmp/commercial_ca.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt<br />
** Importing certificate /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt to CACERTS as zcs-user-commercial_ca...done.<br />
** NOTE: mailboxd must be restarted in order to use the imported certificate.<br />
** Saving server config key zimbraSSLCertificate...done.<br />
** Saving server config key zimbraSSLPrivateKey...done.<br />
** Installing mta certificate and key...done.<br />
** Installing slapd certificate and key...done.<br />
** Installing proxy certificate and key...done.<br />
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.<br />
** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.<br />
** Installing CA to /opt/zimbra/conf/ca...done.</pre><br />
* 7. Restart the Zimbra Services<br />
zmcontrol restart<br />
<br />
==Using the Admin Console==<br />
Before install the SSL Certificate using the Admin Console, you should generated the CSR before following the steps indicated in the next Wiki:<br />
* [[Administration_Console_and_CLI_Certificate_Tools#Generate_a_valid_CSR_.28Certificate_Signing_Request.29_for_a_Commercial_SSL|Generate a valid CSR (Certificate Signing Request) for a Commercial SSL]]<br />
<br />
You should receive the next files from Comodo:<br />
** AddTrustExternalCARoot.crt<br />
** COMODORSAAddTrustCA.crt<br />
** COMODORSADomainValidationSecureServerCA.crt<br />
** my_domain_com.crt files<br />
<br />
Go to '''Home > Configure > Certificates''' and click in the settings icon, then click on '''Install Certificate'''<br />
<br />
[[File:Zimbra-ssl-adminconsole-001.png|800px]]<br />
<br />
Select the target server where install the SSL Certificate:<br />
<br />
[[File:Zimbra-ssl-adminconsole-002.png|800px]]<br />
<br />
Select the option '''Install the commercial signed certificate'''<br />
<br />
[[File:Zimbra-ssl-adminconsole-007.png|800px]]<br />
<br />
If all the info in the review windows is ok, press Next button<br />
<br />
[[File:Zimbra-ssl-adminconsole-008.png|800px]]<br />
<br />
Add the files one by one that Comodo sent to you, the Certificate, the root, and the CA: <br />
<br />
[[File:Zimbra-ssl-adminconsole-009.png|800px]]<br />
<br />
Select Install button and the SSL Certificate will be installed<br />
<br />
[[File:Zimbra-ssl-adminconsole-010.png|800px]]<br />
<br />
Restart the Zimbra services like zimbra user in a CLI session:<br />
zmcontrol restart<br />
<br />
You can return to the Admin Console and View the installed Certificate<br />
<br />
[[File:Zimbra-ssl-adminconsole-011.png|800px]]<br />
<br />
==Additional Content==<br />
* Community Thread about install a Comodo SSL Certificate - [https://community.zimbra.com/collaboration/f/1886/t/1139599 https://community.zimbra.com/collaboration/f/1886/t/1139599]<br />
<br />
{{Article Footer|Zimbra Collaboration 8.x, 8.0.x, 7.x|9/2/2008}}<br />
{{NeedSME|Jorge|SME2|Copyeditor}}<br />
<br />
[[Category: Certificates]]</div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=Offline_Mode&diff=65002Offline Mode2018-01-18T17:22:18Z<p>Jorge de la Cruz: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
=Offline Mode For Zimbra Collaboration=<br />
{{KB|{{ZC}}|{{ZCS 8.8}}|{{ZCS 8.7}}|{{ZCS 8.6}}|}}<br />
<br />
Zimbra Offline Mode allows you to use the Zimbra Web Client (ZWC) and access your data without network connectivity.<br />
For example, if there is no server connectivity or server connectivity is lost, ZWC automatically transitions to “offline mode”. When server connectivity is restored, ZWC automatically reverts back to “online mode”.<br />
The offline mode uses HTML5, which uses a caching capability that can be considered a super set of the normal browser caching. This feature is enabled by your system administrator. <br />
<br />
