Ajcody-Notes: Difference between revisions
No edit summary |
mNo edit summary |
||
Line 1: | Line 1: | ||
{{BC| | {{BC|Zeta Alliance}} <!-- Note, this will also add [[Category: Zeta Alliance]] to bottom of wiki page. --> | ||
__FORCETOC__ | __FORCETOC__ <!-- Will force a TOC regards of size of article. __NOTOC__ if no TOC is wanted. --> | ||
<div class="col-md-12 ibox-content"> | <div class="col-md-12 ibox-content"> | ||
= Ajcody Notes = | = Ajcody Notes = <!-- Normally will reflect page title. Is listed at very top of page. --> | ||
{{KB|{{ | {{KB|{{ZETA}}|{{ZCS 8.5}}|{{ZCS 8.0}}|{{ZCS 7.0}}|}} <!-- Can only handle 3 ZCS versions. --> | ||
{| width="60%" border="0" | {| width="60%" border="0" |
Revision as of 19:26, 20 June 2016
Ajcody Notes
- This article is NOT official Zimbra documentation. It is a user contribution and may include unsupported customizations, references, suggestions, or information. |
UPDATE This page holds a Table of Contents of all my pages EXCEPT:
Please remember to search them as well.
Adam
Information For New Support Customers
Details On Response Times and What's Supported
Please review the Support Overview and Support Program, specifically the "Exclusions" and "Reasonable Use Policy" sections. You can also find a link to the Support Plan document when you log in to your Zimbra Support Portal account (Network Edition Customers). As of 12 August 2008, it includes the following statement:
Requests that are excluded from support include but are not limited to: performing initial installs of customer systems, performing migrations, performing upgrades of customer systems, performing configuration changes to add or remove servers or services, and testing a customer’s system. Zimbra Professional Services may be available to assist with these projects.
New Network Edition Customers
Your sales contact should already have made a support record for your company and added one or more user accounts for our primary support tool, the Support Portal. Please Contact Sales if you are unsure whether you and/or your company have been set up for access to the Support Portal. Additional user accounts can be associated with your support record if necessary by submitting a case to support with the following information:
- Full name of new contact
- Title of new contact
- Email address of new contact
- Best phone number to reach new contact (this will potentially be used in the event of an email outage)
Understanding The Support Process For Urgent Issues
In order to receive the most efficient and timely response, please follow this procedure.
- Create a new case via the Support Portal
- In the lower section of the navigation menu on the left, choose Case Menu > Submit A New Case
- When you need urgent help, please open a case through the Support Portal instead of sending email to support@zimbra.com. Cases submitted through email will not be assigned the appropriate urgency for an outage or otherwise urgent situation, and they will appear lower in priority in our incoming case queue. When submitting a case through the Support Portal you may assign the appropriate urgency level according to scope, impact, and urgency of issue.
- Please include as much detail as possible to allow us to effectively prepare prior to calling you. Having details of the situation allows us to reach out to any resources (people) we may feel are needed prior to calling you back.
- Include contact information in the new case record. Desk phone, cell phone, alternate email address, and YahooIM handle are all useful. This allows us to contact you for clarification as needed.
- Call the Support Phone Line
- If you get the voice mail - don't panic or hang up without leaving a voice mail.
- Give your name and company first
- Provide the number of the case that you created in the Support Portal
- Summarize the outage situation
- Mention your contact information
- If you get the voice mail - don't panic or hang up without leaving a voice mail.
- Continue to work on the issue yourself.
- Promptly update the case with all relevant information you discover
- Left-hand lower section, Case Menu > Case Management
- If you can't "email", use the Comments section with your case record to input the information.
- Promptly update the case with all relevant information you discover
- If you have not received a response from us, please try updating the case and calling into the Support Phone Line again
- Note that depending on the day and hour of your outage, time might be needed for the information to route to the on-call staff and for them to get into a position to respond.
How To Communicate Support Need Clearly
Over the years, open source luminary Eric Raymond has assembled a guide to getting help with technical issues online. Bear in mind that the guide has been written for those seeking free help, so the overall guide taken at face value is most applicable for posting to the Zimbra Forums. There is, however, plenty of useful guidance for those submitting support cases. The complete guide is available online as How To Ask Questions The Smart Way. Here are a few examples:
- Use meaningful, specific subject headers
- Write in clear, grammatical, correctly-spelled language
- Be precise and informative about your problem
- Describe your problem's symptoms in chronological order
Simon Tatham, author of the PuTTY software, wrote a similar guide for How to Report Bugs Effectively.
Support Tools
Case Management
Subscribe To RSS Feeds
Our sites have unrestricted (anonymous) access for RSS feeds. The new RSS feeds are:
- https://support.zimbra.com/customer/rss.xml
- https://support.zimbra.com/hspfront/rss.xml
- https://support.zimbra.com/downloads/rss.xml
Clicking on an article from the RSS feed will direct the user to the login page with an "Authorization Required" message.
Email Communication
When you send emails to support@zimbra.com, it will create a case for us and show in our new case tool. What is important to note though, is our tools first check to see if the subject line of the email has SF: Case ########: in it. If so, it redirects that email to update an existing case. If those values aren't in the subject line, it creates a new case. So, if you wanted to update an existing case - let's say case number 00000001 - you would have your subject line as "SF: Case 00000001: some text of the topic" .
New Cases Created By Email Are Always Sev-4
If you send your initial support request via email to support@zimbra.com it will automatically be set at a "Severity Level 4", which is the lowest priority. If you need your case set to a higher severity level, please create your case via the support portal page where you can set the severity level. At this time, you can not change a case severity level once it's made via the support portal case management tools.
Always Include support@zimbra.com In Case Email Threads
If emails for your case do not include the support@zimbra.com address, there's a good chance the support member your working with will not be updated about your response correctly.
Sales Force Case Comments
Sales Force [zimbra support portal case management tool] has the option to do "Case Comments". Please use this only when necessary - for example, your email isn't working. Currently, case comments from sales force don't work appropriately with our other tools because it doesn't create a email subject to match the "SF: Case ########:" pattern and it also doesn't change the status of the case to reflect "customer replied". The email subject line is important because most of us here at support use the Zimbra's email conversation view and also "tagging" of our case threads. The case comments from Sales Force doesn't work against this. And of course, the case not being updated as "customer replied" causes issues as it most likely leaves it in the state of "Awaiting Customer Response".
Zimbra Forums
The forums provide a place where the greater Zimbra community (server administrators, users, developers, commentators, etc) can work together on solving problems. There is a wide range of experience among the community, and a long history of issues available for searching.
Create A Forums Account
This is open to anyone. It is not tied to your Network Edition support id.
Zimbra Wiki
The wiki also centers around the community, providing a site where anyone with an account can contribute documentation, especially how-to guides, non-standard configurations, and topics related to but external to ZCS.
Create A Wiki Account
This is open to anyone. It is not tied to your Network Edition support id.
Why is this important?
- It allows you to participate in improving the wiki articles and content. Note that you need to be logged in to make edits.
- Create your own articles if you find something missing that might prove useful to others.
- Improve existing articles.
- Add to the "discussion" page for an article. This is a good place to add comments for those less inclined to be bold and modify the main article.
- You can propose questions and other things here as well.
- You can add articles to your "watchlist" in order to monitor your favorite articles for changes.
- In your wiki preferences you can specify whether to be notified by email when different events occur.
- You can create your own personal section on the wiki.
- Use the category of "community sandbox" at the bottom of them.
- [[Category: Community Sandbox]]
- If you decide to create sandbox articles, the wiki convention is to prefix the topic with your wiki username: Username-Topic
- For example, the original staging page for this article was written by Ajcody, so the sandbox article was named Ajcody-New-Customers-Users
- Use {{:Special:PrefixIndex/YourUsername}} to automatically generate a list of these articles in a wiki document, on your user profile page for example
- This wiki tag on Ajcody's profile page causes a list of all of his notes articles to be displayed: {{:Special:PrefixIndex/Ajcody}}
- Use the category of "community sandbox" at the bottom of them.
Remote Server Access
Conditions For Remote Access
In some cases, a Zimbra TSE may request access to the system in question. Direct access is not generally the preferred method of investigation on cases, and we typically request that the customer please perform the hands-on administration of your system, with which you would be far more familiar than Zimbra; in some cases however, direct access may be considered an option for investigating the situation.
Zimbra TSE's will need some way to communicate with someone on your IT staff when they are going to log in to your servers. Zimbra Support helps and facilitates customers with their problems but we are not the "administrators" of customers servers and can't make independent decisions on what to do or not on their servers. We need to have access to immediate forms of communication [phone, IM, etc.] with someone at the company with the authority to make those decisions.
Remote Access Starts With Webex
Support agents can setup Webex sessions with customers when the situation calls for it. The standard policy is to use Webex for various legal & other policy justifications. Support staff will give guidance to the customer over the Webex session for the particular tasks in question. Customer participation is required throughout the Webex session. Other forms of access, ssh for example, should occur along side the Webex session. Ssh would use the screen utility mentioned below to accomplish this.
Your Webex meeting request will most likely also include a telephone conference number and instructions on how to file transfer log files as necessary.
Secondary Remote Access Options
Support SSH Keys
- Note that it is not required that customers allow remote server access.
- Updated: Switched to rsa rather than dsa. [2010/02/23]
In the Zimbra Support Portal, a public key for ssh is available for situations when Zimbra support will log in to a customer server using ssh. You can allow remote connections for a user (typically zimbra or root) by logging in to the server as that user and following these steps.
Running the script command within the ssh/shell session is a good idea for both the support staff and customer. See the following script man page
1. Save the key file on the server as /opt/zimbra/.ssh/zsupport_rsa.key.pub
2. Add the key to the user's authorized_keys file; command #1 outputs the current list of keys; command #2 appends the support key
1% cat ~/.ssh/authorized_keys 2% cat /opt/zimbra/.ssh/zsupport_rsa.key.pub >> ~/.ssh/authorized_keys
- Note, the ~/ above will be setting up the ssh access for the same username that is running the commands. This is the "user" that you'll tell Zimbra is the login account for ssh to the server.
3. Verify that public key access is allowed by sshd
- In the sshd config file (typically /etc/ssh/sshd_config), the value of the PubkeyAuthentication keyword should not be no. It's OK if it is not listed or if it is commented out; the default is yes.
4. Confirm, if appropriate, that the user you setup for ssh access will be able to su and/or sudo to gain zimbra and/or root access.
5. You'll then need to communicate to support that the key is setup and provide the necessary information:
- username to login with
- password if required for ssh access
- the initial server [hostname/ipaddr] to ssh to and then how to access other servers inside if needed
- way to gain zimbra or root access [su - [username] or via sudo]
- It is up to you, how you would like to communicate the login information to support - email, IM, phone, etc..
The screen command line utility allows multiple users to attach to the same terminal session. To start a new screen session, run screen -m or screen -R. To attach to an existing screen session, run screen -x. Additional documentation for screen is available online.
Sun Microsystems offers a java application to allow shared access to a terminal session. More information is available at their site.
DimDim
This might interest some customers as well DimDim Web Conferencing . They have an OSS edition - DimDim OSS Edition
Installation and Migration Planning
Expectations
Support doesn't do migration for customers, nor do we do migration planning. We can help if you run into issues during migration. Are there gray areas involved in this? Yes, of course. Some guidelines to follow:
- Engage your sales contact about your needs.
- Sales has access to pre-sales engineers and tools that can help plan your Zimbra deployment and migrations.
- If your needs exceed the above, they can determine if our Professional Services group would be a good option for you.
- When you start to engage the Support Team
- Try to have specific questions or issues rather than large open-ended ones - those that imply support is doing the planning or migration for you.
- It would be helpful if you documented your "plan" to the best of your ability and to share that with support as issues or questions come up.
- This gives us more "concrete" information to work against.
- Be prepared to know and investigate the technical requirements for the "other" mail server. Support will offer what we can but there is no obligation for us to know all the in's and out's of another mail server product. The exception to this would be when we are working with our tools that we developed for migration. And even then, there is a certain expectation of knowledge we require of the administrator in regards to the other mail system.
- Remember, anyone can use the Zimbra Forums! Advise and help is free and open to everyone on the forums.
ZCS Upgrade And Install Specific Expectations
Zimbra support works on a break-fix model, we do not provide administrative services.
For upgrades and installs, we generally offer :
- Provide input on upgrade and install plans or the remaining questions that aren't addressed documentation resources listed below:
- Latest Releases are at:
- http://www.zimbra.com/downloads/ne-downloads.html
- See the the following for older releases:
- http://www.zimbra.com/downloads/ne-downloads.html
- Documentation Resources are at:
- http://www.zimbra.com/support/documentation/
- click on your specific version and you'll see the various documentation references.
- http://www.zimbra.com/support/documentation/
- Please see "System Requirements" under the "Documentation Resources" section for system requirements - server and client.
- The "Installation Resources" section addresses:
- Steps to install ZCS - see either the Single-Server Installation Guide or Multi-Server Installation Guide.
- Checks, prerequisites, and other items you might need to address prior to installing.
- The Release Notes & Upgrade Instructions addresses:
- Steps to upgrade your server/s.
- Checks, prerequisites, and other items you might need to address prior to upgrading.
- List of notable bugs and RFE's addressed with this release. It will have a history going back through other older versions also.
- After reviewing the above resources for your specific version, you should also login to the support portal for any other critical information that might not be listed in the Release Notes & Upgrade Instructions.
- Latest Releases are at:
- We can add a customer's intentions about upgrading or installing ZCS on our team calendar. This allows our staff during our 'after hours' to be aware of customers that are intending to upgrade/install ZCS and that they might be submitting sev1 support cases if they run into issues.
- If the customer runs into a problem during an upgrade/install, they should submit a support case [setting the right severity level] for the specific issue at hand. The resolution of the support case is specific to the issue that was encountered. The support case is closed and the customer continues to do upgrade/install or other remaining steps they have independently.
First
Please take time to review the Administrators Guide. Noting what features you might want or need for the installation. It would be wise to make notes while your skimming the guide of features your wanting. Depending on the choices you have, it might drastically effect your installation steps. Do you want HSM, Archive & Discovery, Proxies - what type, and so forth.
- Official Administration Guide
The Basics
Starting Official Source Guides
- The Main Page
- The Release Notes
- System Requirements
- Quick Start Installation Guide
Other Resources To Review
General Ways To Find More Specific Information:
- Search Zimbra Site
- http://www.zimbra.com/search/
- Notice that you can refine where your search looks, click on the "Advanced Search" link next to the search button.
- http://www.zimbra.com/search/
- Looking at "Categories" within the Wiki pages. This might be more helpful compared to a general search.
- My wiki notes are actually spread out among multiple pages but I also have them displayed into one page. This makes it easier to search the table of contents or the complete listing using your web browser (usually ctrl-f).
- Ajcody-Notes
- I had to separate my Server related notes from this table of contents, please search this one as well:
- Still confused by HSM, see the following:
- GAL - Global Address Book Items To Consider
- SSL Certificates
- Proxy Items
- What about Mobility Options?
Please Consider Your Backup Issues Before Deploying
Assuming you've consulted the other above resources as well.
More items to consider:
- Backup Plans
- General Backup / Restore Issues
Be Aware Of DR Processes
Multi-Server Installations
Assuming you read or skimmed the above.
Starting Official Source Guides
- Main Page For Them
- Multi-Server Installation Guide
- Migration Wizards, Connectors, and Clusters Guides
- http://www.zimbra.com/products/documentation_additional.html
- Cluster Guides
- Single Node Cluster Installation Guide
- Multi Node Cluster Installation Guide
- Cluster Guides
- http://www.zimbra.com/products/documentation_additional.html
- Archiving and Discovery
Other Resources To Review
- Understanding your hardware issues - work in progress still.
- Archiving and Discovery For Multi-servers
- Issues Around LDAP Master And Replica Install/Setups
Migration Issues
- My Migration Issue Notes
- Ajcody-Migration-Notes
- This will also reference other necessary documentation.
- Ajcody-Migration-Notes
- Understanding Mailing List options
- MTA/Postfix differences you might need to be aware of
This will pull all of them regardless of their "status".
Quick Tips
License issues (Dos/Unix New Lines)
Sometimes when customers get their license file on a Windows machine and then go about transferring it to the zimbra server they accidentally convert the license file to have windows new line characters that will not work when Zimbra goes to read the file. To see if this happen, to the following on the zimbra server:
vi file and then
:set list
Confirm you're not getting the ^M characters at the end. The ^M is the windows new line character, they'll need to be removed. There is a script or even rpm package you can get, usually called dos2unix, that will do this for you.
General Notes
Actual General Notes Homepage
Please see Ajcody-General-Notes
Zimbra Variables
Ways to check on different zimbra variables.
su - zimbra zmlocalconfig -i zmlocalconfig -d cd /opt/zimbra/conf/attrs more zimbra-attrs.xml cd /opt/zimbra/openldap/etc/openldap/schema/ more zimbra.schema
Made the following concerning zmlocalconfig's behavior:
- "RFE: zmlocalconfig sanity check and clean up of -i output"
Also, with newer versions of ZCS, you can get it via zmprov - for example:
#zmprov desc -a zimbraFreeBusyExchangeAuthScheme zimbraFreebusyExchangeAuthScheme auth scheme to use type : enum value : basic,form callback : immutable : false cardinality : single requiredIn : optionalIn : cos,domain,globalConfig,account flags : accountInherited,domainInherited defaults : min : max : id : 611 requiresRestart : since : 5.0.3 deprecatedSince :
Addition note, example, for those checking source : src/6.0.7/com/zimbra/cs/account/ProvUtil.java.html
Zimbra Contact Fields For CSV Import Mapping
Please see /opt/zimbra/conf/zimbra-contact-fields.xml
This will show you what "fields" Zimbra is looking for and mapping to in regards to importing from another applications contact csv files.
One easy way to do this is the following:
- From zimbra ajax client as a test user (or any old user) do an export Addressbook.
- This is under the preference tab > Address Book > Import / Export > Export - select Addressbook and click Export button
- Then open file file something like Excel or a Text Editor
- Your only interested in the Top line - that gives the default fields for a Zimbra Addressbook.
- You'll get something like this:
"company","companyPhone","email2","fileAs","firstName","homepageURL","imAddress3","lastName","otherIMLabel","workCity","workCountry","workEmail2","workEmail3","workEmail4","workEmail5","workPostalCode","workState","workStreet"
- Note, ordering [left to right] isn't important. What is important, is the data lines up under the right column header.
- With your other Mail system, export the addressbook to a csv file.
- Open this file in another Excel window.
- Copy the column data from the one Excel sheet and paste it into the appropriate column within the Zimbra Excel sheet.
- Move as much as you can and then save.
- For example:
"company","companyPhone","email2","fileAs","firstName","homepageURL","imAddress3","lastName","otherIMLabel","workCity","workCountry","workEmail2","workEmail3","workEmail4","workEmail5","workPostalCode","workState","workStreet" "Apple Computer Inc.","1-800-MY-APPLE","","3","","http://www.apple.com","","","","Cupertino","United States","","","","","95014","CA","1 Infinite Loop"
- Now you can try importing this csv file back into Zimbra.
- Either with the webclient or you can use some on the CLI commands
- See User_Migration for variations of CLI commands that could be used.
- Here's the documented example:
curl -u schemers:password --data-binary @/tmp/new.csv http://server/service/home/schemers/contacts?fmt=csv
Example Header For Horde Contacts
I have not used this myself, I found it on the forums.
"assistantPhone","birthday","callbackPhone","carPhone","company","companyPhone","email","email2","email3","firstName","fullName","homeCity","homeCountry","homeFax","homePhone","homePhone2","homePostalCode","homeState","homeStreet","homeURL","imAddress1","imAddress2","imAddress3","jobTitle","lastName","middleName","mobilePhone","notes","otherCity","otherCountry","otherFax","otherPhone","otherPostalCode","otherState","otherStreet","otherURL","pager","workCity","work"
I'm hoping the forum user simply renamed the top header column to match description fields that Zimbra knows and that it's in order of the data (left to right) that Horde normally exports in. You'll need to review it and make sure it fits with your exported data columns from Horde.
Admin With Curl And Wget
You will most likely need to include :7071 in the url string to get around the pop-up issue that you would get if you used the same string in a web browser, without :7071 you'll see a permission error when trying to see/get data from a users account via the admin account.
curl -u admin:pass https://hostname:7071/home/user/Contacts wget https://admin:pass@hostname:7071/home/user/Contacts
What's My Server Like
To dump out your server details, these commands are useful. Login to your zimbra server and as the zimbra user do:
zmprov gs `zmhostname` zmprov gacf zmlocalconfig zmdumpenv
Another good document to review for "odd performance" issues is the large server wiki.
http://wiki.zimbra.com/index.php?title=Performance_Tuning_Guidelines_for_Large_Deployments
Restarting Jetty - ZCS 5+
As zimbra
zmmailboxdctl restart
How Do I Find Out What Version Of Zimbra I'm Using
See:
Get Version From Ajax Client
In newer versions of ZWC, the Help > About will also state the ZCS server version being used.
For older version, put the below in the search field of the Ajax client and hit enter:
$set:get version
Also:
https://SERVERNAME/js/zimbraMail/share/model/ZmSettings.js
Search for the CLIENT_VERSION line.
Other Ways To Get Version Of Server
See this forum post:
What's Compiled With Postfix
Moved to What's_Complies_With_Zimbra's_Postfix
REST Information
Resources to review
- Rest Overview
- For queries:
- Working Examples
Format to get around permission denied on multi-domain hosting servers
If you getting permission denied rather than resource not found...try this format example:
http://MAILSTOREofUSER.DOMAIN.com/zimbra/user/FIRST.LAST@USERS_DOMAIN.com/inbox.zip
or
http://MAILSTOREofUSER.DOMAIN.com/zimbra/user/USERNAME@USERS_DOMAIN.com/inbox.zip
I but both in case one issue is where the username has special characters, like the period.
Server Source Doc's
Please see:
http://svn.sourceforge.net/viewvc/zimbra/trunk/ZimbraServer/docs/
Logging
Actual Logging Homepage
Please see Ajcody-Logging
Server
RFE's Related To Better Logging And Historical Data Of Systems
See : Ajcody-Testing-Debugging#RFE.27s_Related_To_Better_Logging_And_Historical_Data_Of_Systems
Debugging
See : Ajcody-Testing-Debugging for more complete debugging information.
When Was A ZCS Service Enabled Or Disabled
See : Ajcody-Notes-Archive-Discovery#When_Was_A_ZCS_Service_Enabled_Or_Disabled
Syslog Items
Single Server Setup
/etc/syslog.conf should have lines similiar to:
[towards bottom of conf file] local0.* -/var/log/zimbra.log auth.* -/var/log/zimbra.log mail.* -/var/log/zimbra.log
Make sure syslog allows messages from log4j to be written, log4j doesn't do unix pipes. Specifically, it uses internet domain sockets (514/upd) instead of unix domain sockets (/dev/log). On a single server setup, this means log4j talking to localhost via 514/udp. Again, /dev/log is never used by log4j (AFAIK, this could change in the future). Adding the "-r" applies for the centralized syslog server as usual, but it also applies for the case where you want log4j data to be logged via syslog locally [single server setup]:
[root@zimbra sysconfig]# diff -u /etc/sysconfig/syslog.ORIG /etc/sysconfig/syslog --- /etc/sysconfig/syslog.ORIG 2008-03-25 09:14:28.000000000 -0400 +++ /etc/sysconfig/syslog 2009-06-09 16:01:13.000000000 -0400 @@ -3,7 +3,7 @@ # -r enables logging from remote machines # -x disables DNS lookups on messages recieved with -r # See syslogd(8) for more details -SYSLOGD_OPTIONS="-m 0" +SYSLOGD_OPTIONS="-r -m 0" # Options to klogd # -2 prints all kernel oops messages twice; once for klogd to decode, and # once for processing with 'ksymoops'
Restart syslog:
/etc/init.d/syslog restart
Setup ZCS to be aware of syslog [we'll restart Zimbra later once all the changes are done]:
zmprov mcf zimbraLogToSyslog TRUE
This will set the appropriate ldap values (after a zimbra restart) to make log4j.properties be written correctly:
/opt/zimbra/conf/log4j.properties will now show some modifications, for example:
[snips - DON'T cut cut/paste this info below for your server] #log4j.rootLogger=INFO,LOGFILE log4j.rootLogger=INFO,LOGFILE,SYSLOG ... # Syslog appender log4j.appender.SYSLOG=org.apache.log4j.net.SyslogAppender log4j.appender.SYSLOG.SyslogHost=localhost log4j.appender.SYSLOG.Facility=LOCAL0 log4j.appender.SYSLOG.layout=com.zimbra.common.util.ZimbraPatternLayout log4j.appender.SYSLOG.layout.ConversionPattern=mailboxd: %-5p [%t] [%z] %c{1} - %m
This will actually cause very little to goto syslog though, it's a very minimalist setup. Now adjust /opt/zimbra/conf/log4j.properties.in to log more items to syslog.
Note: You may or may not want all these things going to syslog and you may be able to send more/other things to syslog as well. I've not spend lots of time with log4j and I'm not familiar enough with all the code to know which pieces are using which logger/settings.
WARNING: the AUDIT logs may have sensitive data so be careful to protect the logs so that sensitive data is not leaked accidentally.
[zimbra@zimbra conf]$ diff -u log4j.properties.in.ORIG log4j.properties.in --- log4j.properties.in.ORIG 2009-06-05 15:31:20.000000000 -0400 +++ log4j.properties.in 2009-06-09 15:54:07.000000000 -0400 @@ -35,7 +35,7 @@ # Save zimbra.security to AUDIT appender log4j.additivity.zimbra.security=false -log4j.logger.zimbra.security=INFO,AUDIT +log4j.logger.zimbra.security=INFO,AUDIT,SYSLOG # Syslog appender log4j.appender.SYSLOG=org.apache.log4j.net.SyslogAppender @@ -88,7 +88,7 @@ log4j.additivity.zimbra.wbxml=false log4j.logger.zimbra.wbxml=DEBUG,WBXML -log4j.logger.zimbra=INFO +log4j.logger.zimbra=INFO,SYSLOG log4j.logger.zimbra.op=WARN -log4j.logger.com.zimbra=INFO +log4j.logger.com.zimbra=INFO,SYSLOG
At this point, you can restart zimbra for all the changes to be in effect:
zmcontrol stop ; zmcontrol start
Centralized Syslog Server
Please see:
This will show you how to setup a syslog server and then to configure the "clients" to log to the local filesystem as well as the syslog server.
You'll need to then take into account the information in Ajcody-Logging#Single_Server_Setup to handle the "Zimbra" part as well as dealing with log4j.
Centralized Log Server Project Ideas
Problems:
- Logs are to large to manage on each server.
- Want to build a central logging server for all logging events.
- The syslog events are very minimal with Zimbra (/var/log/zimbra.log). Most of the logging is control by Log4j (tomcat/jetty). Output from log4j generally goes into the /opt/zimbra/log/ directory. There's some conf files in /opt/zimbra/conf/log4j.properties* for log4j. You can adjust this file to also output into the syslog environment but syslog has very limited choices for "facility". See Ajcody-Logging#Single_Server_Setup and Log4j & Syslog facility for details. You'll end up getting huge files and god knows how many log events per second if you adjusted log4j to dump all zimbra logging into syslog control.
General Thought On This:
Use syslog-ng with mysql for the central log server. Add on php-syslog-ng for comfort.
Leave the log4j stuff alone and configure syslog-ng to monitor the actual log files as they are generated by log4j in /opt/zimbra/log/* .
Then decrease the log sizes and archiving done on the local servers, i.e. zimbraLogRawLifetime & zimbraLogSummaryLifetime .
References:
- Syslog-ng Homepage
- "O'Reilly - Building Secure Servers With Linux - Chapter On Syslog-ng"
- http://eduunix.ccut.edu.cn/index2/html/linux/O'Reilly%20-%20Building.Secure%20Servers%20with%20Linux/bssrvrlnx-CHP-10-SECT-2.html
- Most notably, the section on "sources"
- Php-syslog-ng
- http://code.google.com/p/php-syslog-ng/
- How-To Setup and Install Syslog-ng, mysql, and php-syslog-ng
Log Rotation and Removal
Logs In /opt/zimbra/log Directory
Please look at the output of your crontab - AS ZIMBRA, look for the "Log pruning" line.
crontab -l
And also the config files for logrotate:
/etc/logrotate.conf
/etc/logrotate.d/zimbra
Example From 5.0.11 - Complete ZCS Install Single Server
crontab for zimbra:
# Log pruning # 30 2 * * * find /opt/zimbra/log/ -type f -name \*.log\* -mtime +8 -exec rm {} \; > /dev/null 2>&1 35 2 * * * find /opt/zimbra/log/ -type f -name \*.out.???????????? -mtime +8 -exec rm {} \; > /dev/null 2>&1 # Log pruning # 30 2 * * * find /opt/zimbra/mailboxd/logs/ -type f -name \*log\* -mtime +8 -exec rm {} \; > /dev/null 2>&1
And the logrotate files:
$ cat /etc/logrotate.conf # see "man logrotate" for details # rotate log files weekly weekly # keep 4 weeks worth of backlogs rotate 4 # create new (empty) log files after rotating old ones create # uncomment this if you want your log files compressed #compress # RPM packages drop log rotation information into this directory include /etc/logrotate.d # no packages own wtmp -- we'll rotate them here /var/log/wtmp { monthly minsize 1M create 0664 root utmp rotate 1 } # system-specific logs may be also be configured here.
And also:
$ cat /etc/logrotate.d/zimbra /var/log/zimbra.log { daily missingok notifempty create 0644 zimbra zimbra postrotate killall -HUP syslogd 2> /dev/null || true kill -HUP `cat /opt/zimbra/log/swatch.pid 2> /dev/null` 2> /dev/null || true kill -HUP `cat /opt/zimbra/log/logswatch.pid 2> /dev/null` 2> /dev/null || true endscript compress } /opt/zimbra/log/myslow.log { daily missingok copytruncate rotate 30 notifempty create 0644 zimbra zimbra compress } /opt/zimbra/log/logger_myslow.log { daily missingok copytruncate notifempty create 0660 zimbra zimbra compress size 5000k rotate 7 } /opt/zimbra/log/clamd.log { daily missingok copytruncate notifempty create 0660 zimbra zimbra postrotate kill -HUP `cat /opt/zimbra/log/clamd.pid 2> /dev/null` 2> /dev/null || true endscript compress size 5000k rotate 7 } /opt/zimbra/log/zmlogswatch.out { daily missingok copytruncate notifempty create 0740 zimbra zimbra postrotate su - zimbra -c "/opt/zimbra/bin/zmlogswatchctl stop" su - zimbra -c "/opt/zimbra/bin/zmlogswatchctl start" endscript rotate 5 compress } /opt/zimbra/log/zmswatch.out { daily missingok copytruncate notifempty create 0740 zimbra zimbra postrotate su - zimbra -c "/opt/zimbra/bin/zmswatchctl stop" su - zimbra -c "/opt/zimbra/bin/zmswatchctl start" endscript rotate 5 compress } /opt/zimbra/log/zmmtaconfig.log { daily missingok copytruncate notifempty create 0740 zimbra zimbra postrotate su - zimbra -c "/opt/zimbra/bin/zmmtaconfigctl restart" endscript rotate 5 compress } /opt/zimbra/log/nginx.log { daily missingok notifempty create 0644 zimbra zimbra postrotate kill -USR1 `cat /opt/zimbra/log/nginx.pid 2> /dev/null` 2> /dev/null || true endscript rotate 7 compress } /opt/zimbra/log/zmconvertd.log { daily missingok copytruncate notifempty create 0644 zimbra zimbra rotate 7 } /opt/zimbra/zmstat/zmstat.out { daily missingok copytruncate rotate 7 notifempty compress }
Openldap Logs - In /opt/zimbra/openldap-data/
Ldap logs files in /opt/zimbra/openldap-data/ and in /opt/zimbra/data/ldap/* subdirectories [ZCS 6+] that are like log.0000000001 , log.0000000002 , etc.
This logpurge is controlled by:
$ cd /opt/zimbra/openldap/etc/openldap/ [zimbra@mail3 openldap]$ grep logpurge * master-accesslog-overlay.conf:logpurge 07+00:00 01+00:00
Logpurge Directive Description
From Accesslog Chapter
logpurge Directive
logpurge age interval
Defines both the maximum age for log entries to be retained in the database and how often to scan the database for old entries. Bothage and interval are specified as a time span in days, hours, minutes, and seconds. The time format is [ddd+]hh:mm[:ss], for example, the days and seconds components are optional but hours and minutes are required. Except for days, which can be up to 5 digits, each numeric field must be exactly two digits. Example:
- the log database will be scanned every day
- entries older than two days will be deleted.
logpurge 2+00:00 1+00:00
When using a log database that supports ordered indexing on generalizedTime attributes, specifying an eq index on the reqStart attribute will increase the performance of purge operations.
