Domain Disclaimer Extension Admin UI: Difference between revisions

Line 347: Line 347:


= Automatic Script Installation =
= Automatic Script Installation =
Download from http://wiki.zimbra.com/images/zimbra_altermime_install_0.0.2.zip de automatic install script  (actual version: 0.0.2)
Download from http://wiki.zimbra.com/images/zimbra_altermime_install_0.0.2.zip the automatic install script  (actual version: 0.0.2)


Unzip
Unzip

Revision as of 13:23, 30 November 2007

We are doing this project for integrate a system/wide domain signature (disclaimer) in Zimbra.

I did write a small tutorial for add a domain disclaimer using altermime. First of all, i recommend to read my Zimbra wiki about domain disclaimers and altermime:

http://wiki.zimbra.com/index.php?title=Adding_a_disclaimer_%28altermime%29_or_footer

Now, we are going to integrate this domain signature to the Zimbra Admin interface.

Note: this project have been tested on Zimbra NE 5.0 R2 on Red Hat/CentOS 4.x. We are working on this project, this howto is under construction...

Manual Install

Altermime Install


  • 2) Compile
  make


  • 3) Install altermime
  cp altermime /usr/bin/
  chown root.root /usr/bin/altermime
  chmod 755 /usr/bin/altermime


  • 4) Create a filter directory
  mkdir -p /opt/zimbra/var/spool/filter
  chown zimbra.zimbra /opt/zimbra/var/spool/filter/
  chmod 750 /opt/zimbra/var/spool/filter/


5) Create disclaimers directory

  mkdir -p /opt/zimbra/postfix/conf/disclaimers
  chown -R zimbra.zimbra /opt/zimbra/postfix/conf/disclaimers


Zimbra Postfix Configuration

  • 6) Backup you master.cf file
  cp /opt/zimbra/postfix/conf/master.cf /opt/zimbra/postfix/conf/master.cf.orig


  • 7) Modify /opt/zimbra/postfix/conf/master.cf
  smtp      inet  n       -       n       -       -       smtpd
      -o content_filter=dfilt:
  dfilt   unix    -       n       n       -       -       pipe
      flags=Rq user=filter argv=/opt/zimbra/postfix/conf/disclaimer -f ${sender} -- ${recipient}

OPTION. To ensure disclaimer is added only to outbound mail:

   192.168.0.1:smtp    inet  n       -       n       -       -       smtpd
   192.168.0.2:smtp    inet  n       -       n       -       -       smtpd
      -o content_filter=dfilt:
   127.0.0.1:smtp      inet  n       -       n       -       -       smtpd
      -o content_filter=dfilt:
   dfilt   unix    -       n       n       -       -       pipe
   flags=Rq user=filter argv=/opt/zimbra/postfix/conf/disclaimer -f ${sender} -- ${recipient}

The first IP (192.168.0.1) should be the Incoming IP of the Zimbra server.
The second IP (192.168.0.2) should be the Outgoing IP of the Zimbra server.


  • 8) Restart Zimbra postfix (as zimbra user)
  zmmtactl stop
  zmmtactl start


Extending LDAP Schema

  • 9) You need to extend your LDAP schema: Edit /opt/zimbra/openldap/etc/openldap/schema/zimbra.schema

And add (line 40 aprox):

  objectIdentifier zimbraDomainPrefMailSignatureHTML ZimbraAttrType:656
  objectIdentifier zimbraDomainPrefMailSignature ZimbraAttrType:657
  objectIdentifier zimbraDomainPrefMailSignatureEnabled ZimbraAttrType:658

Line 3417 aprox.

  # Domain Disclaimer
  attributetype ( zimbraDomainPrefMailSignatureHTML
     NAME ( 'zimbraDomainPrefMailSignatureHTML' )
     DESC 'domain signature'
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
     EQUALITY caseIgnoreMatch
     SUBSTR caseIgnoreSubstringsMatch
     SINGLE-VALUE)
  attributetype ( zimbraDomainPrefMailSignature
     NAME ( 'zimbraDomainPrefMailSignature' )
     DESC 'domain signature'
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
     EQUALITY caseIgnoreMatch
     SUBSTR caseIgnoreSubstringsMatch
     SINGLE-VALUE)
  
  attributetype ( zimbraDomainPrefMailSignatureEnabled
     NAME ( 'zimbraDomainPrefMailSignatureEnabled' )
     DESC 'domain signature enabled'
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
     EQUALITY booleanMatch
     SINGLE-VALUE)

In: objectclass ( zimbraDomain (Line 5274 aprox)

  ...
  zimbraDomainPrefMailSignatureEnabled $
  zimbraDomainPrefMailSignature $
  zimbraDomainPrefMailSignatureHTML $
  ...


