Difference between revisions of "Zimbra"

Jump to navigation Jump to search

Zimbra (view source)

Revision as of 15:30, 1 May 2012

11,307 bytes added ,  15:30, 1 May 2012
m
Updated to use Depreciated template
(Moved from "Ubuntu" page)
 
m (Updated to use Depreciated template)
 
(15 intermediate revisions by the same user not shown)
Line 1: Line 1:
{{Depreciated|category=Zimbra}}
== Installation ==
== Installation ==
The notes below are for the situation of installing a Zimbra server in a split-DNS scenario.  Split DNS is required where you have a Zimbra server on an internal (private address range) network.  Zimbra needs to be able to resolve its own MX DNS record, therefore if your server is known publicly by one IP address, but in fact has an internal address (and the public IP is NAT'ed to the internal IP) you'll need to use split DNS.  The method below uses a DNS server installed locally on the Zimbra server, however you can also use a DNS server on your local network, if you have one available.
=== DNS Records ===
=== DNS Records ===
Firstly, you need to own a public domain name, then get your ISP to create two DNS records...
Firstly, you need to own a public domain name, then get your ISP to create two DNS records...
Line 7: Line 11:
# '''A record''' - Standard DNS record
# '''A record''' - Standard DNS record
#* EG <code> mail.sandfordit.com [A] -> 158.25.34.124 </code>
#* EG <code> mail.sandfordit.com [A] -> 158.25.34.124 </code>
#* <code> 158.25.34.124 </code> is the static IP address assigned by your ISP.  You'll need to set-up a NAT on your router (often oddly called a virtual server in domestic routers) to map incoming mail on TCP 25 to your email server's actual address (EG <code> 158.25.34.124:25 -> 192.168.1.150:25 </code>.
#* <code> 158.25.34.124 </code> is the static IP address assigned by your ISP.  You'll need to set-up a NAT on your router (often oddly called a virtual server in domestic routers) to map incoming mail on TCP 25 to your email server's actual address (EG <code> 158.25.34.124:25 -> 192.168.1.150:25 </code>).