What's up with all the logs?
Other Logging Page Resources
http://www.zimbra.com/docs/ne/latest/administration_guide/9_Monitoring.14.1.html
http://wiki.zimbra.com/index.php?title=Server_Monitoring
http://wiki.zimbra.com/index.php?title=Log_Files
http://wiki.zimbra.com/index.php?title=Unresponsive_Server_Troubleshooting
The Bread And Butter Logs
/opt/zimbra/log/mailbox.log - where most of your mailbox store activity is logged
- This log is the mailboxd log4j server log containing the logs from the mailbox server. This includes activity from the mailbox store, LMTP server, IMAP and POP servers, and Index server.
- Location: /opt/zimbra/log/mailbox.log
- This log is the mailboxd log4j server log containing the logs from the mailbox server. This includes activity from the mailbox store, LMTP server, IMAP and POP servers, and Index server.
/opt/zimbra/log/zmmailboxd.out - mailboxd/jvm output log
- Mailstore not coming up and nothing is being logged in mailbox.log, check here for errors.
- Location: /opt/zimbra/log/zmmailboxd.out
- Mailstore not coming up and nothing is being logged in mailbox.log, check here for errors.
/opt/zimbra/log/stacktrace.<pid> - stacktrace logs
- stacktraces related to mailboxd
- Location: /opt/zimbra/log/stacktrace.<pid>
- stacktraces related to mailboxd
/opt/zimbra/db/data/YOURHOSTNAME.err - errors for MySQL - ZCS 4.x & ZCS 5.x
- This is the message store database error log.
- Location: /opt/zimbra/db/data/YOURHOSTNAME.err
- This is the message store database error log.
/var/log/zimbra.log - mta and system status log, postfix, amavisd
- The Zimbra syslog details the activities of the Zimbra MTA (Postfix, amavisd, antispam, antivirus), Logger, Authentication (cyrus-sasl), and Directory (OpenLDAP). By default LDAP activity is logged to Zimbra.log.
- Location: /var/log/zimbra.log
- The Zimbra syslog details the activities of the Zimbra MTA (Postfix, amavisd, antispam, antivirus), Logger, Authentication (cyrus-sasl), and Directory (OpenLDAP). By default LDAP activity is logged to Zimbra.log.
- Probably has mta logging events [which also show in /var/log/zimbra.log] and also log events related to your OS
- Location: /var/log/messages
- Probably has mta logging events [which also show in /var/log/zimbra.log] and also log events related to your OS
/opt/zimbra/log/mysql_error.log - problems with MySQL
- If there is data corruption or another problem causing direct mysql errors, events will be logged here.
- /opt/zimbra/log/mysql_error.log
- If there is data corruption or another problem causing direct mysql errors, events will be logged here.
/opt/zimbra/log/myslow.log - slow db/MySQL queries
- If certain search requests are taking longer to complete than others, they will be logged here.
- /opt/zimbra/log/myslow.log
- If certain search requests are taking longer to complete than others, they will be logged here.
Other Logs
/opt/zimbra/log/audit.log - authentication events
- A log of all admin actions taken as well as logins to the server.
- /opt/zimbra/log/audit.log
- A log of all admin actions taken as well as logins to the server.
- Want to see all uses of the "View Mail" button from the admin console? Will have the IP address, User Agent of the browser, user that the admin is logged in as, and the account that they are viewing.
grep DelegateAuth /opt/zimbra/log/audit.log
/opt/zimbra/log/clamd.log - antivrius db
- Status and checks for clamav
- /opt/zimbra/log/clamd.log
- Status and checks for clamav
- If your clamav db is out of date, you'll see a log event here like this:
- LibClamAV Warning: **************************************************
- LibClamAV Warning: *** The virus database is older than 7 days! ***
- LibClamAV Warning: *** Please update it as soon as possible. ***
- LibClamAV Warning: **************************************************
/opt/zimbra/log/convertd.log - attachment conversion
- If your having problems with your attachments and the ability to view them in ZWC, check here for errors.
- /opt/zimbra/log/convertd.log
- If your having problems with your attachments and the ability to view them in ZWC, check here for errors.
/opt/zimbra/log/freshclam.log - clam antivirus updates
- Shows the actual attempt to update the clamav updates.
- /opt/zimbra/log/freshclam.log
- Shows the actual attempt to update the clamav updates.
/opt/zimbra/log/spamtrain.log - spam/ham training details
- Spam/Ham training details are logged here. Errors are also logged here related to this service.
- From a default single ZCS configurations crontab [zimbra]:
- # Spam training
- #:
- 0 :23 * * * /opt/zimbra/bin/zmtrainsa >> /opt/zimbra/log/spamtrain.log 2>&1
- #
- # Spam training cleanup
- #
- 45 23 * * * /opt/zimbra/bin/zmtrainsa --cleanup >> /opt/zimbra/log/spamtrain.log 2>&1
/opt/zimbra/log/sync.log - zimbra mobile and activesync
- Your mobile devices will basically log here.
- /opt/zimbra/log/sync.log
- Your mobile devices will basically log here.
/opt/zimbra/log/synctrace.log - zimbra mobile and activesync
- Still looking for description that describes difference with sync.log
- /opt/zimbra/log/synctrace.log
- Still looking for description that describes difference with sync.log
/opt/zimbra/log/syncstate.log - no description found
- No description found.
- /opt/zimbra/log/syncstate.log
- No description found.
/opt/zimbra/log/wbxml.log - no description found
- No description found.
- /opt/zimbra/log/wbxml.log
- No description found.
/opt/zimbra/log/zmlogswatch.out -
/opt/zimbra/log/zmmtaconfig.log -
/opt/zimbra/log/zmmyinit.log -
/opt/zimbra/log/zmsetup.`date`-'pid'.log -
/tmp/install.log -
After install, gets moved to : /opt/zimbra/.install/
/tmp/zmsetup.log -
After install, gets moved to : /opt/zimbra/log/zmsetup.log.[some numbers]
/opt/zimbra/httpd_access.log -
/opt/zimbra/httpd_error.log -
New Data Directory In ZCS6+
In ZCS 6+ , there's a directory to organize 'data' from our various components.
[root@mail3 data]# pwd /opt/zimbra/data [root@mail3 data]# ls -F altermime/ amavisd/ clamav/ dspam/ ldap/ postfix/ tmp/
This information could prove useful as well with trouble-shooting and debugging problems.
Increase Logging
Increase Logging Per User
Depending on the ZCS version the below will clear all the per account loggers on zimbra reboot. IMAP is used for these examples.
- addAccoutLogger
zmprov aal user@domain.com zimbra.imap debug
- removeAccountLogger
zmprov ral user@domain.com zimbra.imap
Example usuage:
zmprov aal user@domain.com zimbra.soap debug
And tail the log file, while attempting to login to the AJAX client.:
tail -f /opt/zimbra/log/mailbox.log
See Ajcody-Logging#Log4J_Variables for variables that can be used.
To See What Accounts Have Extended Logging Enabled
There's the gaal option for zmprov . It list the accounts on a per mailstore basis :
getAllAccountLoggers(gaal) [-s/--server hostname]
[zimbra@zcs806 ~]$ zmprov gaal `zmhostname` # name test01@zcs806.domain.com zimbra.imap=debug
Bugs And RFE's
I filed the following RFE:
- "Allow "secondary" logging file for zmprov addAccountLogger"
Increase Logging Per Server
If you want to do it globally edit this file:
vi /opt/zimbra/conf/log4j.properties
Add a line at the end that's similar to something like this: log4j.logger.zimbra.imap=DEBUG.
No restart of any service is needed, BUT if something happens that causes a regeneration of the log4j.properties file then your changes will be overwritten. A regeneration of this file takes the contents of /opt/zimbra/conf/log4.properties.in .
To permanently make a change, modify the /opt/zimbra/conf/log4.properties.in file, then a restart would be necessary.
$ zmcontrol stop $ zmcontrol start
or you could run this on the server:
$ zmmtaconfig mailboxd
Wait for a minute for the server to pick up your change.
See Ajcody-Logging#Log4J_Variables for variables that can be used.
Log4J Variables
An Official page has been made for this topic now per my RFE request, bug 41894
Please see:
OpenLDAP Logging Levels
Please see King0770-Notes-Change-LDAP-Log-Levels
Want To See What's In Redolog Files
If you suspect there's too much redolog activity during a time window or have another need to inspect the contents of the redolog, dump it and examine it:
$ zmjava com.zimbra.cs.redolog.util.RedoLogVerify /opt/zimbra/redolog/redo.log > out.file
Pick the right redolog file, either redo.log or one of the files under archive/, based on timestamp.
See Ajcody-Backup-Restore-Issues#Redolog_Files for more details.
Internal Zimbra Charting - zmstat-chart
RFE/Bugs You Might Be Interested In
- "support for real time counters (snmp, jmx, etc)"
- "zmstat - expand documentation"
- "zmstat-chart - graphing besides just one day"
- "zmstat - integrate webpage setup and allow configuration of chart run"
- "zmstat - should have some trending data on ALL client connections (web/soap)"
zmstat IS NOT Logger (graphs in admin console)
Please note, zmstat is different than the processes and graphs involved with Logger. Logger is behind the graphs that show up in the admin web console.
Please see Logger for details and trouble-shooting steps with Logger.
Rick has some other steps for King0770-Notes#Reinitialize_the_Logger_DB
Main References For zmstat-chart Command
Please see the following:
zmstat-chart CLI Administration Guide
zmstat-chart-config CLI Administration Guide
zmstatctl CLI Administration Guide
Monitoring Administration Guide
JFreeChart is the project/binary behind the charting tool. You'll find the jar files here [ZCS 5.0.9 example]:
- /opt/zimbra/lib/jars/jfreechart-1.0.1.jar
- /opt/zimbra/jetty-6.1.5/common/lib/jfreechart-1.0.1.jar
Issues Being Investigated With zmstat And Other "Charting" Items
I currently have an internal thread going with the dev's about some issues with zmstat and also with attempts of getting the active sessions data from the admin web console to be seen in trends.
I'll just be dumping my notes here and then cleaning them up once I'm done with the internal conversation.
- Question: (mailboxd: active connections by client protocol) What exactly is this tracking? I'm on a test box with no connections and it has the different threads in the 100's/1000's. Customer was hoping (as was I) that this would be giving data much like is shown in the admin console about user connections. Also, there doesn't seem to be a comparable "active connections" for the web client (soap)?
- Answer: For the connections issue, it's the number of clients that are currently connected. There's no analog for SOAP because SOAP doesn't have persistent connections. We may be able to log stats for number of SOAP sessions, but that would include noise for cases where the user closes the browser window and the session hasn't timed out yet. If you think this is useful, please file an RFE.
- Question: (graph time plot) If I run zmstat-chart with the --aggregate-start-at option with something like "08/07/2008 01:00:00" I notice that the graphs don't actually reference "days" at the bottom but still use what looks to be "hours". Is this a bug where the bottom reference of the graph doesn't get adjusted or is the syntax to run zmstat-chart to do this more tricky that I think.
- Answer: zmstat-chart doesn't support multi-day ranges, it really only supports a single directory with a single day of charts, the aggregate options are for specifying ranges at which to calculate the max(col)/min(col)/avg(col) values. Our usual practice is to generate one set of charts for each day we want to look at; I think it gives us a better look at when peaks occur and how they compare day-to-day (it's much easier to look at them in an overlay fashion).
- Answer: Seems like a reasonable request to be able to generate charts for multiple days. Please file an RFE if you think this would be useful.
- Question: How reliable are these numbers are in admin console....
- Answer: I imagine they should be quite reliable; but HTTP (Web) is stateless, so you can't really determine whether a session is really active or not. I believe multiple sessions appearing for a single user would be the result of reloading or closing and then reopening the browser to log in again.
- Perhaps it is best to ask the users in question what their usage is like? Is there any concern over the high number of sessions? I don't think it should affect server performance.
- Answer: I imagine they should be quite reliable; but HTTP (Web) is stateless, so you can't really determine whether a session is really active or not. I believe multiple sessions appearing for a single user would be the result of reloading or closing and then reopening the browser to log in again.
- Question: Could you please explain the following:
- Mailboxd Mailbox Add Rate (Delivery Rate)
- Answer: The rate at which messages are being added to the mailbox server, e.g. 1 message being delivered per second is... 1 m/s
- Mailboxd Mailbox Add Latency (Delivery Speed)
- Answer: How long it takes on average to add a message to a mailbox (averaged over the period of a minute)
- Mailboxd Active Connections by Client Protocol- This one does NOT give us counts for web client. Host zcs2.mail.XXXX.xxx: Mailboxd: Active Connections by Client Protocol avg(IMAP) = 169.86 avg(IMAP SSL) = 0.00 avg(POP) = 0.21 avg(POP SSL) = 0.00
- Answer: It doesn't give counts for web client because the web client does not have persistent connections (being HTTP-based). SOAP requests (used by the Web client) use transient connections that often close after they are used; i.e. if you took the number of "SOAP" connections and compared it to the number of "active" sessions, it'd likely be something like 0-1% of the latter figure.
- Mailboxd Mailbox Get Count
- Answer: The number of mailboxes that got opened in the last minute (I don't recall if this counting cache hits or not?)
- Mailboxd Mailbox Get Latency
- Answer: How long it takes to open a mailbox, on average (over a minute)
- Also, we don't get stats for any of the soap parameters:
- SOAP Invocation Count Summary (Top 10 max)
- SOAP Average Call Duration AuthRequest
- Answer: I don't know why this could be; perhaps zmstat-chart-config.xml needs to be regenerated, is /opt/zimbra/zmstat/soap.csv available and does it contain data?
- Mailboxd Mailbox Add Rate (Delivery Rate)
Running zmstat-chart
Confirm it's running:
zmprov gs [mailserver hostname] | grep -i stats zimbraServiceEnabled: stats zimbraServiceinstalled: stats
Default location of stat files is:
/opt/zimbra/zmstat/
Example command to run:
mkdir /tmp/stats zmstat-chart -s /opt/zimbra/zmstat -d /tmp/stats/
Like To Have zmstat-chart Data Integrated With Zimbra
I've made an RFE for this integration:
- "zmstat - integrate webpage setup and allow configuration of chart run"
With Zimbra Jetty
- Note:
- The default Jetty behavior will NOT display directory listing. You'll need a valid html type file in the directory target.
- I would recommend the apache solution over this one as you can avoid hitting performance issues this might cause.
Dump some graphing directories in there:
zmstat-chart -s /opt/zimbra/zmstat -d /opt/zimbra/jetty/webapps/zimbra/downloads/zmstat-chart/`date +%F-%H-%M`
You'll see there's the directory and when you go into it - there's your charts.
You can now place this command in your crontab to run on a schedule basis.
Things you'll want to check before deploying:
- Place charting directory in a location where space is available and will not create a risk to the mail services if it's full.
- Look at the zmstat-chart options to see what other parameters you want to use - especially if it's going in your crontab.
- Make sure your following and security guidelines for your environment.
You'll be able to view the data with the following url:
http://hostname/zimbra/downloads/zmstat-chart/
With Zimbra Apache Or Non-Zimbra Server With Apache
Before You Proceed
Things to check or confirm first before deploying:
- Place your directory root [/opt/zimbra/support in this example] in a location where space is available and will not create a risk to the mail services if it's full.
- If you'll be using NFS to have a centralized storage point:
- Your NFS mount point on the Zimbra servers would be /opt/zimbra/support in this example.
- You'll be exporting /opt/zimbra/support in this example from the NFS server.
- If this is a non-zimbra server, copy the zimbra entry from a zimbra server's /etc/passwd and /etc/group into the non-zimbra servers passwd and group file. This way, if NFS is also used the UID/GID matches.
- Apache Directory variable will be /opt/zimbra/support/data in this example.
- Apache .htpasswd location will be /opt/zimbra/support/.htpasswd in this example, putting it above of the apache Directory variable.
- Make sure your following the security guidelines for your environment.
- Look at the zmstat-chart options to see what other parameters you want to use - especially if it's going in your crontab.
Directory Layout
As root:
mdir -p /opt/zimbra/support/data cd /opt/zimbra/support/data for i in `/opt/zimbra/bin/zmprov gas` do mkdir $i done
If your not on a ZCS server, you'll be manually creating directories named after the output of zmhostname from each of your ZCS servers.
Now, create subdirectory paths under each zmhsotname directory.
cd /opt/zimbra/support/data/ for i in `ls` do mkdir $i/debug $i/logs $i/zmstat $i/tops done
Set permissions on the directories we made:
chown -R zimbra:zimbra /opt/zimbra/support chmod -R 755 /opt/zimbra/support
With this structure and with NFS setup, you'll have a common repository that will have a standard path to use on a per server basis. Example :
script-command -PathOption /opt/zimbra/support/data/`zmhostname`/TYPE_OF_DATA/`date +%F-%H-%M`
Apache Configuration
Let's configure apache to show this directory.
- For ZCS Apache Setup:
vi /opt/zimbra/conf/httpd.conf ** Towards the end, add the following** # Include zmstat-chart directory Include /opt/zimbra/httpd/conf/extra/zimbra-support.conf
- Non-ZCS Server With Apache. Check that there's an existing Include directive that will see our zimbra-support.conf:
vi /etc/httpd/conf/httpd.conf ** Look for something that will allow the following** ** /etc/httpd/conf.d/zimbra-support.conf to be used** ** Your distro might differ on apache paths as well** ** as Include statement for other conf files** Include conf.d/*.conf
Let's now make the apache conf file for zimbra-support.conf
- For ZCS Apache Setup:
vi /opt/zimbra/httpd/conf/extra/zimbra-support.conf Alias /support "/opt/zimbra/support/data" <Directory "/opt/zimbra/support/data"> AuthName "Secure Area For Zimbra Support" AuthType Basic AuthUserFile /opt/zimbra/support/.htpasswd require valid-user Options Indexes IndexOptions FancyIndexing VersionSort AllowOverride None Order allow,deny Allow from all </Directory>
- Non-ZCS Server With Apache:
vi /etc/httpd/conf.d/zimbra-support.conf Alias /support "/opt/zimbra/support/data" <Directory "/opt/zimbra/support/data"> AuthName "Secure Area For Zimbra Support" AuthType Basic AuthUserFile /opt/zimbra/support/.htpasswd require valid-user Options Indexes IndexOptions FancyIndexing VersionSort AllowOverride None Order allow,deny Allow from all </Directory>
Make sure permissions are set correctly on zimbra-support.conf so apache will use it.
Now let's setup a username and password to use with the .htpasswd file.
cd /opt/zimbra/support/ htpasswd -c .htpasswd zimbrasupport chmod 644 .htpasswd
Restart apache so the changes take effect:
- For ZCS Apache Setup:
zmapachectl stop zmapachectl start
- Non-ZCS Server With Apache:
httpd restart
Now, let's dump some graphing directories in there:
zmstat-chart -s /opt/zimbra/zmstat -d /opt/zimbra/support/data/`zmhostname`/zmstat/`date +%F-%H-%M`
To now view the charts. Adjust, SERVERHOSTNAME, for your servername.
- For ZCS Apache Setup:
http://servername:7780/support/data/SERVERHOSTNAME/zmstat
- Non-ZCS Server With Apache:
http://servername/support/data/SERVERHOSTNAME/zmstat
You'll see there's the directory and when you go into it - there's your charts.
You can now place this command in your crontab to run on a schedule basis.
Tweaking zmstat-chart
zmstat-chart also has the option to use a configuration file. The default configuration file is:
/opt/zimbra/conf/zmstat-chart.xml
Copy this to another location and edit away. Then add the -c /location/to/config/file to use your new configuration.
Default Items Charted
Here's a list of the default items that will be charted with zmstat-chart:
- Postfix Queue Size
- convertd CPU time used
- convertd Resident Memory
- convertd Processes and Threads
- Total CPU
- Process CPU
- Process Total Memory
- Process Resident Memory
- Virtual Memory
- Context Switches
- Run/Blocked Process Queue Size
- Disk Partition Throughput
- Disk Utilization
- Disk Throughput
- Disk IOPs
- Swap Activity
- Total file descriptors open
- SOAP Invocation Count Summary (Top 10 max)
- SOAP Average Call Duration Summary (Top 10 avg)
- SOAP Invocation Count GetServerRequest
- SOAP Invocation Count BackupRequest
- SOAP Invocation Count GetAllConfigRequest
- SOAP Invocation Count GetDomainRequest
- SOAP Invocation Count GetAllDomainsRequest
- SOAP Invocation Count AuthRequest
- SOAP Average Call Duration GetServerRequest
- SOAP Average Call Duration BackupRequest
- SOAP Average Call Duration GetAllConfigRequest
- SOAP Average Call Duration GetDomainRequest
- SOAP Average Call Duration GetAllDomainsRequest
- SOAP Average Call Duration AuthRequest
- MySQL Database Connections
- MySQL InnoDB Buffer Pool Pages
- MySQL InnoDB Buffer Pool Hit Rate
- MySQL Tables Open/Opened
- MySQL Total Slow Queries Count
- Mailboxd Connection Pool Get Latency
- Mailboxd Dirty Lucene Index Writers
- Mailboxd Lucene IndexWriterCache Hitrate
- Mailboxd Lucene IO
- Mailboxd LMTP Delivery Throughput
- Mailboxd LMTP Delivery Rate
- Mailboxd Mailbox Add Rate (Delivery Rate)
- Mailboxd Mailbox Add Latency (Delivery Speed)
- Mailboxd Request Rate by Client Protocol
- Mailboxd Response Time by Client Protocol
- Mailboxd Active Connections by Client Protocol
- Mailboxd Mailbox Get Count
- Mailboxd Mailbox Get Latency
- Mailboxd Mailbox Cache Hit Rate
- Mailboxd Mailbox Item/Blob Cache Hit Rate
- Mailboxd Garbage Collection Time
- Mailboxd Garbage Collection Count
- Mailboxd JVM Heap Used
- Mailboxd JVM Heap Free
- Mailboxd JVM Permanent Generation and Code Cache
Moved to Getting_All_Users_Quota_Data
Moved to Getting_All_Users_Quota_Data
Third Party Tools (Monitoring & Logging)
FYI - Support For Real Time Counters (snmp,etc.)
This is for those that need to go beyond what zmstat-chart is doing or need to intergrate within a third party monitoring systems.
Please see RFE:
- "Support for real time counters (snmp, jmx, etc)"
Currently, this RFE has only resolved support for JMX, not SNMP. Customers who need SNMP can use a product like jManage to do the translation from JMX to SNMP.
SNMP And Zimbra
SNMP Related Bugs And RFEs
Please read the following below as they'll have little bits of information that you might need for your customizations / external setup for snmp use against Zimbra. :
- "support for real time counters (snmp, jmx, etc)"
- "zimbra snmp is broken"
- "snmp disk checks report incorrect usage."
- "replace zmdisklog / zimbra-snmp integration"
SNMP Setup On Zimbra To Notify A Remote Host
Our SNMP support is pretty basic; currently, we only send traps when a service (mta, mailbox, ldap) changes state (stop/start).
First, you'll need net-snmp package install on the zimbra host for the notifications to be sent to a remote host.
- When you install the net-snmp package, it creates /etc/snmp/snmpd.conf. This file needs to be edited with the correct community string to allow for snmp mibs to be read from remote machines The default value is "public" with the net-snmp package.
- /opt/zimbra/conf/swatchrc.in is set to use [ perlcode 0 my $snmpargs="-v 2c -c zimbra localhost "; ] for the community string. Adjust this if needed for your corporate snmp environment.
- Your security policy for your company might require you to review the other options there as well - i.e. limit to read-only.
- Also, if there is a firewall between the zimbra server and the snmp server host you'll need to open up port 161/UDP.
- When you install the net-snmp package, it creates /etc/snmp/snmpd.conf. This file needs to be edited with the correct community string to allow for snmp mibs to be read from remote machines The default value is "public" with the net-snmp package.
Then your zimbra host with the zimbra snmp service installed, do the following for a basic default setup:
zmlocalconfig -e snmp_notify=1 zmlocalconfig -e snmp_trap_host=your.host.name
/opt/zimbra/libexec/zmsnmpinit
zmswatchctl stop zmswatchctl start
We watch for something matching /err: Service status change/ and send the trap with:
/opt/zimbra/snmp/bin/snmptrap
See other topics below for customizations that might be needed for your snmp environment.
Other reference for Zimbra and SNMP:
Files To Review For SNMP
Look at the contents of the following files:
- /opt/zimbra/libexec/zmsnmpinit
- /opt/zimbra/conf/swatchrc.in
- zmsnmpinit reads swatchrc.in and writes out the file swatchrc for the running configuration
- /opt/zimbra/conf/swatchrc
- /opt/zimbra/snmp/share/snmp/snmpd.conf.in which is the SOURCE file to
- /opt/zimbra/conf/snmpd.conf [see /opt/zimbra/libexec/zmsnmpinit ]
- The two above are used by zmsnmpinit to generate the /opt/zimbra/conf/swatchrc
- /opt/zimbra/conf/snmpd.conf [see /opt/zimbra/libexec/zmsnmpinit ]
- /opt/zimbra/conf/swatchrc.in
- /opt/zimbra/net-snmp/share/snmp/mibs/zimbra.mib
- /opt/zimbra/net-snmp/share/snmp/mibs/zimbra_traps.mib
- /opt/zimbra/log/zmswatch.out
- Monitor this to see the services when they go up and down successfully send out the email notification for your snmp configuration
Zimbra MIBS
You'll find zimbra.mib and zimbra_traps.mib in the following directory. This listing is mine under 5.0.19 :
[root@mail3 ~]# cd /opt/zimbra/net-snmp/share/snmp/mibs/ [root@mail3 mibs]# ls AGENTX-MIB.txt IPV6-TC.txt SNMP-USER-BASED-SM-MIB.txt DISMAN-EVENT-MIB.txt IPV6-UDP-MIB.txt SNMP-USM-AES-MIB.txt DISMAN-SCHEDULE-MIB.txt NET-SNMP-AGENT-MIB.txt SNMP-USM-DH-OBJECTS-MIB.txt DISMAN-SCRIPT-MIB.txt NET-SNMP-EXAMPLES-MIB.txt SNMPv2-CONF.txt EtherLike-MIB.txt NET-SNMP-EXTEND-MIB.txt SNMPv2-MIB.txt HCNUM-TC.txt NET-SNMP-MIB.txt SNMPv2-SMI.txt HOST-RESOURCES-MIB.txt NET-SNMP-TC.txt SNMPv2-TC.txt HOST-RESOURCES-TYPES.txt NET-SNMP-VACM-MIB.txt SNMPv2-TM.txt IANA-ADDRESS-FAMILY-NUMBERS-MIB.txt NOTIFICATION-LOG-MIB.txt SNMP-VIEW-BASED-ACM-MIB.txt IANAifType-MIB.txt RFC1155-SMI.txt TCP-MIB.txt IANA-LANGUAGE-MIB.txt RFC1213-MIB.txt TRANSPORT-ADDRESS-MIB.txt IANA-RTPROTO-MIB.txt RFC-1215.txt UCD-DEMO-MIB.txt IF-INVERTED-STACK-MIB.txt RMON-MIB.txt UCD-DISKIO-MIB.txt IF-MIB.txt SMUX-MIB.txt UCD-DLMOD-MIB.txt INET-ADDRESS-MIB.txt SNMP-COMMUNITY-MIB.txt UCD-IPFWACC-MIB.txt IP-FORWARD-MIB.txt SNMP-FRAMEWORK-MIB.txt UCD-SNMP-MIB.txt IP-MIB.txt SNMP-MPD-MIB.txt UDP-MIB.txt IPV6-ICMP-MIB.txt SNMP-NOTIFICATION-MIB.txt zimbra.mib IPV6-MIB.txt SNMP-PROXY-MIB.txt zimbra_traps.mib IPV6-TCP-MIB.txt SNMP-TARGET-MIB.txt
What Is Looked For
Take a look at your /opt/zimbra/conf/swatchrc - this is mine under 5.0.19
perlcode 0 my %notifications=(); perlcode 0 $notifications{smtp}="yes"; perlcode 0 $notifications{snmp}="yes"; perlcode 0 my $fr='admin@mail3.zimbra.REMOVED.com'; perlcode 0 my $pwc='admin@mail3.zimbra.REMOVED.com'; perlcode 0 my $snmpargs="-v 2c -c zimbra localhost ''"; perlcode 0 my $snmptrap="/opt/zimbra/snmp/bin/snmptrap $snmpargs"; perlcode 0 my $snmpsvctrap="ZIMBRA-TRAP-MIB::zmServiceStatusTrap"; perlcode 0 my $snmpsvcname="ZIMBRA-MIB::zmServiceName"; perlcode 0 my $snmpsvcstatus="ZIMBRA-MIB::zmServiceStatus"; perlcode 0 my %statuses=('started'=>1,'stopped'=>0); perlcode 0 my $hostname="mail3.zimbra.homeunix.com"; perlcode 0 sub donotify { my %args = (@_); if ($args{HOST} eq "localhost") {$args{HOST}=$hostname;}; if ($notifications{smtp}) { dosmtp(%args) if $args{SERVICE}; dodisksmtp(%args) if $args{DISK};}; if ($notifications{snmp}) {dosnmp(%args);}; } perlcode 0 sub dosmtp { my %args = (@_); print "SMTP notification: $args{MESSAGE}\n"; open (FOO, "|/opt/zimbra/postfix/sbin/sendmail -Am -t"); print FOO "To: $pwc\nFrom: $fr\nSubject: Service $args{SERVICE} $args{STATUS} on $args{HOST}\n\n$args{MESSAGE}\n"; close FOO; } perlcode 0 sub dodisksmtp { my %args = (@_); print "SMTP notification: $args{MESSAGE}\n"; open (FOO, "|/opt/zimbra/postfix/sbin/sendmail -Am -t"); print FOO "To: $pwc\nFrom: $fr\nSubject: Disk $args{DISK} at $args{UTIL}\% on $args{HOST}\n\n$args{MESSAGE}\n"; close FOO; } perlcode 0 sub dosnmp { my %args = (@_); print "SNMP notification: $args{MESSAGE}\n"; `$snmptrap $snmpsvctrap $snmpsvcname s $args{SERVICE} $snmpsvcstatus i $statuses{$args{STATUS}}`; } ignore /DEBUG/ watchfor /err: Service status change: (\S+) (.*) changed from stopped to running/ donotify SERVICE=$2,STATUS=started,HOST=$1 watchfor /err: Service status change: (\S+) (.*) changed from running to stopped/ donotify SERVICE=$2,STATUS=stopped,HOST=$1 watchfor /err: Disk warning: (\S+) (\S+) at (\d+)/ donotify DISK=$2,UTIL=$3,HOST=$1 watchfor /crit: Disk warning: (\S+) (\S+) at (\d+)/ donotify DISK=$2,UTIL=$3,HOST=$1
Enhanced MIB Files For HP OpenView
I've created an RFE for this:
- "enchanced MIB and OID information to work with HP Openview"
Zimbra does not provide "enhanced" mib files" at this time. Thresholds can be set by the customer within their individual monitoring system. Zimbra is alerting on is service up or service down, see the other information above in Ajcody-Logging#SNMP_And_Zimbra .
Some Choices
Charting & Graphing The Data
Montoring Software
- Nagios
- Centreon - based upon Nagios
- Splunk
- You could also look at using Splunk and Nagios together.
- BigSister - take off of BigBrother
- Zenoss
- Cacti
- OpenNMS
- Munin
Nagios On Zimbra
This is a really rough draft for ideas I have in background. Shouldn't be used by anyone.
