2,187
edits
Difference between revisions of "Procedures (Zimbra)"
Jump to navigation
Jump to search
m
→Enable Spam BlockList: Added example output in daily mail
m (→Upgrade: Added download link) |
m (→Enable Spam BlockList: Added example output in daily mail) |
||
| (5 intermediate revisions by the same user not shown) | |||
| Line 35: | Line 35: | ||
== Software Updates == | == Software Updates == | ||
=== Upgrade === | === Upgrade === | ||
* See also: [[Upgrade Zimbra FOSS v7 to v8]] | |||
Get the appropriate version from http://www.zimbra.com/downloads/os-downloads.html | Get the appropriate version from http://www.zimbra.com/downloads/os-downloads.html | ||
| Line 85: | Line 87: | ||
#* <code> more /opt/zimbra/ssl/zimbra/commercial/commercial.csr </code> | #* <code> more /opt/zimbra/ssl/zimbra/commercial/commercial.csr </code> | ||
# Upload CSR to certificate authority | # Upload CSR to certificate authority | ||
# Install received | # Install received certificates via GUI and restart server | ||
If you are unable to install the new certificates via the admin console, then do the following | |||
# Copy the CA and server certificates onto the server (to a temp location) | |||
#* If you have CA and one or more intermeadiary certificates, these need to be concatenated so that you have one CA cert, and one server cert | |||
#** EG <code> cat /tmp/ca.crt /tmp/ca_inter1.crt /tmp/ca_inter2.crt > /tmp/ca_chain.crt </code> | |||
# Verify the server certificate | |||
#* EG <code> /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /tmp/server.crt /tmp/ca_chain.crt</code> | |||
# Deploy the server certificate | |||
#* EG <code> /opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/server.crt /tmp/ca_chain.crt </code> | |||
# Restart the server | |||
For more info see http://wiki.zimbra.com/wiki/Administration_Console_and_CLI_Certificate_Tools#zmcertmgr | |||
=== Migrate Commercial Certificate To New Server === | === Migrate Commercial Certificate To New Server === | ||
| Line 150: | Line 164: | ||
Any probs, refer to the Zimbra doc at the start of this for things to investigate. | Any probs, refer to the Zimbra doc at the start of this for things to investigate. | ||
== Install Zimlet == | == Configuration Changes == | ||
Zimlets ''only'' work when accessing via the web client, they are not usable from the full-fat Zimbra client. | === Install Zimlet === | ||
Zimlets ''only'' work when accessing via the web client, they are not usable from the full-fat Zimbra desktop client. | |||
# Copy the Zimlet to the server | # Copy the Zimlet to the server | ||
| Line 159: | Line 174: | ||
#* EG <code> zmzimletctl deploy com_zimbra_tasksreminder.zip </code> | #* EG <code> zmzimletctl deploy com_zimbra_tasksreminder.zip </code> | ||
== Signature Length Increase == | === Signature Length Increase === | ||
The maximum length of an email signature is limited to 10240 by default, to increase... | The maximum length of an email signature is limited to 10240 by default, to increase... | ||
| Line 174: | Line 189: | ||
## Delete, then re-add the account and allow to resync fully | ## Delete, then re-add the account and allow to resync fully | ||
== Message Sizes == | === Maximum Message Sizes === | ||
To see the current max IMAP request size... | To see the current max IMAP request size... | ||
* <code> zmlocalconfig | grep -i imap_max_request_size </code> | * <code> zmlocalconfig | grep -i imap_max_request_size </code> | ||
| Line 192: | Line 207: | ||
and so update to say 20 MB, use... | and so update to say 20 MB, use... | ||
* <code> zmprov modifyConfig zimbraMailContentMaxSize 20480000 </code> | * <code> zmprov modifyConfig zimbraMailContentMaxSize 20480000 </code> | ||
