Difference between revisions of "King0770-Notes"

(External Authentication with LDAP)
(Articles by King0770)
 
(145 intermediate revisions by 5 users not shown)
Line 1: Line 1:
==Removing Messages with Zmmailbox based on the Subject==
+
==Articles by King0770==
  
<code><pre>
+
https://wiki.zimbra.com/index.php?title=King0770-Notes-Merge_Two_Independent_Machines<br>
#!/bin/bash
+
https://wiki.zimbra.com/index.php?title=King0770-Notes-MovingUsers<br>
# rm_message.sh user@domain.com subject
+
https://wiki.zimbra.com/index.php?title=King0770-Notes-Change-LDAP-Log-Levels<br>
if [ -z "$2" ]; then
+
https://wiki.zimbra.com/index.php?title=King0770-Notes-Postconf_or_localconfig<br>
echo "usage: rm_message.sh user@domain.com <subject>"
+
https://wiki.zimbra.com/index.php?title=King0770-Notes-Bulk_Upload_To_Briefcase<br>
exit 0
+
https://wiki.zimbra.com/index.php?title=King0770-Notes-Sieve_Rules_By_Proxy<br>
else
+
https://wiki.zimbra.com/index.php?title=King0770-Notes-Find_Out_When_Message_Was_Read<br>
addr=$1
+
https://wiki.zimbra.com/index.php?title=King0770-Notes-FireFox_MimeTypes<br>
subject=$2
+
https://wiki.zimbra.com/index.php?title=King0770-Notes-SearchGal-Edit<br>
echo "Searching $addr  for Subject:  $subject"
+
https://wiki.zimbra.com/index.php?title=King0770-Notes-ZCO-Repair<br>
for msg in `zmmailbox -z -m "$addr" s -l 999 -t message "subject:$subject"|awk '{ if (NR!=1) {print}}' | grep -v -e Id -e "-" -e "^$" | awk '{ print $2 }'`
+
https://wiki.zimbra.com/index.php?title=King0770-Notes-Download-JDK<br>
  do
+
https://wiki.zimbra.com/index.php?title=King0770-Notes-Drop-Single-Mboxgroup-and-Reimport<br>
echo "Removing "$msg""
+
https://wiki.zimbra.com/index.php?title=King0770-Notes-When_innodb_force_recovery_Fails<br>
zmmailbox -z -m $1 dm $msg
+
https://wiki.zimbra.com/index.php?title=King0770-Notes-Removal_of_Bad_Contact_Address<br>
done
+
https://wiki.zimbra.com/index.php?title=King0770-Notes-Access_GAL_from_Clients_6.0<br>
fi
+
https://wiki.zimbra.com/index.php?title=King0770-Notes-Nuking_everything_in_a_folder<br>
</pre></code>
+
https://wiki.zimbra.com/wiki/King0770-Notes-External-Authentication-with-LDAP<br>
 
+
https://wiki.zimbra.com/wiki/King0770-Notes-Directory-Permissions-on-tmp<br>
Copy/Paste the script into a file, call it what you want, something like, "rm_message.sh". The syntax using the script would be something like:
+
https://wiki.zimbra.com/wiki/King0770-Notes-Removing-Messages-with-zmmailbox-based-on-Subject<br>
<code><pre>./rm_message.sh user@domain.com subjectName</pre></code>
+
https://wiki.zimbra.com/wiki/King0770-Notes-Read-the-install-history-file-in-a-readable-format<br>
 
+
https://wiki.zimbra.com/wiki/King0770-Notes-error-decoding-message<br>
If the subject contains more than one word, put double quotes around the subject.
+
https://wiki.zimbra.com/wiki/King0770-Notes-YAMM<br>
<code><pre>./rm_message.sh user@domain.com "Hello World"</pre></code>
+
https://wiki.zimbra.com/wiki/King0770-Notes-Chameleon-Skin<br>
 
+
https://wiki.zimbra.com/wiki/King0770-Notes-InnoDB_is_in_the_future<br>
Special thanks to '''Matt Fox'''.
+
https://wiki.zimbra.com/wiki/King0770-Notes-Calendar-Notes<br>
 
+
https://wiki.zimbra.com/wiki/King0770-Notes-Milter_And_DistributionLists<br>
==Reinitialize the Logger DB==
+
https://wiki.zimbra.com/wiki/King0770-Notes-Check-Submission-Port-587<br>
 
+
https://wiki.zimbra.com/wiki/King0770-Notes-Header-Checks<br>
Worst case scenario for the logger db's: If some for reason the USE_FRM option fails, you could move the old logger db out of the way and start over. The only bad part is that you would lose historical data, however it would resolve the corrupted table issue(s).  
+
https://wiki.zimbra.com/wiki/King0770-Notes-Verify-LDAP-Passwords<br>
 
