Difference between revisions of "Ajcody-Notes"

(Apple/Mac Issues)
Line 1: Line 1:
=General Notes=
+
<small>''This page holds a Table of Contents of all my pages but each main Subject is an actual link to another page. I'm hoping this gives the best of both worlds. One long page with all topics as well as pages that contain details to a specific subject.''
==Dos/Unix New Lines (License issues)==
 
vi file and then
 
 
 
:set list
 
 
 
Confirm your not getting the ^M characters at the end.
 
 
 
==Zimbra Variables==
 
 
 
Ways to check on different zimbra variables.
 
 
 
su - zimbra
 
zmlocalconfig -i
 
zmlocalconfig -d
 
cd /opt/zimbra/conf/attrs
 
more zimbra-attrs.xml
 
cd /opt/zimbra/openldap/etc/openldap/schema/
 
more zimbra.schema
 
 
 
==Zimbra Contact Fields For CSV Import Mapping==
 
 
 
Please see /opt/zimbra/conf/zimbra-contact-fields.xml
 
 
 
This will show you what "fields" Zimbra is looking for and mapping to in regards to importing from other applications contact csv files.
 
 
 
==What's My Server Like==
 
To dump out your server details, these commands are useful.
 
 
 
zmprov gs yourdomainname
 
zmprov gacf
 
zmlocalconfig
 
zmdumpenv
 
 
 
Another good document to review for "odd performance" issues is the large server wiki.
 
 
 
http://wiki.zimbra.com/index.php?title=Performance_Tuning_Guidelines_for_Large_Deployments
 
 
 
==Restarting Jetty - ZCS 5+==
 
 
 
As zimbra
 
 
 
zmmailboxdctl restart
 
 
 
==Get Version From Ajax Client==
 
 
 
Put the below in the search field of the Ajax client:
 
 
 
$set:get
 
 
 
==What's Compiled With Postfix==
 
 
 
Do the following (return is from my test box):
 
 
 
postconf -m
 
btree
 
cidr
 
environ
 
hash
 
ldap
 
mysql
 
pcre
 
proxy
 
regexp
 
static
 
unix
 
 
 
=Logging=
 
==Server==
 
===What's up with all the logs?===
 
 
 
Logging page resources:
 
 
 
http://www.zimbra.com/docs/ne/latest/administration_guide/9_Monitoring.14.1.html
 
 
 
http://wiki.zimbra.com/index.php?title=Server_Monitoring
 
 
 
http://wiki.zimbra.com/index.php?title=Monitoring_Zimbra_Servers
 
 
 
http://wiki.zimbra.com/index.php?title=Log_Files
 
 
 
http://wiki.zimbra.com/index.php?title=Unresponsive_Server_Troubleshooting
 
 
 
====The Bread And Butter Logs====
 
 
 
/opt/zimbra/log/mailbox.log - This log is a mailboxd log4j server log containing the logs from the mailbox server. This includes the mailbox store, LMTP server, IMAP and POP servers, and Index server.
 
 
 
/opt/zimbra/log/zmmailbox.out - Mailstore not coming up and nothing is being logged in mailbox.log, check here for errors.
 
 
 
/var/log/zimbra.log - The Zimbra syslog details the activities of the Zimbra MTA (Postfix, amavisd, antispam, antivirus), Logger, Authentication (cyrus-sasl), and Directory (OpenLDAP). By default LDAP activity is logged to Zimbra.log.
 
 
 
/opt/zimbra/db/data/YOURHOSTNAME.err - This is the message store database error log.
 
 
 
/var/log/messages
 
 
 
===Logging Increase===
 
 
 
Depending on the ZCS version the below will clear all the per account loggers on zimbra reboot. IMAP is used for these examples.
 
 
 
zmprov aal user@domain.com zimbra.imap debug
 
 
 
zmprov ral user@domain.com zimbra.imap
 
 
 
If you want to do it globally edit /opt/zimbra/conf/log4j.properties.in (add a line at the end that's similar but like log4j.logger.zimbra.imap=DEBUG). No restart of any service is needed.
 
 
 
====Log4J Variables====
 
 
 
"zimbra.misc" logger. For all events that don't have a specific-catagory.
 
   
 
"zimbra.index" logger. For indexing-related events.
 
   
 
"zimbra.index.lucene" logger. For logging of low-level lucene operations (debug-level only)
 
   
 
"zimbra.searchstat" logger.  For logging statistics about what kinds of searches are run
 
   
 
"zimbra.redolog" logger. For redolog-releated events.
 
   
 
"zimbra.lmtp" logger. For LMTP-related events.
 
   
 
"zimbra.smtp" logger. For SMTP-related events.
 
   
 
"zimbra.nio" logger. For NIO-related events.
 
   
 
"zimbra.imap" logger. For IMAP-related events.
 
   
 
"zimbra.imap" logger. For POP-related events.
 
   
 
"zimbra.mailbox" logger. For mailbox-related events.
 
   
 
"zimbra.calendar" logger. For calendar-related events.
 
   
 
"zimbra.im" logger. For instant messaging-related events.
 
   
 
"zimbra.account" logger. For account-related events.
 
   
 
"zimbra.gal" logger. For account-related events.
 
   
 
"zimbra.ldap" logger. For ldap-related events.
 
   
 
"zimbra.security" logger. For security-related events
 
 
 
"zimbra.soap" logger. For soap-related events
 
   
 
"zimbra.test" logger. For testing-related events
 
   
 
"zimbra.sqltrace" logger. For tracing SQL statements sent to the database
 
   
 
"zimbra.dbconn" logger. For tracing database connections
 
   
 
"zimbra.perf" logger. For logging performance statistics
 
   
 
"zimbra.cache" logger. For tracing object cache activity
 
   
 
"zimbra.filter" logger. For filter-related logs.
 
   
 
"zimbra.session" logger. For session- and notification-related logs.
 
   
 
"zimbra.backup" logger. For backup/restore-related logs.
 
   
 
"zimbra.system" logger. For startup/shutdown and other related logs.
 
   
 
"zimbra.sync" logger. For sync client interface logs.
 
   
 
"zimbra.synctrace" logger. For sync client interface logs.
 
   
 
"zimbra.syncstate" logger. For sync client interface logs.
 
   
 
"zimbra.wbxml" logger. For wbxml client interface logs.
 
   
 
"zimbra.extensions" logger. For logging extension loading related info.
 
   
 
"zimbra.zimlet" logger. For logging zimlet related info.
 
   
 
"zimbra.wiki" logger. For wiki and document sharing.
 
   
 
"zimbra.op" logger. Logs server operations
 
   
 
"zimbra.dav" logger. Logs dav operations
 
   
 
"zimbra.io" logger.  Logs file IO operations.
 
   
 
"zimbra.datasource" logger.  Logs data source operations.
 
   
 
remote management.
 
   
 
public static final Log rmgmt = LogFactory.getLog("zimbra.rmgmt");
 
   
 
"zimbra.webclient" logger. Logs ZimbraWebClient servlet and jsp operations.
 
   
 
"zimbra.scheduler" logger.  Logs scheduled task operations.
 
   
 
"zimbra.store" logger.  Logs filesystem storage operations.
 
   
 
"zimbra.fb" logger.  Logs free/busy operations.
 
   
 
"zimbra.purge" logger.  Logs mailbox purge operations.
 
   
 
"zimbra.mailop" logger.  Logs changes to items in the mailbox.
 
 
 
==Web Client Logging==
 
==Debug (SOAP) via Browser==
 
 
 
See http://wiki.zimbra.com/index.php?title=Web_Client_URL_Tricks&redirect=no
 
 
 
=User Management Topics=
 
 
 
==User , Mailbox ID's, And Who Is What==
 
 
 
ZimbraID [UserID] is system wide.
 
 
 
MailboxID is per server store.
 
 
 
To get the ZimbraID:
 
 
 
$ zmprov ga user@domain.com | grep -i zimbraid
 
zimbraId: aeca260b-6faf-4cfe-b407-7673748aabf4
 
zimbraIdentityMaxNumEntries: 20
 
 
 
To get the MailboxID, get on the appropriate mailserver and:
 
 
 
zmprov gmi user@domain.com
 
mailboxId: 3
 
quotaUsed: 251512
 
 
 
or globally:
 
 
 
/opt/zimbra/bin/mysql -e "use zimbra; select id from mailbox where account_id = 'UserID HERE including the leading 0'"
 
 
 
Other details can be found here:
 
 
 
http://wiki.zimbra.com/index.php?title=Account_mailbox_database_structure
 
 
 
==Account & Domain Summary==
 
 
 
Run zmaccts
 
 
 
Here's what it would return:
 
 
 
su - zimbra
 
[zimbra@mail3 ~]$ zmaccts
 
            account                          status            created      last logon
 
------------------------------------  -----------    ---------------  ---------------
 
admin@mail3.internal.homeunix.com          active      05/06/08 18:46  07/08/08 09:56
 
ajcody@mail3.internal.homeunix.com          active      05/06/08 20:43  06/23/08 15:48
 
ajcody2@mail3.internal.homeunix.com        active      05/28/08 11:48  06/30/08 17:44
 
forward@mail3.internal.homeunix.com        active      05/06/08 21:06  05/29/08 17:24
 
ham.bidiob2mm@mail3.internal.homeuni        active      05/06/08 18:47            never
 
spam.rormmtcyy@mail3.internal.homeun        active      05/06/08 18:47            never
 
wiki@mail3.internal.homeunix.com            active      05/06/08 18:46            never
 
            account                          status            created      last logon
 
------------------------------------  -----------    ---------------  ---------------
 
secondary@secondary.internal.homeuni        active      06/23/08 15:26  06/23/08 15:27
 
wiki@secondary.internal.homeunix.com        active      06/23/08 15:25            never
 
-
 
                                domain summary
 
-
 
    domain                  active    closed    locked    maintenance    total
 
-----------------------  --------  --------  --------  -------------  --------
 
mail3.internal.homeunix          7        0        0              0        7
 
secondary.internal.home          2        0        0              0        2
 
 
 
==Zmmailbox Stuff==
 
===Remove All Shares===
 
 
 
Here's a script I wrote. Remove the echo statements to actually run the commands.
 
  
 +
''Done by way of putting something like this on this page:''
 
<pre>
 
<pre>
#!/bin/bash
+
{{:Ajcody-Apple-Mac-Issues}}
USER="ajcody@mail3.internal.homeunix.com"
 
SHARE="/Shared"
 
GETPERM="zmmailbox -z -m $USER gfg $SHARE"
 
MODPERM="zmmailbox -z -m $USER mfg $SHARE"
 
DUMBPASS="34lkoso"
 
NEWPERM=none
 
 
 
$GETPERM | egrep -i 'all|guest|public|accoun|domain|group' | gawk '{print $2 " " $3}' | while read SHAREPERM
 
do
 
TYPE=`echo $SHAREPERM|awk '{print $1}'`
 
DISPLAY=`echo $SHAREPERM|awk '{print $2}'`
 
 
 
case $TYPE in
 
        accoun) echo $MODPERM account $DISPLAY $NEWPERM
 
        ;;
 
        guest) echo $MODPERM $TYPE $DISPLAY $DUMBPASS $NEWPERM
 
        ;;
 
        all) echo $MODPERM $TYPE $NEWPERM
 
        ;;
 
        *) echo $MODPERM $SHAREPERM $NEWPERM
 
        ;;
 
        esac
 
done
 
 
</pre>
 
</pre>
  
Ouput of an example:
+
''And on the target page:''
 
<pre>
 
<pre>
[zimbra@mail3 ~]$  zmmailbox -z -m ajcody@mail3.internal.homeunix.com gfg /Shared
+
===Actual Apple/Mac Issues Homepage===
Permissions    Type  Display
 
-----------  ------  -------
 
          r    all
 
          r  guest  ajcody@digitalhandshakes.com
 
          r  accoun  admin@mail3.internal.homeunix.com
 
          r  group  mydl@mail3.internal.homeunix.com
 
          r  domain  mail3.internal.homeunix.com
 
[zimbra@mail3 ~]$ /tmp/remove-share.sh
 
zmmailbox -z -m ajcody@mail3.internal.homeunix.com mfg /Shared all none
 
zmmailbox -z -m ajcody@mail3.internal.homeunix.com mfg /Shared guest ajcody@digitalhandshakes.com 34lkoso none
 
zmmailbox -z -m ajcody@mail3.internal.homeunix.com mfg /Shared account admin@mail3.internal.homeunix.com none
 
zmmailbox -z -m ajcody@mail3.internal.homeunix.com mfg /Shared group mydl@mail3.internal.homeunix.com none
 
zmmailbox -z -m ajcody@mail3.internal.homeunix.com mfg /Shared domain mail3.internal.homeunix.com none
 
</pre>
 
  
I then removed the echo statements:
+
Please see [[Ajcody-Apple-Mac-Issues]]
<pre>
 
[zimbra@mail3 ~]$ vi /tmp/remove-share.sh
 
[zimbra@mail3 ~]$ /tmp/remove-share.sh
 
[zimbra@mail3 ~]$  zmmailbox -z -m ajcody@mail3.internal.homeunix.com gfg /Shared
 
Permissions    Type  Display
 
-----------  ------  -------
 
[zimbra@mail3 ~]$
 
 
</pre>
 
</pre>
  
=Server Topics=
+
''Enjoy, Adam''</small>
 
 
==Server Move==
 
 
 
Please see:
 
 
 
http://wiki.zimbra.com/index.php?title=Ajcody-Notes-ServerMove
 
 
 
==Backup Plans And Cheap HA/DR Secondary Server==
 
 
 
Please see:
 
 
 
http://wiki.zimbra.com/index.php?title=Ajcody-Notes-BackupPlans
 
 
 
==Hostname resolution issues and testing commands==
 
Allot of failed installs are because administrators are skipping the steps to make sure resolution is working.
 
 
 
Check your /etc/hosts file. You should have the localhost similar to the one below. Your ZCS server name should be replaced with the zimbra.test.com and zimbra fields. The IP address should be the IP address bound to the network interface [ip addr or ifconfig -a to confirm].
 
 
127.0.0.1 localhost.localdomain localhost
 
192.168.0.1 zimbra.test.com        zimbra
 
 
 
If your ZCS server is behind a firewall or is being NAT&#39;d. Make sure that resolution for the hostname on the ZCS server returns the internal IP information rather than the external IP. To test:
 
 
 
hostname -f
 
zimbra.test.com
 
 
 
or
 
 
 
domainname -f
 
zimbra.test.com
 
 
 
As long as one of the above returns the full hostname, use the command for the following. The MX lookups depend on how you are doing your mail domain and server hostname.
 
 
 
host `hostname -f`
 
  zimbra.test.com has address 192.168.0.1
 
host -t MX `domainname -f`
 
  zimbra.test.com mail is handled by 10 zimbra.test.com.
 
host -t MX `domainname -d`
 
    test.com mail is handled by 10 zimbra.test.com.
 
 
 
You should also have reverse records (PTR) as well. Replace 192.168.0.1 using your internal ip address, it should return something like:
 
 
 
host 192.168.0.1
 
1.0.168.192.in-addr.arpa domain name pointer zimbra.test.com
 
 
 
Please review wiki page on split-DNS :
 
 
 
http://wiki.zimbra.com/index.php?title=Split_DNS
 
 
 
and also the variable use of lmtp_host_lookup .
 
 
 
http://bugzilla.zimbra.com/show_bug.cgi?id=27988
 
 
 
==What's my time and timezone?==
 
I wrote up the steps to make sure the ZCS server is using the correct time and timezone here:
 
 
 
http://wiki.zimbra.com/index.php?title=Time_Zones_in_ZCS#The_server_OS
 
 
 
==Disable LDAP Replica==
 
This is a work in progress, please don&#39;t use for production servers at this time.
 
 
 
References:
 
 
 
http://wiki.zimbra.com/index.php?title=Promoting_Replica_to_LDAP_Master
 
 
 
http://www.zimbra.com/docs/os/latest/multi_server_install/LDAP%20Replication.6.1.html
 
 
 
For each server that you want to change:
 
 
 
Stop the Zimbra services on the server, zmcontrol stop.
 
 
 
Check the existing ldap_url value.
 
 
 
zmlocalconfig | grep ldap_url
 
 
 
Update the ldap_url value. Remove the replica LDAP server URL, below assumes you only had one replica.
 
 
 
zmlocalconfig -e ldap_url=”ldap:// ”
 
 
 
If other replica&#39;s exist, then the list typed is like:
 
zmlocalconfig -e ldap_url=”ldap:// ldap:// ldap:// ”
 
 
 
The hosts are tried in the order listed. The master URL must always be included and is listed last.
 
 
 
Additional Steps for MTA hosts.
 
 
 
After updating the ldap_url, rerun /opt/zimbra/libexe/zmmtainit. This rewrites the Postfix configuration with the updated ldap_url.
 
 
 
To stop the ldap service running on the ldap replica server.
 
 
 
su - zimbra
 
ldap stop
 
 
 
To now disable ldap from running on the old ldap replica. The - in front of zimbraServiceEnabled is [off], rather than a + for [on].
 
 
 
zmprov ms  -- -zimbraServiceEnabled ldap
 
 
 
==Public Service Hostname==
 
variable is zimbraPublicServiceHostname , as referenced in /opt/zimbra/openldap/etc/openldap/schema/zimbra.schema
 
 
 
Bugs about the url&#39;s for shares that use spaces (%20), the redirection drops the %20
 
 
 
http://bugzilla.zimbra.com/show_bug.cgi?id=27788
 
 
 
http://bugzilla.zimbra.com/show_bug.cgi?id=27477
 
 
 
==Domain Rename Issues==
 
 
We have a command to rename a "domain" and the resources within it - unfortunately it doesn't handle ALL of the different components for various reasons. Specifically Documents and Calendars [more down below].
 
 
 
Review this RFE that was done when they implemented the renameDomain command.
 
 
 
http://bugzilla.zimbra.com/show_bug.cgi?id=7655
 
 
Note comment 21 & 22 (confirming what QA'd). The syntax is
 
 
zmprov -l rd testold.com testnew.com
 
 
 
Problems that arise with Documents are explained here, comment #1 has workaround.
 
 
 
http://bugzilla.zimbra.com/show_bug.cgi?id=25873
 
 
Now, the very unfortunate part about calendars with a domainname change/move.
 
 
 
"Ability to change a username globally on all appointments"
 
 
 
http://bugzilla.zimbra.com/show_bug.cgi?id=26736
 
 
 
"Cant edit calendar entries after renameDomain"
 
 
 
http://bugzilla.zimbra.com/show_bug.cgi?id=27707
 
 
 
The root issue here's seems to be more about the calendar standards and practices with the use of the "Organizer" field and notifications. You'll see 3 "work arounds" in comment 2 of bug 26736.
 
 
 
Export/Importing of the calendar data is shown here:
 
 
 
http://wiki.zimbra.com/index.php?title=User_Migration
 
 
 
This part specifically :
 
 
 
http://wiki.zimbra.com/index.php?title=User_Migration#Copy_Calendar_From_One_Zimbra_User_to_Another
 
 
 
==My Gal & LDAP Settings For A Domain==
 
 
 
To see your setting, do the following - replacing with domainname with the domain in question.
 
 
 
zmprov gd domainname | egrep -i 'ldap|gal'
 
 
 
==Zimlets==
 
 
 
===Location Of Zimlets===
 
Zimlets should be already located on the zimbra server in one of these directories:
 
 
 
/opt/zimbra/zimlets/
 
/opt/zimbra/zimlets-admin-extra/
 
/opt/zimbra/zimlets-extra/
 
/opt/zimbra/zimlets-experimental/
 
/opt/zimbra/zimlets-network/
 
 
 
===How To Deploy Zimlets===
 
 
 
To deploy a zimlet, simply cd to the directory where the zimlet is located and issue this command:
 
 
 
/opt/zimbra/bin/zmzimletctl deploy <zimlet_name>
 
 
 
==Archive & Discovery==
 
 
 
===References for A&D===
 
The two main A&D references are :
 
 
 
http://wiki.zimbra.com/index.php?title=ZAD
 
 
 
http://www.zimbra.com/pdf/Zimbra%20Archiving%20and%20Discovery%20Release%20Notes.pdf
 
 
 
===Multi-Server & New Mailstore A&D setup===
 
See below for a very rough draft document I made for multi-server / new mailstore A&D setups.
 
 
 
http://wiki.zimbra.com/index.php?title=Ajcody-Notes-AD-mailstore
 
 
 
I also created a RFE for documentation on this.
 
 
 
http://bugzilla.zimbra.com/show_bug.cgi?id=25135
 
 
 
==Finding The NO_SUCH_BLOB Errors==
 
 
 
It would be good to review this wiki page before you start any "changes":
 
 
 
http://wiki.zimbra.com/index.php?title=Account_mailbox_database_structure
 
 
 
And great forum posting:
 
 
 
http://www.zimbra.com/forums/administrators/19811-solved-missing-blob-errors-zimbra-4-5-10-a.html
 
 
 
If you recently did a server move or similar type of operation, make sure zimbra:zimbra permissions are applied correctly to store directory. You could run the following to double check permissions (as root):
 
 
 
/opt/zimbra/libexec/zmfixperms --verbose --extended
 
 
 
And down and dirty way to see what mailboxes have this error:
 
 
 
grep -B2 NO_SUCH_BLOB /opt/zimbra/log/mailbox.lo* |grep mailbox= |sed -r 's/.*mailbox=([0-9]*).*$/\1/' |sort -u
 
 
 
On 5.0.6+ there's a script in /opt/zimbra/bin called zmblobchk . This will list out information about the NO_SUCH_BLOB errors.
 
 
 
On pre-5.0.6 systems, ask support for zmblobchk.jar file. To run it:
 
 
 
su - zimbra
 
ls /opt/zimbra/zmblobchk.jar
 
  zmblobchk.jar
 
java -jar zmblobchk.jar
 
Retrieving volume information
 
Retrieving mboxgroup list
 
Spooling item list to /tmp/mailitems53650.lst
 
Retrieving items from mboxgroup1
 
Retrieving items from mboxgroup2
 
Retrieving items from mboxgroup3
 
Retrieving items from mboxgroup4
 
Retrieving items from mboxgroup5
 
Retrieving items from mboxgroup6
 
Retrieving items from mboxgroup7
 
Retrieving items from mboxgroup8
 
Retrieving items from mboxgroup9
 
Retrieving items from mboxgroup10
 
/
 
Processing BLOB store
 
-
 
/tmp/mailitems53650.lst: size 28141
 
Processed 329 items in 1223ms
 
No inconsistencies found
 
 
 
If the "Processing BLOB store" part errors out with Java out of memory, you could try adjusting the variable for it. The default is set to 30%. This would require a mailstore/jetty restart though [zmmailboxdctl restart]. If the mailstore doesn't come back up, check /opt/zimbra/log/zmmailbox.log - you most likely exceeded the threshold for your box. Remember, this is a percentage and a 32bit machine with more than 4GB can cause issues with this setting since it could try to allocate more than it actually can to the thread.
 
 
 
# ZCS 5.0 and later
 
$ zmlocalconfig -e mailboxd_java_heap_memory_percent=40
 
 
 
And zmmailboxdctl restart when it's appropriate.
 
 
 
===BLOB Issue Script===
 
 
 
I've commented out the two delete lines and also the "$msghash &= $fmask;" one.
 
 
 
If you're using HSM, this script isn't smart enough to detect it.  It will flag and remove entries that are in the HSM store becuase it doesn't see them in the primary store.
 
 
 
Comment from other support staff member on a case that used this.
 
 
 
''Once you've gotten a list of the 'NOT OK' files generated by this tool, '''you'll want to check the store directories to see if the message blobs exist with an incorrect change number.  That's the second number in the filename.  If the first number matches the ID it's looking for but the second does not, you can rename the file to the new change number and get the message blob back without losing data.''' If not, then the blob is completely missing.  If that's the case,  we should try to figure out what happened to it by going through the mailbox.log files.  You should be able to grep for the missing message ID and the user's account ID to find a log entry showing something happening to it.  It's possible it was deleted and the deletion was never written to mysql for some reason.''
 
 
 
<pre>
 
#!/usr/bin/perl
 
 
 
# This script compatible with Zimbra version 4.5.x only.  Do not use with any other version.
 
# OK, there's 2 MAILBOX_*_BITS values in the VOLUME table.
 
# Take the mailbox ID, right-shift it by MAILBOX_BITS, and take the lowest MAILBOX_GROUP_BITS of the result.
 
# That's your mailbox hash.
 
# Take the message ID, right-shift it by FILE_BITS, and take the lowest FILE_GROUP_BITS of the result.  That's your msgid hash.
 
# I think.
 
# <mbx-hash>/<mbx-id>/msg/<msgid-hash>/<msgid>-<mod_content>.msg
 
 
 
my ($fbits, $fgbits, $mbits, $mgbits, $basepath) = split (' ',`echo "select file_bits,file_group_bits,mailbox_bits,mailbox_group_bits,path from volume where type='1'" | mysql -N zimbra`);
 
my $ARGV = shift @ARGV;
 
 
 
chomp $basepath;
 
 
 
my $mbmask = sprintf "1" x $mgbits;
 
my $fmask = sprintf "1" x $fgbits;
 
 
 
foreach (`echo "select id, group_id, account_id, comment from mailbox where comment = '$ARGV'" | mysql -N zimbra`) {
 
chomp;
 
my $path = "$basepath/";
 
my ($id, $grid, $aid, $nm) = (split);
 
my $mbhash = $id >> $mbits;
 
$mbhash &= $mbmask;
 
$path .= $mbhash."/".$id."/msg/";
 
foreach my $msgstuff (`echo "select id, mod_content, type from mail_item where blob_digest is not null and mailbox_id=${id};" | mysql -N mboxgroup${grid}`) {
 
chomp $msgstuff;
 
if ($msgstuff eq "") {next;}
 
my ($msgid, $modContent, $type) = split (' ',$msgstuff);
 
my $msghash = $msgid >> $fbits;
 
# $msghash &= $fmask;
 
my $nm = $msgid;
 
if ($modContent) {$nm .= "-$modContent";}
 
my $npath = $path.$msghash."/".$nm.".msg";
 
if (-e $npath) {print $npath."\t\tOK\n";}
 
else {
 
  print $npath."\t\tNOT OK\n";
 
  # not ok, remove the entry from the database so it is not a nuisance
 
  print "Delete from mail_item where MSGID is ${msgid} and MAILBOXID is ${id} \n";
 
  print "Uncomment line below me in script to have me delete. \n";
 
#   `echo "delete from mail_item where id=${msgid} and mailbox_id=${id}" | mysql -N mboxgroup${grid}`;
 
  if ($type eq "11") {
 
      print "Delete from appointment where MSGID is ${msgid} and MAILBOX_ID is ${id} \n";
 
      print "Uncomment line below me in script to have me delete. \n";
 
#              `echo "delete from appointment where item_id=${msgid} and mailbox_id=${id}" | mysql -N mboxgroup${grid}`;
 
  }
 
}
 
# print $npath."\n";
 
}
 
}
 
</pre>
 
 
 
If this doesn't run, make sure perl is installed and in the correct path.
 
 
 
You run this as the zimbra user.
 
 
 
What I did was the following.
 
 
 
Copied the script to /opt/zimbra/bin/ as root and called it blob-check.pl . chmod +x /opt/zimbra/bin/blob-check.pl
 
 
 
su - zimbra
 
mkdir /tmp/BLOB-CHECKS
 
for i in `zmprov gaa`; do blob-check.pl $i | grep "NOT OK" >> /tmp/BLOB-CHECKS/$i.txt; done
 
ls -la /tmp/BLOB-CHECKS
 
 
 
The ls will help identify the more troubled accounts. You'll end up with something like this:
 
 
 
[zimbra@mail3 ~]$ ls -la /tmp/BLOB-CHECKS/
 
total 16
 
drwxr-x--- 2 zimbra zimbra 4096 Jul 10 23:40 .
 
drwxrwxrwt 8 root  root  4096 Jul 10 23:46 ..
 
-rw-r----- 1 zimbra zimbra    0 Jul 10 23:40 admin@mail3.internal.homeunix.com.txt
 
-rw-r----- 1 zimbra zimbra    0 Jul 10 23:40 ajcody2@mail3.internal.homeunix.com.txt
 
-rw-r----- 1 zimbra zimbra  49 Jul 10 23:40 ajcody@mail3.internal.homeunix.com.txt
 
-rw-r----- 1 zimbra zimbra    0 Jul 10 23:40 forward@mail3.internal.homeunix.com.txt
 
-rw-r----- 1 zimbra zimbra    0 Jul 10 23:40 ham.bidiob2mm@mail3.internal.homeunix.com.txt
 
-rw-r----- 1 zimbra zimbra    0 Jul 10 23:40 secondary@secondary.internal.homeunix.com.txt
 
-rw-r----- 1 zimbra zimbra    0 Jul 10 23:40 spam.rormmtcyy@mail3.internal.homeunix.com.txt
 
-rw-r----- 1 zimbra zimbra    0 Jul 10 23:40 wiki@mail3.internal.homeunix.com.txt
 
-rw-r----- 1 zimbra zimbra    0 Jul 10 23:40 wiki@secondary.internal.homeunix.com.txt
 
 
 
And the output of one that shows some size:
 
 
 
$ cat /tmp/BLOB-CHECKS/ajcody@mail3.internal.homeunix.com.txt
 
/opt/zimbra/store/0/3/msg/0/360-6070.msg NOT OK
 
 
 
Remember this from above, "'''you'll want to check the store directories to see if the message blobs exist with an incorrect change number.  That's the second number in the filename.  If the first number matches the ID it's looking for but the second does not, you can rename the file to the new change number and get the message blob back without losing data.'''"
 
 
 
One can uncomment the 2 lines in the script with delete and run the script again. This will remove the reference to the blob.
 
 
 
To re-index the users mailbox [this can take start, cancel, status]:
 
 
 
zmprov rim user@domainname start
 
 
 
Running the script again shouldn't show "NOT OK" lines.
 
 
 
FYI - I still need to gather more information about this situation and how to guide one to make a decision to delete, re-index, and so forth.
 
 
 
====BLOB Script To Copy From Restore====
 
 
 
You might need to use these variables with the restore command. I need to find a way for someone to figure out what restore to goto for a particular blob:
 
 
 
-restoreToTime <arg> - Replay the redo logs until the time specified.
 
 
-restoreToIncreLabel <arg> - Replay redo logs up to and including this incremental backup.
 
 
-restoreToRedoSeq <arg> - Replay up to and including this redo log sequence
 
 
-br - Replays the redo logs in backup only, which excludes archived and current redo logs of the system.
 
 
-rf - Restores to the full backup only, does not include any incremental backups since that backup
 
 
 
This is a walk through to test the proceedure.
 
 
 
$ zmrestore -ca -a ajcody@mail3.internal.homeunix.com -pre restored-
 
$ zmprov gmi restored-ajcody@mail3.internal.homeunix.com
 
mailboxId: 12
 
quotaUsed: 251513
 
$ zmprov gmi ajcody@mail3.internal.homeunix.com
 
mailboxId: 3
 
quotaUsed: 251512
 
$ diff /opt/zimbra/store/0/12/msg/0/257-25.msg /opt/zimbra/store/0/3/msg/0/257-25.msg
 
$ rm /opt/zimbra/store/0/3/msg/0/257-25.msg
 
rm: remove regular file `/opt/zimbra/store/0/3/msg/0/257-25.msg'? y
 
$ cp /opt/zimbra/store/0/12/msg/0/257-25.msg /opt/zimbra/store/0/3/msg/0/257-25.msg
 
$ grep Subject /opt/zimbra/store/0/3/msg/0/257-25.msg
 
Log into main account and confirm I can see/use that mail.
 
 
 
The script to look at the blob-check.pl output and do the copies after a redirected restore is here:
 
 
 
<pre>
 
#!/bin/bash
 
 
 
#START OF VARIABLES#
 
#CHANGEME to existing user account
 
USER=ajcody@mail3.internal.homeunix.com
 
 
 
#CHANGEME to the restored account name
 
# zmrestore -ca -a ajcody@mail3.internal.homeunix.com -pre restored-
 
RESTOREDUSER=restored-ajcody@mail3.internal.homeunix.com
 
 
 
# To get FILE, blob-check.pl ajcody@mail3.internal.homeunix.com > /tmp/BLOB-CHECKS/ajcody.txt
 
# blob-check.pl located at http://wiki.zimbra.com/index.php?title=Ajcody-Notes#BLOB_Issue_Script
 
FILE=/tmp/BLOB-CHECKS/ajcody.txt #CHANGEME
 
 
 
#CHANGEME, if needed, to the mailstore. /opt/zimbra/store is default
 
STOREDIR=/opt/zimbra/store
 
 
 
#END VARIABLES#
 
 
 
USERUID=`zmprov gmi $USER | grep mailboxId | cut -f2 -d: | cut -c 2-10`
 
USERGID=`perl -e 'print $USERUID >> 12 ; print "\n"'`
 
USERPATH=`echo $USERGID/\$USERUID`
 
 
 
RESTOREDUID=`zmprov gmi $RESTOREDUSER | grep mailboxId | cut -f2 -d: | cut -c 2-10`
 
RESTOREDGID=`perl -e 'print $RESTOREDUID >> 12 ; print "\n"'`
 
RESTOREDPATH=`echo $RESTOREDGID/\$RESTOREDUID`
 
 
 
echo USERUID $USERUID
 
echo USERGID $USERGID
 
echo USERPATH $USERPATH
 
echo RESTOREDUID $RESTOREDUID
 
echo RESTOREDGID $RESTOREDGID
 
echo RESTOREDPATH $RESTOREDPATH
 
 
 
cd $STOREDIR
 
echo "Run ECHO first to confirm copies look right and then uncomment COPY in script"
 
for ROOTBLOBPATH in `cat $FILE | grep "NOT OK" | cut -f7-9 -d/ | cut -f1`
 
do
 
# Comment out echo and uncomment copy after dry run
 
echo $RESTOREDPATH/$ROOTBLOBPATH $USERPATH/$ROOTBLOBPATH
 
#cp -uv $RESTOREDPATH/$ROOTBLOBPATH $USERPATH/$ROOTBLOBPATH
 
done
 
</pre>
 
 
 
==Migration Issues==
 
===IMAPSYNC with admin login===
 
Reference - http://wiki.zimbra.com/index.php?title=User_Migration
 
 
 
imapsync --buffersize 8192000 --nosyncacls --subscribe --syncinternaldates &#92;
 
--host1 server.gtds.lan --user1 yourAccount --password1 yourPassword &#92;
 
--user2 yourZimbraAccount --authuser2 admin --password2 adminZimbraPassword --authmech2 LOGIN
 
 
 
I found this description in one of the imapsync files:
 
 
 
&quot;You may authenticate as one user (typically an admin user), but be authorized as someone else, which means you don&#39;t need to know every user&#39;s personal password.  Specify --authuser1 &quot;adminuser&quot; to enable this on host1.  In this case, --authmech1 PLAIN will be used, but otherwise, --authmech1 CRAM-MD5 is the default. Same behavior with the --authuser2 option.&quot;
 
 
 
==Mailing Lists And Mailman==
 
If you are planning to use a distro list of over 60K members, you may be inclined to use a dedicated machine for this purpose. According to bug 19153, you have 2 options: "set up mailing list manager or change the value of virtual_alias_expansion_limit as a customization. We have never tested with > 1000 so this should be done carefully, and will pound LDAP for any messages with lots of recipients." Mailman integration is an option. There is a forum thread on how to integrate zcs and mailman. This would be the preferred fix to your issue, also noted in the bug report. We probably won't see Mailman integration in ZCS at least for another year or so, not until 6.0
 
 
 
===Restricting Who Can Send To Mailing List===
 
 
 
http://wiki.zimbra.com/index.php?title=RestrictPostfixRecipients
 
 
 
===Problems Resolving Virtual Aliases For Members Of Large Distribution Lists===
 
 
 
http://bugzilla.zimbra.com/show_bug.cgi?id=19153
 
 
 
===Mailman Configuration===
 
 
 
http://wiki.zimbra.com/index.php?title=ZCS_Mailman_Integration
 
 
 
http://bugzilla.zimbra.com/show_bug.cgi?id=8968
 
 
 
http://www.zimbra.com/forums/administrators/1380-solved-zimbra-mailman-howto.html
 
 
 
=Client Topics=
 
==General CALDAV Issues==
 
===Lightning &amp; Thunderbird===
 
====Lightning does not support Caldav + Free/Busy====
 
Free/Busy support is only available for the Sun Cal Server.
 
 
 
Maybe we could &quot;fake&quot; this out within our Ldap configuration. Like RFE for Apple OD:
 
 
 
http://bugzilla.zimbra.com/show_bug.cgi?id=26619
 
 
 
====Address/username lookup doesn&#39;t occur within a new appointment====
 
Unfortunately, I&#39;ve not figured a way around this at this time.
 
 
 
====Zimbra CalDav doesn't allow user to dismiss alarms from lightning====
 
 
 
Please see bug from Mozilla:
 
 
 
https://bugzilla.mozilla.org/show_bug.cgi?id=432540
 
 
 
==Apple/Mac Issues==
 
 
 
Please see dedicated page for these issues: [[Ajcody-Apple-Mac-Issues]]
 
 
 
=={{:Ajcody-Apple-Mac-Issues}}==
 
 
 
==ZCO Zimbra Outlook Connector==
 
===The complete troubling-shooting guide (dev info requests)===
 
 
 
# Reproduce
 
# ZCO install logs
 
#* <nowiki>msiexec /i zco-installer.msi /lv 00022083-zco-install.log</nowiki>
 
# Get zco logs
 
#* See Using Logging Control for Troubleshooting; within the below article :
 
#** http://wiki.zimbra.com/index.php?title=Outlook_Troubleshooting_Options
 
# Check for core dumps - mandatory for all crashes
 
#* Generating Core Dumps :
 
#** http://wiki.zimbra.com/index.php?title=Generating_Core_Dumps
 
#* Creating a Core Dump from a Running Process using WinDbg :
 
#** http://wiki.zimbra.com/index.php?title=Creating_a_Core_Dump_from_a_Running_Process_using_WinDbg
 
# Winhttp trace (issues where they can&amp;amp;amp;amp;amp;amp;#39;t connect - check zco logs first). Run this on the machine with Outlook.
 
#* WinHttpTraceCfg -e 1 [prefix] -d 0
 
#** When WinHttpTraceCfg is executed, try sending a message with an attachment. This time a log should be created.
 
#** WinHttpTraceCfg Documentation
 
#*** http://msdn.microsoft.com/en-us/library/aa384119.aspx
 
#* DbgViewHttpTrace :
 
#** http://wiki.zimbra.com/index.php?title=DbgViewHttpTrace
 
# Are there any local failures/server failures?
 
# Winmsd (dump of the local environment configuration)
 
#* Start  Run  winmsd
 
#** This might take awhile to bring up the application
 
#** From app [System Information titled] , File  Export
 
#* What about msinfo32.exe ?
 
# External factors (add-ins, other mapi clients)
 
# Network topology (firewall, proxy, etc)
 
# Server topology (single/multi-node, clustering, nginx, 3rd party lb)
 
# Search bugzilla
 
# Search old support cases
 
# Can we get remote access?
 
# Can we get an account on the server?
 
# Can we access the account in question?
 
# Get the id of the item
 
#* get the original of the item from the server (mime representation)
 
#* get the .msg of the item from outlook
 
# Quick analysis of zco logs
 
#* sync - change record creation - CHANGE RECORD
 
#* follow soap requests, look for soap faults
 
#* look for the word - exception
 
#* follow soap traces
 
#* ignore MAPI_E_NOT_FOUND
 
 
 
===Performance Issues===
 
 
 
Sources:
 
 
 
http://msexchangeteam.com/archive/2007/12/17/447750.aspx
 
 
 
http://blogs.msdn.com/outlook/
 
 
 
http://support.microsoft.com/kb/940226/
 
 
 
http://technet.microsoft.com/en-us/library/bb738147.aspx
 
 
 
The skinny is this, [per Microsoft]
 
*  ...recommended max OST size (2GB) 
 
*  ...we strongly recommend storing no more than 5,000 items in core folders, such as the Inbox and Sent Items folders. Creating more top-level folders, or subfolders underneath the Inbox and Sent Items folders, greatly reduces the costs associated with this index creation, so long as the number of items in any one folder does not exceed 5,000.
 
 
 
=Mobility=
 
==Help Me Understand the Mobility Options==
 
Let's break it down to three forms of access for mobile devices.
 
 
 
===Mobile Web Client - http://www.zimbra.com/products/mobile_web_browser.html===
 
 
 
A. Setups the web access to the Zimbra server to be viewable from a mobile device. This is accessing mail over the "web browser" on the mobile phone.
 
 
 
A1. http://servername.com/zimbra/m/
 
 
 
B. Built in - no license or additional software needed.
 
 
 
===Zimbra Mobile - http://www.zimbra.com/products/mobile_smartphone.html===
 
 
 
A. This allows two-way, over-the-air synchronization between the mobile device and Zimbra server.
 
 
 
A1. Think of this as "fat client" mail sync'ing on a mobile device
 
 
 
B. This page will describe that process in better detail - http://wiki.zimbra.com/index.php?title=Moble_Device_Setup
 
 
 
C. License required
 
  
===Blackberry - http://www.zimbra.com/products/mobile_blackberry.html===
+
__TOC__
  
A. Blackberry "two-way, over-the-air synchronization" requires the use of a Blackberry server. We use a "connector" on the Blackberry server that allows BES device to use their "fat client" for mail sync'ing.
+
{{:Ajcody-General-Notes}}
  
B. This option requires a separate server, a Windows box that will run the Blackberry server software.
+
{{:Ajcody-Logging}}
  
C. Zimbra Mobile license required. Windows Blackberry server require with appropriate Blackberry licenses. Installation of Zimbra BlackberryConnector on the Blackberry server.
+
{{:Ajcody-User-Management-Topics}}
  
D. This is still in BETA
+
{{:Ajcody-Server-Topics}}
  
Zimbra Mobile/Blackberry requires the license file to enable it. This cost can be discussed with your sales contact. It's only the Blackberry configuration that requires a "software" installation - so to speak. Enabling "Zimbra Mobility/option 2 above" is a license requirement - not a software installation one - and then configuration for the user. "You enable Zimbra Mobile in the ZCS COS or for individual Accounts."
+
{{:Ajcody-Client-Topics}}
  
[[Category: Community Sandbox]]
+
{{:Ajcody-Mobile-Topics}}

Revision as of 21:46, 16 July 2008

This page holds a Table of Contents of all my pages but each main Subject is an actual link to another page. I'm hoping this gives the best of both worlds. One long page with all topics as well as pages that contain details to a specific subject.

Done by way of putting something like this on this page:

{{:Ajcody-Apple-Mac-Issues}}

And on the target page:

===Actual Apple/Mac Issues Homepage===

Please see [[Ajcody-Apple-Mac-Issues]]

Enjoy, Adam

Contents

General Notes

   KB 2439        Last updated on 2008-07-16  




0.00
(0 votes)
24px ‎  - This is Zeta Alliance Certified Documentation. The content has been tested by the Community.


Actual General Notes Homepage

Please see Ajcody-General-Notes

Zimbra Variables

Ways to check on different zimbra variables.

su - zimbra
zmlocalconfig -i
zmlocalconfig -d
cd /opt/zimbra/conf/attrs
more zimbra-attrs.xml
cd /opt/zimbra/openldap/etc/openldap/schema/
more zimbra.schema

Made the following concerning zmlocalconfig's behavior:

Also, with newer versions of ZCS, you can get it via zmprov - for example:

#zmprov desc -a zimbraFreeBusyExchangeAuthScheme
    zimbraFreebusyExchangeAuthScheme
        auth scheme to use

                   type : enum
                  value : basic,form
               callback :
              immutable : false
            cardinality : single
             requiredIn :
             optionalIn : cos,domain,globalConfig,account
                  flags : accountInherited,domainInherited
               defaults :
                    min :
                    max :
                     id : 611
        requiresRestart :
                  since : 5.0.3
        deprecatedSince : 

Addition note, example, for those checking source : src/6.0.7/com/zimbra/cs/account/ProvUtil.java.html

Zimbra Contact Fields For CSV Import Mapping

Please see /opt/zimbra/conf/zimbra-contact-fields.xml

This will show you what "fields" Zimbra is looking for and mapping to in regards to importing from another applications contact csv files.

One easy way to do this is the following:

  • From zimbra ajax client as a test user (or any old user) do an export Addressbook.
    • This is under the preference tab > Address Book > Import / Export > Export - select Addressbook and click Export button
  • Then open file file something like Excel or a Text Editor
    • Your only interested in the Top line - that gives the default fields for a Zimbra Addressbook.
    • You'll get something like this:
"company","companyPhone","email2","fileAs","firstName","homepageURL","imAddress3","lastName","otherIMLabel","workCity","workCountry","workEmail2","workEmail3","workEmail4","workEmail5","workPostalCode","workState","workStreet"
    • Note, ordering [left to right] isn't important. What is important, is the data lines up under the right column header.
  • With your other Mail system, export the addressbook to a csv file.
    • Open this file in another Excel window.
  • Copy the column data from the one Excel sheet and paste it into the appropriate column within the Zimbra Excel sheet.
  • Move as much as you can and then save.
    • For example:
"company","companyPhone","email2","fileAs","firstName","homepageURL","imAddress3","lastName","otherIMLabel","workCity","workCountry","workEmail2","workEmail3","workEmail4","workEmail5","workPostalCode","workState","workStreet"
"Apple Computer Inc.","1-800-MY-APPLE","","3","","http://www.apple.com","","","","Cupertino","United States","","","","","95014","CA","1 Infinite Loop"
  • Now you can try importing this csv file back into Zimbra.
  • Either with the webclient or you can use some on the CLI commands
    • See User_Migration for variations of CLI commands that could be used.
    • Here's the documented example:
    • curl -u schemers:password --data-binary @/tmp/new.csv http://server/service/home/schemers/contacts?fmt=csv

Example Header For Horde Contacts

I have not used this myself, I found it on the forums.

