Troubleshooting Course Content Rough Drafts-Zimbra Architecture Component Overview
DRAFT -- ROUGH DRAFT -- ROUGH DRAFT -- ROUGH DRAFT -- ROUGH DRAFT -- ROUGH DRAFT -- ROUGH DRAFT -- ROUGH DRAFT -- ROUGH DRAFT -- ROUGH
Zimbra Architecture / Component Overview
The Zimbra Collaboration architecture is built with well known open source technologies and standards based protocols. The architecture consists of client interfaces and server components that can be run in a single node configuration or deployed across multiple servers for high availability as well as increased scalability.
The Zimbra architecture includes open source integrations using industry standard protocols. The Open Source Software listed below is bundled with Zimbra software and installed as part of the installation process.
- Anti-virus and anti-spam open source components;
- James/Sieve filtering
Zimbra Ldap - OpenLdap
- OpenLDAP is a free, open source implementation of the Lightweight Directory Access Protocol (LDAP) developed by the OpenLDAP Project.
- LDAP is a protocol for accessing a directory. A directory contains objects; generally those related to users, groups, computers, printers and so on; company structure information/LDAP gives you query methods to add, update and remove objects within a directory.
- LDAP directory services provide a centralized repository for information about users and devices that are authorized to use your Zimbra service. The central repository used for Zimbra’s LDAP data is the OpenLDAP directory server.
- LDAP directories are arranged in an hierarchal tree-like structure with two types of branches, the mail branches and the config branch. Mail branches are organized by domain. Entries belong to a domain, such as accounts, groups, aliases, are provisioned under the domain DN in the directory. The config branch contains admin system entries that are not part of a domain. Config branch entries include system admin accounts, global config, global grants, COS, servers, mime types, and zimlets.
Zimbra MTA - Postfix
- A Message Transfer Agent or Mail Transfer Agent or Mail Relay is software that transfers electronic mail messages from one computer to another using a client–server architecture. An MTA implements both the client (sending) and server (receiving) portions of the Simple Mail Transfer Protocol (SMTP ) port 25.
- A Mail Transfer Agent receives mail from either another MTA or from a MUA. The transmission details are specified by the Simple Mail Transfer Protocol (SMTP). When a recipient mailbox of a message is not hosted locally, the message is relayed, that is, forwarded to another MTA.
- ZCS includes a precompiled version of Postfix to route and relay mail and manage attachments. Postfix receives inbound messages via SMTP, performs
anti-virus and anti-spam filtering and hands off the mail messages to the Zimbra Collaboration server via LMTP. Postfix also plays a role in transferring outbound messages. Messages composed from the Zimbra Web Client are sent by the Zimbra server through Postfix, including messages sent to other users on the same server.
Zimbra AntiSpam/Antivirus - Amavisd - SpamAssassin - ClavAV
- Amavisd-new is a high-performance interface between mailer (MTA) and content checkers: virus scanners, and/or SpamAssassin.
- SpamAssassin is used for e-mail spam filtering based on content-matching rules. SpamAssassin uses a variety of spam-detection techniques, that includes DNS-based and fuzzy-checksum-based spam detection, Bayesian filtering, external programs, blacklists and online databases.
- ClamAV is an open source anti-virus engine used in a variety of situations including email scanning, web scanning, and end point security. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and an advanced tool for automatic database updates.
- The Amavisd-New utility is the interface between the Zimbra MTA and Clam AntiVirus (ClamAV) and SpamAssassin scanners.
- ClamAV software is the virus protection engine enabled for each ZCS server.
The anti-virus software is configured to put messages that have been identified as having a virus to the virus quarantine mailbox. By default, the Zimbra MTA checks every two hours for any new anti-virus updates from ClamAV.
- Zimbra uses SpamAssassin to identify unsolicited commercial email (spam) with learned data stored in either the Berkeley DB database or a MariaDB database.
- SpamAssassin uses predefined rules as well as a Bayes database to score messages with a numerical range. Zimbra uses a percentage value to determine "spaminess" based on a SpamAssassin score of 20 as 100%. Any message tagged between 33%-75% is considered spam and delivered to the user’s junk folder. Messages tagged above 75% are always considered spam and discarded.