=== Mailbox Purge Interval === | |||
Mailbox purging carries on continuously in the background. The process pauses/sleeps between each mailbox by a user defined interval (default is 1 minute). What's purged is defined in the ''Class of Service (COS)'' for a particular mailbox - see the '''Email Retention Policy''' on the ''Advanced'' tab in the admin console (it can be overridden for individual mailboxes in the ''Advanced'' tab of the account config). | |||
To check the current setting (replace <code>host.domain.com</code> as appropriate)... | |||
zmprov gacf | grep zimbraMailPurgeSleepInterval | |||
zmprov gs host.domain.com | grep zimbraMailPurgeSleepInterval | |||
To set (I tend to set the interval so that all mailboxes get purged in a day)... | |||
zmprov mcf zimbraMailPurgeSleepInterval 1h | |||
To see purging activity see the mailbox logs, eg | |||
grep 'purge' /opt/zimbra/log/mailbox.log | |||
zgrep 'purge' /opt/zimbra/log/mailbox.log.2012-08-05.gz | |||
=== Enable Spam BlockList === | |||
In order for you to be able to add a public blocklist it first needs known by SpamAssassin. SpamAssassin's config can be found in <code>/opt/zimbra/conf/spamassassin/</code>, to check for a particular DNS Blocklist, ''zen.spamhaus.org'' for example, use | |||
* <code>grep zen.spamhaus.org /opt/zimbra/conf/spamassassin/20_dnsbl_tests.cf</code> | |||
# Login as the Zimbra user | |||
#* <code> su - zimbra </code> | |||
# Check existing restrictions | |||
#* <code> zmprov gacf | grep zimbraMtaRestriction </code> | |||
# Add new restriction (for example ''zen.spamhaus.org'') | |||
#* <code> zmprov mcf +zimbraMtaRestriction "reject_rbl_client zen.spamhaus.org" </code> | |||
# Check restriction has been added | |||
#* <code> zmprov gacf | grep zimbraMtaRestriction </code> | |||
Hosts rejected by the blocklist will be listed in the "Daily mail report", for example... | |||
<pre> | |||
message reject detail | |||
--------------------- | |||
RCPT | |||
blocked using zen.spamhaus.org (total: 5) | |||
1 speakezy.com.au | |||
1 v4.ngi.it | |||
1 draw.datemail.us | |||
1 born.seriesmail.us | |||
1 wood.seriesmail.us | |||
</pre> | |||
=== Enable DKIM === | |||
[[Acronyms#DKIM|DKIM]] allows for the signing of certain fields of an email (for example the From: field, allowing the recipient to trust that the email is from whoever it purports to be and not from a spammer). This is achieved by adding a DKIM signature to an email, which can be cross referenced with a public key provided in DNS for the sending domain. | |||
'''DKIM is not available in versions prior to Zimbra v8 !''' | |||
For more info on DKIM see... | |||
* http://www.dkim.org/ | |||
* http://www.wikipedia.org/wiki/DomainKeys_Identified_Mail | |||
For fuller, Zimbra specfifc instructions see... | |||
* http://wiki.zimbra.com/wiki/Configuring_for_DKIM_Signing | |||
To set-up | |||
# Create the DKIM keys on your Zimbra server for your domain | |||
## Log into your Zimbra server as the Zimbra user | |||
## Run DKIM key utility | |||
##* EG <code> /opt/zimbra/libexec/zmdkimkeyutil -a -d domain.com </code> (replace <code> domain.com </code> with your domain) | |||
# Add the public key generated into your DNS as a TXT (text) record (the field names will be vary dependant on your provider's DNS managment interface) | |||
#* EG: Label/Name/Entry: <code>5E56FFDC-11F6-11E2-9862-DA8801AF17E6._domainkey</code> | |||
#* EG: Data/Target: <code>v=DKIM1;=rsa; p=MIGfMA0GCSqGSIb3...<etc - your key will be longer!></code> | |||
# Confirm the DNS entry is correct | |||
#* EG <code> dig -t txt 5E56FFDC-11F6-11E2-9862-DA8801AF17E6._domainkey.domain.com </code> | |||
[[Category:Zimbra]] | [[Category:Zimbra]] | ||