  • 10) Restart your LDAP service (as zimbra user):
  /opt/zimbra/bin/ldap stop
  /opt/zimbra/bin/ldap start


  • 11) Add a signature for your domain (as zimbra user):
  zmprov md mydomain.com zimbraDomainPrefMailSignatureEnabled TRUE
  zmprov md mydomain.com zimbraDomainPrefMailSignature "This is a domain disclaimer for mydomain.com"
  zmprov md mydomain.com zimbraDomainPrefMailSignatureHTML "This is a HTML domain disclaimer for mydomain.com"


  • 12) Check for your domain disclaimer (as zimbra user):
  zmprov gd mydomain.com

You will see:

  ...
  zimbraDomainPrefMailSignature: This is a domain disclaimer for mydomain.com
  zimbraDomainPrefMailSignatureHTML: This is a domain disclaimer for mydomain.com
  zimbraDomainPrefMailSignatureEnabled: TRUE
  ...

In this moment, you can enable and set a Domain Signature in your Zimbra LDAP!!!.

Disclaimer Script

  • 13) Create /opt/zimbra/postfix/conf/disclaimer file.

This is the last version (0.0.1) of /opt/zimbra/postfix/conf/disclaimer script:

  #!/bin/sh
  INSPECT_DIR=/opt/zimbra/var/spool/filter
  SENDMAIL=/opt/zimbra/postfix/sbin/sendmail
  ZIMBRA_HOME="/opt/zimbra"
  POSTFIX_HOME="$ZIMBRA_HOME/postfix/conf"
  DISCLAIMER_HOME="$POSTFIX_HOME/disclaimers"
  
  # Exit codes from <sysexits.h>
  EX_TEMPFAIL=75
  EX_UNAVAILABLE=69
  
  # Clean up when done or when aborting.
  trap "rm -f in.$$" 0 1 2 3 15
  
  # Start processing.
  cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; }
  
  cat > in.$$ || { echo Cannot save mail to file; exit $EX_TEMPFAIL; }
  
  # obtain domain name From
  domain=`grep "From:" in.$$ | cut -d "@" -f 2 | cut -d ">" -f 1`
  
  # check for attribute "zimbraDomainPrefMailSignatureEnabled"
  enable=`/opt/zimbra/bin/zmprov gd $domain | grep zimbraDomainPrefMailSignatureEnabled | awk '{print $2}'`
  
  if [ ! -z $enable ]; then                    # if not empty
       if [ $enable == "TRUE" ]; then          # if value = TRUE
          echo "TRUE"
          # Add a disclaimer to the mail
          /usr/bin/altermime --input=in.$$ --disclaimer=$DISCLAIMER_HOME/$domain \
             --disclaimer-html=$DISCLAIMER_HOME/$domain.html \
             --xheader="X-Copyrighted-Material: Please visit http://www.$domain/privacy.htm" || { echo Message content rejected; exit $EX_UNAVAILABLE; }
       else
               echo "FALSE"                    # value is FALSE
       fi
  else
       echo "NONE"                             # domain doesn't have LDAP attributes
  fi
     
  $SENDMAIL -i "$@" < in.$$
  
  exit $?


  • 14) Set permissions
  chgrp zimbra /opt/zimbra/postfix/conf/disclaimer
  chmod 750 /opt/zimbra/postfix/conf/disclaimer

CheckSignatures script

Now, we are going to write a script for check domain signature for each domain, and save the zimbraDomainPrefMailSignature attribute into a text file, because altermime script can’t read from LDAP directly and need a text file to use. This script must be added to crontab.

  • 15) Install perl RPMS
  perl-Convert-ASN1-0.18-3.noarch.rpm
  perl-HTML-Parser-3.35-6.i386.rpm
  perl-HTML-Tagset-3.03-30.noarch.rpm
  perl-IO-Socket-SSL-1.12-1.el4.rf.noarch.rpm
  perl-LDAP-0.34-1.el4.rf.noarch.rpm
  perl-libwww-perl-5.79-5.noarch.rpm
  perl-Net-SSLeay-1.32-1.el4.rf.i386.rpm
  perl-URI-1.30-4.noarch.rpm
  perl-XML-NamespaceSupport-1.09-1.2.el4.rf.noarch.rpm
  perl-XML-SAX-0.16-1.el4.rf.noarch.rpm

Note: this RPMs can be downloaded from:

  http://apt.sw.be/redhat/el4/en/i386/RPMS.dag/
  http://mirror.centos.org/centos/4/os/i386/CentOS/RPMS/


  • 16) Create /opt/zimbra/postfix/conf/check_disclaimers.sh script:
  #!/bin/bash
  
  # Results:
  #    TRUE: domain have a signature enabled
  #    FALSE: domain don't have a signature enabled
  #    NONE: domain don't have LDAP attributes for domain signature
     
  ZIMBRA_HOME="/opt/zimbra"
  POSTFIX_HOME="$ZIMBRA_HOME/postfix/conf"
  DISCLAIMER_HOME="$POSTFIX_HOME/disclaimers"
  
