Ajcody-User-Management-Topics

User Management Topics

   KB 2493        Last updated on 2023-01-30  




0.00
(0 votes)
24px ‎  - This is Zeta Alliance Certified Documentation. The content has been tested by the Community.


Actual User Management Topics Homepage

Please see Ajcody-User-Management-Topics

Resetting A User's Account From CLI

Resetting A Password

Standard Method

SetPassword [sp] from zmprov:

zmprov sp joe@domain.com test321

Resetting Users Auth Session - Force Disconnect

Please See First - In Case Of Compromised Accounts / Spammers

Note - Restarting the mta services will be important once you reset the password/s or lock the account. It's required to ensure the active connections will be closed and any existing auth tokens no longer are valid. See:

Changing the Users Password To Expire Session

See Resetting A Password Via CLI or change it via the admin console.

Invalidate sessions by removing zimbraAuthTokens

Changing zimbraAuthTokenValidityValue from the command line in Zimbra is not a reliable way to end sessions, if you use SSDB you can use flushdb as described in https://wiki.zimbra.com/wiki/Ssdb#Invalidate_all_user_sessions

To clear or reset all auth token values we need to enter token data in a particular format like "1689192272|1548369012160|8.8.15_GA_3890".

These are the steps to clear the auth tokens from an account. 1). First check few stored token for the account.

     zmprov ga USERNAME@DOMAIN.COM zimbraAuthTokens | head

2). Now pick anyone token value and set it with below command, with this step only one token will be set and others will be removed.

     zmprov -l ma USERNAME@DOMAIN.COM zimbraAuthTokens '1689192272|1548369012160|8.8.15_GA_3890'

3). Flush the account cache at the end.

     zmprov fc account USERNAME@DOMAIN.COM

All sessions of USERNAME@DOMAIN.COM are now ended.

6.0.5+ You Have Admin Console Option

In the admin console, under the Manage Accounts window you can right click on the user name and choose "Expire Sessions".

User , Mailbox ID's, And Who Is What

ZimbraID [UserID] is system wide.

MailboxID is per server store.

To get the ZimbraID:

$ zmprov ga user@domain.com | grep -i zimbraid
zimbraId: aeca260b-6faf-4cfe-b407-7673748aabf4
zimbraIdentityMaxNumEntries: 20

To get the MailboxID, get on the appropriate mailserver and:

zmprov gmi user@domain.com
mailboxId: 3
quotaUsed: 251512

or globally:

/opt/zimbra/bin/mysql -e "use zimbra; select id from mailbox where account_id = 'UserID HERE including the leading 0'"

Other details can be found here:

http://wiki.zimbra.com/index.php?title=Account_mailbox_database_structure

Account & Domain Summary

Run zmaccts

Here's what it would return:

su - zimbra
[zimbra@mail3 ~]$ zmaccts
           account                          status             created       last logon
------------------------------------   -----------     ---------------  ---------------
admin@mail3.internal.domain.com           active      05/06/08 18:46   07/08/08 09:56
ajcody@mail3.internal.domain.com          active      05/06/08 20:43   06/23/08 15:48
ajcody2@mail3.internal.domain.com         active      05/28/08 11:48   06/30/08 17:44
forward@mail3.internal.domain.com         active      05/06/08 21:06   05/29/08 17:24
ham.bidiob2mm@mail3.internal.domain.com   active      05/06/08 18:47            never
spam.rormmtcyy@mail3.internal.domain.com  active      05/06/08 18:47            never
wiki@mail3.internal.domain.com            active      05/06/08 18:46            never
           account                        status             created       last logon
------------------------------------   -----------     ---------------  ---------------
secondary@secondary.internal.domain.com   active      06/23/08 15:26   06/23/08 15:27
wiki@secondary.internal.domain.com        active      06/23/08 15:25            never
-
                                domain summary
-
    domain                  active    closed    locked    maintenance     total
-----------------------   --------  --------  --------  -------------  --------
mail3.internal.domain          7         0         0              0         7
secondary.internal.domain          2         0         0              0         2

Last Logon comes from the variable zimbraLastLogonTimestamp . This is used to update the "Last Login Time" column in the admin web console as well. It also shows up with [ zmprov ga user@domain ]. Login's based upon session type would only be found in either audit.log or the mailbox.log files. It should have a reference to the user id and the session type for the login [ pop, imap, etc. ].