Configure Nagios to run on single server Zimbra box - Centos 5.x
Configure yum with repo and install nagios
vi /etc/yum.repos.d/Dag.repo yum update yum install nagios nagios-plugins nagios-devel nagios-plugins-nrpe
Move nagios.conf http file into main zimbra directory.
cp /etc/httpd/conf.d/nagios.conf /opt/zimbra/httpd/conf/extra/
Setup nagios to run as zimbra
vi /etc/nagios/nagios.cfg **Change nagios user to zimbra** nagios_user=zimbra nagios_group=zimbra
Change ownership of directories from nagios to zimbra.
chown -R 500:500 /var/log/nagios/ chown -R 500:500 /etc/nagios/ chown -R 500:500 /usr/share/nagios/
Configure authentication within Nagios
vi /etc/nagios/nagios.cfg # AUTHENTICATION USAGE use_authentication=1 # SYSTEM/PROCESS INFORMATION ACCESS authorized_for_system_information=nagiosadmin # CONFIGURATION INFORMATION ACCESS authorized_for_configuration_information=nagiosadmin # SYSTEM/PROCESS COMMAND ACCESS authorized_for_system_commands=nagiosadmin # GLOBAL HOST/SERVICE VIEW ACCESS authorized_for_all_services=nagiosadmin authorized_for_all_hosts=nagiosadmin # GLOBAL HOST/SERVICE COMMAND ACCESS authorized_for_all_service_commands=nagiosadmin authorized_for_all_host_commands=nagiosadmin
Set up httpasswd's for the accounts for Nagios
htpasswd -c /etc/nagios/htpasswd.users nagiosadmin htpasswd /etc/nagios/htpasswd.users guest
Configure Zimbra's http/apache to use nagios http config file
vi /opt/zimbra/conf/httpd.conf **Add the following towards bottom** # Include Nagios Include /opt/zimbra/httpd/conf/extra/nagios.conf
Starting nagios is done as root
/etc/init.d/nagios start
Restarting apache for nagios issues would be done with (as zimbra)
zmapachectl stop zmapachectl start
The webpage address to view Nagios will be like this:
http://IP_OF_SERVER:7780/nagios/
Use the rest of this how-to to configure it now: http://wiki.centos.org/HowTos/Nagios
MRTG - SNMP On Zimbra
This is a really rough draft for ideas I have in background. Shouldn't be used by anyone.
Configure yum with repo and install mrtg, net-snmp, net-snmp-utils
vi /etc/yum.repos.d/Dag.repo yum update yum instal mrtg net-snmp net-snmp-utils
Follow some how-to on setting up the basics.
Create a http config:
vi /opt/zimbra/httpd/conf/extra/mrtg.conf Alias /mrtg "/opt/zimbra/mrtg" <Directory "/opt/zimbra/mrtg"> # SSLRequireSSL Options None AllowOverride None Order allow,deny Allow from all # Order deny,allow # Deny from all # Allow from 127.0.0.1 </Directory>
Add mrtg to http configuration within zimbra:
vi /opt/zimbra/conf/httpd.conf # Include Mrtg Include /opt/zimbra/httpd/conf/extra/mrtg.conf
Restart apache:
zmapachectl stop zmapachectl start
Create directory to hold mrtg data:
mkdir /opt/zimbra/mrtg
Address will be something like:
http://IP_OF_SERVER:7780/mrtg/index.html
Mailq Pointing To Right Binary
# ls -la /usr/bin/mailq lrwxrwxrwx 1 root root 27 Sep 3 17:00 /usr/bin/mailq -> /etc/alternatives/mta-mailq # ls -la /etc/alternatives/mta-mailq lrwxrwxrwx 1 root root 23 Apr 1 10:17 /etc/alternatives/mta-mailq -> /usr/bin/mailq.sendmail # rm /usr/bin/mailq # ln -s /opt/zimbra/postfix/sbin/mailq /usr/bin/mailq # mailq Mail queue is empty
Web Client Logging
Active Sessions
Please see Zmsoap#Active_Server_Sessions_With_DumpSessionsRequest
Debug (SOAP) via Browser
See http://wiki.zimbra.com/index.php?title=Web_Client_URL_Tricks&redirect=no
Admins To View Client Issues
Within the admin console, you can view users mail.
- Goto accounts and highlight the user having the problem.
- Click on the View Mail button above that frame.
- Then goto the url field of that new window and modify it to look like this [replace mailserver with yours]:
- Hit your return key to cause the browser to reload.
- If you get warning about pop-up, accept it.
- If the debug window doesn't show, just mouse in the url field and hit the return key again. It should now pop up.
User Management Topics
Actual User Management Topics Homepage
Please see Ajcody-User-Management-Topics
Resetting A User's Account From CLI
Resetting A Password
Standard Method
SetPassword [sp] from zmprov:
zmprov sp joe@domain.com test321
Resetting Users Auth Session - Force Disconnect
Please See First - In Case Of Compromised Accounts / Spammers
Note - Restarting the mta services will be important once you reset the password/s or lock the account. It's required to ensure the active connections will be closed and any existing auth tokens no longer are valid. See:
- Force currently active SMTP authenticated sessions to be renegotiated when locking an account
Changing the Users Password To Expire Session
See Resetting A Password Via CLI or change it via the admin console.
- "Auth token should be invalidated if a user resets their password"
Invalidate sessions by removing zimbraAuthTokens
Changing zimbraAuthTokenValidityValue from the command line in Zimbra is not a reliable way to end sessions, if you use SSDB you can use flushdb as described in https://wiki.zimbra.com/wiki/Ssdb#Invalidate_all_user_sessions
To clear or reset all auth token values we need to enter token data in a particular format like "1689192272|1548369012160|8.8.15_GA_3890".
These are the steps to clear the auth tokens from an account. 1). First check few stored token for the account.
zmprov ga USERNAME@DOMAIN.COM zimbraAuthTokens | head
2). Now pick anyone token value and set it with below command, with this step only one token will be set and others will be removed.
zmprov -l ma USERNAME@DOMAIN.COM zimbraAuthTokens '1689192272|1548369012160|8.8.15_GA_3890'
3). Flush the account cache at the end.
zmprov fc account USERNAME@DOMAIN.COM
All sessions of USERNAME@DOMAIN.COM are now ended.
6.0.5+ You Have Admin Console Option
In the admin console, under the Manage Accounts window you can right click on the user name and choose "Expire Sessions".
- "Manually Invalidate Auth Token(s)"
User , Mailbox ID's, And Who Is What
ZimbraID [UserID] is system wide.
MailboxID is per server store.
To get the ZimbraID:
$ zmprov ga user@domain.com | grep -i zimbraid zimbraId: aeca260b-6faf-4cfe-b407-7673748aabf4 zimbraIdentityMaxNumEntries: 20
To get the MailboxID, get on the appropriate mailserver and:
zmprov gmi user@domain.com mailboxId: 3 quotaUsed: 251512
or globally:
/opt/zimbra/bin/mysql -e "use zimbra; select id from mailbox where account_id = 'UserID HERE including the leading 0'"
Other details can be found here:
http://wiki.zimbra.com/index.php?title=Account_mailbox_database_structure
Account & Domain Summary
Run zmaccts
Here's what it would return:
su - zimbra [zimbra@mail3 ~]$ zmaccts account status created last logon ------------------------------------ ----------- --------------- --------------- admin@mail3.internal.domain.com active 05/06/08 18:46 07/08/08 09:56 ajcody@mail3.internal.domain.com active 05/06/08 20:43 06/23/08 15:48 ajcody2@mail3.internal.domain.com active 05/28/08 11:48 06/30/08 17:44 forward@mail3.internal.domain.com active 05/06/08 21:06 05/29/08 17:24 ham.bidiob2mm@mail3.internal.domain.com active 05/06/08 18:47 never spam.rormmtcyy@mail3.internal.domain.com active 05/06/08 18:47 never wiki@mail3.internal.domain.com active 05/06/08 18:46 never account status created last logon ------------------------------------ ----------- --------------- --------------- secondary@secondary.internal.domain.com active 06/23/08 15:26 06/23/08 15:27 wiki@secondary.internal.domain.com active 06/23/08 15:25 never - domain summary - domain active closed locked maintenance total ----------------------- -------- -------- -------- ------------- -------- mail3.internal.domain 7 0 0 0 7 secondary.internal.domain 2 0 0 0 2
Last Logon comes from the variable zimbraLastLogonTimestamp . This is used to update the "Last Login Time" column in the admin web console as well. It also shows up with [ zmprov ga user@domain ]. Login's based upon session type would only be found in either audit.log or the mailbox.log files. It should have a reference to the user id and the session type for the login [ pop, imap, etc. ].
RFE To Expand zmaccts Output And Options
Please see the following RFE I made:
- "zmaccts to include more options"
Zmmailbox Stuff
RFE's And Bugs To Review
Please see these RFE's first:
- "Admin (zimbra) account to be able to setup resources for accounts (auto-acceptance)"
- http://bugzilla.zimbra.com/show_bug.cgi?id=25740
- Was marked a dup of the work being done for bug7473
- "Share management and discovery"
- "New share property that grants the user the ability to work on email but unable to delete or empty folders"
- http://bugzilla.zimbra.com/show_bug.cgi?id=31466
- In comment 4, I made an extensive suggestion on expanding the permission variables one could use.
- http://bugzilla.zimbra.com/show_bug.cgi?id=31466
Some other's to look at:
- "Expand permission share model"
- "Allow/disallow sharing to all authenticated users via user interface"
- "Calendar Share permission refinement - ability to accept/decline but NOT edit/remove"
- "Revoked view permissions not removed until after logout"
- "RFE - Ability for anyone (not just people with a share) to view some meeting details of resources"
- "After revoking calendar permissions, the web UI still shows the share still exists."
- "Cannot remove sharing permissions for mail folders"
- "Allow non-user "public" folders"
- "share ownership to disti-group -- not just end-user -- delegation (folder, calendar, doc/wiki, task, project)"
- "Global Admin control for Zimbra shared resources (and subscription) -- folders, calendar, address book, task, project, documents"
- "share roles - custom (editor / author) levels"
- "Notification of shared resources for distribution list members"
To See All Folders For A User
Do the following for the user:
[zimbra@mail3 ~]$ zmmailbox -z -m ajcody@DOMAIN gaf Id View Unread Msg Count Path ---------- ---- ---------- ---------- ---------- 1 conv 0 0 / 16 docu 0 2 /Briefcase 10 appo 0 1 /Calendar 14 mess 0 0 /Chats 7 cont 0 0 /Contacts 6 mess 0 0 /Drafts 13 cont 0 9 /Emailed Contacts 2 mess 0 11 /Inbox 4 mess 0 0 /Junk 344 mess 0 0 /Junk E-mail 12 wiki 0 0 /Notebook 302 appo 0 0 /Restored 5 mess 0 15 /Sent 420 mess 0 0 /Share 421 mess 0 0 /Share/Share1 422 mess 0 0 /Share/Share1/Share1-1 423 mess 0 0 /Share/Share2 424 mess 0 0 /Share/Share2/Share2-1 15 task 0 2 /Tasks 3 conv 0 0 /Trash
Do the following for the user [ I'm cutting some of the output to keep it short ]:
[zimbra@mail3 ~]$ zmmailbox -z -m ajcody@DOMAIN gaf -v { "id": "1", "name": "USER_ROOT", "path": "/", "parentId": "11", "flags": null, "color": "defaultColor", "unreadCount": 0, "messageCount": 0, "view": "conversation", "url": null, "effectivePermissions": null, "children": [ { #### CUT HERE #### { "id": "5", "name": "Sent", "path": "/Sent", "parentId": "1", "flags": null, "color": "defaultColor", "unreadCount": 0, "messageCount": 15, "view": "message", "url": null, "effectivePermissions": null }, { "id": "420", "name": "Share", "path": "/Share", "parentId": "1", "flags": "i", "color": "defaultColor", "unreadCount": 0, "messageCount": 0, "view": "message", "url": null, "effectivePermissions": null, "grants": [ { "type": "usr", "name": "ajcody2@mail3.internal.domain.com", "id": "88fd808e-a526-419d-9eda-ad50100d23b6", "permissions": "rwidx", "args": null }, { "type": "all", "name": null, "id": null, "permissions": "rwx", "args": null } ], "children": [ { "id": "421", "name": "Share1", "path": "/Share/Share1", "parentId": "420", "flags": "i", "color": "defaultColor", "unreadCount": 0, "messageCount": 0, "view": "message", "url": null, "effectivePermissions": null, "grants": [ { "type": "usr", "name": "ajcody2@mail3.internal.domain.com", "id": "88fd808e-a526-419d-9eda-ad50100d23b6", "permissions": "rwidx", "args": null }, { "type": "usr", "name": "admin@mail3.internal.domain.com", "id": "5ab13330-2e9b-4a45-9b30-de2c70858265", "permissions": "rwidx", "args": null } ], "children": [ { "id": "422", "name": "Share1-1", "path": "/Share/Share1/Share1-1", "parentId": "421", "flags": null, "color": "defaultColor", "unreadCount": 0, "messageCount": 0, "view": "message", "url": null, "effectivePermissions": null } ] }, { "id": "423", "name": "Share2", "path": "/Share/Share2", "parentId": "420", "flags": null, "color": "defaultColor", "unreadCount": 0, "messageCount": 0, "view": "message", "url": null, "effectivePermissions": null, "children": [ { "id": "424", "name": "Share2-1", "path": "/Share/Share2/Share2-1", "parentId": "423", "flags": null, "color": "defaultColor", "unreadCount": 0, "messageCount": 0, "view": "message", "url": null, "effectivePermissions": null } ### CUT HERE ### ] }
RFE I filed for zmmailbox to have options for this and "recursive".
- "zmmailbox folder should have option to remove ALL shares & recursive option"
Here's a script I wrote. Remove the echo statements to actually run the commands.
#!/bin/bash USER="ajcody@mail3.internal.domain.com" SHARE="/Shared" GETPERM="zmmailbox -z -m $USER gfg $SHARE" MODPERM="zmmailbox -z -m $USER mfg $SHARE" DUMBPASS="34lkoso" NEWPERM=none $GETPERM | egrep -i 'all|guest|public|accoun|domain|group' | gawk '{print $2 " " $3}' | while read SHAREPERM do TYPE=`echo $SHAREPERM|awk '{print $1}'` DISPLAY=`echo $SHAREPERM|awk '{print $2}'` case $TYPE in accoun) echo $MODPERM account $DISPLAY $NEWPERM ;; guest) echo $MODPERM $TYPE $DISPLAY $DUMBPASS $NEWPERM ;; all) echo $MODPERM $TYPE $NEWPERM ;; *) echo $MODPERM $SHAREPERM $NEWPERM ;; esac done
Ouput of an example:
[zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.domain.com gfg /Shared Permissions Type Display ----------- ------ ------- r all r guest ajcody@domain.com r accoun admin@mail3.internal.domain.com r group mydl@mail3.internal.domain.com r domain mail3.internal.domain.com [zimbra@mail3 ~]$ /tmp/remove-share.sh zmmailbox -z -m ajcody@mail3.internal.domain.com mfg /Shared all none zmmailbox -z -m ajcody@mail3.internal.domain.com mfg /Shared guest ajcody@domain.com none zmmailbox -z -m ajcody@mail3.internal.domain.com mfg /Shared account admin@mail3.internal.domain.com none zmmailbox -z -m ajcody@mail3.internal.domain.com mfg /Shared group mydl@mail3.internal.domain.com none zmmailbox -z -m ajcody@mail3.internal.domain.com mfg /Shared domain mail3.internal.domain.com none
I then removed the echo statements:
[zimbra@mail3 ~]$ vi /tmp/remove-share.sh [zimbra@mail3 ~]$ /tmp/remove-share.sh [zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.domain.com gfg /Shared Permissions Type Display ----------- ------ ------- [zimbra@mail3 ~]$
Please TEST this on a test box or a test account before running against a production situation. ZCS version change and commands might act different. Also note, this is a user contributed script and not one from Zimbra developers or the support staff. Also - the wiki formatting might throw of the script and could require you to fix before it runs correctly.
Script is called - zmshares - and should be named such.
#!/usr/bin/env perl # # # This program was written by Pablo Garaitonandia on Nov. 26 2012. # This program is for viewing and deleting all the shares that a user # may have in the event that removing the many shares a user has is # time consuming. # This was written on a system running Zimbra 7.2.0, RHEL 5.8, with perl v5.8.8 use strict; use warnings; use Getopt::Long; my $id=getpwuid($<); my $help=0; my $user_id=0; my $option=0; my @shares; sub view_share; sub del_share; chomp $id; if ($id ne "zimbra") { print STDERR "Error: must be run as zimbra user\n"; exit (1); } GetOptions( 'h|help' => \$help, 'u|uid=s' => \$user_id, 'o|option=s'=> \$option, ) or die "Incorrect usage!\n"; # Check for usage, definition, and correct argument types if ((defined ($user_id) && ($user_id =~ /([a-z0-9]+@[a-z.]+\.[a-z.]+)/gi)) && (defined ($option) && (($option eq "delete") || ($option eq "view")))) { print "\n$option: shares for $user_id \n\n"; } elsif ($help) { usage(); } else { usage(1); } if ($option eq "view"){ view_share();} if ($option eq "delete"){ del_share();} sub view_share { open(VIEW, "/opt/zimbra/bin/zmprov getShareInfo $user_id |"); print <VIEW>; } sub del_share { open(SHARES, "zmprov getShareInfo $user_id |awk '{print substr(\$0,70,6) ,substr(\$0,131,36), substr(\$0,168,15)}' | awk 'NR>2' |"); @shares = <SHARES>; if (!(@shares)){ print "EXITING: User has no shares to delete. \n\n"; exit (1); } foreach my $share (@shares){ my @line = split(/\s+/, $share); if (defined ($line[2])){ print "zmmailbox -z -m $user_id mfg $line[0] account $line[1] none\n"; system("/opt/zimbra/bin/zmmailbox -z -m $user_id mfg $line[0] account $line[1] none") == 0 or die "Command Failed"; } else { print "zmmailbox -z -m $user_id mfg $line[0] account \"\" none\n"; system("zmmailbox -z -m $user_id mfg $line[0] account \"\" none") == 0 or die "Command Failed"; } } } sub usage { my ($msg) = (@_); $msg && print STDERR "\nINCORRECT USAGE: $msg\n"; print STDERR <<USAGE; zmshares -u username\@domain -o (delete|view) Where: -u: (user\@domain) The full user id with domain for user. -o: (delete|view) Delete or view ALL shares for the user USAGE exit (1); } __END__
- I've yet to test these against all items (resources) listed in bug 25740 and work as expected.
To see current perms
zmmailbox -z -m faxfinder@example.com gfg /Inbox
To modify perms:
- r = read
- w = write
- i = insert
- d = delete
- x = accept/decline invites
- a = administer
zmmailbox -z -m faxfinder@example.com mfg /Inbox account user@example.com rwidx
To confirm perms are set:
zmmailbox -z -m faxfinder@example.com gfg /Inbox
To mount "folder" into a user account that was given permission:
zmmailbox -z -m user@example.com cm --view message "/Incoming_Faxes" faxfinder@example.com /Inbox
To confirm folder is mounted:
zmmailbox -z -m user@example.com gaf
Additions notes/options see:
zmmailbox help folder
For mfg it shows it can take the below as a target:
- account {name}
- group {name} *This could be a DL?*
- domain {name}
- all
- public
- guest
Scripting note to do this with multiple users:
- zmmailbox cm could use the zmprov gaa to provide a list of all accounts, this would include system & archive (if exist) accounts though.
How To Turn Off Sharing
You can enable / disable sharing from admin console:
- Admin console --> class of service --> select the CoS (eg default) --> features --> general features --> check/uncheck 'Sharing' option
Alternatively, this can be achieved by having the following CoS attribute either 'TRUE' or 'FALSE', from command line: zimbraFeatureSharingEnabled
Searches With zmmailbox
Special Note If Your Search String Needs Spaces
Here is an example using the correct format to include required spaces to have your search do what you want. For instance, many shared folders will end up using, by default, spaces in the folder name.
$ zmmailbox -z -m ajcody@`zmhostname` gaf | grep appo 10 appo 0 0 /Calendar 263 appo 0 2 /Large Share's Calendar (large-share@mail71.DOMAIN.com:10) $ zmmailbox -z -m ajcody@`zmhostname` s -t appo in:"\"Large Share's Calendar"\" num: 2, more: false Id Type From Subject Date ---------------------------------------- ---- ---------- --------------------- ------ 1. 799efb72-2e6b-400a-8881-c5f9d7c282b1:265 appo <na> Test On Thu 10/28/10 00:02 2. 799efb72-2e6b-400a-8881-c5f9d7c282b1:263 appo <na> test for friday 10/28/10 00:02
Note, the "\"Text1 Text2"\" is for a [s option] search string query, when querying for the folder name with other zmmailbox options - normal quoting works. For example:
$ zmmailbox -z -m ajcody@`zmhostname` gfg "Large Share's Calendar" Permissions Type Display ----------- -------- ------- rwidxa account ajcody@mail71.DOMAIN.com
Search For Messages And Then Delete Them
Here's some examples to grab the message id's from a search and then put them in a variable to use for the delete command.
Other reference: King0770-Notes#Removing_Messages_with_Zmmailbox_based_on_the_Subject
Note - Crossmailbox Search And Delete Is Currently An RFE
See the following :
- RFE: Bulk deletion of a mail - crossmailbox
First - Default Search Returns Only 25 Results
From zmmailbox [help search] & zmmailboxsearch
--limit (optional) -l Sets the limit for the number of results returned. The default is 25.
Example Search With A From And To Date - Multiple Variable Search
This allows you to restrict your search in-between a date range.
zmmailbox -z -m user@domain.com s -t message -l 999 "before:6/15/2011 and after:6/9/2011"
Note - If your trying to do this for a tgz export, please see the following :
Example Search With To Field
[zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com s -t message "To: Adam" num: 4, more: false Id Type From Subject Date ---- ---- -------------------- -------------------------------------------------- -------------- 1. 269 mess Adam Re: 8-7-08 11:37 AM to both outside accounts 08/07/08 11:57 2. 268 mess Adam Re: 8-7-08 11:37 AM to both outside accounts 08/07/08 11:39 3. 266 mess Adam Re: 8-7-08 11:37 AM to both outside accounts 08/07/08 11:38 4. 263 mess Adam Re: test on 8-7-08 to zimbra account 08/07/08 11:37 [zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com s -t message "To: Adam" |awk '{ if (NR!=1) {print}}'| grep mess | awk '{ print $2 "," }' | tr -d '\n' 269,268,266,263, [zimbra@mail3 ~]$ message=`zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com s -t message "To: Adam" |awk '{ if (NR!=1) {print}}'| grep mess | awk '{ print $2 "," }' | tr -d '\n'` [zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com dm `echo $message` [zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com s -t message "To: Adam" num: 0, more: false
Example Search With From Field
[zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com s -t message "From: Adam" num: 8, more: false Id Type From Subject Date ---- ---- -------------------- -------------------------------------------------- -------------- 1. 464 mess Adam test 3 10/02/08 11:43 2. 463 mess Adam test 2 10/02/08 11:43 3. 462 mess Adam test 1 10/02/08 11:43 4. 461 mess Adam test 09/29/08 16:18 5. 460 mess Adam test for mailbox log 09/29/08 16:17 6. 265 mess Adam 8-7-08 11:37 AM to both outside accounts 08/07/08 11:38 7. 261 mess Adam test on 8-7-08 to zimbra account 08/07/08 11:36 8. 257 mess Adam test from zimbra on 8-7-08 08/07/08 11:27 [zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com s -t message "From: Adam" |awk '{ if (NR!=1) {print}}'| grep mess | awk '{ print $2 "," }' | tr -d '\n' 464,463,462,461,460,265,261,257, [zimbra@mail3 ~]$ message=`zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com s -t message "From: Adam" |awk '{ if (NR!=1) {print}}'| grep mess | awk '{ print $2 "," }' | tr -d '\n'` [zimbra@mail3 ~]$ echo $message 464,463,462,461,460,265,261,257, [zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com dm `echo $message` [zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com s -t message "From: Adam" num: 0, more: false [zimbra@mail3 ~]$
More Search Possibilities
Please see [Search Tips]
Export & Import Of Users Data In TGZ Format
Please see Ajcody-Migration-Notes#ZCS_User_to_Another_ZCS_Server_-_With_Rest_.26_TGZ
Seeing What & Where Of A Message ID
If your need to figure out what the actual email/message is from a logging event.
For example, log shows:
2009-03-03 22:04:58,969 INFO [btpool0-5532] [name=USER@DOMAIN.com;mid=8;ip=10.0.0.1;ua=ZimbraWebClient - IE6 (Win)/5.0.11_GA_2695.UBUNTU8_64;] mailop - moving Message (id=10955) to Folder Trash (id=3)
To see the details of the message, do the following:
zmmailbox -z -m USER@DOMAIN gm 10955 Id: 10955 Conversation-Id: 11155 Folder: /Trash Subject: FW: How are you doing? From: User External <USER@DOMAIN.com> To: <USER@DOMAIN.com> ...etc...
Message Count Mismatches
Message Count Via zmprov
To see a listing of message count in folders, replace USER@DOMAIN w/ user:
zmmailbox -z -m USER@DOMAIN gaf
You can also do something like this:
zmmailbox -z -m USER@DOMAIN s -t mess in:"FOLDER_IN_QUESTION"
If the folder has spaces, use the following format : "\"Large Share's Calendar"\"
zmprov rmc RecalculateMailboxCounts
From the zmprov help for rmc:
RecalculateMailboxCounts rmc {name@domain|id} When unread message count and quota usage are out of sync with the data in the mailbox, use this command to immediately recalculate the mailbox quota usage and unread messages count. Important: Recalculating mailbox quota usage and message count should be schedule to run in off peak hours and used on one mailbox at a time. Example: $zmprov rmc user@domain
Users should log into a new ZWC session after this was done.
If User Is Using IMAP Client
We have some bugs/rfe's in regards to how various IMAP clients operate with their delete/purge and it's impact on the our message counting.
Here's a recent one:
- "Item count should account for \Deleted IMAP messages"
- http://bugzilla.zimbra.com/show_bug.cgi?id=20620
- Resolved with 6.0.8
- http://bugzilla.zimbra.com/show_bug.cgi?id=20620
One work around was by configuring the IMAP client to move messages to a Trash/Deleted Items folder [if available] and to delete/purge messages immediately or upon sign off.
Check The Message Blobs On The File System
This is more of a sanity check, confirming the user does have what you would estimate for message blobs on the file system under their message store path.
See: Ajcody-Mysql-Topics#How_To_Locate_Users_Mailstore_and_Message_Store_Directory
You might also see "No Such Blob" messages in the ZWC client and the mailbox.log file.
See: Ajcody-Notes-No-Such-Blob
Make Sure Your Not Auto-purging Messages
These are set at the global or server level.
zmprov gacf | egrep "zimbraMailPurgeSleepInterval|zimbraMailTrashLifetime|\ zimbraMailSpamLifetime|zimbraMailMessageLifetime" zmprov gs server.domain.com | egrep "zimbraMailPurgeSleepInterval|\ zimbraMailTrashLifetime|zimbraMailSpamLifetime|zimbraMailMessageLifetime"
These at the user level:
zmprov ga user@domain | egrep "zimbraPrefInboxReadLifetime|zimbraPrefInboxUnreadLifetime|\ zimbraPrefSentLifetime|zimbraPrefJunkLifetime|zimbraPrefTrashLifetime"
Reference:
Managing Legal Requests for Information
Description:
- The ZCS legal intercept feature is used to obtain copies of email messages that are sent, received, or saved as drafts from targeted accounts and send these message to a designated “shadow” email address. Legal Intercept can be configured to send the complete content of the message or to send only the header information. When a targeted account sends, receives, or saves a draft message, an intercept message is automatically created to forward copies of the messages as attachments to the specified email address.
Please see:
- http://www.zimbra.com/docs/ne/latest/administration_guide/managing_other_zcs_features.8.1.html
- http://wiki.zimbra.com/index.php?title=Legal_Intercept
- http://bugzilla.zimbra.com/show_bug.cgi?id=17539
Persona, Identities, Send As, Send On Behalf Of Issues
For ZCS 8 And Above You Must Grant ACL Rights For sendAs and sendAsDistList for internal users
This section below only applies to versions ZCS 6 and ZCS 7. For ZCS 8 and above, the zimbraAllowFromAddress variable only is valid for external accounts and can NOT be used for internal users or ZCS distribution lists [DL's]. Please see the following for ZCS 8+
CLI Commands To Manage Persona, Identities, External Account
The following should provide you with the necessary commands to manage these user configurations:
zmprov help command| grep -i data createDataSource(cds) {name@domain} {ds-type} {ds-name} zimbraDataSourceEnabled {TRUE|FALSE} zimbraDataSourceFolderId {folder-id} [attr1 value1 [attr2 value2...]] deleteDataSource(dds) {name@domain|id} {ds-name|ds-id} getDataSources(gds) {name@domain|id} [arg1 [arg2...]] modifyDataSource(mds) {name@domain|id} {ds-name|ds-id} [attr1 value1 [attr2 value2...]]
zmprov help command| grep -i identit createIdentity(cid) {name@domain} {identity-name} [attr1 value1 [attr2 value2...]] deleteIdentity(did) {name@domain|id} {identity-name} getIdentities(gid) {name@domain|id} [arg1 [arg...]] modifyIdentity(mid) {name@domain|id} {identity-name} [attr1 value1 [attr2 value2...]]
Bugs And RFE's To Look At
Send As Issues
- "support sendAs right on server (as opposed to on-behalf-of)"
- http://bugzilla.zimbra.com/show_bug.cgi?id=22819
- "Composer should allow user to send message as self if replying on-behalf-of"
- "Implement "sendAs" rights for user accounts"
- http://bugzilla.zimbra.com/show_bug.cgi?id=22819
- "save copy of send-as message to sent-as user's Sent folder"
On Behalf Of Issues
- "send on behalf of for delegate access for ZWC"
- "reply to message in shared subfolder doesn't follow typical on behalf of behavior"
- "Need "Send on behalf of" pref"
- "Make the checkbox configurable for "Sent on behalf of""
Persona Setup With Send As [zimbraAllowFromAddress] Rights Rather Than On Behalf Of
This section below only applies to versions ZCS 6 and ZCS 7. For ZCS 8 and above, the zimbraAllowFromAddress variable only is valid for external accounts and can NOT be used for internal users or ZCS distribution lists [DL's]. Please see the following for ZCS 8+
- This was tested against ZCS 6.0.8p1 .
Attribute descriptions - 608 :
zimbra-attrs.xml:<attr id="427" name="zimbraAllowAnyFromAddress" type="boolean" cardinality="single" optionalIn="account,cos" flags="accountInfo,accountInherited"> zimbra-attrs.xml:<attr id="428" name="zimbraAllowFromAddress" type="email" max="256" cardinality="multi" optionalIn="account" flags="accountInfo,domainAdminModifiable">
- First, created a test user account:
- ajcody@rr608.zimbra.DOMAIN.com
- In the admin web console, under the users preferences tab :
- Sending Mail > checked : "Allow sending email from any address"
zmprov ma ajcody@rr608.zimbra.DOMAIN.com zimbraAllowAnyFromAddress TRUE
- Note, this could be setup in a COS as well and then assign the users you want to that COS
- If this is to permissive, because it does allow the user to send as anybody, then you'll want to do this instead:
zmprov ma ajcody@rr608.zimbra.DOMAIN.com zimbraAllowAnyFromAddress FALSE
zmprov ma ajcody@rr608.zimbra.DOMAIN.com zimbraAllowFromAddress personal-dl@rr608.zimbra.DOMAIN.com
- Note - bug alert.
- Testing shown that you could still have a persona setup for a particular address that wasn't set for the zimbraAllowFromAddress variable and zimbraAllowAnyFromAddress is set as FALSE. You'll be able to select it when composing a message and the message is sent with no error. But, what happens is the email is delivered to the recipient with your primary account details rather than the persona's.
- Note - bug alert.
- Sending Mail > checked : "Allow sending email from any address"
- In the admin web console, under the users preferences tab :
- ajcody@rr608.zimbra.DOMAIN.com
- If your only using a DL for the mail traffic, you would:
- Create a new DL :
- persona-dl@rr608.zimbra.DOMAIN.com
- checked "Can receive email"
- Added a user/s to the DL:
- ajcody@rr608.zimbra.DOMAIN.com
- persona-dl@rr608.zimbra.DOMAIN.com
- Create a new DL :
- Now, once that is done we can setup the persona for our "test user" - ajcody. Login as testuser
- Create a Folder called "Persona DL" and then a filter rule to move all emails with persona-dl@rr608.zimbra.DOMAIN.com to the "Persona DL" folder.
- Under the users perferences, Mail > Accounts > Add Persona button:
- Persona Name : Persona DL
- From : Persona DL # personal-dl@rr608.zimbra.DOMAIN.com
- Reply-To : Persona DL # personal-dl@rr608.zimbra.DOMAIN.com
- Use this persona:
- check "when replying or forwarding messages sent to: Persona DL # personal-dl@rr608.zimbra.DOMAIN.com
- check "when replying or forwarding messages in folder(s) : Personal DL
- Persona Name : Persona DL
- Under the users perferences, Mail > Accounts > Add Persona button:
- Create a Folder called "Persona DL" and then a filter rule to move all emails with persona-dl@rr608.zimbra.DOMAIN.com to the "Persona DL" folder.