  # check for every domain
  for domain in `/opt/zimbra/bin/zmprov gad`; do
     echo -ne "Domain: $domain \t"
     dom=`echo $domain | cut -d "." -f 1`         # get only subdomain
  
     # check for attribute "zimbraDomainPrefMailSignatureEnabled"
     enable=`/opt/zimbra/bin/zmprov gd $domain | grep zimbraDomainPrefMailSignatureEnabled | awk '{print $2}'`
  
     if [ ! -z $enable ]; then                    # if not empty
          if [ $enable == "TRUE" ]; then          # if value = TRUE
                  echo "TRUE"
                  # save the domain signature value into a text file
                  $POSTFIX_HOME/read_from_ldap.pl $domain $DISCLAIMER_HOME/$domain
          else
                  echo "FALSE"                    # value is FALSE
                  # delete text file if exists
                  if [ -f $DISCLAIMER_HOME/$domain ]; then
                          rm -f $DISCLAIMER_HOME/$domain
                  fi
          fi
     else
          echo "NONE"                             # domain doesn't have LDAP attributes
          # delete text file if exists
          if [ -f $DISCLAIMER_HOME/$domain ]; then
                  rm -f $DISCLAIMER_HOME/$domain
          fi
     fi
  
  done


  • 17) Create /opt/zimbra/postfix/conf/read_from_ldap.pl script (Thanks Pato!!!)

Don’t forget to set $server (your_ldap_server) and $pass (your_ldap_password) variables.

  #!/usr/bin/perl -w
  # don't forget to check $server and $pass variables!!!
  
  use strict;
  use Net::LDAP;
  
  # Fixed Variables
  my $server="X.X.X.X";
  my $user="uid=zimbra,cn=admins,cn=zimbra";
  my $pass="xxxxxx";
  
  # Variables
  my @domain = split(/\./,$ARGV[0]);
  my ($sub,$top) = @domain;
  my $tmpfile = $ARGV[1];
  
  if (!$ARGV[1] || !$ARGV[0]){
      print "\n\tUse: read_from_ldap.pl domain file\n\n";
      exit();
  }
  
  my $ldap = Net::LDAP->new("$server");
  my $mesg = $ldap->bind("$user", password => "$pass");
  
  $mesg = $ldap->search (
          base => "dc=$sub,dc=$top",
          filter => "(&(objectClass=zimbraDomain) (dc=$sub))",
          attrs => ['zimbraDomainPrefMailSignature']
      );
  
  foreach ($mesg->entries) {
          my @result= $_->{'asn'}->{'attributes'};
          if($result[0][0]{'vals'}[0]){
              open (TMPFILE,">$tmpfile");
              print TMPFILE "---------------------------------------------------\n";
              print TMPFILE "$result[0][0]{'vals'}[0]\n";
          }
          else {
              print "No signature\n"
          }
  };
  
  $mesg = $ldap->search (
          base => "dc=$sub,dc=$top",
          filter => "(&(objectClass=zimbraDomain) (dc=$sub))",
          attrs => ['zimbraDomainPrefMailSignatureHTML']
      );
  
  foreach ($mesg->entries) {
          my @result= $_->{'asn'}->{'attributes'};
          if($result[0][0]{'vals'}[0]){
              open (TMPFILE2,">$tmpfile.html");
              print TMPFILE2 "---------------------------------------------------
\n"; print TMPFILE2 "$result[0][0]{'vals'}[0]\n"; } else { print "No HTML signature\n" } }; $mesg = $ldap->unbind;


  • 8) Add execution permissions:
  chmod 755 /opt/zimbra/postfix/conf/check_disclaimers.sh
  chmod 755 /opt/zimbra/postfix/conf/read_from_ldap.pl


  • 19) Add this script in a crontab (as root user):

Create /etc/cron.hourly/check_disclaimer

  #!/bin/bash
  /opt/zimbra/postfix/conf/check_disclaimers.sh

Add excecution permissions:

  chmod 755 /etc/cron.hourly/check_disclaimer


Admin Extension for Zimbra UI

This is my disclaimer Admin Extension. This extension add a Disclaimer Tab into domain configuration.

With this extension you can enable and set the Domain Disclaimers. (Thanks Greg!!!)

Download disclaimer.zip file, and Deploy it into Zimbra Admin Extensions.



Automatic Script Installation

Download from http://wiki.zimbra.com/images/zimbra_altermime_install_0.0.2.zip the automatic install script (actual version: 0.0.2)

Unzip

  unzip zimbra_altermime_install_0.0.2.zip
  cd zimbra_altermime_install_0.0.2

Execute

  ./install.sh

This a view of Domain Disclaimer Admin Extension:

Disclaimer extension.jpg

Troubleshooting

Email doesn't work

Don't add a disclaimer into emails

Jump to: navigation, search