+
https://wiki.zimbra.com/wiki/King0770-Notes-SpamTitan<br>
If you wish the start over with the logger db's, here are the steps (run as zimbra).  
+
https://wiki.zimbra.com/wiki/King0770-Notes-Enable-webui-for-cbpolicyd-Unsupported<br>
<code><pre>
+
https://wiki.zimbra.com/wiki/King0770-Notes-Installing-Proxy-For-Single-Server<br>
$ zmloggerctl stop
+
https://wiki.zimbra.com/wiki/King0770-Notes-ldapsearch-to-csv<br>
$ mv /opt/zimbra/logger/db /opt/zimbra/logger/db-old
+
https://wiki.zimbra.com/wiki/King0770-Notes-My-Github<br>
$ source /opt/zimbra/bin/zmshutil
+
https://wiki.zimbra.com/wiki/King0770-Notes-VNC-Safe<br>
$ zmsetvars
+
https://wiki.zimbra.com/wiki/King0770-Notes-Whitelist-Spamassassin-MTA<br>
$ /opt/zimbra/libexec/zmloggerinit ${mysql_logger_root_password}
+
https://wiki.zimbra.com/wiki/King0770-Notes-Ultra-Restrictive-Sending-And-Receiving<br>
$ zmlogswatchctl start
+
https://wiki.zimbra.com/wiki/King0770-Notes-smtp_tls_policy_maps<br>
</pre></code>
+
https://wiki.zimbra.com/wiki/King0770-Notes-Always_Bcc-Mishap<br>
 
+
https://wiki.zimbra.com/wiki/King0770-Notes-Remove-Orphaned-Account<br>
==Spam Info==
+
https://wiki.zimbra.com/wiki/King0770-Notes-Emulate-a-user-login-via-the-command-line<br>
If you haven't already, try implementing the use of RBL's. This is from: http://wiki.zimbra.com/index.php?title=Configuring_and_Monitoring_Postfix_DNSBL
+
https://wiki.zimbra.com/wiki/King0770-Notes-SSL<br>
<code><pre>
+
https://wiki.zimbra.com/wiki/King0770-Notes-ldap-fragmentation<br>
su - zimbra
+
https://wiki.zimbra.com/wiki/King0770-Notes-Disable-Zimbra-Desktop<br>
 
+
https://wiki.zimbra.com/wiki/King0770-Notes-Rejecting-Nested-From-Addresses<br>
zmprov mcf \
+
https://wiki.zimbra.com/wiki/King0770-Notes-Relocated-Maps<br>
zimbraMtaRestriction reject_invalid_hostname \
+
https://wiki.zimbra.com/wiki/King0770-Notes-Internal-False-Positives<br>
zimbraMtaRestriction reject_non_fqdn_hostname \
+
https://wiki.zimbra.com/wiki/King0770-Notes-Whitelist-Phishing-Service<br>
zimbraMtaRestriction reject_non_fqdn_sender \
+
https://wiki.zimbra.com/wiki/King0770-Notes-Lock-All-Accounts<br>
zimbraMtaRestriction "reject_rbl_client dnsbl.njabl.org" \
+
https://wiki.zimbra.com/wiki/King0770-Notes-Account-Organization<br>
zimbraMtaRestriction "reject_rbl_client cbl.abuseat.org" \
+
https://wiki.zimbra.com/wiki/King0770-Notes-Cannot-Start-ldap-ldap_starttls_supported-Enabled<br>
zimbraMtaRestriction "reject_rbl_client bl.spamcop.net" \
+
https://wiki.zimbra.com/wiki/King0770-Notes-zmtrainsa_cleanup_host<br>
zimbraMtaRestriction "reject_rbl_client dnsbl.sorbs.net" \
+
https://wiki.zimbra.com/wiki/King0770-Notes-rsync-excludes<br>
zimbraMtaRestriction "reject_rbl_client sbl.spamhaus.org" \
+
https://wiki.zimbra.com/wiki/King0770-Notes-Mass-Account-Removal<br>
zimbraMtaRestriction "reject_rbl_client relays.mail-abuse.org"
+
https://wiki.zimbra.com/wiki/King0770-Notes-Export_And_Import_Spamassassin_Rules<br>
 
+
https://wiki.zimbra.com/wiki/King0770-Notes-Outbound_SMTP_Authentication_Using_Port_465<br>
zmmtactl reload
+
https://wiki.zimbra.com/wiki/King0770-Notes-Force-Authentication-With-Full-Email-Address<br>
**don't forget to reload Postfix**
+
https://wiki.zimbra.com/wiki/King0770-Notes-Quick-Guide-Setting-Up-ZCS-8.8.15_And_NextCloud17<br>
</pre></code>
+
https://wiki.zimbra.com/wiki/King0770-Notes-Zimbra-Connect<br>
 
+
https://wiki.zimbra.com/wiki/King0770-Notes-Prevent-Accounts-From-Sending-To-External-Domains-With-CBPOLICYD<br>
RBL's will usually cut 50% of unwanted mail flow off the top before scanning for spam.
+
https://wiki.zimbra.com/wiki/King0770-Notes-Setup-RateLimiting-with-CBPOLICYD<br>
 
+
https://wiki.zimbra.com/wiki/King0770-Notes-MTA-ALLOW-HELO<br>
You can also decrease kill and tag percentages, have a look what they are at now. Basically, the lower the numbers, the more aggressive a potential spam will be tagged; I believe we ship with those numbers a little high.  
+
https://wiki.zimbra.com/wiki/King0770-Notes-NG_Modules<br>
 
+
https://wiki.zimbra.com/wiki/King0770-Notes-import-SSL<br>
<code><pre>zmprov gacf | grep -e zimbraSpamTagPercent -e zimbraSpamKillPercent</pre></code>
 
 
 
If you decide to adjust zimbraSpamTagPercent & zimbraSpamKillPercent, don't forget to run this command:
 
 
 
<code><pre>zmamavisdctl restart</pre></code>
 
 
 
With the RBL's in place, with a lower threshold, wait for a couple of days, see what the spam traffic is like then.
 
