2,187
edits
Difference between revisions of "Procedures (Zimbra)"
Jump to navigation
Jump to search
m
→Enable Spam BlockList: Added example output in daily mail
(Initial creation - content from Zimbra page) |
m (→Enable Spam BlockList: Added example output in daily mail) |
||
| (7 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
== Backup == | == Backup == | ||
=== Basic Manual Mackup === | === Basic Manual Mackup === | ||
Useful just before you perform an upgrade or some other potentially disastrous change (be aware that if your server is still accessible to users or can receive incoming email from the internet, any interim changes will be lost if you roll back) | |||
# SU to Zimbra admin | # SU to Zimbra admin | ||
#* <code> su - zimbra </code> | #* <code> su - zimbra </code> | ||
| Line 6: | Line 7: | ||
#* <code> zmcontrol stop </code> | #* <code> zmcontrol stop </code> | ||
# Exit Zimbra user and create copy of directory | # Exit Zimbra user and create copy of directory | ||
#* EG <code> cp -rp /opt/zimbra /home/simons/ | #* EG <code> cp -rp /opt/zimbra /home/simons/zimbra_backup_20100301 </code> | ||
# Once completed, go back to zimbra user and start | # Once completed, go back to zimbra user and start | ||
#* <code> su - zimbra </code> | #* <code> su - zimbra </code> | ||
| Line 13: | Line 14: | ||
=== Full Scripted Backup === | === Full Scripted Backup === | ||
* For more info see - http://www.zimbra.com/forums/administrators/15275-solved-yet-another-backup-script-community-version.html | * For more info see - http://www.zimbra.com/forums/administrators/15275-solved-yet-another-backup-script-community-version.html | ||
* Script is downloadable from - http://www.osoffice.de/downloads/viewcategory-7.html | ** Script is downloadable from - http://www.osoffice.de/downloads/viewcategory-7.html | ||
** Or see my modified version at [[Zimbra FOSS Full Backup]] | |||
This method performs a full (offline) backup of your whole Zimbra installation, an user data only online backup can also be achieved, see [[Zimbra FOSS User Backup]] | |||
# Check the size of the <code> /opt/zimbra </code> dir, this will be replicated to a sync directory, from which the actual backup is taken, and check available free space | # Check the size of the <code> /opt/zimbra </code> dir, this will be replicated to a sync directory, from which the actual backup is taken, and check available free space | ||
| Line 31: | Line 35: | ||
== Software Updates == | == Software Updates == | ||
=== Upgrade === | === Upgrade === | ||
* See also: [[Upgrade Zimbra FOSS v7 to v8]] | |||
Get the appropriate version from http://www.zimbra.com/downloads/os-downloads.html | |||
Use the same package to upgrade the software as used for a brand new install (there is no separate upgrade package). The important part of any upgrade ''IS NOT'' how to get your system upgraded, it ''IS'' how you're going to recover if it all goes horribly wrong. | Use the same package to upgrade the software as used for a brand new install (there is no separate upgrade package). The important part of any upgrade ''IS NOT'' how to get your system upgraded, it ''IS'' how you're going to recover if it all goes horribly wrong. | ||
| Line 79: | Line 87: | ||
#* <code> more /opt/zimbra/ssl/zimbra/commercial/commercial.csr </code> | #* <code> more /opt/zimbra/ssl/zimbra/commercial/commercial.csr </code> | ||
# Upload CSR to certificate authority | # Upload CSR to certificate authority | ||
# Install received | # Install received certificates via GUI and restart server | ||
If you are unable to install the new certificates via the admin console, then do the following | |||
# Copy the CA and server certificates onto the server (to a temp location) | |||
#* If you have CA and one or more intermeadiary certificates, these need to be concatenated so that you have one CA cert, and one server cert | |||
#** EG <code> cat /tmp/ca.crt /tmp/ca_inter1.crt /tmp/ca_inter2.crt > /tmp/ca_chain.crt </code> | |||
# Verify the server certificate | |||
#* EG <code> /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /tmp/server.crt /tmp/ca_chain.crt</code> | |||
# Deploy the server certificate | |||
#* EG <code> /opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/server.crt /tmp/ca_chain.crt </code> | |||
# Restart the server | |||
For more info see http://wiki.zimbra.com/wiki/Administration_Console_and_CLI_Certificate_Tools#zmcertmgr | |||
=== Migrate Commercial Certificate To New Server === | === Migrate Commercial Certificate To New Server === | ||
| Line 144: | Line 164: | ||
Any probs, refer to the Zimbra doc at the start of this for things to investigate. | Any probs, refer to the Zimbra doc at the start of this for things to investigate. | ||
== Install Zimlet == | == Configuration Changes == | ||
Zimlets ''only'' work when accessing via the web client, they are not usable from the full-fat Zimbra client. | === Install Zimlet === | ||