==Existing Documentation==<br />
Official User Guide - [https://www.zimbra.com/docs/user_guide/8.6.0/wwhelp/wwhimpl/js/html/wwhelp.htm#href=860_ZWC_userguide.Using_the_Offline_Mode.html https://www.zimbra.com/docs/user_guide/8.6.0/wwhelp/wwhimpl/js/html/wwhelp.htm#href=860_ZWC_userguide.Using_the_Offline_Mode.html]<br />
<br />
==Documentation Project==<br />
===Offline Mode Features and Functionality===<br />
Offline mode features and functionality include:<br />
* No browser plug-ins or extensions are required.<br />
* Uses the same mail URL (for example, https://example.domain.com), which you can browse to even when there is no connection to the server.<br />
*When in online mode and connected to the server, a spinning icon displays in the top right of the screen indicating your data is automatically being synchronized to the server.<br />
* When in offline mode, a disconnected icon displays in the top right of the screen. Any work performed in offline mode is stored in cache, and synchronized with the server when reverted back to online mode.<br />
* Mail, Contacts, Calendar, and Search applications are supported in offline mode. Tabs such as Community, Tasks, Briefcase and Preferences are not available and are disabled from your view. Other features that are not available include shared folders and Zimlets.<br />
* Signing out of ZWC turns off the offline mode setting, and will delete any offline data. If you attempt to sign out, a warning displays informing you of this issue.<br />
<br />
===Enabling or Disabling Offline Mode===<br />
When offline mode is enabled, whenever your machine loses connectivity to the server the ZWC client will automatically switch to offline mode.<br />
If you use another browser or device to access your ZWC account, other than the one in which you enabled offline mode, you must enable offline mode again.<br />
If you do not want to allow offline mode, you can select to disable the feature.<br />
===Enable Offline Mode===<br />
1.In the ZWC, click the dropdown menu next to your name in the upper right of the screen.<br />
<br />
2.Select '''Offline Mode'''.<br />
<br />
[[File:Offline-mode-003.png]]<br />
<br />
3.In the Offline Mode dialog, select '''Allow offline mode''' and click '''OK'''.<br />
<br />
[[File:Offline-mode-004.png]]<br />
<br />
4.Accept the warning that displays asking if you want to reload the application now to enable offline access? Click '''Yes'''.<br />
<br />
[[File:Offline-mode-005.png]]<br />
<br />
'''Note:'''<br />
If you don’t reload the application, offline access is available the next time you sign in.<br />
<br />
5.The application reloads and a sync icon displays in the upper right of the screen. You are now working in offline mode.<br />
<br />
[[File:Offline-mode-006.png]]<br />
<br />
===Selecting How Long to Store Offline Content===<br />
By default, if your machine is in offline mode, the last 30 days of your '''Inbox, Sent, Drafts, and Trash messages''' are stored in cache. They are then synchronized to the server when your machine reverts to online mode. This setting is configurable.<br />
You can select other folders that you want to use for offline access, and the number of days you want your messages to stay in cache. If you do not want your messages to synchronize when reverted back to online mode, select 0.<br />
====Configure Ofline Storage and other Folders====<br />
1.Right click a folder for which you want to configure offline storage.<br />
<br />
2.Select '''Edit Properties'''.<br />
<br />
[[File:Offline-mode-001.png]]<br />
<br />
3.Select the number of days to store messages.<br />
<br />
[[File:Offline-mode-002.png]]<br />
<br />
4.Click '''OK'''.<br />
<br />
===Supported Browsers===<br />
Browsers supported for offline mode include:<br />