 
 
 
 
==License - Misc==
 
TTL for the account count cache is either 1 minute when they are very close to the limit, or 1 hour if the total account count is less than 90% of the quota.  In other words, the server will correct itself without restart in an hour in the worse case. See http://bugzilla.zimbra.com/show_bug.cgi?id=24009
 
 
 
* Admin counts towards user count, admin@domain.com
 
* Spam, Ham, Wiki accounts don't count toward user count total
 
 
 
==Preferred Method Moving Users To New Machine==
 
 
 
<p>I believe the best method to transfer users from one ZCS machine to another ZCS machine would be to use the "move mailbox" method. The concept behind the move mailbox method is that the user's account is transferred from one host to another keeping their data intact, i.e. mail, contacts, and calendar. It will move accounts one at a time, and the account being moved will only be inaccessible for the duration of the move. Basically, you would make the new server to be an ldap replica to the old server; configure the old server to be the ldap master on the new server. Once you have moved all of the accounts to the new server/replica, promote the replica to be the master, documentation on promoting the replica to master is here: http://wiki.zimbra.com/index.php?title=Promoting_Replica_to_LDAP_Master. The move mailbox function can be accomplished by using the Admin Console, or by CLI. In the Admin Console, there is a button labeled "move mailbox" when you edit an account. From the CLI, here is an article detailing the zmmailboxmove, http://wiki.zimbra.com/index.php?title=Zmmailboxmove. <strong>Zmmailboxmove is only available for NE</strong>.</p>
 
 
 
<br>
 
Basically follow this methodology:<br>
 
<br>
 
Basic Scenario would be that you have an old server called mail1, and you have a new server called mail2. You wish to transfer users from mail1 to mail2. And you are installing ZCS on mail2, configured as an ldap-replica.<br>
 
Note: These steps are basically the same as the following link. Except, you will want to install all the important packages, zimbra-ldap, zimbra-mta, zimbra-store, zimbra-logger, zimbra-snmp, & zimbra-spell; basically, install the same packages on the new server, as the old server.<br>
 
http://www.zimbra.com/docs/os/latest/multi_server_install/LDAP%20Replication.6.1.html<br>  
 
<br>
 
0) Run /opt/zimbra/libexec/zmldapenablereplica on mail1<br>
 
1) Install ZCS on mail2. <strong>Use the same zcs version as mail1</strong>.<br>
 
2) You should see something like this for the Common Configuration:<br>
 
<code><pre>
 
Common configuration
 
 
 
  1) Hostname:                                   mail2.mydomain.com      
 
  2) Ldap master host:                           mail1.mydomain.com      
 
  3) Ldap port:                                   389                         
 
  4) Ldap Admin password:                        set          <<= Make sure this is the same password used on mail1               
 
  5) Require secure interprocess communications:  yes                         
 
  6) TimeZone:                                (GMT-08.00) Pacific Time (US & Canada)
 
</pre></code>
 
 
 
3) Next is the LDAP Configuration<br>
 
 
 
<code><pre>
 
Ldap configuration
 
 
 
  1) Status:                                 Enabled                     
 
  2) Create Domain:                  no        <<=Make sure this is set to no                         
 
  3) Domain to create:              mydomain.com            
 
  4) Ldap Root password:             set  <<=Make sure this is the same password as mail1                       
 
  5) Ldap Replication password:       set  <<=Make sure this is the same password as mail1                       
 
  6) Ldap Postfix password:          set  <<=Make sure this is the same password as mail1                       
 
  7) Ldap Amavis password:            set  <<=Make sure this is the same password as mail1
 
</pre></code>             
 
 
 
<br>
 
4) Store Configuration<br>
 
Since this is an ldap replica, you shouldn't need to enable the Admin, Spam, & Ham accounts. You should be able to transfer these accounts to mail2 if you wish.<br>
 
 
 
<code><pre>
 
Store configuration
 
 
 
  1) Status:                                 Enabled                     
 
  2) Create Admin User:                      no                           
 
  3) Enable automated spam training:          no                           
 
  4) Global Documents Account:                wiki@mydomain.com       
 
  5) SMTP host:                              mail2.mydomain.com  
 
</pre></code>
 
<br>
 
 
 
5) Move users over to the new machine, mail2. Use the Admin console, or with CLI. The account being moved will only be inaccessible for the duration of the move.<br>
 
http://wiki.zimbra.com/index.php?title=Zmmailboxmove<br>
 
 
 
6) Promoting a Replica Server – Demoting the Master Server.<br>
 
Straight forward instructions found here: http://wiki.zimbra.com/index.php?title=Promoting_Replica_to_LDAP_Master<br>
 
Optional - Converting the master to be a replica. Not needed if you are decommissioning the old machine. If you are decommissioning the old machine, you can remove the old server from the new machine.<br>
 
Don't do this command until after the users are moved over to the new machine.<br>
 