"assistantPhone","birthday","callbackPhone","carPhone","company","companyPhone","email","email2","email3","firstName","fullName","homeCity","homeCountry","homeFax","homePhone","homePhone2","homePostalCode","homeState","homeStreet","homeURL","imAddress1","imAddress2","imAddress3","jobTitle","lastName","middleName","mobilePhone","notes","otherCity","otherCountry","otherFax","otherPhone","otherPostalCode","otherState","otherStreet","otherURL","pager","workCity","work"

I'm hoping the forum user simply renamed the top header column to match description fields that Zimbra knows and that it's in order of the data (left to right) that Horde normally exports in. You'll need to review it and make sure it fits with your exported data columns from Horde.

Admin With Curl And Wget

You will most likely need to include :7071 in the url string to get around the pop-up issue that you would get if you used the same string in a web browser, without :7071 you'll see a permission error when trying to see/get data from a users account via the admin account.

curl -u admin:pass https://hostname:7071/home/user/Contacts
wget https://admin:pass@hostname:7071/home/user/Contacts

What's My Server Like

To dump out your server details, these commands are useful. Login to your zimbra server and as the zimbra user do:

zmprov gs `zmhostname`
zmprov gacf
zmlocalconfig
zmdumpenv

Another good document to review for "odd performance" issues is the large server wiki.

http://wiki.zimbra.com/index.php?title=Performance_Tuning_Guidelines_for_Large_Deployments

Restarting Jetty - ZCS 5+

As zimbra

zmmailboxdctl restart

How Do I Find Out What Version Of Zimbra I'm Using

See:

Get Version From Ajax Client

In newer versions of ZWC, the Help > About will also state the ZCS server version being used.

For older version, put the below in the search field of the Ajax client and hit enter:

$set:get version

Also:

https://SERVERNAME/js/zimbraMail/share/model/ZmSettings.js

Search for the CLIENT_VERSION line.

Other Ways To Get Version Of Server

See this forum post:

What's Compiled With Postfix

Moved to What's_Complies_With_Zimbra's_Postfix

REST Information

Resources to review

Format to get around permission denied on multi-domain hosting servers

If you getting permission denied rather than resource not found...try this format example:

http://MAILSTOREofUSER.DOMAIN.com/zimbra/user/FIRST.LAST@USERS_DOMAIN.com/inbox.zip

or

http://MAILSTOREofUSER.DOMAIN.com/zimbra/user/USERNAME@USERS_DOMAIN.com/inbox.zip

I but both in case one issue is where the username has special characters, like the period.

Server Source Doc's

Please see:

http://svn.sourceforge.net/viewvc/zimbra/trunk/ZimbraServer/docs/


Logging

   KB 2439        Last updated on 2008-07-16  




0.00
(0 votes)
24px ‎  - This is Zeta Alliance Certified Documentation. The content has been tested by the Community.


Actual Logging Homepage

Please see Ajcody-Logging

Server

RFE's Related To Better Logging And Historical Data Of Systems

See : Ajcody-Testing-Debugging#RFE.27s_Related_To_Better_Logging_And_Historical_Data_Of_Systems

Debugging

See : Ajcody-Testing-Debugging for more complete debugging information.

When Was A ZCS Service Enabled Or Disabled

See : Ajcody-Notes-Archive-Discovery#When_Was_A_ZCS_Service_Enabled_Or_Disabled

Syslog Items

Single Server Setup

/etc/syslog.conf should have lines similiar to:

[towards bottom of conf file]
local0.*                -/var/log/zimbra.log
auth.*                  -/var/log/zimbra.log
mail.*                  -/var/log/zimbra.log

Make sure syslog allows messages from log4j to be written, log4j doesn't do unix pipes. Specifically, it uses internet domain sockets (514/upd) instead of unix domain sockets (/dev/log). On a single server setup, this means log4j talking to localhost via 514/udp. Again, /dev/log is never used by log4j (AFAIK, this could change in the future). Adding the "-r" applies for the centralized syslog server as usual, but it also applies for the case where you want log4j data to be logged via syslog locally [single server setup]:

[root@zimbra sysconfig]# diff -u /etc/sysconfig/syslog.ORIG /etc/sysconfig/syslog
--- /etc/sysconfig/syslog.ORIG  2008-03-25 09:14:28.000000000 -0400
+++ /etc/sysconfig/syslog       2009-06-09 16:01:13.000000000 -0400
@@ -3,7 +3,7 @@
 # -r enables logging from remote machines
 # -x disables DNS lookups on messages recieved with -r
 # See syslogd(8) for more details
-SYSLOGD_OPTIONS="-m 0"
+SYSLOGD_OPTIONS="-r -m 0"
 # Options to klogd
 # -2 prints all kernel oops messages twice; once for klogd to decode, and
 #    once for processing with 'ksymoops'

Restart syslog:

/etc/init.d/syslog restart

Setup ZCS to be aware of syslog [we'll restart Zimbra later once all the changes are done]:

zmprov mcf zimbraLogToSyslog TRUE

This will set the appropriate ldap values (after a zimbra restart) to make log4j.properties be written correctly:

/opt/zimbra/conf/log4j.properties will now show some modifications, for example:

[snips - DON'T cut cut/paste this info below for your server]
#log4j.rootLogger=INFO,LOGFILE
log4j.rootLogger=INFO,LOGFILE,SYSLOG
...
# Syslog appender
log4j.appender.SYSLOG=org.apache.log4j.net.SyslogAppender
log4j.appender.SYSLOG.SyslogHost=localhost
log4j.appender.SYSLOG.Facility=LOCAL0
log4j.appender.SYSLOG.layout=com.zimbra.common.util.ZimbraPatternLayout
log4j.appender.SYSLOG.layout.ConversionPattern=mailboxd: %-5p [%t] [%z] %c{1} - %m

This will actually cause very little to goto syslog though, it's a very minimalist setup. Now adjust /opt/zimbra/conf/log4j.properties.in to log more items to syslog.

Note: You may or may not want all these things going to syslog and you may be able to send more/other things to syslog as well. I've not spend lots of time with log4j and I'm not familiar enough with all the code to know which pieces are using which logger/settings.

WARNING: the AUDIT logs may have sensitive data so be careful to protect the logs so that sensitive data is not leaked accidentally.

[zimbra@zimbra conf]$ diff -u log4j.properties.in.ORIG log4j.properties.in
--- log4j.properties.in.ORIG    2009-06-05 15:31:20.000000000 -0400
+++ log4j.properties.in 2009-06-09 15:54:07.000000000 -0400
@@ -35,7 +35,7 @@

 # Save zimbra.security to AUDIT appender
 log4j.additivity.zimbra.security=false
-log4j.logger.zimbra.security=INFO,AUDIT
+log4j.logger.zimbra.security=INFO,AUDIT,SYSLOG

 # Syslog appender
 log4j.appender.SYSLOG=org.apache.log4j.net.SyslogAppender
@@ -88,7 +88,7 @@
 log4j.additivity.zimbra.wbxml=false
 log4j.logger.zimbra.wbxml=DEBUG,WBXML

-log4j.logger.zimbra=INFO
+log4j.logger.zimbra=INFO,SYSLOG
 log4j.logger.zimbra.op=WARN
-log4j.logger.com.zimbra=INFO
+log4j.logger.com.zimbra=INFO,SYSLOG

At this point, you can restart zimbra for all the changes to be in effect:

zmcontrol stop ; zmcontrol start

Centralized Syslog Server

Please see:

This will show you how to setup a syslog server and then to configure the "clients" to log to the local filesystem as well as the syslog server.

You'll need to then take into account the information in Ajcody-Logging#Single_Server_Setup to handle the "Zimbra" part as well as dealing with log4j.

Centralized Log Server Project Ideas

Problems:

  • Logs are to large to manage on each server.
  • Want to build a central logging server for all logging events.
  • The syslog events are very minimal with Zimbra (/var/log/zimbra.log). Most of the logging is control by Log4j (tomcat/jetty). Output from log4j generally goes into the /opt/zimbra/log/ directory. There's some conf files in /opt/zimbra/conf/log4j.properties* for log4j. You can adjust this file to also output into the syslog environment but syslog has very limited choices for "facility". See Ajcody-Logging#Single_Server_Setup and Log4j & Syslog facility for details. You'll end up getting huge files and god knows how many log events per second if you adjusted log4j to dump all zimbra logging into syslog control.

General Thought On This:

Use syslog-ng with mysql for the central log server. Add on php-syslog-ng for comfort.

Leave the log4j stuff alone and configure syslog-ng to monitor the actual log files as they are generated by log4j in /opt/zimbra/log/* .

Then decrease the log sizes and archiving done on the local servers, i.e. zimbraLogRawLifetime & zimbraLogSummaryLifetime .


References:


Log Rotation and Removal

Logs In /opt/zimbra/log Directory

Please look at the output of your crontab - AS ZIMBRA, look for the "Log pruning" line.

crontab -l

And also the config files for logrotate:

/etc/logrotate.conf

/etc/logrotate.d/zimbra

Example From 5.0.11 - Complete ZCS Install Single Server

crontab for zimbra:

# Log pruning
#
30 2 * * * find /opt/zimbra/log/ -type f -name \*.log\* -mtime +8 -exec rm {} \; > /dev/null 2>&1
35 2 * * * find /opt/zimbra/log/ -type f -name \*.out.???????????? -mtime +8 -exec rm {} \; > /dev/null 2>&1

# Log pruning
#
30 2 * * * find /opt/zimbra/mailboxd/logs/ -type f -name \*log\* -mtime +8 -exec rm {} \; > /dev/null 2>&1

And the logrotate files:

$ cat /etc/logrotate.conf 
# see "man logrotate" for details
# rotate log files weekly
weekly

# keep 4 weeks worth of backlogs
rotate 4

# create new (empty) log files after rotating old ones
create

# uncomment this if you want your log files compressed
#compress

# RPM packages drop log rotation information into this directory
include /etc/logrotate.d

# no packages own wtmp -- we'll rotate them here
/var/log/wtmp {
    monthly
    minsize 1M
    create 0664 root utmp
    rotate 1
}

# system-specific logs may be also be configured here.

And also:

$ cat /etc/logrotate.d/zimbra 
/var/log/zimbra.log {
    daily
    missingok
    notifempty
    create 0644 zimbra zimbra
    postrotate
      killall -HUP syslogd 2> /dev/null || true
      kill -HUP `cat /opt/zimbra/log/swatch.pid 2> /dev/null` 2> /dev/null || true
      kill -HUP `cat /opt/zimbra/log/logswatch.pid 2> /dev/null` 2> /dev/null || true
    endscript
    compress
}

/opt/zimbra/log/myslow.log {
    daily
    missingok
    copytruncate
    rotate 30
    notifempty
    create 0644 zimbra zimbra
    compress
}

/opt/zimbra/log/logger_myslow.log {
    daily
    missingok
    copytruncate
    notifempty
    create 0660 zimbra zimbra
    compress
    size 5000k
    rotate 7
} 

/opt/zimbra/log/clamd.log {
    daily
    missingok
    copytruncate
    notifempty
    create 0660 zimbra zimbra
    postrotate
     kill -HUP `cat /opt/zimbra/log/clamd.pid 2> /dev/null` 2> /dev/null || true
    endscript
    compress
    size 5000k
    rotate 7
}

/opt/zimbra/log/zmlogswatch.out {
    daily
    missingok
    copytruncate
    notifempty
    create 0740 zimbra zimbra
    postrotate
      su - zimbra -c "/opt/zimbra/bin/zmlogswatchctl stop"
      su - zimbra -c "/opt/zimbra/bin/zmlogswatchctl start"
    endscript
    rotate 5
    compress
}

/opt/zimbra/log/zmswatch.out {
    daily
    missingok
    copytruncate
    notifempty
    create 0740 zimbra zimbra
    postrotate
      su - zimbra -c "/opt/zimbra/bin/zmswatchctl stop"
      su - zimbra -c "/opt/zimbra/bin/zmswatchctl start"
    endscript
    rotate 5
    compress
}

/opt/zimbra/log/zmmtaconfig.log {
    daily
    missingok
    copytruncate
    notifempty
    create 0740 zimbra zimbra
    postrotate
      su - zimbra -c "/opt/zimbra/bin/zmmtaconfigctl restart"
    endscript
    rotate 5
    compress
}

/opt/zimbra/log/nginx.log {
    daily
    missingok
    notifempty
    create 0644 zimbra zimbra
    postrotate
      kill -USR1 `cat /opt/zimbra/log/nginx.pid 2> /dev/null` 2> /dev/null || true
    endscript
    rotate 7
    compress
}

/opt/zimbra/log/zmconvertd.log {
    daily
    missingok
    copytruncate
    notifempty
    create 0644 zimbra zimbra
    rotate 7
}

/opt/zimbra/zmstat/zmstat.out {
    daily
    missingok
    copytruncate
    rotate 7
    notifempty
    compress
}

Openldap Logs - In /opt/zimbra/openldap-data/

Ldap logs files in /opt/zimbra/openldap-data/ and in /opt/zimbra/data/ldap/* subdirectories [ZCS 6+] that are like log.0000000001 , log.0000000002 , etc.

This logpurge is controlled by:

$ cd /opt/zimbra/openldap/etc/openldap/
[zimbra@mail3 openldap]$ grep logpurge *
master-accesslog-overlay.conf:logpurge	07+00:00	01+00:00
Logpurge Directive Description

From Accesslog Chapter

logpurge Directive

logpurge age interval

Defines both the maximum age for log entries to be retained in the database and how often to scan the database for old entries. Bothage and interval are specified as a time span in days, hours, minutes, and seconds. The time format is [ddd+]hh:mm[:ss], for example, the days and seconds components are optional but hours and minutes are required. Except for days, which can be up to 5 digits, each numeric field must be exactly two digits. Example:

  1. the log database will be scanned every day
  2. entries older than two days will be deleted.

logpurge 2+00:00 1+00:00

When using a log database that supports ordered indexing on generalizedTime attributes, specifying an eq index on the reqStart attribute will increase the performance of purge operations.

What's up with all the logs?

Other Logging Page Resources

http://www.zimbra.com/docs/ne/latest/administration_guide/9_Monitoring.14.1.html

http://wiki.zimbra.com/index.php?title=Server_Monitoring

http://wiki.zimbra.com/index.php?title=Log_Files

http://wiki.zimbra.com/index.php?title=Unresponsive_Server_Troubleshooting

The Bread And Butter Logs

/opt/zimbra/log/mailbox.log - where most of your mailbox store activity is logged
  • This log is the mailboxd log4j server log containing the logs from the mailbox server. This includes activity from the mailbox store, LMTP server, IMAP and POP servers, and Index server.
    • Location: /opt/zimbra/log/mailbox.log
/opt/zimbra/log/zmmailboxd.out - mailboxd/jvm output log
  • Mailstore not coming up and nothing is being logged in mailbox.log, check here for errors.
    • Location: /opt/zimbra/log/zmmailboxd.out
/opt/zimbra/log/stacktrace.<pid> - stacktrace logs
  • stacktraces related to mailboxd
    • Location: /opt/zimbra/log/stacktrace.<pid>
/opt/zimbra/db/data/YOURHOSTNAME.err - errors for MySQL - ZCS 4.x & ZCS 5.x
  • This is the message store database error log.
    • Location: /opt/zimbra/db/data/YOURHOSTNAME.err
/var/log/zimbra.log - mta and system status log, postfix, amavisd
  • The Zimbra syslog details the activities of the Zimbra MTA (Postfix, amavisd, antispam, antivirus), Logger, Authentication (cyrus-sasl), and Directory (OpenLDAP). By default LDAP activity is logged to Zimbra.log.
    • Location: /var/log/zimbra.log
/var/log/messages - mta and OS related log events
  • Probably has mta logging events [which also show in /var/log/zimbra.log] and also log events related to your OS
    • Location: /var/log/messages
/opt/zimbra/log/mysql_error.log - problems with MySQL
  • If there is data corruption or another problem causing direct mysql errors, events will be logged here.
    • /opt/zimbra/log/mysql_error.log
/opt/zimbra/log/myslow.log - slow db/MySQL queries
  • If certain search requests are taking longer to complete than others, they will be logged here.
    • /opt/zimbra/log/myslow.log

Other Logs

/opt/zimbra/log/audit.log - authentication events
  • A log of all admin actions taken as well as logins to the server.
    • /opt/zimbra/log/audit.log
Want to see all uses of the "View Mail" button from the admin console? Will have the IP address, User Agent of the browser, user that the admin is logged in as, and the account that they are viewing.
 grep DelegateAuth /opt/zimbra/log/audit.log 
/opt/zimbra/log/clamd.log - antivrius db
  • Status and checks for clamav
    • /opt/zimbra/log/clamd.log
If your clamav db is out of date, you'll see a log event here like this:
LibClamAV Warning: **************************************************
LibClamAV Warning: *** The virus database is older than 7 days! ***
LibClamAV Warning: *** Please update it as soon as possible. ***
LibClamAV Warning: **************************************************
/opt/zimbra/log/convertd.log - attachment conversion
  • If your having problems with your attachments and the ability to view them in ZWC, check here for errors.
    • /opt/zimbra/log/convertd.log
/opt/zimbra/log/freshclam.log - clam antivirus updates
  • Shows the actual attempt to update the clamav updates.
    • /opt/zimbra/log/freshclam.log
/opt/zimbra/log/spamtrain.log - spam/ham training details
  • Spam/Ham training details are logged here. Errors are also logged here related to this service.
  • From a default single ZCS configurations crontab [zimbra]:
# Spam training
#:
0 :23 * * * /opt/zimbra/bin/zmtrainsa >> /opt/zimbra/log/spamtrain.log 2>&1
#
# Spam training cleanup
#
45 23 * * * /opt/zimbra/bin/zmtrainsa --cleanup >> /opt/zimbra/log/spamtrain.log 2>&1
/opt/zimbra/log/sync.log - zimbra mobile and activesync
  • Your mobile devices will basically log here.
    • /opt/zimbra/log/sync.log
/opt/zimbra/log/synctrace.log - zimbra mobile and activesync
  • Still looking for description that describes difference with sync.log
    • /opt/zimbra/log/synctrace.log
/opt/zimbra/log/syncstate.log - no description found
  • No description found.
    • /opt/zimbra/log/syncstate.log
/opt/zimbra/log/wbxml.log - no description found
  • No description found.
    • /opt/zimbra/log/wbxml.log
/opt/zimbra/log/zmlogswatch.out -
/opt/zimbra/log/zmmtaconfig.log -
/opt/zimbra/log/zmmyinit.log -
/opt/zimbra/log/zmsetup.`date`-'pid'.log -
/tmp/install.log -

After install, gets moved to : /opt/zimbra/.install/

/tmp/zmsetup.log -

After install, gets moved to : /opt/zimbra/log/zmsetup.log.[some numbers]

/opt/zimbra/httpd_access.log -
/opt/zimbra/httpd_error.log -

New Data Directory In ZCS6+

In ZCS 6+ , there's a directory to organize 'data' from our various components.

[root@mail3 data]# pwd
/opt/zimbra/data

[root@mail3 data]# ls -F
altermime/  amavisd/  clamav/  dspam/  ldap/  postfix/  tmp/

This information could prove useful as well with trouble-shooting and debugging problems.

Increase Logging

Increase Logging Per User

Depending on the ZCS version the below will clear all the per account loggers on zimbra reboot. IMAP is used for these examples.

  • addAccoutLogger
zmprov aal user@domain.com zimbra.imap debug
  • removeAccountLogger
zmprov ral user@domain.com zimbra.imap

Example usuage:

zmprov aal user@domain.com zimbra.soap debug 

And tail the log file, while attempting to login to the AJAX client.:

tail -f /opt/zimbra/log/mailbox.log

See Ajcody-Logging#Log4J_Variables for variables that can be used.

To See What Accounts Have Extended Logging Enabled

There's the gaal option for zmprov . It list the accounts on a per mailstore basis :

  getAllAccountLoggers(gaal) [-s/--server hostname]
[zimbra@zcs806 ~]$ zmprov gaal `zmhostname`
# name test01@zcs806.domain.com
zimbra.imap=debug
Bugs And RFE's

I filed the following RFE:

Increase Logging Per Server

If you want to do it globally edit this file:

vi /opt/zimbra/conf/log4j.properties

Add a line at the end that's similar to something like this: log4j.logger.zimbra.imap=DEBUG.

No restart of any service is needed, BUT if something happens that causes a regeneration of the log4j.properties file then your changes will be overwritten. A regeneration of this file takes the contents of /opt/zimbra/conf/log4.properties.in .

To permanently make a change, modify the /opt/zimbra/conf/log4.properties.in file, then a restart would be necessary.

$ zmcontrol stop
$ zmcontrol start

or you could run this on the server:

$ zmmtaconfig mailboxd

Wait for a minute for the server to pick up your change.

See Ajcody-Logging#Log4J_Variables for variables that can be used.

Log4J Variables

An Official page has been made for this topic now per my RFE request, bug 41894

Please see:

OpenLDAP Logging Levels

Please see King0770-Notes-Change-LDAP-Log-Levels

Want To See What's In Redolog Files

If you suspect there's too much redolog activity during a time window or have another need to inspect the contents of the redolog, dump it and examine it:

$ zmjava com.zimbra.cs.redolog.util.RedoLogVerify /opt/zimbra/redolog/redo.log > out.file

Pick the right redolog file, either redo.log or one of the files under archive/, based on timestamp.

See Ajcody-Backup-Restore-Issues#Redolog_Files for more details.

Internal Zimbra Charting - zmstat-chart

RFE/Bugs You Might Be Interested In

zmstat IS NOT Logger (graphs in admin console)

Please note, zmstat is different than the processes and graphs involved with Logger. Logger is behind the graphs that show up in the admin web console.

Please see Logger for details and trouble-shooting steps with Logger.

Rick has some other steps for King0770-Notes#Reinitialize_the_Logger_DB

Main References For zmstat-chart Command

Please see the following:

zmstat-chart CLI Administration Guide

zmstat-chart-config CLI Administration Guide

zmstatctl CLI Administration Guide

Zmstats Wiki

Server Monitoring Wiki

Monitoring Administration Guide

JFreeChart is the project/binary behind the charting tool. You'll find the jar files here [ZCS 5.0.9 example]:

  • /opt/zimbra/lib/jars/jfreechart-1.0.1.jar
  • /opt/zimbra/jetty-6.1.5/common/lib/jfreechart-1.0.1.jar

Issues Being Investigated With zmstat And Other "Charting" Items

I currently have an internal thread going with the dev's about some issues with zmstat and also with attempts of getting the active sessions data from the admin web console to be seen in trends.

I'll just be dumping my notes here and then cleaning them up once I'm done with the internal conversation.

  • Question: (mailboxd: active connections by client protocol) What exactly is this tracking? I'm on a test box with no connections and it has the different threads in the 100's/1000's. Customer was hoping (as was I) that this would be giving data much like is shown in the admin console about user connections. Also, there doesn't seem to be a comparable "active connections" for the web client (soap)?
    • Answer: For the connections issue, it's the number of clients that are currently connected. There's no analog for SOAP because SOAP doesn't have persistent connections. We may be able to log stats for number of SOAP sessions, but that would include noise for cases where the user closes the browser window and the session hasn't timed out yet. If you think this is useful, please file an RFE.
  • Question: (graph time plot) If I run zmstat-chart with the --aggregate-start-at option with something like "08/07/2008 01:00:00" I notice that the graphs don't actually reference "days" at the bottom but still use what looks to be "hours". Is this a bug where the bottom reference of the graph doesn't get adjusted or is the syntax to run zmstat-chart to do this more tricky that I think.
    • Answer: zmstat-chart doesn't support multi-day ranges, it really only supports a single directory with a single day of charts, the aggregate options are for specifying ranges at which to calculate the max(col)/min(col)/avg(col) values. Our usual practice is to generate one set of charts for each day we want to look at; I think it gives us a better look at when peaks occur and how they compare day-to-day (it's much easier to look at them in an overlay fashion).
    • Answer: Seems like a reasonable request to be able to generate charts for multiple days. Please file an RFE if you think this would be useful.
  • Question: How reliable are these numbers are in admin console....
    • Answer: I imagine they should be quite reliable; but HTTP (Web) is stateless, so you can't really determine whether a session is really active or not. I believe multiple sessions appearing for a single user would be the result of reloading or closing and then reopening the browser to log in again.
      • Perhaps it is best to ask the users in question what their usage is like? Is there any concern over the high number of sessions? I don't think it should affect server performance.
  • Question: Could you please explain the following:
    • Mailboxd Mailbox Add Rate (Delivery Rate)
      • Answer: The rate at which messages are being added to the mailbox server, e.g. 1 message being delivered per second is... 1 m/s
    • Mailboxd Mailbox Add Latency (Delivery Speed)
      • Answer: How long it takes on average to add a message to a mailbox (averaged over the period of a minute)
    • Mailboxd Active Connections by Client Protocol- This one does NOT give us counts for web client. Host zcs2.mail.XXXX.xxx: Mailboxd: Active Connections by Client Protocol avg(IMAP) = 169.86 avg(IMAP SSL) = 0.00 avg(POP) = 0.21 avg(POP SSL) = 0.00
      • Answer: It doesn't give counts for web client because the web client does not have persistent connections (being HTTP-based). SOAP requests (used by the Web client) use transient connections that often close after they are used; i.e. if you took the number of "SOAP" connections and compared it to the number of "active" sessions, it'd likely be something like 0-1% of the latter figure.
    • Mailboxd Mailbox Get Count
      • Answer: The number of mailboxes that got opened in the last minute (I don't recall if this counting cache hits or not?)
    • Mailboxd Mailbox Get Latency
      • Answer: How long it takes to open a mailbox, on average (over a minute)
    • Also, we don't get stats for any of the soap parameters:
      • SOAP Invocation Count Summary (Top 10 max)
      • SOAP Average Call Duration AuthRequest
        • Answer: I don't know why this could be; perhaps zmstat-chart-config.xml needs to be regenerated, is /opt/zimbra/zmstat/soap.csv available and does it contain data?

Running zmstat-chart

Confirm it's running:

zmprov gs [mailserver hostname] | grep -i stats
  zimbraServiceEnabled:  stats
  zimbraServiceinstalled: stats

Default location of stat files is:

/opt/zimbra/zmstat/

Example command to run:

mkdir /tmp/stats
zmstat-chart -s /opt/zimbra/zmstat -d /tmp/stats/

Like To Have zmstat-chart Data Integrated With Zimbra

I've made an RFE for this integration:

With Zimbra Jetty
Note:
The default Jetty behavior will NOT display directory listing. You'll need a valid html type file in the directory target.
I would recommend the apache solution over this one as you can avoid hitting performance issues this might cause.

Dump some graphing directories in there:

zmstat-chart -s /opt/zimbra/zmstat -d /opt/zimbra/jetty/webapps/zimbra/downloads/zmstat-chart/`date +%F-%H-%M`

You'll see there's the directory and when you go into it - there's your charts.

You can now place this command in your crontab to run on a schedule basis.

Things you'll want to check before deploying:

  1. Place charting directory in a location where space is available and will not create a risk to the mail services if it's full.
  2. Look at the zmstat-chart options to see what other parameters you want to use - especially if it's going in your crontab.
  3. Make sure your following and security guidelines for your environment.

You'll be able to view the data with the following url:

http://hostname/zimbra/downloads/zmstat-chart/
With Zimbra Apache Or Non-Zimbra Server With Apache
Before You Proceed

Things to check or confirm first before deploying:

  • Place your directory root [/opt/zimbra/support in this example] in a location where space is available and will not create a risk to the mail services if it's full.
  • If you'll be using NFS to have a centralized storage point:
    • Your NFS mount point on the Zimbra servers would be /opt/zimbra/support in this example.
    • You'll be exporting /opt/zimbra/support in this example from the NFS server.
    • If this is a non-zimbra server, copy the zimbra entry from a zimbra server's /etc/passwd and /etc/group into the non-zimbra servers passwd and group file. This way, if NFS is also used the UID/GID matches.
  • Apache Directory variable will be /opt/zimbra/support/data in this example.
  • Apache .htpasswd location will be /opt/zimbra/support/.htpasswd in this example, putting it above of the apache Directory variable.
    • Make sure your following the security guidelines for your environment.
  • Look at the zmstat-chart options to see what other parameters you want to use - especially if it's going in your crontab.
Directory Layout

As root:

mdir -p /opt/zimbra/support/data
cd /opt/zimbra/support/data
for i in `/opt/zimbra/bin/zmprov gas`
 do
 mkdir $i
 done

If your not on a ZCS server, you'll be manually creating directories named after the output of zmhostname from each of your ZCS servers.

Now, create subdirectory paths under each zmhsotname directory.

cd /opt/zimbra/support/data/
for i in `ls`
  do
  mkdir $i/debug $i/logs $i/zmstat $i/tops
  done

Set permissions on the directories we made:

chown -R zimbra:zimbra /opt/zimbra/support
chmod -R 755 /opt/zimbra/support

With this structure and with NFS setup, you'll have a common repository that will have a standard path to use on a per server basis. Example :

script-command -PathOption /opt/zimbra/support/data/`zmhostname`/TYPE_OF_DATA/`date +%F-%H-%M`
Apache Configuration

Let's configure apache to show this directory.

  • For ZCS Apache Setup:
vi /opt/zimbra/conf/httpd.conf
** Towards the end, add the following**
# Include zmstat-chart directory
Include /opt/zimbra/httpd/conf/extra/zimbra-support.conf
  • Non-ZCS Server With Apache. Check that there's an existing Include directive that will see our zimbra-support.conf:
vi /etc/httpd/conf/httpd.conf
** Look for something that will allow the following**
** /etc/httpd/conf.d/zimbra-support.conf to be used**
** Your distro might differ on apache paths as well**
** as Include statement for other conf files**
Include conf.d/*.conf

Let's now make the apache conf file for zimbra-support.conf

  • For ZCS Apache Setup:
vi /opt/zimbra/httpd/conf/extra/zimbra-support.conf
Alias /support "/opt/zimbra/support/data"
<Directory "/opt/zimbra/support/data">
  AuthName "Secure Area For Zimbra Support"
  AuthType Basic
  AuthUserFile /opt/zimbra/support/.htpasswd
  require valid-user
  Options Indexes
  IndexOptions FancyIndexing VersionSort
  AllowOverride None
  Order allow,deny
  Allow from all
</Directory>
  • Non-ZCS Server With Apache:
vi /etc/httpd/conf.d/zimbra-support.conf
Alias /support "/opt/zimbra/support/data"
<Directory "/opt/zimbra/support/data">
  AuthName "Secure Area For Zimbra Support"
  AuthType Basic
  AuthUserFile /opt/zimbra/support/.htpasswd
  require valid-user
  Options Indexes
  IndexOptions FancyIndexing VersionSort
  AllowOverride None
  Order allow,deny
  Allow from all
</Directory>

Make sure permissions are set correctly on zimbra-support.conf so apache will use it.

Now let's setup a username and password to use with the .htpasswd file.

cd /opt/zimbra/support/
htpasswd -c .htpasswd zimbrasupport
chmod 644 .htpasswd

Restart apache so the changes take effect:

  • For ZCS Apache Setup:
zmapachectl stop
zmapachectl start
  • Non-ZCS Server With Apache:
httpd restart

Now, let's dump some graphing directories in there:

zmstat-chart -s /opt/zimbra/zmstat -d /opt/zimbra/support/data/`zmhostname`/zmstat/`date +%F-%H-%M`

To now view the charts. Adjust, SERVERHOSTNAME, for your servername.

  • For ZCS Apache Setup:

http://servername:7780/support/data/SERVERHOSTNAME/zmstat

  • Non-ZCS Server With Apache:

http://servername/support/data/SERVERHOSTNAME/zmstat

You'll see there's the directory and when you go into it - there's your charts.

You can now place this command in your crontab to run on a schedule basis.

Tweaking zmstat-chart

zmstat-chart also has the option to use a configuration file. The default configuration file is:

/opt/zimbra/conf/zmstat-chart.xml

Copy this to another location and edit away. Then add the -c /location/to/config/file to use your new configuration.

Default Items Charted

Here's a list of the default items that will be charted with zmstat-chart:

  • Postfix Queue Size
  • convertd CPU time used
  • convertd Resident Memory
  • convertd Processes and Threads
  • Total CPU
  • Process CPU
  • Process Total Memory
  • Process Resident Memory
  • Virtual Memory
  • Context Switches
  • Run/Blocked Process Queue Size
  • Disk Partition Throughput
  • Disk Utilization
  • Disk Throughput
  • Disk IOPs
  • Swap Activity
  • Total file descriptors open
  • SOAP Invocation Count Summary (Top 10 max)
  • SOAP Average Call Duration Summary (Top 10 avg)
  • SOAP Invocation Count GetServerRequest
  • SOAP Invocation Count BackupRequest
  • SOAP Invocation Count GetAllConfigRequest
  • SOAP Invocation Count GetDomainRequest
  • SOAP Invocation Count GetAllDomainsRequest
  • SOAP Invocation Count AuthRequest
  • SOAP Average Call Duration GetServerRequest
  • SOAP Average Call Duration BackupRequest
  • SOAP Average Call Duration GetAllConfigRequest
  • SOAP Average Call Duration GetDomainRequest
  • SOAP Average Call Duration GetAllDomainsRequest
  • SOAP Average Call Duration AuthRequest
  • MySQL Database Connections
  • MySQL InnoDB Buffer Pool Pages
  • MySQL InnoDB Buffer Pool Hit Rate
  • MySQL Tables Open/Opened
  • MySQL Total Slow Queries Count
  • Mailboxd Connection Pool Get Latency
  • Mailboxd Dirty Lucene Index Writers
  • Mailboxd Lucene IndexWriterCache Hitrate
  • Mailboxd Lucene IO
  • Mailboxd LMTP Delivery Throughput
  • Mailboxd LMTP Delivery Rate
  • Mailboxd Mailbox Add Rate (Delivery Rate)
  • Mailboxd Mailbox Add Latency (Delivery Speed)
  • Mailboxd Request Rate by Client Protocol
  • Mailboxd Response Time by Client Protocol
  • Mailboxd Active Connections by Client Protocol
  • Mailboxd Mailbox Get Count
  • Mailboxd Mailbox Get Latency
  • Mailboxd Mailbox Cache Hit Rate
  • Mailboxd Mailbox Item/Blob Cache Hit Rate
  • Mailboxd Garbage Collection Time
  • Mailboxd Garbage Collection Count
  • Mailboxd JVM Heap Used
  • Mailboxd JVM Heap Free
  • Mailboxd JVM Permanent Generation and Code Cache

Getting All User Quota Data With Zmsoap (not zmstat related really)

Moved to Getting_All_Users_Quota_Data

Getting All User Quota Data With Zmprov (not zmstat related really)

Moved to Getting_All_Users_Quota_Data

Third Party Tools (Monitoring & Logging)

FYI - Support For Real Time Counters (snmp,etc.)

This is for those that need to go beyond what zmstat-chart is doing or need to intergrate within a third party monitoring systems.

Please see RFE:

Currently, this RFE has only resolved support for JMX, not SNMP. Customers who need SNMP can use a product like jManage to do the translation from JMX to SNMP.

SNMP And Zimbra

SNMP Related Bugs And RFEs

Please read the following below as they'll have little bits of information that you might need for your customizations / external setup for snmp use against Zimbra. :

SNMP Setup On Zimbra To Notify A Remote Host

Our SNMP support is pretty basic; currently, we only send traps when a service (mta, mailbox, ldap) changes state (stop/start).

First, you'll need net-snmp package install on the zimbra host for the notifications to be sent to a remote host.

  • When you install the net-snmp package, it creates /etc/snmp/snmpd.conf. This file needs to be edited with the correct community string to allow for snmp mibs to be read from remote machines The default value is "public" with the net-snmp package.
    • /opt/zimbra/conf/swatchrc.in is set to use [ perlcode 0 my $snmpargs="-v 2c -c zimbra localhost "; ] for the community string. Adjust this if needed for your corporate snmp environment.
    • Your security policy for your company might require you to review the other options there as well - i.e. limit to read-only.
    • Also, if there is a firewall between the zimbra server and the snmp server host you'll need to open up port 161/UDP.

Then your zimbra host with the zimbra snmp service installed, do the following for a basic default setup:

zmlocalconfig -e snmp_notify=1
zmlocalconfig -e snmp_trap_host=your.host.name
/opt/zimbra/libexec/zmsnmpinit
zmswatchctl stop
zmswatchctl start

We watch for something matching /err: Service status change/ and send the trap with:

/opt/zimbra/snmp/bin/snmptrap

See other topics below for customizations that might be needed for your snmp environment.

Other reference for Zimbra and SNMP:

Files To Review For SNMP

Look at the contents of the following files:

  • /opt/zimbra/libexec/zmsnmpinit
    • /opt/zimbra/conf/swatchrc.in
      • zmsnmpinit reads swatchrc.in and writes out the file swatchrc for the running configuration
      • /opt/zimbra/conf/swatchrc
    • /opt/zimbra/snmp/share/snmp/snmpd.conf.in which is the SOURCE file to
      • /opt/zimbra/conf/snmpd.conf [see /opt/zimbra/libexec/zmsnmpinit ]
        • The two above are used by zmsnmpinit to generate the /opt/zimbra/conf/swatchrc
  • /opt/zimbra/net-snmp/share/snmp/mibs/zimbra.mib
  • /opt/zimbra/net-snmp/share/snmp/mibs/zimbra_traps.mib
  • /opt/zimbra/log/zmswatch.out
    • Monitor this to see the services when they go up and down successfully send out the email notification for your snmp configuration
Zimbra MIBS

You'll find zimbra.mib and zimbra_traps.mib in the following directory. This listing is mine under 5.0.19 :

[root@mail3 ~]# cd /opt/zimbra/net-snmp/share/snmp/mibs/

[root@mail3 mibs]# ls
AGENTX-MIB.txt                       IPV6-TC.txt                SNMP-USER-BASED-SM-MIB.txt
DISMAN-EVENT-MIB.txt                 IPV6-UDP-MIB.txt           SNMP-USM-AES-MIB.txt
DISMAN-SCHEDULE-MIB.txt              NET-SNMP-AGENT-MIB.txt     SNMP-USM-DH-OBJECTS-MIB.txt
DISMAN-SCRIPT-MIB.txt                NET-SNMP-EXAMPLES-MIB.txt  SNMPv2-CONF.txt
EtherLike-MIB.txt                    NET-SNMP-EXTEND-MIB.txt    SNMPv2-MIB.txt
HCNUM-TC.txt                         NET-SNMP-MIB.txt           SNMPv2-SMI.txt
HOST-RESOURCES-MIB.txt               NET-SNMP-TC.txt            SNMPv2-TC.txt
HOST-RESOURCES-TYPES.txt             NET-SNMP-VACM-MIB.txt      SNMPv2-TM.txt
IANA-ADDRESS-FAMILY-NUMBERS-MIB.txt  NOTIFICATION-LOG-MIB.txt   SNMP-VIEW-BASED-ACM-MIB.txt
IANAifType-MIB.txt                   RFC1155-SMI.txt            TCP-MIB.txt
IANA-LANGUAGE-MIB.txt                RFC1213-MIB.txt            TRANSPORT-ADDRESS-MIB.txt
IANA-RTPROTO-MIB.txt                 RFC-1215.txt               UCD-DEMO-MIB.txt
IF-INVERTED-STACK-MIB.txt            RMON-MIB.txt               UCD-DISKIO-MIB.txt
IF-MIB.txt                           SMUX-MIB.txt               UCD-DLMOD-MIB.txt
INET-ADDRESS-MIB.txt                 SNMP-COMMUNITY-MIB.txt     UCD-IPFWACC-MIB.txt
IP-FORWARD-MIB.txt                   SNMP-FRAMEWORK-MIB.txt     UCD-SNMP-MIB.txt
IP-MIB.txt                           SNMP-MPD-MIB.txt           UDP-MIB.txt
IPV6-ICMP-MIB.txt                    SNMP-NOTIFICATION-MIB.txt  zimbra.mib
IPV6-MIB.txt                         SNMP-PROXY-MIB.txt         zimbra_traps.mib
IPV6-TCP-MIB.txt                     SNMP-TARGET-MIB.txt
What Is Looked For

Take a look at your /opt/zimbra/conf/swatchrc - this is mine under 5.0.19

perlcode 0 my %notifications=();
perlcode 0 $notifications{smtp}="yes";
perlcode 0 $notifications{snmp}="yes";

perlcode 0 my $fr='admin@mail3.zimbra.REMOVED.com';
perlcode 0 my $pwc='admin@mail3.zimbra.REMOVED.com';

perlcode 0 my $snmpargs="-v 2c -c zimbra localhost ''";
perlcode 0 my $snmptrap="/opt/zimbra/snmp/bin/snmptrap $snmpargs";
perlcode 0 my $snmpsvctrap="ZIMBRA-TRAP-MIB::zmServiceStatusTrap";
perlcode 0 my $snmpsvcname="ZIMBRA-MIB::zmServiceName";
perlcode 0 my $snmpsvcstatus="ZIMBRA-MIB::zmServiceStatus";

perlcode 0 my %statuses=('started'=>1,'stopped'=>0);

perlcode 0 my $hostname="mail3.zimbra.homeunix.com";

perlcode 0 sub donotify {   my %args = (@_); if ($args{HOST} eq "localhost") {$args{HOST}=$hostname;}; 
 if ($notifications{smtp}) { dosmtp(%args) if $args{SERVICE}; dodisksmtp(%args) if $args{DISK};}; 
 if ($notifications{snmp}) {dosnmp(%args);};  }

perlcode 0 sub dosmtp {   my %args = (@_);  print "SMTP notification: $args{MESSAGE}\n"; 
 open (FOO, "|/opt/zimbra/postfix/sbin/sendmail -Am -t"); 
 print FOO "To: $pwc\nFrom: $fr\nSubject: Service $args{SERVICE} $args{STATUS} on $args{HOST}\n\n$args{MESSAGE}\n";
 close FOO; }

perlcode 0 sub dodisksmtp {   my %args = (@_);  print "SMTP notification: $args{MESSAGE}\n"; 
 open (FOO, "|/opt/zimbra/postfix/sbin/sendmail -Am -t"); 
 print FOO "To: $pwc\nFrom: $fr\nSubject: Disk $args{DISK} at $args{UTIL}\% on $args{HOST}\n\n$args{MESSAGE}\n"; 
 close FOO; } 

perlcode 0 sub dosnmp {   my %args = (@_); print "SNMP notification: $args{MESSAGE}\n"; 
 `$snmptrap $snmpsvctrap $snmpsvcname s $args{SERVICE} $snmpsvcstatus i $statuses{$args{STATUS}}`; }

ignore /DEBUG/

watchfor /err: Service status change: (\S+) (.*) changed from stopped to running/ 
	donotify SERVICE=$2,STATUS=started,HOST=$1
watchfor /err: Service status change: (\S+) (.*) changed from running to stopped/ 
	donotify SERVICE=$2,STATUS=stopped,HOST=$1

watchfor /err: Disk warning: (\S+) (\S+) at (\d+)/ 
        donotify DISK=$2,UTIL=$3,HOST=$1
watchfor /crit: Disk warning: (\S+) (\S+) at (\d+)/ 
        donotify DISK=$2,UTIL=$3,HOST=$1
Enhanced MIB Files For HP OpenView

I've created an RFE for this:

Zimbra does not provide "enhanced" mib files" at this time. Thresholds can be set by the customer within their individual monitoring system. Zimbra is alerting on is service up or service down, see the other information above in Ajcody-Logging#SNMP_And_Zimbra .

Some Choices

Charting & Graphing The Data
Montoring Software

Nagios On Zimbra

This is a really rough draft for ideas I have in background. Shouldn't be used by anyone.

