Domain Disclaimer Extension Admin UI
We are doing this project for integrate a system/wide domain signature (disclaimer) in Zimbra.
I did write a small tutorial for add a domain disclaimer using altermime. First of all, i recommend to read my Zimbra wiki about domain disclaimers and altermime:
http://wiki.zimbra.com/index.php?title=Adding_a_disclaimer_%28altermime%29_or_footer
Now, we are going to integrate this domain signature to the Zimbra Admin interface.
Note: this project have been tested on Zimbra NE 5.0 R2 on Red Hat/CentOS 4.x. We are working on this project, this howto is under construction...
Manual Install
Altermime Install
- 1) Download altermime from http://www.pldaniels.com/altermime/
- 2) Compile
make
- 3) Install altermime
cp altermime /usr/bin/ chown root.root /usr/bin/altermime chmod 755 /usr/bin/altermime
- 4) Create a filter directory
mkdir -p /opt/zimbra/var/spool/filter chown zimbra.zimbra /opt/zimbra/var/spool/filter/ chmod 750 /opt/zimbra/var/spool/filter/
5) Create disclaimers directory
mkdir -p /opt/zimbra/postfix/conf/disclaimers chown -R zimbra.zimbra /opt/zimbra/postfix/conf/disclaimers
Zimbra Postfix Configuration
- 6) Backup you master.cf file
cp /opt/zimbra/postfix/conf/master.cf /opt/zimbra/postfix/conf/master.cf.orig
- 7) Modify /opt/zimbra/postfix/conf/master.cf
smtp inet n - n - - smtpd -o content_filter=dfilt: dfilt unix - n n - - pipe flags=Rq user=filter argv=/opt/zimbra/postfix/conf/disclaimer -f ${sender} -- ${recipient}
OPTION. To ensure disclaimer is added only to outbound mail:
192.168.0.1:smtp inet n - n - - smtpd 192.168.0.2:smtp inet n - n - - smtpd -o content_filter=dfilt: 127.0.0.1:smtp inet n - n - - smtpd -o content_filter=dfilt: dfilt unix - n n - - pipe flags=Rq user=filter argv=/opt/zimbra/postfix/conf/disclaimer -f ${sender} -- ${recipient}
The first IP (192.168.0.1) should be the Incoming IP of the Zimbra server.
The second IP (192.168.0.2) should be the Outgoing IP of the Zimbra server.
- 8) Restart Zimbra postfix (as zimbra user)
zmmtactl stop zmmtactl start
Extending LDAP Schema
- 9) You need to extend your LDAP schema: Edit /opt/zimbra/openldap/etc/openldap/schema/zimbra.schema
And add (line 40 aprox):
objectIdentifier zimbraDomainPrefMailSignatureHTML ZimbraAttrType:656 objectIdentifier zimbraDomainPrefMailSignature ZimbraAttrType:657 objectIdentifier zimbraDomainPrefMailSignatureEnabled ZimbraAttrType:658
Line 3417 aprox.
# Domain Disclaimer attributetype ( zimbraDomainPrefMailSignatureHTML NAME ( 'zimbraDomainPrefMailSignatureHTML' ) DESC 'domain signature' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SINGLE-VALUE)
attributetype ( zimbraDomainPrefMailSignature NAME ( 'zimbraDomainPrefMailSignature' ) DESC 'domain signature' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SINGLE-VALUE) attributetype ( zimbraDomainPrefMailSignatureEnabled NAME ( 'zimbraDomainPrefMailSignatureEnabled' ) DESC 'domain signature enabled' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 EQUALITY booleanMatch SINGLE-VALUE)
In: objectclass ( zimbraDomain (Line 5274 aprox)
... zimbraDomainPrefMailSignatureEnabled $ zimbraDomainPrefMailSignature $ zimbraDomainPrefMailSignatureHTML $ ...
- 10) Restart your LDAP service (as zimbra user):
/opt/zimbra/bin/ldap stop /opt/zimbra/bin/ldap start
- 11) Add a signature for your domain (as zimbra user):
zmprov md mydomain.com zimbraDomainPrefMailSignatureEnabled TRUE zmprov md mydomain.com zimbraDomainPrefMailSignature "This is a domain disclaimer for mydomain.com" zmprov md mydomain.com zimbraDomainPrefMailSignatureHTML "This is a HTML domain disclaimer for mydomain.com"
- 12) Check for your domain disclaimer (as zimbra user):
zmprov gd mydomain.com
You will see:
... zimbraDomainPrefMailSignature: This is a domain disclaimer for mydomain.com zimbraDomainPrefMailSignatureHTML: This is a domain disclaimer for mydomain.com zimbraDomainPrefMailSignatureEnabled: TRUE ...
