Domain Disclaimer Extension Admin UI

We are doing this project for integrate a system/wide domain signature (disclaimer) in Zimbra.

I did write a small tutorial for add a domain disclaimer using altermime. First of all, i recommend to read my Zimbra wiki about domain disclaimers and altermime:

http://wiki.zimbra.com/index.php?title=Adding_a_disclaimer_%28altermime%29_or_footer

Now, we are going to integrate this domain signature to the Zimbra Admin interface.

Note: this project have been tested on Zimbra NE 5.0 R2 on Red Hat/CentOS 4.x. We are working on this project, this howto is under construction...

Manual Install

Altermime Install


  • 2) Compile
  make


  • 3) Install altermime
  cp altermime /usr/bin/
  chown root.root /usr/bin/altermime
  chmod 755 /usr/bin/altermime


  • 4) Create a filter directory
  mkdir -p /opt/zimbra/var/spool/filter
  chown zimbra.zimbra /opt/zimbra/var/spool/filter/
  chmod 750 /opt/zimbra/var/spool/filter/


5) Create disclaimers directory

  mkdir -p /opt/zimbra/postfix/conf/disclaimers
  chown -R zimbra.zimbra /opt/zimbra/postfix/conf/disclaimers


Zimbra Postfix Configuration

  • 6) Backup you master.cf file
  cp /opt/zimbra/postfix/conf/master.cf /opt/zimbra/postfix/conf/master.cf.orig


  • 7) Modify /opt/zimbra/postfix/conf/master.cf
  smtp      inet  n       -       n       -       -       smtpd
      -o content_filter=dfilt:
  dfilt   unix    -       n       n       -       -       pipe
      flags=Rq user=filter argv=/opt/zimbra/postfix/conf/disclaimer -f ${sender} -- ${recipient}

OPTION. To ensure disclaimer is added only to outbound mail:

   192.168.0.1:smtp    inet  n       -       n       -       -       smtpd
   192.168.0.2:smtp    inet  n       -       n       -       -       smtpd
      -o content_filter=dfilt:
   127.0.0.1:smtp      inet  n       -       n       -       -       smtpd
      -o content_filter=dfilt:
   dfilt   unix    -       n       n       -       -       pipe
   flags=Rq user=filter argv=/opt/zimbra/postfix/conf/disclaimer -f ${sender} -- ${recipient}

The first IP (192.168.0.1) should be the Incoming IP of the Zimbra server.
The second IP (192.168.0.2) should be the Outgoing IP of the Zimbra server.


  • 8) Restart Zimbra postfix (as zimbra user)
  zmmtactl stop
  zmmtactl start


Extending LDAP Schema

  • 9) You need to extend your LDAP schema: Edit /opt/zimbra/openldap/etc/openldap/schema/zimbra.schema

And add (line 40 aprox):

  objectIdentifier zimbraDomainPrefMailSignatureHTML ZimbraAttrType:656
  objectIdentifier zimbraDomainPrefMailSignature ZimbraAttrType:657
  objectIdentifier zimbraDomainPrefMailSignatureEnabled ZimbraAttrType:658

Line 3417 aprox.

  # Domain Disclaimer
  attributetype ( zimbraDomainPrefMailSignatureHTML
     NAME ( 'zimbraDomainPrefMailSignatureHTML' )
     DESC 'domain signature'
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
     EQUALITY caseIgnoreMatch
     SUBSTR caseIgnoreSubstringsMatch
     SINGLE-VALUE)
  attributetype ( zimbraDomainPrefMailSignature
     NAME ( 'zimbraDomainPrefMailSignature' )
     DESC 'domain signature'
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
     EQUALITY caseIgnoreMatch
     SUBSTR caseIgnoreSubstringsMatch
     SINGLE-VALUE)
  
  attributetype ( zimbraDomainPrefMailSignatureEnabled
     NAME ( 'zimbraDomainPrefMailSignatureEnabled' )
     DESC 'domain signature enabled'
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
     EQUALITY booleanMatch
     SINGLE-VALUE)

In: objectclass ( zimbraDomain (Line 5274 aprox)

  ...
  zimbraDomainPrefMailSignatureEnabled $
  zimbraDomainPrefMailSignature $
  zimbraDomainPrefMailSignatureHTML $
  ...


  • 10) Restart your LDAP service (as zimbra user):
  /opt/zimbra/bin/ldap stop
  /opt/zimbra/bin/ldap start


  • 11) Add a signature for your domain (as zimbra user):
  zmprov md mydomain.com zimbraDomainPrefMailSignatureEnabled TRUE
  zmprov md mydomain.com zimbraDomainPrefMailSignature "This is a domain disclaimer for mydomain.com"
  zmprov md mydomain.com zimbraDomainPrefMailSignatureHTML "This is a HTML domain disclaimer for mydomain.com"


  • 12) Check for your domain disclaimer (as zimbra user):
  zmprov gd mydomain.com

You will see:

  ...
  zimbraDomainPrefMailSignature: This is a domain disclaimer for mydomain.com
  zimbraDomainPrefMailSignatureHTML: This is a domain disclaimer for mydomain.com
  zimbraDomainPrefMailSignatureEnabled: TRUE
  ...