Configure Nagios to run on single server Zimbra box - Centos 5.x

Configure yum with repo and install nagios

vi /etc/yum.repos.d/Dag.repo
yum update
yum install nagios nagios-plugins nagios-devel nagios-plugins-nrpe

Move nagios.conf http file into main zimbra directory.

cp /etc/httpd/conf.d/nagios.conf /opt/zimbra/httpd/conf/extra/

Setup nagios to run as zimbra

vi /etc/nagios/nagios.cfg
**Change nagios user to zimbra**
nagios_user=zimbra
nagios_group=zimbra

Change ownership of directories from nagios to zimbra.

chown -R 500:500 /var/log/nagios/
chown -R 500:500 /etc/nagios/
chown -R 500:500 /usr/share/nagios/

Configure authentication within Nagios

vi /etc/nagios/nagios.cfg
# AUTHENTICATION USAGE
use_authentication=1
# SYSTEM/PROCESS INFORMATION ACCESS
authorized_for_system_information=nagiosadmin
# CONFIGURATION INFORMATION ACCESS
authorized_for_configuration_information=nagiosadmin
# SYSTEM/PROCESS COMMAND ACCESS
authorized_for_system_commands=nagiosadmin
# GLOBAL HOST/SERVICE VIEW ACCESS
authorized_for_all_services=nagiosadmin
authorized_for_all_hosts=nagiosadmin
# GLOBAL HOST/SERVICE COMMAND ACCESS
authorized_for_all_service_commands=nagiosadmin
authorized_for_all_host_commands=nagiosadmin

Set up httpasswd's for the accounts for Nagios

htpasswd -c /etc/nagios/htpasswd.users nagiosadmin
htpasswd /etc/nagios/htpasswd.users guest

Configure Zimbra's http/apache to use nagios http config file

vi /opt/zimbra/conf/httpd.conf
**Add the following towards bottom**
# Include Nagios
Include /opt/zimbra/httpd/conf/extra/nagios.conf

Starting nagios is done as root

/etc/init.d/nagios start

Restarting apache for nagios issues would be done with (as zimbra)

zmapachectl stop
zmapachectl start

The webpage address to view Nagios will be like this:

http://IP_OF_SERVER:7780/nagios/

Use the rest of this how-to to configure it now: http://wiki.centos.org/HowTos/Nagios

MRTG - SNMP On Zimbra

This is a really rough draft for ideas I have in background. Shouldn't be used by anyone.

Configure yum with repo and install mrtg, net-snmp, net-snmp-utils

vi /etc/yum.repos.d/Dag.repo
yum update
yum instal mrtg net-snmp net-snmp-utils

Follow some how-to on setting up the basics.

Create a http config:

vi /opt/zimbra/httpd/conf/extra/mrtg.conf
Alias /mrtg "/opt/zimbra/mrtg"
<Directory "/opt/zimbra/mrtg">
#  SSLRequireSSL
  Options None
  AllowOverride None
  Order allow,deny
  Allow from all
#  Order deny,allow
#  Deny from all
#  Allow from 127.0.0.1
</Directory>

Add mrtg to http configuration within zimbra:

vi /opt/zimbra/conf/httpd.conf
# Include Mrtg
Include /opt/zimbra/httpd/conf/extra/mrtg.conf

Restart apache:

zmapachectl stop
zmapachectl start

Create directory to hold mrtg data:

mkdir /opt/zimbra/mrtg

Address will be something like:

http://IP_OF_SERVER:7780/mrtg/index.html

Mailq Pointing To Right Binary

# ls -la /usr/bin/mailq
 lrwxrwxrwx 1 root root 27 Sep  3 17:00 /usr/bin/mailq -> /etc/alternatives/mta-mailq
# ls -la /etc/alternatives/mta-mailq
 lrwxrwxrwx 1 root root 23 Apr  1 10:17 /etc/alternatives/mta-mailq -> /usr/bin/mailq.sendmail
# rm /usr/bin/mailq
# ln -s /opt/zimbra/postfix/sbin/mailq /usr/bin/mailq
# mailq
 Mail queue is empty

Web Client Logging

Active Sessions

Please see Zmsoap#Active_Server_Sessions_With_DumpSessionsRequest

Debug (SOAP) via Browser

See http://wiki.zimbra.com/index.php?title=Web_Client_URL_Tricks&redirect=no

Admins To View Client Issues

Within the admin console, you can view users mail.

  • Goto accounts and highlight the user having the problem.
  • Click on the View Mail button above that frame.
  • Then goto the url field of that new window and modify it to look like this [replace mailserver with yours]:
  • Hit your return key to cause the browser to reload.
    • If you get warning about pop-up, accept it.
    • If the debug window doesn't show, just mouse in the url field and hit the return key again. It should now pop up.

User Management Topics

   KB 2439        Last updated on 2008-07-16  




0.00
(0 votes)
24px ‎  - This is Zeta Alliance Certified Documentation. The content has been tested by the Community.


Actual User Management Topics Homepage

Please see Ajcody-User-Management-Topics

Resetting A User's Account From CLI

Resetting A Password

Standard Method

SetPassword [sp] from zmprov:

zmprov sp joe@domain.com test321

Resetting Users Auth Session - Force Disconnect

Please See First - In Case Of Compromised Accounts / Spammers

Note - Restarting the mta services will be important once you reset the password/s or lock the account. It's required to ensure the active connections will be closed and any existing auth tokens no longer are valid. See:

Changing the Users Password To Expire Session

See Resetting A Password Via CLI or change it via the admin console.

Prior To 605 - Use CLI To Change zimbraAuthTokenValidityValue To Expire The Session

Change the zimbraAuthTokenValidityValue to a small time value:

su - zimbra
zmprov ma <accountname> zimbraAuthTokenValidityValue 1
zmprov fc account <accountname>

This value gets stored in the auth token and compared on every request. Changing it will invalidate all outstanding auth tokens.

8.7.6+ invalidate sessions by removing zimbraAuthTokens

This may be helpful in case you do no want to change zimbraAuthTokenValidityValue or changing zimbraAuthTokenValidityValue does not log you out.

To clear or reset all auth token values we need to enter token data in a particular format like "1689192272|1548369012160|8.8.15_GA_3890".

These are the steps to clear the auth tokens from an account. 1). First check few stored token for the account.

     zmprov ga USERNAME@DOMAIN.COM zimbraAuthTokens | head

2). Now pick anyone token value and set it with below command, with this step only one token will be set and others will be removed.

     zmprov -l ma USERNAME@DOMAIN.COM zimbraAuthTokens '1689192272|1548369012160|8.8.15_GA_3890'

3). Flush the account cache at the end.

     zmprov fc account USERNAME@DOMAIN.COM

All sessions of USERNAME@DOMAIN.COM are now ended.

6.0.5+ You Have Admin Console Option

In the admin console, under the Manage Accounts window you can right click on the user name and choose "Expire Sessions".

User , Mailbox ID's, And Who Is What

ZimbraID [UserID] is system wide.

MailboxID is per server store.

To get the ZimbraID:

$ zmprov ga user@domain.com | grep -i zimbraid
zimbraId: aeca260b-6faf-4cfe-b407-7673748aabf4
zimbraIdentityMaxNumEntries: 20

To get the MailboxID, get on the appropriate mailserver and:

zmprov gmi user@domain.com
mailboxId: 3
quotaUsed: 251512

or globally:

/opt/zimbra/bin/mysql -e "use zimbra; select id from mailbox where account_id = 'UserID HERE including the leading 0'"

Other details can be found here:

http://wiki.zimbra.com/index.php?title=Account_mailbox_database_structure

Account & Domain Summary

Run zmaccts

Here's what it would return:

su - zimbra
[zimbra@mail3 ~]$ zmaccts
           account                          status             created       last logon
------------------------------------   -----------     ---------------  ---------------
admin@mail3.internal.domain.com           active      05/06/08 18:46   07/08/08 09:56
ajcody@mail3.internal.domain.com          active      05/06/08 20:43   06/23/08 15:48
ajcody2@mail3.internal.domain.com         active      05/28/08 11:48   06/30/08 17:44
forward@mail3.internal.domain.com         active      05/06/08 21:06   05/29/08 17:24
ham.bidiob2mm@mail3.internal.domain.com   active      05/06/08 18:47            never
spam.rormmtcyy@mail3.internal.domain.com  active      05/06/08 18:47            never
wiki@mail3.internal.domain.com            active      05/06/08 18:46            never
           account                        status             created       last logon
------------------------------------   -----------     ---------------  ---------------
secondary@secondary.internal.domain.com   active      06/23/08 15:26   06/23/08 15:27
wiki@secondary.internal.domain.com        active      06/23/08 15:25            never
-
                                domain summary
-
    domain                  active    closed    locked    maintenance     total
-----------------------   --------  --------  --------  -------------  --------
mail3.internal.domain          7         0         0              0         7
secondary.internal.domain          2         0         0              0         2

Last Logon comes from the variable zimbraLastLogonTimestamp . This is used to update the "Last Login Time" column in the admin web console as well. It also shows up with [ zmprov ga user@domain ]. Login's based upon session type would only be found in either audit.log or the mailbox.log files. It should have a reference to the user id and the session type for the login [ pop, imap, etc. ].

RFE To Expand zmaccts Output And Options

Please see the following RFE I made:

Zmmailbox Stuff

Shares And Permissions

RFE's And Bugs To Review

Please see these RFE's first:


Some other's to look at:

To See All Folders For A User

Do the following for the user:

[zimbra@mail3 ~]$ zmmailbox -z -m ajcody@DOMAIN gaf
        Id  View      Unread   Msg Count  Path
----------  ----  ----------  ----------  ----------
         1  conv           0           0  /
        16  docu           0           2  /Briefcase
        10  appo           0           1  /Calendar
        14  mess           0           0  /Chats
         7  cont           0           0  /Contacts
         6  mess           0           0  /Drafts
        13  cont           0           9  /Emailed Contacts
         2  mess           0          11  /Inbox
         4  mess           0           0  /Junk
       344  mess           0           0  /Junk E-mail
        12  wiki           0           0  /Notebook
       302  appo           0           0  /Restored
         5  mess           0          15  /Sent
       420  mess           0           0  /Share
       421  mess           0           0  /Share/Share1
       422  mess           0           0  /Share/Share1/Share1-1
       423  mess           0           0  /Share/Share2
       424  mess           0           0  /Share/Share2/Share2-1
        15  task           0           2  /Tasks
         3  conv           0           0  /Trash

To See All Shares And Perms On A Users Folders

Do the following for the user [ I'm cutting some of the output to keep it short ]:

[zimbra@mail3 ~]$ zmmailbox -z -m ajcody@DOMAIN gaf -v
{
 "id": "1",
 "name": "USER_ROOT",
 "path": "/",
 "parentId": "11",
 "flags": null,
 "color": "defaultColor",
 "unreadCount": 0,
 "messageCount": 0,
 "view": "conversation",
 "url": null,
 "effectivePermissions": null,
 "children": [
{
####
CUT HERE
####
{
 "id": "5",
 "name": "Sent",
 "path": "/Sent",
 "parentId": "1",
 "flags": null,
 "color": "defaultColor",
 "unreadCount": 0,
 "messageCount": 15,
 "view": "message",
 "url": null,
 "effectivePermissions": null
},
{
 "id": "420",
 "name": "Share",
 "path": "/Share",
 "parentId": "1",
 "flags": "i",
 "color": "defaultColor",
 "unreadCount": 0,
 "messageCount": 0,
 "view": "message",
 "url": null,
 "effectivePermissions": null,
 "grants": [
{
 "type": "usr",
 "name": "ajcody2@mail3.internal.domain.com",
 "id": "88fd808e-a526-419d-9eda-ad50100d23b6",
 "permissions": "rwidx",
 "args": null
},
{
 "type": "all",
 "name": null,
 "id": null,
 "permissions": "rwx",
 "args": null
}
],
 "children": [
{
 "id": "421",
 "name": "Share1",
 "path": "/Share/Share1",
 "parentId": "420",
 "flags": "i",
 "color": "defaultColor",
 "unreadCount": 0,
 "messageCount": 0,
 "view": "message",
 "url": null,
 "effectivePermissions": null,
 "grants": [
{
 "type": "usr",
 "name": "ajcody2@mail3.internal.domain.com",
 "id": "88fd808e-a526-419d-9eda-ad50100d23b6",
 "permissions": "rwidx",
 "args": null
},
{
 "type": "usr",
 "name": "admin@mail3.internal.domain.com",
 "id": "5ab13330-2e9b-4a45-9b30-de2c70858265",
 "permissions": "rwidx",
 "args": null
}
],
 "children": [
{
 "id": "422",
 "name": "Share1-1",
 "path": "/Share/Share1/Share1-1",
 "parentId": "421",
 "flags": null,
 "color": "defaultColor",
 "unreadCount": 0,
 "messageCount": 0,
 "view": "message",
 "url": null,
 "effectivePermissions": null
}
]
},
{
 "id": "423",
 "name": "Share2",
 "path": "/Share/Share2",
 "parentId": "420",
 "flags": null,
 "color": "defaultColor",
 "unreadCount": 0,
 "messageCount": 0,
 "view": "message",
 "url": null,
 "effectivePermissions": null,
 "children": [
{
 "id": "424",
 "name": "Share2-1",
 "path": "/Share/Share2/Share2-1",
 "parentId": "423",
 "flags": null,
 "color": "defaultColor",
 "unreadCount": 0,
 "messageCount": 0,
 "view": "message",
 "url": null,
 "effectivePermissions": null
}
###
CUT HERE
###
]
}

Remove All Shares

RFE I filed for zmmailbox to have options for this and "recursive".

Script To Remove All Shares

Here's a script I wrote. Remove the echo statements to actually run the commands.

#!/bin/bash
USER="ajcody@mail3.internal.domain.com"
SHARE="/Shared"
GETPERM="zmmailbox -z -m $USER gfg $SHARE"
MODPERM="zmmailbox -z -m $USER mfg $SHARE"
DUMBPASS="34lkoso"
NEWPERM=none

$GETPERM | egrep -i 'all|guest|public|accoun|domain|group' | gawk '{print $2 " " $3}' | while read SHAREPERM
do
TYPE=`echo $SHAREPERM|awk '{print $1}'`
DISPLAY=`echo $SHAREPERM|awk '{print $2}'`

case $TYPE in
        accoun) echo $MODPERM account $DISPLAY $NEWPERM
        ;;
        guest) echo $MODPERM $TYPE $DISPLAY $DUMBPASS $NEWPERM
        ;;
        all) echo $MODPERM $TYPE $NEWPERM
        ;;
        *) echo $MODPERM $SHAREPERM $NEWPERM
        ;;
        esac
done

Ouput of an example:

[zimbra@mail3 ~]$  zmmailbox -z -m ajcody@mail3.internal.domain.com gfg /Shared
Permissions    Type  Display
-----------  ------  -------
          r     all
          r   guest  ajcody@domain.com
          r  accoun  admin@mail3.internal.domain.com
          r   group  mydl@mail3.internal.domain.com
          r  domain  mail3.internal.domain.com
[zimbra@mail3 ~]$ /tmp/remove-share.sh
zmmailbox -z -m ajcody@mail3.internal.domain.com mfg /Shared all none
zmmailbox -z -m ajcody@mail3.internal.domain.com mfg /Shared guest ajcody@domain.com none
zmmailbox -z -m ajcody@mail3.internal.domain.com mfg /Shared account admin@mail3.internal.domain.com none
zmmailbox -z -m ajcody@mail3.internal.domain.com mfg /Shared group mydl@mail3.internal.domain.com none
zmmailbox -z -m ajcody@mail3.internal.domain.com mfg /Shared domain mail3.internal.domain.com none

I then removed the echo statements:

[zimbra@mail3 ~]$ vi /tmp/remove-share.sh
[zimbra@mail3 ~]$ /tmp/remove-share.sh
[zimbra@mail3 ~]$  zmmailbox -z -m ajcody@mail3.internal.domain.com gfg /Shared
Permissions    Type  Display
-----------  ------  -------
[zimbra@mail3 ~]$
User Contributed Perl Script To Remove All Shares

Please TEST this on a test box or a test account before running against a production situation. ZCS version change and commands might act different. Also note, this is a user contributed script and not one from Zimbra developers or the support staff. Also - the wiki formatting might throw of the script and could require you to fix before it runs correctly.

Script is called - zmshares - and should be named such.

#!/usr/bin/env perl
#
#
# This program was written by Pablo Garaitonandia on Nov. 26 2012.
# This program is for viewing and deleting all the shares that a user 
# may have in the event that removing the many shares a user has is 
# time consuming.
# This was written on a system running Zimbra 7.2.0, RHEL 5.8, with perl v5.8.8


use strict;
use warnings;
use Getopt::Long;


my $id=getpwuid($<);
my $help=0;
my $user_id=0;
my $option=0;
my @shares;
sub view_share;
sub del_share;


chomp $id;
if ($id ne "zimbra") {
	print STDERR "Error: must be run as zimbra user\n";
	exit (1);
	}



GetOptions(
        'h|help' => \$help,
        'u|uid=s' => \$user_id,
	'o|option=s'=> \$option, ) or die "Incorrect usage!\n";



# Check for usage, definition, and correct argument types
if ((defined ($user_id) && ($user_id =~ /([a-z0-9]+@[a-z.]+\.[a-z.]+)/gi)) 
	&& (defined ($option) && (($option eq "delete") || ($option eq "view")))) {
		print "\n$option: shares for $user_id \n\n";
		} elsif ($help) {
        	usage();
		} else {
		usage(1);
		}



if ($option eq "view"){ view_share();}
if ($option eq "delete"){ del_share();}


sub view_share {
	open(VIEW, "/opt/zimbra/bin/zmprov getShareInfo $user_id |");	
	print <VIEW>;
	}

sub del_share {
	open(SHARES, "zmprov getShareInfo $user_id |awk '{print substr(\$0,70,6) ,substr(\$0,131,36), substr(\$0,168,15)}' | awk 'NR>2' |");
	@shares = <SHARES>;
	if (!(@shares)){
		print "EXITING: User has no shares to delete.  \n\n";
		 exit (1);
		}	
	foreach my $share (@shares){
		my @line = split(/\s+/, $share);
		if (defined ($line[2])){
			print "zmmailbox -z -m $user_id  mfg $line[0] account $line[1] none\n";
			system("/opt/zimbra/bin/zmmailbox -z -m $user_id  mfg $line[0] account $line[1] none") == 0
				or die "Command Failed";
			} else {
			print "zmmailbox -z -m $user_id  mfg $line[0] account \"\" none\n";
			system("zmmailbox -z -m $user_id  mfg $line[0] account \"\" none") == 0
				or die "Command Failed";
			}
		}
	}


sub usage {

        my ($msg) = (@_);

        $msg && print STDERR "\nINCORRECT USAGE: $msg\n";
        print STDERR <<USAGE;

  zmshares -u username\@domain -o (delete|view)

  Where:
  -u: (user\@domain)  The full user id with domain for user. 
  -o: (delete|view) Delete or view ALL shares for the user

USAGE
        exit (1);
}



__END__

Setting Up A Share - CLI

I've yet to test these against all items (resources) listed in bug 25740 and work as expected.

To see current perms

zmmailbox -z -m faxfinder@example.com gfg /Inbox

To modify perms:

  • r = read
  • w = write
  • i = insert
  • d = delete
  • x = accept/decline invites
  • a = administer
zmmailbox -z -m faxfinder@example.com mfg /Inbox account user@example.com rwidx

To confirm perms are set:

zmmailbox -z -m faxfinder@example.com gfg /Inbox

To mount "folder" into a user account that was given permission:

zmmailbox -z -m user@example.com cm --view message "/Incoming_Faxes" faxfinder@example.com /Inbox

To confirm folder is mounted:

zmmailbox -z -m user@example.com gaf

Additions notes/options see:

zmmailbox help folder 

For mfg it shows it can take the below as a target:

  • account {name}
  • group {name} *This could be a DL?*
  • domain {name}
  • all
  • public
  • guest

Scripting note to do this with multiple users:

  • zmmailbox cm could use the zmprov gaa to provide a list of all accounts, this would include system & archive (if exist) accounts though.

How To Turn Off Sharing

You can enable / disable sharing from admin console:

- Admin console --> class of service --> select the CoS (eg default) --> features --> general features --> check/uncheck 'Sharing' option

Alternatively, this can be achieved by having the following CoS attribute either 'TRUE' or 'FALSE', from command line: zimbraFeatureSharingEnabled

Searches With zmmailbox


Special Note If Your Search String Needs Spaces

Here is an example using the correct format to include required spaces to have your search do what you want. For instance, many shared folders will end up using, by default, spaces in the folder name.

$ zmmailbox -z -m ajcody@`zmhostname` gaf | grep appo
        10  appo           0           0  /Calendar
       263  appo           0           2  /Large Share's Calendar (large-share@mail71.DOMAIN.com:10)

$ zmmailbox -z -m ajcody@`zmhostname` s -t appo in:"\"Large Share's Calendar"\"
num: 2, more: false

                                         Id  Type   From        Subject               Date
   ----------------------------------------  ----   ----------  --------------------- ------
1. 799efb72-2e6b-400a-8881-c5f9d7c282b1:265  appo   <na>        Test On Thu           10/28/10 00:02
2. 799efb72-2e6b-400a-8881-c5f9d7c282b1:263  appo   <na>        test for friday       10/28/10 00:02

Note, the "\"Text1 Text2"\" is for a [s option] search string query, when querying for the folder name with other zmmailbox options - normal quoting works. For example:

$ zmmailbox -z -m ajcody@`zmhostname` gfg "Large Share's Calendar"  
Permissions      Type  Display
-----------  --------  -------
     rwidxa   account  ajcody@mail71.DOMAIN.com

Search For Messages And Then Delete Them

Here's some examples to grab the message id's from a search and then put them in a variable to use for the delete command.

Other reference: King0770-Notes#Removing_Messages_with_Zmmailbox_based_on_the_Subject

Note - Crossmailbox Search And Delete Is Currently An RFE

See the following :

First - Default Search Returns Only 25 Results

From zmmailbox [help search] & zmmailboxsearch

--limit (optional)
-l
Sets the limit for the number of results returned. The default is 25.
Example Search With A From And To Date - Multiple Variable Search

This allows you to restrict your search in-between a date range.

zmmailbox -z -m user@domain.com s -t message -l 999 "before:6/15/2011 and after:6/9/2011"

Note - If your trying to do this for a tgz export, please see the following :

Example Search With To Field
[zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com s -t message "To: Adam"
num: 4, more: false

     Id  Type   From                  Subject                                             Date
   ----  ----   --------------------  --------------------------------------------------  --------------
1.  269  mess   Adam                  Re: 8-7-08 11:37 AM to both outside accounts        08/07/08 11:57
2.  268  mess   Adam                  Re: 8-7-08 11:37 AM to both outside accounts        08/07/08 11:39
3.  266  mess   Adam                  Re: 8-7-08 11:37 AM to both outside accounts        08/07/08 11:38
4.  263  mess   Adam                  Re: test on 8-7-08 to zimbra account                08/07/08 11:37

[zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com s -t message "To: Adam" |awk '{ if (NR!=1) {print}}'| grep mess | awk '{ print $2 "," }' | tr -d '\n'

269,268,266,263,

[zimbra@mail3 ~]$ message=`zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com s -t message "To: Adam" |awk '{ if (NR!=1) {print}}'| grep mess | awk '{ print $2 "," }' | tr -d '\n'`

[zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com dm `echo $message`

[zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com s -t message "To: Adam"
num: 0, more: false
Example Search With From Field
[zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com s -t message "From: Adam"
num: 8, more: false

     Id  Type   From                  Subject                                             Date
   ----  ----   --------------------  --------------------------------------------------  --------------
1.  464  mess   Adam                  test 3                                              10/02/08 11:43
2.  463  mess   Adam                  test  2                                             10/02/08 11:43
3.  462  mess   Adam                  test  1                                             10/02/08 11:43
4.  461  mess   Adam                  test                                                09/29/08 16:18
5.  460  mess   Adam                  test for mailbox log                                09/29/08 16:17
6.  265  mess   Adam                  8-7-08 11:37 AM to both outside accounts            08/07/08 11:38
7.  261  mess   Adam                  test on 8-7-08 to zimbra account                    08/07/08 11:36
8.  257  mess   Adam                  test from zimbra on 8-7-08                          08/07/08 11:27

[zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com s -t message "From: Adam" |awk '{ if (NR!=1) {print}}'| grep mess | awk '{ print $2 "," }' | tr -d '\n'

464,463,462,461,460,265,261,257,

[zimbra@mail3 ~]$ message=`zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com s -t message "From: Adam" |awk '{ if (NR!=1) {print}}'| grep mess | awk '{ print $2 "," }' | tr -d '\n'`

[zimbra@mail3 ~]$ echo $message

464,463,462,461,460,265,261,257,

[zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com dm `echo $message`

[zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com s -t message "From: Adam"
num: 0, more: false

[zimbra@mail3 ~]$

More Search Possibilities

Please see [Search Tips]

Export & Import Of Users Data In TGZ Format

Please see Ajcody-Migration-Notes#ZCS_User_to_Another_ZCS_Server_-_With_Rest_.26_TGZ

Seeing What & Where Of A Message ID

If your need to figure out what the actual email/message is from a logging event.

For example, log shows:

 2009-03-03 22:04:58,969 INFO [btpool0-5532] [name=USER@DOMAIN.com;mid=8;ip=10.0.0.1;ua=ZimbraWebClient - IE6
(Win)/5.0.11_GA_2695.UBUNTU8_64;] mailop - moving Message (id=10955) to Folder Trash (id=3) 

To see the details of the message, do the following:

zmmailbox -z -m USER@DOMAIN gm 10955
Id: 10955
Conversation-Id: 11155
Folder: /Trash
Subject: FW: How are you doing?
From: User External <USER@DOMAIN.com>
To: <USER@DOMAIN.com>
...etc...

Message Count Mismatches

Message Count Via zmprov

To see a listing of message count in folders, replace USER@DOMAIN w/ user:

zmmailbox -z -m USER@DOMAIN gaf

You can also do something like this:

zmmailbox -z -m USER@DOMAIN s -t mess in:"FOLDER_IN_QUESTION"

If the folder has spaces, use the following format : "\"Large Share's Calendar"\"

zmprov rmc RecalculateMailboxCounts

From the zmprov help for rmc:

RecalculateMailboxCounts  rmc  {name@domain|id}
  When unread message count and quota usage are out of sync with the data 
  in the mailbox, use this command to immediately recalculate the mailbox 
  quota usage and unread messages count.

  Important: Recalculating mailbox quota usage and message count should be 
  schedule to run in off peak hours and used on one mailbox at a time. 

Example:
  $zmprov rmc user@domain

Users should log into a new ZWC session after this was done.

If User Is Using IMAP Client

We have some bugs/rfe's in regards to how various IMAP clients operate with their delete/purge and it's impact on the our message counting.

Here's a recent one:

One work around was by configuring the IMAP client to move messages to a Trash/Deleted Items folder [if available] and to delete/purge messages immediately or upon sign off.

Check The Message Blobs On The File System

This is more of a sanity check, confirming the user does have what you would estimate for message blobs on the file system under their message store path.

See: Ajcody-Mysql-Topics#How_To_Locate_Users_Mailstore_and_Message_Store_Directory

You might also see "No Such Blob" messages in the ZWC client and the mailbox.log file.

See: Ajcody-Notes-No-Such-Blob

Make Sure Your Not Auto-purging Messages

These are set at the global or server level.

zmprov gacf | egrep "zimbraMailPurgeSleepInterval|zimbraMailTrashLifetime|\
zimbraMailSpamLifetime|zimbraMailMessageLifetime"

zmprov gs server.domain.com | egrep "zimbraMailPurgeSleepInterval|\
zimbraMailTrashLifetime|zimbraMailSpamLifetime|zimbraMailMessageLifetime"

These at the user level:

zmprov ga user@domain | egrep "zimbraPrefInboxReadLifetime|zimbraPrefInboxUnreadLifetime|\
zimbraPrefSentLifetime|zimbraPrefJunkLifetime|zimbraPrefTrashLifetime"

Reference:

Managing Legal Requests for Information

Description:

The ZCS legal intercept feature is used to obtain copies of email messages that are sent, received, or saved as drafts from targeted accounts and send these message to a designated “shadow” email address. Legal Intercept can be configured to send the complete content of the message or to send only the header information. When a targeted account sends, receives, or saves a draft message, an intercept message is automatically created to forward copies of the messages as attachments to the specified email address.

Please see:

Persona, Identities, Send As, Send On Behalf Of Issues

For ZCS 8 And Above You Must Grant ACL Rights For sendAs and sendAsDistList for internal users

This section below only applies to versions ZCS 6 and ZCS 7. For ZCS 8 and above, the zimbraAllowFromAddress variable only is valid for external accounts and can NOT be used for internal users or ZCS distribution lists [DL's]. Please see the following for ZCS 8+

CLI Commands To Manage Persona, Identities, External Account

The following should provide you with the necessary commands to manage these user configurations:

 zmprov help command| grep -i data
 createDataSource(cds) {name@domain} {ds-type} {ds-name} zimbraDataSourceEnabled {TRUE|FALSE} zimbraDataSourceFolderId {folder-id} [attr1 value1 [attr2 value2...]]
 deleteDataSource(dds) {name@domain|id} {ds-name|ds-id}
 getDataSources(gds) {name@domain|id} [arg1 [arg2...]]
 modifyDataSource(mds) {name@domain|id} {ds-name|ds-id} [attr1 value1 [attr2 value2...]]
 zmprov help command| grep -i identit
 createIdentity(cid) {name@domain} {identity-name} [attr1 value1 [attr2 value2...]]
 deleteIdentity(did) {name@domain|id} {identity-name}
 getIdentities(gid) {name@domain|id} [arg1 [arg...]]
 modifyIdentity(mid) {name@domain|id} {identity-name} [attr1 value1 [attr2 value2...]]

Bugs And RFE's To Look At

Send As Issues

On Behalf Of Issues

Persona Setup With Send As [zimbraAllowFromAddress] Rights Rather Than On Behalf Of

This section below only applies to versions ZCS 6 and ZCS 7. For ZCS 8 and above, the zimbraAllowFromAddress variable only is valid for external accounts and can NOT be used for internal users or ZCS distribution lists [DL's]. Please see the following for ZCS 8+


Using A DL - Mailing List - As Your Shared Email Address

This was tested against ZCS 6.0.8p1 .

Attribute descriptions - 608 :

zimbra-attrs.xml:<attr id="427" name="zimbraAllowAnyFromAddress" type="boolean" 
   cardinality="single" optionalIn="account,cos" flags="accountInfo,accountInherited">

zimbra-attrs.xml:<attr id="428" name="zimbraAllowFromAddress" type="email" max="256" 
   cardinality="multi" optionalIn="account" flags="accountInfo,domainAdminModifiable">
  • First, created a test user account:
    • ajcody@rr608.zimbra.DOMAIN.com
      • In the admin web console, under the users preferences tab :
        • Sending Mail > checked  : "Allow sending email from any address"
          • zmprov ma ajcody@rr608.zimbra.DOMAIN.com zimbraAllowAnyFromAddress TRUE
          • Note, this could be setup in a COS as well and then assign the users you want to that COS
          • If this is to permissive, because it does allow the user to send as anybody, then you'll want to do this instead:
            • zmprov ma ajcody@rr608.zimbra.DOMAIN.com zimbraAllowAnyFromAddress FALSE
            • zmprov ma ajcody@rr608.zimbra.DOMAIN.com zimbraAllowFromAddress personal-dl@rr608.zimbra.DOMAIN.com
              • Note - bug alert.
                • Testing shown that you could still have a persona setup for a particular address that wasn't set for the zimbraAllowFromAddress variable and zimbraAllowAnyFromAddress is set as FALSE. You'll be able to select it when composing a message and the message is sent with no error. But, what happens is the email is delivered to the recipient with your primary account details rather than the persona's.
  • If your only using a DL for the mail traffic, you would:
    • Create a new DL :
      • persona-dl@rr608.zimbra.DOMAIN.com
        • checked "Can receive email"
        • Added a user/s to the DL:
          • ajcody@rr608.zimbra.DOMAIN.com
  • Now, once that is done we can setup the persona for our "test user" - ajcody. Login as testuser
    • Create a Folder called "Persona DL" and then a filter rule to move all emails with persona-dl@rr608.zimbra.DOMAIN.com to the "Persona DL" folder.
      • Under the users perferences, Mail > Accounts > Add Persona button:
        • Persona Name : Persona DL
          • From : Persona DL # personal-dl@rr608.zimbra.DOMAIN.com
          • Reply-To : Persona DL # personal-dl@rr608.zimbra.DOMAIN.com
          • Use this persona:
          • check "when replying or forwarding messages sent to: Persona DL # personal-dl@rr608.zimbra.DOMAIN.com
          • check "when replying or forwarding messages in folder(s) : Personal DL
  • Things to note when using persona
    • A new message in the "From" section will give a drop down for your persona choice.
    • It's best to create a mail filter rule to put related messages for the persona account into a folder and then in the persona choose the option about using the persona as the default when replying to messages in that folder.

Using A Shared Mailbox As Your Shared Email Address

This section below only applies to versions ZCS 6 and ZCS 7. For ZCS 8 and above, the zimbraAllowFromAddress variable only is valid for external accounts and can NOT be used for internal users or ZCS distribution lists [DL's]. Please see the following for ZCS 8+


The below how-to was tested against ZCS 6.0.8p1 .
  • First, created a test user account:
    • ajcody@rr608.zimbra.DOMAIN.com
      • In the admin web console, under the users preferences tab :
        • Sending Mail > checked  : "Allow sending email from any address"
          • zmprov ma ajcody@rr608.zimbra.DOMAIN.com zimbraAllowAnyFromAddress TRUE
          • Note, this could be setup in a COS as well and then assign the users you want to that COS
          • If this is to permissive, because it does allow the user to send as anybody, then you'll want to do this instead:
            • zmprov ma ajcody@rr608.zimbra.DOMAIN.com zimbraAllowAnyFromAddress FALSE
            • zmprov ma ajcody@rr608.zimbra.DOMAIN.com zimbraAllowFromAddress personal-source@rr608.zimbra.DOMAIN.com
              • Note - bug alert.
                • Testing shown that you could still have a persona setup for a particular address that wasn't set for the zimbraAllowFromAddress variable and zimbraAllowAnyFromAddress is set as FALSE. You'll be able to select it when composing a message and the message is sent with no error. But, what happens is the email is delivered to the recipient with your primary account details rather than the persona's.
  • If I was only using a "shared mailbox" for the mail traffic, I would:
    • First create a DL that will have the user accounts you want to share this 'new' mailbox [Inbox]:
      • Create a new DL:
        • persona-share@rr608.zimbra.DOMAIN.com
          • checked "Can receive email"
          • Added a user to the DL:
            • ajcody@rr608.zimbra.DOMAIN.com
  • The create a new account/mailbox that others will share:
    • persona-source@rr608.zimbra.DOMAIN.com
      • From the 'admin console', do "View Mail" on the new account
        • Share the Inbox to the DL : persona-share@rr608.zimbra.DOMAIN.com w/ Manager or Admin Rights
  • Log back into the 'test user' acocunt - ajcody@rr608.zimbra.DOMAIN.com
    • Accept the share and confirm you see the "Inbox" from the "persona-source" account.
      • Then, under the users perferences, Mail > Accounts > Add Persona button::
        • Persona Name : Persona Source
          • From : Persona Source # persona-source@rr608.zimbra.DOMAIN.com
          • Reply-To : Persona Source # persona-source@rr608.zimbra.DOMAIN.com
          • Use this persona:
          • check "when replying or forwarding messages sent to: persona-source@rr608.zimbra.DOMAIN.com
          • check "when replying or forwarding messages in folder(s) : Persona Source's Inbox
  • Things to note when using persona
    • A new message in the "From" section will give a drop down for your persona choice.
    • It's best to create a mail filter rule to put related messages for the persona account into a folder and then in the persona choose the option about using the persona as the default when replying to messages in that folder.
    • Need An RFE/BUG Report? - When you have a shared mailbox folder, the 'normal' operation when replying to messages from that folder is to send them "on behalf of". You don't want this option, since your wanting to use the persona rules. You might need to "uncheck" the box under the new message that says:
      • uncheck box for "Send this message on behalf of: persona-source@rr608.zimbra.DOMAIN.com"
      • I couldn't find a way to have this "unchecked" as the default.

Sieve Rules

Administrating Rules For Users - CLI

Please see King0770-Notes-Sieve_Rules_By_Proxy


Ajcody Server Topics

   KB 2439        Last updated on 2008-07-16  




0.00
(0 votes)
24px ‎  - This is Zeta Alliance Certified Documentation. The content has been tested by the Community.


I moved the following pages out of this section to Ajcody-Server-Plan-Move-Migration-Upgrade-DR. It was getting to large to edit and load in web browser.

Server Topics

Actual Server Topics Homepage

Please see Ajcody-Server-Topics

Issues Being Investigated

Actual Server Issues Being Investigated Homepage

Please see Ajcody-Server-Issues-Being-Investigated

License Issues

Getting License Details Via Soap - Consumed Licenses

First, flush the cache on all servers for the license information. Then do the query via soap.

zmprov fc -a license
zmsoap -z GetLicenseRequest

Two lines that are generally of interest are, for example :

   <attr name="TotalAccounts">3</attr>
   <attr name="ArchivingAccounts">3</attr>

What Should Count Against License

Real accounts, as listed in admin console under Addresses > Accounts. The admin account will count against this but the ham, spam, and wiki ones will not.

Accounts or entries listed under : Aliases , Distribution Lists, Resources should not. See below for bug about Resources though.

Deleted Accounts Still Show In Use

Please see:

Another suggestion if zimbra restarts don't work, as zimbra:

zmprov fc license

When you have multi ZCS servers:

zmprov fc -a license

Resources Counting Against License

Please see:

Workaround is :

  • zmcontrol stop
  • zmcontrol start

Tested on 5.0.9

  • license count 5
    • created two resources
  • license count 7
    • zmcontrol stop
    • zmcontrol start
  • license count 5

Performance Issues When Using Mini-Cal And You Have zimbraMailCanonicalAddress Set To Domains You Don't Have

Background Bugs:

Do you have any user's with the variable zimbraMailCanonicalAddress set using a domain that is not within your Zimbra infrastructure? There was case that had that set for a particular user to a domain they didn't have within Zimbra and the symptom showed as a performance issue within the mini-calendar & calendar. The root cause was actually the ldap lookups occurring in the background (those against the zimbraMailCanonicalAddress domain).

  • One work around was setting:
    • zmlocalconfig -e ldap_starttls_supported=0
      •  ldap stop
      •  ldap start
    • zmlocalconfig -e zimbra_require_interprocess_security=0
    • To update the postfix configuration files.
      • /opt/zimbra/libexec/zmmtainit
    • To update amavis config files.
      • /opt/zimbra/libexec/zmmtaconfig amavis
    • Then restart the system. Still need to double check this will be necessary.
  • The other workaround was to remove the zimbraMailCanonicalAddress variable.

5.0.7+ Performance & Hanging Issues

Administrators might or might not catch this events being tied to calendars or ics data. Here's what I've gather from other cases so far about the issue, there's about 5 of them I've seen. None are resolved at this time (July 23, 08), so use with caution.

1. bug: http://bugzilla.zimbra.com/show_bug.cgi?id=29596 The resolution for this bug would involve an upgrade to 5.0.8 .

  • One customer has reported the upgrade to 5.0.8 has resolved their issue so far. They also confirm that the ics files were being processed with much faster times as logged in mailbox.log
  • Second customer has confirmed upgrade to 5.0.8 has resolved their issue.

2. Check a the thread dump if the message is getting stuck during an invite email delivery to a conference room. You can guess the calendar object based on the emails in the conference room's Inbox.

3. Also check their recurrence expansion configuration in LDAP with:

"zmprov gacf | grep zimbraCalendarRecurrence". 

On a clean install you should see:

zimbraCalendarRecurrenceDailyMaxDays: 730
zimbraCalendarRecurrenceMaxInstances: 0
zimbraCalendarRecurrenceMonthlyMaxMonths: 360
zimbraCalendarRecurrenceOtherFrequencyMaxYears: 1
zimbraCalendarRecurrenceWeeklyMaxWeeks: 520
zimbraCalendarRecurrenceYearlyMaxYears: 100

If these are set to 0, the sysadmin enabled near-infinite expansion on purpose. If these are missing, it's an upgrade problem. The code will default the values to 0 and thus infinite loop. Set them to the above values to avoid long expansions.If these are set to 0, please set to the above values to avoid long exp.

  • One customer has reported that the variables weren't set and they set them to the defaults. Restarted zimbra and issues appear to be resolved. They are holding off on 5.0.8 upgrade at this point.

4. Also you are might hitting bug ( http://bugzilla.zimbra.com/show_bug.cgi?id=28397 - this is a private bug) or something similar like this caused by an offending appointment. You can also find out the mailbox (conference room/user) and put it into maintenance mode to keep the mails flowing. Then try to flush the queue.

Upgrade Issues

Please check the Support Portal page for the most recent issues related to newly released ZCS versions. That is were "issues" are generally posted when we discover "new" situations arising from newly released versions.

Very Long Upgrade Times

zmfixperms Causing Long Upgrade Times - HSM Configurations Effected Usually

Please see:

Upper Case Hostname Causes Problems With Install/Upgrade

I believe this is new for version 5.0.8+. Until you adjust the case, the installer script will not continue. It's usually picking up the upper case hostname from the server's /etc/hosts entry. Please don't do this, use upper case in your hosts file ... Unix is not Windows.



LDAP Topics

   KB 2439        Last updated on 2008-07-16  




0.00
(0 votes)
24px ‎  - This is Zeta Alliance Certified Documentation. The content has been tested by the Community.


Actual LDAP Topics Homepage

Please see Ajcody-LDAP-Topics

LDAP Error Codes

A nice reference on ldap errors codes:

Working With ldap Commands - The Easy Way

Tired of working with long ldap strings on the CLI with ldapmodify, ldapsearch, ldapdelete.

zimbra$ source ~/bin/zmshutil 
zimbra$ zmsetvars 

You can now use this string syntax to make things a little easier.

ldapCOMMAND -x -H $ldap_master_url -D $zimbra_ldap_userdn -w $zimbra_ldap_password ACTION

Anonymous Binds

For new installations of ZCS 6.0, anonymous searches of the directory are disabled. (Bug 15378) When you upgrade to 6.0, anonymous searches of the directory are enabled, matching previous release behavior.

  • To disable anonymous search after upgrading, on each LDAP server, as zimbra run
    • /opt/zimbra/libexec/zmldapanon -d
  • To enable anonymous access at any point after it is disabled, on each LDAP server run
    • /opt/zimbra/libexec/zmldapanon -e

Important: Enabling anonymous binds is not recommended as it may expose data not intended for anonymous access

Ref:

Searching For Account In LDAP

To do ldapsearch for the account, and see if there are any related entries in ldap.

su - zimbra
source ~/bin/zmshutil
zmsetvars
ldapsearch -x -H $ldap_master_url -D $zimbra_ldap_userdn -w $zimbra_ldap_password "mail=USER@DOMAIN.com"

To just dump the whole thing [to grep and so forth]:

su - zimbra
source ~/bin/zmshutil
zmsetvars
ldapsearch -x -H $ldap_master_url -D $zimbra_ldap_userdn -w $zimbra_ldap_password


Searching For Accounts On A Particular Mailstore

To do ldapsearch for the account, and see if there are any related entries in ldap.

su - zimbra
source ~/bin/zmshutil
zmsetvars
ldapsearch -x -H $ldap_master_url -D $zimbra_ldap_userdn -w $zimbra_ldap_password "zimbraMailHost=YOURMAILSTORE.COM"


Other LDAP Search Example

See http://wiki.zimbra.com/wiki/ShanxT-LDAP-CheatSheet

ldapsearch over 636 from non-ZCS linux client

From your ZCS ldap server, you'll want to get the following information:

zmhostname
zmlocalconfig -s | egrep 'ldap_master_url|ldap_url|ldap_starttls_supported|ldap_port|zimbra_ldap_password'

Replace the details below as followed: ZMHOSTNAME with zmhostname's output above, PASSWORD with zimbra_ldap_password from above. Also adjust the -b 'ou=people,dc=DOMAIN,dc=com' to reflect your domain string. The other variables should state port 636 if your setup for ldaps [ref: How_to_enable_ldaps Now try the following now on the ldap server below to confirm ldapsearch works :

ldapsearch -x -H ldaps://ZMHOSTNAME:636 -D uid=zimbra,cn=admins,cn=zimbra -w PASSWORD -LLL -b 'ou=people,dc=DOMAIN,dc=com' -Z

Now, example uses a centos/rhe machine and therefor I use yum vs apt-get, let's setup the non-ZCS linux machine to test the query:

yum install openldap-clients 
vi /etc/openldap/ldap.conf  
  * add 
    TLS_REQCERT allow 

And now the search test from the non-zcs linux host [I provide a couple lines of the output in the example below]. Remember to replace the ZMHOSTNAME and PASSWORD values below with your variables and the -b 'ou=people,dc=DOMAIN,dc=com' to reflect your domain string. :

 ldapsearch -x -H ldaps://ZMHOSTNAME:636 -D uid=zimbra,cn=admins,cn=zimbra -w PASSWORD -LLL -b 'ou=people,dc=DOMAIN,dc=com' -Z
 
   ldap_start_tls: Operations error (1) 
   additional info: TLS already started 
   dn: ou=people,dc=DOMAIN,dc=com    
   objectClass: organizationalRole 
   ou: people 
   cn: people 

Deleting An Account In LDAP

Via zmprov

Caution - this should normally only be done under guidance or request by support.

This will delete the account from ldap and not from the db (mysql). It also retains the mail store and index data:

zmprov -l da <USER@DOMAIN.com>

Via ldapdelete

Caution - this should normally only be done under guidance or request by support.

