Troubleshooting Course Content Rough Drafts-Zimbra Architecture Component Overview: Difference between revisions
|Line 102:||Line 102:|
===Zimbra Reverse-Proxy - NGINX===
===Zimbra Reverse-Proxy - NGINX===
*What is a Reverse-Proxy
*What is a Reverse-Proxy
reverse proxy is a type of proxy server that retrieves resources on behalf of a client from one or more servers. These resources are then returned to the client as though they originated from the proxy server itself
is a high-performance HTTP
as IMAP proxy server.
===Zimbra Client architecture===
===Zimbra Client architecture===
Revision as of 22:16, 1 March 2015
Zimbra Architecture / Component Overview
The Zimbra Collaboration architecture is built with well known open source technologies and standards based protocols. The architecture consists of client interfaces and server components that can be run in a single node configuration or deployed across multiple servers for high availability as well as increased scalability.
The Zimbra architecture includes open source integrations using industry standard protocols. The Open Source Software listed below is bundled with Zimbra software and installed as part of the installation process.
- OpenLDAP software, an open source implementation of the Lightweight Directory Access Protocol (LDAP) that stores Zimbra system configuration, the Zimbra Global Address List, and provides user authentication. Zimbra can also work with GAL and authentication services provided by external LDAP directories such as Active Directory.
- Postfix, an open source mail transfer agent (MTA) that routes mail messages to the appropriate Zimbra server.
- Jetty, the web application server that Zimbra software runs in.
- MariaDB database software.
- Lucene, an open source full-featured text and search engine.
- Autonomy, Inc., a third-party source that converts certain attachment file types to HTML.
- Anti-virus and anti-spam open source components including;
- ClamAV, an anti-virus scanner that protects against malicious files.
- SpamAssassin, a mail filter that attempts to identify spam.
- Amavisd-new interfaces between the MTA and one or more content checkers.
- James/Sieve filtering, used to create filters for email.
- LibreOffice for high-fidelity document preview
Zimbra Ldap - OpenLdap
- What is OpenLdap
- OpenLDAP is a free, open source implementation of the Lightweight Directory Access Protocol (LDAP) developed by the OpenLDAP Project.
- What is it used for
- LDAP is a protocol for accessing a directory. A directory contains objects; generally those related to users, groups, computers, printers and so on; company structure information/LDAP gives you query methods to add, update and remove objects within a directory.
- How does Zimbra use OpenLdap
- LDAP directory services provide a centralized repository for information about users and devices that are authorized to use your Zimbra service. The central repository used for Zimbra’s LDAP data is the OpenLDAP directory server.
- LDAP directories are arranged in an hierarchal tree-like structure with two types of branches, the mail branches and the config branch. Mail branches are organized by domain. Entries belong to a domain, such as accounts, groups, aliases, are provisioned under the domain DN in the directory. The config branch contains admin system entries that are not part of a domain. Config branch entries include system admin accounts, global config, global grants, COS, servers, mime types, and zimlets.
- Ldap branch image
Zimbra MTA - Postfix
- What is a MTA
A Message Transfer Agent or Mail Transfer Agent or Mail Relay is software that transfers electronic mail messages from one computer to another using a client–server architecture. An MTA implements both the client (sending) and server (receiving) portions of the Simple Mail Transfer Protocol (SMTP ) port 25.
- What does it do
A Mail Transfer Agent receives mail from either another MTA or from a MUA. The transmission details are specified by the Simple Mail Transfer Protocol (SMTP). When a recipient mailbox of a message is not hosted locally, the message is relayed, that is, forwarded to another MTA.
- How does Zimbra use a MTA/Postfix specifically
ZCS includes a precompiled version of Postfix to route and relay mail and manage attachments. Postfix receives inbound messages via SMTP, performs anti-virus and anti-spam filtering and hands off the mail messages to the Zimbra Collaboration server via LMTP. Postfix also plays a role in tr ansferring outbound messages. Messages composed from the Zimbra Web Client are sent by the Zimbra server through Postfix, including messages sent to other users on the same server.
Zimbra Mailbox Server - "Mailboxd"
- What is a Mailbox Server
- The Zimbra mailbox server is a dedicated server that manages all the mailbox content, including messages, contacts, calendar, and attachments.
The Zimbra mailbox server has dedicated volumes for backup and log files. Each Zimbra mailbox server can see only its own storage volumes. Zimbra mailbox servers cannot see, read, or write to another server.
- The importance of & How Zimbra uses the Mailbox Server
- Each account is configured on one mailbox server, and this account is associated with a mailbox that contains email messages, attachments, calendar, contacts and collaboration files for that account. Each mailbox server has its own standalone message store, data store, and index store for the mailboxes on that server.