In this moment, you can enable and set a Domain Signature in your Zimbra LDAP!!!.
Disclaimer Script
- 13) Create /opt/zimbra/postfix/conf/disclaimer file.
This is the last version (0.0.2) of /opt/zimbra/postfix/conf/disclaimer script:
#!/bin/sh INSPECT_DIR=/opt/zimbra/var/spool/filter SENDMAIL=/opt/zimbra/postfix/sbin/sendmail ZIMBRA_HOME="/opt/zimbra" POSTFIX_HOME="$ZIMBRA_HOME/postfix/conf" DISCLAIMER_HOME="$POSTFIX_HOME/disclaimers" # Exit codes from <sysexits.h> EX_TEMPFAIL=75 EX_UNAVAILABLE=69 # Clean up when done or when aborting. trap "rm -f in.$$" 0 1 2 3 15 # Start processing. cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; } cat > in.$$ || { echo Cannot save mail to file; exit $EX_TEMPFAIL; } # obtain domain name From domain=`grep "From:" in.$$ | cut -d "@" -f 2 | cut -d ">" -f 1` # check for attribute "zimbraDomainPrefMailSignatureEnabled" enable=`/opt/zimbra/bin/zmprov gd $domain | grep zimbraDomainPrefMailSignatureEnabled | awk '{print $2}'` if [ ! -z $enable ]; then # if not empty if [ $enable == "TRUE" ]; then # if value = TRUE echo "TRUE" # Add a disclaimer to the mail /usr/bin/altermime --input=in.$$ --disclaimer=$DISCLAIMER_HOME/$domain \ --disclaimer-html=$DISCLAIMER_HOME/$domain.html \ --xheader="X-Copyrighted-Material: Please visit http://www.$domain/privacy.htm" || { echo Message content rejected; exit $EX_UNAVAILABLE; } else echo "FALSE" # value is FALSE fi else echo "NONE" # domain doesn't have LDAP attributes fi $SENDMAIL -i "$@" < in.$$ exit $?
- 14) Set permissions
chgrp zimbra /opt/zimbra/postfix/conf/disclaimer chmod 750 /opt/zimbra/postfix/conf/disclaimer
CheckSignatures script
Now, we are going to write a script for check domain signature for each domain, and save the zimbraDomainPrefMailSignature attribute into a text file, because altermime script can’t read from LDAP directly and need a text file to use. This script must be added to crontab.
- 15) Install perl RPMS
perl-Convert-ASN1-0.18-3.noarch.rpm perl-HTML-Parser-3.35-6.i386.rpm perl-HTML-Tagset-3.03-30.noarch.rpm perl-IO-Socket-SSL-1.12-1.el4.rf.noarch.rpm perl-LDAP-0.34-1.el4.rf.noarch.rpm perl-libwww-perl-5.79-5.noarch.rpm perl-Net-SSLeay-1.32-1.el4.rf.i386.rpm perl-URI-1.30-4.noarch.rpm perl-XML-NamespaceSupport-1.09-1.2.el4.rf.noarch.rpm perl-XML-SAX-0.16-1.el4.rf.noarch.rpm
Note: this RPMs can be downloaded from:
http://apt.sw.be/redhat/el4/en/i386/RPMS.dag/ http://mirror.centos.org/centos/4/os/i386/CentOS/RPMS/
- 16) Create /opt/zimbra/postfix/conf/check_disclaimers.sh script:
#!/bin/bash # Results: # TRUE: domain have a signature enabled # FALSE: domain don't have a signature enabled # NONE: domain don't have LDAP attributes for domain signature ZIMBRA_HOME="/opt/zimbra" POSTFIX_HOME="$ZIMBRA_HOME/postfix/conf" DISCLAIMER_HOME="$POSTFIX_HOME/disclaimers" # check for every domain for domain in `/opt/zimbra/bin/zmprov gad`; do echo -ne "Domain: $domain \t" dom=`echo $domain | cut -d "." -f 1` # get only subdomain # check for attribute "zimbraDomainPrefMailSignatureEnabled" enable=`/opt/zimbra/bin/zmprov gd $domain | grep zimbraDomainPrefMailSignatureEnabled | awk '{print $2}'` if [ ! -z $enable ]; then # if not empty if [ $enable == "TRUE" ]; then # if value = TRUE echo "TRUE" # save the domain signature value into a text file $POSTFIX_HOME/read_from_ldap.pl $domain $DISCLAIMER_HOME/$domain else echo "FALSE" # value is FALSE # delete text file if exists if [ -f $DISCLAIMER_HOME/$domain ]; then rm -f $DISCLAIMER_HOME/$domain fi fi else echo "NONE" # domain doesn't have LDAP attributes # delete text file if exists if [ -f $DISCLAIMER_HOME/$domain ]; then rm -f $DISCLAIMER_HOME/$domain fi fi done
- 17) Create /opt/zimbra/postfix/conf/read_from_ldap.pl script (Thanks Pato!!!)