One way:

su - zimbra
source ~/bin/zmshutil
zmsetvars
ldapsearch -LLL -x -H $ldap_master_url -D $zimbra_ldap_userdn -w $zimbra_ldap_password "mail=ajcody@zimbra.DOMAIN.com" dn
    dn: uid=ajcody,ou=people,dc=zimbra,dc=DOMAIN,dc=com
ldapdelete -r -x -H $ldap_master_url -D $zimbra_ldap_userdn -w $zimbra_ldap_password uid=ajcody,ou=people,dc=zimbra,dc=DOMAIN,dc=com

Once done, you should be able to add or remove the account using 'zmprov ca' command.

db_recover For OpenLdap DB In /opt/zimbra/openldap-data

Caution - this should normally only be done under guidance or request by support.

For ZCS 5.x

This will cause an impact to your user base, since we'll be stopping the ldap service.

su - zimbra
cd /opt/zimbra/openldap-data
ls -la
  **Notice the __db.00# files**
ldap stop
/opt/zimbra/sleepycat/bin/db_recover
ls -la
  **Notice the __db.00# files are gone**
ldap start

Attempt To Cover Versions Higher Than ZCS5 - I've yet to confirm the below

ZCS 6.X.X
# su - zimbra
$ ldap stop
$ cd /opt/zimbra/openldap-data
$ /opt/zimbra/sleepycat/bin/db_recover

and also, if this is a ldap master:

$ cd /opt/zimbra/openldap-data/accesslog/db
$ /opt/zimbra/sleepycat/bin/db_recover
ZCS 7.0.x

unconfirmed

7.1.x
# su - zimbra
$ ldap stop
$ cd /opt/zimbra/data/ldap/hdb/db
$ /opt/zimbra/bdb/bin/db_recover
7.1.x Ldap Replica & Mailstore - Case Notes

Error customer had in /var/log/zimbra.log after /opt/zimbra partition hit 100% usage.

Aug 25 15:51:12 SERVER postfix/smtpd[20470]: NOQUEUE: reject: MAIL from 
localhost.localdomain[127.0.0.1]: 452 4.3.1 Insufficient system storage; 
proto=ESMTP helo=<localhost>
Aug 25 15:51:12 SERVER amavis[16494]: (16494-03) smtp resp to MAIL (pip): 
452 4.3.1 Insufficient system storage

and later....

Aug 25 17:34:27 SERVER slapd[5627]: @(#) $OpenLDAP: slapd 2.4.26 (Sep 7 2011 
12:24:16) 
$#012#011build@zre-rhel6-64.eng.vmware.com:/home/build/p4/HELIX/ThirdParty/openldap/openldap-2.4.26.5z/servers/slapd
Aug 25 17:34:27 SERVER slapd[5628]: hdb_db_open: database "": unclean shutdown 
detected; attempting recovery.
Aug 25 17:34:27 SERVER slapd[5628]: bdb(): file unknown has LSN 146/8895192, 
past end of log at 146/7885578
Aug 25 17:34:27 SERVER slapd[5628]: bdb(): Commonly caused by moving a database 
from one database environment
Aug 25 17:34:27 SERVER slapd[5628]: bdb(): to another without clearing the database 
LSNs, or by removing all of
Aug 25 17:34:27 SERVER slapd[5628]: bdb(): the log files from a database environment
Aug 25 17:34:28 SERVER slapd[5628]: bdb(): file id2entry.bdb has LSN 146/8895192, 
past end of log at 146/7887443
Aug 25 17:34:28 SERVER slapd[5628]: bdb(): Commonly caused by moving a database 
from one database environment
Aug 25 17:34:28 SERVER slapd[5628]: bdb(): to another without clearing the database 
LSNs, or by removing all of
Aug 25 17:34:28 SERVER slapd[5628]: bdb(): the log files from a database environment
Aug 25 17:34:28 SERVER slapd[5628]: bdb(): /opt/zimbra/data/ldap/hdb/db/id2entry.bdb: 
unexpected file type or format
Aug 25 17:34:28 SERVER slapd[5628]: hdb_db_open: database "": 
db_open(/opt/zimbra/data/ldap/hdb/db/id2entry.bdb) failed: Invalid argument (22).
Aug 25 17:34:28 SERVER slapd[5628]: backend_startup_one (type=hdb, suffix=""): 
bi_db_open failed! (22)
Aug 25 17:34:28 SERVER slapd[5628]: bdb_db_close: database "": alock_close failed
Aug 25 17:34:28 SERVER slapd[5628]: slapd stopped.
Aug 25 17:34:32 SERVER slapd[5631]: @(#) $OpenLDAP: slapd 2.4.26 (Sep 7 2011 12:24:16) 
$#012#011build@zre-rhel6-64.eng.vmware.com:/home/build/p4/HELIX/ThirdParty/openldap/openldap-2.4.26.5z/servers/slapd
Aug 25 17:34:32 SERVER slapd[5632]: bdb(): file id2entry.bdb has LSN 146/8895192, 
past end of log at 146/7887499
Aug 25 17:34:32 SERVER slapd[5632]: bdb(): Commonly caused by moving a database 
from one database environment
Aug 25 17:34:32 SERVER slapd[5632]: bdb(): to another without clearing the database 
LSNs, or by removing all of
Aug 25 17:34:32 SERVER slapd[5632]: bdb(): the log files from a database environment
Aug 25 17:34:32 SERVER slapd[5632]: bdb(): /opt/zimbra/data/ldap/hdb/db/id2entry.bdb: 
unexpected file type or format
Aug 25 17:34:32 SERVER slapd[5632]: hdb_db_open: database "": 
db_open(/opt/zimbra/data/ldap/hdb/db/id2entry.bdb) failed: Invalid argument (22).
Aug 25 17:34:32 SERVER slapd[5632]: backend_startup_one (type=hdb, suffix=""): 
bi_db_open failed! (22)
Aug 25 17:34:32 SERVER slapd[5632]: bdb_db_close: database "": alock_close failed
Aug 25 17:34:32 SERVER slapd[5632]: slapd stopped.

Error from the command line when attempting zmcontrol start or ldap start:

Starting ldap...Done.
Failed.
Failed to start slapd. Attempting debug start to determine error.
hdb_db_open: database "": db_open(/opt/zimbra/data/ldap/hdb/db/id2entry.bdb) 
failed: Invalid argument (22).
backend_startup_one (type=hdb, suffix=""): bi_db_open failed! (22)
bdb_db_close: database "": alock_close failed 

Attempted ldap db recovery.

su - zimbra
zmcontrol stop
cd /opt/zimbra/data/ldap/hdb/db
/opt/zimbra/bdb/bin/db_recover

That didn't work.

Removal of the alock [/opt/zimbra/data/ldap/hdb/db/alock] file also didn't work, ldap start failed with same error and created a new alock file.

Proceeded with some of the steps taken from this reference: http://wiki.zimbra.com/wiki/LDAP_data_import_export

cd /opt/zimbra/data/ldap/
mv hdb hdb.old

Create the new directory structure :

mkdir -p hdb/db
mkdir -p hdb/logs
mv hdb hdb.old
ldap start

Confirmed ldap started ok and also checked replica status.

/opt/zimbra/libexec/zmreplchk
Code: 0 Status: In Sync

zimbra.log looked good.

zmcontrol start

And the rest of the zimbra services came up cleanly.

Ldap Restore

To find the LDAP session labels type -lbs.

zmrestoreldap -lbs

Restore the complete LDAP directory server [example]

zmrestoreldap -lb full20061130135236

ldapmodify Examples

Removing An Alias That Is Also Primary Account

Bug Reference:

External Reference:

Description of problem:

When I try to remove the alias that matches the primary account with zmprov or to delete the Alias in the web console it fails. And attempt to restore the account to another name [ -ca -pre old_] fails as well [Error occurred: Read timed out].

An attempt to rename the primary account doesn't avoid the issue with the matching alias name.

[zimbra@mail root]$ zmprov ra USER@DOMAIN.com USER_OLD@DOMAIN.com
[zimbra@mail root]$ zmprov raa USER_OLD@DOMAIN.com USER@DOMAIN.com
ERROR: account.NO_SUCH_ALIAS (no such alias: USER@DOMAIN.com)
[zimbra@mail root]$ zmprov ra USER_OLD@DOMAIN.com USER@DOMAIN.com

Also, whenever I rename the account, the alias gets renamed with it. Even when using the zimbraID to rename the account.

The following will confirm the issue as it will show a zimbraMailAlias matching a mail variable.

su - zimbra
source ~/bin/zmshutil
zmsetvars
ldapsearch -x -H $ldap_master_url -D $zimbra_ldap_userdn -w $zimbra_ldap_password "mail=USER@DOMAIN.com"
##shows us something like this##
[cut]
# USER, people, DOMAIN.com
dn: uid=USER,ou=people,dc=DOMAIN,dc=com
[cut]
mail: USER@DOMAIN.com
mail: USER_Alias1@DOMAIN.com
mail: USER_Alias2@DOMAIN.com
mail: USER_Alias3@DOMAIN.com
zimbraMailAlias: USER@DOMAIN.com
zimbraMailAlias: USER_Alias1@DOMAIN.com
zimbraMailAlias: USER_Alias2@DOMAIN.com
zimbraMailAlias: USER_Alias3@DOMAIN.com
[cut]

To use ldapmodify to replace the aliases, you would construct a statement like this:

[if you haven't already done this in the current shell]
su - zimbra
source ~/bin/zmshutil
zmsetvars
[end]
ldapmodify -x -H $ldap_master_url -D $zimbra_ldap_userdn -w $zimbra_ldap_password
dn: uid=USER,ou=people,dc=DOMAIN,dc=com
changetype: modify
replace: zimbraMailAlias
zimbraMailAlias: USER_Alias1@DOMAIN.com
zimbraMailAlias: USER_Alias2@DOMAIN.com
zimbraMailAlias: USER_Alias3@DOMAIN.com
[ctrl-D executes this change and drops you to prompt]
zmprov flushCache account USER@DOMAIN.com

Notice the absence of the zimbraMailAlias: USER@DOMAIN.com variable.

To use ldapmodify to delete ALL aliases, you would construct a statement like this:

[if you haven't already done this in the current shell]
su - zimbra
source ~/bin/zmshutil
zmsetvars
[end]
ldapmodify -x -H $ldap_master_url -D $zimbra_ldap_userdn -w $zimbra_ldap_password
dn: uid=USER,ou=people,dc=DOMAIN,dc=com
changetype: modify
delete: zimbraMailAlias
[ctrl-D executes this change and drops you to prompt]
zmprov flushCache account USER@DOMAIN.com

You can also place the edit's in a text file and run it like:

[if you haven't already done this in the current shell]
su - zimbra
source ~/bin/zmshutil
zmsetvars
[end]
ldapmodify -x -H $ldap_master_url -D $zimbra_ldap_userdn -w $zimbra_ldap_password -f fix-account.ldif


zmprov flushCache account USER@DOMAIN.com

If you were to do multiple operations, you would need to include the - marker. For example:

userprompt> ldapmodify -D bindDN -w password -h server1
 dn: cn=Niels Nelissen,ou=people,dc=example,dc=com
 changetype: modify
 delete: telephonenumber
 -
 add: manager
 manager: cn=Peter Petersen,ou=people,dc=example,dc=com
 ^D
 userprompt>

db_recover For OpenLdap Accesslog DB In /opt/zimbra/openldap-data/accesslog/db

Caution - this should normally only be done under guidance or request by support.

For ZCS 5.x Only

This will cause an impact to your user base, since we'll be stopping the ldap service.

For replication issues.

Steps Removed At This Time.

Re-indexing Openldap

Caution - this should normally only be done under guidance or request by support.

This will cause an impact to your user base, since we'll be stopping the ldap service.

su - zimbra
cd /opt/zimbra/openldap-data
ldap stop
/opt/zimbra/openldap/sbin/slapindex -f /opt/zimbra/conf/slapd.conf

Purging Logs From /opt/zimbra/openldap-data/logs

Caution - this should normally only be done under guidance or request by support.

DB_CONFIG sets the log variable, it should be /opt/zimbra/openldap-data/logs .

ldap stop
db_checkpoint -1 -h /opt/zimbra/openldap-data
db_archive -h /opt/zimbra/openldap-data
rm <logs listed from db_archive>
ldap start

What Does - connection_read : no connection! - In zimbra.log Indicate

Developer responses I've had on this question:

  • One ldap server is seeing it and others aren't, then confirm the logging levels are set the same
  • This informative message indicates that a client disconnected without sending an unbind request first. It is quite common and certainly something to ignore.

Note, customer also gave me feedback that they ended up seeing this as a result of they way their load-balancers were operating.

Change LDAP Port On Zimbra

It is recommend that there is no other LDAP service running on the ZCS besides Zimbra's. But if you find the need to change it, here's the steps.

You can modify the default [389] port ldap uses to port 390 by doing the following [change LDAPHOSTNAME.com to your server name]:

zmlocalconfig -e ldap_port=390
zmlocalconfig -e ldap_master_url=ldap://LDAPHOSTNAME.com:390
zmlocalconfig -e ldap_url=ldap://LDAPHOSTNAME.com:390

Note you need to do all three of these or things will break. Once you've run those commands, you will need to restart ZCS:

zmcontrol stop
zmcontrol start

Once this is completed, Zimbra will run with LDAP on port 390 rather than port 389 (the default). If you'd like to use a port other than 390, substitute that port for 390 and use the same process.

Can't Setup/Install LDAP Replica

Please see bug against documentation:

Checking /tmp/zmsetup.log will expose errors with installation configuration, for example below, others are listed in my notes farther down:

: Thu Aug 21 16:00:12 2008 *** Running as zimbra user: /opt/zimbra/bin/zmlicense -c
Error: exception occurred: system failure: ZimbraLdapContext
 when running 'zmcontrol start':
[zimbra@mail1b ~]$ zmcontrol start
Host mail1b.DOMAINNAME
Unable to determine enabled services from ldap.
Unable to determine enabled services. Cache is out of date or doesn't exist.

Make sure you are using the right passwords. If the ldap replica can't authenticate to the master LDAP server it will not be able to pull down the ldap configurations it needs - one of which is the license data.

My Notes From The Case That I Made For Bug 26117

Verified Fixed for 5.0.10+ in regards to bug 26117
Summary

Action Items:

  • Update doc's to reflect ldap repli password setting during install (all ref docs miss this step)
    • If this is done during install, no other action is needed except logger and sshkeys (zmupdateauthkeys)
  • Update doc's to reflect recovery steps on an improper install for ldap replication server
  • Make comments consistent. See LDAP wiki page
  • Update installer to require ldap repli password rather default to random set

password.

References:

LDAP replication has some comments that aren't in other places

  • Set the master LDAP password to the correct value (run zmlocalconfig -s ldap_root_password on the master to determine this value)
  • Note: In order to install an LDAP replica server with no MBS (Mailbox Server), set zimbra_zmprov_default_to_ldap to true, using the following command:
    • zmlocalconfig -e zimbra_zmprov_default_to_ldap=true.
    • If you later add an MBS to your LDAP replica server, set zimbra_zmprov_default_to_ldap to false.
  • After the installation is complete, run /opt/zimbra/libexec/zmldapenablereplica on the replica server. This will enable replication in the LDAP server and will force an LDAP restart to begin pulling data from the master. zmldapenablereplica must be run on both the master and replica for LDAP replication to work.
The Work

Duplicated on ZCS 5.0.2 - OS Redhat.

Current Servers For Test:

  • Setup LDAP MAIN server - zldap1 (ldap only configured server)
    • setting passwords to "PASSWORD"
  • Mailstore server - zmail2 (mailstore only config)
  • MTA server - zmta1 (mta only config)
  • Post install
    • enable logger
    • enable ssh keys
      • run zmupdateauthkeys on servers
    • created two test accounts and confirmed email delivery between the two.
    • On LDAP MAIN (zldap1)- zmldapenablereplica

Install LDAP repli - zldap3

  • Doc show only to set
    • ldap master host
    • Master ldap server password
    • Create Domain to no
  • It fails to include
    • Replication Password (part of "Ldap configuration")
      • If this is not done, install will finish but you get these errors.
[zimbra@zldap3 ~]$ zmcontrol status
Cannot determine services - exiting
zldap3.DOMAIN.com...ERROR: service.FAILURE (system failure: getDirectContext)
(cause: javax.naming.AuthenticationException [LDAP: error code 49 - Invalid Credentials])
To Correct Without Reinstalling

If this has happened and you want to correct without a reinstall. Do the following, please adjust for HOSTNAMES for LDAP MAIN and LDAP REPLICA.

  • confirm ssh keys are updated
run zmupdateauthkeys on all servers
  • confirm current settings on LDAP MAIN
zmlocalconfig -s | grep replication
grep credentials /opt/zimbra/conf/slapd.conf
  • confirm current settings on LDAP REPLI
grep credentials /opt/zimbra/conf/slapd.conf
zmlocalconfig -s | grep replication
  • Now reconfigure on LDAP REPLI
zmldappasswd -l [passwd from ldap main slapd.conf]
    • This does not dynamically update the slapd.conf variable, it puts it in the zmconfig file /opt/zimbra/libexec/zmldapenablereplica
    • You'll see that it updates the slapd.conf
    • There might be one auth error, until the slapd.conf is reconfigured.
    • zmprov gacf will fail with auth errors
  • Confirm again settings on LDAP REPLI
grep credentials /opt/zimbra/conf/slapd.conf
zmlocalconfig -s | grep replication
zmlocalconfig | grep ldap_url
    • Should have repli first and ldap main second
  • Now to confirm it worked
zmcontrol stop
zmcontrol start
zmcontrol status
    • Create a test account on LDAP MAIN (example uses test3)
    • On LDAP REPLI - replace hostname and test account below
      • ldapsearch -x -H ldap://LDAPREPLICA.DOMAIN.com:389 | grep test3

Disable LDAP Replica

References:

http://wiki.zimbra.com/index.php?title=Promoting_Replica_to_LDAP_Master

http://www.zimbra.com/docs/os/latest/multi_server_install/LDAP%20Replication.6.1.html

Remove LDAP Replica From All Active Servers

On each member server, including the replica itself, verify the ldap_url value.

zmlocalconfig ldap_url

Modify the ldap_url to only include enabled ZCS LDAP servers. The master LDAP server should always be at the end of the ldap_url string value.

zmlocalconfig -e ldap_url="ldap://<replica-server-host> ldap://<master-server-host>"

Disable LDAP On The Replica

Stop Zimbra services.

zmcontrol stop

The - in front of zimbraServiceEnabled is [off], rather than a + for [on].

zmprov -l ms `zmhostname` -zimbraServiceEnabled ldap

To enable the ldap service, prefix the zimbraServiceEnabled attribute with a "+".

zmprov -l ms `zmhostname` +zimbraServiceEnabled ldap

If other services are enabled on this host, start them.

zmcontrol start

Additional Steps for MTA hosts

After updating the ldap_url with zmlocalconfig, rerun /opt/zimbra/libexec/zmmtainit. This rewrites the Postfix configuration with the updated ldap_url.

Disabling Replication On The Master

ZCS 5.x

Use only if disabling replication entirely across all nodes.

Edit /opt/zimbra/conf/slapd.conf.in adding the following comments. Please use the precise number of hash marks (#) shown.

change

include /opt/zimbra/conf/master-accesslog.conf

to

###include /opt/zimbra/conf/master-accesslog.conf

change

overlay syncprov
syncprov-checkpoint 20 10
syncprov-sessionlog 500
include /opt/zimbra/conf/master-accesslog-overlay.conf

to

#overlay syncprov
#syncprov-checkpoint 20 10
#syncprov-sessionlog 500
###include /opt/zimbra/conf/master-accesslog-overlay.conf

Restart the master LDAP server

ldap stop; ldap start

Promoting Replica To LDAP Master

Please see:

Importing LDAP data from master to replica 6.0

Please see:

BDB - Underlying Database Used For LDAP Data

BDB is the underlying high-performance transactional database used to store the LDAP data.

See:

db_stat

The db_stat utility displays statistics for Berkeley DB environments.

Example output:

[zimbra@mail3 openldap-data]$ db_stat -c -h /opt/zimbra/openldap-data
462	Last allocated locker ID.
2147M	Current maximum unused locker ID.
9	Number of lock modes.
3000	Maximum number of locks possible.
1500	Maximum number of lockers possible.
1500	Maximum number of lock objects possible.
19	Number of current locks.
73	Maximum number of locks at any one time.
62	Number of current lockers.
68	Maximum number of lockers at any one time.
19	Number of current lock objects.
50	Maximum number of lock objects at any one time.
1784391	Total number of locks requested.
1784372	Total number of locks released.
0	Total number of lock requests failing because DB_LOCK_NOWAIT was set.
8	Total number of locks not immediately available due to conflicts.
0	Number of deadlocks.
0	Lock timeout value.
0	Number of locks that have timed out.
0	Transaction timeout value.
0	Number of transactions that have timed out.
968KB	The size of the lock region..
6	The number of region locks granted after waiting.
3543865	The number of region locks granted without waiting.
db_archive

The db_archive utility writes the pathnames of log files that are no longer in use (for example, no longer involved in active transactions), to the standard output, one pathname per line. These log files should be written to backup media to provide for recovery in the case of catastrophic failure (which also requires a snapshot of the database files), but they may then be deleted from the system to reclaim disk space.

db_checkpoint

The db_checkpoint utility is a daemon process that monitors the database log, and periodically calls DB_ENV->txn_checkpoint to checkpoint it.

db_deadlock
db_dump
db_load
db_recover

Ldap Replica Styles And Timeframes

Please see this external reference:

LDAP And OverLays

We don't [officially] support running additional overlays with OpenLDAP.

SLAPO-RWM OVERLAY RWM

And slapo-rwm is known to be buggy in OpenLDAP 2.3.43 and continues to be buggy to this day in OpenLDAP 2.4. It certainly won't work with ZCS 5.0.16.

We would advise customers to avoid using it until it stabilizes, though they need to understand it's still going to be unsupported by us.

Where one places "overlay rwm" in the slapd.conf file has been known to cause issues as well. RWM has problems in the order in which it is loaded. There are at least 2 open bugs currently in the OpenLDAP ITS tracker.



GAL (Server) Topics

   KB 2439        Last updated on 2008-07-16  




0.00
(0 votes)
24px ‎  - This is Zeta Alliance Certified Documentation. The content has been tested by the Community.

Actual GAL (Server) Topics Notes Homepage

Please see Ajcody-Notes-ServerGAL

GAL Behavior Bugs/RFE's

GAL And Alises

Please see the following:

Canonical Addresses - Beyond GAL Issues Really

Please see the following:

External GAL Source

Please see:

Setting/Checking GAL Varaibles

CLI To Sync Gal On Server

Truthfully, I'm not sure of the reasoning behind the command but this might be useful in trouble shooting connector issues with GAL sync issues.

zmprov syg DOMAINNAME.com

4.5.x versions will need quotes at the end.

zmprov syg DOMAINAME.com ""

My Gal & LDAP Settings For A Domain

To see your setting, do the following - replacing with domainname with the domain in question.

su - zimbra
zmprov gd [domainname] zimbraGalLdapSearchBase
zmprov gd [domainname] zimbraGalSyncLdapSearchBase

You'll see more GAL/LDAP related variables with:

zmprov gd domainname | egrep -i 'ldap|gal'

They are set using:

zmprov md [domainname] zimbraGalLdapSearchBase variable
zmprov md [domainname] zimbraGalSyncLdapSearchBase variable

Want My GAL To See All Domains

The default of a domain GAL [zimbraGalInternalSearchBase] is to see only it's domain. To have the GAL for a domain to see all domains on the server you need to set the variable to ROOT.

To see the existing setting:

zmprov gd [domainname] zimbraGalLdapSearchBase

To change the variable for the domain:

zmprov md [domainname] zimbraGalInternalSearchBase ROOT

All global change would be done with:

zmprov mcf zimbraGalInternalSearchBase ROOT
Some Other Ideas - Especially With Multiple Domains And ZCS Servers

This is just some notes I made for a specific case where there were multiple ZCS installs across sister companies. They didn't have a multi-server install and weren't sharing LDAP data therefore.

Here's some ideas I'm considering for this situation:

  1. Dump GAL data from each server and combine date to either:
    1. an external LDAP server you can then configure the ZCS servers to use as an external GAL
      • admin console > domain > GAL > Configure GAL > Both or External
    2. reformat GAL data so it can then be imported as an address book via the CLI into a sharead adddressbook on each server. Setup command to run from cron.
  2. Just setup an external Openldap server (which would have replica's at each site) that can be used as an external GAL - make this authoritative in your company. Then setup the ZCS to use it as an external GAL.
  3. To actually move your infrastructure of ZCS servers into one primary ZCS configuration. Instead of having each site/domain having it's own primary LDAP/ZCS server they would become LDAP replica servers with their domain mailstore's being local to each site. Configure each site/domain to use it's own MTA - if you want/need. And then internally to Zimbra you could set the GAL to be ROOT rather than DOMAIN.

Some bugs to review that touch on this:

I'm sure there's some other possibilities.

GAL Related Attributes Usage

This is from earlier 5.x versions, newer version might include more variables.

Attribute                                 scope                  For              GAL op
                                                                 - zimbra         - autocomplete
                                                                 - external       - serarch
                                                                 - both           - sync
                                                                                  - all
======================================================================================================================================================================
zimbraHideInGal                           account,DL,CR          zimbra           all
zimbraFeatureGalEnabled                   account,cos            both             search,sync
zimbraFeatureGalAutoCompleteEnabled       account,cos            both             autocomplete
zimbraPrefGalAutoCompleteEnabled          account,cos            both             autocomplete
zimbraGalMode                             domain                 both             all
zimbraGalLdapFilterDef                    globalConfig           both             all
zimbraGalLdapAttrMap                      domain,globalConfig    both             all
zimbraGalMaxResults                       domain,globalConfig    both             autocomplete, search (for sync, system does not specify a max when searching LDAP)
zimbraGalTokenizeAutoCompleteKey          domain                 both             autocomplete
zimbraGalTokenizeSearchKey                domain                 both             search

zimbraGalLdapPageSize                     domain,globalConfig    both             autocomplete, search, (sync if zimbraGalSyncLdapPageSize is not set)
zimbraGalSyncLdapPageSize                 domain,globalConfig    both             sync

----------------------------------------------------------------------------------------------------------------------------------------------------------------------
zimbraGalInternalSearchBase               domain,globalConfig    zimbra           autocomplete, search, (sync if zimbraGalSyncInternalSearchBase is not set)
zimbraGalSyncInternalSearchBase           domain,globalConfig    zimbra           sync

----------------------------------------------------------------------------------------------------------------------------------------------------------------------
zimbraGalLdapURL                          domain                 external         autocomplete, search, (sync if zimbraGalSyncLdapURL is not set)
zimbraGalSyncLdapURL                      domain                 external         sync

zimbraGalLdapSearchBase                   domain                 external         autocomplete, search, (sync if zimbraGalSyncLdapSearchBase is not set)
zimbraGalSyncLdapSearchBase               domain                 external         sync

zimbraGalLdapAuthMech                     domain                 external         autocomplete, search, (sync if zimbraGalSyncLdapAuthMech is not set)
zimbraGalSyncLdapAuthMech                 domain                 external         sync

zimbraGalLdapBindDn                       domain                 external         autocomplete, search, (sync if zimbraGalSyncLdapBindDn is not set)
zimbraGalSyncLdapBindDn                   domain                 external         sync

zimbraGalLdapBindPassword                 domain                 external         autocomplete, search, (sync if zimbraGalSyncLdapBindPassword is not set)
zimbraGalSyncLdapBindPassword             domain                 external         sync

zimbraGalLdapKerberos5Principal           domain                 external         autocomplete, search, (sync if zimbraGalSyncLdapKerberos5Principal is not set)
zimbraGalSyncLdapKerberos5Principal       domain                 external         sync

zimbraGalLdapKerberos5Keytab              domain                 external         autocomplete, search, (sync if zimbraGalSyncLdapKerberos5Keytab is not set)
zimbraGalSyncLdapKerberos5Keytab          domain                 external         sync

zimbraGalAutoCompleteLdapFilter           domain,globalConfig    external         autocomplete
zimbraGalLdapFilter                       domain                 external         search, (sync if zimbraGalLdapSyncFilter is not set)
zimbraGalSyncLdapFilter                   domain                 external         sync



External Authentication

   KB 2439        Last updated on 2008-07-16  




0.00
(0 votes)
24px ‎  - This is Zeta Alliance Certified Documentation. The content has been tested by the Community.


Actual External Authentication Homepage

Please see Ajcody-External-Authentication

General Topics

Zimbra supports the ability to use an external authentication source, but we don't support the external authentication servers setup and configuration.

Please see the following for more details:

You can also use the forums to see if others have worked out some good instructions when working with your particular external authentication server.

http://www.zimbra.com/forums/

Another possibility is the use of Preauth, see:

SSO with Sun IAM - Identity And Access Manager

There is no Access Manager Policy Agent for Jetty Application Server [Oct 21, 2008]. We suggest the following.

  1. Build a webpage that is protected by Sun Java Access Manager. Presumably this would be an apache tomcat served page so that SJAM would be able to manage it with its existing policy agent for apache tomcat. This page would interact with SJAM to get access checks and then use the standard Zimbra pre-auth mechanism to pre-auth the user and bounce them into the zimbra app.
  2. In Zimbra, you would configure (on the domain) zimbraWebClientLoginURL (and zimbraWebClientLogoutURL), to the address of that apache tomcat served webpage from step 1 above. If someone attempts to login to zimbra directly, they would be redirected to the page which is controlled by SJAM. And when logging out, they would be again redirected to the webpage that is controlled by SJAM. There would be no way to log into or out of Zimbra without the approval and control of SJAM.

For details on the preauth mechanism, see:

JA-SIG Central Authentication Service Or CAS

CAS is an authentication system originally created by Yale University to provide a trusted way for an application to authenticate a user. CAS became a JA-SIG project in December 2004.

Bugs/RFE's:

CAS and Public Share Issues

Adding the following as reported by a customer, with their permission.

When a Zimbra calendar has a Public share added, the url is something like 
"https://my.server.edu/home/user@domain.edu/Calendar.html".  Once the Zimbra 
app determines that this calendar has a Public share, it gets the calendar 
data through the /home directory path, but it requests the images and css data 
from the /zimbra/img and /zimbra/css directories.  We previously did not let 
unauthenticated users access /zimbra/img or /zimbra/css.  We added a modification 
to our casclient.jar code to allow requests from non-authenticated users to 
return data from these two directories, since these two directories do not 
contain any user or private system data.

And a more detailed explanation:

In the CASifying Zimbra setup, this is the default filter mapping they have you 
set up in the /opt/zimbra/jetty/etc/zimbra.web.xml.in file:

<filter-mapping>
   <filter-name>CAS Filter</filter-name>
   <url-pattern>/*</url-pattern>
</filter-mapping>

This default url pattern will trigger Zimbra to run any request made to 
"https://my.server.edu/zimbra/..." through the casclient.jar filter.

Note, one thought my co-worker and I had was to modify this section of the 
zimbra.web.xml.in file to exclude /img and /css, which should accomplish the 
same thing we did by modifying the casclient.jar file.  Unfortunately, in our 
web-searching for Jetty Servlet 2.4 information about what you can do with the 
url-pattern, it did not appear that you could exclude or negate any url-patterns.  
If you or some other individual had any desire, you might have more luck in 
finding a way to accomplish this.  We thought it was better to modify the 
casclient.jar file anyway, as that carries over through upgrades, but changes to 
the zimbra.web.xml.in file have to be reapplied after every upgrade. **

Any custom filtering you wish to do for your location would be made in the 
casclient.jar archive.  After unjarring casclient.jar, the file you will modify is:  

casclient/src/edu/yale/its/tp/cas/client/filter/CASFilter.java

Certain requests could be filtered out before being sent on to the CAS server 
to reduce traffic and cpu usage.  Some examples would be requests for the login 
or logout pages, as the user is on their way to authenticate or de-authenticate, 
so checking these requests would usually be unnecessary.  This is also the place 
where we added code that excluded the /zimbra/img and /zimbra/css directories.  
Your code would look something like:

String uri = ((HttpServletRequest)request).getRequestURI();

if(uri.startsWith("/zimbra/img") || uri.startsWith("/zimbra/css"))
{
      fc.doFilter(request, response);
      return;
}

Support for SAML Shibboleth

Please see the following RFE:

References:


Support for SSO SPNEGO - ZWC, ZCO Outlook, And AD

Commonly Asked Questions That Need Answers
Existing References And Documentation

See the following [As of Apr 3, 2012]

Relevant Background Bugs/ RFE's
Comment #25 From David Pitt 2011-05-18 01:54:01
Approach adopted in current solution:

If you're signed onto a domain with a Windows username that matches the Zimbra
name used in the Outlook profile, then ZCO will attempt to use SSO, falling
back to a conventional signon if SSO fails.

This holds both for existing ZCO profiles and for new ones (so there's
currently no concept of a SSO-specific profile). In this respect ZCO largely
mirrors the SSO behaviour of the web client, always trying to use SSO first if
it's available. One key difference from the web client is that a ZCO user can
create a non-SSO profile for a different email account on the same server
(whereas if you point the web client at an SSO-configured server then you are
not given the opportunity to specify a username).

If the target server hasn't been set up with a SPNEGO redirect then SSO will
quickly fail (before any attempt to authenticate against the server) & fall
back to a normal signon. (So the impact on servers which aren't set up for SSO
is minimal.)

There's no new UI content at this stage for SSO. When creating a new profile
for an SSO target account the password can simply be left empty.

For correct operation ZCO must be configured with StorePassword=0 in the Zimbra
registry settings. (This can be set within the MSI using ZmCustomizeMsi.js
prior to installation.)

------- Comment #31 From David Pitt 2011-05-20 01:51:39

One extra bit of clarification on Comment #25:-  as with the web client, the
server name specified in the profile must match that used in the SPNEGO SPN (in
the Windows domain controller setup) for SSO to be used.
(See ZimbraServer/docs/spnego.txt for notes on configuring SPNEGO.)

So if, for example, the URL to be used with the web client in order to use SSO
is
   z32.puneqa.lab/zimbra/
then the ZCO profile will only use SSO if the server name is set to
   z32.puneqa.lab

------- Comment #32 From Nidhi Vyas 2011-05-20 02:23:05

Verified on ZimbraConnectorOLK_7.1.1.6321_x86/
7.1.1_GA_3183.RHEL4_64_20110516213106

Signed onto a domain with a Windows username that matches the Zimbra
name used in the Outlook profile then no need to specify the password while
creating profile.
Store password was set to 0.

Tried for both exsiting and new profile.
The target server had SPNEGO redirect enabled.

Marking this as verified.

Ajcody MTA Postfix Topics

   KB 2439        Last updated on 2008-07-16  




0.00
(0 votes)
24px ‎  - This is Zeta Alliance Certified Documentation. The content has been tested by the Community.


Postfix - MTA

Actual MTA & Postfix Topics Homepage

Please see Ajcody-MTA-Postfix-Topics

Missing main.cf Error

Moved to Missing_main.cf_Error_-_MTA

MTA Mail Flow - Birds-eye Overview

Moved to Postfix-Amavisd_Mail_Flow_-_Birds-eye_Overview_-_MTA

Understanding /var/log/zimbra.log And Postfix Log Events

Moved to: Understanding_zimbra.log_And_Postfix_Log_Events_-_MTA

Postfix Queue ID vs. message-id

Moved to: Postfix_Queue_ID_vs._message-id_-_MTA

Authentication Log Events

Moved to Understanding_And_Troubleshooting_Authentication_Log_Events

IMAP And Authenticated SMTP [SSL] Example

Moved to Understanding_And_Troubleshooting_Authentication_Log_Events#IMAP_And_Authenticated_SMTP_.5BSSL.5D_Example

IMAP Test Via Telnet And Logging Events Of It - Proxy Included

Moved to Understanding_And_Troubleshooting_Authentication_Log_Events#IMAP_Test_Via_Telnet_And_Logging_Events_Of_It_-_Proxy_Included

IMAP Login Via Openssl - LOGIN TLS - Proxy Included

Moved to Understanding_And_Troubleshooting_Authentication_Log_Events#IMAP_Login_Via_Openssl_-_LOGIN_TLS_-_Proxy_Included

Network Tracing Between A Remote Host And A ZCS MTA

Moved to Network_Tracing_Between_A_Remote_Host_And_A_ZCS_MTA

Finding Messages - zmmsgtrace

See the following for details [for 7.1.1+]:

Documentation at CLI_zmmsgtrace . Note, if you get command not found as the zimbra user, try /opt/zimbra/libexec/zmmsgtrace instead.

How To Increase SMTP Debug Logging - MTA

Moved to How_To_Increase_SMTP_Debug_Logging_-_MTA

Simple Troubleshooting For SMTP Via Telnet, Openssl

Moved to Simple_Troubleshooting_For_SMTP_Via_Telnet_And_Openssl

First - Understanding Your Authentication Requirements In ZCS

Moved to Simple_Troubleshooting_For_SMTP_Via_Telnet_And_Openssl#First_-_Understanding_Your_Authentication_Requirements_In_ZCS

Second - Encoding Username And Passwords For AUTH Sequence

Moved to Simple_Troubleshooting_For_SMTP_Via_Telnet_And_Openssl#Second_-_Encoding_Username_And_Passwords_For_AUTH_Sequence

For ESMTP Auth is LOGIN - Example

Moved to Simple_Troubleshooting_For_SMTP_Via_Telnet_And_Openssl#For_ESMTP_Auth_is_LOGIN_-_Example

For ESMTP Auth is Plain - Example

Moved to Simple_Troubleshooting_For_SMTP_Via_Telnet_And_Openssl#For_ESMTP_Auth_is_Plain_-_Example

For TLS/SSL - Example

Moved to Simple_Troubleshooting_For_SMTP_Via_Telnet_And_Openssl#For_TLS.2FSSL_-_Example

Testing Against Port 465

Moved to Simple_Troubleshooting_For_SMTP_Via_Telnet_And_Openssl#Testing_Against_Port_465

To Confirm An Auth User Can't Send With Another FROM Address

Moved to Simple_Troubleshooting_For_SMTP_Via_Telnet_And_Openssl#To_Confirm_An_Auth_User_Can.27t_Send_With_Another_FROM_Address

Adding A New MTA Server

Basic instructions can be found here:

Additional instructions needed beyond the above will follow as I hear about them.

Load Balancing For SMTP - Out Bound Mail

Currently, 5.x code, you have the following options:

    • An external load balancing device that will then split the traffic behind it
    • Setup a round-robin A record situation in your DNS for the external mta's you'll be using.

In, GNR/6.x, you are able to add multiple targets to the variables and we'll have some degree of "balancing" between them.

User Alias Mapping And Mail Transport with Postfix & LDAP

See User_Alias_Mapping_and_Mail_Transport_with_Postfix_&_LDAP

Multiple LDAP Servers?

Completed RFE:

  • "mta should be able to take a list of LDAP servers to take advantage of replicas."

From :

        server_host (default: localhost)
              The name of the host running the LDAP server,  e.g.

                  server_host = ldap.example.com

              Depending  on the LDAP client library you're using,
              it should be possible to specify  multiple  servers
              here,  with the library trying them in order should
              the first one fail. It should also be  possible  to
              give  each  server  in  the  list  a different port
              (overriding server_port below), by naming them like

                  server_host = ldap.example.com:1444

              With OpenLDAP, a (list of) LDAP URLs can be used to
              specify both the hostname(s) and the port(s):

                  server_host = ldap://ldap.example.com:1444
                              ldap://ldap2.example.com:1444

              All LDAP URLs accepted by the OpenLDAP library  are
              supported,  including  connections over UNIX domain
              sockets, and LDAP SSL (the last one  provided  that
              OpenLDAP was compiled with support for SSL):

                  server_host = ldapi://%2Fsome%2Fpath
                              ldaps://ldap.example.com:636

 **my note**
 This thread - http://archives.neohapsis.com/archives/postfix/2004-09/1763.html
 give me the impression they made a mistake in modifying the help file on this
 and they dropped the use/need of the command:

  server_host = ldap://ldap.example.com:1444, ldap://ldap2.example.com:1444

Just a small note on where var shows up:

[root@mail3 conf]# pwd
/opt/zimbra/conf
[root@mail3 conf]# grep server_host *
amavisd.conf.in:$myhostname = '@@zimbra_server_hostname@@';  # must be a fully-qualified domain name!
ldap-scm.cf:server_host = ldap://mail3.zimbra.DOMAIN.com:389
ldap-transport.cf:server_host = ldap://mail3.zimbra.DOMAIN.com:389
ldap-vad.cf:server_host = ldap://mail3.zimbra.DOMAIN.com:389
ldap-vam.cf:server_host = ldap://mail3.zimbra.DOMAIN.com:389
ldap-vmd.cf:server_host = ldap://mail3.zimbra.DOMAIN.com:389
ldap-vmm.cf:server_host = ldap://mail3.zimbra.DOMAIN.com:389
localconfig.xml:  <key name="zimbra_server_hostname">
zmmta.cf:	LOCAL zimbra_server_hostname
zmmta.cf:	POSTCONF myhostname		LOCAL zimbra_server_hostname

References:

Traditional Aliases Use - /etc/aliases Type Lookups

Moved to Traditional_Aliases_Use_-_/etc/aliases_Type_Lookups

Allowing Accounts To Change The From Address

Please see:

Related BUG/RFE's

Creating A Domain Alias

Please see ManagingDomains#Creating_a_Domain_Alias

Relay Domain Forwarding

Please see ManagingDomains#Relaying.2FDomain_Forwarding

Domain Catchall

Please see ManagingDomains#Domain_Catchall

Rewriting From Address For Outbound Email

Please see ManagingDomains#Domain_Masquerading

Rewrite Recipient Address For Incoming Email

There is a way to rewrite the incoming mail, but it's not a standard Zimbra feature. You can implement it as a configuration change in Postfix. Here's what you do:

  1. Create a file in /opt/zimbra/conf named 'postfix_recipientmap'.
    • The format is a single line that reads something like: @alias.domain.com @domain.com
  2. Run 'postmap postfix_recipientmap' in the conf directory.
  3. Run "postconf -e recipient_canonical_maps=hash:/opt/zimbra/conf/postfix_recipientmap".
  4. Run 'postfix reload'.

This will cause postfix to map any incoming mail with a recipient of '@alias.domain.com' to '@domain.com'. You will need to re-apply this postconf change after upgrades, though the postfix_recipientmap file should survive.

Automatic BCC

Option 1 - Via Postfix Customization

From the postfix website:

  • always_bcc = address
    • Deliver a copy of all mail to the specified address. In Postfix versions before 2.1, this feature is implemented by smtpd(8), qmqpd(8), or pickup(8).
  • sender_bcc_maps = type:table
    • Search the specified "type:table" lookup table with the envelope sender address for an automatic BCC address. This feature is available in Postfix 2.1 and later.
  • recipient_bcc_maps = type:table
    • Search the specified "type:table" lookup table with the envelope recipient address for an automatic BCC address. This feature is available in Postfix 2.1 and later.
  • Note: automatic BCC recipients are produced only for new mail. To avoid mailer loops, automatic BCC recipients are not generated for mail that Postfix forwards internally, nor for mail that Postfix generates itself.

Please see the following:

Option 2 - Via ZCS Legal Intercept

Generally used for Managing Legal Requests for Information

Description:

The ZCS legal intercept feature is used to obtain copies of email messages that are sent, received, or saved as drafts from targeted accounts and send these message to a designated “shadow” email address. Legal Intercept can be configured to send the complete content of the message or to send only the header information. When a targeted account sends, receives, or saves a draft message, an intercept message is automatically created to forward copies of the messages as attachments to the specified email address.

Please see:

Option 3 - Zimbra's Archiving And Discovery

See Ajcody-Notes-Archive-Discovery concerning A&D setup and options.

Limiting Or Increasing Number Of Recipents / Messages

Mailing Lists - Distribution Lists

Please see Ajcody-MailingLists-And-Mailman#Problems_Resolving_Virtual_Aliases_For_Members_Of_Large_Distribution_Lists

Policy Daemon

If you want to restrict messages per hour, you can look into Policy Daemon:

Beta release in ZCS 7 , see:

Postfix

Also, there are some default postfix parameters set to control sending a message to x amount recipients. The parameters you will need to look at are smtpd_recipient_limit & smtpd_recipient_overshoot_limit, these have a default value of 1000.

Postfix defines these parameters as:

  • smtpd_recipient_limit: The maximum number of recipients that the Postfix SMTP server accepts per message delivery request.
  • smtpd_recipient_overshoot_limit: The number of recipients that a remote SMTP client can send in excess of the limit specified with $smtpd_recipient_limit, before the Postfix SMTP server increments the per-session error count for each excess recipient.

From the command line you can change the default values.

su - zimbra
postconf -e smtpd_recipient_limit=<new value>
postconf -e smtpd_recipient_overshoot_limit=<new value>
postfix reload

Bugs RFE's For Customers To Get Behind

I'm wondering if policyd gives one the control everyone is looking for? I've not used it myself.

Policyd References:

There's other additions [add-on's] one can get for policyd.

We have this RFE in regards to policyd support:

Other related rfe/bugs, specially to push variables into admin web console:

Controlling SMTPD Client Connections

Mmorse did a good write up on these variables in the forum:

Postfix Resources At Their Site (All Clients/Connections):

Postfix Resources At Their Site (Exceptions To Clients/Connections Or Single Source):

Restrictions

Besides using external mailing list software, Mailman or Sympa, here's some other topical items in regards to restrictions.

