Posts Tagged ‘zimbra’
Zimbra Upgrade to 7.0
Upgraded my Zimbra system from 6.0.9 (haven’t kept up-to-date with the 6.0.x series) to 7.0 tonight. The upgrade was pretty straightforward (though a couple of weird things happened). Just have to install sqlite3 as an added prerequisite on my platform (Ubuntu 10.04 x64):
apt-get install sqlite3
At the end of the upgrade, it the upgrader complained a bit about finding my license file. I have a valid license, and I just hit enter to go past the message and it wasn’t an issue after that…
Looking for valid license to install...failed to install license.
*******ERROR
Failed to install a license - this will prevent your server from functioning properly
Please contact Zimbra to obtain a license
Press RETURN to continue Activating license...license activated.
One more note. Once again, I lost my MTA and zimbraMailMode settings. 
I haven’t had time yet to play with the new fanciness, but the geek inside me didn’t allow me to let a major upgrade sit for too long. So far I’m at least digging the new UI.
Tags: ubuntu, zimbra
Filed under How-Tos / Tips :
Comments (2) :
Feb 10th, 2011
Upgrading Zimbra Server from Ubuntu 8.04 to 10.04
This last week Zimbra released its new version 6.0.8 which is the first version that supports Ubuntu 10.04 (still in beta, but package was released). Being a sucker for upgrades, I decided to give it a try tonight and upgrade my Zimbra server. The upgrade actually went pretty smooth, despite the fact that I’ve had bad luck with Ubuntu distro upgrades in the past.
To start, I had a server at Zimbra 6.0.7 on Ubuntu 8.04 (64-bit). I upgraded Ubuntu to 10.04 first and then Zimbra to 6.0.8.
The upgrade for Ubuntu is pretty straightforward and is outlined in their docs. Basically, make sure the install manager is up-to-date:
sudo apt-get install update-manager-core
Then, make sure Prompt is set to “lts” in /etc/update-manager/release-upgrades. (These two steps weren’t necessary for me and I didn’t do that on purpose, so it’s likely they are ok ‘out of the box’)
Then, perform the upgrade:
sudo do-release-upgrade
I did mine from an SSH session (gives a warning and starts another SSH server on an alternate port, but I didn’t have to worry about that). When the upgrader prompted, I took the defaults except for /etc/pam.d/common-*.
Once your new Ubuntu 10.04 server is up and running, we have to grab an additional dependency:
sudo apt-get install libperl5.10
I then just ran the install like normal, but skipped the integrity checks. The first time I let them run and hit this error:
perl: symbol lookup error: /opt/zimbra/zimbramon/lib/x86_64-linux-gnu-thread-multi/auto/Data/UUID/UUID.so: undefined symbol: Perl_Tstack_sp_ptr
The second time I just skipped the integrity check and everything went as normal.
I lost a few settings, the same as the 6.0.7 upgrade . I wrote about them last time here. I also lost my zimbraMailMode setting again, same thing as the upgrade to 6.0.7.
After the settings were back, I noticed mail wouldn’t send out properly. /var/log/zimbra.log complained of the antivirus scanner being unavailable. A run of ‘zmcontrol status’ showed that clamd wasn’t running. When I tried to start the antivirus, it failed on starting clamd, showing this in /opt/zimbra/log/clamd.log:
/opt/zimbra/clamav/sbin/clamd: error while loading shared libraries: libltdl.so.7: cannot open shared object file: No such file or directory
Turns out it’s easy enough to fix:
apt-get install libltdl7
A restart of zmantivirusctl and all was good. (update: submitted bug for this)
Tags: ubuntu, zimbra
Filed under How-Tos / Tips :
Comments (2) :
Aug 28th, 2010
Zimbra Junk Mail Options You Didn’t Know Existed
I was poking around on the Zimbra forums today during some downtime and I ran across a little gem regarding configuration around a few options regarding spam delivery to users. The question was about disabling of spam filtering on a per-user basis (Yes, not really ideal, but sometimes you have to give users something I like to call ‘exactly what they asked for’), but I found even more than I expected.
Anyway, I thought I would highlight a few of the gems that I discovered.