- The Jetty web application server runs web applications (webapps) on any store server. It provides one or more web application services.
- Mailstore services provides the back-end access to mailbox/account data. Webapps for the mailstore include:
- Mailstore (mail server) = /opt/zimbra/jetty/webapps/service
- Zimlets = /opt/zimbra/jetty/webapps/zimlet
- User Interface services provide front-end user interface access to the mailbox account data and administration console, including:
- Zimbra Web Client = /opt/zimbra/jetty/webapps/zimbra
- Zimbra administrator console = /opt/zimbra/jetty/webapps/zimbraAdmin
- Zimlets = /opt/zimbra/jetty/webapps/zimlet
- Message Store
- All email messages are stored in MIME format in the Message Store, including the message body and file attachments.
The message store is located on each mailbox server under /opt/zimbra/store by defaut. Each mailbox has its own directory named after its internal mailbox ID. Mailbox IDs are unique per server, not system-wide. Messages with multiple recipients are stored as a single-copy on the message store. On UNIX systems, the mailbox directory for each user contains a hard link to the actual file. When Zimbra Collaboration is installed, one index volume and one message volume are configured on each mailbox server. Each mailbox is assigned to a permanent directory on the current index volume. When a new message is delivered or created, the message is saved in the current message volume.
- Data Store
- The Data Store is a MariaDB database where internal mailbox IDs are linked with user accounts. All the message metadata including tags, conversations, and pointers indicate where the messages are stored in the file system. The MariaDB database files are in /opt/zimbra/db.
Each account (mailbox) resides only on one server. Each server has its own standalone data store containing data for the mailboxes on that server.
- The data store maps the mailbox IDs to the users’ OpenLDAP accounts.The primary identifier within the Zimbra Collaboration database is the mailbox ID, rather than a user name or account name. The mailbox ID is only unique within a single mailbox server.
- Metadata including user’s set of tag definitions, folders, contacts, calendar appointments, tasks, Briefcase folders, and filter rules are in the data store database.
- Information about each mail message, including whether it is read or unread, and which tags are associated is stored in the data store database.
- Index Store
- The index and search technology is provided through Apache Lucene. Each email message and attachment is automatically indexed when the message arrives. An index file is associated with each account. Index files are in /opt/zimbra/index. The tokenizing and indexing process is not configurable by administrators or users.
Zimbra AntiSpam/Antivirus - Amavisd - SpamAssassin - ClavAV
- What is AmavisD, SpamAssassin, ClamAV
- Amavisd-new is a high-performance interface between mailer (MTA) and content checkers: virus scanners, and/or SpamAssassin.
- SpamAssassin is used for e-mail spam filtering based on content-matching rules. SpamAssassin uses a variety of spam-detection techniques, that includes DNS-based and fuzzy-checksum-based spam detection, Bayesian filtering, external programs, blacklists and online databases.
- ClamAV is an open source anti-virus engine used in a variety of situations including email scanning, web scanning, and end point security. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and an advanced tool for automatic database updates.
- What do they do & How does Zimbra use them
- The Amavisd-New utility is the interface between the Zimbra MTA and Clam AntiVirus (ClamAV) and SpamAssassin scanners.
- ClamAV software is the virus protection engine enabled for each ZCS server.
The anti-virus software is configured to put messages that have been identified as having a virus to the virus quarantine mailbox. By default, the Zimbra MTA checks every two hours for any new anti-virus updates from ClamAV.
- Zimbra uses SpamAssassin to identify unsolicited commercial email (spam) with learned data stored in either the Berkeley DB database or a MariaDB database.
- SpamAssassin uses predefined rules as well as a Bayes database to score messages with a numerical range. Zimbra uses a percentage value to determine "spaminess" based on a SpamAssassin score of 20 as 100%. Any message tagged between 33%-75% is considered spam and delivered to the user’s junk folder. Messages tagged above 75% are always considered spam and discarded.
Zimbra Reverse-Proxy - NGINX
- What is a Reverse-Proxy
- A reverse proxy is a type of proxy server that retrieves resources on behalf of a client from one or more servers. These resources are then returned to the client as though they originated from the proxy server itself.
- Nginx (pronounced engine-x) is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server.
- How does Zimbra utilize Nginx for large scale environments
- Zimbra Proxy is a high-performance proxy server that can be configured as a POP3/IMAP/HTTP proxy used to reverse proxy IMAP/POP3 and HTTP client requests to a set of backend servers.