Some user contributed articles:

Some Postfix references:

Some RFE's related to mta based restrictions [targets are based upon today - July 21, 2010]:

Spam Control And Related Issues

High Over View Steps Of What To Do

  • Step 1: Confirm your not an open relay and double check your postfix $mynetworks variable.
  • Step 2: Stop or put on-hold mail queue.
    • Put all messages into HOLD queue:
      • Get a report of your current mailq [can be useful if you clean out the queue later but need to identify what external mail hosts are now denying you and who you'll need to contact about getting removed from their denial list]
        • Example: /opt/zimbra/postfix/sbin/mailq > /tmp/zimbra_mailq_report.txt
      • /opt/zimbra/postfix/sbin/postsuper -h ALL
    • Or put all messages match compromised account into HOLD queue:
      • /opt/zimbra/postfix/sbin/mailq | grep user_compromised@domain | awk '{ print $1 }' | tr -d '!*' | /opt/zimbra/postfix/sbin/postsuper -h -
        • Note, this is an example - you might with the grep grab more than the compromised account with the match.
    • See whole section - Managing The Postfix Queue
  • Step 3: Check your mail log [On ZCS servers running MTA services] - /var/log/zimbra.log
  • Step 4: Identify compromised account authenticating SMTP AUTH connection or block ip address where emails are coming from at firewall.
    • Who's My Spammer?
    • Continue to monitor compromised account and block ip addresses:
      • tail -f /var/log/zimbra.log | grep username | grep sasl
        • Jun 8 18:14:10 mail postfix/smtpd[15794]: 004358EEB16: client=unknown[XXXX.236.197.216], sasl_method=LOGIN, sasl_username=username@domain
  • Step 5: Disable the exploited email account, expire auth session, etc.
  • Step 6: Move the mail queue or delete the spam email
  • Step 7: Release Mail queue

Who's My Spammer?

Getting Some Initial Summary Data
zmdialyreport

First, some notable bug/RFE's in regards to the zmdailyreport:

You can first get some summary data by doing the following:

[zimbra@zcs806 ~]$ /opt/zimbra/libexec/zmdailyreport

Grand Totals
------------
messages

      7   received
     11   delivered
      0   forwarded
      0   deferred
      0   bounced
      3   rejected (21%)
      0   reject warnings
      0   held
      0   discarded (0%)

   2780   bytes received
  10914   bytes delivered
      2   senders
      1   sending hosts/domains
      1   recipients
      1   recipient hosts/domains


Per-Hour Traffic Summary
    time          received  delivered   deferred    bounced     rejected
    --------------------------------------------------------------------
    0000-0100           0          0          0          0          0
    0100-0200           1          3          0          0          0
    0200-0300           0          0          0          0          0
    0300-0400           0          0          0          0          0
    0400-0500           0          0          0          0          0
    0500-0600           0          0          0          0          0
    0600-0700           0          0          0          0          0
    0700-0800           1          0          0          0          2
    0800-0900           1          0          0          0          0
    0900-1000           0          0          0          0          1
    1000-1100           0          0          0          0          0
    1100-1200           0          0          0          0          0
    1200-1300           4          8          0          0          0
    1300-1400           0          0          0          0          0
    1400-1500           0          0          0          0          0
    1500-1600           0          0          0          0          0
    1600-1700           0          0          0          0          0
    1700-1800           0          0          0          0          0
    1800-1900           0          0          0          0          0
    1900-2000           0          0          0          0          0
    2000-2100           0          0          0          0          0
    2100-2200           0          0          0          0          0
    2200-2300           0          0          0          0          0
    2300-2400           0          0          0          0          0

Host/Domain Summary: Message Delivery (top 50)
 sent cnt  bytes   defers   avg dly max dly host/domain
 -------- -------  -------  ------- ------- -----------
     11    10914        0     7.4 s   24.0 s  zcs806.DOMAIN.com

Host/Domain Summary: Messages Received (top 50)
 msg cnt   bytes   host/domain
 -------- -------  -----------
      5     2780   zcs806.DOMAIN.com

top 50 Senders by message count
-------------------------------
      4   zimbra@zcs806.DOMAIN.com
      1   admin@zcs806.DOMAIN.com

top 50 Recipients by message count
----------------------------------
     11   admin@zcs806.DOMAIN.com

top 50 Senders by message size
------------------------------
   1974   zimbra@zcs806.DOMAIN.com
    806   admin@zcs806.DOMAIN.com

top 50 Recipients by message size
---------------------------------
  10914   admin@zcs806.DOMAIN.com

message deferral detail: none

message bounce detail (by relay): none

message reject detail
---------------------
  MAIL
    5.3.4 Message size exceeds fixed limit (total: 3)
           3   domain-ext.com

message reject warning detail: none

message hold detail: none

message discard detail: none

smtp delivery failures: none

Warnings
--------
  sendmail (total: 3)
         1   or the command is run from a set-uid root process
         1   the Postfix sendmail command has set-uid root file permissions
         1   the Postfix sendmail command must be installed without set-uid ...
  smtpd (total: 1)
         1   7A735345A: queue file size limit exceeded

Fatal Errors: none

Panics: none

Master daemon messages: none
client_usage_report.py

This will give some stats on your mail activity. Note, there are some issue with this script double reporting mail counts etc, but it's useful to identify the top 50 for activity.

[zimbra@zcs806 ~]$ /opt/zimbra/libexec/client_usage_report.py
Reading /opt/zimbra/log/access_log.2014-04-17 ..
Reading /opt/zimbra/log/access_log.2014-04-18 ..
Reading /opt/zimbra/log/access_log.2014-04-19 ..
Reading /opt/zimbra/log/access_log.2014-04-20 ..
Reading /opt/zimbra/log/access_log.2014-04-21 ..
Reading /opt/zimbra/log/access_log.2014-04-22 ..
Reading /opt/zimbra/log/access_log.2014-04-23 ..
Writing /opt/zimbra/zmstat/client_usage_report_2014-04-24.csv ..

Then review the file it will create , it will give : "user_agent","client_IP","req_count"

[zimbra@zcs806 ~]$ cat /opt/zimbra/zmstat/client_usage_report_2014-04-24.csv
"user_agent","client_IP","req_count"
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:28.0) Gecko/20100101 Firefox/28.0","192.168.1.166","14"
"Mozilla/5.0 (Windows NT 6.2; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0","192.168.1.166","93"
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0","192.168.1.174","6"
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:28.0) Gecko/20100101 Firefox/28.0","192.168.1.166","71"
qshape

You can also look at the results of [qshape] - the default is the active queue. For more on qshape, see [Postfix Qshape Readme] .

qshape deferred
               T  5 10 20 40 80 160 320 640 1280 1280+
        TOTAL 12  0  0  0  0  0   0   0   0    0     12
    gmail.com  9  0  0  0  0  0   0   0   0    0     9
    yahoo.com  3  0  0  0  0  0   0   0   0    0     3
3rd Party Log Reports - postfix-logwatch and amavis-logwatch

Created RFE for us to include these in ZCS:

You can download them from http://logreporters.sourceforge.net/ . It's a fairly simply install, download and then extract - cd into extracted directory and as root type :

make install-standalone

They will install to /usr/local/bin/amavis-logwatch & postfix-logwatch . The config files are in /usr/local/etc/amavis-logwatch.conf & postfix-logwatch.conf . Here's an example of the output.

/usr/local/bin/amavis-logwatch output example:

[root@zcs806 amavis-logwatch-1.51.02]# /usr/local/bin/amavis-logwatch /var/log/zimbra.log
****** Summary *************************************************************************************

       4   Total messages scanned ------------------  100.00%
   1.926K  Total bytes scanned                          1,972
========   ==================================================

       4   Passed ----------------------------------  100.00%
       4     Clean passed                             100.00%
========   ==================================================

       4   Ham -------------------------------------  100.00%
       4     Clean passed                             100.00%
========   ==================================================


==================================================================================
Spam Score Percentiles        0%       50%       90%       95%       98%      100%
----------------------------------------------------------------------------------
Score Ham (4)             -1.900    -1.900    -1.900    -1.900    -1.900    -1.900
==================================================================================

======================================================================================================
Spam Score Frequency      <= -10     <= -5      <= 0      <= 5     <= 10     <= 20     <= 30      > 30
------------------------------------------------------------------------------------------------------
Hits (4)                       0         0         4         0         0         0         0         0
Percent of Hits            0.00%     0.00%   100.00%     0.00%     0.00%     0.00%     0.00%     0.00%
======================================================================================================

/usr/local/bin/postfix-logwatch output example:

[root@zcs806 amavis-logwatch-1.51.02]# /usr/local/bin/postfix-logwatch /var/log/zimbra.log

****** Summary *************************************************************************************

       1   *Warning: Queue file size limit exceeded

   6.512K  Bytes accepted                               6,668
   1.928K  Bytes sent via SMTP                          1,974
   4.584K  Bytes sent via LMTP                          4,694
========   ==================================================

      10   Accepted                                    76.92%
       3   Rejected                                    23.08%
--------   --------------------------------------------------
      13   Total                                      100.00%
========   ==================================================

       3   5xx Reject message size                    100.00%
--------   --------------------------------------------------
       3   Total 5xx Rejects                          100.00%
========   ==================================================

      10   Connections
      10   Disconnections
       8   Removed from queue
       4   Sent via SMTP
       4   Sent via LMTP
       4   Filtered

****** Detail (10) *********************************************************************************

       3   5xx Reject message size -----------------------------------------------------------------
       3      192.168.1.166     remote.domain.com
       3         *unavailable
       3            *unavailable

       4   Sent via SMTP ---------------------------------------------------------------------------
       4      zcs806.DOMAIN.com

       4   Sent via LMTP ---------------------------------------------------------------------------
       4      zcs806.DOMAIN.com

       4   Filtered --------------------------------------------------------------------------------
       2      smtp-amavis:[127.0.0.1]:10024
       2         Sender address
       1            admin@zcs806.DOMAIN.com
       1               admin@zcs806.DOMAIN.com
       1                  192.168.1.166     remote.domain.com
       1            user@DOMAIN.com
       1               admin@zcs806.DOMAIN.com
       1                  192.168.1.184     remote2.domain.com
       2      smtp-amavis:[127.0.0.1]:10026
       2         Sender address
       1            admin@zcs806.DOMAIN.com
       1               admin@zcs806.DOMAIN.com
       1                  192.168.1.166     remote.domain.com
       1            user@DOMAIN.com
       1               admin@zcs806.DOMAIN.com
       1                  192.168.1.184     remote2.domain.com

=== Delivery Delays Percentiles ============================================================
                    0%       25%       50%       75%       90%       95%       98%      100%
--------------------------------------------------------------------------------------------
Before qmgr       0.04      0.09      0.11      0.11      0.23      0.35      0.43      0.48
In qmgr           0.00      0.00      0.01      0.01      0.04      0.07      0.08      0.09
Conn setup        0.00      0.01      0.29      1.30      2.05      2.23      2.33      2.40
Transmission      0.10      2.81      4.85      9.60     21.00     21.00     21.00     21.00
Total             0.20      2.91      5.20     11.00     23.30     23.65     23.86     24.00
============================================================================================

Note - First, look at the options each command has using the -h output. You might want to use --full when doing an investigation and also include a wildcard - /var/log/zimbra.lo* to take in all the log data. For example:

[zimbra@zcs806 ~]$ /usr/local/bin/postfix-logwatch --full /var/log/zimbra.lo*
****** Summary *************************************************************************************

       9   *Fatal:   General fatal
       1   *Warning: Queue file size limit exceeded
      21   Miscellaneous warnings

 710.888K  Bytes accepted                             727,949
 193.036K  Bytes sent via SMTP                        197,669
 520.114K  Bytes sent via LMTP                        532,597
========   ==================================================

    1041   Accepted                                    99.71%
       3   Rejected                                     0.29%
--------   --------------------------------------------------
    1044   Total                                      100.00%
========   ==================================================

       3   5xx Reject message size                    100.00%
--------   --------------------------------------------------
       3   Total 5xx Rejects                          100.00%
========   ==================================================

      65   Connections
      65   Disconnections
    1041   Removed from queue
     523   Sent via SMTP
     517   Sent via LMTP
       2   Bounced (local)
       1   Bounced (remote)
       9   Filtered
       2   Notifications sent

       4   Timeouts (inbound)
       1   PIX workaround enabled

****** Detail (10) *********************************************************************************

       9   *Fatal:   General fatal -----------------------------------------------------------------
       3      Queue report unavailable - mail system is down
       3      Usage: sendmail [options]
       2      The Postfix mail system is not running
       1      Usage: send-mail [options]

      21   Miscellaneous warnings ------------------------------------------------------------------
       7      or the command is run from a set-uid root process
       7      the Postfix sendmail command has set-uid root file permissions
       7      the Postfix sendmail command must be installed without set-uid root file permissions

       3   5xx Reject message size -----------------------------------------------------------------
       3      10.X.X.166     fence.DOMAIN.com
       3         *unavailable
       3            *unavailable

     523   Sent via SMTP ---------------------------------------------------------------------------
     507      86.lab
      15      zcs806.DOMAIN.com
       1      domaina.com

     517   Sent via LMTP ---------------------------------------------------------------------------
     507      86.lab
      10      zcs806.DOMAIN.com

       2   Bounced (local) -------------------------------------------------------------------------
       2      5.0.0: Permanent failure: Other/Undefined status: Other undefined status
       2         zcs806.DOMAIN.com
       2            Zcs806.DOMAIN.com
       1               subject:test
       1               zimbra

       1   Bounced (remote) ------------------------------------------------------------------------
       1      5.0.0: Permanent failure: Other/Undefined status: Other undefined status
       1         domain.com
       1            user
       1               64.X.X.28      sentry.DOMAIN.com
       1                  505 5.0.0 Unknown recipient: RCPT TO

       9   Filtered --------------------------------------------------------------------------------
       7      smtp-amavis:[127.0.0.1]:10026
       7         Sender address
       3            admin@zcs806.DOMAIN.com
       3               admin@zcs806.DOMAIN.com
       2                  10.X.X.36     zcs806.DOMAIN.com
       1                  10.X.X.166     gatewayXX.DOMAIN.com
       2            zimbra@zcs806.DOMAIN.com
       2               admin@zcs806.DOMAIN.com
       2                  10.X.X.36     zcs806.DOMAIN.com
       1            ajcody@DOMAIN.com
       1               admin@zcs806.DOMAIN.com
       1                  10.X.X.184     edgeXX.DOMAIN.com
       1            san5@zcs806.DOMAIN.com
       1               b@zcs806.DOMAIN.com
       1                  10.X.X.36     zcs806.DOMAIN.com
       2      smtp-amavis:[127.0.0.1]:10024
       2         Sender address
       1            admin@zcs806.DOMAIN.com
       1               admin@zcs806.DOMAIN.com
       1                  10.X.X.166     gatewayXX.DOMAIN.com
       1            ajcody@DOMAIN.com
       1               admin@zcs806.DOMAIN.com
       1                  10.X.X.184     edgeXX.DOMAIN.com

       2   Notifications sent ----------------------------------------------------------------------
       2      Non-delivery
       2         sender

       4   Timeouts (inbound) ----------------------------------------------------------------------
       4      After END-OF-MESSAGE

       1   PIX workaround enabled ------------------------------------------------------------------
       1      disable_esmtp delay_dotcrlf
       1         64.X.X.28      sentry.DOMAIN.com

=== Delivery Delays Percentiles ============================================================
                    0%       25%       50%       75%       90%       95%       98%      100%
--------------------------------------------------------------------------------------------
Before qmgr       0.01      0.03      0.06      0.14      0.27      0.34      0.48      2.60
In qmgr           0.00      0.00      0.08    117.50    193.00    216.00    231.48    246.00
Conn setup        0.00      0.00      0.00      0.00      0.02      0.04      0.22     20.00
Transmission      0.05      0.09      3.60      9.80     10.00     10.00     11.00    160.00
Total             0.07      0.13      3.80    129.00    203.00    226.00    241.64    259.00
============================================================================================
zmaccts

One way to note accounts that are actively logging in vs. those that aren't, can help shrink the number of accounts you might want to investigate or monitor. [example below, I cut out a lot of the accounts]

           account                          status             created       last logon
------------------------------------   -----------     ---------------  ---------------
zcstest001@zcs806.DOMAIN.com                active      01/20/14 18:47   03/02/14 21:11
zcstest002@zcs806.DOMAIN.com                active      01/30/14 01:48   02/19/14 00:07
admin-20140415@zcs806.DOMAIN.com            active      04/15/14 14:42            never
archtest-prod-20140402@zcs806.DOMAIN        active      04/02/14 07:42            never

           account                          status             created       last logon
------------------------------------   -----------     ---------------  ---------------
bruce@test1.lab                             active      02/22/14 09:32            never
test.cal@test1.lab                          active      04/06/14 05:35   04/06/14 05:35
test200@test1.lab                           active      04/12/14 00:50            never

                                 domain summary

    domain                  active    closed    locked    maintenance     total
-----------------------   --------  --------  --------  -------------  --------
test1.lab                        3         0         0              0         3
test2.com                        2         0         0              0         2
angad.com                        2         0         0              0         2
test.test                        3         0         0              0         3
test.DOMAIN.com                  6         0         0              0         6
zcs806.DOMAIN.com               58         0         0              0        58
zcs806.DOMAIN.com                2         0         0              0         2
By Authentication Attempts

A fast way to see who is doing a lot of authentications, which normally happens when a spammer has compromised an account with a weak password, is to do:

# cat /var/log/zimbra.log | sed -n 's/.*sasl_username=//p' | sort | uniq -c | sort -n
      1 Auser@domain.com
      3 Buser@domain.com
      4 Cuser@domain.com
      5 Duser@domain.com
     36 SPAMMER@domain.com

Note - This might take a long time, if so - try pruning it down

Example:

# cat /var/log/zimbra.log | grep sasl_username > /tmp/zimbra_sasl_username.txt
# cat /tmp/zimbra_sasl_username.txt | sed -n 's/.*sasl_username=//p' | sort | uniq -c | sort -n
      1 Auser@domain.com
      3 Buser@domain.com
      4 Cuser@domain.com
      5 Duser@domain.com
     36 SPAMMER@domain.com

The full log event will look like this:

zimbra1 postfix/smtpd[29431]: B28914D5978: client=xxxxx.server.com[w.x.y.z], sasl_method=LOGIN, sasl_username=user
zimbra1 postfix/cleanup[5522]: B28914D5978: message-id=<20090420154255.B28914D5978@zimbraserver.com>
zimbra1 postfix/qmgr[20690]: B28914D5978: from=<spam@spam.com>, size=6026, nrcpt=10 (queue active)
zimbra1 postfix/cleanup[3983]: 2BA56465D28: message-id=<20090420154255.B28914D5978@zimbraserver.com>

Against your older logs, you could:

# zcat /var/log/zimbra.log* | sed -n 's/.*sasl_username=//p' | sort | uniq -c | sort -n

And you can look at the specific information for the user in question with:

# grep -C2 "sasl_username=SPAMMER@domain.com" /var/log/zimbra.log

Or if searching against the older logs:

# zgrep -C2 "sasl_username=SPAMMER@domain.com" /var/log/zimbra.log*

If you want to check on a specific message ID, do:

grep 9DF7520804A /var/log/zimbra.log*

For older message logs:

zgrep 9DF7520804A /var/log/zimbra.log*

To read/view the message in the queue:

/opt/zimbra/postfix/sbin/postcat -q 9DF7520804A 

One would then normally lock/change password on the one account showing the most activity. Grep'ing the /var/log/zimbra.log with the username in question will also show the ip address being used, this can be blocked with your firewall.

To be alerted of a compromised account and have it lock automatically see below. Slightly modified from this reference : http://www.zimbra.com/forums/administrators/62613-identify-compromised-accounts.html#post278732 :


#!/bin/bash
# checks log file and gets a count of authentications sent per minute, per user
# and if the count exceeds the maxmails value the user's account is locked.

logfile="/var/log/zimbra.log"
maxmails="10"
mydomain="example.com"
support="<postmaster-userid>@$mydomain"
accounts="/tmp/active_accounts"

su zimbra -c "/opt/zimbra/bin/zmaccts" | grep "@" | grep active | awk '{print $1}' > $accounts

zgrep -i "auth ok" $logfile | sed 's/  / /g' | awk -F"[ :]" '{print $3":"$4,$11;}' | uniq -c | sort -n | \
while read line
do
    count=`echo ${line} | cut -d' ' -f 1`
    userid=`echo ${line} | cut -d' ' -f 3`
    timestamp=`echo ${line} | cut -d' ' -f 2`
    active=`grep "$userid@$mydomain" $accounts`

    if [ "$count" -gt "$maxmails" ] && [ "$active" == "$userid@$mydomain" ]; then
        echo "Maximum email rate exceeded, $userid@$mydomain will be locked"
        su zimbra -c "/opt/zimbra/bin/zmprov ma $userid@$mydomain zimbraAccountStatus locked"
        subject="$userid account locked due to excessive connections"
        # Email text/message
        message="/tmp/emailmessage.txt"
        echo "$userid account has been locked as there were $count connections made at"> $message
        echo "$timestamp.  Please have the user change their password, and check for phishing" >>$message
        echo "emails if possible." >>$message
        # send an email using /bin/mail
        /usr/bin/mail -s "$subject" "$support" < $message
        rm -f $message

        #update list of active accounts
        su zimbra -c "/opt/zimbra/bin/zmaccts" | grep "@" | grep active | awk '{print $1}' > $accounts
    fi
done

rm -f $accounts

Then run it as a cron job. The frequency will depend on the number of accounts you're managing.

* * * * * /opt/zimbra/find_spammer.sh
By Connecting IP - Useful For Blocking IP At Firewall

See also the following:

To find the originating IP address of where the emails are coming from:

grep 'connect from' /var/log/zimbra.log | sed 's/.*connect from.*\[\(.[^]]*\)\]/\1/g' | sort | uniq -c | sort -nr | head

To check your older logs [example output below]:

zgrep 'connect from' /var/log/zimbra.log* | sed 's/.*connect from.*\[\(.[^]]*\)\]/\1/g' | sort | uniq -c | sort -nr | head
     36 10.137.xx.34
     34 127.0.0.1
Open Relay Check

You should also confirm you aren't an open relay.

$ host -t mx DOMAIN.com
DOMAIN.com mail is handled by 10 mail.DOMAIN.com.

$ telnet mail.DOMAIN.com 25
Trying 184.###.##.## ...
Connected to mail.DOMAIN.com.
Escape character is '^]'.
220 mail.DOMAIN.com ESMTP Postfix
helo support.test
250 mail.DOMAIN.com
mail from:<SPAMMER@domain.com>
250 2.1.0 Ok
rcpt to:<TEST@DOMAIN.COM>
554 5.7.1 <TEST@DOMAIN.COM>: Relay access denied

rcpt to:<SPAMMER@domain.com>
554 5.7.1 Service unavailable; Client host [71.XXX.XX.XX] blocked 
 using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=71.202.XX.XX
quit
221 2.0.0 Bye
Connection closed by foreign host.
Telnet Test To Confirm/Show Authentication Required For SMTP/Port 25

This is an example:

esx2:~ ajcody$ telnet zcs723.EXAMPLE.com 25

Trying 10.137.27.32...
Connected to zcs723.EXAMPLE.com.
Escape character is '^]'.
220 zcs723.EXAMPLE.com ESMTP Postfix
helo zcs723.EXAMPLE.com   << I typed
250 zcs723.EXAMPLE.com
mail from:ajcody@zcs723.EXAMPLE.com   << I typed
250 2.1.0 Ok
rcpt to:ajcody2@zcs723.EXAMPLE.com   << I typed
553 5.7.1 <ajcody@zcs723.EXAMPLE.com>: Sender address rejected: not logged in

But note - if you do this from the ZCS server or a server that is within the ip range or has it's specific ip listed in the mynetworks, you will not get this authentication requirement.

[root@zcs723 ~]# telnet localhost 25
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 zcs723.EXAMPLE.com ESMTP Postfix
helo myworkstation
250 zcs723.EXAMPLE.com
ehlo myworkstation
250-zcs723.EXAMPLE.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:<ajcody@zcs723.EXAMPLE.com>
250 2.1.0 Ok
rcpt to: <ajcody2@zcs723.EXAMPLE.com>
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
From: Adam <ajcody@zcs723.EXAMPLE.com>
To: Adam 2 <ajcody2@zcs723.EXAMPLE.com>
Subject: From Localhost - NOT Auth
test
.
250 2.0.0 Ok: queued as 8B19E1E78D1
quit
221 2.0.0 Bye
Connection closed by foreign host.

Resources

A list of resources you'll find useful:

Wiki articles that have been assigned to the anit-spam category:

Down to the end-user:

External Relay Test Pages
  • http://www.checkor.com/
    • Note - this test is in regards to the From spoofing spammers sometimes do for DL's.
    • Also, for the test - make an account/DL on your system for test1@[your domain] . Otherwise you'll just error about account not existing.
RSET
250 2.0.0 Ok
MAIL FROM: spam@mail59.DOMAIN.com
250 2.1.0 Ok
RCPT TO: test1@mail59.DOMAIN.com
Test Failed, 250 2.1.5 Ok 

Blocking MAIL FROM - smtpd_sender_restrictions - Default Is Empty

External References
Zimbra References And Bugs & RFE's
Protecting DL's From Spammers - Forging Mail From
First Recommendation - As Given By Dev's From Critical Meeting Notes

  • Enabled SASL/SMTP Authentication
  • Implement how-to as described in :
    • Permitted Senders: RestrictPostfixRecipients
      • Note: You'll see on the above page a reference to the spoof hole.
        • "This method can be spoofed by forging the MAIL FROM: header (so mail appears to originate from within the domain), so it isn't foolproof, but it works for basic needs."
      • Note: You'll also modify the instructions as above with addition details provided below.
  • Force authentication for local-domain senders:
    • modify the main.cf to have the following:
      • smtpd_sender_restrictions = check_sender_access hash:/path/to/file
    • Then for the /path/to/file that you used in the mail.cf for smtpd_sender_restrictions, you'll have a line like:
      • example.com permit_sasl_authenticated, reject
Second Recommendation - Unpredictable DL name or Non-routing Domain

Do not use predictable DL names. Instead of using everyone@company.com , use something like everyone-[random-string]@company.com .

Another option is to use a non-routing domain - company.local - and setup your DL's there. You'll want to configure your main domain to be able to query the GAL of this domain.

To see the existing setting:

zmprov gd [domainname] zimbraGalLdapSearchBase

To change the variable for the domain:

zmprov md [domainname] zimbraGalInternalSearchBase ROOT
Third Recommendation - Using smtpd_sender_restrictions

Work In Progress. I'm testing this now. Please don't attempt until this line is removed.

Update: See the following:

This should work if your "clients" are using ZWC, ZCO, or ActiveSync mobile devices. If you are using IMAP/POP + STMP thick clients, you'll most likely have to enable smtp authentication [sasl] and use the reject_authenticated_sender_login_mismatch variable instead.

postconf -e smtpd_sender_restrictions=reject_sender_login_mismatch
postfix reload

This option is described as:

reject_sender_login_mismatch
Reject the request when $smtpd_sender_login_maps specifies an owner for the MAIL FROM address, but the client is not (SASL) logged in as that MAIL FROM address owner; or when the client is (SASL) logged in, but the client login name doesn't own the MAIL FROM address according to $smtpd_sender_login_maps. Man page

Some Other SMTP Sending Restrictions

Blocking Incoming From Domain And By User

See the following:

check_client_access

The smtpd_client_restrictions parameter restricts what clients this system accepts SMTP connections from. The default behavior is to allow SMTP connections from any client. This is discussed under Spam Controls on the Postfix site.

Example:

check_client_access regexp:/etc/postfix/access_sender_client_server,

Example:

check_sender_access regexp:/etc/postfix/access_sender_toplevel
smtpd_reject_unlisted_sender

Details can be found on the mail.cf Postfix page.

Example:

smtpd_reject_unlisted_sender = yes

Possible Bug:

http://bugzilla.zimbra.com/show_bug.cgi?id=24889

What's Your SPF Records Say, When Getting "does not designate 74.x.x.x as permitted sender Errors"

This is most likely related to the SPF records for your domain and what the header content of the sending email states as it's Mail From. For example, this is from the header of an email that was "received":

Received: from mail.XYZ-FAKE.com (mailhost.XYZ-FAKE.com [74.X.X.244]) by mta01.ABC-FAKE.com with ESMTP id 
Cft0mO3fjlFGQjTA for <support@ABC-FAKE.com>; Tue, 21 Apr 2009 05:14:13 -0700 (PDT)
X-Barracuda-Envelope-From: testuser@XYZ-FAKE.com
Received-SPF: pass (mta01.ABC-FAKE.com: domain of testuser@XYZ-FAKE.com designates 74.X.X.244 as permitted sender) 
receiver=mta01.ABC-FAKE.com; client_ip=74.X.X.244; envelope-from=testuser@XYZ-FAKE.com;

To see what this check was done against, do the following below. I'll trim the output and adjust the information used to protect the innocent. Also, notice how a DNS "alias" might cause an issue here? :


$ host 74.X.X.244
244.X.X.74.in-addr.arpa domain name pointer mailhost.XYZ-FAKE.com.

$ host mailhost.XYZ-FAKE.com
mailhost.XYZ-FAKE.com has address 74.X.X.244

$ host mail.XYZ-FAKE.com
mail.XYZ-FAKE.com is an alias for mailhost.XYZ-FAKE.com.
mailhost.XYZ-FAKE.com has address 74.X.X.244

$ dig XYZ-FAKE.com MX

;; QUESTION SECTION:
;XYZ-FAKE.com.			IN	MX

;; ANSWER SECTION:
XYZ-FAKE.com.		3600	IN	MX	22 serverA.DNS-FAKE.com.
XYZ-FAKE.com.		3600	IN	MX	11 serverB.DNS-FAKE.com.

$ dig XYZ-FAKE.com TXT

;; QUESTION SECTION:
;XYZ-FAKE.com.			IN	TXT

;; ANSWER SECTION:
XYZ-FAKE.com.		3600	IN	TXT	"v=spf1 a:mail.XYZ-FAKE.com ~all"

See the following for more information:

Using Different SMTP Server For Webclient (ZWC), Mobiles, And ZCO

Note Of Caution About Using External MTAs

Using non-zimbra MTA's can cause some options in zimbra to not function anymore - since it no longer has zimbra's mta services available.

Zimbra Mail Forwarding Possibly Will Not Work - Turn Off User Option To Set MailForwarding

Mail forwarding might no longer work depending on the configuration you setup regarding the use of your external mta's. When this happens you'll most likely want to disable the option for users to set a mail forwarding address in their preferences. This can be done via their COS or USER configuration.

  • In the admin console, goto the COS configuration the user/s are using and the "Features" tab. Uncheck the option "Allow the user to specify a forwarding address" under Mail Features. It is in the same location under a USERs configuration panel in the admin console.

In the CLI, you will see these set as the defaults for the default COS. The admin gui option above only adjusts the zimbraFeatureMailForwardingEnabled variable :

$ zmprov gc default | grep zimbraFeatureMailForwarding
    zimbraFeatureMailForwardingEnabled: TRUE
    zimbraFeatureMailForwardingInFiltersEnabled: TRUE
$ zmprov ga ajcody@`zmhostname` | grep zimbraFeatureMailForwarding
    zimbraFeatureMailForwardingEnabled: TRUE
    zimbraFeatureMailForwardingInFiltersEnabled: TRUE

More details about them are in the /opt/zimbra/conf/attrs/zimbra-attrs.xml file.

<attr id="342" name="zimbraFeatureMailForwardingEnabled" type="boolean" cardinality="single" 
 optionalIn="account,cos" flags="accountInfo,accountInherited,domainAdminModifiable">
  <defaultCOSValue>TRUE</defaultCOSValue>
  <desc>enable end-user mail forwarding features</desc>
</attr>

<attr id="704" name="zimbraFeatureMailForwardingInFiltersEnabled" type="boolean" 
 cardinality="single" optionalIn="account,cos" flags="accountInfo,accountInherited,
 domainAdminModifiable" since="5.0.10">
  <defaultCOSValue>TRUE</defaultCOSValue>
  <desc>enable end-user mail forwarding defined in mail filters features</desc>
</attr>
Configure External MTA To Use LDAP Virtual Alias Maps

Here's the basic info in regards to how Zimbra's mta [postfix/etc] uses Zimbra's LDAP to get the forwarding information:

$ grep Forward conf/ldap-*
conf/ldap-vam.cf:result_attribute =  
zimbraMailDeliveryAddress,zimbraMailForwardingAddress,
zimbraPrefMailForwardingAddress,zimbraMailCatchAllForwardingAddress
$ postconf |grep vam
virtual_alias_maps = proxy:ldap:/opt/zimbra/conf/ldap-vam.cf

See http://www.postfix.org/postconf.5.html#virtual_alias_maps for more information.

Confirming And Setting zimbraMtaRelayHost And zimbraMtaDnsLookupsEnabled

First we'll set zimbraMtaRelayHost and zimbraMtaDnsLookupsEnabled variables. These options are also shown in the admin console and can be configured there. These variable alone will not redirect ALL traffic to an external MTA first though. There's alao a variable called zimbraSmtpHostname that is in the global (zmprov gacf) and server (zmprov gs `hostname`) configs - addressed in the section below. It's defaulted value is 'localhost' - at least on a single ZCS configuration.

In situations where you need/want all mail to be processed by, for example, an external non-Zimbra spam filter box you could set this variable to the spam filter servers hostname.

Normally, when zimbraMtaRelayHost is set to a non-zimbra external MTA would disable DNS lookups. If you disable DNS Lookups (under the MTA tab of the admin console, or with zmprov), Zimbra will end up using (according to the postconf man page) the "gethostbyname() system library routine which normally also looks in /etc/hosts" (based on the entries on the "hosts" line in /etc/nsswitch.conf). If you do this but don't also specify an SMTP relay host (typically your ISP's SMTP server), which will take care of checking DNS, you will reverse your ability to send mail: suddenly you can send mail to other users on the Zimbra server, but you can't send to the internet (though you can still receive mail from the internet either way).

Query Global - `zmhostname` would use the value returned, you can manual type out the servername as well :

zmprov gacf zimbraMtaRelayHost
zmprov gacf zimbraMtaDnsLookupsEnabled

Query Per Server - `zmhostname` would use the value returned, you can manual type out the servername as well :

zmprov gs `zmhostname` zimbraMtaRelayHost
zmprov gs `zmhostname` zimbraMtaDnsLookupsEnabled

Note - if you get errors about doing the query on your non-mailstores like, "ERROR: zclient.IO_ERROR (invoke Connection refused, server: localhost) (cause: java.net.ConnectException Connection refused)" then you might need to adjust this variable. First query it, it's most likely set to localhost

zmlocalconfig zimbra_zmprov_default_soap_server

If you had the error and it was set to localhost, modify it to be one of your mailstores.

zmlocalconfig -e zimbra_zmprov_default_soap_server=mailstore.example.com

No restart of anything is needed, the zmprov query should now work.

Modify Global - `zmhostname` would use the value returned, you can manual type out the servername as well :

zmprov mcf zimbraMtaRelayHost hostname-of-ext-server:PORT
 ** ex : zmprov mcf zimbraMtaRelayHost primary.YYY.state.XX.us:25
 ** At the end, 25 is the port number for smtp on the targeted system. 
 ** Adjust this number if you changed the smtp port.
zmprov mcf zimbraMtaDnsLookupsEnabled FALSE

Modify Per Server - `zmhostname` would use the value returned, you can manual type out the servername as well :

zmprov ms `zmhostname` zimbraMtaRelayHost hostname-of-ext-server:PORT
 ** ex : zmprov ms `zmhostname` zimbraMtaRelayHost primary.YYY.state.XX.us:25
 ** At the end, 25 is the port number for smtp on the targeted system. 
 ** Adjust this number if you changed the smtp port.
zmprov ms `zmhostname` zimbraMtaDnsLookupsEnabled FALSE

Confirming And Setting zimbraSmtpHostname

I'm assuming you already set, zimbraMtaRelayHost and zimbraMtaDnsLookupsEnabled for your needs - see above section. The variable called zimbraSmtpHostname is in the global (zmprov gacf) and server (zmprov gs `hostname`) configs. It's default value is set to 'localhost' - at least on a single ZCS configuration.

In cases where you need/want all mail to be processed by, for example, an external non-Zimbra spam filter box you could set this variable to the spam filter boxes hostname.

Query Global - `zmhostname` would use the value returned, you can manual type out the servername as well :

zmprov gacf zimbraSmtpHostname

Query Per Server - `zmhostname` would use the value returned, you can manual type out the servername as well :

zmprov gs `zmhostname` zimbraSmtpHostname

Note - if you get errors about doing the query on your non-mailstores like, "ERROR: zclient.IO_ERROR (invoke Connection refused, server: localhost) (cause: java.net.ConnectException Connection refused)" then you might need to adjust this variable. First query it, it's most likely set to localhost

zmlocalconfig zimbra_zmprov_default_soap_server

If you had the error and it was set to localhost, modify it to be one of your mailstores.

zmlocalconfig -e zimbra_zmprov_default_soap_server=mailstore.example.com

No restart of anything is needed, the zmprov query should now work.

Modify Global - `zmhostname` would use the value returned, you can manual type out the servername as well :

zmprov mcf zimbraSmtpHostname hostname-of-ext-server
 ** ex : zmprov mcf zimbraSmtpHostname primary.YYY.state.XX.us

Modify Per Server - `zmhostname` would use the value returned, you can manual type out the servername as well :

zmprov ms `zmhostname` zimbraSmtpHostname hostname-of-ext-server
 ** ex : zmprov ms `zmhostname` zimbraSmtpHostname primary.YYY.state.XX.us

External Email Clients Setting A SMTP Server

The above variable, zimbraSmtpHostname, will not alter your third party email clients that are setting the smtp server to your ZCS mta's. Here are your options if you also need to have that traffic to go through another device [mta, spam filter, etc.] prior to local delivery [lmtp] to an internal address.

  • Set your clients to use the another devices ip address or hostname that you set for zimbraSmtpHostname.

If you can't do the above, for whatever reason -- maybe security constraints or issues that might arise being a hosting provider, then see below.

  1. You could investigate the alternation of postfix's content_filter option to place the external device/host [a barracuda for example] within that process. postfix.org has information on this - Postfix After-Queue Content Filter. This would be unsupported by Zimbra.
  2. Contact Zimbra's Professional Services [PS] team for help.
  3. Setup another server using a mta of your choice [postfix , sendmail] that the clients can use for the smtp server variable. This "new" mta would then simply relay to the device - a barracuda box for example. The barracuda would then do what it needs to and then forwards the messages to the appropriate servers for delivery. Your ZCS mta's in the case of local delivery that would of normally occurred over lmtp - userA@domainC.com sending to userB@domainC.com .

Global Or System Wide Filters

There is no "supported" solution for this - depending on the exact circumstances. It's a complex issue because each request for "global filters" tends to be very specific on either what's to be filter, what actions are to be taken, and so forth.

RFE's Related To Global Filters

Use The Legal Intercept Method

Depending on the details of your request, using the Legal Intercept options might be useful. You could take the results that goto the LI mailbox and then perform your admin global searches against your mailbox accounts to take the appropriate action.

See Legal_Intercept

Sieve Filter Set For Every Account

One could setup a forloop for all of your users and setup a sieve filter. Downside here is the rules are editable by the users and you would have to manage the rules for new accounts going forward.

See User_Migration#Migrating_Sieve_Filter_Rules for details.

Double Check The Current Anti-Spam Options

Make sure your request can't be solved by the current solutions described in articles.

Postfix , Amavis Customizations

I've seen some posts on the forums that customers found their own workarounds by customizing postfix and amavis. This will most likely result in an unsupported situation. Unfortunately, those forum posts don't also include details that I can share here. Hopefully I can find them going forward and I'll post them here.

Global Disclaimer Options

Here's the url to review for a "current" possibility:

And in the notes section there's a comment about multi-servers:

Please note though, "This article is a community contribution and may include unsupported customizations." Meaning, it's an unsupported customization, so please take the necessary precautions.

In regards to an official and supported way to do this, please review this RFE:

Quota Issues

Where To Adjust Message User Gets When They Are Over Quota

Moved to How_To_Adjust_The_Over_Quota_Message_The_User_Receives

See Current User Qoutas

Moved to Getting_All_Users_Quota_Data

Controlling Behavior For Messages Sent To Over Quota Mailbox - LMTP

Moved to Controlling_Behavior_For_Messages_Sent_To_Over_Quota_Mailbox_-_LMTP

Controlling Behavior For Messages Sent To Over Quota Mailbox - SMTP

Moved to Controlling_Behavior_For_Messages_Sent_To_Over_Quota_Mailbox_-_SMTP

Message Senders Receive About Mailbox Over Quota

Moved to Message_Senders_Receive_About_Mailbox_Over_Quota

Quota Not Showing In Admin Console - After ZCS Upgrade

Moved to Quota_Not_Showing_In_Admin_Console_-_After_ZCS_Upgrade

Managing Postfix Queue

Moved to Managing_The_Postfix_Queues#Managing_The_Postfix_Queues

Postfix, Amavis, Clamav Spool Directory Paths And Names

Moved to Managing_The_Postfix_Queues#Postfix.2C_Amavis.2C_Clamav_Spool_Directory_Paths_And_Names

Stop And Starting Postfix And Mta

Moved to Managing_The_Postfix_Queues#Stop_And_Starting_Postfix_And_Mta

To See Postfix Queue

Moved to Managing_The_Postfix_Queues#To_See_The_Postfix_Queues

Qshape - Print Postfix queue domain and age distribution

Moved to Managing_The_Postfix_Queues#Qshape_-_Print_Postfix_queue_domain_and_age_distribution

To View A Message In The Queue

Moved to Managing_The_Postfix_Queues#To_View_A_Message_In_The_Queue

To Flush Postfix Queue

Moved to Managing_The_Postfix_Queues#To_Flush_Postfix_Queue

To Requeue Messages In Postfix

Moved to Managing_The_Postfix_Queues#To_Requeue_Messages_In_Postfix

To Put Messages On Hold

Moved to Managing_The_Postfix_Queues#To_Put_Messages_On_Hold

To Delete Messages From Queue

Moved to Managing_The_Postfix_Queues#To_Delete_Messages_From_Queue

Cautionary Note

Moved to Managing_The_Postfix_Queues#Cautionary_Note

Relevant Sections Of Postsuper Man Page

Moved to Managing_The_Postfix_Queues#Relevant_Sections_Of_Postsuper_Man_Page

To Delete Single Message From Queue

Moved to Managing_The_Postfix_Queues#To_Delete_Single_Message_From_Queue

To Delete ALL Messages From Queue

Moved to Managing_The_Postfix_Queues#To_Delete_ALL_Messages_From_Queue

To Delete ALL Messages From The Deferred Queue

Moved to Managing_The_Postfix_Queues#To_Delete_ALL_Messages_From_The_Deferred_Queue

To Delete ALL Messages From The Hold Queue

Moved to Managing_The_Postfix_Queues#To_Delete_ALL_Messages_From_The_Hold_Queue

To Delete Many Messages From Queue

Moved to Managing_The_Postfix_Queues#To_Delete_Many_Messages_From_Queue

Delete From Queue By Email Address

Moved to Managing_The_Postfix_Queues#Delete_From_Queue_By_Email_Address

From CLI

Moved to Managing_The_Postfix_Queues#From_CLI

Script To Delete From Queue By Email Address

Moved to Managing_The_Postfix_Queues#Script_To_Delete_From_Queue_By_Email_Address

Script To Delete From Queue By Various Variable Targets

Moved to Managing_The_Postfix_Queues#Script_To_Delete_From_Queue_By_Various_Variable_Targets

Verified Against: Zimbra Collaboration 8.0, 7.0 Date Created: 04/16/2014
Article ID: https://wiki.zimbra.com/index.php?title=Ajcody-Notes Date Modified: 2008-07-16



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »




Ajcody MySQL Topics

   KB 2439        Last updated on 2008-07-16  




0.00
(0 votes)
24px ‎  - This is Zeta Alliance Certified Documentation. The content has been tested by the Community.


Mysql

Actual Mysql Topics Homepage

Please see Ajcody-Mysql-Topics

Mysql Issues And Memory Usuage

My Ajcody-General-Notes#Trouble_Shooting_Memory_Issues has some stuff on memory troubleshooting - generalities.

Our performance guide for Mysql:

http://wiki.zimbra.com/index.php?title=Performance_Tuning_Guidelines_for_Large_Deployments#MySQL

Variable Within MySQL & Zimbra

These percentages below are used against physical RAM - disregard swap in the percentage division.

From the above url, we get some details.

"By default, we try to reserve 30% of system memory for use by this process, and 40% for use by MySQL."
# ZCS 5.0 and later
$ zmlocalconfig -e mailboxd_java_heap_memory_percent=40
Java - mailboxd_java_heap_memory_percent

The command to set the java percentage is:

 zmlocalconfig -e mailboxd_java_heap_memory_percent=30
Mysql - mysql_memory_percent & my.cnf w/ innodb_buffer_pool_size

Looks like there's an issue with the command/variable (zmlocalconfig -e mysql_memory_percent=##) in regards to MySQL though.