- Things to note when using persona
- A new message in the "From" section will give a drop down for your persona choice.
- It's best to create a mail filter rule to put related messages for the persona account into a folder and then in the persona choose the option about using the persona as the default when replying to messages in that folder.
This section below only applies to versions ZCS 6 and ZCS 7. For ZCS 8 and above, the zimbraAllowFromAddress variable only is valid for external accounts and can NOT be used for internal users or ZCS distribution lists [DL's]. Please see the following for ZCS 8+
- The below how-to was tested against ZCS 6.0.8p1 .
- First, created a test user account:
- ajcody@rr608.zimbra.DOMAIN.com
- In the admin web console, under the users preferences tab :
- Sending Mail > checked : "Allow sending email from any address"
zmprov ma ajcody@rr608.zimbra.DOMAIN.com zimbraAllowAnyFromAddress TRUE
- Note, this could be setup in a COS as well and then assign the users you want to that COS
- If this is to permissive, because it does allow the user to send as anybody, then you'll want to do this instead:
zmprov ma ajcody@rr608.zimbra.DOMAIN.com zimbraAllowAnyFromAddress FALSE
zmprov ma ajcody@rr608.zimbra.DOMAIN.com zimbraAllowFromAddress personal-source@rr608.zimbra.DOMAIN.com
- Note - bug alert.
- Testing shown that you could still have a persona setup for a particular address that wasn't set for the zimbraAllowFromAddress variable and zimbraAllowAnyFromAddress is set as FALSE. You'll be able to select it when composing a message and the message is sent with no error. But, what happens is the email is delivered to the recipient with your primary account details rather than the persona's.
- Note - bug alert.
- Sending Mail > checked : "Allow sending email from any address"
- In the admin web console, under the users preferences tab :
- ajcody@rr608.zimbra.DOMAIN.com
- If I was only using a "shared mailbox" for the mail traffic, I would:
- First create a DL that will have the user accounts you want to share this 'new' mailbox [Inbox]:
- Create a new DL:
- persona-share@rr608.zimbra.DOMAIN.com
- checked "Can receive email"
- Added a user to the DL:
- ajcody@rr608.zimbra.DOMAIN.com
- persona-share@rr608.zimbra.DOMAIN.com
- Create a new DL:
- First create a DL that will have the user accounts you want to share this 'new' mailbox [Inbox]:
- The create a new account/mailbox that others will share:
- persona-source@rr608.zimbra.DOMAIN.com
- From the 'admin console', do "View Mail" on the new account
- Share the Inbox to the DL : persona-share@rr608.zimbra.DOMAIN.com w/ Manager or Admin Rights
- From the 'admin console', do "View Mail" on the new account
- persona-source@rr608.zimbra.DOMAIN.com
- Log back into the 'test user' acocunt - ajcody@rr608.zimbra.DOMAIN.com
- Accept the share and confirm you see the "Inbox" from the "persona-source" account.
- Then, under the users perferences, Mail > Accounts > Add Persona button::
- Persona Name : Persona Source
- From : Persona Source # persona-source@rr608.zimbra.DOMAIN.com
- Reply-To : Persona Source # persona-source@rr608.zimbra.DOMAIN.com
- Use this persona:
- check "when replying or forwarding messages sent to: persona-source@rr608.zimbra.DOMAIN.com
- check "when replying or forwarding messages in folder(s) : Persona Source's Inbox
- Persona Name : Persona Source
- Then, under the users perferences, Mail > Accounts > Add Persona button::
- Accept the share and confirm you see the "Inbox" from the "persona-source" account.
- Things to note when using persona
- A new message in the "From" section will give a drop down for your persona choice.
- It's best to create a mail filter rule to put related messages for the persona account into a folder and then in the persona choose the option about using the persona as the default when replying to messages in that folder.
- Need An RFE/BUG Report? - When you have a shared mailbox folder, the 'normal' operation when replying to messages from that folder is to send them "on behalf of". You don't want this option, since your wanting to use the persona rules. You might need to "uncheck" the box under the new message that says:
- uncheck box for "Send this message on behalf of: persona-source@rr608.zimbra.DOMAIN.com"
- I couldn't find a way to have this "unchecked" as the default.
Sieve Rules
Administrating Rules For Users - CLI
Please see King0770-Notes-Sieve_Rules_By_Proxy
Ajcody Client Topics
Actual Client Topics Homepage
Please see Ajcody-Client-Topics
Official End User Guides And How-To's
Please see the following:
http://www.zimbra.com/community/end_user_guide_and_how_to.html
Bugs-RFE's
- "Support user creation and moving of nested calendars" subfolders , sub-folders
- http://bugzilla.zimbra.com/show_bug.cgi?id=27211
- "Appointments created in shared sub-calendar does not show in ZWC"
- http://bugzilla.zimbra.com/show_bug.cgi?id=27211
Small Screen Resolution Issues - 800x600
Please see the following:
- "Support for 800x600 Screen Resolution on Web Client"
- "Horizontal scroll bar is present when screen resolution is 800*600"
- "UI issues in HTML client when screen resolution is 800*600"
Section 508 , VPAT, ADA, And Accessibility
New
- VMware Collaboration Product VPATs For Zimbra
- 2014 update - dead link now that Zimbra is no longer a part of Vmware.
- Zimbra Support staff - please see the following private bug comment:
About section 508 and Accessibility:
- US Federal Agency Home Page For "accessibility for people with disabilities".
- IAccessible2 Overview
- Voluntary Product Accessibility Template
Various Zimbra RFE's related to topic:
- "Ability to adjust transparency of Calendar view"
- "508 and Accessibility issues with HTML client"
- http://bugzilla.zimbra.com/show_bug.cgi?id=28516
- This one is marked private, but it just referenced the materials within Vmware - which no longer applies.
- "AJAX accessibility - section 508"
- "Accessibility And Section 508 Documentation"
- http://bugzilla.zimbra.com/show_bug.cgi?id=45706
- BLYNX: Lynx Support Files Tailored for Blind and Visually Handicapped Users, see rfe comment:
- "I18N - "Translate" and tooltips "Translate currently opened email's " & "Converts the selected message's text to speech" not translated"
- http://bugzilla.zimbra.com/show_bug.cgi?id=49720
- Mentions the use of Google Language with a zimlet. Note though, Google language also offers text-to-speech.
- "RFE: text-to-speech and speech-to-text"
- http://bugzilla.zimbra.com/show_bug.cgi?id=52174
- Experimental zimlet for text-to-speech, see comment in rfe:
- http://bugzilla.zimbra.com/show_bug.cgi?id=52174
Zimbra Web Client
Setting ZWC As Default Mail Client - Mailto
Seeing What Is Currently Set For Mailto Handler In Various Browsers
- Firefox: Seeing what mailto is currently configured as:
- In url field , about:config and hit enter.
- Search for mailto
- In url field , about:config and hit enter.
- Chrome: Seeing what mailto is currently configured as:
- In url field , chrome://settings/handlers and hit enter.
- Will pop up a box, if empty, then nothing is set.
ZCS 8 And RFE To Set ZWC As Default Mail Client
Per the following RFE, with ZCS 8 a user should be prompted upon first login if they want to set ZWC as their default mail client.
- "Cannot Make Zimbra Web Client the Default "mailto" Client"
Most Complete Solution For Windows - Full Mailto & MAPI Calls Mapping via Zimbra Notifier
First, though it's unsupported directly by the Zimbra Support team, most users will prefer to use this because of its full functionality:
- Zimbra Notifier
The other option is setting up a registry key within windows.
Windows Mailto To Use ZWC Advance Ajax Client or Basic HTML Client Interface
Note, the Windows examples below use the url string to use the ZWC Advanced Ajax client, if you want to use the ZWC Basic HTML one you'll use a string like the following instead :
https://mail.server.com/h/search?action=compose&to=%1
Windows 7 Mailto Registry Key
Save the following to a file ending with a name of .reg, and modify the following items below to suit the user. Save the file after you made the changes. Run the registry editor [Start > Run > regedit ] and do a File > Import - selecting the file you had saved.
Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\SOFTWARE\Classes\mailto] "URL Protocol"="" [HKEY_CURRENT_USER\SOFTWARE\Classes\mailto\shell] [HKEY_CURRENT_USER\SOFTWARE\Classes\mailto\shell\open] [HKEY_CURRENT_USER\SOFTWARE\Classes\mailto\shell\open\command] @="C:\\Path\\to\\Program.exe https://mail.server.com?username=user@example.com&view=compose&to=%1"
- Change the C:\\Path\\to\\Program.exe to the full path of browser executable to be used or to "rundll32.exe url.dll,FileProtocolHandler" [This will use the default registered browser of the user] .
- Note - When importing a reg key, you have to use \\ in the path rather than just one\ . Once imported, the key value will only show one \ per directory.
- Firefox example
@="C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe https://mail.domain.com?username=user@domain.com&view=compose&to=%1"
- Chrome example
@="C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe https://mail.domain.com?username=user@domain.com&view=compose&to=%1"
- IE example
@="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe https://mail.domain.com?username=user@domain.com&view=compose&to=%1"
- Change the mail server name and the user name :
- mail.server.com?username=user@example.com
- for example mycompany.com?username=john@mycompany.com
Windows Xp And Windows 98 MailTo Setup
See the following Microsoft KB :
You'll need to adjust the "Application used to perform action:" to be like one of the examples below:
- Firefox example
- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" "https://mail.domain.com?username=user@domain.com&view=compose&to=%1"
- Chrome example
- "C:\Program Files (x86)\Google\\Chrome\Application\chrome.exe" "https://mail.domain.com?username=user@domain.com&view=compose&to=%1"
- IE example
- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" "https://mail.domain.com?username=user@domain.com&view=compose&to=%1"
Conversation Views
Here's an RFE I made you might want to check out:
- "RFE: Converstation View - Cos/User Customization"
Read & Delivery Confirmation Receipt
Please see RFE:
- "Support read receipts and delivery reports in webmail"
Web Client Search
The webclient offers a powerful search tool, the problem is knowing how to use it.
Please see this to learn the proper syntax's to get your searches right:
[Web Client Search - Power tip]
Is some particular state [ unread, read, flagged, unflagged, sent, draft, received, replied, unreplied, forwarded, unforwarded, anywhere [show messages anywhere], local, sent, solo [haven't replied, without a conversation] ]:
is:unread
In A Folder (Inbox):
In:Inbox
Unread and in Inbox:
In:Inbox is:uread
To someone:
to:user@domain.com
From someone:
from:user@domain.com
CC'd reference:
cc:user@domain.com
Subject reference:
subject:word-string
Has something [attachment , phone , url]
has:attachement
A particular 'something':
attachment:word
Size of mesage [{larger,smaller} : ## "b","kb","mb"]
larger:12kb
By tag:
tar:MyStuff
Email To Attachment Or Saved To Desktop
Send Email As Attachment
You can do a "forward" on an email and then in the new window, select "Options". This drop down will give you the options to "Include Orginal As Attachment".
Attachments Saved To Desktop And Other Options
Some RFE's are more expansive functionality:
- "save email message from web client to desktop"
- "RFE: expand the Add Attachment picker to attach emails"
- "When forward an email as attachement, the addresses in the forwarded email are not "usable"
- "Save email attachement to a Notebook or page in Documents"
A non-support zimlet that could be used:
- http://www.zimbra.com/forums/zimlets/16789-zimlet-save-email-txt-file.html
- http://gallery.zimbra.com/gallery.php?act=viewProd&productId=73
Date Format date_zimlet Issues
Most likely, your issues are addressed in the following:
- "Date formats not localized"
- "All date format should be supported for date zimlet"
- "RFE: date_zimlet - general improvement for functionality, customization and support of"
General CALDAV Issues
Only Seeing 1 Month Back and 1 Year Ahead In CalDAV
Please see this bug:
http://bugzilla.zimbra.com/show_bug.cgi?id=28713
Lightning & Thunderbird
News Bugs/RFE's To Track That Might Update Situation As Described Below
- "Calendar not configurable via Caldav/Lightening"
- "Lightning can not write to calendar."
- "lightning plugin for thunderbird no longer displays free busy w/5.0.18"
- "CalDAV: Events deleted on Lightning aren't deteted on the server"
- "Conduit for Thunderbird"
Lightning does not support Caldav + Free/Busy
Free/Busy support is only available for the Sun Cal Server.
Maybe we could "fake" this out within our Ldap configuration. Like RFE for Apple OD:
http://bugzilla.zimbra.com/show_bug.cgi?id=26619
Address/username lookup doesn't occur within a new appointment
Unfortunately, I've not figured a way around this at this time.
Zimbra CalDav doesn't allow user to dismiss alarms from lightning
Please see bug from Mozilla:
https://bugzilla.mozilla.org/show_bug.cgi?id=432540
Ajcody Apple Mac Issues
Actual Apple/Mac Issues Homepage
Please see Ajcody-Apple-Mac-Issues
App To Help Enable Debugging Options
You might want to check out this app:
Outlook 2011 For Mac And EWS Setup
Follow these steps to set up Outlook to sync using Exchange Web Services:
- Open Outlook.
- Open the Outlook menu and select Preferences.
- Click the Accounts icon under the Person Settings section.
- Click the Exchange icon which will open a new window.
- Enter your email address in the E-mail address field.
- Set the Method to "User Name and Password."
- Enter your full email address (e.g. user@example.com) as the username.
- Enter your password in the password field.
- Uncheck the "Configure automatically" check-box.
- In the Server field, enter Zimbra Collaboration Server's hostname - (e.g. mail.example.com)
- Click Add Account.
Note, if you end up customizing the other elements be aware of the following:
- ZimbraEWS uses BASIC Auth for validating the user request.
With Screenshots
Please see Ajcody-Outlook_2011_For_Mac_And_EWS_Setup#Outlook_2011_For_Mac_And_EWS_Setup_With_Screenshots
Contact Related Items
EWS Configuration And ZCS 8.5+
Example is from OS X 10.9.5 . The ZCS server must be licensed for EWS and your account needs to have the EWS feature enabled. This can be enabled in the admin console either checking the box for EWS under Features in the COS that is set for the account or under the individuals user configuration for Features. It can also be set on the CLI - zimbraFeatureEwsEnabled TRUE [COS or user].
Note - ZCS 8.5 targeted EWS support ONLY with Outlook for Mac's. There was no testing or expectation that the native mac apps would work with the EWS configuration type.
- Launch Contacts.app
- Click on "Contacts" from the menu screen at the top of your screen.
- Select "Add Account.."
- Select "Exchange" and then "Continue"
- Name : your full name
- Email Address : user@domain
- Password : your password
- Once filled out, click "Continue" . You'll need move onto another configuration screen.
- Description : I would recommend filling this out to avoid any confusion from other accounts you might setup.
- Server Address : the FQDN/hostname of your ZCS server. You can also use an ip address here.
- Once filled out, click "Continue" .
- You should now see a summary of your configuration, click "Continue".
- You'll now be asked to select what apps to use, your choices will be:
- Contacts
- Calendar
- Notes
- Reminders
- Once you've checked the ones you want, click "Done".
This will create two resources within Contacts.app. You'll see a header called "Exchange" with your account contact folders under it [ZCS defaults will be - Contacts, Emailed Contacts] and also a line that says "All Exchange". There will also be a section now called "Directories", listed under it will be "All Directories" and "Exchange Global Address List".
Verify Certificate Prompts
If the ZCS server isn't using commericial certificates, you'll end up getting a pop up window on your Mac called "Verify Certificate". To get rid of this pop up window, you'll want to do the following.
Click on the "Show Certificate" button. You'll then have an option to check a box for "Always trust ....". Then click on the "Continue" button.
Log Event Showing EWS
Possible log files to check for in /opt/zimbra/log/ are below with some examples from my logging into Contacts.App and creating a new contact. You can increase the logging details if needed , please see Using_log4j_to_Configure_mailboxd_Logging#Predefined_log4j_Categories_in_ZCS :
- access_log.[date]
192.168.1.73 - - [10/Oct/2014:16:01:30 +0000] "POST /EWS/Exchange.asmx HTTP/1.1" 200 907 "-" "Mac OS X/10.9.5 (13F34); ExchangeWebServices/4.0 (193); Contacts/8.0 (1371.2)" 16 192.168.1.73 - - [10/Oct/2014:16:05:55 +0000] "GET /home/user1@mail2.zimbra.DOMAIN.com/Contacts?fmt=cf&t=2&all=all HTTP/1.1" 200 - "https://192.168.1.172/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36" 42 192.168.1.73 - - [10/Oct/2014:16:28:11 +0000] "POST /EWS/Exchange.asmx HTTP/1.1" 401 0 "-" "Mac OS X/10.9.5 (13F34); ExchangeWebServices/4.0 (193); Contacts/8.0 (1371.2)" 7
- audit.log
2014-10-10 12:01:28,976 INFO [qtp509886383-107:https://192.168.1.172:443/EWS/Exchange.asmx] [] security - cmd=Auth; account=user1@mail2.zimbra.DOMAIN.com; protocol=zsync; 2014-10-10 12:05:50,227 INFO [qtp509886383-113:http://127.0.0.1:80/service/soap/AuthRequest] [name=user1@mail2.zimbra.DOMAIN.com;oip=192.168.1.73;ua=zclient/8.5.0_GA_3042;] security - cmd=Auth; account=user1@mail2.zimbra.DOMAIN.com; protocol=soap;
- ews.log
2014-10-10 12:28:11,361 INFO [qtp509886383-117:https://192.168.1.172:443/EWS/Exchange.asmx] [] ews - Start syncFolderHierarchy 2014-10-10 12:28:11,371 INFO [qtp509886383-117:https://192.168.1.172:443/EWS/Exchange.asmx] [] ews - User: user1 has been successfully authorized. 2014-10-10 12:28:11,371 INFO [qtp509886383-117:https://192.168.1.172:443/EWS/Exchange.asmx] [name=user1@mail2.zimbra.DOMAIN.com;ip=192.168.1.73;ua=MacOSX/(F)ExchangeWebServices/()Contacts/();] ews - The account: 7277b33a-c7ee-4b03-bb4b-f24814c7cea3is true 2014-10-10 12:28:11,371 INFO [qtp509886383-117:https://192.168.1.172:443/EWS/Exchange.asmx] [name=user1@mail2.zimbra.DOMAIN.com;ip=192.168.1.73;ua=MacOSX/(F)ExchangeWebServices/()Contacts/();] ews - Folder Id was not provided with request, defaulting to 1 2014-10-10 12:28:11,427 INFO [qtp509886383-117:https://192.168.1.172:443/EWS/Exchange.asmx] [name=user1@mail2.zimbra.DOMAIN.com;ip=192.168.1.73;ua=MacOSX/(F)ExchangeWebServices/()Contacts/();] ews - End syncFolderHierarchy 2014-10-10 12:28:11,449 INFO [qtp509886383-118:https://192.168.1.172:443/EWS/Exchange.asmx] [] ews - Start createItem version 1.0.01 2014-10-10 12:28:11,450 INFO [qtp509886383-118:https://192.168.1.172:443/EWS/Exchange.asmx] [] ews - Start: createItem 2014-10-10 12:28:11,457 INFO [qtp509886383-118:https://192.168.1.172:443/EWS/Exchange.asmx] [] ews - User: user1 has been successfully authorized. 2014-10-10 12:28:11,457 INFO [qtp509886383-118:https://192.168.1.172:443/EWS/Exchange.asmx] [name=user1@mail2.zimbra.DOMAIN.com;ip=192.168.1.73;ua=MacOSX/(F)ExchangeWebServices/()Contacts/();] ews - The account: 7277b33a-c7ee-4b03-bb4b-f24814c7cea3is true 2014-10-10 12:28:11,580 INFO [qtp509886383-118:https://192.168.1.172:443/EWS/Exchange.asmx] [name=user1@mail2.zimbra.DOMAIN.com;ip=192.168.1.73;ua=MacOSX/(F)ExchangeWebServices/()Contacts/();] ews - End: createItem 2014-10-10 12:28:11,580 INFO [qtp509886383-118:https://192.168.1.172:443/EWS/Exchange.asmx] [name=user1@mail2.zimbra.DOMAIN.com;ip=192.168.1.73;ua=MacOSX/(F)ExchangeWebServices/()Contacts/();] ews - End createItem
- mailbox.log
2014-10-10 12:28:11,522 INFO [qtp509886383-118:https://192.168.1.172:443/EWS/Exchange.asmx] [name=user1@mail2.zimbra.DOMAIN.com;ip=192.168.1.73;ua=MacOSX/(F)ExchangeWebServices/()Contacts/();] mailop - adding contact test2@domain.com: id=269, folderId=7, folderName=Contacts.
- trace_log.[date]
12:28:11.323:qtp509886383-117:https://192.168.1.172:443/EWS/Exchange.asmx REQUEST 192.168.1.73 POST null; Mac OS X/10.9.5 (13F34); ExchangeWebServices/4.0 (193); Contacts/8.0 (1371.2) 12:28:11.330:qtp509886383-117:https://192.168.1.172:443/EWS/Exchange.asmx RESPONSE 401 text/xml; charset=UTF-8 12:28:11.354:qtp509886383-117:https://192.168.1.172:443/EWS/Exchange.asmx REQUEST 192.168.1.73 POST null; Mac OS X/10.9.5 (13F34); ExchangeWebServices/4.0 (193); Contacts/8.0 (1371.2) 12:28:11.429:qtp509886383-117:https://192.168.1.172:443/EWS/Exchange.asmx RESPONSE 200 text/xml; charset=UTF-8 12:28:11.446:qtp509886383-118:https://192.168.1.172:443/EWS/Exchange.asmx REQUEST 192.168.1.73 POST null; Mac OS X/10.9.5 (13F34); ExchangeWebServices/4.0 (193); Contacts/8.0 (1371.2) 12:28:11.581:qtp509886383-118:https://192.168.1.172:443/EWS/Exchange.asmx RESPONSE 200 text/xml; charset=UTF-8
AddressBook
Logging-Debug for Addressbook
First shutdown Addressbook app.
Launch terminal app.
defaults write com.apple.addressbook ABShowDebugMenu -bool true
Turn it off by just reversing it:
defaults write com.apple.addressbook ABShowDebugMenu -bool false
CardDAV
Contact Groups
- Contact groups do not sync via CardDAV
- https://bugzilla.zimbra.com/show_bug.cgi?id=46359#c30
- Resolved for ZCS 8+
10.6 - Snow Leopard Notes
Basic Setup Notes
Some notes I have against testing CardDAV I shared on a case. The following was done with CardDAV [OSX 10.6.4] & Addressbook [Version 5.0.2 (870)] .
Primary references I found related to :
- CardDAV fails in 6.0.8 for Evolution and Mac Address Book
- CardDAV do not work on the non-default domains in Zimbra
- WebDAV: Add support for CardDav
To setup, launch Addressbook.
- Addressbook > Preferences
- Accounts > click on + sign to add new account
- Account type = CardDav
- User Name = user
- bug/rfe's mentions the use of user@domain vs. just user will most likely cause Addressbook to attempt a DNS SRV record lookup.
- Password = accounts password
- Server Address = http://servername:80 or https://servername:443
- might need to adjust that for proxy setup or if you have load balancers/F5's/etc..
- Accounts > click on + sign to add new account
Additional Details And Troubleshooting Steps - Proxy Issues Most Likely
I was able to get my carddav account to work using my virtual hostname that points to my two servers that run ldap/proxy/mta . I have them setup in DNS as well.
$ host rr608.zimbra.DOMAIN.com rr608.zimbra.DOMAIN.com has address 192.168.0.42 rr608.zimbra.DOMAIN.com has address 192.168.0.41 rr608.zimbra.DOMAIN.com mail is handled by 10 rr608.zimbra.DOMAIN.com.
One thing I did hit though, was the way OSX handles it's odd resolution stuff. For example, initially it failed when I had just modified the /etc/resolv.conf to use my internal DNS. Doing :
host rr608.zimbra.DOMAIN.com
resolved properly but doing:
ping rr608.zimbra.DOMAIN.com
was resolved to the external ip and was being hampered by my firewall. Once host and ping were resolving correctly, the carddav account work.
The whole reason I mention this is that I think we should walk our way back from the mailstore hostname in the configuration.
First, setup a carddav account using the mailstore name and confirm it works and then close/exit the Address Book. Then do the following. In a terminal, be in the users home directory and cd to this subdirectory - for example:
$ pwd /Users/[username]/Library/Application Support/AddressBook/Sources/
Do a ls there and find the most recent directory that was made and cd into it, for example:
$ ls -latr total 0 drwx------ 7 ajcody staff 238 Nov 17 06:50 000C3E7F-3DE5-40C8-8820-AF96214D6AF0 drwx------ 4 ajcody staff 136 Nov 17 06:58 . drwx------ 6 ajcody staff 204 Nov 17 07:07 56892F5B-9F55-437E-9890-A8489A63EDAA drwx------@ 8 ajcody staff 272 Nov 17 07:07 .. Adams-MacBook-Pro:Sources username$ cd 56892F5B-9F55-437E-9890-A8489A63EDAA/ Adams-MacBook-Pro:56892F5B-9F55-437E-9890-A8489A63EDAA username$ ls AddressBook-v22.abcddb Configuration.plist Metadata SyncLockFile
We can now manually edit the Configuration.plist file with various test hostnames/ip addresses.
The two keys we're interested in will be like this:
<key>name</key> <string>ajcody@rr608.zimbra.DOMAIN.com</string> <key>servername</key> <string>http://rr608.zimbra.DOMAIN.com:80/principals/users/ajcody@rr608.zimbra.DOMAIN.com</string>
What I'd like you to attempt is adjusting the line for the servername using a hostname/ip address that will bypass the F5 if possible. You'll modify the file and save it. Launch Address Book and confirm/deny if the new hostname/ip address works.
- Use a static ip address of one of the zcs proxy servers. Please confirm it is pingable from the machine first.
- Use the hostname of the actual host of the same proxy server.
I'm assuming you can't use [your mailstore hostname] without going first to the F5, if the test above work you might want to setup a test BIND server you could use with the mac machine to resolve the [your mailstore hostname] using the various hostnames/ip's of the zcs proxy servers.
Use LDAP directory from ZCS for Mac Addressbook / Mail.App / iCal for Mac 10.4
Setting Up LDAP With Authentication - ZCS 8+
As an example, you would fill out the setup fields in the client to be like :
Username: uid=joe,ou=people,dc=abccompany,dc=com password: _zimbra_password_ Authentication Type: simple
Changing uid=joe to match the users email address [joe@abccompany] . You would also adjust the dc=abccompany above to match the users domain name in their email address.
To see and test what type of returns this setup will give, you can do the following from the ZCS server's CLI:
ldapsearch -x -H ldap://ldap.abccompany.com:389 -D uid=joe,ou=people,dc=abccompany,dc=com -w supp0rt -LLL -b 'ou=people,dc=abccompany,dc=com'
You would adjust the uid= , dc= , strings to match the user@domain for the user and also adjust "-w supp0rt" to be the user's password.
Older Reference Prior To ZCS 8
This is generally for those that aren't using Z-iSync.
First, test on shell that you have ldap connectivity.
ldapsearch -x -H ldap://ZCSserver-name:389 "uid=ajcody"
That returned successfully.
Then Addressbook Preferences
LDAP + (for new) Name: anything really Server: ip/hostname that was used successfully in the ldapsearch string Search Base: [leave blank] Port: 389 Scope: Subtree No auth needed * Save
I have no idea what the "Auto Update LDAP Cards" does.
Then setup Mail.App for IMAP to the Zimbra server. Check preferences to use LDAP - it will use the Address Book configuration that you did prior and it should auto-resolve to a username when you do a new message.
iCal will only use address that are in the LOCAL addressbook when you use the attendee field for a new event.
One way around this is to do a wildcard search in the Addressbook and drag those items to the local addressbook.
Goto to Address Book, selected Directories my ldap server and put in the below for the search field:
*.
This search result can then be dragged to the "All" folder in the Group column. It creates a "Last Import" item in the Group column now - it might warn about updating entries that all ready match.
Entourage And Calendars
Can't Sync Calendars Between Entourage and Zimbra
Bug/RFE filed to correct current public documents on issue:
- "Clean up references to having general support for Entourage and Calendars"
Bug/RFE filed to include comment in Release Notes:
- "Document 10.5 cannot sync entourage to zcs"
Summary of the situation:
Update [05/2010] : Many of the bugs/rfe's filed against iSync will now reference this:
- We are EOL'ing support for iSync in ZCS 7.0. See bug 42448 for more details,
- but support of CalDav and CardDav with MacOSX 1.6+ for ZSC 6.0.x+ will be the
- solution going forward.
- MacOS 10.4
- MacOS 10.4 still has the iSync/Entourage integration. Entourage integration worked via iSync rather than CalDAV (10.4 can't use CalDAV, only iSync). It would create a local calendar called Entourage within iCal and then the iSync service (via Zimbra Connector) would post updates to the users Zimbra calendar called Calendar (the default). I believe it would also check the box in Entourage under Preferences > Sync Services > Synchronize events and tasks with iCal and .Mac
- MacOS 10.5
- Apple's SyncServices issues make iSync unreliable and buggy so we (developers) now favor CalDAV.
- See bug 27380 "Leopard - CalDav only"
- Pre-5.0.6 Zimbra Connector
- The connectors before 5.0.6 release allowed you to select iSync rather than CalDav on MacOS 10.5.
- For the brave, you could always use connectors before the 5.0.6 release (on MacOS 10.5) . Since this would end in an unsupported situation [support staff and developers would tell a customer in a "support case" to upgrade to a new release] it would be best to encourage your users to keep a very clean and simple calendar as to avoid needed support. This might buy some time until the bugs mentioned are resolved.
- The connectors before 5.0.6 release allowed you to select iSync rather than CalDav on MacOS 10.5.
- 5.0.6+ Zimbra Connectors
- 5.0.6+ Zimbra connectors on MacOS 10.5 will only be able to use CalDAV and iCal for calendaring features. You will not have the option to use iSync for calendars and therefor the Entourage integration is lost. You can't even drag/drop items to/from Entourage and iCal.
- Entourage doesn't support CalDAV, only WebDAV.
- See RFE bug 24502 "Support for Entourage WebDav"
- Enable snow leopard messaging features, Outlook for Mac 2010
- http://bugzilla.zimbra.com/show_bug.cgi?id=38631
- This was marked as a dup of the above:
- Support for Outlook for Mac 2010
- http://bugzilla.zimbra.com/show_bug.cgi?id=41106
- 5.0.6+ Zimbra connectors on MacOS 10.5 will only be able to use CalDAV and iCal for calendaring features. You will not have the option to use iSync for calendars and therefor the Entourage integration is lost. You can't even drag/drop items to/from Entourage and iCal.
- Apple's SyncServices issues make iSync unreliable and buggy so we (developers) now favor CalDAV.
- Forum thread
For The Stubborn - Getting Old Z-iSync Connector
Please don't kill the messenger, I'm putting this up here for those that are desperate and would rather deal with the iSync bugs on their own versus moving to the iCal + CalDAV supported option. Don't expect support for this configuration. There's an internal discussion about making the latest connector available directly - I'll update this page depending on the outcome. Until that discussion is resolved, I don't feel comfortable posting the individual connector by itself.
Grab the 5.0.5 tar ball from here:
http://www.zimbra.com/products/downloads_previous.html
The connectors are in the zimbra-store*.rpm , you'll find it in the packages directory once you untar the zimbra tarball.