* Google Chrome<br />
* Mozilla Firefox<br />
<br />
==Identified Support Issues==<br />
*[https://bugzilla.zimbra.com/show_bug.cgi?id=94118 Bug 94118] '''Visual Element to show what folders are sync'ed for offline and multi-select folder to set offline sync''' <br />
*[https://bugzilla.zimbra.com/show_bug.cgi?id=94116 Bug 94116] '''Offline Mode from ZWC Menu should have On Off or Red Green Light & Pop up about sync settings'''<br />
*[https://bugzilla.zimbra.com/show_bug.cgi?id=90530 Bug 90530] '''HTML5 Offline Mode To Offer TGZ Export Of Local/Cached Acct Data'''<br />
<br />
<br />
{{Article Footer|Zimbra Collaboration Server 8.5|08/4/2014}}</div>Jorge de la Cruzhttps://wiki.zimbra.com/index.php?title=Exchange_Web_Services_EWS&diff=65001Exchange Web Services EWS2018-01-18T17:22:01Z<p>Jorge de la Cruz: </p>
<hr />
<div>{{BC|Certified}}<br />
__FORCETOC__<br />
<div class="col-md-12 ibox-content"><br />
= Exchange Web Services EWS =<br />
{{KB|{{ZC}}|{{ZCS 8.8}}|{{ZCS 8.7}}|{{ZCS 8.6}}|}}<br />
<br />
==EWS Requires the Proxy service installed==<br />
'''Important note:''' EWS only works if you have the Proxy role installed and properly configured. If not, you will not be able to use the EWS feature, as Outlook try to connects for the port 443, more information in the next Bugs:<br />
* https://bugzilla.zimbra.com/show_bug.cgi?id=101362<br />
* https://bugzilla.zimbra.com/show_bug.cgi?id=96355<br />
<br />
Please make sure you have Proxy installed before you try to configure your Outlook Clients in OS X<br />
==EWS Requires A License Key==<br />
<br />
To see if your ZCS server has EWS enabled, you must check from the CLI - see bugs noted below. This is also true for the "Touch client". If you want these features and currently don't have them as a part of your license, please contact your sales agent so you can get a new license issued with these features enabled.<br />
<br />
$ zmlicense -p | egrep -i 'touch|ews'<br />
EwsAccountsLimit=10000<br />
TouchClientsAccountsLimit=10000<br />
<br />
If you needed to get a new license, you should either do the following on your ZCS server or those running the mailstore services, after installing the license to get EWS working:<br />
<br />
zmprov fc license<br />
<br />
Or a full zcs restart :<br />
<br />
zmcontrol restart<br />
<br />
===Bug/RFE's Related To EWS License===<br />
<br />
* License page in admin console doesn't show EWS or Touch licenses <br />
** https://bugzilla.zimbra.com/show_bug.cgi?id=95819<br />
<br />
* Cos/User Features should be disabled if it requires a license key for it and it's currently not available with installed license <br />
** https://bugzilla.zimbra.com/show_bug.cgi?id=95821<br />
<br />
==Existing Documentation==<br />
<br />
* [[Ajcody-Apple-Mac-Issues#Outlook_2011_For_Mac_And_EWS_Setup|Outlook 2011 For Mac And EWS Setup]]<br />
** [[Ajcody-Outlook_2011_For_Mac_And_EWS_Setup|Outlook 2011 Setup With Screen Shots]]<br />
** [[Outlook_2016_For_Mac_And_EWS_Setup|Outlook 2016 Setup With Screen Shots]]<br />
* [[Ajcody-Apple-Mac-Issues#EWS_Configuration_And_ZCS_8.5.2B|EWS Configuration for Contacts.App]]<br />
* [[Ajcody-Apple-Mac-Issues#EWS_-_Exchange_Account_Topics|EWS And Calendar.app]]<br />
* [[Ajcody-Ciphers-Outlook|Mac Outlook 2011 requires 3DES or RC4 ciphers]]<br />
* [[Ajcody-Apple-Mac-Issues#Log_Event_Showing_EWS|EWS Logging]]<br />
<br />
==Documentation Project==<br />
<br />
==Identified Support Issues==<br />
<br />
* [https://bugzilla.zimbra.com/show_bug.cgi?id=97198 Bug#97198] Reproducible crash in OS X Mail.app<br />
* <strike>[https://bugzilla.zimbra.com/show_bug.cgi?id=94779 Bug#94779] Zimbra EWS crashes Mail on OS X Yosemite</strike><br />
<br />
{{Article Footer|Zimbra Collaboration Suite 8.5|08/4/2014}}</div>Jorge de la Cruz