"There is a local config variable [mysql_memory_percent] for mysql memory percent, but today my.cnf doesn't get rewritten after install, so you have to edit my.cnf for this setting if you want to change it."

In summary, this variable [ mysql_memory_percent ] for MySQL is basically not working.

Do this to get memory in bytes for division numbers:

free -b

Figure out what your % in bytes using the physical memory (Mem:) output. Now edit the /opt/zimbra/conf/my.cnf file to change the following line with your memory percentage in bytes:

vi /opt/zimbra/conf/my.cnf
#Modify this var to adjust memory usage
innodb_buffer_pool_size = xxx

This will require a restart.

A GREAT forum post on this is here:

So other background info:

Mysql And Swap

See this article first before exploring the options below.

Should you have your swap file enabled while running MySQL ?

Set swappiness Kernel Var To 0

Source of this summary is here: [http://www.mysqlperformanceblog.com/2007/09/28/heikki-tuuri-to-answer-your-in-depth-innodb-questions/#comment-174442 Swappiness To 0"

Set it on running box:

echo 0 > /proc/sys/vm/swappiness

Set it to persist after reboot - vi /etc/sysctl.conf :

vm.swappiness = 0

The value is a percentage. By setting it to 100, Linux will always swap programs out and never shrink the buffer cache.

Swap Ram Disk Instead Of Disk

Source of this summary is here:

MySQL and the Linux swap problem

Make a (or some) swap disks:

mkdir /mnt/ram0
dd bs=1024 count=14634 if=/dev/zero of=/mnt/ram0/swapfile
mkswap /mnt/ram0/swapfile
swapon /mnt/ram0/swapfile

Will look like this:

[root@mail3 ~]# mkdir /mnt/ram0

[root@mail3 ~]# dd bs=1024 count=14634 if=/dev/zero of=/mnt/ram0/swapfile
14634+0 records in
14634+0 records out
14985216 bytes (15 MB) copied, 0.246329 seconds, 60.8 MB/s

[root@mail3 ~]# mkswap /mnt/ram0/swapfile 
Setting up swapspace version 1, size = 14979 kB

[root@mail3 ~]# free
             total       used       free     shared    buffers     cached
Mem:       1555472    1461200      94272          0     159400     344328
-/+ buffers/cache:     957472     598000
Swap:      2031608        104    2031504

[root@mail3 ~]# swapon /mnt/ram0/swapfile 

[root@mail3 ~]# free
             total       used       free     shared    buffers     cached
Mem:       1555472    1476252      79220          0     159404     344376
-/+ buffers/cache:     972472     583000
Swap:      2046232        104    2046128

[root@mail3 ~]# swapon -s
Filename				Type		Size	Used	Priority
/dev/mapper/VolGroup00-LogVol01         partition	2031608	104	-1
/mnt/ram0/swapfile 
                     file		14624	0	-2
[root@mail3 ~]# cat /proc/swaps 
Filename				Type		Size	Used	Priority
/dev/mapper/VolGroup00-LogVol01         partition	2031608	104	-1
/mnt/ram0/swapfile                      file		14624	0	-2


Just add those lines to your relevant startup file, like /etc/rc.d/rc.local, and it’ll persist after reboots. </pre>

O_DIRECT On Linux And INNODB To Fix Swapping

Source reference for this part is here:

Using O_DIRECT on Linux and INNODB to Fix Swap Insanity

See also: Ajcody-Mysql-Topics#IO_DIRECT_And_Ext3_On_Linux_As_Possible_Reason_For_Corruption

IO_DIRECT And Ext3 On Linux As Possible Reason For Corruption

This is being investigated. Below are my notes on the issue.

Mysql Backup And Restore

Please see the MySQL_Backup_and_Restore page.

Mysql Database Corruption/Repair/Checks

Please see the Mysql_Crash_Recovery page rather than the normal search results that give mysql-logger details.

Mysql Table Checks

Mysql Table Types - InnoDB or MyISAM

Tables are either InnoDB or MyISAM. Putting this information here because if a table is in need of repair or something, the steps to fix it might be different depending on the tables ENGINE type.

Example for MyISAM:

$ mysql -e "show create table zimbra.jiveRoster"
 [cut]
 ) ENGINE=MyISAM DEFAULT CHARSET=utf8 | 
 [cut]

Example for InnoDB:

$ mysql -e "show create table zimbra.mailbox"
 [cut]
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8 | 
 [cut]
check zimbra.mailbox database tables
$ mysql -e "check table zimbra.mailbox"
+----------------+-------+----------+----------+
| Table          | Op    | Msg_type | Msg_text |
+----------------+-------+----------+----------+
| zimbra.mailbox | check | status   | OK       | 
+----------------+-------+----------+----------+
check mboxgroup[#].mail_item table
$ mysql -e "check table mboxgroup3.mail_item"
+----------------------+-------+----------+----------+
| Table                | Op    | Msg_type | Msg_text |
+----------------------+-------+----------+----------+
| mboxgroup3.mail_item | check | status   | OK       | 
+----------------------+-------+----------+----------+
jive.Roster or zimbra.jiveUserProp Errors From Daily Report With mysqlcheck Errors
Please note, these tables are MyISAM. Don't use the below steps for other type of tables as each table might be treated differently or with extra caution. [InnoDB vs MyISAM]

Your report from /opt/zimbra/libexec/zmdbintegrityreport might give the following for example:


Database errors found.
/opt/zimbra/mysql/bin/mysqlcheck --defaults-file=/opt/zimbra/conf/my.cnf -S /opt/zimbra/db/mysql.sock
 -A -C -s -u root --password=[mysql password]
zimbra.jiveID
 warning  : 1 client is using or hasn't closed the table properly  zimbra.jiveRoster  warning  :
  1 client is using or hasn't closed the table properly  zimbra.jiveUserProp
 warning  : 2 clients are using or haven't closed the table properly

Attempt the following:

mysql -e "check table zimbra.jiveRoster" 
+-------------------+-------+----------+----------+ 
| Table             | Op    | Msg_type | Msg_text | 
+-------------------+-------+----------+----------+ 
| zimbra.jiveRoster | check | status   | OK       |  
+-------------------+-------+----------+----------+

To see if the data "looks" fine or works correctly against a select, do:

mysql -e "select * from zimbra.jiveRoster"

Note, if the above command might dump out a lot of data, try:

mysql -e "select * from zimbra.jiveRoster" > /tmp/zimbra.jiveRoster.out

Yours might show something different for Msg_text. If you need to repair, you would run:

mysql -e "repair table zimbra.jiveRoster"

You can also do the same above but replacing zimbra.jiveRoster with zimbra.jiveUserProp .

Manual Change Of Mysql Passwords

Please see:

http://wiki.zimbra.com/index.php?title=Issues_with_mysql_and_logmysql_passwords

Working Within Mysql For Accounts

Note, the mailboxId is specific to the mailstore the user resides on. The zimbraId is the users unique id system wide - zmprov ga user@domain.com zimbraId .

Other References:

Getting User Variables We Need To Query MySQL

Getting The Users mailboxId # - zmprov gmi user@domain

For Mysql, this # returned below will become apart of mailbox_id=### . Example used is mailbox_id=3 .

Note, the mailboxId is specific to the mailstore the user resides on. The zimbraId is the users unique id system wide - zmprov ga user@domain.com zimbraId .
[root@mail39 ~]# su - zimbra
[zimbra@mail39 ~]$ zmprov gmi ajcody@mail39.zimbra.DOMAIN.com
  mailboxId: 3
  quotaUsed: 169831
Getting The Users Mailstore That Their DB Resides On - zmprov ga user@domain zimbraMailHost

The mailboxId found above for the user is unique to their actual mailstore and the db that resides there. Again:

Note, the mailboxId is specific to the mailstore the user resides on. The zimbraId is the users unique id system wide - zmprov ga user@domain.com zimbraId .

To get their particular mailstore their database resides on:

$ zmprov ga ajcody@mail39.zimbra.DOMAIN.com zimbraMailHost
# name ajcody@mail39.zimbra.DOMAIN.com
zimbraMailHost: mail39.zimbra.DOMAIN.com

So you would now log onto that mailstore to do your mysql operations (searches).

Confirm zimbra_mailbox_groups Variable

Need to confirm zimbra_mailbox_groups variable to get the users mboxgroup# since we'll then need to run the expression below to determine it.

[zimbra@mail39 ~]$ zmlocalconfig zimbra_mailbox_groups
zimbra_mailbox_groups = 100
The Mysql group_id Value

The group_id is controlled by a local configuration value. It defaults to 100.

 $ zmlocalconfig zimbra_mailbox_groups
   zimbra_mailbox_groups = 100

You'll see group_id in the following:

 $ mysql -e 'SELECT * FROM zimbra.mailbox WHERE id=3\G'

 *************************** 1. row ***************************
                 id: 3
           group_id: 3

*** CUT REST OF OUTPUT ***
Get Users mboxgroup #

Finally confirming what the mboxgroup is for the user by running the following below. The mboxgroup is comprised of multiple users that are unique by way of their mailbox_id number. This is to minimize the number of db's that are needed on the mailstore, rather than doing one db per user.

3 ='s the users mailboxId
100 ='s the variable from zimbra_mailbox_groups

For Mysql, this # returned below will become apart of mboxgroup###.mail_item = mboxgroup3.mail_item

 
[zimbra@mail39 ~]$ expr 3 % 100
3

Queries Against Mysql For User Information In The zimbra DB And mailbox Table - zimbra.mailbox

By mailboxId

You'll need to know the mailboxId for the user for this. [ zmprov gmi USER@DOMAIN.com ]

Format:

$ mysql -e 'SELECT * FROM zimbra.mailbox WHERE id=<mailboxID of USER>\G'

Working example:

 $ mysql -e 'SELECT * FROM zimbra.mailbox WHERE id=3\G'

 *************************** 1. row ***************************
                 id: 3
           group_id: 3
         account_id: 3be48432-926c-4a54-bd66-3b16185a37a4
    index_volume_id: 2
 item_id_checkpoint: 339
      contact_count: 5
    size_checkpoint: 35912
  change_checkpoint: 7200
      tracking_sync: 0
      tracking_imap: 0
     last_backup_at: 1231567229
            comment: ajcody@zimbra.DOMAIN.com
   last_soap_access: 1229584283
       new_messages: 1
 idx_deferred_count: 0
By zimbraId

You'll need to know the zimbraId for the user for this.

Via zmprov:

$ zmprov ga ajcody@zimbra.DOMAIN.com zimbraId
  # name ajcody@zimbra.DOMAIN.com
  zimbraId: 3be48432-926c-4a54-bd66-3b16185a37a4

Or ldap:

$ su - zimbra
$ source ~/bin/zmshutil
$ zmsetvars
$ ldapsearch -LLL -x -H $ldap_master_url -D $zimbra_ldap_userdn -w $zimbra_ldap_password "mail=ajcody@zimbra.DOMAIN.com" zimbraId
   dn: uid=ajcody,ou=people,dc=zimbra,dc=DOMAIN,dc=com
   zimbraId: 3be48432-926c-4a54-bd66-3b16185a37a4

Format:

$ mysql -e 'SELECT * FROM zimbra.mailbox WHERE account_id=<zimbraID of USER>\G'

Working example:

 $ mysql -e 'SELECT * FROM zimbra.mailbox WHERE account_id="3be48432-926c-4a54-bd66-3b16185a37a4"\G'

 *************************** 1. row ***************************
                 id: 3
           group_id: 3
         account_id: 3be48432-926c-4a54-bd66-3b16185a37a4
    index_volume_id: 2
 item_id_checkpoint: 339
      contact_count: 5
    size_checkpoint: 35912
  change_checkpoint: 7200
      tracking_sync: 0
      tracking_imap: 0
     last_backup_at: 1231567229
            comment: ajcody@zimbra.DOMAIN.com
   last_soap_access: 1229584283
       new_messages: 1
 idx_deferred_count: 0
By Comment Field - I.E. Username

This way searches against the "comment field". The comment field is mostly correct, but it is deemed unreliable since there are some corner cases where it can be duplicated. Use it in a pinch.

Format:

$ mysql -e 'SELECT * FROM zimbra.mailbox WHERE comment LIKE "<USER>%"\G'

Working example:

 $ mysql -e 'SELECT * FROM zimbra.mailbox WHERE comment LIKE "ajcody%"\G'

 *************************** 1. row ***************************
                 id: 3
           group_id: 3
         account_id: 3be48432-926c-4a54-bd66-3b16185a37a4
    index_volume_id: 2
 item_id_checkpoint: 339
      contact_count: 5
    size_checkpoint: 35912
  change_checkpoint: 7200
      tracking_sync: 0
      tracking_imap: 0
     last_backup_at: 1231567229
            comment: ajcody@zimbra.DOMAIN.com
   last_soap_access: 1229584283
       new_messages: 1
  idx_deferred_count: 0
Show all accounts on mailstore

Show all accounts on mailstore.

$ mysql -e 'SELECT * FROM zimbra.mailbox WHERE comment LIKE "%"\G' | grep comment
           comment: admin@zimbra.DOMAIN.com
           comment: wiki@zimbra.DOMAIN.com
           comment: spam.1c4mokie@zimbra.DOMAIN.com
           comment: ham.iudu0ic_mz@zimbra.DOMAIN.com
           comment: shared-account@zimbra.DOMAIN.com
           comment: testuser@zimbra.DOMAIN.com
           comment: large-share@zimbra.DOMAIN.com
           comment: cos-user@zimbra.DOMAIN.com
           comment: arch-prod@zimbra.DOMAIN.com
Query All Users In A mboxgroup##

This is very useful, for example, if you experience corruption in one of your mboxgroup## db files when you want to see who is effected. Remember, these are unique to mailstore (group_id = mboxgroup)(id = userid). The account_id is a global variable, the comment field should reflect the account_id's email address - another global variable.

Note - I'm on a small test server, hence why only one account is showing. zimbra_mailbox_groups = 100 [default] determines the 'round-robin' behavior of assigning users to mboxgroup's

$ mysql -e 'select id, comment, account_id, group_id from zimbra.mailbox where group_id=5'
+----+-------------------------------------------+--------------------------------------+----------+
| id | comment                                   | account_id                           | group_id |
+----+-------------------------------------------+--------------------------------------+----------+
|  5 | ham.1msrt1ugis@mail37.DOMAIN.com          | 9ded4fa5-62fe-4ae4-ac14-7a8928386ea8 |        5 | 
+----+-------------------------------------------+--------------------------------------+----------+

You can also, double check, information the account_id and comment with zmprov then:

$ zmprov gmi 9ded4fa5-62fe-4ae4-ac14-7a8928386ea8
mailboxId: 5
quotaUsed: 0

$ zmprov gmi ham.1msrt1ugis@mail37.DOMAIN.com
mailboxId: 5
quotaUsed: 0

Just to be complete, below I'll list the location of the various db's in question based upon the filesystem.

$ pwd
/opt/zimbra/db/data/zimbra

$ ls mailbox*
mailbox.frm  mailbox.ibd  mailbox_metadata.frm  mailbox_metadata.ibd

$ cd ../mboxgroup5/

$ pwd
/opt/zimbra/db/data/mboxgroup5

$ ls
appointment.frm       data_source_item.ibd  imap_folder.ibd   mail_item.frm          
open_conversation.ibd  revision.frm   tombstone.ibd appointment.ibd       db.opt
imap_message.frm  mail_item.ibd          pop3_message.frm       revision.ibd
data_source_item.frm  imap_folder.frm       imap_message.ibd  
open_conversation.frm  pop3_message.ibd       tombstone.frm

Deleting An Account In Mysql

This comes up in very rare circumstances, usually when an account rename was attempted and for some reason it fails -- leaving the account in an odd state, where ldap and mysql data no longer match up. Use with extreme caution and under guidance of support staff.

The Steps To Delete User In Mysql

Caution - This Should Almost Never Need To Be Done. Usually Only Needed When Ldap Doesn't Have Account Anymore And For Some Reason Account Still Exists In Mysql

Use the above section, Ajcody-Mysql-Topics#Getting_User_Variables_We_Need_To_Query_MySQL , to get mailboxId or other needed data. The below example will most likely fail with the zmprov command because of missing data in ldap. You still might need to do the expr example below when you do your mysql delete commands.

# Fetch the user's mailbox Id
# zmprov will most likely fail in the situation where you need to do this process
# Use Ajcody-Mysql-Topics#Getting_User_Variables_We_Need_To_Query_MySQL
# alternative methods to get this variable - mailboxId

[root@]# su - zimbra
[zimbra@]$ zmprov getMailboxInfo user1@example.com
mailboxId: 11
quotaUsed: 30620 

# Fetch the user's mboxgroup Id
# Default is 100 for zimbra_mailbox_groups
$ zmlocalconfig zimbra_mailbox_groups
  zimbra_mailbox_groups = 100
# expr [mailboxId] % [zimbra_mailbox_groups]
$ expr 11 % 100
11


Each user is referenced by a unique mailboxId within Mysql. Each mailstore has it's own Mysql database and therefore the user mailboxId's are only locally unique - i.e., the id isn't a unique global variable. Replace id=#####, mboxgroup## and mailbox_id=##### with relevant data. An example might have mboxgroup77 , id=18577 and mailbox_id=18577.

[root@]# su - zimbra
[zimbra@]# mysql
mysql> SET foreign_key_checks = 0;
mysql> use mboxgroup##;
mysql> delete from appointment where mailbox_id=#####;
mysql> delete from data_source_item where mailbox_id=#####;
mysql> delete from imap_folder where mailbox_id=#####;
mysql> delete from imap_message where mailbox_id=#####;
mysql> delete from mail_item where mailbox_id=#####;
mysql> delete from open_conversation where mailbox_id=#####;
mysql> delete from pop3_message where mailbox_id=#####;
mysql> delete from revision where mailbox_id=#####;
mysql> delete from tombstone where mailbox_id=#####;
mysql> use zimbra;
mysql> delete from mailbox where id=#####;
mysql> delete from mailbox_metadata where mailbox_id=#####;
mysql> SET foreign_key_checks = 1
mysql> quit
[zimbra@]# zmprov fc account

Useful Mysql Query Examples

First - Get User Variables we need to query MySQL

Please see Ajcody-Mysql-Topics#Getting_User_Variables_We_Need_To_Query_MySQL

Mysql Query For A Users Specific Blob-Data ID

Query of Mysql against users mboxgroup [mboxgroup#.mail_item] for a SPECIFIC message [id=#]

Note, in this case, the users mailbox_id isn't necessary
[zimbra@mail39 ~]$ mysql -e 'SELECT * FROM mboxgroup3.mail_item WHERE id=321\G'
*************************** 1. row ***************************
  mailbox_id: 3
          id: 321
        type: 5
   parent_id: NULL
   folder_id: 5
    index_id: 321
     imap_id: 321
        date: 1281984004
        size: 448
   volume_id: 1
 blob_digest: 0pe,M6lHRy4KBXbIyEeR7AJzfkA=
      unread: 0
       flags: 8193
        tags: 0
      sender: Adam Cody
     subject: test w mobile sending
        name: NULL
    metadata: d1:f0:1:s45:Adam Cody <ajcody@mail39.zimbra.DOMAIN.com>1:t32:admin@mail38.zimbra.DOMAIN.com1:vi10ee
mod_metadata: 21394
 change_date: 1281984004
 mod_content: 21394
Content Of Message Example Above As On Filesystem
How To Locate Users Mailstore and Message Store Directory

The basics:

  • $ zmprov ga USER@DOMAIN zimbraMailHost
  • $ zmprov gmi USER@DOMAIN
    • Note the mailboxId for the user.
  • Then ssh to the zimbraMailHost the user is on.
  • $ zmvolume -l
    • Confirm the path for the primaryMessage volume, default is /opt/zimbra/store .
  • cd to the primaryMessage volume path, example uses the default path.
    • $ cd /opt/zimbra/store
    • find . -maxdepth 2 -name [replace with the mailboxId of the user] -print
    • or do perl -e 'print mailboxId# >> 12 ; print "\n"'
  • You can now cd to the users msg directory.

Working example:

 $ zmprov ga userA@DOMAIN zimbraMailHost
    # name userA@mail71.DOMAIN.com
    zimbraMailHost: mail71.DOMAIN.com

[I'm already on the zimbraMailHost for this user, no need to ssh to it]

 $ zmprov gmi userA@DOMAIN
    mailboxId: 17
   quotaUsed: 2032

 $ zmvolume -l
   Volume id: 1
        name: message1
        type: primaryMessage
        path: /opt/zimbra/store
  compressed: false
     current: true

   Volume id: 2
        name: index1
        type: index
        path: /opt/zimbra/index
  compressed: false
     current: true

 $ find . -maxdepth 2 -name 17 -print
   ./0/17

or to find the top directory the user directory is in:

$ perl -e 'print 17 >> 12 ; print "\n"'                                                                                                   
0                                                

 $ cd 0/17/msg/

 $ find . -name \*.msg -print        
   ./0/268-751.msg
   ./0/269-756.msg
   ./0/306-2119.msg
The Message On The Filesystem - id index_id imap_id

Change directory to the users root directory under your mailstores 'store' path. Default is /opt/zimbra/store , this example user is under /opt/zimbra/store/0/3 . Everything under that is "theirs".

[zimbra@mail39 0]$ pwd
/opt/zimbra/store/0/3/msg/0

[zimbra@mail39 0]$ ls
267-9778.msg  280-13700.msg  287-13743.msg  291-13777.msg  295-13763.msg  300-13771.msg  305-13784.msg
268-9780.msg  283-13715.msg  288-13747.msg  292-13758.msg  296-13764.msg  301-13774.msg  307-13791.msg
269-9782.msg  284-13740.msg  289-13752.msg  293-13759.msg  297-13765.msg  302-13775.msg  320-21392.msg
270-9854.msg  285-13741.msg  290-13755.msg  294-13760.msg  299-13769.msg  304-13782.msg  321-21394.msg

In our example above, we used "WHERE id=321". Remember, "id=321" is correlated to the 321 in the filename, 321-21394.msg. Also, you'll notice there's actually 3 matches :

  • id: 321
  • index_id: 321
  • imap_id: 321
mod_metadata And mod_content

From the output above, you see two matches for 21394 - remember, filename is 321-21394.msg :

  • mod_metadata: 21394
    • mod_metadata might not as there are changes exclusively in the db.
      • For example - marking read/unread, tagging, flagging, moving to a new folder, etc..
  • mod_content: 21394
    • mod_content should always be reflected in the filename on the system
      • mod_content is updated, for example, when saving a draft, editing a briefcase document, etc.
        • Note : "Edit As New" on a message actually creates a new file on the filesystem and uses a different id .
        • In ZCS6+ , using the "Remove Attachments" option on an email with attachments would most likely alter the mod_content number as well.

Notice that the main difference between the two is where changes are only exclusively made in the db vs. a change that would necessary alter the "file".

If I then "tag" the message in ZWC for this message, you'll notice the mod_metadata is altered to 23826 but mod_content and the filename on the fs still uses 21394 . Notice as well, "tags: 0" was now changed to "tags: 1" .

[zimbra@mail39 data]$ mysql -e 'SELECT * FROM mboxgroup3.mail_item WHERE id=321\G'
*************************** 1. row ***************************
  mailbox_id: 3
          id: 321
        type: 5
   parent_id: NULL
   folder_id: 5
    index_id: 321
     imap_id: 321
        date: 1281984004
        size: 448
   volume_id: 1
 blob_digest: 0pe,M6lHRy4KBXbIyEeR7AJzfkA=
      unread: 0
       flags: 1
        tags: 1
      sender: Adam Cody
     subject: test w mobile sending
        name: NULL
    metadata: d1:f0:1:s45:Adam Cody <ajcody@mail39.zimbra.DOMAIN.com>1:t32:admin@mail38.zimbra.DOMAIN.com1:vi10ee
mod_metadata: 23826
 change_date: 1282864623
 mod_content: 21394

$ cd /opt/zimbra/store/0/3/msg/0

$ ls -la 321*
-rw-r----- 1 zimbra zimbra 448 Aug 16 14:40 321-21394.msg
Mysql Query For date And change_date For ALL id's For A Specific User

Another item to point out in this example is the change_date and date fields. Notice that change_date has changed compared to the first time we ran the query. The change_date use to match the date variable number - date: 1281984004 . This field, change_date, is updated when the item has 'changed', not necessarily a mod_metadata type change -- that might be reflected in the time stamp of the file on the filesystem.

date: 1281984004
change_date: 1281984004
vs. after we applies a 'tag' to message
date: 1281984004
change_date: 1282864623

To convert that into a 'normal' readable time format, using perl:

# perl -e 'print localtime(1281984004). "\n"'
   Mon Aug 16 14:40:04 2010
 *** Which matches the ls -la time above. ***

vs.

# perl -e 'print localtime(1282864623). "\n"'
   Thu Aug 26 19:17:03 2010  
 *** Which is the time I tagged the message in ZWC. ***

To translate Thursday Aug 26 2010 19:17:03 to epoch seconds and back again, for example [Replace '-d' with '-ud' for GMT/UTC time]:

# date +%s -d "08/26/2010 19:17:03"
   1282864623

or

# date +%s -ud "Thu Aug 26 19:17:03 EDT 2010"
   1282864623

And to prove the conversion goes back again with the date command:

# date -d @1282864623
   Thu Aug 26 19:17:03 EDT 2010

Another reference is, the from_unixtime() and unix_timestamp() mysql functions - see :

Examples within mysql:

$ mysql -e 'SELECT UNIX_TIMESTAMP("2010-08-26 19:17:03")'
  +---------------------------------------+
  | UNIX_TIMESTAMP("2010-08-26 19:17:03") |
  +---------------------------------------+
  |                            1282864623 | 
  +---------------------------------------+

And back again:

$ mysql -e 'SELECT FROM_UNIXTIME(1282864623)'
  +---------------------------+
  | FROM_UNIXTIME(1282864623) |
  +---------------------------+
  | 2010-08-26 19:17:03       | 
  +---------------------------+

An example mysql search query using this format:

$ mysql -e 'SELECT * FROM mboxgroup3.mail_item WHERE mailbox_id=3 AND change_date=(SELECT UNIX_TIMESTAMP("2010-08-26 19:17:03"))\G'

This might be useful if you find yourself wanting to query against the change_date for a particular user and see what messages were altered at that time or time range. Example might be, where the user is reporting their "problem" occurring at a certain time or during a time range.

A search against the change_date field and mailbox_id we've been discussing here, shows:

$ mysql -e 'SELECT * FROM mboxgroup3.mail_item WHERE mailbox_id=3 AND change_date=1282864623\G'
*************************** 1. row ***************************
  mailbox_id: 3
          id: 64
        type: 3
   parent_id: NULL
   folder_id: 8
    index_id: NULL
     imap_id: NULL
        date: 1282864623
        size: 0
   volume_id: NULL
 blob_digest: NULL
      unread: NULL
       flags: 0
        tags: 0
      sender: NULL
     subject: Test-Tag
        name: Test-Tag
    metadata: d1:vi10ee
mod_metadata: 23825
 change_date: 1282864623
 mod_content: 23825
*************************** 2. row ***************************
  mailbox_id: 3
          id: 321
        type: 5
   parent_id: NULL
   folder_id: 5
    index_id: 321
     imap_id: 321
        date: 1281984004
        size: 448
   volume_id: 1
 blob_digest: 0pe,M6lHRy4KBXbIyEeR7AJzfkA=
      unread: 0
       flags: 1
        tags: 1
      sender: Adam Cody
     subject: test w mobile sending
        name: NULL
    metadata: d1:f0:1:s45:Adam Cody <ajcody@mail39.zimbra.DOMAIN.com>1:t32:admin@mail38.zimbra.DOMAIN.com1:vi10ee
mod_metadata: 23826
 change_date: 1282864623
 mod_content: 21394

See how we also identified the 'tag' entry, id: 64 type: 3 , that was made as the id=321 type=5 was altered.

To search by a range of the change_date variable. Notice the syntax of :

  • change_date>=1282864600  ; meaning greater than or equal to
    • we could also use this instead, change_date>=(SELECT UNIX_TIMESTAMP("2010-08-26 19:17:03")
  • change_date<=1282865366  ; meaning less than or equal to
    • we could also use this instead, change_date<=(SELECT UNIX_TIMESTAMP("2010-08-26 19:29:26")
$ mysql -e 'SELECT * FROM mboxgroup3.mail_item WHERE mailbox_id=3 AND change_date>=1282864600 AND change_date<=1282865366\G'
*************************** 1. row ***************************
  mailbox_id: 3
          id: 64
        type: 3
   parent_id: NULL
   folder_id: 8
    index_id: NULL
     imap_id: NULL
        date: 1282864623
        size: 0
   volume_id: NULL
 blob_digest: NULL
      unread: NULL
       flags: 0
        tags: 0
      sender: NULL
     subject: Test-Tag
        name: Test-Tag
    metadata: d1:vi10ee
mod_metadata: 23825
 change_date: 1282864623
 mod_content: 23825
*************************** 2. row ***************************
  mailbox_id: 3
          id: 321
        type: 5
   parent_id: NULL
   folder_id: 5
    index_id: 321
     imap_id: 321
        date: 1281984004
        size: 448
   volume_id: 1
 blob_digest: 0pe,M6lHRy4KBXbIyEeR7AJzfkA=
      unread: 0
       flags: 1
        tags: 1
      sender: Adam Cody
     subject: test w mobile sending
        name: NULL
    metadata: d1:f0:1:s45:Adam Cody <ajcody@mail39.zimbra.DOMAIN.com>1:t32:admin@mail38.zimbra.DOMAIN.com1:vi10ee
mod_metadata: 23826
 change_date: 1282864623
 mod_content: 21394
*************************** 3. row ***************************
  mailbox_id: 3
          id: 323
        type: 5
   parent_id: NULL
   folder_id: 6
    index_id: 323
     imap_id: 323
        date: 1282865366
        size: 444
   volume_id: 1
 blob_digest: l5E3l5rbE5XUzHcp+hRNkN1E7os=
      unread: 0
       flags: 65
        tags: 0
      sender: Adam Cody
     subject: test w mobile sending - edit as new
        name: NULL
    metadata: d1:dd2:do3:3214:idnt36:db166bd3-2405-49d2-aa38-91159a3c9302e1:f4:test1:s45:Adam Cody <ajcody@mail39.zimbra.DOMAIN.com>1:t32:admin@mail38.zimbra.DOMAIN.com1:vi10ee
mod_metadata: 23829
 change_date: 1282865366
 mod_content: 23829
Confirming subject Matches Subject Line In Message

You'll see that the message 321-21394.msg on the filesystem also matches the output we had with our mysql query - compare the Subject line.

[zimbra@mail39 0]$ head 321-21394.msg
Date: Mon, 16 Aug 2010 14:40:04 -0400 (EDT)
From: Adam Cody <ajcody@mail39.zimbra.DOMAIN.com>
To: admin@mail38.zimbra.DOMAIN.com
Message-ID: <27950055.531281984004882.JavaMail.root@mail39.zimbra.DOMAIN.com>
Subject: test w mobile sending
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Originating-IP: [192.168.0.13]
X-Mailer: Zimbra 5.0.23_GA_3242.RHEL5 (zclient/5.0.23_GA_3242.RHEL5)

This is a good field to query against also. See Mysql Query For Subject Line In Message Of A Specific User.

Mysql Query For Subject Line In Message Of A Specific User

This is a good field to query against, depending on your circumstances. User's have very little information from their end, ZWC, that correlates into the mysql fields we've been discussing [generally speaking]. They can't see the message id as needed for id= in mboxgroup#.mail_item. Let's say you only have the mailbox_id of the user, therefor the mboxgroup#, and the Subject line of the message in question. You would do something like the following:

$ mysql -e 'SELECT * FROM mboxgroup3.mail_item WHERE mailbox_id=3 AND subject="test w mobile sending"\G'
*************************** 1. row ***************************
  mailbox_id: 3
          id: 321
        type: 5
   parent_id: NULL
   folder_id: 5
    index_id: 321
     imap_id: 321
        date: 1281984004
        size: 448
   volume_id: 1
 blob_digest: 0pe,M6lHRy4KBXbIyEeR7AJzfkA=
      unread: 0
       flags: 1
        tags: 1
      sender: Adam Cody
     subject: test w mobile sending
        name: NULL
    metadata: d1:f0:1:s45:Adam Cody <ajcody@mail39.zimbra.DOMAIN.com>1:t32:admin@mail38.zimbra.DOMAIN.com1:vi10ee
mod_metadata: 23826
 change_date: 1282864623
 mod_content: 21394

Mysql Query For ALL Message ID's Of A User

As you'll see in the above query, it has type=5 . Description of mboxgroup[#].mail_item Type shows that type 5 is 'messages'.

[zimbra@mail39 ~]$ mysql -e 'SELECT * FROM mboxgroup3.mail_item WHERE mailbox_id=3 AND type=5\G'
*************************** 1. row ***************************
  mailbox_id: 3
          id: 261
        type: 5
   parent_id: 263
   folder_id: 5
    index_id: 261
     imap_id: 261
        date: 1273609779
        size: 458
   volume_id: 3
 blob_digest: baQatWGZSt5THO6tAGImpEOqVQY=
      unread: 0
       flags: 1
        tags: 0
      sender: Adam Cody
     subject: test test
        name: NULL
    metadata: d1:f9:test test1:s45:Adam Cody <ajcody@mail39.zimbra.DOMAIN.com>1:t45:Adam Cody <ajcody@mail39.zimbra.DOMAIN.com>1:vi10ee
mod_metadata: 6216
 change_date: 1273609779
 mod_content: 6215
*************************** 2. row ***************************
  mailbox_id: 3
          id: 262
        type: 5
   parent_id: 263
   folder_id: 2
    index_id: 262
     imap_id: 262
        date: 1273609779
        size: 1599
   volume_id: 3
 blob_digest: s2BgZHas3+fgRhBYpIHv7uAEuCY=
      unread: 0
       flags: 0
        tags: 0
      sender: Adam Cody
     subject: test test
        name: NULL
    metadata: d1:f9:test test1:s45:Adam Cody <ajcody@mail39.zimbra.DOMAIN.com>1:vi10ee
mod_metadata: 6217
 change_date: 1273609784
 mod_content: 6216
*************************** 3. row ***************************
  mailbox_id: 3
          id: 264
        type: 5
   parent_id: NULL
   folder_id: 2
    index_id: 264
     imap_id: 264
        date: 1273610021
        size: 3467
   volume_id: 3
 blob_digest: n,VKvXmfL,jiA6kC8zE2g3TkWuM=
      unread: 0
       flags: 0
        tags: 0
      sender: Test User
     subject: test html
        name: NULL
    metadata: d1:f14:BOLD Underline1:s43:Test User <test@mail39.zimbra.DOMAIN.com>1:vi10ee
mod_metadata: 6220
 change_date: 1273610084
 mod_content: 6219
*************************** 4. row ***************************
cut -- it then continues for all the messages that exist for this account

Mysql Query For ALL Message ID's In A Particular Folder Of A User

As you'll see in the above query, it has type=5 . Description of mboxgroup[#].mail_item Type shows that type 5 is 'messages'.

Get folder_id Number And Description

One way to get the folder_id is to use the zmmailbox against the user to find the id# that we want.

[zimbra@mail39 ~]$ zmmailbox -z -m ajcody@mail39.zimbra.DOMAIN.com gaf
        Id  View      Unread   Msg Count  Path
----------  ----  ----------  ----------  ----------
         1  conv           0           0  / ()
        16  docu           0           1  /Briefcase ()
        10  appo           0           1  /Calendar ()
        14  mess           0           6  /Chats ()
         7  cont           0           1  /Contacts ()
         6  mess           0           1  /Drafts ()
        13  cont           0           2  /Emailed Contacts ()
         2  mess          10          19  /Inbox ()
         4  mess           0           0  /Junk ()
        12  wiki           0           0  /Notebook ()
         5  mess           0           6  /Sent ()
        15  task           0           0  /Tasks ()
         3  conv           0           0  /Trash ()

Or we could use a mysql query to get the output of the descriptions as well. folder_type=1 if for "Folders" and instead of selecting * , we'll use "id,name".

[zimbra@mail39 ~]$ mysql -e 'SELECT id,name FROM mboxgroup3.mail_item WHERE mailbox_id=3 AND type=1\G'
*************************** 1. row ***************************
  id: 1
name: USER_ROOT
*************************** 2. row ***************************
  id: 2
name: Inbox
*************************** 3. row ***************************
  id: 3
name: Trash
*************************** 4. row ***************************
  id: 4
name: Junk
*************************** 5. row ***************************
  id: 5
name: Sent
*************************** 6. row ***************************
  id: 6
name: Drafts
*************************** 7. row ***************************
  id: 7
name: Contacts
*************************** 8. row ***************************
  id: 8
name: Tags
*************************** 9. row ***************************
  id: 9
name: Conversations
*************************** 10. row ***************************
  id: 10
name: Calendar
*************************** 11. row ***************************
  id: 11
name: ROOT
*************************** 12. row ***************************
  id: 12
name: Notebook
*************************** 13. row ***************************
  id: 13
name: Emailed Contacts
*************************** 14. row ***************************
  id: 14
name: Chats
*************************** 15. row ***************************
  id: 15
name: Tasks
*************************** 16. row ***************************
  id: 16
name: Briefcase
The Query For ALL Message ID's In A Particular Folder Of A User

Now we'll setup the query to also use the folder_id. In this example folder_id=5 for the users "Sent" folder.

[zimbra@mail39 ~]$ mysql -e 'SELECT * FROM mboxgroup3.mail_item WHERE mailbox_id=3 AND type=5 AND folder_id=5\G'
*************************** 1. row ***************************
  mailbox_id: 3
          id: 261
        type: 5
   parent_id: 263
   folder_id: 5
    index_id: 261
     imap_id: 261
        date: 1273609779
        size: 458
   volume_id: 3
 blob_digest: baQatWGZSt5THO6tAGImpEOqVQY=
      unread: 0
       flags: 1
        tags: 0
      sender: Adam Cody
     subject: test test
        name: NULL
    metadata: d1:f9:test test1:s45:Adam Cody <ajcody@mail39.zimbra.DOMAIN.com>1:t45:Adam Cody <ajcody@mail39.zimbra.DOMAIN.com>1:vi10ee
mod_metadata: 6216
 change_date: 1273609779
 mod_content: 6215
*************************** 2. row ***************************
  mailbox_id: 3
          id: 281
        type: 5
   parent_id: 286
   folder_id: 5
    index_id: 281
     imap_id: 281
        date: 1277122331
        size: 463
   volume_id: 3
 blob_digest: LifXXOMYCgjFsIj,+bsxi0cboOQ=
      unread: 0
       flags: 1
        tags: 0
      sender: Adam Cody
     subject: test mail39
        name: NULL
    metadata: d1:f0:1:s45:Adam Cody <ajcody@mail39.zimbra.DOMAIN.com>1:t33:ajcody@mail59.zimbra.DOMAIN.com1:vi10ee
mod_metadata: 13741
 change_date: 1278082563
 mod_content: 13701
*************************** 3. row ***************************
  mailbox_id: 3
          id: 297
        type: 5
   parent_id: 286
   folder_id: 5
    index_id: 297
     imap_id: 297
        date: 1278084134
        size: 14896
   volume_id: 1
 blob_digest: 66QUCgivALxwGk+p3hnQ4viVZXU=
      unread: 0
       flags: 8195
        tags: 0
      sender: Adam Cody
     subject: test mail39
        name: NULL
    metadata: d1:f22:-- Original Message --1:p4:Re: 1:s45:Adam Cody <ajcody@mail39.zimbra.DOMAIN.com>1:t45:Adam Cody <ajcody@mail59.zimbra.DOMAIN.com>1:vi10ee
mod_metadata: 13765
 change_date: 1278084134
 mod_content: 13765
*************************** 4. row ***************************


cut -- it then continues for all the messages that exist for this account

The Query For ALL Appointments For A Particular User

$ mysql -e 'SELECT * FROM mboxgroup3.appointment WHERE mailbox_id=3\G'
*************************** 1. row ***************************
mailbox_id: 3
       uid: 3252c10b-b889-41ab-bbea-e07eafba0d76
   item_id: 325
start_time: 2010-08-27 18:55:00
  end_time: 2010-08-27 20:00:00
*************************** 2. row ***************************
mailbox_id: 3
       uid: 87fa4fc8-70c6-4459-9d3d-e139c0f6e64a
   item_id: 266
start_time: 2010-06-01 17:40:00
  end_time: 2010-06-01 18:00:00

The only relationship I find so far at this point with the above data to 'other' areas within ZCS in regards to mysql or the filesystem is the UID [ 3252c10b-b889-41ab-bbea-e07eafba0d76 ] above will be the UID as well in the ics format that will be in the message that is sent. And that messages will be on the filesystem under the user's store directory path. The message filename was 326-24060.msg - which doesn't match the item_id [325] .

$ pwd
/opt/zimbra/store/0/3/msg/0

$ grep 3252c10b-b889-41ab-bbea-e07eafba0d76 *
326-24060.msg:UID:3252c10b-b889-41ab-bbea-e07eafba0d76

$ ls -la 326-24060.msg 
-rw-r----- 1 zimbra zimbra 4619 Aug 27 18:04 326-24060.msg

$ cat 326-24060.msg

## CUT ###
BEGIN:VEVENT
UID:3252c10b-b889-41ab-bbea-e07eafba0d76
SUMMARY:Test for Mysql Query
LOCATION:My office
ATTENDEE;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=TRUE:mailto:admin@m
 ail39.zimbra.DOMAIN.com
ORGANIZER;CN=Adam Cody:mailto:ajcody@mail39.zimbra.DOMAIN.com
DTSTART;TZID="(GMT-06.00) Central Time (US & Canada)":20100827T180000
DTEND;TZID="(GMT-06.00) Central Time (US & Canada)":20100827T190000
### ###

Mail Items Received Per Day

Actually saw this query from a customer in a case, thought it might be useful for others. Example uses mboxgroup3 and mailbox_id3 , you would adjust that for your own purposes.

$ mysql

mysql> connect mboxgroup3;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Connection id:    18414
Current database: mboxgroup3

mysql> select FROM_UNIXTIME( date, '%d %m %Y'), count(*) from mail_item where mailbox_id=3 group by  FROM_UNIXTIME( date, '%d %m %Y') order by  date;

+----------------------------------+----------+
| FROM_UNIXTIME( date, '%d %m %Y') | count(*) |
+----------------------------------+----------+
| 13 09 2010                       |       17 | 
| 14 09 2010                       |        5 | 
| 15 09 2010                       |        4 | 
| 16 09 2010                       |        4 | 
| 17 09 2010                       |        4 | 
+----------------------------------+----------+
5 rows in set (0.00 sec)

mysql>

All Blobs Associated With A Particular Volume ID

Assumptions to the command below. There's 100 mboxgroups and the volume we are searching for is volume id 3 [zmvolume -l] . Also, this was against ZCS 8.6 - which uses locator instead of volume_id field. Older versions of ZCS will need to swap locator below to read volume_id .

for i in `seq 100`; do mysql --skip-column-names -e "SELECT CONCAT_WS(',',mailbox_id,id,locator) \
FROM mboxgroup$i.mail_item WHERE locator=1" ; done >> /tmp/locator.txt

Mysql Tables

zimbra database

SHOW zimbra Database Tables

This output shows the tables of the zimbra database. From ZCS 8.6 :

mysql -e 'SHOW tables FROM zimbra'
+-------------------+
| Tables_in_zimbra  |
+-------------------+
| config            |
| current_sessions  |
| current_volumes   |
| deleted_account   |
| mailbox           |
| mailbox_metadata  |
| mobile_devices    |
| out_of_office     |
| pending_acl_push  |
| scheduled_task    |
| service_status    |
| table_maintenance |
| volume            |
| volume_blobs      |
+-------------------+
DESCRIBE zimbra.mailbox Database Table

Description of the zimbra.mailbox table in the zimbra database. From ZCS 8.6 :

mysql -e 'DESCRIBE zimbra.mailbox'
+----------------------+---------------------+------+-----+---------+-------+
| Field                | Type                | Null | Key | Default | Extra |
+----------------------+---------------------+------+-----+---------+-------+
| id                   | int(10) unsigned    | NO   | PRI | NULL    |       |
| group_id             | int(10) unsigned    | NO   |     | NULL    |       |
| account_id           | varchar(127)        | NO   | UNI | NULL    |       |
| index_volume_id      | tinyint(3) unsigned | NO   | MUL | NULL    |       |
| item_id_checkpoint   | int(10) unsigned    | NO   |     | 0       |       |
| contact_count        | int(10) unsigned    | YES  |     | 0       |       |
| size_checkpoint      | bigint(20) unsigned | NO   |     | 0       |       |
| change_checkpoint    | int(10) unsigned    | NO   |     | 0       |       |
| tracking_sync        | int(10) unsigned    | NO   |     | 0       |       |
| tracking_imap        | tinyint(1)          | NO   |     | 0       |       |
| last_backup_at       | int(10) unsigned    | YES  | MUL | NULL    |       |
| comment              | varchar(255)        | YES  |     | NULL    |       |
| last_soap_access     | int(10) unsigned    | NO   |     | 0       |       |
| new_messages         | int(10) unsigned    | NO   |     | 0       |       |
| idx_deferred_count   | int(11)             | NO   |     | 0       |       |
| highest_indexed      | varchar(21)         | YES  |     | NULL    |       |
| version              | varchar(16)         | YES  |     | NULL    |       |
| last_purge_at        | int(10) unsigned    | NO   |     | 0       |       |
| itemcache_checkpoint | int(10) unsigned    | NO   |     | 0       |       |
+----------------------+---------------------+------+-----+---------+-------+
Example Of User Information Of zimbra.mailbox

I use both the user's :

{ldap} mailboxId equals id {mysql}
remember, this is for the zimbra.mailbox and not the mboxgroup# db, for mboxgroup# you would use mailbox_id.
{ldap} zimbraId equals account_id {mysql}

below in this example.