RFE To Expand zmaccts Output And Options

Please see the following RFE I made:

Zmmailbox Stuff

Shares And Permissions

RFE's And Bugs To Review

Please see these RFE's first:


Some other's to look at:

To See All Folders For A User

Do the following for the user:

[zimbra@mail3 ~]$ zmmailbox -z -m ajcody@DOMAIN gaf
        Id  View      Unread   Msg Count  Path
----------  ----  ----------  ----------  ----------
         1  conv           0           0  /
        16  docu           0           2  /Briefcase
        10  appo           0           1  /Calendar
        14  mess           0           0  /Chats
         7  cont           0           0  /Contacts
         6  mess           0           0  /Drafts
        13  cont           0           9  /Emailed Contacts
         2  mess           0          11  /Inbox
         4  mess           0           0  /Junk
       344  mess           0           0  /Junk E-mail
        12  wiki           0           0  /Notebook
       302  appo           0           0  /Restored
         5  mess           0          15  /Sent
       420  mess           0           0  /Share
       421  mess           0           0  /Share/Share1
       422  mess           0           0  /Share/Share1/Share1-1
       423  mess           0           0  /Share/Share2
       424  mess           0           0  /Share/Share2/Share2-1
        15  task           0           2  /Tasks
         3  conv           0           0  /Trash

To See All Shares And Perms On A Users Folders

Do the following for the user [ I'm cutting some of the output to keep it short ]:

[zimbra@mail3 ~]$ zmmailbox -z -m ajcody@DOMAIN gaf -v
{
 "id": "1",
 "name": "USER_ROOT",
 "path": "/",
 "parentId": "11",
 "flags": null,
 "color": "defaultColor",
 "unreadCount": 0,
 "messageCount": 0,
 "view": "conversation",
 "url": null,
 "effectivePermissions": null,
 "children": [
{
####
CUT HERE
####
{
 "id": "5",
 "name": "Sent",
 "path": "/Sent",
 "parentId": "1",
 "flags": null,
 "color": "defaultColor",
 "unreadCount": 0,
 "messageCount": 15,
 "view": "message",
 "url": null,
 "effectivePermissions": null
},
{
 "id": "420",
 "name": "Share",
 "path": "/Share",
 "parentId": "1",
 "flags": "i",
 "color": "defaultColor",
 "unreadCount": 0,
 "messageCount": 0,
 "view": "message",
 "url": null,
 "effectivePermissions": null,
 "grants": [
{
 "type": "usr",
 "name": "ajcody2@mail3.internal.domain.com",
 "id": "88fd808e-a526-419d-9eda-ad50100d23b6",
 "permissions": "rwidx",
 "args": null
},
{
 "type": "all",
 "name": null,
 "id": null,
 "permissions": "rwx",
 "args": null
}
],
 "children": [
{
 "id": "421",
 "name": "Share1",
 "path": "/Share/Share1",
 "parentId": "420",
 "flags": "i",
 "color": "defaultColor",
 "unreadCount": 0,
 "messageCount": 0,
 "view": "message",
 "url": null,
 "effectivePermissions": null,
 "grants": [
{
 "type": "usr",
 "name": "ajcody2@mail3.internal.domain.com",
 "id": "88fd808e-a526-419d-9eda-ad50100d23b6",
 "permissions": "rwidx",
 "args": null
},
{
 "type": "usr",
 "name": "admin@mail3.internal.domain.com",
 "id": "5ab13330-2e9b-4a45-9b30-de2c70858265",
 "permissions": "rwidx",
 "args": null
}
],
 "children": [
{
 "id": "422",
 "name": "Share1-1",
 "path": "/Share/Share1/Share1-1",
 "parentId": "421",
 "flags": null,
 "color": "defaultColor",
 "unreadCount": 0,
 "messageCount": 0,
 "view": "message",
 "url": null,
 "effectivePermissions": null
}
]
},
{
 "id": "423",
 "name": "Share2",
 "path": "/Share/Share2",
 "parentId": "420",
 "flags": null,
 "color": "defaultColor",
 "unreadCount": 0,
 "messageCount": 0,
 "view": "message",
 "url": null,
 "effectivePermissions": null,
 "children": [
{
 "id": "424",
 "name": "Share2-1",
 "path": "/Share/Share2/Share2-1",
 "parentId": "423",
 "flags": null,
 "color": "defaultColor",
 "unreadCount": 0,
 "messageCount": 0,
 "view": "message",
 "url": null,
 "effectivePermissions": null
}
###
CUT HERE
###
]
}