In this moment, you can enable and set a Domain Signature in your Zimbra LDAP!!!.

Disclaimer Script

  • 13) Create /opt/zimbra/postfix/conf/disclaimer file.

This is the last version (0.0.2) of /opt/zimbra/postfix/conf/disclaimer script:

  #!/bin/sh
  INSPECT_DIR=/opt/zimbra/var/spool/filter
  SENDMAIL=/opt/zimbra/postfix/sbin/sendmail
  ZIMBRA_HOME="/opt/zimbra"
  POSTFIX_HOME="$ZIMBRA_HOME/postfix/conf"
  DISCLAIMER_HOME="$POSTFIX_HOME/disclaimers"
  
  # Exit codes from <sysexits.h>
  EX_TEMPFAIL=75
  EX_UNAVAILABLE=69
  
  # Clean up when done or when aborting.
  trap "rm -f in.$$" 0 1 2 3 15
  
  # Start processing.
  cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; }
  
  cat > in.$$ || { echo Cannot save mail to file; exit $EX_TEMPFAIL; }
  
  # obtain domain name From
  domain=`grep "From:" in.$$ | cut -d "@" -f 2 | cut -d ">" -f 1`
  
  # check for attribute "zimbraDomainPrefMailSignatureEnabled"
  enable=`/opt/zimbra/bin/zmprov gd $domain | grep zimbraDomainPrefMailSignatureEnabled | awk '{print $2}'`
  
  if [ ! -z $enable ]; then                    # if not empty
       if [ $enable == "TRUE" ]; then          # if value = TRUE
          echo "TRUE"
          # Add a disclaimer to the mail
          /usr/bin/altermime --input=in.$$ --disclaimer=$DISCLAIMER_HOME/$domain \
             --disclaimer-html=$DISCLAIMER_HOME/$domain.html \
             --xheader="X-Copyrighted-Material: Please visit http://www.$domain/privacy.htm" || { echo Message content rejected; exit $EX_UNAVAILABLE; }
       else
               echo "FALSE"                    # value is FALSE
       fi
  else
       echo "NONE"                             # domain doesn't have LDAP attributes
  fi
     
  $SENDMAIL -i "$@" < in.$$
  
  exit $?


  • 14) Set permissions
  chgrp zimbra /opt/zimbra/postfix/conf/disclaimer
  chmod 750 /opt/zimbra/postfix/conf/disclaimer

CheckSignatures script

Now, we are going to write a script for check domain signature for each domain, and save the zimbraDomainPrefMailSignature attribute into a text file, because altermime script can’t read from LDAP directly and need a text file to use. This script must be added to crontab.

  • 15) Install perl RPMS
  perl-Convert-ASN1-0.18-3.noarch.rpm
  perl-HTML-Parser-3.35-6.i386.rpm
  perl-HTML-Tagset-3.03-30.noarch.rpm
  perl-IO-Socket-SSL-1.12-1.el4.rf.noarch.rpm
  perl-LDAP-0.34-1.el4.rf.noarch.rpm
  perl-libwww-perl-5.79-5.noarch.rpm
  perl-Net-SSLeay-1.32-1.el4.rf.i386.rpm
  perl-URI-1.30-4.noarch.rpm
  perl-XML-NamespaceSupport-1.09-1.2.el4.rf.noarch.rpm
  perl-XML-SAX-0.16-1.el4.rf.noarch.rpm

Note: this RPMs can be downloaded from:

  http://apt.sw.be/redhat/el4/en/i386/RPMS.dag/
  http://mirror.centos.org/centos/4/os/i386/CentOS/RPMS/


  • 16) Create /opt/zimbra/postfix/conf/check_disclaimers.sh script:
  #!/bin/bash
  
  # Results:
  #    TRUE: domain have a signature enabled
  #    FALSE: domain don't have a signature enabled
  #    NONE: domain don't have LDAP attributes for domain signature
     
  ZIMBRA_HOME="/opt/zimbra"
  POSTFIX_HOME="$ZIMBRA_HOME/postfix/conf"
  DISCLAIMER_HOME="$POSTFIX_HOME/disclaimers"
  
  # check for every domain
  for domain in `/opt/zimbra/bin/zmprov gad`; do
     echo -ne "Domain: $domain \t"
     dom=`echo $domain | cut -d "." -f 1`         # get only subdomain
  