Example is from ZCS 8.6

$ zmprov gmi user1@`zmhostname`
mailboxId: 7
quotaUsed: 17000


$ mysql -e 'SELECT * FROM zimbra.mailbox WHERE id=7\G'
*************************** 1. row ***************************
                  id: 7
            group_id: 7
          account_id: 2aa65168-7b18-4b13-b0e5-a91e4cd87bf5
     index_volume_id: 2
  item_id_checkpoint: 266
       contact_count: 0
     size_checkpoint: 17000
   change_checkpoint: 800
       tracking_sync: 0
       tracking_imap: 0
      last_backup_at: 1423893615
             comment: user1@ldap2.zimbra.DOMAIN.com
    last_soap_access: 0
        new_messages: 10
  idx_deferred_count: 0
     highest_indexed: NULL
             version: 2.7
       last_purge_at: 1424184635
itemcache_checkpoint: 0

$ zmprov ga user1@`zmhostname` zimbraId
# name user1@ldap2.zimbra.homeunix.com
zimbraId: 2aa65168-7b18-4b13-b0e5-a91e4cd87bf5

$ mysql -e 'SELECT * FROM zimbra.mailbox WHERE account_id="2aa65168-7b18-4b13-b0e5-a91e4cd87bf5"\G'
*************************** 1. row ***************************
                  id: 7
            group_id: 7
          account_id: 2aa65168-7b18-4b13-b0e5-a91e4cd87bf5
     index_volume_id: 2
  item_id_checkpoint: 266
       contact_count: 0
     size_checkpoint: 17000
   change_checkpoint: 800
       tracking_sync: 0
       tracking_imap: 0
      last_backup_at: 1423893615
             comment: user1@ldap2.zimbra.DOMAIN.com
    last_soap_access: 0
        new_messages: 10
  idx_deferred_count: 0
     highest_indexed: NULL
             version: 2.7
       last_purge_at: 1424184635
itemcache_checkpoint: 0

mboxgroup[#] database

Users are associated with a mboxgroup database. Each mboxgroup database will be comprised of multiple users, the users and their data are unique by way for the mailbox_id of the user.

SHOW mboxgroup[#] Database Tables

This output shows the tables of the mboxgroup# database. From ZCS 8.6 :

$ mysql -e 'SHOW tables FROM mboxgroup7'
+----------------------+
| Tables_in_mboxgroup7 |
+----------------------+
| appointment          |
| appointment_dumpster |
| data_source_item     |
| imap_folder          |
| imap_message         |
| mail_item            |
| mail_item_dumpster   |
| open_conversation    |
| pop3_message         |
| revision             |
| revision_dumpster    |
| tag                  |
| tagged_item          |
| tombstone            |
+----------------------+
DESCRIBE mboxgroup[#].mail_item Database Table

Description of the mail_item table in the mboxgroup# database. From ZCS 8.6 :

$ mysql -e 'DESCRIBE mboxgroup7.mail_item'
+--------------+---------------------+------+-----+---------+-------+
| Field        | Type                | Null | Key | Default | Extra |
+--------------+---------------------+------+-----+---------+-------+
| mailbox_id   | int(10) unsigned    | NO   | PRI | NULL    |       |
| id           | int(10) unsigned    | NO   | PRI | NULL    |       |
| type         | tinyint(4)          | NO   |     | NULL    |       |
| parent_id    | int(10) unsigned    | YES  |     | NULL    |       |
| folder_id    | int(10) unsigned    | YES  |     | NULL    |       |
| prev_folders | text                | YES  |     | NULL    |       |
| index_id     | int(10) unsigned    | YES  |     | NULL    |       |
| imap_id      | int(10) unsigned    | YES  |     | NULL    |       |
| date         | int(10) unsigned    | NO   |     | NULL    |       |
| size         | bigint(20) unsigned | NO   |     | NULL    |       |
| locator      | varchar(1024)       | YES  |     | NULL    |       |
| blob_digest  | varchar(44)         | YES  |     | NULL    |       |
| unread       | int(10) unsigned    | YES  |     | NULL    |       |
| flags        | int(11)             | NO   |     | 0       |       |
| tags         | bigint(20)          | NO   |     | 0       |       |
| tag_names    | text                | YES  |     | NULL    |       |
| sender       | varchar(128)        | YES  |     | NULL    |       |
| recipients   | varchar(128)        | YES  |     | NULL    |       |
| subject      | text                | YES  |     | NULL    |       |
| name         | varchar(255)        | YES  |     | NULL    |       |
| metadata     | mediumtext          | YES  |     | NULL    |       |
| mod_metadata | int(10) unsigned    | NO   |     | NULL    |       |
| change_date  | int(10) unsigned    | YES  |     | NULL    |       |
| mod_content  | int(10) unsigned    | NO   |     | NULL    |       |
| uuid         | varchar(127)        | YES  |     | NULL    |       |
+--------------+---------------------+------+-----+---------+-------+
Description of mboxgroup[#].mail_item Type

Ref: /source/xref/zimbra-zcs-JUDASPRIEST-860/ZimbraServer/src/java/com/zimbra/cs/mailbox/MailItem.java


75 public abstract class MailItem implements Comparable<MailItem>, ScheduledTaskResult {
76
77    public enum Type {
78        UNKNOWN(-1),
79        /** Item is a standard {@link Folder}. */
80        FOLDER(1),
81        /** Item is a saved search {@link SearchFolder}. */
82        SEARCHFOLDER(2),
83        /** Item is a user-created {@link Tag}. */
84        TAG(3),
85        /** Item is a real, persisted {@link Conversation}. */
86        CONVERSATION(4),
87        /** Item is a mail {@link Message}. */
88        MESSAGE(5),
89        /** Item is a {@link Contact}. */
90        CONTACT(6),
91        /** Item is a {@link InviteMessage} with a {@code text/calendar} MIME part. */
92        @Deprecated INVITE(7),
93        /** Item is a bare {@link Document}. */
94        DOCUMENT(8),
95        /** Item is a {@link Note}. */
96        NOTE(9),
97        /** Item is a memory-only system {@link Flag}. */
98        FLAG(10),
99        /** Item is a calendar {@link Appointment}. */
100        APPOINTMENT(11),
101        /** Item is a memory-only, 1-message {@link VirtualConversation}. */
102        VIRTUAL_CONVERSATION(12),
103        /** Item is a {@link Mountpoint} pointing to a {@link Folder}, possibly in another user's {@link Mailbox}. */
104        MOUNTPOINT(13),
105        /** Item is a {@link WikiItem} */
106        @Deprecated WIKI(14),
107        /** Item is a {@link Task} */
108        TASK(15),
109        /** Item is a {@link Chat} */
110        CHAT(16),
111        /** Item is a {@link Comment} */
112        COMMENT(17),
113        /** Item is a {@link Link} pointing to a {@link Document} */
114        LINK(18);
115
DESCRIBE mboxgroup[#].appointment Database Table

Description of the appointment table in the mboxgroup# database.

$ mysql -e 'DESCRIBE mboxgroup7.appointment'
+------------+------------------+------+-----+---------+-------+
| Field      | Type             | Null | Key | Default | Extra |
+------------+------------------+------+-----+---------+-------+
| mailbox_id | int(10) unsigned | NO   | PRI | NULL    |       |
| uid        | varchar(255)     | NO   | PRI | NULL    |       |
| item_id    | int(10) unsigned | NO   |     | NULL    |       |
| start_time | datetime         | NO   |     | NULL    |       |
| end_time   | datetime         | YES  |     | NULL    |       |
+------------+------------------+------+-----+---------+-------+

Mysql Database Location On Filesystem

mboxgroup# Database Default Example for ZCS5

Using my examples above of the mboxgroup3 .

[zimbra@mail39 data]$ pwd
/opt/zimbra/db/data

[zimbra@mail39 data]$ ls -F
backup/  ib_logfile0  ib_logfile1  ibdata1  mboxgroup1/  mboxgroup2/  mboxgroup3/  mboxgroup4/  mboxgroup5/  mboxgroup6/  mysql/  test/  zimbra/

[zimbra@mail39 data]$ ls mboxgroup3/
appointment.frm       data_source_item.ibd  imap_folder.ibd   mail_item.frm          open_conversation.ibd  revision.frm   tombstone.ibd
appointment.ibd       db.opt                imap_message.frm  mail_item.ibd          pop3_message.frm       revision.ibd
data_source_item.frm  imap_folder.frm       imap_message.ibd  open_conversation.frm  pop3_message.ibd       tombstone.frm

You'll notice there's matching files on the system for the various tables reported with:

$ mysql -e 'SHOW tables FROM mboxgroup3'

zimbra Database Default Example for ZCS5

[zimbra@mail39 data]$ pwd
/opt/zimbra/db/data

[zimbra@mail39 data]$ ls -F
backup/  ib_logfile0  ib_logfile1  ibdata1  mboxgroup1/  mboxgroup2/  mboxgroup3/  mboxgroup4/  mboxgroup5/  mboxgroup6/  mysql/  test/  zimbra/

[zimbra@mail39 data]$ ls zimbra
config.frm                jiveGroupUser.MYI    jiveProperty.MYD          jiveSASLAuthorized.frm  mucAffiliation.MYD      mucRoomProp.frm
config.ibd                jiveGroupUser.frm    jiveProperty.MYI          jiveUserProp.MYD        mucAffiliation.MYI      out_of_office.frm
current_volumes.frm       jiveID.MYD           jiveProperty.frm          jiveUserProp.MYI        mucAffiliation.frm      out_of_office.ibd
current_volumes.ibd       jiveID.MYI           jiveRemoteServerConf.MYD  jiveUserProp.frm        mucConversationLog.MYD  scheduled_task.frm
db.opt                    jiveID.frm           jiveRemoteServerConf.MYI  jiveVCard.MYD           mucConversationLog.MYI  scheduled_task.ibd
deleted_account.frm       jiveOffline.MYD      jiveRemoteServerConf.frm  jiveVCard.MYI           mucConversationLog.frm  service_status.MYD
deleted_account.ibd       jiveOffline.MYI      jiveRoster.MYD            jiveVCard.frm           mucMember.MYD           service_status.MYI
jiveExtComponentConf.MYD  jiveOffline.frm      jiveRoster.MYI            jiveVersion.MYD         mucMember.MYI           service_status.frm
jiveExtComponentConf.MYI  jivePrivacyList.MYD  jiveRoster.frm            jiveVersion.MYI         mucMember.frm           table_maintenance.frm
jiveExtComponentConf.frm  jivePrivacyList.MYI  jiveRosterGroups.MYD      jiveVersion.frm         mucRoom.MYD             table_maintenance.ibd
jiveGroupProp.MYD         jivePrivacyList.frm  jiveRosterGroups.MYI      mailbox.frm             mucRoom.MYI             volume.frm
jiveGroupProp.MYI         jivePrivate.MYD      jiveRosterGroups.frm      mailbox.ibd             mucRoom.frm             volume.ibd
jiveGroupProp.frm         jivePrivate.MYI      jiveSASLAuthorized.MYD    mailbox_metadata.frm    mucRoomProp.MYD
jiveGroupUser.MYD         jivePrivate.frm      jiveSASLAuthorized.MYI    mailbox_metadata.ibd    mucRoomProp.MYI

You'll notice there's matching files on the system for the various tables reported with :

$ mysql -e 'SHOW tables FROM zimbra'

Getting The Size Of The Mbox Tables In MBs

Here is what you would run.

$ su - zimbra

## Note : I added \'s in the command below so it would format ok in wiki ##

$ mysql -e "SELECT table_schema AS 'Mbox table', \
Round( Sum( data_length + index_length ) / 1024 / 1024, 3)\
AS 'Mbox Size (MB)' FROM information_schema.tables \
GROUP BY table_schema ;"
+--------------------+----------------+
| Mbox table         | Mbox Size (MB) |
+--------------------+----------------+
| information_schema |          0.004 | 
| mboxgroup1         |          0.453 | 
| mboxgroup2         |          0.453 | 
| mboxgroup3         |          0.516 | 
| mboxgroup4         |          0.453 | 
| mboxgroup5         |          0.453 | 
| mboxgroup6         |          0.453 | 
| mysql              |          0.520 | 
| zimbra             |          0.319 | 
+--------------------+----------------+

This was a response from the developers on a question a customer had concerning the sizes of their mboxgroup*ibd files and why they were of varying sizes and if the larger ones could be "shrunk".

The innodb tablespace can physically grow, but won't shrink. We set innodb_file_per_table to store an idb file per table instead of one large idb file for all tables. If a table has a lot of activity, the idb file will grow. The rows can be deleted but the idb file will still be at the high-water mark. That doesn't mean there isn't a bunch of free space that can be used, just that it will remain large on the filesystem. You can find out the actual size of the space being used by querying the information_schema dictionary view.
Note - see syntax above that I did. Adam
SELECT table_schema AS 'Mbox table',
Round( Sum( data_length + index_length ) / 1024 / 1024, 3) AS Mbox Size (MB)',
FROM information_schema.tables
GROUP BY table_schema ;
As you can see, you can include both the data and index lengths, or you could exclude one and run separately to see exactly how large each is. That will get you the actual size which you can compare to the physical size of the idb on disk.If you want to reclaim the disk space by data, I think you are going to have to export the data, drop the table (I don't think a truncate will do it), then import the data again. As far as checking for the percentage of fragmentation, you can't really determine if the difference between physical size and data size is due to many records being deleted or due to fragmentation waste. You can STILL take the same administrative action of rebuilding the tables to help avoid the problem though.

Concerning the dropping of data/tables, see the Mysql_Crash_Recovery on the basic concepts for that. Zimbra Support uses the steps on the Mysql_Crash_Recovery for extreme or DR sitautions, falling back to a full DR recovery process using the zmrestore if the Mysql Crash Recovery steps fail. One should not pursue the Mysql_Crash_Recovery steps unless your willingly to accept the possible need of doing a full DR restore if things don't work out.

To see or understand more about the data in the mboxgroup* mail_item tables, see:

Also, for future references since 608 is at 5.0.90 - this query might prove useful in regards to the fragmentation question:

Misc Issues Related To Mysql

Error - inconsistent state: unread

You might see a error like the following:

"com.zimbra.common.service.ServiceException: system failure:
 inconsistent state: unread < 0 for item X"
 (X is the id of the folder in question.)

Please see the following on the issue and the work around and/or later fix.

Third Party Tools And References

Recovery Issues

Verified Against: Zimbra Collaboration 8.0, 7.0 Date Created: 04/16/2014
Article ID: https://wiki.zimbra.com/index.php?title=Ajcody-Notes Date Modified: 2008-07-16



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »




Ajcody Logger Issues

   KB 2439        Last updated on 2008-07-16  




0.00
(0 votes)
24px ‎  - This is Zeta Alliance Certified Documentation. The content has been tested by the Community.

You might want to cross review these other sections as well:

Actual Logger Issues Homepage

Please see Ajcody-Logger-Issues

Logger and ZCS 6.x+

Please see Logger(GnR) , as logger has changed dramatically in 6.x+ as compared to 5.x.

Missing Stats

Are You Using rsyslog, syslog-ng, or syslog

See this forum thread: upgrade to 6.0.2 stats and status no longer working

See the bugs listed below as well.

Confirm All hosts Are Still Present

Follow the instructions at Ajcody-Logger-Issues#What_Tables_And_To_View_Them and confirm all the hosts displayed are still present in your environment. You'll probably also see an error about this in the output from the instructions given at Logger(GnR)#Statistics_show_no_data_available

Logger Not Running

You might want to check /opt/zimbra/log/zmlogswatch.out and see if it mentions a missing file or directory. For example:

tail -f log/zmlogswatch.out
   Error opening /var/log/zimbra-stats.log: No such file or directory at
   /opt/zimbra/data/tmp/.swatch_script.21119 line 92

Here's the ownership as that file should be:

ls -la /var/log/zimbra-stats.log
-rw-r--r-- 1 zimbra zimbra 2500220 Feb 17 05:37 /var/log/zimbra-stats.log

Logger 6.x Bugs To Review

Some bugs to review:

sqlite3 and Logger

External Reference: Command Line Shell For SQLite

Login To DB and Quit

How to log into the logger db and to quit:

[zimbra@mail3 data]$ pwd
/opt/zimbra/logger/db/data
[zimbra@mail3 data]$ sqlite3 logger.sqlitedb
SQLite version 3.3.6
Enter ".help" for instructions
sqlite> .quit
[zimbra@mail3 data]$
What Tables And To View Them
$ pwd
 /opt/zimbra/logger/db/data

$ sqlite3 logger.sqlitedb
    SQLite version 3.3.6
    Enter ".help" for instructions
    sqlite> .mode list
    sqlite> .tables
      config           hosts            rrd_column_type  rrds
    sqlite> select * from hosts;
      1|mail3|mail3.zimbra.REMOVED.com
      2|mail3.zimbra.REMOVED.com|mail3.zimbra.REMOVED.com
    sqlite>.quit

$
Delete A Host

This is the command to delete a host, id is the number shown on the left of the line where the hostname is display from "select * from hosts;"

 sqlite>  DELETE  from hosts WHERE id=1;

That would delete the first hostname [id 1] .

Query Of ZCS Service Status History Via zmrrdfetch

Example were done on ZCS 8.0.6 and a single ZCS server setup. First, if you need a converter for unix time see : http://www.epochconverter.com/ . Secondy, note the columns are described below. Some of my examples will not include this first row. :

timestamp,opendkim,zmconfigd,mailbox,proxy,spell,logger,antivirus,archiving,snmp,ldap,memcached,convertd,stats,antispam,mta

The below example checks to see when the archiving service was reported as up. Archiving is the 9th column.

/opt/zimbra/libexec/zmrrdfetch -f zmstatuslog -h zcs806.us.DOMAIN.com -s 1388534400 -e 1405618603 | awk -F, '$9 == 1'
[cut]
1405454400,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1
1405458000,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1
1405461600,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1
1405465200,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1
1405468800,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1
1405472400,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1
1405476000,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1
1405479600,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1
[cut]

The below example checks to see when the archiving service was reported as unavailable 100%. Archiving is the 9th column. [zimbra@zcs806 data]$ /opt/zimbra/libexec/zmrrdfetch -f zmstatuslog -h zcs806.us.DOMAIN.com -s 1388534400 -e 1405618603 | awk -F, '$9 == ""'

1405069200,1,1,1,1,1,1,1,,1,1,1,1,1,1,1
1405072800,1,1,1,1,1,1,1,,1,1,1,1,1,1,1
1405076400,1,0.964354991388889,1,1,1,1,1,,1,1,1,1,1,1,1
1405080000,1,0.946143796944445,1,1,1,1,1,,1,1,1,1,1,1,1
1405083600,1,1,1,1,1,1,1,,1,1,1,1,1,1,1
1405087200,1,1,1,1,1,1,1,,1,1,1,1,1,1,1
1405090800,1,1,1,1,1,1,1,,1,1,1,1,1,1,1
1405094400,1,1,1,1,1,1,1,,1,1,1,1,1,1,1
1405098000,1,1,1,1,1,1,1,,1,1,1,1,1,1,1
1405101600,1,1,1,1,1,1,1,,1,1,1,1,1,1,1
1405105200,1,0.987032061666667,1,1,1,1,1,,1,1,1,1,1,1,1
1405108800,1,1,1,1,1,1,1,,1,1,1,1,1,1,1
1405112400,1,1,1,1,1,1,1,,1,1,1,1,1,1,1
1405116000,1,0.982143184166667,1,1,1,1,1,,1,1,1,1,1,1,1
1405119600,1,1,1,1,1,1,1,,1,1,1,1,1,1,1
1405123200,1,1,1,1,1,1,1,,1,1,1,1,1,1,1
1405126800,1,1,1,1,1,1,1,,1,1,1,1,1,1,1
1405130400,1,0.967078515555556,1,1,1,1,1,,1,1,1,1,1,1,1
1405134000,1,1,1,1,1,1,1,,1,1,1,1,1,1,1
1405137600,1,1,1,1,1,1,1,,1,1,1,1,1,1,1
1405141200,1,0.920520648333333,1,1,1,1,1,,1,1,1,1,1,1,1
1405144800,1,0.9539186725,1,1,1,1,1,,1,1,1,1,1,1,1
1405148400,1,0.981826185277778,1,1,1,1,1,,1,1,1,1,1,1,1
1405152000,1,1,1,1,1,1,1,,1,1,1,1,1,1,1
1405155600,1,1,1,1,1,1,1,,1,1,1,1,1,1,1
1405159200,1,1,1,1,1,1,1,,1,1,1,1,1,1,1
1405162800,1,0.996330343333333,1,1,1,1,1,,1,1,1,1,1,1,1
1405166400,1,1,1,1,1,1,1,,1,1,1,1,1,1,1
1405170000,1,1,1,1,1,1,1,,1,1,1,1,1,1,1
1405173600,1,1,1,1,1,1,1,,1,1,1,1,1,1,1
1405177200,1,1,1,1,1,1,1,,1,1,1,1,1,1,1
[cut]

The below example checks to see when the mailbox service was reported as NOT available 100% or the time but was NOT 100% unavailable either. Mailbox is the 3rd column.

[zimbra@zcs806 data]$ /opt/zimbra/libexec/zmrrdfetch -f zmstatuslog -h zcs806.us.DOMAIN.com -s 1388534400 -e 1405618603 | awk -F, '$3 ~ 0'
[cut]
1405076400,1,0.964354991388889,1,1,1,1,1,,1,1,1,1,1,1,1
1405080000,1,0.946143796944445,1,1,1,1,1,,1,1,1,1,1,1,1
1405105200,1,0.987032061666667,1,1,1,1,1,,1,1,1,1,1,1,1
1405116000,1,0.982143184166667,1,1,1,1,1,,1,1,1,1,1,1,1
1405130400,1,0.967078515555556,1,1,1,1,1,,1,1,1,1,1,1,1
1405141200,1,0.920520648333333,1,1,1,1,1,,1,1,1,1,1,1,1
1405144800,1,0.9539186725,1,1,1,1,1,,1,1,1,1,1,1,1
1405148400,1,0.981826185277778,1,1,1,1,1,,1,1,1,1,1,1,1
1405162800,1,0.996330343333333,1,1,1,1,1,,1,1,1,1,1,1,1
[cut]

An example of a zmcontrol restart and what zmrrdfetch will show. Note I adjusted the ending flag to be : -e `date +%s --date="1 minute ago"  : as compared to the above examples :

[zimbra@zcs806 data]$ /opt/zimbra/libexec/zmrrdfetch -f zmstatuslog -h zcs806.us.DOMAIN.com -s `date +%s --date="15 minute ago"` -e `date +%s --date="1 minute ago"`
timestamp,opendkim,zmconfigd,mailbox,proxy,spell,logger,antivirus,archiving,snmp,ldap,memcached,convertd,stats,antispam,mta
1405621920,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1
1405621950,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1
1405621980,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1
1405622010,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1
1405622040,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1
1405622070,0.105026416666667,0.1050323,1,1,0.105029991666667,1,0.105016,0.105017466666667,0.105028733333333,1,1,1,0.10503115,0.105014483333333,0.105025008333333
1405622100,0.105026416666667,0.1050323,1,1,0.105029991666667,1,0.105016,0.105017466666667,0.105028733333333,1,1,1,0.10503115,0.105014483333333,0.105025008333333
1405622130,0.105026416666667,0.1050323,1,1,0.105029991666667,1,0.105016,0.105017466666667,0.105028733333333,1,1,1,0.10503115,0.105014483333333,0.105025008333333
1405622160,0.105026416666667,0.1050323,1,1,0.105029991666667,1,0.105016,0.105017466666667,0.105028733333333,1,1,1,0.10503115,0.105014483333333,0.105025008333333
1405622190,,0,,,,,,,,,,,,,
1405622220,,0,,,,,,,,,,,,,
1405622250,,0,,,,,,,,,,,,,
1405622280,,0,,,,,,,,,,,,,
1405622310,,0,,,,,,,,,,,,,
1405622340,,0.893621444444444,,,,,,,,,,,,,
1405622370,,0.893621444444444,,,,,,,,,,,,,
1405622400,,0.893621444444444,,,,,,,,,,,,,
1405622430,,1,,,,,,,,,,,,,
1405622460,,1,,,,,,,,,,,,,
1405622490,,1,,,,,,,,,,,,,
1405622520,,1,,,,,,,,,,,,,
1405622550,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1
1405622580,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1

Logger Related Bugs

5.0.11 - Fixed in 5.0.12 But See Below Before Upgrading

UPDATE: From release notes: kill all zmlogger processes before upgrading to 5.0.12 from 5.0.10+

Steps To Resolve
  1. Edit /opt/zimbra/conf/my.logger.cnf, and modify this line for 20 connections.
    • max_connections = 20
  2. Review the following bug and download the zmlogswatchctl script listed in the attachments section.
  3. Shutdown logger.
    • zmloggerctl stop
    • find any orphaned logger or swatch processes, and kill them
      •  ps -ef | grep logg
      •  ps -ef | grep watch
    • Replace the logswatch control file
      • mv /opt/zimbra/bin/zmlogswatchctl /opt/zimbra/bin/original.zmlogswatchctl
    • Add the new zmlogswatchctl file from the above bug to /opt/zimbra/bin
      • as root
        chown root:root /opt/zimbra/bin/zmlogswatchctl
      • as root
        chmod 755 /opt/zimbra/bin/zmlogswatchctl
  4. Start up the logger process.
    • zmloggerctl start

You can be checking the output in the following as well to see if any errors are still being reported:

  • /tmp/logprocess.out
  • /tmp/gengraphs.out
  • /opt/zimbra/logger/db/data/<hostname>.err
Logger Table Check And Repair

Other items to check:

Also, check the logger tables to see if any of the tables need to be repaired

logmysql -e "check table zimbra_logger.amavis"
logmysql -e "check table zimbra_logger.amavis_aggregate"
logmysql -e "check table zimbra_logger.config"
logmysql -e "check table zimbra_logger.disk_aggregate"
logmysql -e "check table zimbra_logger.disk_status"
logmysql -e "check table zimbra_logger.mta"
logmysql -e "check table zimbra_logger.mta_aggregate"
logmysql -e "check table zimbra_logger.processing_history"
logmysql -e "check table zimbra_logger.raw_logs"
logmysql -e "check table zimbra_logger.service_status"

If any of the tables need to be repaired, you replace 'check' with 'repair'. Example:

logmysql -e "repair table zimbra_logger.amavis"
/tmp/logprocess.out Shows MySQL Can't Connect

Please follow these instructions:

Logger Not Working , No Stats, Services Show Not Running In Admin Console

ZCS 6 And Above

On The Logger Host Server

On the Logger monitor host [zmprov gacf |grep zimbraLogHostname] start with the following. Note: run below steps in non-peak hours.

su - zimbra
zmcontrol stop ; exit

Run as root user:

/opt/zimbra/libexec/zmfixperms -e -v

On the logger monitor host, you must enable syslog [if your running rsyslog, see below] to log statistics from remote machines. Run the following as root also :

  • Edit the /etc/sysconfig/syslog file, add -r to the SYSLOGD_OPTIONS setting, SYSLOGD_options=”-r -m 0”
  • Run : /opt/zimbra/libexec/zmsyslogsetup
  • Stop the syslog daemon. Type : /etc/init.d/syslogd restart
    • Or by: service syslog restart
    • Use stop / start if restart isn't available.

If you are using rsyslog instead of syslog, then you will need the following changes in rsyslog config. First, enable the module for remote logging on the logger host. Edit the rsyslog config file "/etc/rsyslog.conf" and enable "imudp" module by uncommenting the same:

$ModLoad imudp
$UDPServerRun 514

After the above changes to the following if you are running rsyslog: restart rsyslog service.

  • Run : /opt/zimbra/libexec/zmsyslogsetup
  • Restart rsyslog with : /etc/init.d/rsyslog restart
    • Or by: service rsyslog restart
    • Use stop / start if restart isn't available.

Your last steps are to then run:

su - zimbra 
zmcontrol start 
/opt/zimbra/libexec/zmloggerinit 
/opt/zimbra/bin/zmsshkeygen
/opt/zimbra/bin/zmupdateauthkeys
On The Other Servers

On all other servers (if you have multiple zimbra servers in your setup). Verify the LogHostname (it should be set to name of Logger monitor Host on all servers) if its different, change the same to Logger monitor Host using below command.

su - zimbra
zmprov gacf |grep zimbraLogHostname  

If it is set wrong, you can correct it by doing:

zmprov mcf zimbraLogHostname <Logger monitor Hostname>

Then run the following after the zimbraLogHostname variable is confirmed or set correctly:

/opt/zimbra/bin/zmsshkeygen
/opt/zimbra/bin/zmupdateauthkeys ; exit
/opt/zimbra/libexec/zmsyslogsetup (run as root user)
Restart either syslogd or rsyslog, depending on what your server is using
service syslog restart or service rsyslog restart
su - zimbra
zmcontrol restart

Reference Link:

This Section Written For ZCS5

Check the following log files first to gather some information:

  • Make sure the /etc/hosts details make the actual hostname and the zmhostname output
    • If someone recently changed the hostname variables for this box, logger can be effected if done improperly and will not log the obvious issue.
  • /tmp/logprocess.out
  • /tmp/gengraphs.out
  • /opt/zimbra/logger/db/data/<hostname>.err
  • /var/log/zimbra.log (logswatch monitors this file)
    • grep'ing for things such as:
      •  egrep 'postfix|amavis|STATUS|DISK|QUEUE' /var/log/zimbra.log
  • You might also want to look at the following directory:
    • /opt/zimbra/logger/db/work/
    • You should see data in here, gif and rrd files.

Then proceed with the following wiki pages, as ordered:

Large Logger Database Killing Performance Of ZCS

Review the following to see what might be best option for you:

Reinitializing Logger Database From Scratch

This will effectively blow away your old logger database, allowing you to start over.

zmloggerctl stop
cd /opt/zimbra/logger/db

Remove the old database:

mv db db-old

or data , if db doesn't exist

mv data data-old

You can remove (rm -rf db or data) the directory if your not worried about old directory being perserved

Reinitialize a new logger database:

/opt/zimbra/libexec/zmloggerinit

Logger is probably running after this, but to make sure

zmloggerctl start

You'll need to manually start this one though

zmlogswatchctl start

You'll have to allow some time to pass for there to be enough data for the graphs to be built in the web interface.

Turning Off Logger

To not have logger startup [ use `hostname` or type in hostname] :

zmprov ms `hostname` -zimbraServiceEnabled logger

To manually shutdown logger

zmloggerctl stop

Customization Or Modification Of Swatch Config

The swatch config file is :

/opt/zimbra/conf/swatchrc.in

If you make a customization, you'll need to do the following for it to take effect:

zmsnmpinit
zmlogswatchctl stop
zmlogswatchctl start
zmswatchctl stop
zmswatchctl start
Verified Against: Zimbra Collaboration 7.0, 6.0 Date Created: 04/16/2014
Article ID: https://wiki.zimbra.com/index.php?title=Ajcody-Notes Date Modified: 2008-07-16



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »




Lucene

   KB 2439        Last updated on 2008-07-16  




0.00
(0 votes)
24px ‎  - This is Zeta Alliance Certified Documentation. The content has been tested by the Community.

Actual Lucene Topics Homepage

Please see Ajcody-Lucene-Topics

Other References to Lucene Index

Please see:

Some General Questions On The Lucene Indexing

Index Directory Numbering

We know the directory under the index volume path is like the following:

/opt/zimbra/index/ "X" / "Y" / index / "Z" /

We believe that "X" is the number which is determined by bitshifting the mailbox_id to the right by 12 bits. That the "Y" is the maibox_id of the user. However, how do you get "Z"?

Answer: It's always '0'.

When Is User Message Store Directory Created

When is the directory for the message data for an account (/opt/zimbra/store/0/...) created? When a message is stored for the first time? Which would also mean, that it would not be created if message data does not exist, correct?

Answer: Yes.

When Is User Index Directory And Index Files Created

Concerning the index directory. We know the index directory already exists even when mail data does not exist [see question above]. When will the index directory be created? With the account's first login?

Answer: The directory is created with user creation. The index files that will exist in the user's directory are created with the first indexing or search event.
Example Walk Through

On my 5.0.24 test box.

Create a test account:

[zimbra@mail37 ~]$ zmprov gmi index-test@`zmhostname`
mailboxId: 6
quotaUsed: 0

Notice that the 'store' directory ISN'T automatically created for the user upon user creation :

[zimbra@mail37 ~]$ ls -latr /opt/zimbra/store/0
total 20
drwxr-x--- 3 zimbra zimbra 4096 Sep 13 14:57 1
drwxr-xr-x 4 zimbra zimbra 4096 Sep 13 14:57 ..
drwxr-x--- 3 zimbra zimbra 4096 Sep 13 14:57 2
drwxr-x--- 3 zimbra zimbra 4096 Sep 13 15:05 3
drwxr-x--- 5 zimbra zimbra 4096 Sep 13 15:05 .

Notice that the 'index' directory IS automatically created for the user upon user creation but the actual indexing files are not :

[zimbra@mail37 ~]$ ls -latr /opt/zimbra/index/0/6/index/0/
total 8
drwxr-x--- 3 zimbra zimbra 4096 Oct 21 12:11 ..
drwxr-x--- 2 zimbra zimbra 4096 Oct 21 12:11 .

Let's see what changes when the user is sent and email BUT they still have not logged in yet:

[zimbra@mail37 ~]$ mail index-test@`zmhostname`
tSubject:test from localhost
test
.
Cc: 

Checking the relevant user directory for changes. Notice we now have a 6 directory, matching the users mailboxId. We don't see any index files though under their index directory:

[zimbra@mail37 ~]$ ls -latr /opt/zimbra/store/0/
mailboxId: 6
quotaUsed: 1563
total 24
drwxr-x--- 3 zimbra zimbra 4096 Sep 13 14:57 1
drwxr-xr-x 4 zimbra zimbra 4096 Sep 13 14:57 ..
drwxr-x--- 3 zimbra zimbra 4096 Sep 13 14:57 2
drwxr-x--- 3 zimbra zimbra 4096 Sep 13 15:05 3
drwxr-x--- 3 zimbra zimbra 4096 Oct 21 12:13 6
drwxr-x--- 6 zimbra zimbra 4096 Oct 21 12:13 .

[zimbra@mail37 ~]$ ls -latr /opt/zimbra/index/0/6/index/0/
total 8
drwxr-x--- 3 zimbra zimbra 4096 Oct 21 12:11 ..
drwxr-x--- 2 zimbra zimbra 4096 Oct 21 12:11 .

Let's see if logging into the webclient as the user changes anything. Log into the webclient and then check the user directories again. Still no change, no index files created.

[zimbra@mail37 ~]$ ls -latr /opt/zimbra/store/0/
mailboxId: 6
quotaUsed: 1563
total 24
drwxr-x--- 3 zimbra zimbra 4096 Sep 13 14:57 1
drwxr-xr-x 4 zimbra zimbra 4096 Sep 13 14:57 ..
drwxr-x--- 3 zimbra zimbra 4096 Sep 13 14:57 2
drwxr-x--- 3 zimbra zimbra 4096 Sep 13 15:05 3
drwxr-x--- 3 zimbra zimbra 4096 Oct 21 12:13 6
drwxr-x--- 6 zimbra zimbra 4096 Oct 21 12:13 .

[zimbra@mail37 ~]$ ls -latr /opt/zimbra/index/0/6/index/0/
total 8
drwxr-x--- 3 zimbra zimbra 4096 Oct 21 12:11 ..
drwxr-x--- 2 zimbra zimbra 4096 Oct 21 12:11 .

Let's do a manual index of the user account and confirm index files are made.

[zimbra@mail37 ~]$ zmprov rim index-test@`zmhostname` start
status: started
[zimbra@mail37 ~]$ ls -latr /opt/zimbra/index/0/6/index/0/
total 20
drwxr-x--- 3 zimbra zimbra 4096 Oct 21 12:11 ..
-rw-r----- 1 zimbra zimbra   45 Oct 21 12:15 segments_2
-rw-r----- 1 zimbra zimbra   20 Oct 21 12:15 segments.gen
-rw-r----- 1 zimbra zimbra 2455 Oct 21 12:15 _0.cfs
drwxr-x--- 2 zimbra zimbra 4096 Oct 21 12:15 .

So far, we've confirm user creation doesn't create the store directory until a message or something similar is processed. That the users index directory path will be created with user creation but the index files will not be. That the index files aren't created when the user first logs in but are created with a manual index [zmprov rim user@domain].

Let's confirm if a 'search' creates the index files. First, I'll remove the existing index files that were made. Then log into the webclient as the user and do an email search. Confirming after words that the index files were made from that search - which it does.

[zimbra@mail37 ~]$ cd /opt/zimbra/index/0/6/index/0/
[zimbra@mail37 0]$ ls
_0.cfs  segments.gen  segments_2
[zimbra@mail37 0]$ rm -rf *
[zimbra@mail37 0]$ ls

Perform webclient search and check index directory again.

[zimbra@mail37 0]$ ls
segments.gen  segments_1

Delete Flag

Does lucene create delete flag when index is deleted?

Answer: Yes.
Delete Flag Operational Details

If so, we believe that it creates only delete flag, and files having an actual index (such as segment file) will be deleted (reuse of disk space) only when segment is merged, or any function for optimization is called, is this correct?

Answer: Yes.
Update
See also this bug/rfe:
"Index data needs to reclaim disk space after deletes"
http://bugzilla.zimbra.com/show_bug.cgi?id=54969
Is It The Same For zmmailboxmove With purgeOld

The above behavior is the same when executing zmmailboxmove with purgeOld?

Answer: No, it physically deletes the entire files.

Cleaning Up Or Shrinking Index For Users

From the ZCS 8 Release Notes:

  1. "large mail volume DOS's lucene"
    • http://bugzilla.zimbra.com/show_bug.cgi?id=76414
      • Index data for mailboxes is never deleted so a mailbox index can become very large over time and might be consuming excess disk space because of the large index data. In 8.0, a new zmprov CLI, compactIndexMailbox (cim) was created to compact index data. This command can be used to reclaim disk space when the index volume starts to become full. To compact a mailbox’s index, type:
      • zmprov cim <name@domain|id> start
        • Note - Depending on the size of the mailbox and the number of deletes this might take awhile. This might require additional free space on the index directory.
        • You can run this command concurrently. It is recommended to run this command during off peak hours. You cannot cancel the command once it is started.
        • To see the status of index compaction on a mailbox, type:
      • zmprov getIndexStats <name@domain|id>
  2. "Sorting by recipient does not appear to work correctly"
    • http://bugzilla.zimbra.com/show_bug.cgi?id=74521
      • Customers currently on ZCS 7.x upgrading to latest version of ZCS will require full re-indexing mailboxes for sort-by recipients feature to work properly. Without full re-indexing the mailbox, sorting by "To" field in the "Sent" folder message view will skip all the mess ages from the sorted results added before the upgrade. Note: re-indexing mailbox is an expensive operation and if this feature is NOT so required then, its NOT recommended to do mailbox re-indexing.

Manually Deleting Lucene Index Directories

Please see King0770-Notes#Manually_Delete_Index_Directories

Performance Tuning

Please see Performance_Tuning_Guidelines_for_Large_Deployments#Lucene_Index

Some smaller notes:

  1. Upgrade to 6.0.8:
  2. These last 2 will decrease Indexing overhead, but obviously with a loss of functionality
    1. set zimbraPrefAutoAddAddressEnabled to FALSE
    2. set zimbraAttachmentsIndexingEnabled to FALSE

Ajcody Notes Archive Discovery

   KB 2439        Last updated on 2008-07-16  




0.00
(0 votes)
24px ‎  - This is Zeta Alliance Certified Documentation. The content has been tested by the Community.


Actual Archive & Discovery Notes Homepage

Ajcody-Notes-Archive-Discovery

References for A&D

Updated A&D Documentation In Admin Manual

Please see:

Zimbra ZSC Version 8.x

Admin Guide

The version 7.x manual is more comprehensive. Version 8 Documentation is missing a lot of content available in Version 7 documentation.

Zimbra ZSC Version 7.x

Admin Guide

Older Notes About ZAD

Important Note:

I think we need to clean up the documentation that refers to this "download" as no longer being necessary as it's bundled in the zcs-network edition tar ball now. I found an old email to the development team where I inquired about this - I didn't get a response from on it at the time.

If this assumption is true [Like I see with the 5.x setups I've helped with] then I think we need to adjust the documents for 4.5.x stuff to state:

You'll need to download your version of 4.5.x zcs network edition tarball, untar it, and then run the install script . Which effectively will allow you to now select the "archive" package which will also include the search zimlet [zmbxsearch].


The two main A&D references are :

http://wiki.zimbra.com/index.php?title=ZAD

http://www.zimbra.com/pdf/Zimbra%20Archiving%20and%20Discovery%20Release%20Notes.pdf

But I Just Want Some BCC's To Happen - Not All This A&D Stuff

Please see Ajcody-MTA-Postfix-Topics#Automatic_BCC instead then.

But We Have A Non-Zimbra MTA - zimbraSmtpHostname & zimbraMtaRelayHost Pointed To External Device

Please see this RFE I made:

  • "RFE: Ability to handle A&D when another MTA systems is being specified"

Notable Bugs Or RFE's

Update Jan 22, 2015 . I filed these while testing against ZCS 8.6 .


Older Bug/RFE's I've noted:

Archive Stop Working After Upgrade Or Disabling Anti-Spam - Anti-Virus

Prior to JP/8.5 , the archiving feature required the anti-spam or anti-virus service to be enabled. If you disabled both of them, then amavis as a whole was disabled. This is required for archiving to work. The following bug resolves this for JP/8.5 - it makes amavis its own service:

Also note, my testing on ZCS 8.0.7 did confirm that disabling av/as [therefore, amavis] will cause archiving to not work. This is very confusing since zmcontrol status AND the admin console will show that the service for "archiving" is running - though archiving is not actually working since amavis is disabled.

Update Jan 22, 2015. New bug filed to deal with other upgrade issues we discovered.

First - Short & Sweet How-To On CLI With Single ZCS 8.6 Server

In this example, I'll turn off the antivirus and antispam service in 8.6 and then enable amavis and archiving. Create an archive cos and then archive user. This was a single ZCS 8.6 server with all services installed during the installation - just using default values. This was NOT an upgrade to ZCS 8.6 .

[zimbra@ldap2 ~]$ zmcontrol -v 
Release 8.6.0_GA_1153.RHEL6_64_20141215151258 RHEL6_64 NETWORK edition. 

[zimbra@ldap2 ~]$ zmprov gs `zmhostname` | grep Service | egrep 'amavis|antivirus|antispam|archiving' 
zimbraServiceEnabled: amavis 
zimbraServiceEnabled: antivirus 
zimbraServiceEnabled: antispam 
zimbraServiceEnabled: archiving 
zimbraServiceInstalled: amavis 
zimbraServiceInstalled: antivirus 
zimbraServiceInstalled: antispam 
zimbraServiceInstalled: archiving 

[zimbra@ldap2 ~]$ zmprov ms `zmhostname` +zimbraServiceInstalled archiving +zimbraServiceEnabled archiving 

[zimbra@ldap2 ~]$ zmprov ms `zmhostname` -zimbraServiceEnabled antispam -zimbraServiceEnabled antivirus 

[zimbra@ldap2 ~]$ zmprov gs `zmhostname` | grep Service | egrep 'amavis|antivirus|antispam|archiving' 
zimbraServiceEnabled: amavis 
zimbraServiceEnabled: archiving 
zimbraServiceInstalled: amavis 
zimbraServiceInstalled: antivirus 
zimbraServiceInstalled: antispam 
zimbraServiceInstalled: archiving 


!! Note - zmmtactl restart didn't cause the amavisd.conf file to change, hence why I then went with zmcontrol restart. 