Remove All Shares

RFE I filed for zmmailbox to have options for this and "recursive".

Script To Remove All Shares

Here's a script I wrote. Remove the echo statements to actually run the commands.

#!/bin/bash
USER="ajcody@mail3.internal.domain.com"
SHARE="/Shared"
GETPERM="zmmailbox -z -m $USER gfg $SHARE"
MODPERM="zmmailbox -z -m $USER mfg $SHARE"
DUMBPASS="34lkoso"
NEWPERM=none

$GETPERM | egrep -i 'all|guest|public|accoun|domain|group' | gawk '{print $2 " " $3}' | while read SHAREPERM
do
TYPE=`echo $SHAREPERM|awk '{print $1}'`
DISPLAY=`echo $SHAREPERM|awk '{print $2}'`

case $TYPE in
        accoun) echo $MODPERM account $DISPLAY $NEWPERM
        ;;
        guest) echo $MODPERM $TYPE $DISPLAY $DUMBPASS $NEWPERM
        ;;
        all) echo $MODPERM $TYPE $NEWPERM
        ;;
        *) echo $MODPERM $SHAREPERM $NEWPERM
        ;;
        esac
done

Ouput of an example:

[zimbra@mail3 ~]$  zmmailbox -z -m ajcody@mail3.internal.domain.com gfg /Shared
Permissions    Type  Display
-----------  ------  -------
          r     all
          r   guest  ajcody@domain.com
          r  accoun  admin@mail3.internal.domain.com
          r   group  mydl@mail3.internal.domain.com
          r  domain  mail3.internal.domain.com
[zimbra@mail3 ~]$ /tmp/remove-share.sh
zmmailbox -z -m ajcody@mail3.internal.domain.com mfg /Shared all none
zmmailbox -z -m ajcody@mail3.internal.domain.com mfg /Shared guest ajcody@domain.com none
zmmailbox -z -m ajcody@mail3.internal.domain.com mfg /Shared account admin@mail3.internal.domain.com none
zmmailbox -z -m ajcody@mail3.internal.domain.com mfg /Shared group mydl@mail3.internal.domain.com none
zmmailbox -z -m ajcody@mail3.internal.domain.com mfg /Shared domain mail3.internal.domain.com none

I then removed the echo statements:

[zimbra@mail3 ~]$ vi /tmp/remove-share.sh
[zimbra@mail3 ~]$ /tmp/remove-share.sh
[zimbra@mail3 ~]$  zmmailbox -z -m ajcody@mail3.internal.domain.com gfg /Shared
Permissions    Type  Display
-----------  ------  -------
[zimbra@mail3 ~]$
User Contributed Perl Script To Remove All Shares

Please TEST this on a test box or a test account before running against a production situation. ZCS version change and commands might act different. Also note, this is a user contributed script and not one from Zimbra developers or the support staff. Also - the wiki formatting might throw of the script and could require you to fix before it runs correctly.

Script is called - zmshares - and should be named such.