<code><pre>zmprov ds mail1.mydomain.com</pre></code>
 
NOTE: Moving from one server to the other with zmmailboxmove is a staged process. If you wish, you can leave the old server up as an ldap master or the MTA after the accounts are migrated,  just to minimize the number of changes happening at one time.<br>
 
 
 
7) DNS - Be sure to edit your DNS records to include the new server.<br>  
 
Before the migration:<br>
 
mydomain.com mail is handled by 10 mail1.mydomain.com.<br>  
 
 
 
After the migration:<br>
 
mydomain.com mail is handled by 10 mail2.mydomain.com.<br>
 
<br>
 
7a) If you wish to maintain the same exact zmhostname as the old server, you'll have to change the hostname. Instructions are found here: http://wiki.zimbra.com/index.php?title=ZmSetServerName
 
<br>
 
 
 
8) Things to consider.<br>
 
- Zimlets - Be sure to install the same zimlets on the new machine as on the old machine.<br>
 
- Custom Skins will need to be installed on the new machine.<br>
 
- Branding will need to be configured on the new machine if you were using custom branding on the old machine.<br>
 
- Don't forget to run "zmupdateauthkeys" on both machines to update their SSH keys.<br>
 
 
 
9) Commercial Certificate.<br>
 
If the hostname stays the same, you'll need to follow the steps outlined here to reimport them: http://wiki.zimbra.com/index.php?title=Commercial_Certificate_in_5.x#.2Fopt.2Fzimbra.2Fbin.2Fzmcertmgr <br>
 
If the hostname has changed, you'll need to generate a CSR, submit CSR to Commercial Certificate vendor, i.e. GoDaddy, and import them using the Admin Console Wizard.<br>
 
 
 
==Handy Commands==
 
===Read the install history file in a readable format===
 
<code><pre>perl -e 'while (<>) { ($date, $op) = split(/:/, $_); print scalar localtime($date) . "  " . $op; }' < /opt/zimbra/.install_history</pre></code>
 
===Get the version in ZWC===
 
Type the following in the search bar:
 
<code><pre>$set: get version</pre></code>
 
===LDAP - DB Status===
 
<code><pre>/opt/zimbra/sleepycat/bin/db_stat -c -h /opt/zimbra/openldap-data</pre></code>
 
===LDAP - DB Recover===
 
<code><pre>/opt/zimbra/sleepycat/bin/db_recover **make sure you are doing this as the zimbra user, and that slapd is not running**</pre></code>
 
===LDAP - Slapindex===
 
<code><pre>/opt/zimbra/openldap/sbin/slapindex -f /opt/zimbra/conf/slapd.conf</pre></code>
 
===LDAP - Export & Reimport===
 
<code><pre>
 
1) su - zimbra
 
2) libexec/zmslapcat /tmp
 
3) mv /tmp/ldap.bak /tmp/ldap.ldif
 
4) zmcontrol stop
 
5) ps -aux | grep slapd **If ldap is still running, kill it**
 
6) su - root
 
7) mv /opt/zimbra/openldap-data /opt/zimbra/openldap-data.OLD
 
8) mkdir -p /opt/zimbra/openldap-data/logs
 
9) chown -R zimbra:zimbra /opt/zimbra/openldap-data/
 
10) su - zimbra
 
11) /opt/zimbra/openldap/sbin/slapadd -f /opt/zimbra/conf/slapd.conf -l /tmp/ldap.ldif
 
12) zmcontrol start
 
</pre></code>
 
 
 
===Clear SA DB===
 
This would be handy if you are getting a lot of false positives
 
<code><pre>
 
/opt/zimbra/libexec/sa-learn -p /opt/zimbra/conf/salocal.cf.in --dbpath /opt/zimbra/amavisd/.spamassassin/ --siteconfigpath /opt/zimbra/conf/spamassassin --clear
 
</pre></code>
 
or
 
<code><pre>
 
/opt/zimbra/libexec/sa-learn -p /opt/zimbra/conf/salocal.cf --dbpath /opt/zimbra/amavisd/.spamassassin --siteconfigpath \ /opt/zimbra/conf/spamassassin --force -expire –sync
 
</pre></code>
 
 
 
===KeyTool Commands===
 
<code><pre>
 
keytool -list -keystore /opt/zimbra/mailboxd/etc/keystore -storepass `zmlocalconfig -s -m nokey mailboxd_keystore_password`
 
 
 
keytool -delete -alias jetty or tomcat -keystore /opt/zimbra/mailboxd/etc/keystore -storepass `zmlocalconfig -s -m nokey mailboxd_keystore_password`
 
</pre></code>
 
 
 
==Excessive Load Info Needed - What you need to show Zimbra Support==
 
In general, when troubleshooting performance issues, we would like to know the following:<br>
 
1. What exactly is slow?<br>
 
2. Timestamps when problem is observed<br>
 
3. Repro steps, if applicable<br>
 
4. When the problem occurs, generate a few threaddumps (30 seconds apart) and send us zmmailboxd.out:<br>
 
5. generate zmstat charts covering the times when the problem occurs<br>
 
 
 
There are a few commands you can run to help us diagnose; the only stipulation is to run these commands *during* the excessive high load. We'll need to see what's going on during the high load. 
 
 
 
1) Run the following command *during* the high load, run this command as root. This should write the output to the /opt/zimbra/log/zmmailboxd.out file.
 