[zimbra@ldap2 ~]$ zmcontrol restart 

[zimbra@ldap2 ~]$ grep archive_quar /opt/zimbra/conf/amavisd.conf 
archive_quarantine_method => undef, # Don't run archiving a second time 
$archive_quarantine_method = 'smtp:[127.0.0.1]:10025'; 
$archive_quarantine_to = undef; 


[zimbra@ldap2 ~]$ zmprov cc archive 
71f9d7f4-54cc-4bf3-a6e1-94a1fc38a129 

[zimbra@ldap2 ~]$ zmarchiveconfig enable user1@`zmhostname` archive-cos archive 

[zimbra@ldap2 ~]$ vi /tmp/email.txt 

[zimbra@ldap2 attrs]$ cat /tmp/email.txt
To: user1@ldap2.zimbra.DOMAIN.com
Subject: Test For Archive - CLI
From: admin@ldap2.zimbra.DOMAIN.com
test

[zimbra@ldap2 ~]$ /opt/zimbra/postfix/sbin/sendmail -t < /tmp/email.txt 

[zimbra@ldap2 ~]$ grep archive /var/log/zimbra.log 

Jan 15 16:09:43 ldap2 amavis[29283]: (29283-01) h9nw0WdCl1Tw(h9nw0WdCl1Tw) SEND from <> -> <user1-20150115@ldap2.zimbra.DOMAIN.com.archive>,
ENVID=AM.h9nw0WdCl1Tw.20150115T210943Z@ldap2.zimbra.DOMAIN.com BODY=7BIT 250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued 
as 2DE506445C 
Jan 15 16:09:43 ldap2 amavis[29283]: (29283-01) Passed CLEAN {RelayedInbound,Archived}, <zimbra@ldap2.zimbra.DOMAIN.com> -> 
<user1@ldap2.zimbra.DOMAIN.com>, quarantine: user1-20150115@ldap2.zimbra.DOMAIN.com.archive, Message-ID: 
<20150115210943.087106438E@ldap2.zimbra.DOMAIN.com>, mail_id: h9nw0WdCl1Tw, Hits: -, size: 351, queued_as: 3049C64466, 138 ms 
Jan 15 16:09:45 ldap2 postfix/lmtp[3478]: 2DE506445C: to=<user1-20150115@ldap2.zimbra.DOMAIN.com.archive>, 
relay=ldap2.zimbra.homeunix.com[192.168.1.172]:7025, delay=2.2, delays=0/0.02/0.17/2, dsn=2.1.5, status=sent (250 2.1.5 Delivery OK)

When Was A ZCS Service Enabled Or Disabled

Note - single ZCS server deployment example. Have to double check on multi-server deployment if the command needs to be tweaked.

Check Current Status Of Services Enabled-Disable and Installed-NotInstalled

Example is done on the host in question:

zmprov -l gs `zmhostname` | egrep 'zimbraServiceEnabled|zimbraServiceInstall'

The -l is used in case mailboxd is the service in question, -l makes the call to ldap to check the configuration of the server.

Check Backups And What LDAP Has Stored

Do the following, adjust the backup path if your not using the default path:

 for i in `find /opt/zimbra/backup/sessions/ -name ldap.bak.gz -print`;  \
 do echo $i; zgrep zimbraServiceEnabled $i; done

Will show you something like :

zimbraServiceEnabled: antivirus
zimbraServiceEnabled: antispam
zimbraServiceEnabled: opendkim
zimbraServiceEnabled: logger
zimbraServiceEnabled: mailbox
zimbraServiceEnabled: mta
zimbraServiceEnabled: convertd
zimbraServiceEnabled: stats
zimbraServiceEnabled: snmp
zimbraServiceEnabled: ldap
zimbraServiceEnabled: spell
zimbraServiceEnabled: archiving
Check The History Of The Service Status In zimbra-stats.log

In /var/log/ you'll see zimbra-stats.log and archives of that file, for example - zimbra-stats.log-20140714 . Here's an example of a zgrep for the archive service:

[zimbra@zcs807 log]$ zgrep archiv zimbra-stats* | tail
zimbra-stats.log:Jul 22 08:24:08 zcs807 zimbramon[27645]: 27645:info: 2014-07-22 08:24:01, 
 STATUS: zcs807.us.zimbralab.com: archiving: Running
zimbra-stats.log:Jul 22 08:26:09 zcs807 zimbramon[28689]: 28689:info: 2014-07-22 08:26:01, 
 STATUS: zcs807.us.zimbralab.com: archiving: Running
zimbra-stats.log-20140714:Jul 15 14:40:19 zcs807 zimbramon[21519]: 21519:info: 2014-07-15 14:40:01, 
 STATUS: zcs807.us.zimbralab.com: archiving: Stopped
zimbra-stats.log-20140714:Jul 15 14:42:06 zcs807 zimbramon[24998]: 24998:info: 2014-07-15 14:42:01, 
 STATUS: zcs807.us.zimbralab.com: archiving: Stopped
zimbra-stats.log-20140714:Jul 15 14:44:09 zcs807 zimbramon[29250]: 29250:info: 2014-07-15 14:44:01, 
 STATUS: zcs807.us.zimbralab.com: archiving: Running
zimbra-stats.log-20140714:Jul 15 14:46:08 zcs807 zimbramon[32188]: 32188:info: 2014-07-15 14:46:01, 
 STATUS: zcs807.us.zimbralab.com: archiving: Running
zimbra-stats.log-20140714:Jul 15 14:48:26 zcs807 zimbramon[3174]: 3174:info: 2014-07-15 14:48:07, 
 STATUS: zcs807.us.zimbralab.com: archiving: Running
zimbra-stats.log-20140714:Jul 15 14:50:15 zcs807 zimbramon[6466]: 6466:info: 2014-07-15 14:50:01, 
 STATUS: zcs807.us.zimbralab.com: archiving: Running
zimbra-stats.log-20140714:Jul 15 14:52:10 zcs807 zimbramon[10260]: 10260:info: 2014-07-15 14:52:02, 
 STATUS: zcs807.us.zimbralab.com: archiving: Running
zimbra-stats.log-20140714:Jul 15 14:54:10 zcs807 zimbramon[19004]: 19004:info: 2014-07-15 14:54:01, 
 STATUS: zcs807.us.zimbralab.com: archiving: Running
Check The Logger/RRD Data And Service History Uptime

Let's pull the stats from the logger database going back to Jan 1st of this year. Here's an example on how to do that and what to expect. Please send me a copy of the output also. Notice in the example below the lines that have ",," for column 9 - which is for archiving. This is how I can tell when the service was first enabled and running. Ref for timestamp: http://www.epochconverter.com/

Note: The columns are identified by:

timestamp,opendkim,zmconfigd,mailbox,proxy,spell,logger,antivirus,archiving,snmp,ldap,memcached,
  convertd,stats,antispam,mta

Please adjust the commands below to suit your needs. I use `zmhostname` below in the command rather than typing out the localhosts hostname. Also, see https://www.gnu.org/software/coreutils/manual/html_node/Examples-of-date.html for examples on the --date string.


For this example, I'm looking to see when the "archiving" service was running 100%. Archiving is the 9th column - '$9 == 1' and the 1 means it was available 100% for the time period. I searched a year's worth of data by using this part below in the examples : "-s `date +%s --date="12 month ago"` -e `date +%s --date="1 minute ago"`"

 /opt/zimbra/libexec/zmrrdfetch -f zmstatuslog -h `zmhostname` -s `date +%s \
 --date="12 month ago"` -e `date +%s --date="1 minute ago"` | awk -F, '$9 == 1'

timestamp,opendkim,zmconfigd,mailbox,proxy,spell,logger,antivirus,archiving,snmp,ldap,memcached,
  convertd,stats,antispam,mta
 [cut]
1405454400,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1
1405458000,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1
1405461600,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1
1405465200,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1
1405468800,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1
1405472400,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1
1405476000,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1
1405479600,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1
 [cut]

For this example, I'm looking to see when the "archiving" service was NOT enabled or running at all. Archiving is the 9th column - '$9 == ""' and the absence of a number value means it was UNAVAILABLE 100% for the time period.

 /opt/zimbra/libexec/zmrrdfetch -f zmstatuslog -h `zmhostname` -s `date +%s \
 --date="12 month ago"` -e `date +%s --date="1 minute ago"` | awk -F, '$9 == ""' | head

timestamp,opendkim,zmconfigd,mailbox,proxy,spell,logger,antivirus,archiving,snmp,ldap,memcached,
  convertd,stats,antispam,mta
 [cut]
1388538000,,,,,,,,,,,,,,,
1388541600,,,,,,,,,,,,,,,
1388545200,,,,,,,,,,,,,,,
1388548800,,,,,,,,,,,,,,,
1388552400,,,,,,,,,,,,,,,
1388556000,,,,,,,,,,,,,,,
1388559600,,,,,,,,,,,,,,,
1388563200,,,,,,,,,,,,,,,
1388566800,,,,,,,,,,,,,,,
1388570400,,,,,,,,,,,,,,,
 [cut]

For this example, I'm looking to see when the "zmconfigd" service was NOT 100% available during the time period BUT was greater than 0% of the time. Zmconfigd is the 3rd column - '$3 ~ 0' and by using ~ [NOT] 0 , I can see when it was greater than 0 [100% UNAVAILABLE] but not 1 [100% available].

 /opt/zimbra/libexec/zmrrdfetch -f zmstatuslog -h `zmhostname` -s `date +%s \
 --date="12 month ago"` -e `date +%s --date="1 minute ago"` | awk -F, '$3 ~ 0'

timestamp,opendkim,zmconfigd,mailbox,proxy,spell,logger,antivirus,archiving,snmp,ldap,memcached,
  convertd,stats,antispam,mta
1400670000,0.926591142901235,0.882009858611111,0.962549540740741,0.962548086419753,0.926603197839506,
  1,,,0.964051042283951,1,0.962549647839506,0.962515237345679,0.292491091358025,,0.926590777777778
1400756400,1,0.968276889722222,1,1,1,1,,,1,1,1,1,1,,1
1401678000,0.9323037375,0.937399301388889,1,0.964109132777778,0.932308961111111,1,,,0.932305973888889,
  1,0.964109800277778,1,0.932309575,,0.932302677222222
1401692400,0.999979394166667,0.9999799825,1,0.9999993925,0.999979395277778,1,,,0.999979393333333,1,
  0.9999993975,1,0.999979395555556,,0.999979393333333
1401966000,1,0.964610447777778,1,1,1,1,,,1,1,1,1,1,,1
1402052400,0.999603703008394,0.999722196864111,0.999615163422937,0.999602498779275,0.999597924831049,
 0.999619443248889,,,0.99959995491499,0.999626231525528,0.99961180945684,0.999632334525742,
 0.999591523017581,,0.999607517027221
1402765200,1,0.966623691358025,1,1,0.966623606481481,1,1,,0.966623565432099,1,1,1,0.966623647530864,
 1,0.966623437345679
1402768800,0.999471892261905,0.999587652037617,0.999491736309524,0.999464918452381,0.999464358928571,
 0.999495648214286,0.999508635119048,,0.999464445238095,0.999496001785714,0.999483839285714,
 0.999503813095238,0.999461091071429,0.99951724702381,0.999478128571429
1402776000,0.9999910775,0.999972398888889,0.999993851388889,0.999991085555555,0.999972394722222,
 0.999991074166667,0.999991234166667,,0.999972394722222,0.999995651111111,0.999991075833333,
 0.999991235277778,0.999972394722222,0.999991233333333,0.999972392777778
1403175600,0.999841834656085,0.999841587301587,0.999841991402116,0.999841788690476,0.999841692791005,
 0.999842046957672,0.999842196097884,,0.999841743386243,0.999842097222222,0.999841937830688,
 0.99984214484127,0.999841638227513,0.999842260251323,0.999841883267196
1405076400,1,0.964354991388889,1,1,1,1,1,,1,1,1,1,1,1,1
1405080000,1,0.946143796944445,1,1,1,1,1,,1,1,1,1,1,1,1
1405105200,1,0.987032061666667,1,1,1,1,1,,1,1,1,1,1,1,1
1405116000,1,0.982143184166667,1,1,1,1,1,,1,1,1,1,1,1,1
1405130400,1,0.967078515555556,1,1,1,1,1,,1,1,1,1,1,1,1
1405141200,1,0.920520648333333,1,1,1,1,1,,1,1,1,1,1,1,1
1405144800,1,0.9539186725,1,1,1,1,1,,1,1,1,1,1,1,1
1405148400,1,0.981826185277778,1,1,1,1,1,,1,1,1,1,1,1,1
1405162800,1,0.996330343333333,1,1,1,1,1,,1,1,1,1,1,1,1

An example of a zmcontrol restart

 /opt/zimbra/libexec/zmrrdfetch -f zmstatuslog -h `zmhostname` -s `date +%s \
 --date="15 minute ago"` -e `date +%s --date="1 minute ago"`

timestamp,opendkim,zmconfigd,mailbox,proxy,spell,logger,antivirus,archiving,snmp,ldap,memcached,
  convertd,stats,antispam,mta
1405621920,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1
1405621950,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1
1405621980,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1
1405622010,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1
1405622040,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1
1405622070,0.105026416666667,0.1050323,1,1,0.105029991666667,1,0.105016,0.105017466666667,0.105028733333333,
  1,1,1,0.10503115,0.105014483333333,0.105025008333333
1405622100,0.105026416666667,0.1050323,1,1,0.105029991666667,1,0.105016,0.105017466666667,0.105028733333333,
  1,1,1,0.10503115,0.105014483333333,0.105025008333333
1405622130,0.105026416666667,0.1050323,1,1,0.105029991666667,1,0.105016,0.105017466666667,0.105028733333333,
  1,1,1,0.10503115,0.105014483333333,0.105025008333333
1405622160,0.105026416666667,0.1050323,1,1,0.105029991666667,1,0.105016,0.105017466666667,0.105028733333333,
  1,1,1,0.10503115,0.105014483333333,0.105025008333333
1405622190,,0,,,,,,,,,,,,,
1405622220,,0,,,,,,,,,,,,,
1405622250,,0,,,,,,,,,,,,,
1405622280,,0,,,,,,,,,,,,,
1405622310,,0,,,,,,,,,,,,,
1405622340,,0.893621444444444,,,,,,,,,,,,,
1405622370,,0.893621444444444,,,,,,,,,,,,,
1405622400,,0.893621444444444,,,,,,,,,,,,,
1405622430,,1,,,,,,,,,,,,,
1405622460,,1,,,,,,,,,,,,,
1405622490,,1,,,,,,,,,,,,,
1405622520,,1,,,,,,,,,,,,,
1405622550,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1
1405622580,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1
Check The audit.log File For Service Enable Changes

There is the /opt/zimbra/log/audit.log file that will note a change in a service - for example [ use: zgrep zimbraService /opt/zimbra/log/audit* ]:

audit.log:2014-07-21 12:15:44,745 INFO 
 [qtp1097575009-2632:https://127.0.0.1:7071/service/admin/soap/ModifyServerRequest]
 [name=zimbra;ip=127.0.0.1;ua=zmprov/8.0.7_GA_6029;] security - cmd=ModifyServer; 
  name=zcs807.us.DOMAIN.com; -zimbraServiceEnabled=archiving;
audit.log:2014-07-21 12:16:51,609 INFO 
 [qtp1097575009-2640:https://127.0.0.1:7071/service/admin/soap/ModifyServerRequest]
 [name=zimbra;ip=127.0.0.1;ua=zmprov/8.0.7_GA_6029;] security - cmd=ModifyServer; 
  name=zcs807.us.DOMAIN.com; +zimbraServiceEnabled=archiving;
Check The zmsetup logs For Changes During Installation/Re-installs

In regards to the /opt/zimbra/log/zmsetup.* log files, here's an example from a test machine :

[Someone rerunning the installer/zmsetup, archiving was enabled - greping' for archiv below]

zmsetup.07152014-150104.txt:Tue Jul 15 14:51:43 2014 enabled packages zimbra-logger zimbra-store 
  zimbra-mta zimbra-convertd zimbra-core zimbra-apache zimbra-archiving zimbra-proxy zimbra-snmp 
  zimbra-ldap zimbra-spell
zmsetup.07152014-150104.txt:Tue Jul 15 14:52:02 2014 archiving is enabled
zmsetup.07152014-150104.txt:Tue Jul 15 14:52:29 2014 checking isEnabled zimbra-archiving
zmsetup.07152014-150104.txt:Tue Jul 15 14:52:29 2014 zimbra-archiving is enabled
zmsetup.07152014-150104.txt:Tue Jul 15 14:54:43 2014 Updating cached config attribute for Server 
  zcs807.us.DOMAIN.com: zimbraServiceInstalled=archiving
zmsetup.07152014-150104.txt:Tue Jul 15 14:54:43 2014 *** Running as zimbra user: /opt/zimbra/bin/zmprov 
  -r -m -l ms zcs807.us.DOMAIN.com zimbraServiceInstalled 'antivirus' zimbraServiceInstalled 'antispam'
  zimbraServiceInstalled 'opendkim' zimbraServiceInstalled 'archiving' zimbraServiceInstalled 'logger' 
  zimbraServiceInstalled 'mailbox' zimbraServiceInstalled 'mta' zimbraServiceInstalled 'convertd' 
  zimbraServiceInstalled 'stats' zimbraServiceInstalled 'proxy' zimbraServiceInstalled 'snmp' 
  zimbraServiceInstalled 'ldap' zimbraServiceInstalled 'spell'
zmsetup.07152014-150104.txt:Tue Jul 15 14:54:46 2014 Updating cached config attribute for Server 
  zcs807.us.DOMAIN.com: zimbraServiceEnabled=archiving
zmsetup.07152014-150104.txt:Tue Jul 15 14:54:46 2014 *** Running as zimbra user: 
  /opt/zimbra/bin/zmprov -r -m -l ms zcs807.us.DOMAIN.com zimbraServiceEnabled 'antivirus' 
  zimbraServiceEnabled 'archiving' zimbraServiceEnabled 'antispam' zimbraServiceEnabled 'opendkim' 
  zimbraServiceEnabled 'logger' zimbraServiceEnabled 'mailbox' zimbraServiceEnabled 'mta' 
  zimbraServiceEnabled 'convertd' zimbraServiceEnabled 'stats' zimbraServiceEnabled 'proxy' 
  zimbraServiceEnabled 'snmp' zimbraServiceEnabled 'ldap' zimbraServiceEnabled 'spell'
zmsetup.07152014-150104.txt:Tue Jul 15 14:55:30 2014 *** Running as zimbra user: /opt/zimbra/bin/zmprov 
  -r -m -l mcf +zimbraComponentAvailable archiving
zmsetup.07152014-150104.txt: Stopping archiving...Done.
zmsetup.07152014-150104.txt: Starting archiving...Done.
zmsetup.07152014-150104.txt:Tue Jul 15 15:00:06 2014 com_zimbra_archive...
zmsetup.07152014-150104.txt:Tue Jul 15 15:00:06 2014 *** Running as zimbra user: 
  /opt/zimbra/bin/zmzimletctl -l deploy zimlets-network/com_zimbra_archive.zip
zmsetup.07152014-150104.txt:[] INFO: Deploying Zimlet com_zimbra_archive in LDAP.
zmsetup.07152014-150104.txt:[] INFO: Installing Zimlet com_zimbra_archive on this host.
zmsetup.07152014-150104.txt:[] INFO: Upgrading Zimlet com_zimbra_archive to 7.1.0
zmsetup.07152014-150104.txt:[] INFO: Enabling Zimlet com_zimbra_archive

Showing the ldap backup data in regards to the archiving service being disabled and then enabled after the 07/15 setup :

$ zgrep "zimbraServiceEnabled:" full-20140716.070025.112/ldap/* incr-20140714.070016.382/ldap/*

  :from the day after the re-install:
full-20140716.070025.112/ldap/ldap.bak.gz:zimbraServiceEnabled: opendkim
full-20140716.070025.112/ldap/ldap.bak.gz:zimbraServiceEnabled: archiving <<
full-20140716.070025.112/ldap/ldap.bak.gz:zimbraServiceEnabled: logger
full-20140716.070025.112/ldap/ldap.bak.gz:zimbraServiceEnabled: mailbox
full-20140716.070025.112/ldap/ldap.bak.gz:zimbraServiceEnabled: mta
full-20140716.070025.112/ldap/ldap.bak.gz:zimbraServiceEnabled: convertd
full-20140716.070025.112/ldap/ldap.bak.gz:zimbraServiceEnabled: stats
full-20140716.070025.112/ldap/ldap.bak.gz:zimbraServiceEnabled: proxy
full-20140716.070025.112/ldap/ldap.bak.gz:zimbraServiceEnabled: snmp
full-20140716.070025.112/ldap/ldap.bak.gz:zimbraServiceEnabled: ldap
full-20140716.070025.112/ldap/ldap.bak.gz:zimbraServiceEnabled: spell

  :from the day before the re-install:
incr-20140714.070016.382/ldap/ldap.bak.gz:zimbraServiceEnabled: logger
incr-20140714.070016.382/ldap/ldap.bak.gz:zimbraServiceEnabled: mailbox
incr-20140714.070016.382/ldap/ldap.bak.gz:zimbraServiceEnabled: mta
incr-20140714.070016.382/ldap/ldap.bak.gz:zimbraServiceEnabled: convertd
incr-20140714.070016.382/ldap/ldap.bak.gz:zimbraServiceEnabled: stats
incr-20140714.070016.382/ldap/ldap.bak.gz:zimbraServiceEnabled: snmp
incr-20140714.070016.382/ldap/ldap.bak.gz:zimbraServiceEnabled: ldap
incr-20140714.070016.382/ldap/ldap.bak.gz:zimbraServiceEnabled: spell
incr-20140714.070016.382/ldap/ldap.bak.gz:zimbraServiceEnabled: proxy
incr-20140714.070016.382/ldap/ldap.bak.gz:zimbraServiceEnabled: opendkim
Check The Zimbra Users BASH History File and .zmprov_history

You could check your .bash_history file to see if the command is still referenced there - if it goes back long enough for your purposes. I think the default lines the history file will remember is 500.

[zimbra@zcs807 ~]$ zmprov ms `zmhostname` -zimbraServiceEnabled archiving 
[zimbra@zcs807 ~]$ zmcontrol status | grep -i arch 
[zimbra@zcs807 ~]$ zmprov gs `zmhostname` | grep Enabled | grep archiving 
[zimbra@zcs807 ~]$ zmprov ms `zmhostname` +zimbraServiceEnabled archiving 
[zimbra@zcs807 ~]$ zmcontrol status | grep -i arch 
archiving Running 
[zimbra@zcs807 ~]$ zmprov gs `zmhostname` | grep Enabled | grep archiving 
zimbraServiceEnabled: archiving 

[zimbra@zcs807 ~]$ grep archiving .bash_history 
zmprov ms `zmhostname` +zimbraServiceInstalled archiving +zimbraServiceEnabled archiving 
zmprov ms `zmhostname` -zimbraServiceEnabled archiving 
zmprov gs `zmhostname` | grep Enabled | grep archiving 
zmprov ms `zmhostname` +zimbraServiceEnabled archiving 
zmprov gs `zmhostname` | grep Enabled | grep archiving 
grep archiving .bash_history 

Note, there is also a /opt/zimbra/.zmprov_history you can also review

Getting Duplicate Emails In The Archive Account

Please see the following:

Archiving Issues When Using 3rd Party MTA's

Please see the following:

Pre-Deployment Type Questions

How To Add OLD Data Or Retroactively Add Data To A&D Account

You'll want to have A&D all setup and then you can use imapsync to 'sync' the old data from the one account into the A&D account.

Recommendations:

  • Confirm imap is enabled on the mailstores
  • Setup a sub-folder in A&D account to hold data that existed prior to the A&D account being in use.
  • Test the various imapsync flags you'll want to use first before running against all your accounts.

See also:

Can we set the archive settings for only sent mail?

Question: Can we set the archive settings for only sent mail?

Answer: No, archiving is done for any message that passes through the MTA for an account that has archiving enabled. You can setup separate MTA's for in/out bound delivery and enable archiving for only the inbound servers to achieve this goal.

Can we set the archive settings for only form port 25?

Question: Can we set the archive settings for only form port 25?

Answer: No, there are no per port level configurations. You can configure which accounts have archiving enabled and you can enable/disable the service on a per server level.

If Zimbra implemented an archive feature, is something in the following MTA files changes?

Question: If Zimbra implemented an archive feature, is something in the following MTA files changed? [ zmmta.cf , main.cf , main.cf.default , master.cf.in , master.cf ]

Answer: Nothing is specifically changed in the files you listed but settings in zmmta.cf determine how the postfix content filter is configured when archiving is enabled. Archiving functionality is handled by the amavis process on the Zimbra MTA.

Using One Archive Account For Multiple Accounts

You could also include other variable's here if they are needed, ex. - archive-cos COS_NAME

zmarchiveconfig enable user1@domainname archive-address user-archives@domainname.archive
zmarchiveconfig enable user2@domainname archive-address user-archives@domainname.archive archive-create FALSE
zmarchiveconfig enable user3@domainname archive-address user-archives@domainname.archive archive-create FALSE

You'll see the mapping in the primary email account settings that state what archive account is being used:

zmprov ga user1@example.com zimbraArchiveAccount
 zimbraArchiveAccount: user-archives@domainname.archive
zmprov ga user2@example.com zimbraArchiveAccount
 zimbraArchiveAccount: user-archives@domainname.archive
zmprov ga user3@example.com zimbraArchiveAccount
 zimbraArchiveAccount: user-archives@domainname.archive


External Host For Archive Accounts Setup

I installed 5.0.11 on a test box, selecting the archiving package during the installation.

The main domain was "zimbra.INTERNAL.com" and the servername is mail3.zimbra.INTERNAL.com .

'Note, I did have an external MTA relay server setup for zimbra. I was doing this test from home.

Once it was done, I then created a test account - ajcody@zimbra.INTERNAL.com

I then ran this from the CLI [on a multi-server environment, this is ran on the mta server]:

zmprov ms mail3.zimbra.INTERNAL.com +zimbraServiceInstalled archiving  +zimbraServiceEnabled archiving

I confirm that I can send emails to the external account that I will be using with the zimbra admin account:

  • Logged into zimbra admin web console , accounts > admin > View Mail
    • Composed new message for ajcody@EXTERNAL-DOMAIN.com

I confirmed the external account received the email and did a reply back. Again, confirming now that the admin account gets the email as well from the external account.

Created the archive account to be used:

zmarchiveconfig enable ajcody@zimbra.INTERNAL.com archive-address ajcody@EXTERNAL-DOMAIN.com archive-create false

I then stopped/started zimbra.

zmcontrol stop
zmcontrol start

Confirmed that amavis (antispam & antivirus) and archive show up as running process:

[zimbra@mail3 ~]$ zmcontrol status
Host mail3.zimbra.INTERNAL.com
	antispam                Running
	antivirus               Running
	archiving               Running
	ldap                    Running
	logger                  Running
	mailbox                 Running
	mta                     Running
	snmp                    Running
	spell                   Running
	stats                   Running

Checked my zimbra account to confirm the archive variables:

[zimbra@mail3 ~]$ zmprov ga ajcody@`hostname -d` | egrep -i archive  
amavisArchiveQuarantineTo: ajcody@EXTERNAL-DOMAIN.com
zimbraArchiveAccount: ajcody@EXTERNAL-DOMAIN.com
zimbraArchiveAccountDateTemplate: yyyyMMdd
zimbraArchiveAccountNameTemplate: ${USER}-${DATE}@${DOMAIN}.archive

Tests I then performed:

  • I sent an email from the zimbra admin account to the ajcody@zimbra.INTERNAL.com account. Confirmed that the external account [ajcody@EXTERNAL-DOMAIN.com] received a copy.
  • I sent an email to ajcody@zimbra.INTERNAL.com from my ajcody@BUSINESS.com account and confirmed a copy went to ajcody@EXTERNAL-DOMAIN.com .
  • I sent an email from ajcody@zimbra.INTERNAL.com to the zimbra admin account, again confirming a copy went to ajcody@EXTERNAL-DOMAIN.com .

What didn't work as expected:

  • Messages to/from the two accounts don't create copies. If ajcody@zimbra.INTERNAL.com sends to ajcody@EXTERNAL-DOMAIN.com a "copy" will not be generated and vis-versa .
  • The subject lines weren't altered as stated in the official A&D document.
    • p3 , "When a message is received to a mailbox with archiving enabled, a copy of the message is sent to the archive mailbox with the text “to be archived” added to the subject line."

I've sent off a request about these two items to the developers to get their feedback on them.

Multi-Server & New Mailstore A&D Setup

I also created a RFE for documentation on this.

http://bugzilla.zimbra.com/show_bug.cgi?id=25135

The following is a very rough draft document I made for multi-server / new mailstore A&D setups.

Ajcody Multi-Server & New Mailstore A&D Setup Homepage

   KB 2439        Last updated on 2008-07-16  




0.00
(0 votes)
24px ‎  - This is Zeta Alliance Certified Documentation. The content has been tested by the Community.


Actual Multi-Server & New Mailstore A&D Setup Homepage

Please see Ajcody-Notes-Archive-Discovery-Mailstore-Setup

Issues That Have Caused Confusion

What Gets Installed Where?
RFE To Clear Up The Confusion
zimbra-archive package/rpm - Mailstores

zimbra-archive (the package/rpm you see from the installer) should be installed on all mailstores which you want to use for cross mailbox search. This also sets the zimbraComponentAvailable archiving config attribute which allows the mta(s) to turn on archiving. zimbra-archive is not installed directly on the mta, it's just enabled.

Note, you install zimbra-archive on a mailbox server but the service runs on the mta node.

MTA's - Require Configuration

If you add zimbra-archiving to an existing install you need to :

  • Install zimbra-archiving on one or more of your mailbox servers
  • Then set zimbraServiceInstalled archiving and zimbraServiceEnabled archiving on all the mta servers
  • Restart the mta services

For example:

zmprov ms mta.example.com +zimbraServiceInstalled archiving +zimbraServiceEnabled archiving

On the mta server:

zmmtactl restart

To confirm the /opt/zimbra/conf/amavisd.conf was modified correctly, you should see on the mta:

#$archive_quarantine_method = 'smtp:[127.0.0.1]:10025'; 

Was uncommented out:

$archive_quarantine_method = 'smtp:[127.0.0.1]:10025';

You'll be able to then notice in the /var/log/zimbra.log file if the redirect to the A&D account is happening [once A&D accounts are setup that is]. Example uses example.com.archive as the archive domain I setup for the A&D accounts :

grep "example.com.archive" /var/log/zimbra.log
 Dec 11 13:38:52 mta-server amavis[1978]: (01978-19) SEND via SMTP: <> -> 
    <user-20081211@example.com.archive>,ENVID=AM.8ISxcrQG8uAj.20081211T193852Z@mailstore.example.com 
    BODY=7BIT 250 2.6.0 Ok, id=01978-19, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 
    5ADF8F120C4
 Dec 11 13:38:52 mta-server postfix/lmtp[21864]: 5ADF8F120C4: 
    to=<user-20081211@example.com.archive>, relay=archive.example.com[X.X.X.93]:7025, 
    delay=0.07, delays=0/0/0/0.06, dsn=2.1.5, status=sent (250 2.1.5 OK)
Enabling Amavis And Archiving With 8.5+ While Antispam And AntiVirus Are Disabled

With 808 and 8.5 , archiving should be able to run without as/av being enabled.

For example, disabling antispam and antivirus but enabling amavis [required] and archiving on a mta server [note - this server had the full mta package already installed on it and had antivirus, antispam, [amavis], and postfix running on it] :

[zimbra@850-mta1 ~]$ zmcontrol status | egrep 'amavis|antispam|antivirus|archiving'
	amavis                  Running
	antispam                Running
	antivirus               Running

## NOTE , the below command will disable antispam & anitvirus for this "test". ##

[zimbra@850-mta1 ~]$ zmprov ms `zmhostname` +zimbraServiceEnabled archiving \
 +zimbraServiceEnabled amavis -zimbraServiceEnabled antispam -zimbraServiceEnabled antivirus

[zimbra@850-mta1 ~]$ zmcontrol restart                
Host 850-ldap1.zimbra.homeunix.com
	Stopping vmware-ha...Done.
[cut]
	Stopping ldap...Done.
Host 850-ldap1.zimbra.homeunix.com
	Starting ldap...Done.
	Starting zmconfigd...Done.
	Starting dnscache...Done.
	Starting logger...Done.
	Starting convertd...Done.
	Starting mailbox...Done.
	Starting memcached...Done.
	Starting proxy...Done.
	Starting amavis...Done.
	Starting opendkim...Done.
	Starting archiving...Done.
	Starting snmp...Done.
	Starting spell...Done.
	Starting mta...Done.
	Starting stats...Done.
	Starting service webapp...Done.
	Starting zimbra webapp...Done.
	Starting zimbraAdmin webapp...Done.
	Starting zimlet webapp...Done.
[zimbra@850-ldap1 ~]$ zmcontrol status | egrep 'amavis|antispam|antivirus|archiving'
	amavis                  Running
	archiving               Running
zimbra_xmbxsearch zimlet

For 5.x installs, this zimbra_xmbsearch zimlet will get configured on each mailstore that you install the zimbra-archive package on. The documentation in various places might cause confusion on this matter, because for the 4.x releases it was a separate step.

You should find the zimlet already located at /opt/zimbra/zimlets-network/zimbra_xmbxsearch.zip

After the installation, you should see when you go to the admin web console on the mailstore you install the zimbra-archive package on that the cross-mailbox search zimlet is there. It shows up in two locations:

  • Left Pane : Configuration > Admin Extensions > zimbra_xmbxsearch
  • Left Pane : Tools > Search Mail

If you wanted this zimlet to also be available on a server that didn't have the zimbra-archiving packaged installed you could then deploy it on that server.

cd /opt/zimbra/zimlets-network/
zmzimletctl deploy zimbra_xmbxsearch.zip
## ls the directory and confirm the full name - you might need this:
zmzimletctl deploy com_zimbra_xmbxsearch.zip

The How-To

Reference Documents

http://www.zimbra.com/docs/ne/latest/multi_server_install/multi-server_install.5.1.html

http://www.zimbra.com/docs/ne/latest/administration_guide/Archiving.16.1.html

Assumptions

This install how-to assumes you have an existing LDAP/Mailstore/MTA server(s) for your normal production environment, the Zimbra license and logger are installed on the primary ZCS server(s), and that you are NOT running the proxy module.

Example archive mailstore hostname is : archive.example.com

Example primary ZCS hostname is : mail.example.com

Preliminary Items

Things to do or check before install:

  • DNS entry for new mailstore and primary ZCS server(s) can resolve to it.
  • DNS configured properly on mailstore server.
  • Master Root LDAP Server mail.example.com
  • Master Root LDAP Password
    • On LDAP server do : su – zimbra ; zmlocalconfig –s | grep ldap_root_password
  • Master LDAP port – default is 389
  • SMTP Server
Installation Of New Mailstore That Will Have A&D
Install Modules
  • Type y to install the zimbra-store, zimbra-archiving and zimbra-spell (optional) packages.
    • Do Not Install MTA! These Instructions Do Not Take That Into Account.
    • When zimbra-spell is installed the zimbra-apache package is also installed.
  • Installing: zimbra-core zimbra-store zimbra-apache zimbra-spell
Modify Configuration

Press Enter to modify the system. The selected packages are installed on the server.

At this point the Main menu displays the default entries for the Zimbra component you are installing.

To expand the menu to see the configuration values type x and press Enter.

To navigate the Main menu, select the menu item to change. You can modify any of the defaults.

  • Common Configuration
    • LDAP
      • Ldap master host: [set this to the FQDN of your LDAP server]
      • Ldap port: 389 [set this if your LDAP server isn’t using default]
      • Ldap Admin password: [this is your LDAP servers Root LDAP password]
        • On LDAP server do : su – zimbra ; zmlocalconfig –s ldap_root_password
      • TimeZone: [set this]
  • For zimbra-store
    • Set the Admin Password
      • +License filename: UNSET [if you see this, then something is wrong with your
    • LDAP configuration. It should of pulled the license info from the LDAP server.
    • Set the SMTP host

Type r to return to the Main menu, if you aren’t there already.

When the mailbox server is configured, return to the Main menu and type a to apply the configuration changes.

Press Enter to save the configuration data.

When Save Configuration data to a file appears, press Enter.

The next request is where to save the files. To accept the default, press Enter.

To save the files to another directory, enter the directory and then press Enter.

When “The system will be modified - continue?” appears type y and press Enter.

The server is modified.

Installing all the components and configuring the server can take a few minutes.

When Installation complete - press return to exit displays, press Enter.

The installation of the mailbox server is complete.

After Install

Confirm server status

su – zimbra ; zmcontrol status

Populate the ssh keys, on each server in your environment

su - zimbra ;  zmupdateauthkeys 

The key is updated on /opt/zimbra/.ssh/authorized_keys.

Upgrading A Zimbra Server For An Archive & Discovery Mailstore
Adding Package For A&D

This will retain your current settings for the system. Your server will experience downtime during the upgrade.

untar zcs*.tar that matches your existing system

 cd zcs-version-directory
 ./install
  choose upgrade
  select zimbra-archiving

The upgrade of the mailbox server is complete.

After Upgrade

Confirm server status

su – zimbra ; zmcontrol status

Note, zimbra-archiving only runs as a service on a MTA server.

Populate the ssh keys, on each server in your environment

su-zimbra ;  zmupdateauthkeys 

The key is updated on /opt/zimbra/.ssh/authorized_keys.

Configure Zimbra For Use Of The New Mailstore and A&D

Example A&D mailstore hostname is : archive.example.com

  • Go to your primary admin console url. [https://[example.com]:7071/zimbraAdmin]
  1. Confirm you see the new mailstore under Configuration > Servers
    1. Under Configuration > Servers > [MTA servername(s)] > Services
      1. [each MTA server needs this]
      2. You’ll see a box for Archiving and Discovery
        1. Check this to enable the MTA server(s) for Archiving and Discovery. If this is grayed out, run the command below (modified for your server) on your one of your mailstores.
          • This effectively does:
          • zmprov ms mta.example.com +zimbraServiceInstalled archiving  +zimbraServiceEnabled archiving
            • Remember, zmprov uses the variable below. A mta only server can't be set for localhost, change it to point to a mailstore.
            •  [root@mta ~]# zmlocalconfig | grep zmprov
            •     zimbra_zmprov_default_soap_server = localhost
            •  [root@mta ~]# zmlocalconfig -e zimbra_zmprov_default_soap_server=mailstore.example.com
Configuring Your COS's - Normal COS's and Archiving COS

It's recommended that the archive accounts be created on a dedicated mailstore. You can limit what mailstores are used for new account creation by restricting what mailstores are used under "Server Pool" within a COS. Your normal COS's should excluded your archive mailstores and your archive COS should only have archive mailstores selected.

You'll also want to make sure your archive COS isn't using any 'features' that aren't necessary for archive accounts. No point in consuming certain license features when they aren't needed.

  1. Go to Configuration > Class of Service > default [or your primary domain] > Server Pool
    1. You’ll want to make sure it’s limited to the correct server pools
      1. Your new mailstore for A&D should be unchecked.
    2. Click on New for a new Class of Server (COS)
      1. Call it archive or something similar
        1. Under Server Pool > Limit > have only the new mailstore checked
    3. Make sure your not using licensed features [EWS for example] that aren't necessary for your archive accounts.
Setup Initial A&D With First Account - Creation Of The Archive Domain
Revisit To COS - Naming Scheme Of Archive Accounts

When archive accounts are created they use the zimbraArchiveAccountNameTemplate variable from the COS. The default is:

$ zmprov gc default | grep -i archive
  zimbraArchiveAccountDateTemplate: yyyyMMdd
  zimbraArchiveAccountNameTemplate: ${USER}-${DATE}@${DOMAIN}.archive

I, personally, don't like the use of the $DATE variable in this. I change my ARCHIVE COS to use the normal username but retain the .archive for the domain.

zmprov mc archive zimbraArchiveAccountNameTemplate '${USER}@${DOMAIN}.archive'

Bug to be aware of:

The Creation

On server with zmarchiveconfig (most likely mailstore you installed A&D on) and as zimbra (su – zimbra) do the following to setup your first A&D account.

format : zmarchiveconfig –s servername enable user@example.com archive-cos <cos>

example :

zmarchiveconfig –s archive.example.com enable account@example.com archive-cos archive

NOTE

If the above command doesn't seem to create the archive account/domain. Drop the use of [ -s servername ]. Basically, just run this on the A&D mailstore:
zmarchiveconfig enable account@example.com archive-cos archive

The above command will create the mail domain for the archive accounts using the template defaults, user@example.com to make example.com.archive

On your main ldap server or where ever you usually access the zimbra admin web console, login to the admin web console.

  1. Confirm the archive domain was setup.
    1. Configuration > Domains > [domainname].archive > General
    2. Confirm or adjust the archive domain to use the right COS
      1. Configuration > Domains > [domainname].archive > General Information
        1. Change “Default Class of Service” to your COS [archive], if needed for your configuration.
  2. Now check for the new archive account you made
    1. Address > Accounts
    2. Click on account and hit the edit button
    3. In the top summary section you'll be able to confirm the COS and Mail Server being used for the account.
      1. NOTE, if it's showing the account is on the primary mailstore and NOT the A&D mailstore.
        1. Remove the A&D account
          •  zmprov ra [user]@[domainname].archive
        2. Add the account back again using the zmarchiveconfig command
          • zmarchiveconfig enable account@example.com archive-cos archive
        3. Now confirm, as above, that the account is using the A&D mailstore.
          • This might be a bug related to the archive domain being created for the first time.

Send the primary account a test email and then shortly afterwards do a "View Mail" within the admin console for the archive account. You should see the archive message in the archive account.

Error: unknown document: EnableArchiveRequest

If you get this error when trying to create the archive account "Error: unknown document: EnableArchiveRequest" you most likely needed to install a new license for A&D and have not restart the mailboxd services . Updating the license is not enough, you'll need to restart ZCS on the mailstores also.

See the following bug:

RFE's On Archive Accounts
Testing Of Archive Mail Flow

Send the primary account a test email and then shortly afterwards do a "View Mail" within the admin console for the archive account. You should see the archive message in the archive account.

You should confirm mail flow copies occur with the following:

  1. Inbound
    1. External Account (email) to the primary zimbra account setup for archive.
    2. A zimbra account that ISN'T the archive account in question to the primary account setup for archive.
  2. Outbound
    1. With primary account setup for archive, send an email to an external email address.
    2. With primary account setup for archive, send an email to another internal zimbra email address.
Archive Account Isn't Getting Email

Let's double check everything was done correctly up above.

Assumption on syntax of account creation:

zmarchiveconfig enable user@example.com archive-cos archive

Let's check what actually was done:

zmprov ga user@example.com | grep -i archive
 amavisArchiveQuarantineTo: user-20081211@example.com.archive
 zimbraArchiveAccount: user-20081211@example.com.archive
 zimbraArchiveAccountNameTemplate: ${USER}-${DATE}@${DOMAIN}.archive

It should reference an account that's like, if you are using the archive templates:

user-[date]@example.com.archive

that account should exist and reference lmtp, rather than smtp, for the transport:

zmprov ga user-20081211@example.com.archive | grep -i trans
  zimbraMailTransport: lmtp:archive.example.com:7025
Checking Logs For Archive Operations

On the mta-server, you should find a reference to the archive account in /var/log/zimbra.log

grep archive /var/log/zimbra.log
 Dec 11 13:38:52 mta-server amavis[1978]: (01978-19) SEND via SMTP: <> -> 
    <user-20081211@example.com.archive>,ENVID=AM.8ISxcrQG8uAj.20081211T193852Z@mailstore.example.com 
    BODY=7BIT 250 2.6.0 Ok, id=01978-19, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 
    5ADF8F120C4
 Dec 11 13:38:52 mta-server postfix/lmtp[21864]: 5ADF8F120C4: 
    to=<user-20081211@example.com.archive>, relay=archive.example.com[X.X.X.93]:7025, 
    delay=0.07, delays=0/0/0/0.06, dsn=2.1.5, status=sent (250 2.1.5 OK)

On the archive-server, you should find reference to the delivery in /opt/zimbra/log/mailbox.log

grep archive /opt/zimbra/log/mailbox.log
 2008-12-11 14:45:32,923 INFO  [LmtpServer-9] 
  [name=user-20081211@example.com.archive;mid=7;] mailop - Adding Message: id=257,
  Message-ID=<1350363939.41021229024728317.JavaMail.root@EXTERNAL-MTA.DOMAIN.com>, parentId=-1,
  folderId=2, folderName=Inbox.
Mass Accounts Configuration
Update 5/28/15, I filed the following RFE:
  • "Redesign archive account creation process [autocreate, mass creation/enabling, etc]"

https://bugzilla.zimbra.com/show_bug.cgi?id=99710

Update, our 6.0 release will have a zmarchiveconfig -f command for batch processing from a file input.

CHECK YOUR AVAILABLE LICENSES BEFORE YOU PROCEED!!

One could put all the accounts in a txt file and then use a for-loop to process the account@example.com variable.

zmprov -l gaa > /tmp/accounts.txt

Remove any accounts you've already done and those not necessary for archiving (ex. admin, ham, spam, etc.)

You can give gaa other options, look at zmprov help account. For example, you could also narrow this down to a dump of accounts in a domain:

zmprov -l gaa [DOMAIN] > /tmp/accounts.txt

Note, the below uses the above setup for A&D - You'll need to modify for your environment.

for i in `cat /tmp/accounts.txt`
do
zmarchiveconfig –s archive.example.com enable $i archive-cos archive
sleep 3
done

You can be tailing /opt/zimbra/log/mailbox.log on the archive server to watch the progress.

Searches After Configuration Is Done

Please see Ajcody-Server-Misc-Topics#Cross_Mailbox_Searches_and_Tracing

Searches Limited To 500 or 1000 Maximum Results

See Ajcody-Server-Misc-Topics#Searches_Limited_To_500_or_1000_Maximum_Results


Special Circumstance Case Scenarios

Need Primary Account Going To Two "Archive" Targets

Currently it isn't possible, I have submitted an RFE for this though:

I also submitted an RFE to clarify the difference/intention between amavisArchiveQuarantineTo and zimbraArchiveAccount