#!/usr/bin/env perl
#
#
# This program was written by Pablo Garaitonandia on Nov. 26 2012.
# This program is for viewing and deleting all the shares that a user 
# may have in the event that removing the many shares a user has is 
# time consuming.
# This was written on a system running Zimbra 7.2.0, RHEL 5.8, with perl v5.8.8


use strict;
use warnings;
use Getopt::Long;


my $id=getpwuid($<);
my $help=0;
my $user_id=0;
my $option=0;
my @shares;
sub view_share;
sub del_share;


chomp $id;
if ($id ne "zimbra") {
	print STDERR "Error: must be run as zimbra user\n";
	exit (1);
	}



GetOptions(
        'h|help' => \$help,
        'u|uid=s' => \$user_id,
	'o|option=s'=> \$option, ) or die "Incorrect usage!\n";



# Check for usage, definition, and correct argument types
if ((defined ($user_id) && ($user_id =~ /([a-z0-9]+@[a-z.]+\.[a-z.]+)/gi)) 
	&& (defined ($option) && (($option eq "delete") || ($option eq "view")))) {
		print "\n$option: shares for $user_id \n\n";
		} elsif ($help) {
        	usage();
		} else {
		usage(1);
		}



if ($option eq "view"){ view_share();}
if ($option eq "delete"){ del_share();}


sub view_share {
	open(VIEW, "/opt/zimbra/bin/zmprov getShareInfo $user_id |");	
	print <VIEW>;
	}

sub del_share {
	open(SHARES, "zmprov getShareInfo $user_id |awk '{print substr(\$0,70,6) ,substr(\$0,131,36), substr(\$0,168,15)}' | awk 'NR>2' |");
	@shares = <SHARES>;
	if (!(@shares)){
		print "EXITING: User has no shares to delete.  \n\n";
		 exit (1);
		}	
	foreach my $share (@shares){
		my @line = split(/\s+/, $share);
		if (defined ($line[2])){
			print "zmmailbox -z -m $user_id  mfg $line[0] account $line[1] none\n";
			system("/opt/zimbra/bin/zmmailbox -z -m $user_id  mfg $line[0] account $line[1] none") == 0
				or die "Command Failed";
			} else {
			print "zmmailbox -z -m $user_id  mfg $line[0] account \"\" none\n";
			system("zmmailbox -z -m $user_id  mfg $line[0] account \"\" none") == 0
				or die "Command Failed";
			}
		}
	}


sub usage {

        my ($msg) = (@_);

        $msg && print STDERR "\nINCORRECT USAGE: $msg\n";
        print STDERR <<USAGE;

  zmshares -u username\@domain -o (delete|view)

  Where:
  -u: (user\@domain)  The full user id with domain for user. 
  -o: (delete|view) Delete or view ALL shares for the user

USAGE
        exit (1);
}



__END__

Setting Up A Share - CLI

I've yet to test these against all items (resources) listed in bug 25740 and work as expected.

To see current perms

zmmailbox -z -m faxfinder@example.com gfg /Inbox

To modify perms:

  • r = read
  • w = write
  • i = insert
  • d = delete
  • x = accept/decline invites
  • a = administer
zmmailbox -z -m faxfinder@example.com mfg /Inbox account user@example.com rwidx

To confirm perms are set:

zmmailbox -z -m faxfinder@example.com gfg /Inbox

To mount "folder" into a user account that was given permission:

zmmailbox -z -m user@example.com cm --view message "/Incoming_Faxes" faxfinder@example.com /Inbox

To confirm folder is mounted:

zmmailbox -z -m user@example.com gaf

Additions notes/options see:

zmmailbox help folder 

For mfg it shows it can take the below as a target:

  • account {name}
  • group {name} *This could be a DL?*
  • domain {name}
  • all
  • public
  • guest

Scripting note to do this with multiple users:

  • zmmailbox cm could use the zmprov gaa to provide a list of all accounts, this would include system & archive (if exist) accounts though.

How To Turn Off Sharing

You can enable / disable sharing from admin console:

- Admin console --> class of service --> select the CoS (eg default) --> features --> general features --> check/uncheck 'Sharing' option

Alternatively, this can be achieved by having the following CoS attribute either 'TRUE' or 'FALSE', from command line: zimbraFeatureSharingEnabled

Searches With zmmailbox


Special Note If Your Search String Needs Spaces

Here is an example using the correct format to include required spaces to have your search do what you want. For instance, many shared folders will end up using, by default, spaces in the folder name.