Zimlets ''only'' work when accessing via the web client, they are not usable from the full-fat Zimbra desktop client. | |||
# Copy the Zimlet to the server | # Copy the Zimlet to the server | ||
| Line 153: | Line 174: | ||
#* EG <code> zmzimletctl deploy com_zimbra_tasksreminder.zip </code> | #* EG <code> zmzimletctl deploy com_zimbra_tasksreminder.zip </code> | ||
== Signature Length Increase == | === Signature Length Increase === | ||
The maximum length of an email signature is limited to 10240 by default, to increase... | The maximum length of an email signature is limited to 10240 by default, to increase... | ||
| Line 168: | Line 189: | ||
## Delete, then re-add the account and allow to resync fully | ## Delete, then re-add the account and allow to resync fully | ||
== Message Sizes == | === Maximum Message Sizes === | ||
To see the current max IMAP request size... | To see the current max IMAP request size... | ||
* <code> zmlocalconfig | grep -i imap_max_request_size </code> | * <code> zmlocalconfig | grep -i imap_max_request_size </code> | ||
| Line 186: | Line 207: | ||
and so update to say 20 MB, use... | and so update to say 20 MB, use... | ||
* <code> zmprov modifyConfig zimbraMailContentMaxSize 20480000 </code> | * <code> zmprov modifyConfig zimbraMailContentMaxSize 20480000 </code> | ||
=== Mailbox Purge Interval === | |||
Mailbox purging carries on continuously in the background. The process pauses/sleeps between each mailbox by a user defined interval (default is 1 minute). What's purged is defined in the ''Class of Service (COS)'' for a particular mailbox - see the '''Email Retention Policy''' on the ''Advanced'' tab in the admin console (it can be overridden for individual mailboxes in the ''Advanced'' tab of the account config). | |||
To check the current setting (replace <code>host.domain.com</code> as appropriate)... | |||
zmprov gacf | grep zimbraMailPurgeSleepInterval | |||
zmprov gs host.domain.com | grep zimbraMailPurgeSleepInterval | |||
To set (I tend to set the interval so that all mailboxes get purged in a day)... | |||
zmprov mcf zimbraMailPurgeSleepInterval 1h | |||
To see purging activity see the mailbox logs, eg | |||
grep 'purge' /opt/zimbra/log/mailbox.log | |||
zgrep 'purge' /opt/zimbra/log/mailbox.log.2012-08-05.gz | |||
=== Enable Spam BlockList === | |||
In order for you to be able to add a public blocklist it first needs known by SpamAssassin. SpamAssassin's config can be found in <code>/opt/zimbra/conf/spamassassin/</code>, to check for a particular DNS Blocklist, ''zen.spamhaus.org'' for example, use | |||
* <code>grep zen.spamhaus.org /opt/zimbra/conf/spamassassin/20_dnsbl_tests.cf</code> | |||
# Login as the Zimbra user | |||
#* <code> su - zimbra </code> | |||
# Check existing restrictions | |||
#* <code> zmprov gacf | grep zimbraMtaRestriction </code> | |||
# Add new restriction (for example ''zen.spamhaus.org'') | |||
#* <code> zmprov mcf +zimbraMtaRestriction "reject_rbl_client zen.spamhaus.org" </code> | |||
# Check restriction has been added | |||
#* <code> zmprov gacf | grep zimbraMtaRestriction </code> | |||
Hosts rejected by the blocklist will be listed in the "Daily mail report", for example... | |||
<pre> | |||
message reject detail | |||
--------------------- | |||
RCPT | |||
blocked using zen.spamhaus.org (total: 5) | |||
1 speakezy.com.au | |||
1 v4.ngi.it | |||
1 draw.datemail.us | |||
1 born.seriesmail.us | |||
1 wood.seriesmail.us | |||
</pre> | |||
=== Enable DKIM === | |||
[[Acronyms#DKIM|DKIM]] allows for the signing of certain fields of an email (for example the From: field, allowing the recipient to trust that the email is from whoever it purports to be and not from a spammer). This is achieved by adding a DKIM signature to an email, which can be cross referenced with a public key provided in DNS for the sending domain. | |||
'''DKIM is not available in versions prior to Zimbra v8 !''' | |||
For more info on DKIM see... | |||
* http://www.dkim.org/ | |||
* http://www.wikipedia.org/wiki/DomainKeys_Identified_Mail | |||
For fuller, Zimbra specfifc instructions see... | |||
* http://wiki.zimbra.com/wiki/Configuring_for_DKIM_Signing | |||
To set-up | |||
# Create the DKIM keys on your Zimbra server for your domain | |||
## Log into your Zimbra server as the Zimbra user | |||
## Run DKIM key utility | |||
##* EG <code> /opt/zimbra/libexec/zmdkimkeyutil -a -d domain.com </code> (replace <code> domain.com </code> with your domain) | |||
# Add the public key generated into your DNS as a TXT (text) record (the field names will be vary dependant on your provider's DNS managment interface) | |||
#* EG: Label/Name/Entry: <code>5E56FFDC-11F6-11E2-9862-DA8801AF17E6._domainkey</code> | |||
#* EG: Data/Target: <code>v=DKIM1;=rsa; p=MIGfMA0GCSqGSIb3...<etc - your key will be longer!></code> | |||
# Confirm the DNS entry is correct | |||
#* EG <code> dig -t txt 5E56FFDC-11F6-11E2-9862-DA8801AF17E6._domainkey.domain.com </code> | |||
[[Category:Zimbra]] | [[Category:Zimbra]] | ||