Copy this over to temp. Find the path of the file. Extract it.
mkdir /tmp/isync cp packages/zimbra-store*.rpm /tmp/isync/ cd /tmp/isync rpm2cpio zimbra-store*.rpm | cpio -iv --make-directories `rpm2cpio zimbra-store*.rpm | cpio -t | grep -i zimbra-isync`
You'll see the new directories and within them you'll see the dmg file for the connector.
iCal General Issues
Clearing iCal cache
Make and run script:
#!/bin/sh rm -rf ~/Library/Application\ Support/SyncServices/Local/clientdata/com.apple.iCal rm -rf ~/Library/Calendars rm -rf ~/Library/Preferences/com.apple.iCal.plist rm -rf ~/Library/Preferences/IcalExternalSync.plist rm -rf ~/Library/Preferences/ByHost/com.apple.iCal.helper.* rm -rf ~/Library/Caches/com.apple.iCal rm -rf ~/Library/Caches/Metadata/iCal
Clearing ALL of iCal
Careful, This Will Remove All Calendar Data. Have all iSync related programs shutdown [addressbook, ical, iMail]
You will also need to redo your CalDAV account setup for the Zimbra iSync Connector. It might also be necessary to uninstall and reinstall the Zimbra Connector. Make and run script:
#!/bin/sh rm -rf ~/Library/Application\ Support/SyncServices/Local rm -rf ~/Library/Application\ Support/SyncLocalCopy rm -rf ~/Library/Application\ Support/iSync/SyncLocalCopy rm -rf ~/Library/Application\ Support/iCal rm -rf ~/Library/Calendars rm -rf ~/Library/Preferences/com.apple.iCal.* rm -rf ~/Library/Preferences/IcalExternalSync.plist rm -rf ~/Library/Preferences/ByHost/com.apple.iCal.helper.* rm -rf ~/Library/Caches/com.apple.iCal rm -rf ~/Library/Caches/Metadata/iCal
You might be seeing this:
http://bugzilla.zimbra.com/show_bug.cgi?id=23671
Comment #30 give some instructions on a case they can reproduce.
zmprov gd <your domain name> zimbraPublicServiceHostname zmprov gs <your server name> zimbraServiceHostname
If zimbraPublicServiceHostname is not set, or set to a different name (such as an alias of the machine or a load balancer), you are hitting this issue.
Calendar events are displaying the wrong time
Apple expects the year of 1971 for the DTSTART variable within an ICS file. There is no standard that dictates this.
Zimbra (prior to version 5.0.5) was using 1601, this is in /opt/zimbra/conf/timezones.ics .
Please see bug for more details (resolved 5.0.5):
http://bugzilla.zimbra.com/show_bug.cgi?id=22808
Alarm & Calendar Notification Issues with iCal
These issues are getting worked out for the 5.0.7 release.
Please review:
http://bugzilla.zimbra.com/show_bug.cgi?id=28057
Some more details:
http://bugzilla.zimbra.com/show_bug.cgi?id=28883
http://bugzilla.mozilla.org/show_bug.cgi?id=432540
iCal calendar color changing modifies calendar name and/or doesn't retain color
Fixed in 5.0.5 . See bugs for details:
http://bugzilla.zimbra.com/show_bug.cgi?id=26627
http://bugzilla.zimbra.com/show_bug.cgi?id=26625
Colors for Calendar & Appointments (Non-client specific)
Here's some RFE's/Bugs you might be interested in:
- "Need more colors on calendars"
- "Making visual difference between meeting status is not easy."
- "Shared calendar should auto-select an unused color"
- "Support tagging of appointments in calendar"
- http://bugzilla.zimbra.com/show_bug.cgi?id=2769
- "Tags not synced for appointments and tasks"
- "Color-coding of appointments"
- http://bugzilla.zimbra.com/show_bug.cgi?id=2769
Calendar Ordering Issues
Please see RFE I made.
- "Allow the reordering of Calendars on webclient to match the order on iCal"
- http://bugzilla.zimbra.com/show_bug.cgi?id=32197
- Depends On:
- "allow changing the order/position of calendars in schedule view"
Directory Access configuration on Macs
File that configures [system wide] for Address Book resolution
/Library/Preferences/DirectoryService/DSLDAPv3PlugInConfig.plist
Calendar Invites can't be imported into iCal
If you look at the ics file, you might see an extra return character at the end.
You'll see this if an Outlook client send an invite to a user using a Mac with a thick client [Mail.app/Entourage].
This was resolved in the 5.0.5 release. Please see bug for more details:
http://bugzilla.zimbra.com/show_bug.cgi?id=26487
Mac clients cause spamming of invitation events when they adjust calendar events
This, at it's root, is caused by other bugs listed here. Usually this will get resolved with the proper upgrades that the bugs require (ZCS 5.0.5+)
There is a RFE/Bug though that will also resolve this, by allowing the "action" of an appointment to be set.
Please see bug for details [scheduled for 5.0.7]:
http://bugzilla.zimbra.com/show_bug.cgi?id=10536
Calendar.app 10.9.5 With ZCS 8.5+
EWS - Exchange Account Topics
Configuring EWS And Calendar.app
Note - currently, with ZCS 8.5 it is not working with calendars. See the following bug:
- Calendar.app via EWS setup doesn't work with ZCS Calendar
Configuring an EWS account on a Mac gives you the option to enabled multiple services. See EWS Configuration And ZCS 8.5 on setting this up.
CalDAV Account Topics
Delegate Issues
- can't create delegate from ical via caldav
iCal 10.5 - CalDAV Issues
Logging-Debug for CalDAV+iCAL
If you are using CalDAV account with ZCS, please help us investigating this problem. On your Mac please do the following and gather some data.
First shutdown iCal app.
Launch terminal app.
You can turn on the debug options in iCal by:
defaults write com.apple.iCal IncludeDebugMenu 1
Turn them off by just reversing it:
defaults write com.apple.iCal IncludeDebugMenu 0
Furthermore, you can log all of the HTTP transaction to the console via:
defaults write com.apple.iCal LogHTTPActivity yes
Turn them off by just reversing it:
defaults write com.apple.iCal LogHTTPActivity no
Logging will show up in /var/log/system.log
Launch iCal app.
Select the shared folder, right click, refresh.
Only Seeing 1 Month Back and 1 Year Ahead In CalDAV
Please see this bug: http://bugzilla.zimbra.com/show_bug.cgi?id=28713
Set to be resolved in 5.0.9
Not seeing Calendar's In iCAL/CALDAV
Space In Calendar Name's And Other "Special Characters"
For space's in Calendar names, this is resolved for the 5.0.7 release. (Need bug # for this)
There have also been reports in the forums that "special characters" can cause an issue where Calendars aren't displayed - even those without the special character name. Note, in one case, the "special character" where Norwegian character.
Server's With Multiple Domains - Effect Users Are In Default Domain
Bug filed:
http://bugzilla.zimbra.com/show_bug.cgi?id=30263
- Conditions:
- On ZCS 5.0.7
- Mac Clients using Zimbra Connector (provided from ZCS 5.0.7) and setting up iCal/CalDAV via the Connector.
- ZCS has multiple domains
- Error:
- Default domain accounts can't see calendars
- Reproduce:
- Clear iCal with no Accounts configured (CALDAV)
- Setup Accounts via Zimbra Connector
- User username@defaultdomain.com as format for the User Name Field
- Work Around:
- Clear iCal with no Accounts configured (CALDAV)
- Setup Accounts via Zimbra Connector
- User username as format for the User Name field
- Non-Default Domains - Works As:
- Clear iCal with no Accounts configured (CALDAV)
- Setup Accounts via Zimbra Connector
- User username@domain.com as format for the User Name Field
- Note, these accounts need @domain, will not work with just username.
iCal And Entourage Use for Calendars - Leopard/10.5 users
Update The 5.0.6+ Connectors will no longer work with Entourage. Your only option for Calendars will be using CalDAV with iCal.App. You still will see an option about Entourage in the Connector but it will be grayed out.
Because of some core issues with Apples SyncServices, we recommend that Entourage and iCal users use iCALv3 (Mac 10.5) configured for CALDAV. Please use the Zimbra Connector instructions to setup iCal for CALDAV.
For Entourage, this recommendation stems from the fact that Microsoft decided to use WebDAV rather than CALDAV. If MS decides later to include CALDAV support for Entourage, we'll have another option.
Please see bug for details:
- RFE: "Leopard - CalDav only" [FIXED]:
- RFE: "Support for Entourage WebDav" [WONTFIX]:
Snow Leopard , Outlook/Entourage , Exchange Web Services
There is no target milestone for it as of today [2010/02/23]. This topic applies to the following references or terms: Exchange auto discovery feature, Exchange Autodiscover service or anything else that relies on Exchange Web Services [ EWS ] on the Mac. Another Apple reference on the topic [pdf warning] : Mac OS X Snow Leopard: Integrating the Mac into an Exchange 2007 Environment .
Please see the following in regards to Zimbra's work and stance on the issue:
- Zimbra has open RFE's for the 'newer' Outlook for Mac versions that use Exchange Web Services [EWS] and will be bypassing the older Entourage versions that use WebDAV.
- "Support for Entourage WebDav" - marked as WONTFIX
- http://bugzilla.zimbra.com/show_bug.cgi?id=24502
- "entourage 2008 integration" - marked as a duplicate of bug 24502 above.
- "Support for Entourage WebDav" - marked as WONTFIX
- RFE: "Enable snow leopard messaging features, Outlook for Mac 2010"
- Assigned but no committed target release, you'll want to include your votes/comments to increase priority.
- http://bugzilla.zimbra.com/show_bug.cgi?id=38631
- Duplicate of bug 38631 above - RFE: "Support for Outlook for Mac 2010"
- http://bugzilla.zimbra.com/show_bug.cgi?id=41106
- In the meantime, Snow Leopard has 3 applications that will work like the following:
- Mail > IMAP [working]
- iCal > CalDAV [working]
- Address Book > CardDav
- We are waiting for Apple to have general support for CardDav and to allow 3rd party servers
- See the following dev comments in bug 22008 - "WebDAV: Add support for CardDav":
- We are waiting for Apple to have general support for CardDav and to allow 3rd party servers
Can't see Calendars after configuring Z-iSync for CALDAV - 10.5 users
You didn't follow the directions most likely. Goto iCal Preferences Accounts.
There should be NO configured accounts prior to configuring Z-iSync for CALDAV.
Remove the current Account listed in iCal and redo configuration for CALDAV with Z-iSync.
Trick to work around address lookup for the Attendee field in iCal Events
Configure the Addressbook using one of the other recommendations on this page.
You can now drag entries from your Addressbook into the Attendee field of iCal.
Attendee Lookups for iCALv3/MacOS10.5
iCal3 [webdav] needs to use the Apple Directory Access utility for attendees (It's on 10.5). It will only work against Apple OD/CAL servers.
RFE filed to include necessary LDAP attributes to provide ical oattendee lookups
See bug [scheduled for 5.0.7]:
http://bugzilla.zimbra.com/show_bug.cgi?id=26619
Free/Busy Lookup not working as expected
The Free/Busy lookup requires auto-attendee lookup to be working.
This requires bug 26619 [ http://bugzilla.zimbra.com/show_bug.cgi?id=26619 ] to be resolved for iCalv3/Mac 10.5.
iCal-CalDAV - server doesn't retain color information from iCal
Summary of issue: Zimbra only supports the preset colors on iCal, which are blue, green, red, orange, pink, and purple.
Please see the following:
- "CalDAV: server does not retain color information from iCal"
- http://bugzilla.zimbra.com/show_bug.cgi?id=26627
- I've added a private comment to this to see if another RFE is needed to expand this and if there's any show stopper reasoning with why it can't be done. I'll update this here when I hear back on it.
I created a bug for this issue, please see:
- "iCal - CalDAV used to create new calendars sets up share permissions on server"
Can't Select Which Calendars To Sync - I Could With 10.4 Though
This is because of the change from iSync to CalDAV. iCal always syncs all the calendars in a given CalDAV account together. The CalDAV spec allows syncing each Calendar, but iCal chooses to sync them all.
There is no known work around at this time. Nor is there an RFE made because the dev's have stated it's an iCal issue. If this changes, I'll update this entry.
iTunes & iPhone configuration for CALDAV
Please see main wiki page on iPhone http://wiki.zimbra.com/index.php?title=IPhone
If you follow the instructions about configuring the Zimbra iSync Connector for CALDAV use, there should be no issues about sync'ing with your iPhone.
At this time, new events created on a iPhone/CALDAV setup will write the event to a local calendar in iCal.app . There's no way around this yet. It's a limitation at this time with Apple's software. You can change the events calendar assignment though later via iCal.app.
Please see Screenshot of iTunes & iPhone
iPhone 3.0 will use port 8443 as default when setting up Caldav, you most likely need to change this to 443.
iCal 10.4 - iSync Issues
Attendee Lookup for iCal/Mac 10.4
iCal.app on Mac 10.4 only uses local entries in Apples Addressbook for address/username lookup for new appointments.
Addressbook+LDAP configuration requires a copy of an "all/*" search in ldap into the local addressbook. Sync doesn't seem to work.
Please see this bug comment and the 10.4 section for more details:
http://bugzilla.zimbra.com/show_bug.cgi?id=26619#c3
New Calendars don't sync unless you select "all". Mac 10.4/Z-isync
Please see bug for details:
http://bugzilla.zimbra.com/show_bug.cgi?id=26653
Sync To Do/Tasks Items in Leopard
RFE filed, please see http://bugzilla.zimbra.com/show_bug.cgi?id=12917
No target date, please vote for this RFE.
Outlook
General Outlook Issues
Getting Older ZCO Versions
First check to see if the release version you want is available on the support portal, you'll need to login to the support portal.
You can download all previous releases from here:
The connectors are in the zimbra-store package. For example:
[root@mail59 zimbra]# find . -name *.msi -print ./jetty-6.1.22.z6/webapps/zimbra/downloads/ZimbraOlkConnector-6.0.6_GA_2324_6.0.5902.6.msi [root@mail59 zimbra]# rpm -qf ./jetty-6.1.22.z6/webapps/zimbra/downloads/ZimbraOlkConnector-6.0.6_GA_2324_6.0.5902.6.msi zimbra-store-6.0.6_GA_2324.RHEL5_64-20100406133038
With a rpm based distro, you'll do something like the following reference shows to extract the files from the rpm using rpm2cpio & cpio vs. needing to "install" the rpm:
Basic gist:
[root@mail59 zimbra]# pwd /tmp/zco-rpm [root@mail59 zimbra]# cp /path/to-untar-zcstarball/packages/zimbra-store* /tmp/zco-rpm/ [root@mail59 zimbra]# rpm2cpio zimbra-store*.rpm | cpio -iv --make-directories `rpm2cpio zimbra-store*.rpm | cpio -t | grep -i zimbraolkconnector`
Getting Older PST Import Tool
For rpm example, see above about getting older ZCO version. This example will be using deb, on ubuntu.
If you don't have ar, install it [as root]
apt-get install binutils
Get ZCS 7.2.7 , for example :
wget https://files2.zimbra.com/downloads/7.2.7_GA/zcs-NETWORK-7.2.7_GA_2942.UBUNTU10_64.20140314190301.tgz
Unpack it:
root@dell2-vm2:/tmp# tar --wildcards -xzvf zcs-NETWORK-7.2.7_GA_2942.UBUNTU10_64.20140314190301.tgz '*store*' zcs-NETWORK-7.2.7_GA_2942.UBUNTU10_64.20140314190301/packages/zimbra-store_7.2.7_GA_2942.UBUNTU10_64_amd64.deb
Then us ar to extract the deb file
root@dell2-vm2:/tmp# ar vx zcs-NETWORK-7.2.7_GA_2942.UBUNTU10_64.20140314190301/packages/zimbra-store_7.2.7_GA_2942.UBUNTU10_64_amd64.deb x - debian-binary x - control.tar.gz x - data.tar.gz
Now you can then get the PST import tool:
root@dell2-vm2:/tmp# tar --wildcards -xzvf data.tar.gz '*PST*' ./opt/zimbra/jetty-6.1.22.z6/webapps/zimbra/downloads/ZCSPSTImportWizard-7.2.7.1022.zip
Import & Export Of Outlook Categories As Zimbra Tags
Under ZCO
Older versions of ZCO documentation had:
- "If categories have been assigned to messages and contacts, these are converted to tags in the user’s Zimbra mailbox."
Newer ZCO releases and documentation now state:
- "Zimbra Tags are synchronized with Outlook Categories"
Import & Export Notes & Journal
Notes & Journal Via PST
In order to keep their Notes and Journal entries, users should save these Outlook items in pst format before syncing and then import the pst file after the initial sync is performed. This would need to be done prior to installing and configuring the Zimbra Outlook Connector. Also, this "import" is via the normal Outlook pst process - NOT via the Zimbra pst import tool.
Related Bugs And Resources
- "Outlook Notes not visible in webmail UI after migration."
- http://bugzilla.zimbra.com/show_bug.cgi?id=5017
- "Support import/migration/sync of outlook notes"
- "Inconsistent handling of "Notes" folder"
- ZCO Support for Multi-Service MAPI Profiles
Into Zimbra Documents
Notes can be exported from Outlook to a CSV file. You can the manipulate this with Excel/Word to a format that would work for you within Zimbra Documents.
In Excel - Add borders to the cells, Adjust fonts, Adjust text spacing and then highlight the data. Ctrl+C .
In Zimbra web client - Goto Documents > New .
Click in body of New Document and Ctrl+V . You should see your Notes now in a Table.
Upload HTML
See:
- "View as HTML and Import as HTML in documents"
Following above example except you format your old Notes to become a HTML file. You could export/save-as using whatever application you like.
Then, in Zimbra web client - Goto Documents > New Drop Down Arrow and select Upload File
This, unfortunately, will get saved under "Briefcase"
Upload File Type For Conversion To Zimbra Documents
Update - This Will Be True For Upcoming Releases
See (Zimbra Employees) - On DF
- "import/export word/excel to documents"
- Internal (Private) RFE - 10124
Notes can be exported from Outlook to a CSV file. Open this file with Excel and make any adjustments you would like and then save as an Excel file.
From the Zimbra webclient, log in with your account details.
Goto the Documents tab.
Click on Import. You'll be able to select Excel files as an import option.
Into Zimbra Tasks?
Initial thoughts.
If one does something like this : http://ZIMBRASERVER/home/ajcody/Tasks
It will give you your tasks in an ics format (iCal). Here's what one tasks would look like:
BEGIN:VCALENDAR PRODID:Zimbra-Calendar-Provider VERSION:2.0 METHOD:PUBLISH BEGIN:VTIMEZONE TZID:(GMT-05.00) Eastern Time (US & Canada) BEGIN:STANDARD DTSTART:19710101T020000 TZOFFSETTO:-0500 TZOFFSETFROM:-0400 RRULE:FREQ=YEARLY;WKST=MO;INTERVAL=1;BYMONTH=11;BYDAY=1SU END:STANDARD BEGIN:DAYLIGHT DTSTART:19710101T020000 TZOFFSETTO:-0400 TZOFFSETFROM:-0500 RRULE:FREQ=YEARLY;WKST=MO;INTERVAL=1;BYMONTH=3;BYDAY=2SU END:DAYLIGHT END:VTIMEZONE BEGIN:VTODO UID:0118908d-2c50-4586-bed1-b135388afcc6 SUMMARY:Tasks Exporting DESCRIPTION:These are my notes I'm putting in for my task. \n LOCATION:My Home PRIORITY:5 PERCENT-COMPLETE:30 ORGANIZER;CN=Adam J. Cody:mailto:ajcody@mail3.internal.homeunix.com DTSTART;VALUE=DATE:20080821 DUE;VALUE=DATE:20080831 STATUS:IN-PROCESS CLASS:PUBLIC DTSTAMP:20080821T170223Z SEQUENCE:1 END:VTODO END:VCALENDAR
As you can see, it would be a difficult task [no pun intended] to convert the data from Outlook Notes into ics format to allow importing to Zimbra Tasks.
If you do find a way, the import process from CLI would be:
curl -u USERNAME:password --data-binary @/tmp/Tasks.ics http://server/service/home/USERNAME/Tasks?fmt=ics
See User_Migration for more details.
ZCO Zimbra Outlook Connector
Supported Versions Of Windows, Outlook, ZCO
I created the following RFE:
- "ZCO matrix table showing supported versions"
Current document for this would be:
ZCO 5.0.10 Release
Local Failure Notice In My Inbox
This is new with this release of the ZCO.
- "Better error reporting for sync issues. A copy of local failures/server failure error messages will be delivered to the inbox."
- "UI: User not alerted of certain errors in a noticeable way"
- http://bugzilla.zimbra.com/show_bug.cgi?id=25884
What To Do When You Get This If You Want To Contact Support
Add these details/steps to the creation of your support case.
- Send us the failure messages.
- Easiest way is to create a temp folder on your desktop, drag all these messages to the folder. (This will create .msg files inside the folder.) Then zip up the folder and send the zip file to us through a support case.
- For each type of errors with an id, get the "Show Original" of one of the failures.
- To get the "Show Original", use an URL like this:
- Format: http(s)://<server>/service/home/<user@domain.com>/~/?fmt=sync&id=<id>
- Example: https://zimbra.foo.com/service/home/user1@foo.com/~/?fmt=sync&id=123456
- Then, select all and copy to a .txt file.
- To get the "Show Original", use an URL like this:
If You Want To Turn This Feature Off
Just create a DWORD value in the registry of HKEY_LOCAL_MACHINE\SOFTWARE\Zimbra\turnOffInboxFailures and set it to 1. Then the local failures won't go to the Inbox. They'll just go to the local failures folder, as before.
ZCO 5.0.7+
ZCO 5.0.7 and higher have new features and also should only be used with ZCS server 5.0.7 or higher.
Check The ZCO 5.0.6 Bug Backport Binary
Login to the support portal and check Zimbra Utility and Beta Downloads.
Or try this direct url:
https://support.zimbra.com/node/71
It will list out the bugs that were back ported.
The complete troubling-shooting guide (dev info requests)
- Reproduce
- ZCO install logs
- msiexec /i zco-installer.msi /lv 00022083-zco-install.log
- Get zco logs
- See Using Logging Control for Troubleshooting; within the below article :
- Check for core dumps - mandatory for all crashes
- Generating Core Dumps :
- Creating a Core Dump from a Running Process using WinDbg :
- Winhttp trace (issues where they can&amp;amp;amp;amp;#39;t connect - check zco logs first). Run this on the machine with Outlook.
- WinHttpTraceCfg -e 1 [prefix] -d 0
- When WinHttpTraceCfg is executed, try sending a message with an attachment. This time a log should be created.
- WinHttpTraceCfg Documentation
- DbgViewHttpTrace :
- WinHttpTraceCfg -e 1 [prefix] -d 0
- Are there any local failures/server failures?
- Winmsd (dump of the local environment configuration)
- Start Run winmsd
- This might take awhile to bring up the application
- From app [System Information titled] , File Export
- What about msinfo32.exe ?
- Start Run winmsd
- External factors (add-ins, other mapi clients)
- Network topology (firewall, proxy, etc)
- Server topology (single/multi-node, clustering, nginx, 3rd party lb)
- Search bugzilla
- Search old support cases
- Can we get remote access?
- Can we get an account on the server?
- Can we access the account in question?
- Get the id of the item
- get the original of the item from the server (mime representation)
- get the .msg of the item from outlook
- Quick analysis of zco logs
- sync - change record creation - CHANGE RECORD
- follow soap requests, look for soap faults
- look for the word - exception
- follow soap traces
- ignore MAPI_E_NOT_FOUND
Performance Issues
Sources:
http://msexchangeteam.com/archive/2007/12/17/447750.aspx
http://blogs.msdn.com/outlook/
http://support.microsoft.com/kb/940226/
http://technet.microsoft.com/en-us/library/bb738147.aspx
The skinny is this, [per Microsoft]
- ...recommended max OST size (2GB)
- ...we strongly recommend storing no more than 5,000 items in core folders, such as the Inbox and Sent Items folders. Creating more top-level folders, or subfolders underneath the Inbox and Sent Items folders, greatly reduces the costs associated with this index creation, so long as the number of items in any one folder does not exceed 5,000.
Can't Send Via Send To -> Mail Recipient
Please see this bug:
http://bugzilla.zimbra.com/show_bug.cgi?id=26730
You shouldn't have this problem with connectors from 5.0.6+
Saving Current Profile Out To Then Re-Import
With Outlook closed/shutdown, you can then copy/rename the *.zdb file under your profile to a .pst file.
Then you can later run the PST Import Wizard to import the file into a new Zimbra profile you setup. One of the options on the Import Wizard let's you import only mail after a specified date - to avoid duplications.
Thunderbird , Lightning, Firefox
Debug Logging For Thunderbird
To create a log file with all POP, SMTP, or IMAP traffic in Mozilla Thunderbird:
For Windows
- Make sure Mozilla Thunderbird is not running.
- Select All Programs | Accessories | Command Prompt from the Start menu.
- Type "set NSPR_LOG_MODULES=" followed immediately by
- "POP3:4" for POP,
- "IMAP:4" for IMAP and
- "SMTP:4" for SMTP
- Press Enter.
- You can enable logging for multiple protocols by separating them with commas (',').
- To log both POP and SMTP traffic, for example, type "set NSPR_LOG_MODULES=POP3:4,SMTP:4" (excluding the quotation marks).
- To log only IMAP traffic, type "set NSPR_LOG_MODULES=IMAP:4", for instance.
- You can enable logging for multiple protocols by separating them with commas (',').
- Type "set NSPR_LOG_FILE=%HOMEDRIVE%%HOMEPATH%\Desktop\tbird_log.txt".
- Press Enter.
- Type "start thunderbird".
- Press Enter again.
- Perform the desired email actions in Mozilla Thunderbird.
- Quit Mozilla Thunderbird and take a look at "tbird_log.txt" on your Desktop.
For Mac OS X
- Open a Terminal window.
- Type "set NSPR_LOG_MODULES=" followed immediately by
- "POP3:4" for POP,
- "IMAP:4" for IMAP and
- "SMTP:4" for SMTP
- Press Enter.
- You can enable logging for multiple protocols by separating them with commas (',').
- To log both POP and SMTP traffic, for example, type "set NSPR_LOG_MODULES=POP3:4,SMTP:4" (excluding the quotation marks).
- To log only IMAP traffic, type "set NSPR_LOG_MODULES=IMAP:4", for instance.
- Type "set NSPR_LOG_FILE=~/Desktop/tbird.log".
- Press Enter.
- Now type "/Applications/Thunderbird.app/Contents/MacOS/thunderbird-bin".
- Press Enter again.
- Perform the desired email actions in Mozilla Thunderbird.
- Quit Mozilla Thunderbird and take a look at "tbird.log" on your Desktop.
For Linux
- Open a Terminal window.
- Type "set NSPR_LOG_MODULES=" followed immediately by
- "POP3:4" for POP,
- "IMAP:4" for IMAP and
- "SMTP:4" for SMTP
- Press Enter.
- You can enable logging for multiple protocols by separating them with commas (',').
- To log both POP and SMTP traffic, for example, type "set NSPR_LOG_MODULES=POP3:4,SMTP:4" (excluding the quotation marks).
- To log only IMAP traffic, type "set NSPR_LOG_MODULES=IMAP:4", for instance.
- Type "set NSPR_LOG_FILE=~/tbird.log.txt".
- Press Enter.
- Type "thunderbird".
- Press Enter again.
- Perform the desired email actions in Mozilla Thunderbird.
- Quit Mozilla Thunderbird and take a look at "tbird.log.txt" in your Home directory.
Thunderbird Contact Sync for Zimbra
Please see the following as a possible solution:
Gnome Evolution And KDE Kontact
Some RFE's I've made:
- "RFE: Official Support For Full Functionality Of Evolution Mail Client [webdav]"
- "RFE: Official Support For Full Functionality Of KDE Kontact Mail Client [webdav]"
Zimbra Desktop [ZD]
ZD References
- ZD Homepage
- ZD FAQ
- ZD Feature Comparison with Competing "Desktop" Products
- ZD Forum Support Page
- Blog About The Internals Of ZD
Using ZD To Import Zimbra TGZ Export User Data
See :
- Problems with importing tgz files - couple of items to fix/clean up
- ZD Installer/Account Setup to allow "Local Only" for mail account setup
IM - Instant Messaging Clients
Spark
Please see:
- Spark_and_Zimbra
- Spark Project Page
SparkWeb
Don't believe this will currently work. I'm still investigating it though.
RFE I made in the meantime:
- "IM server to support Sparkweb / Shockwave - Flash need for crossdomain.xml type file"
Please see:
- SparkWeb Project Page
- SparkWeb How-To
Setting Up Apache For The crossdomain.xml File
Ok, this is just down and dirty. You'll need to handle security issues yourself.
mkdir /opt/zimbra/spark-web vi /opt/zimbra/spark-web/crossdomain.xml
Putting in this,
<?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="*" to-ports="5222" /> </cross-domain-policy>
Set permissions:
chown -R zimbra:zimbra /opt/zimbra/spark-web
Let's configure apache to server this file out and listen on port 5229.
Note, you could also set this up within a Virtual Hosts.
vi /opt/zimbra/conf/httpd.conf Towards the start of the file, add another Listen line for port 5229 under the Listen 80
Listen 5229
Towards the end, add the following to include spark-web directory
Include /opt/zimbra/httpd/conf/extra/spark-web.conf
Let's now make the apache conf file for zmstat-chart.conf
vi /opt/zimbra/httpd/conf/extra/spark-web.conf
Alias /zmstat-chart "/opt/zimbra/spark-web" <Directory "/opt/zimbra/spark-web"> Options Indexes IndexOptions FancyIndexing VersionSort AllowOverride None Order allow,deny Allow from all </Directory>
Restart apache so the changes take effect:
zmapachectl stop zmapachectl start
To test your changes, with a web browser goto:
http://yourapacheserverhostname:5229/crossdomain.xml
You should see the xml file you made.
Now setup the spark-web software on the same box. SparkWeb HOW-TO will guide you but use the /opt/zimbra/spark-web directory you already setup. I'll leave the particulars to this to the HOW-TO referenced. Just remember that when you setup the spark-web client you'll modify it's config file like below.Don't forget to put in your IM servers hostname for "youropenfireserver":
<script type="text/javascript"> function jive_sparkweb_getConfig() { return { server: "youropenfireserver", connectionType: "socket", port: "5222", autoLogin: "false", policyFileURL: "xmlsocket://youropenfireserver:5229" };
Pidgin - Formally GAIM
Please see Pidgin_and_Zimbra
Pidgin Groupchat
Configure For Chat Room:
- Buddies
- Join A Chat
- Account = Zimbra IM Account
- Room
- Either A New One - which will prompt you for setup. Check persistent if you want it to be.
- Enter An Existing Conference Room Name
- Server
- Enter conference.SERVERNAME , Example: conference.example.com
- conference is a default variable that will be added to the primary zimbra hostname/domainname.
- Enter conference.SERVERNAME , Example: conference.example.com
See Public Chat Rooms Listed:
- Buddies
- Join A Chat
- Account = Zimbra IM Account
- Server
- Enter conference.SERVERNAME , Example: conference.example.com
- conference is a default variable that will be added to the primary zimbra hostname/domainname.
- Enter conference.SERVERNAME , Example: conference.example.com
- Click On The "Room List" button
Adium
Please see Adium_and_Zimbra
Adium Groupchat
Configure For Chat Room:
- File
- Join Group Chat
- Set Account To Your Zimbra XMPP/Jabber Account
- Chat Room Name
- Either A New One - which will prompt you for setup. Check persistent if you want it to be.
- Enter An Existing Conference Room Name
- Server
- Enter conference.SERVERNAME , Example: conference.example.com
- conference is a default variable that will be added to the primary zimbra hostname/domainname.
- Enter conference.SERVERNAME , Example: conference.example.com
See Public Chat Rooms Listed:
- File
- Highlight Your Zimbra Account until the options show on the right.
- Discovery Browser
Digsby
Just discovered this project, though I haven't used it much. Might be worth checking out. It's available for Windows [Beta] and coming "soon" for Mac and Linux. Does IM, Email notification, and Social Networking stuff.
- Digsby Home Page
- http://www.digsby.com/
- Features:
- digsby is a multiprotocol IM client that lets you chat with all your friends on AIM, MSN, Yahoo, ICQ, Google Talk, and Jabber with one simple to manage buddy list.
- digsby is an email notification tool that alerts you of new email and lets you perform actions such as 'Delete' or 'Report Spam' with just one click.
- digsby is a social networking tool that alerts you of events like new messages and gives you a live Newsfeed of what your friends are up to.
- Features:
- Items to Notes:
- Where is group chat?
- We had some bugs with group chat so we launched Digsby beta without it. However, we will bring it back in the near future.
- Requires account setup with Digsby. This might not be acceptable for some customers for security reasons.
- Where is group chat?
- http://www.digsby.com/
Empath
Please see Empathy_and_Zimbra
Other Topics
PGP , GPG , Domain Keys, Encryption
Just references as I find them:
- "GPG/PGP support"
- The last two bugs look to be held up because of amavis, we are waiting for a release from them that will support what we need to do.
- "DKIM/DK signing support in Amavisd"
- Duplicate of above
- "Domain Keys and signed inbound/outbound mail"
Third Party Option:
- The "Zimbra OpenPGP Zimlet"
Calendar Issues
Calendar Issues Homepage
Please see Ajcody-Calendar-Issues
Specific Client Application Issues
Please see this page instead, this page will try to deal with server internals or "calendar" issues as within the ics itself.