<code><pre>for i in 1 2 3; do /opt/zimbra/libexec/zmmailboxdmgr threaddump; sleep 30; done</pre></code>
 
 
 
2) On the day of the excessive high load, we'll need you to generate graphs; this will help the engineers see any problems.
 
Run as the zimbra user
 
 
 
<code><pre>
 
zmstat-chart -s /opt/zimbra/zmstat/<day of the excessive load> -d /tmp/zmstats
 
tar -czvf /tmp/zmstats.tar.gz /tmp/zmstats
 
</pre></code>
 
 
 
3) Find out the PID of the jetty process and run pstack on it, send us the results from the pstack command. Please run this command during the excessive load.
 
<code><pre>
 
ps -ef | grep jetty
 
pstack <jetty_pid>
 
</pre></code>
 
 
 
 
 
Sometime, Zimbra engineers need to know as much as possible about your machine in these types of excessive load situations.
 
Using the script below could be helpful - no such thing as too much info. :)
 
 
 
 
 
<code><pre>
 
#!/bin/sh
 
 
 
if [ `whoami` != "zimbra" ]; then
 
echo "Must be executed as the zimbra user."
 
exit 1
 
fi
 
zmcontrol -v
 
 
 
echo "Number of users"
 
echo "---------------"
 
zmprov gaa | wc -l
 
 
 
echo
 
 
 
echo "Processor Version"
 
echo "-----------------"
 
PROC_VER=`cat /proc/version`
 
echo "$PROC_VER"
 
 
 
echo
 
 
 
echo "Processor Info"
 
echo "--------------"
 
PROC_INFO=`cat /proc/cpuinfo`
 
echo "$PROC_INFO"
 
 
 
echo "Mem Info"
 
echo "--------"
 
FREE=`free -m`
 
echo "$FREE"
 
echo "`dmesg | grep Mem`"
 
 
 
echo
 
 
 
echo "FSTAB File"
 
echo "----------"
 
echo "`cat /etc/fstab`"
 
 
 
echo
 
 
 
echo "Mtab file"
 
echo "---------"
 
echo "`cat /etc/mtab`"
 
 
 
echo
 
 
 
echo "Disk Space"
 
echo "----------"
 
echo "`df -h`"
 
 
 
echo
 
 
 
echo "Threads"
 
echo "-------"
 
zmprov gacf | grep -i threads
 
echo
 
echo "Message Cache Size"
 
echo "------------------"
 
zmprov gacf | grep zimbraMessageCacheSize
 
echo
 
echo "Info from zmlocalconfig"
 
echo "-----------------------"
 
zmlocalconfig -d | grep java_options
 
zmlocalconfig -n | grep maxActive
 
zmlocalconfig | grep max_uncommitted_operations
 
zmlocalconfig | grep percent
 
echo
 
 
 
echo "Mysql Info"
 
echo "----------"
 
grep max_connections /opt/zimbra/conf/my.cnf
 
grep innodb_buffer_pool_size  /opt/zimbra/conf/my.cnf
 
grep innodb_max_dirty_pages_pct  /opt/zimbra/conf/my.cnf
 
grep innodb_flush_method  /opt/zimbra/conf/my.cnf
 
 
 
echo
 
 
 
echo "Java Process"
 
echo "------------"
 
ps -ef | grep java
 
 
 
echo
 
 
 
echo "LDAP Info"
 
echo "---------"
 
/opt/zimbra/sleepycat/bin/db_stat -m -h /opt/zimbra/openldap-data | head -n 11
 
 
 
echo
 
 
 
/opt/zimbra/sleepycat/bin/db_stat -m -h /opt/zimbra/openldap-data | head -n 12
 
</pre></code>
 
 
 
===Small Favor===
 
Please install the following tools, sometimes the engineers use pstack and/or strace for troubleshooting.
 
<br>
 
1) pstack<br>
 
2) strace<br>
 
<br>
 
 
 
==Enable Away Messages (Vacation)==
 
1) Access your account using the web interface, <nowiki>https://mail.domain.com</nowiki><br>
 
2) Once you have accessed your account, go to Preferences => Mail<br>
 
3) If you scroll down in the Mail section, look for "Send auto-reply message:". You should then type your away message, and pick the start date and finish date.<br>
 
4) Don't forget to click "Save" in the upper left hand.<br>
 
===Auto-Reply Not Working===
 
Organizations using the Split-Domain configuration *may* encounter problems with the auto-replies not working.<br>
 
Mail that is arriving to user@somedomain.com and the zimbra server only knows about user@mail.domain.com. So the code that tries not to send vacation message if the mail was not directly sent to the account kicks in. This is as intended. The "was it sent directly to this acct" check only checks To: and Cc: headers and not envelope RCPT TO address (as it should).<br>
 
<br>
 
Workaround:<br>
 
 
 
<code><pre>
 
zmprov ma user@domain.com +zimbraPrefOutOfOfficeDirectAddress user@mail.domain.com
 
zmprov ma user@domain.com zimbraPrefOutOfOfficeReplyEnabled TRUE
 
</pre></code>
 
 
 
==Apple's .Mac Mail Service==
 
It was recently discovered Apple's .Mac Mail Service removes messages in the Trash from their server after one week. This is not configurable.
 