$ zmmailbox -z -m ajcody@`zmhostname` gaf | grep appo
        10  appo           0           0  /Calendar
       263  appo           0           2  /Large Share's Calendar (large-share@mail71.DOMAIN.com:10)

$ zmmailbox -z -m ajcody@`zmhostname` s -t appo in:"\"Large Share's Calendar"\"
num: 2, more: false

                                         Id  Type   From        Subject               Date
   ----------------------------------------  ----   ----------  --------------------- ------
1. 799efb72-2e6b-400a-8881-c5f9d7c282b1:265  appo   <na>        Test On Thu           10/28/10 00:02
2. 799efb72-2e6b-400a-8881-c5f9d7c282b1:263  appo   <na>        test for friday       10/28/10 00:02

Note, the "\"Text1 Text2"\" is for a [s option] search string query, when querying for the folder name with other zmmailbox options - normal quoting works. For example:

$ zmmailbox -z -m ajcody@`zmhostname` gfg "Large Share's Calendar"  
Permissions      Type  Display
-----------  --------  -------
     rwidxa   account  ajcody@mail71.DOMAIN.com

Search For Messages And Then Delete Them

Here's some examples to grab the message id's from a search and then put them in a variable to use for the delete command.

Other reference: King0770-Notes#Removing_Messages_with_Zmmailbox_based_on_the_Subject

Note - Crossmailbox Search And Delete Is Currently An RFE

See the following :

First - Default Search Returns Only 25 Results

From zmmailbox [help search] & zmmailboxsearch

--limit (optional)
-l
Sets the limit for the number of results returned. The default is 25.
Example Search With A From And To Date - Multiple Variable Search

This allows you to restrict your search in-between a date range.

zmmailbox -z -m user@domain.com s -t message -l 999 "before:6/15/2011 and after:6/9/2011"

Note - If your trying to do this for a tgz export, please see the following :

Example Search With To Field
[zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com s -t message "To: Adam"
num: 4, more: false

     Id  Type   From                  Subject                                             Date
   ----  ----   --------------------  --------------------------------------------------  --------------
1.  269  mess   Adam                  Re: 8-7-08 11:37 AM to both outside accounts        08/07/08 11:57
2.  268  mess   Adam                  Re: 8-7-08 11:37 AM to both outside accounts        08/07/08 11:39
3.  266  mess   Adam                  Re: 8-7-08 11:37 AM to both outside accounts        08/07/08 11:38
4.  263  mess   Adam                  Re: test on 8-7-08 to zimbra account                08/07/08 11:37

[zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com s -t message "To: Adam" |awk '{ if (NR!=1) {print}}'| grep mess | awk '{ print $2 "," }' | tr -d '\n'

269,268,266,263,

[zimbra@mail3 ~]$ message=`zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com s -t message "To: Adam" |awk '{ if (NR!=1) {print}}'| grep mess | awk '{ print $2 "," }' | tr -d '\n'`

[zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com dm `echo $message`

[zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com s -t message "To: Adam"
num: 0, more: false
Example Search With From Field
[zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com s -t message "From: Adam"
num: 8, more: false

     Id  Type   From                  Subject                                             Date
   ----  ----   --------------------  --------------------------------------------------  --------------
1.  464  mess   Adam                  test 3                                              10/02/08 11:43
2.  463  mess   Adam                  test  2                                             10/02/08 11:43
3.  462  mess   Adam                  test  1                                             10/02/08 11:43
4.  461  mess   Adam                  test                                                09/29/08 16:18
5.  460  mess   Adam                  test for mailbox log                                09/29/08 16:17
6.  265  mess   Adam                  8-7-08 11:37 AM to both outside accounts            08/07/08 11:38
7.  261  mess   Adam                  test on 8-7-08 to zimbra account                    08/07/08 11:36
8.  257  mess   Adam                  test from zimbra on 8-7-08                          08/07/08 11:27

[zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com s -t message "From: Adam" |awk '{ if (NR!=1) {print}}'| grep mess | awk '{ print $2 "," }' | tr -d '\n'

464,463,462,461,460,265,261,257,

[zimbra@mail3 ~]$ message=`zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com s -t message "From: Adam" |awk '{ if (NR!=1) {print}}'| grep mess | awk '{ print $2 "," }' | tr -d '\n'`

[zimbra@mail3 ~]$ echo $message

464,463,462,461,460,265,261,257,

[zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com dm `echo $message`

[zimbra@mail3 ~]$ zmmailbox -z -m ajcody@mail3.internal.DOMAIN.com s -t message "From: Adam"
num: 0, more: false

[zimbra@mail3 ~]$

More Search Possibilities

Please see [Search Tips]

Export & Import Of Users Data In TGZ Format

Please see Ajcody-Migration-Notes#ZCS_User_to_Another_ZCS_Server_-_With_Rest_.26_TGZ

Seeing What & Where Of A Message ID

If your need to figure out what the actual email/message is from a logging event.