Can't See User's Freebusy
A user can turn off on a per calendar basis the feature of broadcasting their F/B status of that calendar. In ZWC, right click on folder and look at the properties. To change/view this from the commandline:
To see what folders a user has: zmmailbox -z -m user@domain.com gaf Calendar ones will be appo under the View column. The below will let you see if the calendar is doing F/B or not : zmmailbox -z -m user@domain.com gf /Calendar Help: getFolder(gf) [opts] {folder-path} -v/--verbose verbose output It'll give a bunch of data, including: "isExcludedFromFreeBusy": false, To turn it off [0] or on [1], zmmailbox -z -m user@domain.com mfefb /Calendar 0 Help: modifyFolderExcludeFreeBusy(mfefb) {folder-path} [0|1*] Ref: http://wiki.zimbra.com/wiki/Zmmailbox
Free Busy F/B Lookup Via URL Strings
The url sting to see another persons free/busy if they have it open for permission [in the users preferences] is:
http[s]://SERVER/zimbra/home/USER?fmt=freebusy
Some other methods or options are. To download the ics file:
http[s]://SERVER/zimbra/home/USER@DOMAIN/.ics or http[s]://SERVER/zimbra/home/USER/.ics
To show a weeks worth of F/B data:
http[s]://SERVER/zimbra/home/USER?view=week&fmt=freebusy
To get iCalendar format of the calendar, replace the fmt=freebusy with ifb
http[s]://SERVER/zimbra/home/USER?fmt=ifb
With ZCS8, we also have these options now - VEVENT [fbfmt=event]
http[s]://SERVER/zimbra/home/USER?fmt=ifb?fbfmt=event
or VFREEBUSY [fbfmt=freebusy] format
http://server/home/userfb/?fmt=ifb?fbfmt=freebusy
Some Helpful Scripts To Run Against ICS File
parseics.pl
Will determine if an event has attendees but is missing an organizer. Normally, customers will delete the event and just recreate it with the information that is present from the output.
usage : ./parseics.pl filename.ics
#!/usr/bin/perl $file = $ARGV[0]; if (!$file) { print "Must specify filename.\n"; exit; } elsif (!-e $file) { print "File does not exist!\n"; exit; } else { #print "File exists. Continuing...\n"; open(ICS, "<$file"); @ics = <ICS>; $errors=0; $events=0; for ($i=0;$i<=$#ics;$i++) { if ($ics[$i] =~ "BEGIN:VEVENT") { $organizer=0; $attendee=0; $event=""; #print "vevent start\n"; while ($ics[$i+1] !~ "END:VEVENT") { $event .= $ics[$i]; if ($ics[$i] =~ "ORGANIZER") { $organizer=1; } if ($ics[$i] =~ "ATTENDEE") { $attendee=1; } $i++; } #print "vevent end\n"; if ($attendee && !$organizer) { $event .= $ics[$i]; $event .= $ics[$i+1]; print "Invalid event. Attendee but no organizer present!\n"; print $event; $errors++; } $events++; } } print "$errors error(s) out of a total of $events events present.\n"; }
ical-split.pl
Will break up an ics dump into one file per vevent.
#!/usr/bin/perl # ical-parse.pl # b 2008 03 12 #insist on an input file if ( scalar(@ARGV) < 1 ) { print "Please specify a filename.\n" and usage() and exit; } my $infile = shift @ARGV; $numevents = qx/grep BEGIN:VEVENT $infile | wc -l/; chomp $numevents; $numevents =~ s/[^0-9]//g; $TRUE=1;$FALSE=0; $eventcount=0; $summary=''; $inVEVENT = $FALSE; # track whether we are in the middle of a vevent @currentVEVENT=(''); # hold the lines of the current vevent in this array (this will hog memory :() open( INFILE, $infile ) or die "Could not open $infile for read: $!"; while ($line = <INFILE> ) { chomp $line; if ( $line =~ m/^BEGIN:VEVENT$/ ) { # case I. ($inVEVENT) and die "Error: found new BEGIN:VEVENT without END:VEVENT\n"; $inVEVENT = $TRUE; $eventcount++; @currentVEVENT=($line); } elsif ( $line =~ m/^END:VEVENT$/ ) { # case II. (!$inVEVENT) and die "Error: found END:VEVENT without BEGIN:VEVENT\n"; push(@currentVEVENT, $line); $size = $#currentVEVENT; $zeros = zeropad($eventcount, $numevents); #eh ever heard of sprintf $outfile = "${zeros}${eventcount}-${summary}-${size}.ics"; open( OUTFILE, ">>", $outfile ) or die "Could not open $outfile for write: $!"; foreach $l (@currentVEVENT) { print OUTFILE "$l\n"; } close OUTFILE; $inVEVENT=$FALSE; $summary=''; $size=0; @currentVEVENT=(''); } elsif ( ($temp) = ( $line =~ m/^SUMMARY:(.*)$/ ) ) { # case III.A. $summary = $temp; #forget why temp $summary =~ s/[^-a-zA-Z0-9.]/_/g; push(@currentVEVENT, $line); } elsif ($inVEVENT) { # case III. push(@currentVEVENT, $line); } } $cases=' I. BEGIN:VEVENT A. (inVEVENT) and error: previous event not closed B. (else) set inVEVENT, start array, push line II. END:VEVENT A. (inVEVENT) push line, write array, unset inVEVENT, unset summary, empty array B. (else) error: no event started III. <event line> A (matches ^SUMMARY:) and set summary, push line IV. <non event line> '; exit; sub usage { print "Usage: $0 <ical file>\nWrites a new file for each VEVENT\n"; } sub zeropad() { #num-to-pad, total-with-max-digits, return 0... $num=shift; $total=shift; $curr=length($num); $max=length($total); $pad=''; for ($x=0; $x < ($max-$curr); $x++) { $pad .= '0'; } return "$pad"; }
ZCS CLI Utilities
zmcalchk
This command checks the consistency of appointments on the Zimbra calendar and sends an email notification regarding inconsistencies. For example, it checks if all attendees and organizers of an event on the calendar agree on start/stop times and occurrences of a meeting.
Help output from ZCS 5.0.23
$zmcalchk Usage: zmcalchk [-d] [-n <type>] <user> <start-time-spec> <end-time-spec> See the output of 'zmmailbox help appointment' for details on time-specs. -d DEBUG: extremely verbose details -m Max attendees to check, (default 50) -n <none|user|organizer|attendee|all> whom to notify (default none)
zmfixtz
Other wiki reference: Time_Zone_Changes_for_2007_and_ZCS
Help output from ZCS 5.0.23
$ zmfixtz -h usage: zmfixtz -a <account(s)> [options] -a,--account <arg> account email addresses seperated by white space or "all" for all accounts --after <arg> fixup calendar items after this time; defaults to beginning of 2007 --country <arg> two-letter country code if running country-specific fixup -h,--help Displays this help message. -s,--server <arg> Mail server hostname. Default is localhost. --sync run synchronously; default is asynchronous -Y,--authtokenfile <arg> use auth token string(has to be in JSON format) from command line -y,--authtoken <arg> use auth token string(has to be in JSON format) from command line
zmtzupdate
This command is used to update time zone changes in existing appointments for specific users or all users. A .ics rule file should first be created to run with this command. A rule file lists a series of rules to match a time zone and the replacement time zone definitions. More information about this command can be found at Changing_ZCS_Time_Zones .
Syntax :
zmtzupdate --rulefile <rule file> -a <“all” or list of specific email addresses> [--sync] [--after <date/time stamp>]
Help output from ZCS 5.0.23
usage: zmtzupdate --rulefile <rule file> -a <account(s)> [options] -a,--account <arg> account email addresses seperated by white space or "all" for all accounts --after <arg> fixup calendar items after this time; defaults to beginning of 2007 -h,--help Displays this help message. --rulefile <arg> xml file containing fixup rules -s,--server <arg> Mail server hostname. Default is localhost. --sync run synchronously; default is asynchronous -Y,--authtokenfile <arg> use auth token string(has to be in JSON format) from command line -y,--authtoken <arg> use auth token string(has to be in JSON format) from command line
zmprov calendar help description
Help output from ZCS 5.0.23
$ zmprov help calendar createCalendarResource(ccr) {name@domain} {password} [attr1 value1 [attr2 value2...]] deleteCalendarResource(dcr) {name@domain|id} getAllCalendarResources(gacr) [-v] [-e] [-s server] [{domain}] getCalendarResource(gcr) {name@domain|id} [attr1 [attr2...]] modifyCalendarResource(mcr) {name@domain|id} [attr1 value1 [attr2 value2...]] purgeAccountCalendarCache(pacc) {name@domain|id} [...] renameCalendarResource(rcr) {name@domain|id} {newName@domain} op = eq, has, startswith, endswith, ge, le, gt, lt
zmprov freebusy help description
Help output from ZCS 5.0.23
$ zmprov help freebusy getAllFbp(gafbp) [-v] getFreebusyQueueInfo(gfbqi) [{provider-name}] pushFreebusy(pfb) {domain|account-id} [account-id ...]
zmmailbox appointment help description
Help output from ZCS 5.0.23
$ zmmailbox help appointment getAppointmentSummaries(gaps) [opts] {start-date-spec} {end-date-spec} {folder-path} -v/--verbose verbose output absolute date-specs: mm/dd/yyyy (i.e., 12/25/1998) yyyy/dd/mm (i.e., 1989/12/25) \d+ (num milliseconds, i.e., 1132276598000) relative date-specs: [mp+-]?([0-9]+)([mhdwy][a-z]*)?g +/{not-specified} current time plus an offset - current time minus an offset (0-9)+ value ([mhdwy][a-z]*) units, everything after the first character is ignored (except for "mi" case): m(onths) mi(nutes) d(ays) w(eeks) h(ours) y(ears) examples: 1day 1 day from now +1day 1 day from now p1day 1 day from now +60mi 60 minutes from now +1week 1 week from now +6mon 6 months from now 1year 1 year from now
zmmailbox search help description
You can use this to search appointments with :
- -t appointment
Help output from ZCS 5.0.23
$ zmmailbox help search search(s) [opts] {query} -c/--current current page of search results -t/--types <arg> list of types to search for (message,conversation,contact,appointment,document,task,wiki) -p/--previous previous page of search results -n/--next next page of search results -l/--limit <arg> max number of results to return -s/--sort <arg> sort order TODO -v/--verbose verbose output searchConv(sc) [opts] {conv-id} {query} -c/--current current page of search results -t/--types <arg> list of types to search for (message,conversation,contact,appointment,document,task,wiki) -p/--previous previous page of search results -n/--next next page of search results -l/--limit <arg> max number of results to return -s/--sort <arg> sort order TODO -v/--verbose verbose output
Appointment Items Within Mysql
DESCRIBE mboxgroup[#].appointment Database Table
See :
The Query For ALL Appointments For A Particular User
See :
Mobile & Phone Issues
Actual Mobile & Phone Topics Homepage
Please see Ajcody-Mobile-Topics
Help Me Understand the Mobility Options
Let's break it down to three forms of access for mobile devices.
Mobile Web Client - http://www.zimbra.com/products/mobile_web_browser.html
A. Setups the web access to the Zimbra server to be viewable from a mobile device. This is accessing mail over the "web browser" on the mobile phone.
A1. http://servername.com/zimbra/m/
B. Built in - no license or additional software needed.
Zimbra Mobile - http://www.zimbra.com/products/mobile_smartphone.html
A. This allows two-way, over-the-air synchronization between the mobile device and Zimbra server.
A1. Think of this as "fat client" mail sync'ing on a mobile device
B. This page will describe that process in better detail - http://wiki.zimbra.com/index.php?title=Mobile_Device_Setup
C. License required
Blackberry - http://www.zimbra.com/products/mobile_blackberry.html
A. Blackberry "two-way, over-the-air synchronization" requires the use of a Blackberry server. We use a "connector" on the Blackberry server that allows BES device to use their "fat client" for mail sync'ing.
B. This option requires a separate server, a Windows box that will run the Blackberry server software.
C. Zimbra Mobile license required. Windows Blackberry server require with appropriate Blackberry licenses. Installation of Zimbra BlackberryConnector on the Blackberry server.
Zimbra Mobile/Blackberry requires the license file to enable it. This cost can be discussed with your sales contact. It's only the Blackberry configuration that requires a "software" installation - so to speak. Enabling "Zimbra Mobility/option 2 above" is a license requirement - not a software installation one - and then configuration for the user. "You enable Zimbra Mobile in the ZCS COS or for individual Accounts."
Forum Support For Mobile Options
The Mobility Forum has three sections.
J2ME Client (Beta Product) - Project Stopped
General Mobile Issues
What Devices Are Supported And How-To
I've made the following RFE's recently. I'm hoping we continue doing this going forward as well.
- "Cross link supported mobile device page with wiki page setup how-to for that model" [private]
- http://bugzilla.zimbra.com/show_bug.cgi?id=43995
- Internal RFE work about updating http://www.zimbra.com/products/zimbra_mobile_device_list.html and creating how-to's for models.
- Internal RFE to "Update list of supported mobile devices" [private]
- Internal RFE work about updating http://www.zimbra.com/products/zimbra_mobile_device_list.html and creating how-to's for models.
- http://bugzilla.zimbra.com/show_bug.cgi?id=43995
Requests For Support - Assorted
- Official Support for Palm Pre Phone
- http://bugzilla.zimbra.com/show_bug.cgi?id=43989
- Certs and Palm
- Installing self-signed and privately issued certificates - Palm
- Steps to setup import of certificate on Palm. You can also use this url to "download" the file to a machine - http://YOURZIMBRAHOSTNAME.com:7071/ca.der - after you setup the ca.der file following these steps.
- * Log into server as root
- cd /opt/zimbra/ssl/zimbra/ca
- openssl x509 -in ca.pem -out ca.der -outform DER
- cp /opt/zimbra/ssl/zimbra/ca/ca.der /opt/zimbra/httpd/htdocs/
- grep x509 /opt/zimbra/httpd/conf/mime.types
- * if it returns:
- application/x-x509-ca-cert der crt
- ** or
- application/x-x509-ca-cert der
- * Then you can STOP here, if not, then do the following:
- vi /opt/zimbra/httpd/conf/mime.types
- * And then at the end of the file, or in alphabetical order (since the list in the file is in alphabetical order),
- * add the following line:
- application/x-x509-ca-cert der crt
- * If you had to add the line to mime.types , you'll need to restart zimbra at some point before you can continue
- * with the tests below.
- * To test, in a web browser:
- http://YOURZIMBRAHOSTNAME.com:7780/ca.der
- * You should be prompted about accepting cert, you can cancel out of this.
- * To Transfer Zimbra server CA to your mobile device:
- * On the mobile device, browse to
- http://yourzimbradomain.com:7780/ca.der
- ** (you should be prompted to install the CA certificate)
- * Ensure you check both check-boxes for the trust settings for Internet and Online Certificate Check
Special Note About Android Phone's
- No Idea If This RFE I Made Will Go Anywhere
- "RFE: Zimbra Developed Active-Sync Email Client for Android marketplace"
- "Model" requests
- Official Support for Google Android Phone
- http://bugzilla.zimbra.com/show_bug.cgi?id=43988
- Support has been trying to add specific how-to details for the various email software packages that Android phones can come with as we get availability to them. Please feel free to do likewise if you find your software isn't listed and your comfortable with describing how to set it up for others.
- http://bugzilla.zimbra.com/show_bug.cgi?id=43988
- "Support for HTC Magic (Running Android OS with ActiveSync support)"
- "Mobile crashes on HTC G1 Android
- "Official Support for HTC Eris w/ HTC "Work Email" App [AndroidOS]"
- "Official Support for HTC Tatoo w/ HTC "Work Email" App [AndroidOS]"
- "Official Support for HTC Hero w/ HTC "Work Email" App [AndroidOS]"
- "Official Support for HTC Desire w/ HTC "Work Email" App [AndroidOS]"
- Official Support for Google Android Phone
- Reported "Issues"
- "Support for HTC "Work Email" Android app for ActiveSync"
- http://bugzilla.zimbra.com/show_bug.cgi?id=41145
- Currently is tracking the "Unknown encoding: utf-8" issue that prevents sending of email.
- http://bugzilla.zimbra.com/show_bug.cgi?id=41145
- "From not displayed on android active sync for messages with From: email@domain.com"
- "New incoming messages are marked as read on android"
- "Support HTML email for Android phones"
- "Android 2.0: Email text body truncated"
- "Android 2.0 Stops Syncing Calendar"
- "Cannot read email on droid 2.1"
- "On droid, content of messages from other emails"
- "Android forwards as .eml attachment"
- "Support for HTC "Work Email" Android app for ActiveSync"
Special Note About Nokia's
- "Model" Requests:
- Official Support for Nokia N97 Phone
- Official Support for Nokia E52 Phone
- Official Support for Nokia E75 Phone
- Official Support for Nokia E72 Phone
- Reported "Issues":
- "Nokia Mail for Exchange sends sender name as "Mail for Exchange""
- Duplicate of above bug - 40633
- ""Mail for Exchange" sender which cannot be changed in MfE 2.9.158"
- "outbox doesn't sync with mail for exchange 2.9"
- http://bugzilla.zimbra.com/show_bug.cgi?id=42947
- Dups of above
- "cannot send mail with MailForEchange / Nokia e55"
- "E75 fails to send mail through mobile sync"
- "Zimbra Mobile, Nokia E61 and Mail For Exchange 2.0 does not work"
From Nokia's Website :
- Supported devices:
- Nokia devices with ActiveSync built into the email client:
- Nokia E75, Nokia E72, Nokia E55, Nokia E52, Nokia N86 8MP, Nokia 6710 Navigator and Nokia 6730 classic
- Nokia devices with ActiveSync built into the email client:
- Nokia devices with Mail for Exchange email client:
- Certified devices:
- Nokia Eseries: Nokia E51, Nokia E63, Nokia E66, Nokia E71, Nokia E90
- Nokia Nseries: Nokia N76, Nokia N81, Nokia N81 8GB, Nokia N82, Nokia N95, Nokia N95 8GB
- Other Nokia S60 3rd Edition devices: Nokia 6120
- Enabled devices:
- Nokia 5700 Xpress Music, Nokia 6110 Navigator, Nokia 6121, Nokia 6210 Classic, Nokia 6290
- Certified devices are devices on which the functionality of the Mail for Exchange software client has been validated.
- Enabled devices are devices on which the functionality of the Mail for Exchange software client has not been validated individually, but where the functionality of the Mail for Exchange software client on a certified device has been validated in the same software branch.
- Certified devices:
- Supported devices:
Some Issues Addressed On Nokia'S Support Forum:
- Nokia's : * Discussions Main Page * Tips and Troubleshooting * Messaging
- "MAILFOREXCHANGE where is the outbox?"
Mobiles And GAL Searches
Some RFE's to watch:
- "RFE: Doc from test/qa what mobiles & their software can search against in GAL"
- "zimbraAccount missing useful attributes"
Bugs To Be Aware Of
- "Sync tasks for ZimbraMobile"
- "MobileSync Multiple Calendars and Addressbooks"
Logs To Review For Mobile Issues
From Ajcody-Logging#What.27s_up_with_all_the_logs.3F
- /opt/zimbra/log/sync.log - zimbra mobile and activesync
- Your mobile devices will basically log here. If device is configured for EWS though, see also the ews.log .
- /opt/zimbra/log/mailbox.log - where most of your mailbox store activity is logged
- This log is the mailboxd log4j server log containing the logs from the mailbox server. This includes activity from the mailbox store, LMTP server, IMAP and POP servers, and Index server.
- /opt/zimbra/log/ews.log - ews log events.
- For clients configured for EWS.
You can also increase logging on a per user basis to help trouble shoot any issues your seeing.
zmprov help log
You enable increased logging:
zmprov aal user@domain {logging-category} {trace|debug|info|warn|error}
Top three log categories for trouble shooting mobile/ews user issues :
- zimbra.ews - EWS operations
- zimbra.mailbox - General mailbox operations
- zimbra.sync - Sync client operations
- Other Possible Logs To Review:
- /opt/zimbra/log/synctrace.log - zimbra mobile and activesync
- Still looking for description that describes difference with sync.log
- /opt/zimbra/log/syncstate.log - no description found
- No description found.
- /opt/zimbra/log/synctrace.log - zimbra mobile and activesync
Example Mobile Log Events
Sending an email from Android
Sending an email from Android device:
[zimbra@mail-172 log]$ cat sync.log
2015-04-28 14:57:51,614 INFO [qtp509886383-80558:https://192.168.1.172:8443/Microsoft-Server-ActiveSync?Cmd=SendMail&SaveInSent=T&User=androiduser%40mail-172.example.com&DeviceId=SEC3D6EFC1F50A29&DeviceType=SAMSUNGSMT237P] [name=androiduser@mail-172.example.com;mid=21;ip=192.168.1.172;DeviceID=SEC3D6EFC1F50A29;Cmd=SendMail;Version=12.1;] sync - Response size 0 bytes 2015-04-28 14:57:51,614 INFO [qtp509886383-80558:https://192.168.1.172:8443/Microsoft-Server-ActiveSync?Cmd=SendMail&SaveInSent=T&User=androiduser%40mail-172.example.com&DeviceId=SEC3D6EFC1F50A29&DeviceType=SAMSUNGSMT237P] [name=androiduser@mail-172.example.com;mid=21;ip=192.168.1.172;DeviceID=SEC3D6EFC1F50A29;Cmd=SendMail;Version=12.1;] sync - HTTP/1.1 200 OK 2015-04-28 14:57:54,454 INFO [qtp509886383-80563:https://192.168.1.172:8443/Microsoft-Server-ActiveSync?Cmd=Sync&User=androiduser%40mail-172.example.com&DeviceId=SEC3D6EFC1F50A29&DeviceType=SAMSUNGSMT237P] [name=androiduser@mail-172.example.com;mid=21;ip=192.168.1.172;DeviceID=SEC3D6EFC1F50A29;Cmd=Sync;Version=12.1;class=Email;folder=5;] sync - C new: 0, S latest: 0, C confirmed: 0, new filter: UNSPECIFIED, prev filter: UNSPECIFIED, modnew: 0, modconfirmed: 0 2015-04-28 14:57:54,482 INFO [qtp509886383-80563:https://192.168.1.172:8443/Microsoft-Server-ActiveSync?Cmd=Sync&User=androiduser%40mail-172.example.com&DeviceId=SEC3D6EFC1F50A29&DeviceType=SAMSUNGSMT237P] [name=androiduser@mail-172.example.com;mid=21;ip=192.168.1.172;DeviceID=SEC3D6EFC1F50A29;Cmd=Sync;Version=12.1;class=Email;folder=5;] sync - Folder[5], C:0/F, S:1/F, mod new: 0, mod confirmed: 0, server Exp/AddOrChg/Del: 0/0/0, track id: 0 2015-04-28 14:57:54,606 INFO [qtp509886383-80563:https://192.168.1.172:8443/Microsoft-Server-ActiveSync?Cmd=Sync&User=androiduser%40mail-172.example.com&DeviceId=SEC3D6EFC1F50A29&DeviceType=SAMSUNGSMT237P] [name=androiduser@mail-172.example.com;mid=21;ip=192.168.1.172;DeviceID=SEC3D6EFC1F50A29;Cmd=Sync;Version=12.1;] sync - Response size 63 bytes 2015-04-28 14:57:54,606 INFO [qtp509886383-80563:https://192.168.1.172:8443/Microsoft-Server-ActiveSync?Cmd=Sync&User=androiduser%40mail-172.example.com&DeviceId=SEC3D6EFC1F50A29&DeviceType=SAMSUNGSMT237P] [name=androiduser@mail-172.example.com;mid=21;ip=192.168.1.172;DeviceID=SEC3D6EFC1F50A29;Cmd=Sync;Version=12.1;] sync - HTTP/1.1 200 OK 2015-04-28 14:57:54,717 INFO [qtp509886383-80564:https://192.168.1.172:8443/Microsoft-Server-ActiveSync?Cmd=Ping&User=androiduser%40mail-172.example.com&DeviceId=SEC3D6EFC1F50A29&DeviceType=SAMSUNGSMT237P] [name=androiduser@mail-172.example.com;mid=21;ip=192.168.1.172;DeviceID=SEC3D6EFC1F50A29;Cmd=Ping;Version=12.1;] sync - [Ping] (session 5112) for [MESSAGE:2, CONTACT:7, APPOINTMENT:10, TASK:15] suspending for 650 seconds, isInitial=true 2015-04-28 14:57:54,717 INFO [qtp509886383-80555:https://192.168.1.172:8443/Microsoft-Server-ActiveSync?Cmd=Ping&User=androiduser%40mail-172.example.com&DeviceId=SEC3D6EFC1F50A29&DeviceType=SAMSUNGSMT237P] [name=androiduser@mail-172.example.com;mid=21;ip=192.168.1.172;DeviceID=SEC3D6EFC1F50A29;Cmd=Ping;Version=12.1;] sync - [Ping] (session 5111) Listener got cancelled after 194 seconds (targeted 650 seconds) 2015-04-28 14:57:54,717 INFO [qtp509886383-80555:https://192.168.1.172:8443/Microsoft-Server-ActiveSync?Cmd=Ping&User=androiduser%40mail-172.example.com&DeviceId=SEC3D6EFC1F50A29&DeviceType=SAMSUNGSMT237P] [name=androiduser@mail-172.example.com;mid=21;ip=192.168.1.172;DeviceID=SEC3D6EFC1F50A29;Cmd=Ping;Version=12.1;] sync - Response size 13 bytes 2015-04-28 14:57:54,717 INFO [qtp509886383-80555:https://192.168.1.172:8443/Microsoft-Server-ActiveSync?Cmd=Ping&User=androiduser%40mail-172.example.com&DeviceId=SEC3D6EFC1F50A29&DeviceType=SAMSUNGSMT237P] [name=androiduser@mail-172.example.com;mid=21;ip=192.168.1.172;DeviceID=SEC3D6EFC1F50A29;Cmd=Ping;Version=12.1;] sync - HTTP/1.1 200 OK 2015-04-28 14:57:55,192 INFO [qtp509886383-80564:https://192.168.1.172:8443/Microsoft-Server-ActiveSync?Cmd=GetItemEstimate&User=androiduser%40mail-172.example.com&DeviceId=SEC3D6EFC1F50A29&DeviceType=SAMSUNGSMT237P] [name=androiduser@mail-172.example.com;mid=21;ip=192.168.1.172;DeviceID=SEC3D6EFC1F50A29;Cmd=GetItemEstimate;Version=12.1;] sync - Response size 27 bytes 2015-04-28 14:57:55,192 INFO [qtp509886383-80564:https://192.168.1.172:8443/Microsoft-Server-ActiveSync?Cmd=GetItemEstimate&User=androiduser%40mail-172.example.com&DeviceId=SEC3D6EFC1F50A29&DeviceType=SAMSUNGSMT237P] [name=androiduser@mail-172.example.com;mid=21;ip=192.168.1.172;DeviceID=SEC3D6EFC1F50A29;Cmd=GetItemEstimate;Version=12.1;] sync - HTTP/1.1 200 OK 2015-04-28 14:57:55,862 INFO [qtp509886383-80563:https://192.168.1.172:8443/Microsoft-Server-ActiveSync?Cmd=Sync&User=androiduser%40mail-172.example.com&DeviceId=SEC3D6EFC1F50A29&DeviceType=SAMSUNGSMT237P] [name=androiduser@mail-172.example.com;mid=21;ip=192.168.1.172;DeviceID=SEC3D6EFC1F50A29;Cmd=Sync;Version=12.1;class=Email;folder=5;] sync - C new: 1, S latest: 1, C confirmed: 0, new filter: PAST_THREE_DAYS, prev filter: UNSPECIFIED, modnew: 0, modconfirmed: 0 2015-04-28 14:57:55,936 INFO [qtp509886383-80563:https://192.168.1.172:8443/Microsoft-Server-ActiveSync?Cmd=Sync&User=androiduser%40mail-172.example.com&DeviceId=SEC3D6EFC1F50A29&DeviceType=SAMSUNGSMT237P] [name=androiduser@mail-172.example.com;mid=21;ip=192.168.1.172;DeviceID=SEC3D6EFC1F50A29;Cmd=Sync;Version=12.1;class=Email;folder=5;] sync - window size is adjusted from 50 to 25
[zimbra@mail-172 log]$ cat mailbox.log
2015-04-28 14:57:45,464 INFO [qtp509886383-80558:https://192.168.1.172:8443/Microsoft-Server-ActiveSync?Cmd=SendMail&SaveInSent=T&User=androiduser%40mail-172.example.com&DeviceId=SEC3D6EFC1F50A29&DeviceType=SAMSUNGSMT237P] [name=androiduser@mail-172.example.com;mid=21;ip=192.168.1.172;DeviceID=SEC3D6EFC1F50A29;Cmd=SendMail;Version=12.1;] mailop - Adding Message: id=257, Message-ID=<bd9vf4rtikslodntspehp6cr.1430247450588@email.android.com>, parentId=-1, folderId=5, folderName=Sent. 2015-04-28 14:57:46,025 INFO [qtp509886383-80558:https://192.168.1.172:8443/Microsoft-Server-ActiveSync?Cmd=SendMail&SaveInSent=T&User=androiduser%40mail-172.example.com&DeviceId=SEC3D6EFC1F50A29&DeviceType=SAMSUNGSMT237P] [name=androiduser@mail-172.example.com;mid=21;ip=192.168.1.172;DeviceID=SEC3D6EFC1F50A29;Cmd=SendMail;Version=12.1;] smtp - Sending message to MTA at mail-172.example.com: Message-ID=<bd9vf4rtikslodntspehp6cr.1430247450588@email.android.com> 2015-04-28 14:57:51,602 INFO [qtp509886383-80558:https://192.168.1.172:8443/Microsoft-Server-ActiveSync?Cmd=SendMail&SaveInSent=T&User=androiduser%40mail-172.example.com&DeviceId=SEC3D6EFC1F50A29&DeviceType=SAMSUNGSMT237P] [name=androiduser@mail-172.example.com;mid=21;ip=192.168.1.172;DeviceID=SEC3D6EFC1F50A29;Cmd=SendMail;Version=12.1;] mailop - adding contact admin@mail-172.example.com: id=258, folderId=13, folderName=Emailed Contacts. 2015-04-28 14:57:55,924 INFO [MailboxPurge] [name=user2@mail-172.example.com;mid=10;] purge - Purging messages.
