Tags: ,
Filed under How-Tos / Tips : Comments (0) : Aug 28th, 2010 by Wyatt Walter

It makes me sad when..

.. my desktop kernel panics while I’m trying to read a stack trace from another machine.

Filed under Just for Fun : Comments (0) : Aug 4th, 2010 by Wyatt Walter

Zimbra Junk Mail Options You Didn’t Know Existed

I was poking around on the Zimbra forums today during some downtime and I ran across a little gem regarding configuration around a few options regarding spam delivery to users. The question was about disabling of spam filtering on a per-user basis (Yes, not really ideal, but sometimes you have to give users something I like to call ‘exactly what they asked for’), but I found even more than I expected.

Anyway, I thought I would highlight a few of the gems that I discovered.

Disabling mail to the Junk folder

This was actually the original question that I was trying to answer. Most Zimbra admins know how to whitelist/blacklist senders and other various tweaks in the Zimbra wiki, but I didn’t realize until today that we can actually configure Zimbra to not send mail filtered as junk to the Junk folder. This can be done per user, per domain, or per class of service (COS).

zmprov ma user@whatan00b.com +amavisSpamLover TRUE +amavisBypassSpamChecks TRUE

To disable, just make the + a -:
zmprov ma user@whatan00b.com -amavisSpamLover TRUE -amavisBypassSpamChecks TRUE
(or you can just set to false, but the default is false – I do like me some clean configs!)

And of course, change the command ma (modifyAccount) to match whatever type of object you want if you’re not modifying a user.

Letting banned files through to users

Every once in a while, I’ve struggled with users needing to get things like encrypted zip files or other suspicious-looking files. Not wanting to let all kinds of viruses though by disabling virus scanning and file extension blocks, it always ends up in a battle. Perhaps I’m the last to learn this one, but it’s actually easily bypassed on a per-user, per-domain, or per-COS basis.
zmprov ma user@whatan00b.com +amavisBannedFilesLover TRUE

You can also disable virus scanning for those various levels as well:
zmprov ma user@whatan00b.com +amavisBypassVirusChecks TRUE

Whitelisting and Blacklisting via zmprov (upgrade-safe!)

One of the new, well-known, features of Zimbra 6 is that you can now allow users to have their own white and blacklists, controllable within the user interface. Whitelisting and blacklisting has, of course, always been supported, but it’s been a pain as long as I’ve been managing Zimbra servers. If you’re one that already knew which wiki article I was referring to above, you know what I mean! To make matters worse, those settings have to be re-applied after upgrades.

While adding blacklist and whitelist senders to a user’s list via zmprov is expected (after all, you can configure it in the web client), what hasn’t really been touted – as far as I’ve read – is that those filters can easily be applied per domain as well. While that’s not really a new feature by any means, it does mean that those whitelist and blacklist lists are in Zimbra’s LDAP – where they should’ve been all along. That, and LDAP doesn’t get wiped during upgrades / service restarts like some config files do.

zmprov md whatan00b.com +amavisBlacklistSender @exchange.microsoft.com

Loosening up spam tag levels

You can also adjust the spam scoring levels to mark messages as junk/not junk on the various levels as well. The properties to adjust are: amavisSpamTagLevel, amavisSpamTag2Level, and amavisSpamKillLevel.

Warning: with these settings, be sure that you know exactly what each of these mean. That rule always applies, of course, but getting those settings wrong could cause your mail server to drop messages without bouncing them, thus neither sender nor receiver knows!

So many more!
This turned into a much longer post than I expected, but there are so many more options available! Check out /opt/zimbra/conf/attrs/amavisd-new-attrs.xml on your Zimbra server for even more config options.

Extra Credit
Also, check out /opt/zimbra/conf/attrs/zimbra-attrs.xml for even more goodness (unrelated to junk mail).

Tags: ,
Filed under How-Tos / Tips : Comments (2) : Jul 26th, 2010 by Wyatt Walter

Website Redirects with WP-SuperCache

On my WordPress install, I use the WP-SuperCache plugin to be nice to my web server. I was shocked when trying to show a coworker something on my site (he typed in whatanoob.com – what a n00b! :) ) to see my homepage content very old and the redirect was no longer working (it worked some time ago when I setup WordPress). It appears that sometime after installing the WP-SuperCache plugin, my website no longer redirects the aliased site to the “real” domain, but instead just serves up the same content (this is very, very bad for SEO). The redirect removing the ‘www.’ still worked.

The fix is simple.. I just added the lines:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(www\.)?whatanoob\.com [NC]
RewriteRule ^$ http://whatan00b.com/$1 [L]
.. to my .htaccess file.

Two lessons (re-)learned:

  1. Test everything – This WP-SuperCache is definitely not something that you can install, activate, and expect to “just work” with your setup. When you assume.. well, you know the rest.
  2. Monitor, monitor, monitor

FYI: still not sure why cache was so stale, but going into the plugin settings and deleting the cache cleared it up. I also changed it to clear cache whenever posting new posts.

Tags: ,
Filed under How-Tos / Tips : Comments (0) : Jul 9th, 2010 by Wyatt Walter

No Outbound SMTP Relay Auth After Zimbra 6.0.7 Upgrade

I upgraded my Zimbra server at home from 6.0.6 to 6.0.7 this weekend and during the upgrade, it seems to have lost a few settings for my outbound SMTP relay configuration (I relay through my ISP so the server can be at home). I thought I’d share what I had to go through to get it back. FYI, I followed this Zimbra doc to set it up the first time (which says it should carry across upgrades).

After the upgrade, when I tried to send to any external addresses, I got a bounce back from my ISP SMTP servers complaining that it required authentication:

Jul 3 14:32:03 mail postfix/smtp[14324]: F2F91B6002: to=, relay=smtp.relay.com[xx.xx.xx.xx]:587, delay=0.54, dela
ys=0.01/0.01/0.39/0.13, dsn=5.1.0, status=bounced (host smtp.relay.com[xx.xx.xx.xx] said: 550 5.1.0 Authentication required (in reply to MAIL FROM command))

Turns out SMTP auth had been disabled:

zimbra@mail:~$ postconf | grep smtp_sasl_auth
[snipped]
smtp_sasl_auth_enable = no
[snipped]

Easy enough to fix:

postconf -e smtp_sasl_auth_enable=yes

After a postfix reload, messages still wouldn’t relay but I got a different error in the logs:

Jul 3 14:34:17 mail postfix/smtp[15078]: warning: SASL authentication failure: No worthy mechs found
Jul 3 14:34:17 mail postfix/smtp[15078]: F0386B6002: to=, relay=smtp.relay.com[xx.xx.xx.xx]:587, delay=0.43, delays=0.01/0.02/0.39/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.relay.com[xx.xx.xx.xx]: no mechanism available)

A quick Google search later, I came across my problem in this forum post. The setting smtp_sasl_security_options had been set back to its default:

zimbra@mail:~$ postconf | grep smtp_sasl_security_options
smtp_sasl_security_options = noplaintext, noanonymous

It’s easy enough to fix:

postconf -e smtp_sasl_security_options=

postfix reload

After that, messages went through no problem.

Tags:
Filed under How-Tos / Tips : Comments (0) : Jul 4th, 2010 by Wyatt Walter

« Older Entries