For example, log shows:

 2009-03-03 22:04:58,969 INFO [btpool0-5532] [name=USER@DOMAIN.com;mid=8;ip=10.0.0.1;ua=ZimbraWebClient - IE6
(Win)/5.0.11_GA_2695.UBUNTU8_64;] mailop - moving Message (id=10955) to Folder Trash (id=3) 

To see the details of the message, do the following:

zmmailbox -z -m USER@DOMAIN gm 10955
Id: 10955
Conversation-Id: 11155
Folder: /Trash
Subject: FW: How are you doing?
From: User External <USER@DOMAIN.com>
To: <USER@DOMAIN.com>
...etc...

Message Count Mismatches

Message Count Via zmprov

To see a listing of message count in folders, replace USER@DOMAIN w/ user:

zmmailbox -z -m USER@DOMAIN gaf

You can also do something like this:

zmmailbox -z -m USER@DOMAIN s -t mess in:"FOLDER_IN_QUESTION"

If the folder has spaces, use the following format : "\"Large Share's Calendar"\"

zmprov rmc RecalculateMailboxCounts

From the zmprov help for rmc:

RecalculateMailboxCounts  rmc  {name@domain|id}
  When unread message count and quota usage are out of sync with the data 
  in the mailbox, use this command to immediately recalculate the mailbox 
  quota usage and unread messages count.

  Important: Recalculating mailbox quota usage and message count should be 
  schedule to run in off peak hours and used on one mailbox at a time. 

Example:
  $zmprov rmc user@domain

Users should log into a new ZWC session after this was done.

If User Is Using IMAP Client

We have some bugs/rfe's in regards to how various IMAP clients operate with their delete/purge and it's impact on the our message counting.

Here's a recent one:

One work around was by configuring the IMAP client to move messages to a Trash/Deleted Items folder [if available] and to delete/purge messages immediately or upon sign off.

Check The Message Blobs On The File System

This is more of a sanity check, confirming the user does have what you would estimate for message blobs on the file system under their message store path.

See: Ajcody-Mysql-Topics#How_To_Locate_Users_Mailstore_and_Message_Store_Directory

You might also see "No Such Blob" messages in the ZWC client and the mailbox.log file.

See: Ajcody-Notes-No-Such-Blob

Make Sure Your Not Auto-purging Messages

These are set at the global or server level.

zmprov gacf | egrep "zimbraMailPurgeSleepInterval|zimbraMailTrashLifetime|\
zimbraMailSpamLifetime|zimbraMailMessageLifetime"

zmprov gs server.domain.com | egrep "zimbraMailPurgeSleepInterval|\
zimbraMailTrashLifetime|zimbraMailSpamLifetime|zimbraMailMessageLifetime"

These at the user level:

zmprov ga user@domain | egrep "zimbraPrefInboxReadLifetime|zimbraPrefInboxUnreadLifetime|\
zimbraPrefSentLifetime|zimbraPrefJunkLifetime|zimbraPrefTrashLifetime"

Reference:

Managing Legal Requests for Information

Description:

The ZCS legal intercept feature is used to obtain copies of email messages that are sent, received, or saved as drafts from targeted accounts and send these message to a designated “shadow” email address. Legal Intercept can be configured to send the complete content of the message or to send only the header information. When a targeted account sends, receives, or saves a draft message, an intercept message is automatically created to forward copies of the messages as attachments to the specified email address.