Deleting an email from Android
Deleting an email from the Android device [message in the Sent folder]:
[zimbra@mail-172 log]$ cat sync.log
2015-04-28 14:59:53,195 INFO [qtp509886383-80563:https://192.168.1.172:8443/Microsoft-Server-ActiveSync?Cmd=Sync&User=androiduser%40mail-172.example.com&DeviceId=SEC3D6EFC1F50A29&DeviceType=SAMSUNGSMT237P] [name=androiduser@mail-172.example.com;mid=21;ip=192.168.1.172;DeviceID=SEC3D6EFC1F50A29;Cmd=Sync;Version=12.1;class=Email;folder=5;] sync - C new: 2, S latest: 2, C confirmed: 1, new filter: PAST_THREE_DAYS, prev filter: UNSPECIFIED, modnew: 26, modconfirmed: 0 2015-04-28 14:59:53,212 INFO [qtp509886383-80566:https://192.168.1.172:8443/Microsoft-Server-ActiveSync?Cmd=Ping&User=androiduser%40mail-172.example.com&DeviceId=SEC3D6EFC1F50A29&DeviceType=SAMSUNGSMT237P] [name=androiduser@mail-172.example.com;mid=21;ip=192.168.1.172;DeviceID=SEC3D6EFC1F50A29;Cmd=Ping;Version=12.1;] sync - [Ping] (session 5113) for [MESSAGE:2, CONTACT:7, APPOINTMENT:10, TASK:15] suspending for 650 seconds, isInitial=true 2015-04-28 14:59:53,212 INFO [qtp509886383-80564:https://192.168.1.172:8443/Microsoft-Server-ActiveSync?Cmd=Ping&User=androiduser%40mail-172.example.com&DeviceId=SEC3D6EFC1F50A29&DeviceType=SAMSUNGSMT237P] [name=androiduser@mail-172.example.com;mid=21;ip=192.168.1.172;DeviceID=SEC3D6EFC1F50A29;Cmd=Ping;Version=12.1;] sync - [Ping] (session 5112) Listener got cancelled after 118 seconds (targeted 650 seconds) 2015-04-28 14:59:53,212 INFO [qtp509886383-80564:https://192.168.1.172:8443/Microsoft-Server-ActiveSync?Cmd=Ping&User=androiduser%40mail-172.example.com&DeviceId=SEC3D6EFC1F50A29&DeviceType=SAMSUNGSMT237P] [name=androiduser@mail-172.example.com;mid=21;ip=192.168.1.172;DeviceID=SEC3D6EFC1F50A29;Cmd=Ping;Version=12.1;] sync - Response size 13 bytes 2015-04-28 14:59:53,212 INFO [qtp509886383-80564:https://192.168.1.172:8443/Microsoft-Server-ActiveSync?Cmd=Ping&User=androiduser%40mail-172.example.com&DeviceId=SEC3D6EFC1F50A29&DeviceType=SAMSUNGSMT237P] [name=androiduser@mail-172.example.com;mid=21;ip=192.168.1.172;DeviceID=SEC3D6EFC1F50A29;Cmd=Ping;Version=12.1;] sync - HTTP/1.1 200 OK 2015-04-28 14:59:53,246 INFO [qtp509886383-80563:https://192.168.1.172:8443/Microsoft-Server-ActiveSync?Cmd=Sync&User=androiduser%40mail-172.example.com&DeviceId=SEC3D6EFC1F50A29&DeviceType=SAMSUNGSMT237P] [name=androiduser@mail-172.example.com;mid=21;ip=192.168.1.172;DeviceID=SEC3D6EFC1F50A29;Cmd=Sync;Version=12.1;class=Email;folder=5;] sync - window size is adjusted from 50 to 25 2015-04-28 14:59:53,779 INFO [qtp509886383-80563:https://192.168.1.172:8443/Microsoft-Server-ActiveSync?Cmd=Sync&User=androiduser%40mail-172.example.com&DeviceId=SEC3D6EFC1F50A29&DeviceType=SAMSUNGSMT237P] [name=androiduser@mail-172.example.com;mid=21;ip=192.168.1.172;DeviceID=SEC3D6EFC1F50A29;Cmd=Sync;Version=12.1;class=Email;folder=5;] sync - Folder[5], C:2/F, S:3/F, mod new: 28, mod confirmed: 26, server Exp/AddOrChg/Del: 0/0/0, track id: 0 2015-04-28 14:59:54,247 INFO [qtp509886383-80563:https://192.168.1.172:8443/Microsoft-Server-ActiveSync?Cmd=Sync&User=androiduser%40mail-172.example.com&DeviceId=SEC3D6EFC1F50A29&DeviceType=SAMSUNGSMT237P] [name=androiduser@mail-172.example.com;mid=21;ip=192.168.1.172;DeviceID=SEC3D6EFC1F50A29;Cmd=Sync;Version=12.1;] sync - Response size 63 bytes 2015-04-28 14:59:54,247 INFO [qtp509886383-80563:https://192.168.1.172:8443/Microsoft-Server-ActiveSync?Cmd=Sync&User=androiduser%40mail-172.example.com&DeviceId=SEC3D6EFC1F50A29&DeviceType=SAMSUNGSMT237P] [name=androiduser@mail-172.example.com;mid=21;ip=192.168.1.172;DeviceID=SEC3D6EFC1F50A29;Cmd=Sync;Version=12.1;] sync - HTTP/1.1 200 OK
[zimbra@mail-172 log]$ cat mailbox.log
2015-04-28 14:59:53,399 INFO [qtp509886383-80563:https://192.168.1.172:8443/Microsoft-Server-ActiveSync?Cmd=Sync&User=androiduser%40mail-172.example.com&DeviceId=SEC3D6EFC1F50A29&DeviceType=SAMSUNGSMT237P] [name=androiduser@mail-172.example.com;mid=21;ip=192.168.1.172;DeviceID=SEC3D6EFC1F50A29;Cmd=Sync;Version=12.1;class=Email;folder=5;item=257;] mailop - moving Message (id=257) to Folder Trash (id=3) 2015-04-28 14:59:57,802 INFO [MailboxPurge] [name=restore_user1@mail-172.example.com;mid=12;] purge - Purging messages. 2015-04-28 15:00:22,601 INFO [qtp509886383-80566:https://127.0.0.1:7071/service/admin/soap/AuthRequest] [name=zimbra;ip=127.0.0.1;ua=zmprov/8.6.0_GA_1153;] soap - AuthRequest elapsed=534 2015-04-28 15:00:31,603 INFO [qtp509886383-80563:https://127.0.0.1:7071/service/admin/soap/GetAllServersRequest] [name=zimbra;ip=127.0.0.1;ua=zmprov/8.6.0_GA_1153;] soap - GetAllServersRequest elapsed=103
Android receiving an email
Android receiving an email:
[zimbra@mail-172 log]$ cat sync.log
2015-04-28 15:05:17,148 INFO [qtp509886383-80566:https://192.168.1.172:8443/Microsoft-Server-ActiveSync?Cmd=Ping&User=androiduser%40mail-172.example.com&DeviceId=SEC3D6EFC1F50A29&DeviceType=SAMSUNGSMT237P] [name=androiduser@mail-172.example.com;mid=21;ip=192.168.1.172;DeviceID=SEC3D6EFC1F50A29;Cmd=Ping;Version=12.1;] sync - [Ping] (session 5113) there is change, continuation resumed after 324 seconds (targeted 650 seconds) 2015-04-28 15:05:17,272 INFO [qtp509886383-80566:https://192.168.1.172:8443/Microsoft-Server-ActiveSync?Cmd=Ping&User=androiduser%40mail-172.example.com&DeviceId=SEC3D6EFC1F50A29&DeviceType=SAMSUNGSMT237P] [name=androiduser@mail-172.example.com;mid=21;ip=192.168.1.172;DeviceID=SEC3D6EFC1F50A29;Cmd=Ping;Version=12.1;] sync - Response size 20 bytes 2015-04-28 15:05:17,272 INFO [qtp509886383-80566:https://192.168.1.172:8443/Microsoft-Server-ActiveSync?Cmd=Ping&User=androiduser%40mail-172.example.com&DeviceId=SEC3D6EFC1F50A29&DeviceType=SAMSUNGSMT237P] [name=androiduser@mail-172.example.com;mid=21;ip=192.168.1.172;DeviceID=SEC3D6EFC1F50A29;Cmd=Ping;Version=12.1;] sync - HTTP/1.1 200 OK 2015-04-28 15:05:18,691 INFO [qtp509886383-80580:https://192.168.1.172:8443/Microsoft-Server-ActiveSync?Cmd=Sync&User=androiduser%40mail-172.example.com&DeviceId=SEC3D6EFC1F50A29&DeviceType=SAMSUNGSMT237P] [name=androiduser@mail-172.example.com;mid=21;ip=192.168.1.172;DeviceID=SEC3D6EFC1F50A29;Cmd=Sync;Version=12.1;class=Email;folder=2;] sync - C new: 2, S latest: 2, C confirmed: 2, new filter: PAST_THREE_DAYS, prev filter: PAST_THREE_DAYS, modnew: 15, modconfirmed: 15 2015-04-28 15:05:18,691 INFO [qtp509886383-80580:https://192.168.1.172:8443/Microsoft-Server-ActiveSync?Cmd=Sync&User=androiduser%40mail-172.example.com&DeviceId=SEC3D6EFC1F50A29&DeviceType=SAMSUNGSMT237P] [name=androiduser@mail-172.example.com;mid=21;ip=192.168.1.172;DeviceID=SEC3D6EFC1F50A29;Cmd=Sync;Version=12.1;class=Email;folder=2;] sync - window size is adjusted from 50 to 25 2015-04-28 15:05:18,905 INFO [qtp509886383-80580:https://192.168.1.172:8443/Microsoft-Server-ActiveSync?Cmd=Sync&User=androiduser%40mail-172.example.com&DeviceId=SEC3D6EFC1F50A29&DeviceType=SAMSUNGSMT237P] [name=androiduser@mail-172.example.com;mid=21;ip=192.168.1.172;DeviceID=SEC3D6EFC1F50A29;Cmd=Sync;Version=12.1;class=Email;folder=2;] sync - Folder[2], C:2/F, S:3/T, mod new: 30, mod confirmed: 15, server Exp/AddOrChg/Del: 0/1/0, track id: 0
[zimbra@mail-172 log]$ cat mailbox.log
2015-04-28 15:03:48,552 INFO [qtp509886383-80580:https://192.168.1.172:8443/service/soap/SendMsgRequest] [name=admin@mail-172.example.com;aname=admin@mail-172.example.com;mid=1;ip=192.168.1.172;ua=ZimbraWebClient - GC43 (Mac)/8.6.0_GA_1153;] mailop - Adding Message: id=859, Message-ID=<115020703.146.1430247823114.JavaMail.zimbra@mail-172.example.com>, parentId=-1, folderId=5, folderName=Sent. 2015-04-28 15:04:10,201 INFO [qtp509886383-80580:https://192.168.1.172:8443/service/soap/SendMsgRequest] [name=admin@mail-172.example.com;aname=admin@mail-172.example.com;mid=1;ip=192.168.1.172;ua=ZimbraWebClient - GC43 (Mac)/8.6.0_GA_1153;] smtp - Sending message to MTA at mail-172.example.com: Message-ID=<115020703.146.1430247823114.JavaMail.zimbra@mail-172.example.com>, origMsgId=7ac8de92-13fe-4d19-b9da-6872169fb5c9:851, replyType=r 2015-04-28 15:04:28,941 INFO [qtp509886383-80580:https://192.168.1.172:8443/service/soap/SendMsgRequest] [name=admin@mail-172.example.com;aname=admin@mail-172.example.com;mid=1;ip=192.168.1.172;ua=ZimbraWebClient - GC43 (Mac)/8.6.0_GA_1153;] mailop - adding contact androiduser@mail-172.example.com: id=861, folderId=13, folderName=Emailed Contacts. 2015-04-28 15:04:29,223 INFO [qtp509886383-80580:https://192.168.1.172:8443/service/soap/SendMsgRequest] [name=admin@mail-172.example.com;aname=admin@mail-172.example.com;mid=1;ip=192.168.1.172;ua=ZimbraWebClient - GC43 (Mac)/8.6.0_GA_1153;] soap - SendMsgRequest elapsed=47480 2015-04-28 15:04:31,204 INFO [qtp509886383-80581:https://192.168.1.172:8443/service/soap/GetMsgRequest] [name=admin@mail-172.example.com;aname=admin@mail-172.example.com;mid=1;ip=192.168.1.172;ua=ZimbraWebClient - GC43 (Mac)/8.6.0_GA_1153;] misc - delegated access: doc=GetMsg, delegating account=admin@mail-172.example.com, authenticated account=admin@mail-172.example.com, target account=admin@mail-172.example.com 2015-04-28 15:04:32,243 INFO [qtp509886383-80581:https://192.168.1.172:8443/service/soap/GetMsgRequest] [name=admin@mail-172.example.com;aname=admin@mail-172.example.com;mid=1;ip=192.168.1.172;ua=ZimbraWebClient - GC43 (Mac)/8.6.0_GA_1153;] soap - GetMsgRequest elapsed=1039 2015-04-28 15:05:10,424 INFO [qtp509886383-80580:https://192.168.1.172:7071/service/admin/soap/NoOpRequest] [name=admin@mail-172.example.com;mid=1;ip=192.168.1.83;ua=ZimbraWebClient - GC43 (Mac);] soap - NoOpRequest elapsed=202 2015-04-28 15:05:10,832 INFO [LmtpServer-15] [ip=192.168.1.172;] lmtp - Delivering message: size=1154 bytes, nrcpts=1, sender=admin@mail-172.example.com, msgid=<20150428190210.4E7B984BA6@mail-172.example.com> 2015-04-28 15:05:10,872 INFO [LmtpServer-15] [name=admin@mail-172.example.com;mid=1;ip=192.168.1.172;] mailop - Adding Message: id=862, Message-ID=<20150428190210.4E7B984BA6@mail-172.example.com>, parentId=-1, folderId=2, folderName=Inbox. 2015-04-28 15:05:11,282 INFO [LmtpServer-15] [] lmtp - Handler exiting normally 2015-04-28 15:05:13,551 INFO [LmtpServer-15] [ip=192.168.1.172;] lmtp - Delivering message: size=3230 bytes, nrcpts=1, sender=admin@mail-172.example.com, msgid=<115020703.146.1430247823114.JavaMail.zimbra@mail-172.example.com> 2015-04-28 15:05:14,247 INFO [LmtpServer-15] [name=androiduser@mail-172.example.com;mid=21;ip=192.168.1.172;] mailop - Adding Message: id=259, Message-ID=<115020703.146.1430247823114.JavaMail.zimbra@mail-172.example.com>, parentId=-1, folderId=2, folderName=Inbox. 2015-04-28 15:05:17,013 INFO [LmtpServer-15] [] lmtp - Handler exiting normally
Android creating new folder
Creating a new folder on the Android device:
[zimbra@mail-172 log]$ cat sync.log
2015-04-28 15:27:18,305 INFO [qtp509886383-80635:https://192.168.1.172:8443/Microsoft-Server-ActiveSync?Cmd=FolderCreate&User=androiduser%40mail-172.example.com&DeviceId=SEC3D6EFC1F50A29&DeviceType=SAMSUNGSMT237P] [name=androiduser@mail-172.example.com;mid=21;ip=192.168.1.172;DeviceID=SEC3D6EFC1F50A29;Cmd=FolderCreate;Version=12.1;] sync - C new: 1, S latest: 1, C confirmed: 1, new filter: null, prev filter: PAST_ALL, modnew: 3, modconfirmed: 3 2015-04-28 15:27:18,580 INFO [qtp509886383-80635:https://192.168.1.172:8443/Microsoft-Server-ActiveSync?Cmd=FolderCreate&User=androiduser%40mail-172.example.com&DeviceId=SEC3D6EFC1F50A29&DeviceType=SAMSUNGSMT237P] [name=androiduser@mail-172.example.com;mid=21;ip=192.168.1.172;DeviceID=SEC3D6EFC1F50A29;Cmd=FolderCreate;Version=12.1;] sync - Response size 63 bytes 2015-04-28 15:27:18,580 INFO [qtp509886383-80635:https://192.168.1.172:8443/Microsoft-Server-ActiveSync?Cmd=FolderCreate&User=androiduser%40mail-172.example.com&DeviceId=SEC3D6EFC1F50A29&DeviceType=SAMSUNGSMT237P] [name=androiduser@mail-172.example.com;mid=21;ip=192.168.1.172;DeviceID=SEC3D6EFC1F50A29;Cmd=FolderCreate;Version=12.1;] sync - HTTP/1.1 200 OK
[zimbra@mail-172 log]$ cat mailbox.log
2015-04-28 15:27:18,403 INFO [qtp509886383-80635:https://192.168.1.172:8443/Microsoft-Server-ActiveSync?Cmd=FolderCreate&User=androiduser%40mail-172.example.com&DeviceId=SEC3D6EFC1F50A29&DeviceType=SAMSUNGSMT237P] [name=androiduser@mail-172.example.com;mid=21;ip=192.168.1.172;DeviceID=SEC3D6EFC1F50A29;Cmd=FolderCreate;Version=12.1;] mailop - adding folder NewFolder: id=261, parentId=2. 2015-04-28 15:27:21,087 INFO [qtp509886383-80630:https://192.168.1.172:7071/service/admin/soap/NoOpRequest] [name=admin@mail-172.example.com;mid=1;ip=192.168.1.83;ua=ZimbraWebClient - GC43 (Mac);] soap - NoOpRequest elapsed=0 2015-04-28 15:28:15,805 INFO [MailboxPurge] [name=galsync.qva4ekog0@mail-172.example.com;mid=2;] purge - Purging messages.
Zimbra Mobile And ActiveSync Technology
Zimbra Mobile on Windows Mobile Smartphones, Nokia Business Series Smartphones, Apple iPhones, Palm Treo or any other Smartphones that natively uses the ActiveSync Technology
Understanding how Direct Push works:
Understanding Direct Push, From MS Exchange Server 2010 Help
Make sure you review the other pages for this subject that will show on the left hand side.
Mobile Management Features
Remote Wipe
For wipe to be an available option, the device must show "status = ok" and "provisionable = yes" in the Mobile Devices preferences panel. A "status = needs provisioning" means the device isn't under the "Mobile Policy" yet.
Some references:
- "Expose Mobile Policy Information to Admins"
- "Sync updated mobile policy to device automatically"
- "add mobile devices wiping features to admin interface"
- Enabling_Zimbra_Mobile_for_Smart_Phones
- Microsoft Information concerning the active sync protocol
- Forum threads
- How to Enable Device Wipe Option for Users
- Comment 4 has a screen shot of the situation
- SOLVED iPhone provisioning with ZCS6
- iPhone Provisioning / Deprovisioning
- Provisioning question, iphone
- How to Enable Device Wipe Option for Users
Windows Mobile Emulator For Testing
You can use the following to setup a Window Mobile emulator for testing.
- Virtual PC 2007
- Microsoft Device Emulator 2.0 -- Standalone Release
- Windows Mobile 5.0 Image
- Windows Mobile 6.0 Standard Image
- Windows Mobile 6.0 Professional Image
Android Emulator For Testing
Please see:
Android Email Clients
Just a list of clients I've encounter, some will cost money though. Useful to test 'issues' you might be having with your current email client on your android.
- http://www.moxier.com/
- http://www.nitrodesk.com/
- http://www.seven.com/products.mobile.email.html
- http://www.excitor.com/Default.aspx?ID=44
- http://www.nexeo.net/?p=93
Android And Multiple Calendars
My General Write Up On The Issue
The fundamental issue is ActiveSync does not support multiple calendars or shared calendars [as of Mar. 11, 2013]. It only displays the single default calendar. Also, on top of that, the Android code itself is restricted to this limitation, in regards to the OS and it's basic apps. The iPhone did their own 'hack' to get around it.
You'll also see there a reference to a third party Android app that might offer this 'hack'. See section below.
We actually have a number of RFE's on this topic also:
- Ability for user to select which calendar(s) to sync and to merge
- Support calendar and contact folder with Zimbra Mobile
- MobileSync Multiple Calendars and Addressbooks for mobile clients with no native support
- No way to get shared calendars on Android "Corporate Sync"?
- https://bugzilla.zimbra.com/show_bug.cgi?id=74293
- Note, this comment in this bug:
- iphone: sync with shared calendars and address books.
- https://bugzilla.zimbra.com/show_bug.cgi?id=30950#c89
- Note, this comment in this bug:
- https://bugzilla.zimbra.com/show_bug.cgi?id=74293
Other possible options:
- caldav/ical android app. I have not heard of any recommended applications for this in regards to having multiple calendars etc.
- use the webbrowser on the phone and login to zimbra.
Last note, some of these Corporate email apps that come with the phones do offer hacks for multiple calendars. I believe my Motorola Photon did this, my memory is a little foggy though on it. Sometimes they'll reference it as being a "Calendar Folder". For that, it might allow you to manually view/edit the calendars but the native android notification stuff might only react to events on the default calendar.
Third Party Application That Might Work
ICSSync - View Only Work Around
As reported by a customer [Mar. 11, 2013]
I found an application that worked just fine: ICSSync (By: NightLabsConsulting). It costs $3.78 to use it past 20 days, but, from what I can tell, it is certainly worth it. You install the app, load it up, and add a calendar. It asks you for the URL and credentials. You then insert all that info and check the ignore certificate (if applicable). I selected "View Only" and that worked just fine. I could not get the view and write option to work. From that application you can set the sync frequency and the Calendar shows up under the default Calendar.
Moxier
Try http://www.moxier.com . This might do what you want. I had that on my first android and thought it was an excellent program. Reviewing the guide they have, it shows subfolder calendar sync.
Touchdown
Another people mention is Touchdown for Android - http://www.nitrodesk.com/ . I visited their website last night and I didn't see a clear indication that it does offer multiple calendar support. You can download a demo though if you want to test it out.
iPhone General Topics
iPhone And Caldav
See Ajcody-Apple-Mac-Issues#iTunes_.26_iPhone_configuration_for_CALDAV
iPhone And SSL Certs
Send CRT File To iPhone By Email
For a self-signed certificate file on the ZCS server, path is /opt/zimbra/ssl/zimbra/server/server.crt
If you email yourself the crt file and read the message from the iTouch/iPhone device, you'll get a "install" button to push.
Setup Webserver To Server Out CRT
For a self-signed certificate file on the ZCS server, path is /opt/zimbra/ssl/zimbra/server/server.crt
Please see the following:
- http://io.yort.com/self-signed-imap-ssl-certs-on-iphone
- http://download.gna.org/savane-doc/savane-install-guide-HTML/x562.html
iPhone 2+ Topics
iPhone 2+ Support & Features With Zimbra
Here's three nice references to review:
- http://www.zimbra.com/forums/announcements/19110-iphone-2-zimbra.html
- http://www.zimbrablog.com/blog/archives/2008/07/zimbra-mobile-for-iphone.html
- http://www.zimbrablog.com/blog/archives/2007/07/izimbra.html
iPhone 2+ Bugs
- "iphone: sync with shared contacts and calendars"
- http://bugzilla.zimbra.com/show_bug.cgi?id=30950
- For search, shared calendar - shared calendars
- http://bugzilla.zimbra.com/show_bug.cgi?id=30950
- Bug 29749 "iPhone 2.0 should be able to sync multiple calendars"
- Bug 29899 "iPhone 2.0 + Zimbra Mobile Sync can cause high CPU usage for large mailboxes"
- Bug 29902 "Address book photo doesn't sync via iPhone 2 ActiveSync"
- Bug 29903 "iPhone 2.0 Zimbra <-> ActiveSync Push Mail Does Not Put Phone into Standby Mode, Consuming Battery Quickly"
- Bug 29909 "iPhone 2.0: mailbox folders missing on device"
- Bug 30008 "some appointments missing on iPhone2.0 with zimbra mobile"
- Bug 30501 "Reply doesn't show in iPhone 2.0"
- "iphone: sync with shared contacts and calendars"
BES Connector Issues
Bugs & RFE's
Import Ones To Note First
- "Supported & RFE Prerequisites For ZCB matrix in ZCB doc & web/wiki pages"
- "ZCB PDF needs to include information on server sizing and ZDBs"
- "BB: ZCB/BES Sizing Data Needed"
- http://bugzilla.zimbra.com/show_bug.cgi?id=22415
- Recommended Maximum Number Of Users Per BES Server - 50
- The recommended max is 50 users. After recommended max. is reached you may receive error message in BES MAGT log file indicating that user was not added successfully.
- Recommended Maximum Number Of Users Per BES Server - 50
- http://bugzilla.zimbra.com/show_bug.cgi?id=22415
- "BES/ZCB doc's for restore and server move's"
- "BES and Proxy" [GunsNRoses]
- http://bugzilla.zimbra.com/show_bug.cgi?id=33179
- Description: Per the ZCB documentation, the BES server needs to talk to a single Zimbra mailbox server over 443 and 7071. The problem is that the mailbox servers are behind the Zimbra Proxy and are running in reverse-proxy mode - meaning, they only serve over basic http (port 80) and NOT over 443. The proxy servers serve over 443 - but do not do the 7071. So, we can't point the BES server at a Zimbra mailbox server because the Zimbra mailbox server is not listening over 443 due to being accessed through the proxy. We can't point the BES at a Zimbra proxy server because they do not handle 7071.
- Another related bug, as it will pertain to the 6.0 release:
- "ZCB fails if zimbraMailSSLPort is changed"
- Another related bug, as it will pertain to the 6.0 release:
- Description: Per the ZCB documentation, the BES server needs to talk to a single Zimbra mailbox server over 443 and 7071. The problem is that the mailbox servers are behind the Zimbra Proxy and are running in reverse-proxy mode - meaning, they only serve over basic http (port 80) and NOT over 443. The proxy servers serve over 443 - but do not do the 7071. So, we can't point the BES server at a Zimbra mailbox server because the Zimbra mailbox server is not listening over 443 due to being accessed through the proxy. We can't point the BES at a Zimbra proxy server because they do not handle 7071.
- http://bugzilla.zimbra.com/show_bug.cgi?id=33179
BES With Multiple Domains
- "BB: multi-tenancy"
- http://bugzilla.zimbra.com/show_bug.cgi?id=17026
- "support multi-domains in blackberry connector" - was marked as "Duplicate" of 27986 above.
- http://bugzilla.zimbra.com/show_bug.cgi?id=17026
- "enable GAL lookup in multi-domain scenario"
For the BES Admin account to see users from all your email domains [domains the BES admin isn't a part of] you'll need to set the GAL variables to ROOT. Please review the bug/rfe's above though, as you might not want to do this because of its impact.
To see your current settings:
zmprov gd <domainname besadmin is in> zimbraGalInternalSearchBase zmprov gd <domainname besadmin is in> zimbraGalSyncInternalSearchBase zmprov gacf zimbraGalInternalSearchBase
To change your settings (for example, to use ROOT):
zmprov md <domainname besadmin is in> zimbraGalInternalSearchBase ROOT zmprov md <domainname besadmin is in> zimbraGalSyncInternalSearchBase ROOT
Status Of Unconfirmed, New, Assigned, Reopened As Of April 27, 2009
Release Target Version Was Based Upon April 27, 2009. Please goto bug/rfe link for status changes.
- "BB: Support for cradle provisioning" [Helix]
- "BB: Folder redirection for non top-level folders may stop working"
- http://bugzilla.zimbra.com/show_bug.cgi?id=17035 [GunsNRoses]* "
- "BB: need to set full display name when sending mail" [Helix]
- "duplicate appointment created" [GunsNRoses]
- "BB: Support access to email removed from local cache" [GunsNRoses]
- "BB: should reuse zdb on delete/add user" [Helix]
- "BB: new message timestamp is ambiguous" [GunsNRoses]
- "UI for ZCB related settings" [GunsNRoses]
- "BB: Enterprise Activation may not work on the first try" [GunsNRoses]
- "BB: unable to sync contacts database error" [GunsNRoses]
- "BB: no status for the initial sync of users" [Helix]
- "BB: Installer fails with no error msg if mapi32.dll is in use" [GunsNRoses]
- "BB: Can the MAPI/CDO PST provider replace Outlook's PST provider?" [GunsNRoses]
- "BB: BES Manager may be limited by ZCB"
- http://bugzilla.zimbra.com/show_bug.cgi?id=22864
- Related to the following bug:
- http://bugzilla.zimbra.com/show_bug.cgi?id=22864
- "BB: local/server failures need more information" [GunsNRoses]
- "BB: Outlook CDO.DLL being registered instead of Exchange's Version" [GunsNRoses]
- "BB: ZDB should detect and perform mailbox rebuilding/reindexing" [Helix]
- "BB Admin Integration w/Zimbra admin console" [Helix]
- "ZCB: Calendar issue when moving recurring appointments" [GunsNRoses]
- "BB: USB activation needs verification" [Helix]
- "Gal Lookups don't return all fields" [GunsNRoses]
- "BB: GetContentsTable() failed with 0x80040119 HRESULT" [GunsNRoses]
- "emails sent from a BlackBerry have incorrect headers" [IronMaiden]
- "Latency of new message arrival to device is too high for large BES deployments" [Helix]
- "BB: user config tool to assign users to static agents" [GunsNRoses]
- "BB: support in process calhelper" [Helix]
- "BB: ID Mapper state seems invalid on BES frequently" [GunsNRoses]
- "BB: Revisit Store Advise Sink implementation" [GunsNRoses]
- "BB: Only BB sent mail can be viewed in the Sent Items folder on the device." [GunsNRoses]
- "BB: Slow sync for a user will delay syncs for other users on the same server" [GunsNRoses]
- "Add a connector for a shared/global contact list on all Blackberry's" [Not Committed]
- "BB: Divide InitialAge for eMail and Calendar" [GunsNRoses]
- "BES log says: Error creating OOF Rule in CreateOOFRule" [Helix]
- "WaitSet APIs don't properly handle mailbox moves" [GunsNRoses]
- "BB: Enhancement. Only sync Inbox and Sent Items mail folders" [GunsNRoses]
- "Verifying MAPI/CDO version before upgrading." [Helix]
- "ZCB should resync BES admin after it's locked" [GunsNRoses]
- "setup test case simulating running out of space while while zdb file size is growing" [Helix]
- "Implement proper re-authentication logic for zcb" [Helix]
- "Cal replies from BB rejected - appointments deleted randomly" [GunsNRoses] [locked]
- "Hard shutdown of BES machine may lead to failures on restart" [Helix]
- "BB: Changes to single instance of recurring event not changing recurring event display" [Not Committed]
- "admin account is included in each waitset and the bes connector also create an extra waitset for the admin account" [GunsNRoses]
- "bes manager crash upon shutdown" [GunsNRoses]
- "BES: bes agent randomly fails to mount the mailbox in the first attempt. retries succeeds." [GunsNRoses]
- "BES: 1. bes agent occasionally hit segfault in initialization stage. 2. some agent failed to track the accounts assigned to them." [GunsNRoses]
- "Ability to Sync BB memopad" [Helix]
- "Reconciliation Wizard enhencement: set threshold for the value of delta" [Not Committed]
- "Resync items that have failed" [GunsNRoses]
- "Windows Update or Outlook repair can break BES functionality" [Not Committed] [Blocker]
- "Tool to validate ZCB Configuration" [Helix]
- "Support for Free/Busy lookup" [Helix]
- "BES : (main branch) 1.agent crash under load test, 2. data missing for some of the users in waitset" [Not Committed]
- "BES: BB manager fails to get started if the ZCS server was stopped and no error messages given." [GunsNRoses]
- "BES 5.0" [support with ZCB] [GunsNRoses]
- "Inner provider reports out of memory at 300MB reserverd memory" [GunsNRoses]
- "7 out of 50 tasks aren't showing in BB" [Not Committed]
- "BES: appointment data failed to get synced in multi-agent scenario" [Not Committed]
- "Filter out delegate-calendar forwarded invite emails when syncing to BB device" [GunsNRoses]
- "Profile not getting mounted even after installing BES Connector." [Not Committed]
- "BES:bes agent memory dump during the load test." [Not Committed]
- "Documentation of dependencies for the Blackberry Connector is insufficient" [Not Committed]
- "Bes: BES Manager queries only internal gal" [Not Committed]
- "Password change for windows and bb services breaks ZCB/Bes Sync" [GunsNRoses]
- "Avoid reprovisioning and reactivating users after re-creating BBServer and BBManager profiles" [GunsNRoses]
- "ZCB Contact Item fields do not have a one - to - one correspondence with ZWC." [GunsNRoses]
- "ZCB cannot get Zimbra GAL" [GunsNRoses]
- "waitset dead after traffic started for 10minutes under 100users 2agents" [Franklin - keyword 5.0.17]
- "Test and Certify MS Outlook 2k7 SP2 with ZCB 6.0 SMB" [Not Committed]
- "Update GAL sync logic" [Not Committed]
- "At times email items deleted using the ZWC does not get deleted from ZCB" [Not Committed]
- "EULA for ZCB still mentions 'BETA'" [Franklin - keyword 5.0.17]
BES Wiki Pages
See Wiki Category ZCB.
Split-DNS Issue
If your running split-dns for zimbra, make sure your BES box is configured to use the right DNS servers because it will pull the zmhostname variable and you don't want it resolving to the external ip address.
Duplicate Calendars
One customer reported that "updating the firmware to 4.5.0.37 (as I'm at now) fixed the issue with the duplicate calendar".
Upgrade Steps For ZCB
The Basics
The normal upgrade process is to
- Shutdown BES [ see Correct_order_to_stop_and_start_BES_services ]
- Make sure outlook.exe isn't running
- Run the msi
- Restart/Start BES [ see Correct_order_to_stop_and_start_BES_services ]
From Beta2 To BES SMB - Outlook 2003 To Outlook 2007 Requirement
Here is the list of steps on how to upgrade from BETA2 to BES SMB:
- Stop BB controller [ see Correct_order_to_stop_and_start_BES_services ]
- Completely remove Outlook 2003
- (First, go to Add/Remove programs and uninstall Office 2003. And then run the following utility to cleanup stuff left behind. The utility is called ‘Office Removal Wizard’ and located in the \FILES\PFILES\MSOFFICE\OFFICE11 folder on the install CD. OFFCLN.EXE)
- Install Outlook 2007
- Open BES SMB msi to start installation wizard. Accept license agreement and continue following the steps in installation wizard
- Start BB controller [ see Correct_order_to_stop_and_start_BES_services ]
Testing & Debugging Tools
Actual Testing & Debugging Homepage
Please see Ajcody-Testing-Debugging
Other Debug References
When Was A ZCS Service Enabled Or Disabled=
See Ajcody-Notes-Archive-Discovery#When_Was_A_ZCS_Service_Enabled_Or_Disabled
Ajcody Logging Wiki
See Ajcody-Logging
Other Zimbra Wiki Pages
RFE's Related To Better Logging And Historical Data Of Systems
- Bug 93954 : RFE: admin console services status page and service enable/disable page improvements
- Bug 93950 : RFE: History files written when changes to individual ZCS services have taken place
- Bug 93784 : Proxy check script
- Bug 93656 : zmdiaglog to collect history or diffs of server variables changes via backups
- Bug 90598 : RFE: Add option to let the MTA log a mail's subject
- Bug 90400 : Provide User's Mailbox Summary/Reporting for the end user in ZWC/email report
- Bug 90032 : zmdiaglog: don't attempt to process mailboxd collection activities on non-mailbox nodes
- Bug 89860 : gather additional system information in zmdiaglog
- Bug 89700 : proxy logs goto logger host
- Bug 89450 : Include postfix-logwatch and amavis-logwatch
- Bug 89008 : Source Port Logging in Jetty For EU Legal Requirements
- This bug was initially created as a clone of Bug #85073, include client (source) ports for all mail related connections, in addition to client IP. Need this done for Jetty, nginx and postfix already complete.