The Zimbra Proxy package is installed and configured during the Zimbra Collaboration installation. You can install this package on a mailbox server, MTA server, or on its own independent server. When the Zimbra Proxy package is installed, the proxy feature is enabled. In most cases, no modification is necessary.
- Zimbra Proxy allows end users to access their Zimbra Collaboration account using end clients such as Microsoft Outlook, Mozilla Thunderbird, or other POP/IMAP end-client software. End users can connect using POP3, IMAP, POP3S (Secure POP3), or IMAPS (Secure IMAP).
For example, proxying allows users to enter imap.example.com as their IMAP server. The proxy running on imap.example.com inspects their IMAP traffic, does a lookup to determine which backend mailbox server a user’s mailbox lives on and transparently proxies the connection from user’s IMAP client to the correct mailbox server.
- Benefits of using the Zimbra Proxy
- Zimbra proxy centralizes access to Mailbox servers
- Load Balancing
- SSL Termination
- Centralized Logging and Auditing
- URL Rewriting
Zimbra Client architecture
- Web Clients
- Advanced Web Client includes Ajax capability and offers a full set of web collaboration features. This web client works best with newer browsers and fast Internet connections.
- Standard Web Client is a good option when Internet connections are slow or users prefer HTML-based messaging for navigating within their mailbox.
- Mobile Client (Native Mail Client) is used to configure and sync the Zimbra mailbox server with the native mail client on a mobile device.
- Touch Client (Mobile Web App) provides an experience for touch-capable mobile devices. Its features are a subset of the features found in the Zimbra Web Client, including Mail, Contacts and Calendar.
- Mobile HTML Client provides mobile access to Zimbra when using the Standard Web Client version.
When users sign in, they view the advanced Zimbra Web Client, unless they use the menu on the login screen to change to the standard version. If ZWC detects the screen resolution to be 800 x 600, users are automatically redirected to the standard Zimbra Web Client. Users can still choose the advanced *ZWC but see a warning message suggesting the use of the standard ZWC for better screen view. When connecting to Zimbra using a mobile web browser, Zimbra automatically detects and defaults to the Touch Client. To use the Mobile Client, you must configure your mobile device to sync with the Zimbra server.
- Web Services and Desktop Clients
- In addition to using a web browser or mobile device to connect to Zimbra Collaboration, connection is available using a web service, such as Exchange Web Services (EWS), or a desktop client such as Zimbra Connector to Microsoft Outlook, which uses MAPI. The following are supported:Exchange Web Services (EWS) provides client access to enable Zimbra Collaboration to communicate with the Exchange Server when using Microsoft Outlook on a Mac device. To enable EWS client access, see the Class of Service section. EWS is a separately licensed add-on feature.Messaging Application Programming Interface (MAPI) synchronizes to Microsoft Outlook 2013/2010/2007/2003 with full delegate, offline access and support for S/MIME. Use the Zimbra Connector to Outlook to connect to Zimbra Collaboration when using Microsoft Outlook on a Windows device. To enable MAPI (Microsoft Outlook) Connector, see the Class of Service section.Support for all POP3, IMAP4, Calendaring Extensions to Web Distributed Authoring and Versioning (CalDAV), and vCard Extensions to Web Distributed Authoring and Versioning (CardDAV) clients.
Offline ModeZimbra Offline Mode allows access to data without network connectivity when using the Zimbra Web Client (ZWC). For example, if there is no server connectivity or server connectivity is lost, ZWC automatically transitions to “offline mode”. When server connectivity is restored, ZWC automatically reverts to “online mode”. The offline mode uses HTML5, which uses a caching capability that can be considered a super set of the normal browser caching. To enable offline mode support, see the Class of Service section.
Zimbra Collaboration includes the following application packages
- Zimbra Core - Includes the libraries, utilities, monitoring tools, and basic configuration files.
- Zimbra Store (mailbox server)
- Zimbra LDAP
- Zimbra MTA
- Zimbra Proxy
- Zimbra Memcached
- Zimbra SNMP
- Zimbra Logger
- Zimbra Spell
- Zimbra Apache - The Zimbra Apache package is installed automatically when Zimbra Spell or Zimbra Convertd is installed.
- Zimbra Convertd
- Zimbra Archiving
Zimbra System Directory Tree
- The directory organization is the same for any server in the Zimbra Collaboration, installing under /opt/zimbra.
- What is Postfix?
- How does Zimbra use Postfix
- How does the client communicate with the Proxy?
- How does the client communicate with the Mailbox Server?
- What is AmavisD?
- How does Zimbra utilize AmavisD as a AntiSpam/AntiVirus?