Please see:

Persona, Identities, Send As, Send On Behalf Of Issues

For ZCS 8 And Above You Must Grant ACL Rights For sendAs and sendAsDistList for internal users

This section below only applies to versions ZCS 6 and ZCS 7. For ZCS 8 and above, the zimbraAllowFromAddress variable only is valid for external accounts and can NOT be used for internal users or ZCS distribution lists [DL's]. Please see the following for ZCS 8+

CLI Commands To Manage Persona, Identities, External Account

The following should provide you with the necessary commands to manage these user configurations:

 zmprov help command| grep -i data
 createDataSource(cds) {name@domain} {ds-type} {ds-name} zimbraDataSourceEnabled {TRUE|FALSE} zimbraDataSourceFolderId {folder-id} [attr1 value1 [attr2 value2...]]
 deleteDataSource(dds) {name@domain|id} {ds-name|ds-id}
 getDataSources(gds) {name@domain|id} [arg1 [arg2...]]
 modifyDataSource(mds) {name@domain|id} {ds-name|ds-id} [attr1 value1 [attr2 value2...]]
 zmprov help command| grep -i identit
 createIdentity(cid) {name@domain} {identity-name} [attr1 value1 [attr2 value2...]]
 deleteIdentity(did) {name@domain|id} {identity-name}
 getIdentities(gid) {name@domain|id} [arg1 [arg...]]
 modifyIdentity(mid) {name@domain|id} {identity-name} [attr1 value1 [attr2 value2...]]

Bugs And RFE's To Look At

Send As Issues

On Behalf Of Issues

Persona Setup With Send As [zimbraAllowFromAddress] Rights Rather Than On Behalf Of

This section below only applies to versions ZCS 6 and ZCS 7. For ZCS 8 and above, the zimbraAllowFromAddress variable only is valid for external accounts and can NOT be used for internal users or ZCS distribution lists [DL's]. Please see the following for ZCS 8+


Using A DL - Mailing List - As Your Shared Email Address

This was tested against ZCS 6.0.8p1 .

Attribute descriptions - 608 :

zimbra-attrs.xml:<attr id="427" name="zimbraAllowAnyFromAddress" type="boolean" 
   cardinality="single" optionalIn="account,cos" flags="accountInfo,accountInherited">

zimbra-attrs.xml:<attr id="428" name="zimbraAllowFromAddress" type="email" max="256" 
   cardinality="multi" optionalIn="account" flags="accountInfo,domainAdminModifiable">
  • First, created a test user account:
    • ajcody@rr608.zimbra.DOMAIN.com
      • In the admin web console, under the users preferences tab :
        • Sending Mail > checked  : "Allow sending email from any address"
          • zmprov ma ajcody@rr608.zimbra.DOMAIN.com zimbraAllowAnyFromAddress TRUE
          • Note, this could be setup in a COS as well and then assign the users you want to that COS
          • If this is to permissive, because it does allow the user to send as anybody, then you'll want to do this instead:
            • zmprov ma ajcody@rr608.zimbra.DOMAIN.com zimbraAllowAnyFromAddress FALSE
            • zmprov ma ajcody@rr608.zimbra.DOMAIN.com zimbraAllowFromAddress personal-dl@rr608.zimbra.DOMAIN.com
              • Note - bug alert.
                • Testing shown that you could still have a persona setup for a particular address that wasn't set for the zimbraAllowFromAddress variable and zimbraAllowAnyFromAddress is set as FALSE. You'll be able to select it when composing a message and the message is sent with no error. But, what happens is the email is delivered to the recipient with your primary account details rather than the persona's.
  • If your only using a DL for the mail traffic, you would:
    • Create a new DL :
      • persona-dl@rr608.zimbra.DOMAIN.com
        • checked "Can receive email"
        • Added a user/s to the DL:
          • ajcody@rr608.zimbra.DOMAIN.com
  • Now, once that is done we can setup the persona for our "test user" - ajcody. Login as testuser
    • Create a Folder called "Persona DL" and then a filter rule to move all emails with persona-dl@rr608.zimbra.DOMAIN.com to the "Persona DL" folder.
      • Under the users perferences, Mail > Accounts > Add Persona button:
        • Persona Name : Persona DL
          • From : Persona DL # personal-dl@rr608.zimbra.DOMAIN.com
          • Reply-To : Persona DL # personal-dl@rr608.zimbra.DOMAIN.com
          • Use this persona:
          • check "when replying or forwarding messages sent to: Persona DL # personal-dl@rr608.zimbra.DOMAIN.com
          • check "when replying or forwarding messages in folder(s) : Personal DL
  • Things to note when using persona
    • A new message in the "From" section will give a drop down for your persona choice.
    • It's best to create a mail filter rule to put related messages for the persona account into a folder and then in the persona choose the option about using the persona as the default when replying to messages in that folder.