- Bug 88414 : expand 3rd party performance and diagnostic software support
- Bug 88412 : virtualization env. specific checks and diagnostic scripts
- Bug 88410 : zmdiaglog gets moved to it's own package, zimbra-diagnostics and we include public package repro to update
- Bug 88408 : expand zmrcd commands and/or zmdiaglog to do more specific level of log collection
- Bug 88406 : proxy diagnostic script
- Bug 88404 : post-installer check script
- Bug 85523 : Individual logs for zmlocalconfig edits and all services start, stop, restarts
- Bug 85520 : All backups should include the localconfig.xml
- Bug 85073 : Source Port Logging For EU Legal Requirements
- Bug 84313 : zmcontrol should give more details when a service isn't in a running state
- Bug 84273 : Expand zmdiaglog to better fit as a support case creation tool
- I have a lot of other bugs/rfe's references in this one also.
- Private Bug
- Bug 84272 : Host our own ZCS instance for customers support accounts
- Private Bug
- Bug 84271 : Integration of account logins for ftp for support cases
- Private Bug
- Bug 84142 : Add script for detecting compromised accounts
- Bug 83779 : zmdiaglog: include all ZCS configs which are different from the default value
- Bug 83227 : *.trace.log - what's it for, how to control growth, better retention policy
- Bug 81201 : zmcontrol start --debug offer verbose logging for all services and notes logs
- Bug 79883 : Expand Monitor > MobileSync Statistics reporting
- Bug 78251 : RFE: Display Date And Time for each command
- Bug 77076 : All Ext. Auth options should have documentation about limitations and expectations
- Bug 77075 : Flowchart of ext. auth and where log events occur
- Bug 76540 : RFE: Priovide ability to view major logs, edit configs and terminal login within admin console
- Bug 75502 : Logging should state if any stop/start/restart of service is manual or automated
- Bug 62315 : RFE: integrate log analysis project - AWstats or Analog, Webalizer, etc.
- Bug 62095 : Incorrect graphs in Administration Monitoring Server Statistics message count, message volume
- Bug 57871 : RFE: replace the current syslog + flash based log system to a Hyperic HQ + HTML5 based log solution
- Bug 54034 : RFE: zimbra-attrs.xml & zmprov desc state if immediate, zmprov fc , or service restart needed
- Bug 51100 : RFE: zmprov variable edits should output if a service restart is need or flush cache
- Bug 49557 : RFE: Login Format Option other than user@domain ,ex. user+domain
- Bug 45383 : RFE: Enhance documentation as to where connection logging should be expected - esp Active Sync
- Bug 28934 : More logging options via admin console
- Bug 12196 : support for real time counters (snmp, jmx, etc)
Various Errors And Log Items One Might See
Logging
See Ajcody-Logging for more complete logging information.
mailbox.log and zimbra.log
- Zimbra Support will likely need to see the /opt/zimbra/log/mailbox.log file and possibly /var/log/zimbra.log from the system. These files contain the basic operation data from the system, and can tell us if the server has something seriously wrong with it. They can also be correlated against other collected data to give a complete picture of the workings of the system.
mysql_error.log and myslow.log
- These files are both located in /opt/zimbra/log/ on the mail store server. They contain information about the health of the mysql database. If there is data corruption or another problem causing direct mysql errors, events will be logged in mysql_error.log. If certain search requests are taking longer to complete than others, they will be logged in myslow.log.
zmmailboxd.out
- This file contains startup information for mailboxd and thread dumps created whenever mailboxd is shut down. If a server goes completely nonresponsive and is restarted, the thread dump captured here will tell us if there are certain threads blocking other threads' access to critical data elements. Frequently, slow behavior can be caused by these thread locks.
- In some cases, it may be necessary to monitor garbage collection and other operations at the Java VM level. To enable this logging, add the following to mailboxd_java_options.
- To get current options:
zmlocalconfig mailboxd_java_options
- Then appended the following to your current set of options - "-verbose:gc -XX:+PrintGCDetails -XX:+PrintGCTimeStamps -XX:+PrintGCApplicationStoppedTime". PLEASE NOTE FOR BELOW, "YOUR EXISTING OPTIONS" should be replaced with the output above.
zmlocalconfig -e mailboxd_java_options="YOUR EXISTING OPTIONS -verbose:gc -XX:+PrintGCDetails -XX:+PrintGCTimeStamps -XX:+PrintGCApplicationStoppedTime"
Connections And Or Threads Mentioned In mailbox.log
Tuning Variables Related To Threads And Connections
Resources to "tune" the below variables:
zimbraHttpNumThreads
- ZCS 5.0 has a single thread pool for both HTTP and HTTPS
- To see current setting
- zmprov gs `zmhostname` zimbraHttpNumThreads
- To modify setting
- zmprov ms `zmhostname` zimbraHttpNumThreads 500
- To see current setting
zimbraPop3NumThreads
- This setting of 300 is able to support a few 10s of thousands of users checking mailing every 8 minutes.
- To see current setting
- zmprov gs `zmhostname` zimbraPop3NumThreads
- To modify setting
- zmprov ms `zmhostname` zimbraPop3NumThreads 300
- To see current setting
zimbraImapNumThreads
- IMAP thread settings.
- To see current setting
- zmprov gs `zmhostname` zimbraImapNumThreads
- To modify setting
- zmprov ms `zmhostname` zimbraImapNumThreads 500
- To see current setting
zimbraLmtpNumThreads
- LMTP thread settings.
- To see current setting
- zmprov gs `zmhostname` zimbraLmtpNumThreads
- To modify setting
- zmprov ms `zmhostname` zimbraLmtpNumThreads 40
- To see current setting
mailboxd_java_options
- JVM (java Virtual Machine options) ZCS 5.0 and later
- To see current setting
- zmlocalconfig mailboxd_java_options
- To modify setting
- zmlocalconfig mailboxd_java_options="-client -XX:NewRatio=2 -Djava.awt.headless=true -XX:MaxPermSize=128m -XX:SoftRefLRUPolicyMSPerMB=1"
- The above is using the "default" options as an example to modify.
- zmlocalconfig mailboxd_java_options="-client -XX:NewRatio=2 -Djava.awt.headless=true -XX:MaxPermSize=128m -XX:SoftRefLRUPolicyMSPerMB=1"
- Other various configurations for mailboxd_java_options. See sections related to heap and thread dumps below for more details.
- mailboxd_java_options="-client -XX:NewRatio=2 -XX:MaxPermSize=128m -Djava.awt.headless=true -XX:SoftRefLRUPolicyMSPerMB=1 -XX:+UseParallelGC"
- mailboxd_java_options="-verbose:gc -XX:+PrintGCDetails -XX:+PrintGCTimeStamps -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/some/directory/that/exists/and/is/zimbra/writable"
- To see current setting
mailboxd_java_heap_memory_percent
- JVM Cache setting
- To see current setting
- zmlocalconfig mailboxd_java_heap_memory_percent
- To modify setting
- zmlocalconfig -e mailboxd_java_heap_memory_percent=40
- To see current setting
zimbraMessageCacheSize
- Mailbox message cache. The mailbox server maintains a cache of message bodies (blobs on disk from /opt/zimbra/store). This cache speeds up retrieval of message content for mailapps such as mail.app
- To see current setting
- zmprov gs `zmhostname` zimbraMessageCacheSize
- To modify setting
- zmprov ms `zmhostname` zimbraMessageCacheSize 104857600
- To see current setting
zimbra_mysql_connector_maxActive
- zimbra_mysql_connector_maxActive
- To see current setting
- zmlocalconfig zimbra_mysql_connector_maxActive
- To modify setting
- zmlocalconfig -e zimbra_mysql_connector_maxActive=100
- To see current setting
Example Of mailbox.log event:
dbconn - Connection pool is 75% utilized (88 connections out of a maximum of 100 in use). Turn on debug logging for zimbra.dbconn to see stack traces of connections not returned to the pool.
zimbraXMPPEnabled
There is a potential problem with XMPP [Instant Messaging]. XMPP is a beta feature and is not supported. If you're not using XMPP anyways, disabling it is strongly recommended, and XMPP is a beta feature and not supported in a production environment today.
- Confirm if variable is set to False or True
- zmprov gacf zimbraXMPPEnabled
- Set to FALSE to turn off
- zmprov mcf zimbraXMPPEnabled FALSE
- Then at some point restart the mailstores.
Bug reference:
- "IM service connection leak,memory leak"
Zimbra Tools And Commands
zmstat and zmstat-chart
Resources:
Down And Dirty Example zmstat
Zmstats runs constantly on all current Zimbra systems. It monitors various Zimbra components as well as the whole system to give a good picture of how the system is performing over time. Stats charts are extremely useful for troubleshooting performance issues and can often point to a bottleneck on the system itself or to specific problems in the mailboxd Java VM.
To generate a stat chart, run the following:
zmstat-chart -d <output directory> -s /opt/zimbra/zmstat/<date> --title "<server> <date>"
The date is in the format 'YYYY-MM-DD'. Generally when troubleshooting a performance problem, Zimbra Support will need to see several days' worth of statistics data, as well as the log files and possibly thread dumps from the same time period.
zmdiaglog
See also : Zmdiaglog
Running a full zmdiaglog would take many stats such as zmstats, thread dump, lsof, core dump, and heap dump. The heap dump portion could take longer than the other steps and is invasive on the system. If possible, it should only be ran if it is late in the evening or if the server is not responding anyway. Prior to 5.0.16, this tool may run a heap dump, which would be interruptive on a running server. From 5.0.16, a heap dump requires "zmdiaglog -a". Also, you can CTRL-C to exit out of the zmdiaglog during the heap dump process without affecting the rest of the dump. You will just need to compress the files manually.
As root:
/opt/zimbra/libexec/zmdiaglog
This will create a zip file with allot of relevant data for troubleshooting issues.
zimdialog To Get Full Heap Dump
In order to get a full heap dump, one has to make sure that HeapDumps have been enabled in the JVM options. In order to do this, please first check your mailboxd_java_options on that server:
# su - zimbra $ zmlocalconfig mailboxd_java_options
Then, append these additional arguments:
-verbose:gc -XX:+PrintGCDetails -XX:+PrintGCTimeStamps -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/some/directory/that/exists/and/is/zimbra/writable
It is very important that the HeapDumpPath chosen is large enough to dump a multi-GB core file and heap dump. It is also very important to make sure that these options are appended to your existing options.
Example [You might need to adjust based upon your existing mailboxd_java_options]:
$ zmlocalconfig mailboxd_java_options mailboxd_java_options = -client -XX:NewRatio=2 -Djava.awt.headless=true -XX:MaxPermSize=128m -XX:SoftRefLRUPolicyMSPerMB=1
$ zmlocalconfig -e mailboxd_java_options="-client -XX:NewRatio=2 -Djava.awt.headless=true -XX:MaxPermSize=128m -XX:SoftRefLRUPolicyMSPerMB=1 -verbose:gc -XX:+PrintGCDetails -XX:+PrintGCTimeStamps -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp"
Then restart ZCS on that mailstore.
Caution: If /var/tmp does not enough space, it could fill the filesystem/server and cause very bad problems!
Then, if any problem with performance occurs again, run the zmdiaglog as root:
[Prior to 5.0.16]
/opt/zimbra/libexec/zmdiaglog
[For 5.0.16 and forward]
/opt/zimbra/libexec/zmdiaglog -a
Note: there are optional options to zmdiaglog that allows it to write to locations other than /tmp, again very important not to fill up the filesystem. Run zmdiaglog -h to get the list of options:
# /opt/zimbra/libexec/zmdiaglog -h Usage: zmdiaglog [-dth] -d - Log destination (Default /tmp/zmdiaglog.PID) -t - Timeout in seconds for hanging commands (Default 120) -h - This help message
This may take a few minutes to complete, as it is writing a multiple GB file. Once complete, then restart mailboxd:
# su - zimbra $ zmmailboxdctl restart
You will then provide to Zimbra, via FTP, the zmdiaglog information that is written to /tmp. Our developers will most likely need to debug the information provided rather than support staff. Please be patient, support will provide feedback as they hear the conclusions that the developers provide.
There are lots of steps requested here, but this information is critical if we are to diagnose this reported problem. The data provided by zmdiaglog is very important.
Using JDK 1.6 For zmdiaglog
See Ajcody-Testing-Debugging#jmap_And_JDK_1.6
Note About Memory And Linux
In general, memory used by the JVM can occasionally spike above the maximum heap size under normal usage, but we would expect that it would go back down again eventually. Also, please note that all Linux systems will utilize all memory available on the system - this is because the kernel will cache any data it can in order for possible reuse; this is perfectly normal, and in the case that memory is needed, older cache will be deleted from memory and memory freed for other use. No Linux system will show much memory as "free" after being up for some period of time, for example when using top or vmstat. All memory will get utilized by the system, and this is a good thing for performance - you paid for the memory, might as well use it. Where it could be a problem is if one process grows uncontrolled, or if swapping is occurring.
Thread Dumps And Specific Commands To Use
A thread dump is a printout of the status of all the running threads in the mailboxd process at a specific point in time. A thread dump allows Zimbra engineers to see how the system is operating, what each thread is doing, and what data elements are being accessed by individual threads. If a performance bottleneck is not identifiable from the stat charts alone, it may be necessary to generate a periodic thread dump.
zmthrdump - ZCS 5.0.10+
The thread dump from zmthrdump will show which threads are currently in process within the jvm. zmthrdump is useful when you want to grab several thread dumps in short intervals in order to track and look for locked threads. Typically, the thread dumps are useful for tracking what is waiting on what in the thread stack. If the server is also experiencing GC [garbage collection] issue, it is generally better to just have a full zmdiaglog (with valid java memory heap dump) along with the rest of the data it collects.
Resources:
- zmthrdump help
- zmthrdump [-h] [-i] [-t <timeout seconds>] [-p <pid file>] [-f <file>] [-o <out-file>]
zmmailboxdmgr And Threaddump - Prior to 5.0.10
Run this command as root
for i in 1 2 3; do /opt/zimbra/libexec/zmmailboxdmgr threaddump; sleep 30; done
/opt/zimbra/log/zmmailboxd.out will reflect the thread dumps.
Thread Dump Script Example 1
Usage of the below script:
- $0 FILENAME -dl [-frames #_ stack_frames] [-id REGEXP] [-all]
- $0 FILENAME -dt [-frames #_ stack_frames] [-sort id|state] [-stack REGEXP] [-id REGEXP] [-state REGEXP] [-waiting NUMBER]
- frames: controls the # lines of stack trace included in the output
- id: only include where the id matches REGEXP
- all: include ALL locks (not just ones that other threads are blocked-on)
- sort: controls the order threads are printed out (locks always printed in lock ID order)
- stack: only include threads where the thread's stack output matches REGEXP
- state: only include threads where the thread state (e.g. RUNNABLE) matches REGEXP
- waiting: only inclure threads are blocking other threads
Examples:
- $0 threads.txt -dt -stack MailboxIndex.java -state RUNNABLE -f 20
- -- dumps all RUNNABLE threads with MailboxIndex.java on the stack (1st 20 lines of the stack)
- $0 threads.txt -dt -stack MailboxIndex.java -state RUNNABLE -f 20
- $0 threads.txt -dl -f 0
- -- dumps the list of locks in the system that are blocking at least one thread
- $0 threads.txt -dl -f 0
- $0 threads.txt -dt -f 0 -sort state
- -- dumps a list of all the threads in the system and tells you their run state
- $0 threads.txt -dt -f 0 -sort state
- $0 threads.txt -dt -f 20 -w 1
- -- dumps a list of all the threads in the system that are blocking other threads (quick way to hunt for contention)
- $0 threads.txt -dt -f 20 -w 1
Working Example:
- threadDumpAnalyzer.pl zmmailboxd.out -dl -f 100 ~/Desktop
threadDumpAnalyzer.pl Script
#!/usr/bin/perl -w # # ***** BEGIN LICENSE BLOCK ***** # # Zimbra Collaboration Suite Server # Copyright (C) 2004, 2005, 2006, 2007 Zimbra, Inc. # # The contents of this file are subject to the Yahoo! Public License # Version 1.0 ("License"); you may not use this file except in # compliance with the License. You may obtain a copy of the License at # http://www.zimbra.com/license. # # Software distributed under the License is distributed on an "AS IS" # basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. # # ***** END LICENSE BLOCK ***** # use strict; use warnings; use Getopt::Long; my %locks; # by LockID - hash w/ 'owner','type' my %threads; # by threadId - hash w/ 'state' 'waitingOnLock' my $filename = $ARGV[0]; my ($dumpLocks, $dumpThreads, $searchThreadStack, $searchThreadId, $stackFrames, $sort, $filterByState, $allLocks); my ($waiting); $stackFrames = 10; $sort = "state"; GetOptions( "dl" => \$dumpLocks, "dt" => \$dumpThreads, "frames=s" => \$stackFrames, "sort=s" => \$sort, "id=s" => \$searchThreadId, "state=s" => \$filterByState, "stack=s" => \$searchThreadStack, "waiting=s" => \$waiting, "all" => \$allLocks, ); sub dumpLocks(); sub handleThread(); sub dumpThreads(); sub usage(); sub readFile($); sub getBlockedThreads($); if (!defined $filename) { usage(); } readFile($filename); if (defined $dumpLocks) { dumpLocks(); } elsif (defined $dumpThreads) { dumpThreads(); } else { usage(); } exit(0); sub usage() { my $usage = <<END_OF_USAGE; USAGE: $0 FILENAME -dl [-frames #_ stack_frames] [-id REGEXP] [-all] $0 FILENAME -dt [-frames #_ stack_frames] [-sort id|state] [-stack REGEXP] [-id REGEXP] [-state REGEXP] [-waiting NUMBER] frames: controls the # lines of stack trace included in the output id: only include where the id matches REGEXP all: include ALL locks (not just ones that other threads are blocked-on) sort: controls the order threads are printed out (locks always printed in lock ID order) stack: only include threads where the thread's stack output matches REGEXP state: only include threads where the thread state (e.g. RUNNABLE) matches REGEXP waiting: only inclure threads are blocking other threads Examples: $0 threads.txt -dt -stack MailboxIndex.java -state RUNNABLE -f 20 -- dumps all RUNNABLE threads with MailboxIndex.java on the stack (1st 20 lines of the stack) $0 threads.txt -dl -f 0 -- dumps the list of locks in the system that are blocking at least one thread $0 threads.txt -dt -f 0 -sort state -- dumps a list of all the threads in the system and tells you their run state $0 threads.txt -dt -f 20 -w 1 -- dumps a list of all the threads in the system that are blocking other threads (quick way to hunt for contention) END_OF_USAGE die $usage; } sub mySort($$) { my ($a, $b) = @_; if ($sort eq "state") { my $state1 = $threads{$a}{state}; my $state2 = $threads{$b}{state}; if (!defined $state1) { return 1; } elsif (!defined $state2) { return -1; } return $state1 cmp $state2; } else { return $a cmp $b; } } sub padToWidth($$) { my ($str, $width) = @_; if (!defined($str)) { $str = ""; } return sprintf "%-*s", $width, $str; } sub formatStackTrace($$) { my ($stack, $indent) = @_; my $ret; if ($stackFrames == 0) { return ""; } my $num = $stackFrames; foreach my $line (split /\n/, $stack) { if ($num <= 0) { return $ret; } $ret .= $indent.$line."\n"; $num--; } return $ret; } sub formatLock($) { my $lockId = shift; my $output = "$lockId - "; my $numData = 0; while (my ($k,$v) = each %{ $locks{$lockId}}) { $output .= " $k=$v"; $numData++; } if ($numData == 0) { $output .= " UNKNOWN"; } return $output; } sub formatThread($) { my $threadId = shift; if (!defined $threadId) { return ""; } my $foo = padToWidth($threadId, 50); if (!defined($foo) || $foo eq "") { $foo = "ASDF"; } my $bar = $threads{$threadId}{state}; if (!defined($bar) || $bar eq "") { $bar = "HJKL"; } my $ret = $foo.$bar."\n"; if (defined $threads{$threadId}{waitingOnLock}) { $ret .= "\tWaiting for: ".formatLock($threads{$threadId}{waitingOnLock})."\n"; } my @blockedThreads = getBlockedThreads($threadId); for my $blockedThread (sort @blockedThreads) { $ret .= "\t$blockedThread is waiting on this thread\n"; } $ret .= formatStackTrace($threads{$threadId}{stack}, "\t "); if ($stackFrames > 0) { $ret .= "\n"; } return $ret; } # given a lockId, return a list of the threads that are blocked on it sub getLockWaiters($) { my $lockId = shift; my @ret; while (my ($threadId,$thread) = each %threads ) { if (defined $thread->{waitingOnLock} && $thread->{waitingOnLock} eq $lockId) { push @ret, $threadId; } } return @ret; } sub getLockOwner($) { my $lockId = shift; if (defined $locks{$lockId} && defined $locks{$lockId}{owner}) { return $locks{$lockId}{owner}; } else { return ""; } } # given a threadId, get a list of all other threads that are blocked # on locks it is holding sub getBlockedThreads($) { my $threadId = shift; my @ret; foreach my $lockId ( sort keys %locks ) { if (getLockOwner($lockId) eq $threadId) { # a lock we own my @blockedThreads = getLockWaiters($lockId); foreach my $blockedThread (@blockedThreads) { push @ret, $blockedThread; push @ret, getBlockedThreads($blockedThread); #recurse! } } } return @ret; } sub dumpLocks() { foreach my $lockId ( sort keys %locks ) { my $ret = ""; my $numWaiters = 0; $ret .= "LOCK: $lockId "; while (my ($k,$v) = each %{ $locks{$lockId}}) { $ret .= "$k=$v, "; } $ret .= "\n"; while (my ($threadId,$thread) = each %threads ) { if (defined $thread->{waitingOnLock} && $thread->{waitingOnLock} eq $lockId) { $ret .= "\tThread $threadId is waiting for this lock\n"; $numWaiters++; } } $ret .= formatStackTrace($threads{getLockOwner($lockId)}{stack}, "\t"); if (!defined $searchThreadId || $lockId =~ /$searchThreadId/) { if ($numWaiters > 0 || defined $allLocks) { if ($stackFrames > 0) { $ret .= "\n"; } print $ret; } } } } sub dumpThreads() { foreach my $threadId ( sort { mySort($a, $b) } keys %threads ) { if (!defined $threadId) { # continue } elsif (defined $searchThreadStack && $threads{$threadId}{stack} !~ /$searchThreadStack/) { # continue } elsif (defined $searchThreadId && $threadId !~ /$searchThreadId/) { # continue } elsif (defined $filterByState && $threads{$threadId}{state} !~ /$filterByState/) { # continue } elsif (defined $waiting && getBlockedThreads($threadId) < $waiting) { # continue } else { print formatThread($threadId); } } } sub readFile($) { my $filename = shift; open IN, '<', $filename or die "couldn't open $filename"; my @curThread; while (<>) { chomp; s/\r//g; if ($_ eq "") { if (@curThread) { my $threadId; my @locksHeld; my $waitingOnLock; my $threadState; my $output; my $firstLineState; # 1stline my $line = shift @curThread; $output .= "$line\n"; if ($line =~ /"(.*)"/) { $threadId = $1; if ($line =~/nid=0x[0-9a-f]+\s([a-zA-Z\s\.()]+)/) { $threads{$threadId}{state} = $1; } } else { $threadId = $line; } if ($threadId eq "") { $threadId = "none"; } # 2nd line $line = shift @curThread; if (defined $line) { $output .= "$line\n"; if ($line =~ /State: ([A-Z_]+)/) { $threadState = $1; $threads{$threadId}{state} = $1; } foreach $line (@curThread) { $output .= "$line\n"; if ($line =~ /locked <(0x[0-9a-f]+)>\s?(.*)?/) { push @locksHeld, $1; $locks{$1}{owner} = $threadId; $locks{$1}{type} = $2; } elsif ($line =~ /- waiting to lock <(0x[0-9a-f]+)>/) { $waitingOnLock = $1; $threads{$threadId}{waitingOnLock} = $1; } elsif ($line =~ /- waiting to lock <(0x[0-9a-f]+)>/) { $waitingOnLock = $1; $threads{$threadId}{waitingOnLock} = $1; } } } else { $threads{$threadId}{state} = "unknown"; } $threads{$threadId}{stack} = $output; @curThread = (); } } else { push @curThread, $_; } } close IN; }
Thread Dump Script Example 2
The following script generates five thread dumps within one minute:
#!/bin/bash # # Dump 5 threads and proc stats for mailboxd Java PID in one minute. # Daily output written to /tmp/zmperiodic-YYYYMMDD # # Execute the script with cron # crontab: * * * * * /tmp/zmperiodic.sh DUMPDIR="/tmp/zmperiodic-$(date '+%Y%m%d')" if [ ! -d $DUMPDIR ] then mkdir $DUMPDIR fi for ((i=0; i<5; i++)) do echo "" > /opt/zimbra/log/zmmailboxd.out STAMP=$(date '+%Y%m%d.%H%M%S') JPID=$(cat /opt/zimbra/log/zmmailboxd_java.pid) kill -3 $JPID sleep 1 cp /opt/zimbra/log/zmmailboxd.out $DUMPDIR/zmmailboxd.out-$STAMP cat /proc/$JPID/task/*/stat > $DUMPDIR/proc-stats-$STAMP if [ $i -ne 4 ] then sleep 11 else exit fi done
It should be placed in cron so that it runs every minute. The output data will be placed in a directory named /tmp/zmperiodic-YYYYMMDD. This data will consist of thread dumps along with thread data from /proc.
Heap Dump Specific Commands
jmap And JDK 1.6
Go here:
http://java.sun.com/javase/downloads/index.jsp
Select:
- Java SE Development Kit (JDK)
- JDK 6 Update 13
Choose Example Is Using x64 Binary - Adjust If Using x32:
- Linux x64
- jdk-6u13-linux-x64.bin *DO NOT choose RPM download*
Place jdk-6u13-linux-x64.bin in /tmp on the ZCS server.
Install JDK 1.6 as root. Executing the bin file prompt you to agree to a license agreement. The installer will create a directory named jdk1.6.0_13 and extract contents to that directory. This process does not interfere with ZCS.
cd /opt/zimbra /tmp/jdk-6u13-linux-x64.bin chown -R zimbra:zimbra jdk1.6.0_13
Next, stop ZCS services with zmcontrol, destroy the java symlink and symlink JDK 1.6 to java.
su - zimbra zmcontrol stop exit rm -rf java ln -s jdk1.6.0_13 java zmcontrol start
You can now run your zmdiaglog with greater efficiency. Alternatively, you can generate heap dumps manually with jmap (as zimbra this time).
su - zimbra -c '/opt/zimbra/java/bin/jmap -dump:live,file=/tmp/heapdump.live $(cat /opt/zimbra/log/zmmailboxd_java.pid)'
Rollback at any time by shutting down services with zmcontrol and pointing the java symlink back to jdk1.5.
zmdbintegrityreport
Resources:
Trouble Shooting Memory Issues
Basic Commands To Gather Data
PS
Try adjusting the ps output:
ps -eo pid,ppid,rss,vsize,pcpu,pmem,cmd -ww --sort=pid
- RSS (Resident Set Size) - The portion of a process that exists in physical memory (RAM). The rest of the program exists in swap. If the computer has not used swap, this number will be equal to VSIZE. RSS per unit time will show how much RAM the process is using over time.
- VSIZE (Virtual memory SIZE) - The amount of memory the process is currently using. This includes the amount in RAM and the amount in swap. VSIZE per unit time will show how large the process is over time.
Free
Using Free:
free -o
- [ -o ] Disables the display of a "buffer adjusted" line. If the -o option is not specified, free subtracts buffer memory from the used memory and adds it to the free memory reported.
- "Memory Used" per unit time will show the "Memory Used" asymptotically approach the total amount of memory in the system under heavy use. This is normal, as RAM unused is RAM wasted.
- "Memory Used - Memory Buffered - Memory Cached" per unit time will give a good sense of the memory use of your applications minus the effects of your operating system. As you start new applications, this value should go up. As you quit applications, this value should go down. If an application has a severe memory leak, this line will have a positive slope.
- "Swap Used" per unit time will display the swap usage. When the system is low on RAM, a program called kswapd will swap parts of process if they haven't been used for some time. If the amount of swap continues to climb at a steady rate, you may have a memory leak or you might need more RAM.
You could also use watch with free to poll it:
watch free
- or
watch -n 1 -d free
Top
Top is nice, put you want to save output. Do the [-b batch] and [-n number of iterations] variables:
top -b -n1 > /tmp/top-output.txt
One could add into cron if you want to get top output every 5 minutes like this for example [Would would need to confirm the directory structure and perms to write in it our correct]:
crontab -e ** add the following line
*/5 * * * * top -b -n1 > /opt/zimbra/support/data/tops/top-`date +\%F-\%H-\%M`.txt
This is a nice addition to include in the Ajcody-Logging#Like_To_Have_zmstat-chart_Data_Integrated_With_Zimbra setup. Where you would place the data underneath the root http directory.
Vmstat
Gives a good overview as well:
vmstat
- The process-related fields are:
- r — The number of runnable processes waiting for access to the CPU
- b — The number of processes in an uninterruptible sleep state
- w — The number of processes swapped out, but runnable
- The memory-related fields are:
- swpd — The amount of virtual memory used
- free — The amount of free memory
- buff — The amount of memory used for buffers
- cache — The amount of memory used as page cache
- The swap-related fields are:
- si — The amount of memory swapped in from disk
- so — The amount of memory swapped out to disk
- The I/O-related fields are:
- bi — Blocks sent to a block device
- bo— Blocks received from a block device
- The system-related fields are:
- in — The number of interrupts per second
- cs — The number of context switches per second
- The CPU-related fields are:
- us — The percentage of the time the CPU ran user-level code
- sy — The percentage of the time the CPU ran system-level code
- id — The percentage of the time the CPU was idle
Polling data with vmstat:
vmstat 1 10
- Displays one new line per second, but only for the next ten seconds
Meminfo
See below for description of the output for meminfo:
Featured Article: /proc/meminfo Explained
Do the following:
cat /proc/meminfo
Non-Zimbra Tools
Caution : None of this is supported by the Zimbra Support team. However it might prove useful, and depending on how much I can document these tools - who knows, maybe we can start using them more directly in the support process.
Debugging Tools
- Opensourcetesting.org - General Site with News and Tools
- MAT - Memory Analyzer Tool
- MAT w/ Eclipse
- http://www.eclipse.org/mat/
- Adding this to the startup settings of zimbra
-XX:+HeapDumpOnOutOfMemoryError
-XX:HeapDumpPath=/opt/zimbra/log/dumps/
- dumps out of mem heap. That file you can then load into MAT.
- Adding this to the startup settings of zimbra
- http://www.eclipse.org/mat/
- MAT w/ Eclipse
- Hat - the Haskell Tracer
- Linux
/proc/sys/kernel/core_pattern
- By setting
/proc/sys/kernel/core_pattern
, one can run a user-level program before a process dies to gather additional debugging information. - A pipe is opened and attached to your script. The kernel writes the coredump to the pipe. Your script can read it and write it to storage.
- Your script can attach GDB, get a backtrace, run pstack, dump open file descriptors, etc.
- For detailed explanation + script: http://timetobleed.com/an-obscure-kernel-feature-to-get-more-info-about-dying-processes/
- By setting
Automate Testing / Load Testing
- Mstone - is a multi-protocol stress and performance measurement tool. Mstone can test multiple protocols (e.g. POP and SMTP) simultaneously and measures the performance of every transaction. The performance can be graphed throughout the duration of the test.
- Selenium - is a suite of tools to automate web app testing across many platforms.
- Postal - to benchmark SMTP servers.