 
 
 
 
==Directory Permissions on /tmp==
 
It is possible that during ZCS install, if the /tmp directory does not have the correct permissions, it could hinder your efforts to install ZCS.
 
Make sure the /tmp directory has the following permissions.<br>
 
<br>
 
drwxrwxrwt  17 root root  4096 2008-07-07 08:33 tmp
 
<br>
 
 
 
If your /tmp permissions do not match the above, run the following commands as root:
 
<code><pre>
 
# chmod 777 /tmp
 
# chmod +t /tmp
 
</pre></code>
 
 
 
The "t" in the end of the permissions is called the "sticky bit". It replaces the "x" and indicates that in this directory, files can only be deleted by their owners, the owner of the directory or the root superuser. This way, it is not enough for a user to have write permission on /tmp, he also needs to be the owner of the file to be able to delete it.
 
 
 
[[Category:Community Sandbox]]
 
 
 
==Columns are MisMatch in the GAL using ZCO==
 
1) Remove ZCO profile(s) from Outlook - Start ==> Control Panel ==> Mail<br>
 
<br>
 
2) Once the ZCO profile is removed, go into the following directories and remove everything in the specified directories:<br>
 
c:\documents and settings\<user>\local settings\application data\microsoft\outlook<br>
 
&<br>
 
c:\documents and settings\<user>\application data\microsoft\outlook<br>
 
<br>
 
3) Recreate ZCO profile for Outlook - Start ==> Control Panel ==> Mail<br>
 
<br>
 
Once you have recreated the zco profile, open Outlook, then have a look again at the GAL.<br>
 
 
 
==Manually Delete Index Directories==
 
Ran across a case where the admin had to remove the index directories for a mailbox. Looking at the mailbox.log file, there was this error:<br>
 
A couple of the symtoms are:<br>
 
- The reindex of a mailbox runs too fast.<br>
 
- When the user attempts a search in the ZWC, no results are found when there should be a result.<br>
 
<code><pre>
 
2008-07-18 00:13:52,477 INFO [MailboxPurge] [name=jsmith@mydomain.com;mid=11;] index - ignoring error while deleting index entries for items: [-28865, 28865]
 
java.io.IOException: Could not create index com.zimbra.cs.index.Z23FSDirectory@/opt/zimbra/index/0/11/index/0 (directory already exists)
 
at com.zimbra.cs.index.Lucene23Index.openIndexWriter(Lucene23Index.java:1359)
 
at com.zimbra.cs.index.Lucene23Index.deleteDocuments(Lucene23Index.java:292)
 
at com.zimbra.cs.index.MailboxIndex.deleteDocuments(MailboxIndex.java:267)
 
at com.zimbra.cs.mailbox.Mailbox.commitCache(Mailbox.java:6927)
 
at com.zimbra.cs.mailbox.Mailbox.endTransaction(Mailbox.java:6824)
 
at com.zimbra.cs.mailbox.Mailbox.purgeMessages(Mailbox.java:6182)
 
at com.zimbra.cs.mailbox.PurgeThread.run(PurgeThread.java:147)
 
Caused by: java.io.IOException: read past EOF
 
at org.apache.lucene.store.BufferedIndexInput.refill(BufferedIndexInput.java:146)
 
at org.apache.lucene.store.BufferedIndexInput.readByte(BufferedIndexInput.java:38)
 
at org.apache.lucene.store.IndexInput.readChars(IndexInput.java:126)
 
at org.apache.lucene.store.IndexInput.readString(IndexInput.java:112)
 
at org.apache.lucene.index.SegmentInfo.<init>(SegmentInfo.java:137)
 
at org.apache.lucene.index.SegmentInfos.read(SegmentInfos.java:220)
 
at org.apache.lucene.index.SegmentInfos$1.doBody(SegmentInfos.java:254)
 
at org.apache.lucene.index.SegmentInfos$FindSegmentsFile.run(SegmentInfos.java:636)
 
at org.apache.lucene.index.SegmentInfos.read(SegmentInfos.java:251)
 
at org.apache.lucene.index.IndexWriter.init(IndexWriter.java:710)
 
at org.apache.lucene.index.IndexWriter.<init>(IndexWriter.java:666)
 
at com.zimbra.cs.index.Lucene23Index.openIndexWriter(Lucene23Index.java:1340)
 
</pre></code>
 
While there are probably multiple situations where the index directory needs to be removed (or reindexed), this was one case I recently ran across.<br>
 
To remove the index directories in this example, follow this method:<br>
 
<code><pre>
 
1) su - zimbra
 
2) rm -rf /opt/zimbra/index/0/11/index/0
 
3) zmmailboxdctl stop
 
4) zmmailboxdctl start
 
5) Then reindex the mailbox from the Admin Console.
 