Using A Shared Mailbox As Your Shared Email Address

This section below only applies to versions ZCS 6 and ZCS 7. For ZCS 8 and above, the zimbraAllowFromAddress variable only is valid for external accounts and can NOT be used for internal users or ZCS distribution lists [DL's]. Please see the following for ZCS 8+


The below how-to was tested against ZCS 6.0.8p1 .
  • First, created a test user account:
    • ajcody@rr608.zimbra.DOMAIN.com
      • In the admin web console, under the users preferences tab :
        • Sending Mail > checked  : "Allow sending email from any address"
          • zmprov ma ajcody@rr608.zimbra.DOMAIN.com zimbraAllowAnyFromAddress TRUE
          • Note, this could be setup in a COS as well and then assign the users you want to that COS
          • If this is to permissive, because it does allow the user to send as anybody, then you'll want to do this instead:
            • zmprov ma ajcody@rr608.zimbra.DOMAIN.com zimbraAllowAnyFromAddress FALSE
            • zmprov ma ajcody@rr608.zimbra.DOMAIN.com zimbraAllowFromAddress personal-source@rr608.zimbra.DOMAIN.com
              • Note - bug alert.
                • Testing shown that you could still have a persona setup for a particular address that wasn't set for the zimbraAllowFromAddress variable and zimbraAllowAnyFromAddress is set as FALSE. You'll be able to select it when composing a message and the message is sent with no error. But, what happens is the email is delivered to the recipient with your primary account details rather than the persona's.
  • If I was only using a "shared mailbox" for the mail traffic, I would:
    • First create a DL that will have the user accounts you want to share this 'new' mailbox [Inbox]:
      • Create a new DL:
        • persona-share@rr608.zimbra.DOMAIN.com
          • checked "Can receive email"
          • Added a user to the DL:
            • ajcody@rr608.zimbra.DOMAIN.com
  • The create a new account/mailbox that others will share:
    • persona-source@rr608.zimbra.DOMAIN.com
      • From the 'admin console', do "View Mail" on the new account
        • Share the Inbox to the DL : persona-share@rr608.zimbra.DOMAIN.com w/ Manager or Admin Rights
  • Log back into the 'test user' acocunt - ajcody@rr608.zimbra.DOMAIN.com
    • Accept the share and confirm you see the "Inbox" from the "persona-source" account.
      • Then, under the users perferences, Mail > Accounts > Add Persona button::
        • Persona Name : Persona Source
          • From : Persona Source # persona-source@rr608.zimbra.DOMAIN.com
          • Reply-To : Persona Source # persona-source@rr608.zimbra.DOMAIN.com
          • Use this persona:
          • check "when replying or forwarding messages sent to: persona-source@rr608.zimbra.DOMAIN.com
          • check "when replying or forwarding messages in folder(s) : Persona Source's Inbox
  • Things to note when using persona
    • A new message in the "From" section will give a drop down for your persona choice.
    • It's best to create a mail filter rule to put related messages for the persona account into a folder and then in the persona choose the option about using the persona as the default when replying to messages in that folder.
    • Need An RFE/BUG Report? - When you have a shared mailbox folder, the 'normal' operation when replying to messages from that folder is to send them "on behalf of". You don't want this option, since your wanting to use the persona rules. You might need to "uncheck" the box under the new message that says:
      • uncheck box for "Send this message on behalf of: persona-source@rr608.zimbra.DOMAIN.com"
      • I couldn't find a way to have this "unchecked" as the default.

Sieve Rules

Administrating Rules For Users - CLI

Please see King0770-Notes-Sieve_Rules_By_Proxy


Jump to: navigation, search