Zimbra Mailbox Server - "Mailboxd"
- What is a Mailbox Server
- The Zimbra mailbox server is a dedicated server that manages all the mailbox content, including messages, contacts, calendar, and attachments.
The Zimbra mailbox server has dedicated volumes for backup and log files. Each Zimbra mailbox server can see only its own storage volumes. Zimbra mailbox servers cannot see, read, or write to another server.
- The importance of & How Zimbra uses the Mailbox Server
- Each account is configured on one mailbox server, and this account is associated with a mailbox that contains email messages, attachments, calendar, contacts and collaboration files for that account. Each mailbox server has its own standalone message store, data store, and index store for the mailboxes on that server.
- Message Store
- All email messages are stored in MIME format in the Message Store, including the message body and file attachments.
The message store is located on each mailbox server under /opt/zimbra/store by defaut. Each mailbox has its own directory named after its internal mailbox ID. Mailbox IDs are unique per server, not system-wide. Messages with multiple recipients are stored as a single-copy on the message store. On UNIX systems, the mailbox directory for each user contains a hard link to the actual file. When Zimbra Collaboration is installed, one index volume and one message volume are configured on each mailbox server. Each mailbox is assigned to a permanent directory on the current index volume. When a new message is delivered or created, the message is saved in the current message volume.
- Jetty is a Java HTTP (Web) server and Java Servlet container.
- It is the web application server that Zimbra software runs in.
- The Jetty web application server runs web applications (webapps) on any Zimbra store server. It provides one or more web application services.
- Mailstore services provides the back-end access to mailbox/account data. Webapps for the mailstore include:
- Mailstore (mail server) = /opt/zimbra/jetty/webapps/service
- Zimlets = /opt/zimbra/jetty/webapps/zimlet
- User Interface services provide front-end user interface access to the mailbox account data and administration console, including:
- Zimbra Web Client = /opt/zimbra/jetty/webapps/zimbra
- Zimbra administrator console = /opt/zimbra/jetty/webapps/zimbraAdmin
- Zimlets = /opt/zimbra/jetty/webapps/zimlet
- MariaDB is a community-developed fork of the MySQL relational database management system, which is intended to remain free.
- The Data Store found in Zimbra is a MariaDB database where internal mailbox IDs are linked with user accounts. All the message metadata including tags, conversations, and pointers indicate where the messages are stored in the file system. The MariaDB database files are in /opt/zimbra/db.
Each account (mailbox) resides only on one server. Each server has its own standalone data store containing data for the mailboxes on that server.
- The data store maps the mailbox IDs to the users’ OpenLDAP accounts.The primary identifier within the Zimbra Collaboration database is the mailbox ID, rather than a user name or account name. The mailbox ID is only unique within a single mailbox server.
- Metadata including user’s set of tag definitions, folders, contacts, calendar appointments, tasks, Briefcase folders, and filter rules are in the data store database.
- Information about each mail message, including whether it is read or unread, and which tags are associated is stored in the data store database.
- Lucene is an open source enterprise full-featured text and search engine
- In Zimbra, the index and search technology is provided through Apache Lucene. Each email message and attachment is automatically indexed when the message arrives. An index file is associated with each account. Index files are in /opt/zimbra/index. The tokenizing and indexing process is not configurable by administrators or users.
- LibreOffice is a free and open source software office suite. The LibreOffice suite comprises of programs to do word processing, spreadsheets, slideshows, diagrams and drawings, maintain databases, and compose mathematical formulae.
- Zimbra uses LibreOffice for its high-fidelity document preview.
- Autonomy is a third-party open source application that converts certain attachment file types to HTML.
- jSieve is a Java implementation of the Sieve mail filtering language defined by RFC 3028 (https://www.ietf.org/rfc/rfc3028.txt) . jSieve is implemented as a language processor that can be plugged into any internet mail application to add Sieve support.
Zimbra Reverse-Proxy - NGINX
- A reverse proxy is a type of proxy server that retrieves resources on behalf of a client from one or more servers. These resources are then returned to the client as though they originated from the proxy server itself.
- Nginx (pronounced engine-x) is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server.