Note, instead of an A record you can use a CNAME record if you prefer, though obviously the CNAME record will still need to point to a valid A record.  Using a CNAME might be preferable, if for example you've multiple services running from a single public IP, that you might want to split out in the future to run on separate IP's, at which point you can replace the CNAME records with A records.
Note, instead of an A record you can use a CNAME record if you prefer, though obviously the CNAME record will still need to point to a valid A record.  Using a CNAME might be preferable, if for example you've multiple services running from a single public IP, that you might want to split out in the future to run on separate IP's, at which point you can replace the CNAME records with A records.
Line 99: Line 103:
crontab -e
crontab -e
*/60 * * * * /opt/zimbra/libexec/zmstatuslog  
*/60 * * * * /opt/zimbra/libexec/zmstatuslog  
</pre>
* <code> zmlocalconfig -e zmmtaconfig_interval=6000 </code>
** Increase service failure watchdog interval to 6000 secs
'''Above seems to help, but doesn't fix things...!'''
Additionally, to disable the logging process, maybe (uncomplete)
<pre>
su - zimbra
hostname                # Gives your server's hostname
zmprov ms <hostname> -zimbraServiceEnabled logger
</pre>
== Zimbra Appliance ==
=== Installation ===
Download a copy of the (OVA format) appliance from http://www.zimbra.com/downloads/zca-downloads.html or just get a copy of the download URL to delay downloading until deployment, plus get a license if you want to run for more than 60 days (10 user license is free).  The appliance needs to be run on VMware vSphere. 
The appliance is just over 2GB in size (though the disk in 18GB if thick provisioned and can be deployed as...
* '''Trial''' - 1 vCPU, 2 GB RAM
** Not officially suitable for production, but fine for the free 10-user license
* '''Midsize''' - 2 vCPU, 4GB RAM
** Production use up to 500 users
* '''Large''' - 2 vCPU, 8 GB RAM
** Production use up to 1000 users
To deploy
# In the VI Client, go to '''File | Deploy OVF Template...'''
# Locate the downloaded OVA file or paste in the URL, click '''Open''' and then '''Next'''
# Check the ''OVF Template Details'' and click '''Next'''
# '''Accept''' the ''End User License Agreement'' and click '''Next'''
# Enter a suitable VM name, and change the destination location as required, and click '''Next'''
# Select the appropriate ''Deployment Configuration'', and click '''Next'''
# Select the appropriate ''Host / Cluster'', and click '''Next'''
# Update the ''Resource Pool'' config as required, and click '''Next'''
# Select a ''Datastore'' and click '''Next'''
# Select a ''Disk Format'' of your preference and click '''Next'''
# Select a network to connect the VM to (IP address settings can be applied later), and then click '''Next'''
# Leave the ''IP Address Allocation'' as ''Fixed'', and then click '''Next'''
# In the ''Properties'' step, proceed as follows and then click '''Next'''
#* ''0. Configuration Password'' - Enter a password ''note that it won't be obscured''
#* ''1. Server Name'' - Enter the network hostname for your server (not FQDN - eg mailserver)
#* ''2. Administrative Account'' - Enter your admin email address and password ''note that the password won't be obscured''
#* ''Networking Properties'' - Enter an IP address
# Confirm the config is correct, then click '''Next'''
* V7 Beta - http://files.zimbra.com/downloads/zca/zca-7.0.0_BETA1_406/ovf/zimbra.ovf
=== Post-Install ===
* [[#High_CPU_Workaround|High CPU Workaround]] - Quite why you have to tweak a VMware provided appliance to make it run efficiently on VMware is mind boggling
* [[Ubuntu#Setup_.28v10.29|SNMP Install]]
=== License ===
You may get a warning to say that your license is not activated, in which case log in as the zimbra user to your server, check you've got the correct license loaded, then activate it (your server needs to be able to reach the Zimbra license portal)
<pre>
zimbra@mail:~$ zmlicense -p
[License]
AccountsLimit=10
ArchivingAccountsLimit=0
AttachmentConversionEnabled=true
AttachmentIndexingAccountsLimit=10
BackupEnabled=true
CrossMailboxSearchEnabled=false
HierarchicalStorageManagementEnabled=false
ISyncAccountsLimit=0
InstallType=regular
IssuedOn=<removed>
IssuedToEmail=<removed>
IssuedToName=<removed>
LicenseId=<removed>
MAPIConnectorAccountsLimit=0
MobileSyncAccountsLimit=10
MobileSyncEnabled=true
ResellerName=
SMIMEAccountsLimit=0
ValidFrom=<removed>
ValidUntil=<removed>
zimbra@mail:~$ zmlicense -c
license not activated for 7.0.0_GA_3077
zimbra@mail:~$ zmlicense -a
zimbra@mail:~$ zmlicense -c
license is OK
</pre>
</pre>


Line 110: Line 199:
# Exit Zimbra user and create copy of directory
# Exit Zimbra user and create copy of directory
#* EG <code> cp -rp /opt/zimbra /home/simons/zimbra_backup_100301 </code>
#* EG <code> cp -rp /opt/zimbra /home/simons/zimbra_backup_100301 </code>
# Once completed, go back to zimbra user and start
#* <code> su - zimbra </code>
#* <code> zmcontrol start </code>


<br>'''More elaborate scripted version'''<br>
<br>'''More elaborate scripted version'''<br>
Line 126: Line 218:


To restore, see http://www.zimbra.com/forums/administrators/15275-solved-yet-another-backup-script-community-version-24.html
To restore, see http://www.zimbra.com/forums/administrators/15275-solved-yet-another-backup-script-community-version-24.html
I've modified the above script, to suit my own purposes.  I've added an FTP option so that completed backup's are copied off to a remote FTP server (the copy isn't encrypted so should only be used within a private/secure network - [[Zimbra FOSS Full Backup]]


=== Upgrade ===
=== Upgrade ===
Line 163: Line 257:


== Procedures ==
== Procedures ==
=== Install Commercial Certificate ===
# Create a Certificate Signing Request (CSR) - can be done via the GUI admin console, but doesn't always work properly
## Logged into the server as root...
## Generate CSR, EG <code> /opt/zimbra/bin/zmcertmgr createcsr comm -new -keysize 2048 -subject "/C=GB/L=London/O=SandfordIT Limited/CN=mail.sandfordit.com" </code>
##* /C - Country
##* /ST - Region / county (optional)
##* /L - City
##* /O - Organisation / company name
##* /OU - Department (optional)
##* /CN - Server FQDN
# Display and copy CSR key
#* <code> more /opt/zimbra/ssl/zimbra/commercial/commercial.csr </code>
# Upload CSR to certificate authority
# Install received keys via GUI and restart server
=== Migrate Commercial Certificate To New Server ===
This is essentially an updated version of the old procedure that can be found here - http://wiki.zimbra.com/wiki/Transfer_SSL_certificates_between_servers for ZCS v7.
# On your old server make a copy of the SSL folder
#* EG <code>cp -r /opt/zimbra/ssl /home/user/sslbk </code>
# Delete any back folders from within your copy so that only a zimbra folder exists
#* EG <code> rm -rf /home/user/sslbk/zimbra.* </code>
# Compress the folder into a file
#* EG <code>tar cvzf sslbk.tgz /sslbk/ </code>
# Copy the file to your new server
#* EG <code> pscp user@oldmail.domain.com:/home/user/sslbk.tgz c:\temp\sslbk.tgz </code>
#* EG <code> pscp c:\temp\sslbk.tgz user@newmail.domain.com:/home/user/ </code>
# Backup the SSL folder
#* <code> mv /opt/zimbra/ssl/ /opt/zimbra/ssl_old </code>
# Uncompress file copied from old server
#* <code> tar -xvf /home/user/sslbk.tgz </code>
# Copy the folder into place and rename
#* <code> cp -r sslbk/ /opt/zimbra/ssl </code>
#* <code> mv /opt/zimbra/sslbk/ /opt/zimbra/ssl </code>
# Deploy the certificate
#* EG <code> /opt/zimbra/bin/zmcertmgr deploycrt comm /home/user/sslbk/zimbra/commercial/commercial.crt /home/user/sslbk/zimbra/commercial/commercial_ca.crt
# Restart Zimbra
#* <code> su - zimbra </code>
#* <code> zmcontrol restart </code>
# If services don't start properly, force java to accept your certificate
#* EG <code> /opt/zimbra/java/bin/keytool -import -alias new -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit -file /sslbk/zimbra/commercial/commercial.crt </code>
=== Change Hostname ===
This is based on the article found here - http://wiki.zimbra.com/wiki/ZmSetServerName.  I've used this procedure for Zimbra v7 FOSS installations on Ubuntu 8 32-bit and 10 64-bit (LTS).
This procedure requires downtime, and because zimbra services need to be up to complete the change, if you can stop new mail being received by the server (by disabling through a firewall for example) do so. If you have to fall back to your backup, any mail received during the backup will be lost.
# Ensure that new DNS records are already set-up and working.
#* EG <code> dig domain.com mx </code>
# Create a backup of your entire installation (if running as a VMware VM, take a snapshot as well)
## Stop Zimbra (as zimbra user)
##* <code> zmcontrol stop </code>
## Create copy (as root)
##* <code> mkdir /backup/opt </code>
##* <code> mkdir /backup/opt/zimbra </code>
##* <code> cp -r /opt/zimbra/ /backup/opt/zimbra/ </code>
## Start Zimbra (as zimbra user)
##* <code> zmcontrol start </code>
# Perform rename to Zimbra installation
#* EG <code> /opt/zimbra/libexec/zmsetservername -n mailsvr.domain.com </code>
# Perform rename to operating system
## Update the following files
##* <code> /etc/hosts </code>
##* <code> /etc/hostname  </code>
## Set the hostname (not FQDN)
##* <code> hostname <servername> </code>
# Reboot the server
#* <code> shutdown -r now </code>
Once your server is back up, run through the following to check everything is in working order...
# <code> zmcontrol status </code>
# <code> zmprov gacf | grep oldhostname </code>
# <code> zmprov gs `zmhostname` | grep oldhostname </code>
# <code> zmlocalconfig | grep oldhostname </code>
# Plus I'd tail the <code> /var/log/zombra.log </code> while sending and receiving a few test emails to make sure everything is running sweetly.
Any probs, refer to the Zimbra doc at the start of this for things to investigate.
=== Install Zimlet ===
=== Install Zimlet ===
Zimlets ''only'' work when accessing via the web client, they are not usable from the full-fat Zimbra client.
Zimlets ''only'' work when accessing via the web client, they are not usable from the full-fat Zimbra client.
Line 197: Line 369:
** EG <code> zmmailbox -z -m simon gfrl </code>
** EG <code> zmmailbox -z -m simon gfrl </code>