     # check for attribute "zimbraDomainPrefMailSignatureEnabled"
     enable=`/opt/zimbra/bin/zmprov gd $domain | grep zimbraDomainPrefMailSignatureEnabled | awk '{print $2}'`
  
     if [ ! -z $enable ]; then                    # if not empty
          if [ $enable == "TRUE" ]; then          # if value = TRUE
                  echo "TRUE"
                  # save the domain signature value into a text file
                  $POSTFIX_HOME/read_from_ldap.pl $domain $DISCLAIMER_HOME/$domain
          else
                  echo "FALSE"                    # value is FALSE
                  # delete text file if exists
                  if [ -f $DISCLAIMER_HOME/$domain ]; then
                          rm -f $DISCLAIMER_HOME/$domain
                  fi
          fi
     else
          echo "NONE"                             # domain doesn't have LDAP attributes
          # delete text file if exists
          if [ -f $DISCLAIMER_HOME/$domain ]; then
                  rm -f $DISCLAIMER_HOME/$domain
          fi
     fi
  
  done


  • 17) Create /opt/zimbra/postfix/conf/read_from_ldap.pl script (Thanks Pato!!!)

Don’t forget to set $server (your_ldap_server) and $pass (your_ldap_password) variables.

  #!/usr/bin/perl -w
  # don't forget to check $server and $pass variables!!!
  
  use strict;
  use Net::LDAP;
  
  # Fixed Variables
  my $server="X.X.X.X";
  my $user="uid=zimbra,cn=admins,cn=zimbra";
  my $pass="xxxxxx";
  
  # Variables
  my @domain = split(/\./,$ARGV[0]);
  my ($sub,$top) = @domain;
  my $tmpfile = $ARGV[1];
  
  if (!$ARGV[1] || !$ARGV[0]){
      print "\n\tUse: read_from_ldap.pl domain file\n\n";
      exit();
  }
  
  my $ldap = Net::LDAP->new("$server");
  my $mesg = $ldap->bind("$user", password => "$pass");
  
  $mesg = $ldap->search (
          base => "dc=$sub,dc=$top",
          filter => "(&(objectClass=zimbraDomain) (dc=$sub))",
          attrs => ['zimbraDomainPrefMailSignature']
      );
  
  foreach ($mesg->entries) {
          my @result= $_->{'asn'}->{'attributes'};
          if($result[0][0]{'vals'}[0]){
              open (TMPFILE,">$tmpfile");
              print TMPFILE "---------------------------------------------------\n";
              print TMPFILE "$result[0][0]{'vals'}[0]\n";
          }
          else {
              print "No signature\n"
          }
  };
  
  $mesg = $ldap->search (
          base => "dc=$sub,dc=$top",
          filter => "(&(objectClass=zimbraDomain) (dc=$sub))",
          attrs => ['zimbraDomainPrefMailSignatureHTML']
      );
  
  foreach ($mesg->entries) {
          my @result= $_->{'asn'}->{'attributes'};
          if($result[0][0]{'vals'}[0]){
              open (TMPFILE2,">$tmpfile.html");
              print TMPFILE2 "---------------------------------------------------
\n"; print TMPFILE2 "$result[0][0]{'vals'}[0]\n"; } else { print "No HTML signature\n" } }; $mesg = $ldap->unbind;


  • 8) Add execution permissions:
  chmod 755 /opt/zimbra/postfix/conf/check_disclaimers.sh
  chmod 755 /opt/zimbra/postfix/conf/read_from_ldap.pl


  • 19) Add this script in a crontab (as root user):

Create /etc/cron.hourly/check_disclaimer

  #!/bin/bash
  /opt/zimbra/postfix/conf/check_disclaimers.sh

Add excecution permissions:

  chmod 755 /etc/cron.hourly/check_disclaimer


Admin Extension for Zimbra UI

This is my disclaimer Admin Extension. This extension add a Disclaimer Tab into domain configuration.

With this extension you can enable and set the Domain Disclaimers. (Thanks Greg!!!)

Download http://wiki.zimbra.com/images/8/81/Disclaimer.zip disclaimer.zip file, and Deploy it into Zimbra Admin Extension.

Automatic Script Installation

Download from http://wiki.zimbra.com/images/2/26/Zimbra_altermime_0.0.2.zip the automatic install script (actual version: 0.0.2)

Unzip

  unzip zimbra_altermime_install_0.0.2.zip
  cd zimbra_altermime_install_0.0.2

Execute

  ./install.sh

This a view of Domain Disclaimer Admin Extension:

Disclaimer extension.jpg

Troubleshooting

Email doesn't work

  • Check you zimbra logs:

/var/log/zimbra.log

  • Check you master.cf file:

/opt/zimbra/postfix/conf/master.cf

Don't add a disclaimer into emails

--
Daniel Eugenin M.
IT Linux

Jump to: navigation, search