</pre></code>
 
 
 
==Upper Case Letters in the hostname in /etc/hosts will prevent the install from continuing==
 
Make sure the hostname in the /etc/hosts do not contain upper case letters. Or else the install will not continue.<br>
 
http://bugzilla.zimbra.com/show_bug.cgi?id=30413<br>
 
<code><pre>
 
Main menu
 
 
 
  1) Common Configuration:                                                 
 
        +Hostname:                            KLAATU.blue.local
 
        +Ldap master host:                    klaatu.blue.local
 
        +Ldap port:                            389                         
 
        +Ldap Admin password:                  set                         
 
        +Require secure interprocess communications: yes                         
 
        +TimeZone:                            (GMT-08.00) Pacific Time (US & Canada)
 
 
 
  2) zimbra-ldap:                            Enabled                     
 
  3) zimbra-store:                            Enabled                     
 
  4) zimbra-mta:                              Enabled                     
 
  5) zimbra-snmp:                            Enabled                     
 
  6) zimbra-logger:                          Enabled                     
 
  7) zimbra-spell:                            Enabled                     
 
  8) Default Class of Service Configuration:                               
 
  9) Enable default backup schedule:          yes                         
 
  r) Start servers after configuration        yes                         
 
  s) Save config to file                                                   
 
  x) Expand menu                                                           
 
  q) Quit                                   
 
 
 
Address unconfigured (**) items or correct ldap configuration  (? - help)
 
</pre></code>
 
 
 
==External Authentication with LDAP==
 
<p>
 
Requires one of the following:
 
<br>
 
1) set<br>
 
zimbraAuthLdapSearchBindPassword => bind DN of the admin user of the external directory<br>
 
zimbraAuthLdapSearchBindDn => password of the admin user of the external directory<br>
 
Also need zimbraAuthLdapSearchFilter and zimbraAuthLdapSearchBase(optional, if not set "" will be used).
 
<br>
 
<strong>OR</strong>
 
<br>
 
2) set<br>
 
zimbraAuthLdapBindDn to the template filter for the user in the external directory.<br>
 
For example, if the user exists at uid=jsmith,cn=users,dc=zimbra,dc=com , set zimbraAuthLdapBindDn on the domain to: uid=%u,cn=users,dc=zimbra,dc=com
 
</p>
 
 
 
<br>
 
 
 
<p>
 
1. Set domain attribute zimbraAuthMech to ldap.<br>
 
 
 
2. Three things are needed for auth to the external LDAP server:<br>
 
      - URL of the LDAP server: zimbraAuthLdapURL<br>
 
      - password entered by user<br>
 
      - the bind DN for the user, this can be setup using one of the following 3 ways.  (A) is preferred over (B) because (B) does an extra LDAP search.<br>
 
 
 
      (A) zimbraAuthLdapBindDn<br>
 
          This is the bind DN template<br>     
 
 
 
      (B) zimbraAuthLdapSearchFilter<br>
 
          If set, then zimbraAuthLdapSearchBindPassword, zimbraAuthLdapSearchBindDn, and zimbraAuthLdapSearchBase also need to be set.  Server uses the four attrs to get the bind DN for the user.  Server first does a LDAP search  using the zimbraAuthLdapSearchBindDn/zimbraAuthLdapSearchBindPassword credential by zimbraAuthLdapSearchFilter under zimbraAuthLdapSearchBase.  The search would return the bind DN for the user, if found.<br>
 
 
 
      (C) Account attribute zimbraAuthLdapExternalDn<br>
 
          Unlike (A) and (B), which are domain settings, this is an account level setting.  This overrides the bind template and/or search setting, and directly contains the DN for the user in the external ldap server.<br>
 
 
 
      zimbraAuthLdapBindDn and zimbraAuthLdapSearchFilter can contain expansion variables that are to be substituted by components in the account name:<br>
 
      %n = username with @ (or without, if no @ was specified)<br>
 
      %u = username with @ removed<br>
 
      %d = domain as foo.com<br>
 
      %D = domain as dc=foo,dc=com<br>
 
 
 
      e.g. for user rking@zimbra.com<br>
 
      %n => rking@zimbra.com<br>
 
      %u => rking<br>
 
      %d => zimbra.com<br>
 
      %D => dc=zimbra,dc=com<br>
 
 
 
      example for zimbraAuthLdapBindDn: uid=%u,ou=people,%D  (whatever LDAP DIT structure they are using)<br>
 
      example for zimbraAuthLdapSearchFilter: (&(mail=%u@%d)(objectclass=person))  (whatever object class they are using)
 