Don’t forget to set $server (your_ldap_server) and $pass (your_ldap_password) variables.
#!/usr/bin/perl -w # don't forget to check $server and $pass variables!!! use strict; use Net::LDAP; # Fixed Variables my $server="X.X.X.X"; my $user="uid=zimbra,cn=admins,cn=zimbra"; my $pass="xxxxxx"; # Variables my @domain = split(/\./,$ARGV[0]); my ($sub,$top) = @domain; my $tmpfile = $ARGV[1]; if (!$ARGV[1] || !$ARGV[0]){ print "\n\tUse: read_from_ldap.pl domain file\n\n"; exit(); } my $ldap = Net::LDAP->new("$server"); my $mesg = $ldap->bind("$user", password => "$pass"); $mesg = $ldap->search ( base => "dc=$sub,dc=$top", filter => "(&(objectClass=zimbraDomain) (dc=$sub))", attrs => ['zimbraDomainPrefMailSignature'] ); foreach ($mesg->entries) { my @result= $_->{'asn'}->{'attributes'}; if($result[0][0]{'vals'}[0]){ open (TMPFILE,">$tmpfile"); print TMPFILE "---------------------------------------------------\n"; print TMPFILE "$result[0][0]{'vals'}[0]\n"; } else { print "No signature\n" } }; $mesg = $ldap->search ( base => "dc=$sub,dc=$top", filter => "(&(objectClass=zimbraDomain) (dc=$sub))", attrs => ['zimbraDomainPrefMailSignatureHTML'] ); foreach ($mesg->entries) { my @result= $_->{'asn'}->{'attributes'}; if($result[0][0]{'vals'}[0]){ open (TMPFILE2,">$tmpfile.html"); print TMPFILE2 "---------------------------------------------------
\n"; print TMPFILE2 "$result[0][0]{'vals'}[0]\n"; } else { print "No HTML signature\n" } }; $mesg = $ldap->unbind;
- 8) Add execution permissions:
chmod 755 /opt/zimbra/postfix/conf/check_disclaimers.sh chmod 755 /opt/zimbra/postfix/conf/read_from_ldap.pl
- 19) Add this script in a crontab (as root user):
Create /etc/cron.hourly/check_disclaimer
#!/bin/bash /opt/zimbra/postfix/conf/check_disclaimers.sh
Add excecution permissions:
chmod 755 /etc/cron.hourly/check_disclaimer
- 20) Replace (patch) your js files for Admin UI
This is a Greg patch for handling new attributes into Admin UI.
Download js.tgz from http://wiki.zimbra.com/images/4/46/Jetty_Js.zip
tar zcvf /opt/zimbra/jetty/webapps/zimbraAdmin/js.tgz /opt/zimbra/jetty/webapps/zimbraAdmin/js rm -rf /opt/zimbra/jetty/webapps/zimbraAdmin/js tar zxvf js.tgz -C /opt/zimbra/jetty/webapps/zimbraAdmin/ chown -R zimbra.zimbra /opt/zimbra/jetty/webapps/zimbraAdmin/js
Admin Extension for Zimbra UI
This is my disclaimer Admin Extension. This extension add a Disclaimer Tab into domain configuration.
With this extension you can enable and set the Domain Disclaimers. (Thanks Greg!!!)
Download http://wiki.zimbra.com/images/8/81/Disclaimer.zip disclaimer.zip file, and Deploy it into Zimbra Admin Extension.
Automatic Script Installation
Download from http://wiki.zimbra.com/images/2/26/Zimbra_altermime_0.0.2.zip the automatic install script (actual version: 0.0.2)
Unzip
unzip zimbra_altermime_install_0.0.2.zip cd zimbra_altermime_install_0.0.2
Execute
./install.sh
This a view of Domain Disclaimer Admin Extension:
Troubleshooting
Email doesn't work
- Check you zimbra logs:
/var/log/zimbra.log
- Check you master.cf file:
/opt/zimbra/postfix/conf/master.cf
Don't add a disclaimer into emails
--
Daniel Eugenin M.
IT Linux