Disabling mail to the Junk folder
This was actually the original question that I was trying to answer. Most Zimbra admins know how to whitelist/blacklist senders and other various tweaks in the Zimbra wiki, but I didn’t realize until today that we can actually configure Zimbra to not send mail filtered as junk to the Junk folder. This can be done per user, per domain, or per class of service (COS).
zmprov ma user@whatan00b.com +amavisSpamLover TRUE +amavisBypassSpamChecks TRUE
To disable, just make the + a -:
zmprov ma user@whatan00b.com -amavisSpamLover TRUE -amavisBypassSpamChecks TRUE
(or you can just set to false, but the default is false – I do like me some clean configs!)
And of course, change the command ma (modifyAccount) to match whatever type of object you want if you’re not modifying a user.
Letting banned files through to users
Every once in a while, I’ve struggled with users needing to get things like encrypted zip files or other suspicious-looking files. Not wanting to let all kinds of viruses though by disabling virus scanning and file extension blocks, it always ends up in a battle. Perhaps I’m the last to learn this one, but it’s actually easily bypassed on a per-user, per-domain, or per-COS basis.
zmprov ma user@whatan00b.com +amavisBannedFilesLover TRUE
You can also disable virus scanning for those various levels as well:
zmprov ma user@whatan00b.com +amavisBypassVirusChecks TRUE
Whitelisting and Blacklisting via zmprov (upgrade-safe!)
One of the new, well-known, features of Zimbra 6 is that you can now allow users to have their own white and blacklists, controllable within the user interface. Whitelisting and blacklisting has, of course, always been supported, but it’s been a pain as long as I’ve been managing Zimbra servers. If you’re one that already knew which wiki article I was referring to above, you know what I mean! To make matters worse, those settings have to be re-applied after upgrades.
While adding blacklist and whitelist senders to a user’s list via zmprov is expected (after all, you can configure it in the web client), what hasn’t really been touted – as far as I’ve read – is that those filters can easily be applied per domain as well. While that’s not really a new feature by any means, it does mean that those whitelist and blacklist lists are in Zimbra’s LDAP – where they should’ve been all along. That, and LDAP doesn’t get wiped during upgrades / service restarts like some config files do.
zmprov md whatan00b.com +amavisBlacklistSender @exchange.microsoft.com
Loosening up spam tag levels
You can also adjust the spam scoring levels to mark messages as junk/not junk on the various levels as well. The properties to adjust are: amavisSpamTagLevel, amavisSpamTag2Level, and amavisSpamKillLevel.
Warning: with these settings, be sure that you know exactly what each of these mean. That rule always applies, of course, but getting those settings wrong could cause your mail server to drop messages without bouncing them, thus neither sender nor receiver knows!
So many more!
This turned into a much longer post than I expected, but there are so many more options available! Check out /opt/zimbra/conf/attrs/amavisd-new-attrs.xml on your Zimbra server for even more config options.
Extra Credit
Also, check out /opt/zimbra/conf/attrs/zimbra-attrs.xml for even more goodness (unrelated to junk mail).
Tags: spam, zimbra
Filed under How-Tos / Tips :
Comments (3) :
Jul 26th, 2010
No Outbound SMTP Relay Auth After Zimbra 6.0.7 Upgrade
I upgraded my Zimbra server at home from 6.0.6 to 6.0.7 this weekend and during the upgrade, it seems to have lost a few settings for my outbound SMTP relay configuration (I relay through my ISP so the server can be at home). I thought I’d share what I had to go through to get it back. FYI, I followed this Zimbra doc to set it up the first time (which says it should carry across upgrades).
After the upgrade, when I tried to send to any external addresses, I got a bounce back from my ISP SMTP servers complaining that it required authentication:
Jul 3 14:32:03 mail postfix/smtp[14324]: F2F91B6002: to=
ys=0.01/0.01/0.39/0.13, dsn=5.1.0, status=bounced (host smtp.relay.com[xx.xx.xx.xx] said: 550 5.1.0 Authentication required (in reply to MAIL FROM command))
Turns out SMTP auth had been disabled:
zimbra@mail:~$ postconf | grep smtp_sasl_auth
[snipped]
smtp_sasl_auth_enable = no
[snipped]
Easy enough to fix:
postconf -e smtp_sasl_auth_enable=yes
After a postfix reload, messages still wouldn’t relay but I got a different error in the logs:
Jul 3 14:34:17 mail postfix/smtp[15078]: warning: SASL authentication failure: No worthy mechs found
Jul 3 14:34:17 mail postfix/smtp[15078]: F0386B6002: to=
A quick Google search later, I came across my problem in this forum post. The setting smtp_sasl_security_options had been set back to its default:
zimbra@mail:~$ postconf | grep smtp_sasl_security_options
smtp_sasl_security_options = noplaintext, noanonymous
It’s easy enough to fix:
postconf -e smtp_sasl_security_options=
postfix reload
After that, messages went through no problem.