- The Zimbra Proxy is a high-performance proxy server that can be configured as a POP3/IMAP/HTTP proxy used to reverse proxy IMAP/POP3 and HTTP client requests to a set of backend servers.
- The Zimbra Proxy package is installed and configured during the Zimbra Collaboration installation. You can install this package on a mailbox server, MTA server, or on its own independent server. When the Zimbra Proxy package is installed, the proxy feature is enabled. In most cases, no modification is necessary.
- Zimbra Proxy allows end users to access their Zimbra Collaboration account using end clients such as Microsoft Outlook, Mozilla Thunderbird, or other POP/IMAP end-client software. End users can connect using POP3, IMAP, POP3S (Secure POP3), or IMAPS (Secure IMAP).
For example, proxying allows users to enter imap.example.com as their IMAP server. The proxy running on imap.example.com inspects their IMAP traffic, does a lookup to determine which backend mailbox server a user’s mailbox lives on and transparently proxies the connection from user’s IMAP client to the correct mailbox server.
- Benefits of using the Zimbra Proxy
- Zimbra proxy centralizes access to Mailbox servers
- Load Balancing
- SSL Termination
- Centralized Logging and Auditing
- URL Rewriting
Zimbra Client Architecture
- Standard Web Client is a good option when Internet connections are slow or users prefer HTML-based messaging for navigating within their mailbox.
- Advanced Web Client includes Ajax capability and offers a full set of web collaboration features. This web client works best with newer browsers and fast Internet connections.
- Mobile Client (Native Mail Client) is used to configure and sync the Zimbra mailbox server with the native mail client on a mobile device.
- Touch Client (Mobile Web App) provides an experience for touch-capable mobile devices. Its features are a subset of the features found in the Zimbra Web Client, including Mail, Contacts and Calendar.
- Mobile HTML Client provides mobile access to Zimbra when using the Standard Web Client version.
When users sign in, they view the advanced Zimbra Web Client, unless they use the menu on the login screen to change to the standard version. If ZWC detects the screen resolution to be 800 x 600, users are automatically redirected to the standard Zimbra Web Client. Users can still choose the advanced, but see a warning message suggesting the use of the standard ZWC for better screen view.
- When connecting to Zimbra using a mobile web browser, Zimbra automatically detects and defaults to the Touch Client. To use the Mobile Client, you must configure your mobile device to sync with the Zimbra server.
- In addition to using a web browser or a mobile device to connect to a Zimbra Server. A connection is available using a web service, such as Exchange Web Services (EWS), or a desktop client such as Zimbra Connector to Microsoft Outlook, which uses MAPI.
- The following are supported;
- Exchange Web Services (EWS) which provides clientsto access the Zimbra server and to communicate with the Exchange Server when using Microsoft Outlook on a Mac device. EWS is enabled at the Class of Service layer. EWS is a separately licensed add-on feature.
- Messaging Application Programming Interface (MAPI) synchronizes to Microsoft Outlook 2007/2010/2013 with full delegate, offline access and support for S/MIME. The Zimbra Connector for Outlook can connect to Zimbra with Microsoft Outlook on a Windows device. MAPI (Microsoft Outlook) is enabled also at the Class of Service layer.
- Zimbra supports POP3, IMAP4, Calendaring Extensions to Web Distributed Authoring and Versioning (CalDAV), and vCard Extensions to Web Distributed Authoring and Versioning (CardDAV) clients.
- Zimbra also allows for an Offline Mode. Which allows access to data without network connectivity when using the Zimbra Web Client (ZWC).
- For example, if there is no server connectivity or server connectivity is lost, ZWC automatically transitions to “offline mode”. When server connectivity is restored, ZWC automatically reverts to “online mode”. The offline mode uses HTML5, which uses a caching capability that can be considered a super set of the normal browser caching. Offline mode is configurable at the Class Of Service level.
Zimbra System Directory Tree
- The directory organization is the same for any server in the Zimbra Collaboration, installing under /opt/zimbra.
[True/False perhaps better here]
- What is Postfix?
- How does Zimbra use Postfix
- How does the client communicate with the Proxy?
- How does the client communicate with the Mailbox Server?
- What is AmavisD?
- How does Zimbra utilize AmavisD as a AntiSpam/AntiVirus?