=== Message Purging ===
=== Message Sizes ===
To see the current max IMAP request size...
* <code> zmlocalconfig | grep -i imap_max_request_size </code>
To increase the size, to say 20MB...
* <code> zmlocalconfig -e imap_max_request_size=20480 </code>
 
Its also worth being aware of the following settings, which are altered through the admin console...
* In Global Settings | General Information...
** Maximum size of an uploaded file for Briefcase, Email messages, Calendar appointments and Tasks (KB)
*** <code> zimbraFileUploadMaxSize </code>
* In Global Settings | MTA...
** Maximum message size (KB)
*** <code> zimbraMtaMaxMessageSize </code>
 
And there's also an additional setting, <code> zimbraMailContentMaxSize</code>, which also appears to affect the maximum size of attachments.  To see what you're set to currently use...
* <code> zmprov getConfig zimbraMailContentMaxSize </code>
and so update to say 20 MB, use...
* <code> zmprov modifyConfig zimbraMailContentMaxSize 20480000 </code>


Check per-user settings
== Troubleshooting ==
zmprov ga simon@sandfordit.com | grep Lifetime
=== Account Export Incomplete ===
When trying to export an entire (or partial) account's data (either via the web or Zimbra clients, or through a <code>/zmmailbox -z -m "user@domain.com" getRestURL -o user.tgz "//?fmt=tgz"</code>), the export can occasionally be incomplete, this can be due to two reasons (maybe more)...


* '''Large account / export time-out'''
** If you've a large account, and/or a slow server, the export process can time out.
** This is due to known bug - http://bugzilla.zimbra.com/show_bug.cgi?id=56458
*''' Invalid tags '''
** This is essentially down to some database corruption.
** To confirm that its the issue, tail your <code>/opt/zimbra/log/mailbox.log</code> file when creating an export and look out for the following errors (tag 68 is the problem tag ID in this example)
*** <code> Code:mail.NO_SUCH_TAG Arg:(itemId, IID, "68")</code>
*** <code> java.io.IOException: data error: java.io.IOException: tag error: com.zimbra.cs.mailbox.MailServiceException$NoSuchItemException: no such tag: 68</code>
** To resolve...
**# Confirm that the account doesn't have the tag
**#* <code> zmmailbox -z -m "user@domain.com" gat </code>
**# Get the user to create enough dummy tags to reach the problem ID number
**# Reattempt the export - it may fail again, but on a higher tag ID (repeat the above until it succeeds)
**# Delete the dummy tags, and retest


more /opt/zimbra/log/mailbox.log | grep MailboxPurge
The above is based on info gleamed from http://www.zimbra.com/forums/administrators/48724-no_such_tag-while-exporting.html


== Documentation Links ==
== Documentation Links ==
* '''[http://wiki.zimbra.com/index.php?title=Working_with_Zimlets Zimlets]'''
* '''[http://wiki.zimbra.com/index.php?title=Working_with_Zimlets Zimlets]'''
* '''[http://wiki.zimbra.com/wiki/Zimbra_Desktop_FAQ#How_to_install_spell_checker_dictionaries.3F Zimbra Client Dictionary Install]'''
* '''[http://wiki.zimbra.com/wiki/Zimbra_Desktop_FAQ#How_to_install_spell_checker_dictionaries.3F Zimbra Client Dictionary Install]'''
Retrieved from ‘https://vwiki.co.uk/index.php?title=Special:MobileDiff/863...1886

Navigation menu