</p>
 

Latest revision as of 16:49, 24 March 2021

Articles by King0770

https://wiki.zimbra.com/index.php?title=King0770-Notes-Merge_Two_Independent_Machines
https://wiki.zimbra.com/index.php?title=King0770-Notes-MovingUsers
https://wiki.zimbra.com/index.php?title=King0770-Notes-Change-LDAP-Log-Levels
https://wiki.zimbra.com/index.php?title=King0770-Notes-Postconf_or_localconfig
https://wiki.zimbra.com/index.php?title=King0770-Notes-Bulk_Upload_To_Briefcase
https://wiki.zimbra.com/index.php?title=King0770-Notes-Sieve_Rules_By_Proxy
https://wiki.zimbra.com/index.php?title=King0770-Notes-Find_Out_When_Message_Was_Read
https://wiki.zimbra.com/index.php?title=King0770-Notes-FireFox_MimeTypes
https://wiki.zimbra.com/index.php?title=King0770-Notes-SearchGal-Edit
https://wiki.zimbra.com/index.php?title=King0770-Notes-ZCO-Repair
https://wiki.zimbra.com/index.php?title=King0770-Notes-Download-JDK
https://wiki.zimbra.com/index.php?title=King0770-Notes-Drop-Single-Mboxgroup-and-Reimport
https://wiki.zimbra.com/index.php?title=King0770-Notes-When_innodb_force_recovery_Fails
https://wiki.zimbra.com/index.php?title=King0770-Notes-Removal_of_Bad_Contact_Address
https://wiki.zimbra.com/index.php?title=King0770-Notes-Access_GAL_from_Clients_6.0
https://wiki.zimbra.com/index.php?title=King0770-Notes-Nuking_everything_in_a_folder
https://wiki.zimbra.com/wiki/King0770-Notes-External-Authentication-with-LDAP
https://wiki.zimbra.com/wiki/King0770-Notes-Directory-Permissions-on-tmp
https://wiki.zimbra.com/wiki/King0770-Notes-Removing-Messages-with-zmmailbox-based-on-Subject
https://wiki.zimbra.com/wiki/King0770-Notes-Read-the-install-history-file-in-a-readable-format
https://wiki.zimbra.com/wiki/King0770-Notes-error-decoding-message
https://wiki.zimbra.com/wiki/King0770-Notes-YAMM
https://wiki.zimbra.com/wiki/King0770-Notes-Chameleon-Skin
https://wiki.zimbra.com/wiki/King0770-Notes-InnoDB_is_in_the_future
https://wiki.zimbra.com/wiki/King0770-Notes-Calendar-Notes
https://wiki.zimbra.com/wiki/King0770-Notes-Milter_And_DistributionLists
https://wiki.zimbra.com/wiki/King0770-Notes-Check-Submission-Port-587
https://wiki.zimbra.com/wiki/King0770-Notes-Header-Checks
https://wiki.zimbra.com/wiki/King0770-Notes-Verify-LDAP-Passwords
https://wiki.zimbra.com/wiki/King0770-Notes-SpamTitan
https://wiki.zimbra.com/wiki/King0770-Notes-Enable-webui-for-cbpolicyd-Unsupported
https://wiki.zimbra.com/wiki/King0770-Notes-Installing-Proxy-For-Single-Server
https://wiki.zimbra.com/wiki/King0770-Notes-ldapsearch-to-csv
https://wiki.zimbra.com/wiki/King0770-Notes-My-Github
https://wiki.zimbra.com/wiki/King0770-Notes-VNC-Safe
https://wiki.zimbra.com/wiki/King0770-Notes-Whitelist-Spamassassin-MTA
https://wiki.zimbra.com/wiki/King0770-Notes-Ultra-Restrictive-Sending-And-Receiving
https://wiki.zimbra.com/wiki/King0770-Notes-smtp_tls_policy_maps
https://wiki.zimbra.com/wiki/King0770-Notes-Always_Bcc-Mishap
https://wiki.zimbra.com/wiki/King0770-Notes-Remove-Orphaned-Account
https://wiki.zimbra.com/wiki/King0770-Notes-Emulate-a-user-login-via-the-command-line
https://wiki.zimbra.com/wiki/King0770-Notes-SSL
https://wiki.zimbra.com/wiki/King0770-Notes-ldap-fragmentation
https://wiki.zimbra.com/wiki/King0770-Notes-Disable-Zimbra-Desktop
https://wiki.zimbra.com/wiki/King0770-Notes-Rejecting-Nested-From-Addresses
https://wiki.zimbra.com/wiki/King0770-Notes-Relocated-Maps
https://wiki.zimbra.com/wiki/King0770-Notes-Internal-False-Positives
https://wiki.zimbra.com/wiki/King0770-Notes-Whitelist-Phishing-Service
https://wiki.zimbra.com/wiki/King0770-Notes-Lock-All-Accounts
https://wiki.zimbra.com/wiki/King0770-Notes-Account-Organization
https://wiki.zimbra.com/wiki/King0770-Notes-Cannot-Start-ldap-ldap_starttls_supported-Enabled
https://wiki.zimbra.com/wiki/King0770-Notes-zmtrainsa_cleanup_host
https://wiki.zimbra.com/wiki/King0770-Notes-rsync-excludes
https://wiki.zimbra.com/wiki/King0770-Notes-Mass-Account-Removal
https://wiki.zimbra.com/wiki/King0770-Notes-Export_And_Import_Spamassassin_Rules
https://wiki.zimbra.com/wiki/King0770-Notes-Outbound_SMTP_Authentication_Using_Port_465
https://wiki.zimbra.com/wiki/King0770-Notes-Force-Authentication-With-Full-Email-Address
https://wiki.zimbra.com/wiki/King0770-Notes-Quick-Guide-Setting-Up-ZCS-8.8.15_And_NextCloud17
https://wiki.zimbra.com/wiki/King0770-Notes-Zimbra-Connect
https://wiki.zimbra.com/wiki/King0770-Notes-Prevent-Accounts-From-Sending-To-External-Domains-With-CBPOLICYD
https://wiki.zimbra.com/wiki/King0770-Notes-Setup-RateLimiting-with-CBPOLICYD
https://wiki.zimbra.com/wiki/King0770-Notes-MTA-ALLOW-HELO
https://wiki.zimbra.com/wiki/King0770-Notes-NG_Modules
https://wiki.zimbra.com/wiki/King0770-Notes-import-SSL

Jump to: navigation, search