Tags: zimbra
Filed under How-Tos / Tips :
Comments (0) :
Jul 4th, 2010
Zimbra on Minimal Hardware
I really like Zimbra, but it tends to use a ridiculous amount of CPU while just sitting there, which makes it a bad choice for someone like me who wants to run it with a few users at home as a virtual machine. As I stated growing the amount of virtual machines on my physical host at home, things started to get a little cramped. Zimbra just plain uses far more CPU “out of the box” than the other virtual machines (I’ve got enough RAM) and it was starting to become my bottleneck.
After installing Zimbra and just leaving it running, it used the better part of a processor core most of the time. That’s not good if you’ve got a limited amount of hardware like I do. However, it wasn’t too difficult of a process to get my Zimbra server to use almost no CPU most of the time. As a great side-effect to this project, I will be trying to bump down the amount of memory allocated to my Zimbra VM, but that wasn’t the highest priority. I am running on the latest version of Zimbra (6.0.6 at the time of writing), but the tricks should apply to almost any version.
First, I started with disabling services that I really wasn’t using. I’m not monitoring my Zimbra server using snmp, so snmp was a pretty easy one. My server isn’t for an IT department or hosting service, so stats and logging history isn’t overly important, so I also chose to disable logger and stats. To disable those, run:
zmprov ms mail.whatan00b.com -zimbraServiceEnabled snmp
zmprov ms mail.whatan00b.com -zimbraServiceEnabled logger
zmprov ms mail.whatan00b.com -zimbraServiceEnabled stats
Now, let’s do a restart:
zmcontrol stop; zmcontrol start
This really only gave me gains in memory usage, but since I didn’t need them turned on, that was ok. Another good candidate to disable would be antispam and antivirus, but I didn’t want to turn off spam filtering on my system.
After disabling those extra services, I still was having CPU spikes every minute (which ultimately was what I was after). After doing a little digging, it turns out that Zimbra was calling zmmtaconfigctl which makes several zmprov calls. If you have been around Zimbra for any amount of time, you know that zmprov calls are expensive and time-consuming. It turns out that this script just scans to updated config to apply to the MTA. I really can’t think of a reason that I would need this every minute. A quick Google search led to a forum post on how to increase the interval of which this script is called. It’s defined in zmlocalconfig and 60 seconds is assumed if the value is not set. I chose to have it run every 2 hours (a fairly arbitrary decision):
zmlocalconfig -e zmmtaconfig_interval=7200
zmmtactl restart
That got my spikes down quite a bit, but I was still getting spikes of nearly around 20% every couple of minutes or so. While this wasn’t all that detrimental, it would be good for my overall CPU usage to get rid of it. A quick look at the crontab for the zimbra user showed that the script /opt/zimbra/libexec/zmstatuslog. Apparently, this script checks the status of the Zimbra server and displays the status in the Admin Console. Since I rarely ever log into the admin console, I really don’t need this to run very often. While there’s really no use for me to have it running every two minutes, I did leave it set to run every hour:
0 * * * * /opt/zimbra/libexec/zmstatuslog
Now it’s time to look at the good we’ve done.
This is what we started with:
Obviously, quite a bit of CPU usage. You can see why I needed to do something to fit more VMs on this host.
And now:
Looks great now!
There are a few extra cron jobs left in the zimbra user’s crontab that really don’t need to run for me such as the Dspam cron jobs, but those only run once a day. If you’re really zealous, you can disable those as well, assuming you have Dspam disabled (the default).
Update: For anyone who is interested, I did the 6.0.6 -> 6.0.7 upgrade a few weekends ago and had my cron jobs reset. All the other changes stuck.
Tags: zimbra
Filed under How-Tos / Tips :
Comments (15) :
Apr 10th, 2010
Follow whatan00b on Twitter