For Check the Zimbra root Mysql and LDAP password:
su - zimbra zmlocalconfig -s | grep mysql | grep password
The output will look something like this.
mysql_logger_root_password = AWHZ60JYaBw8_hVkA9NDVGh0irmp7xVz mysql_root_password = lkAd7vkYI.Q_VeWt8uyL9kj0 zimbra_logger_mysql_password = 2iiyAVj3GeH0akkCe6M1o_HvY zimbra_mysql_password = uMv4EsNqPZdK5htERx97VY5m
Accounts
Create one account with a password that is assigned to the default COS:
zmprov ca [email protected] password
Create one account, password with first name/last name:
zmprov ca [email protected] password cn "Firstname Lastname" displayName "Firstname Lastname" givenName "Firstname" zimbraPrefFromDisplay "Firstname Lastname"
Create one account with a password that is assigned to a specified COS. You must know the COS ID number. To find a COS ID, type zmprov gc <COSname>.:
zmprov ca [email protected] <password> zimbraCOSid <cosIDnumberstring>
Create an account that forwards to another account:
zmprov ca [email protected] <password> zimbraMailForwardingAddress [email protected]
Create one account when the password is not authenticated internally:
zmprov ca [email protected] ""
Change the administrator’s password. Use this command to change any password. Enter the address of the password to be changed:
zmprov sp [email protected] password
To list all COSs and their attribute values:
zmprov gac -v
To list all COSs and their attribute values:
zmprov gaa domain.com
To list all user accounts [domain.com is optional]:
zmprov -l gaa [domain.com]
Note: The empty single quote is required and indicates that there is no local password
Use a batch process to create accounts: http://wiki.zimbra.com/index.php?title=Bulk_Provisioning
see the Batch Provisioning from the CLI Utility section of the Managing the Zimbra Collaboration Suite chapter for the procedure.
Aliases
Add an alias to an account:
zmprov aaa [email protected] [email protected]Canonical address
> zimbraMailCanonicalAddress
Distribution Lists
Create distribution list. The ID of the distribution list is returned:
zmprov cdl [email protected]
Add a member to a distribution list. Tip: You can add multiple members to a list from the administration console:
zmprov adlm [email protected] [email protected]
Misc
Create a domain that authenticates against Zimbra OpenLDAP:
zmprov cd marketing.domain.com zimbraAuthMech zimbra
Set the default domain:
zmprov mcf zimbraDefaultDomainName domain1.com
To disable the imapproxy service:
zmprov ms `zmhostname` -zimbraServiceEnabled imapproxy
To enable logger on a single server:
zmprov +zimbraServiceEnabled logger
Then type zmloggerctl start, to start the logger.
Fix the Zimbra Collaboration permissions
Confirm that all permissions are correct on the new server: 1. As root, run the zmfixperms command to repair any potential permissions problems with files under /opt/zimbra:
/opt/zimbra/libexec/zmfixperms
2. If you need to check /opt/zimbra/store and /opt/zimbra/index as well, you will need to use the -extended option. This will take much longer to run – potentially several hours in large environments – so run it only if necessary. Run this command as root:
/opt/zimbra/libexec/zmfixperms -extended
Zimbra OpenLDAP Import/Export
Zimbra ships with a utility to export the configuration and main databases as /opt/zimbra/libexec/zmslapcat. It takes a destination directory as an argument for where to store the exported data. A timestamped export of the database will be created. It is safe to run zmslapcat while the LDAP server is running.
Example of main database export:
/opt/zimbra/libexec/zmslapcat /tmp
Example of configuration database export:
/opt/zimbra/libexec/zmslapcat -c /tmp
Data import
To import data, the existing database will need to be deleted. You must have a valid LDIF data export to use for import. If you delete the current database off of the disk, there will be no way to recover it from that system.
Preparing for data import
As the Zimbra user:
- Stop slapd
ldap stop
- Clean up the old database and move it to a new location
cd /opt/zimbra/data/ldap mv mdb mdb.old
- Create the new directory structure:
mkdir -p mdb/db
- Reloading the accesslog DB would only apply to a master or multi-master scenario. If necessary:
cd /opt/zimbra/data/ldap mv accesslog accesslog.old mkdir -p accesslog/db
Importing the LDAP data
As the Zimbra user:
ZCS 8.0.2 or later:
/opt/zimbra/libexec/zmslapadd -c /tmp/ldap-config.bak
/opt/zimbra/libexec/zmslapadd /tmp/ldap.bak
Postfix configuration (zimbraMtaMaxMessageSize and message_size_limit)
You can examine the current value of this parameter like this:
# su - zimbra $ postconf message_size_limit message_size_limit = 10240000
This configuration parameter is stored in the zimbra ldap directory, and propagated to postconf’s message_size_limit by zmmtaconfig, which is invoked by the zimbra postfix command. The following commands will set the message_size_limit to 2MB (adjust this value to suit your needs):
# su - zimbra $ zmprov modifyConfig zimbraMtaMaxMessageSize 2048000 $ postfix reload
You can then confirm the changes with this command:
$ postconf message_size_limit
File upload size configuration (zimbraFileUploadMaxSize)
Until ZCS 5, there is a separate configuration parameter for file uploads . File uploads include, for example, attachments to messages (appointments, tasks, etc), and messages imported by the migration tools (PST Import Wizard, Exchange Migration Wizard, etc). The zimbraFileUploadMaxSize can be configured globally or per server. Note: If you have more than one mailbox node, it may be necessary to restart tomcat on nodes where the commands were not run in order to pick up the changes immediately.
This will globally set the size to 5mb:
# su - zimbra $ zmprov modifyConfig zimbraFileUploadMaxSize 5000000
Then this will allow 20mb uploads to the server mail2.domain.com:
$ zmprov modifyServer mail2.domain.com zimbraFileUploadMaxSize 20000000
If change does not happen after a short period of time or flushing the cache, you most likely will need to do a full zmcontrol restart on the mailstores.
Track messages send and receive
‘zmmsgtrace’ can be used for this. This parses the logs by showing only the sender and receiver, and the time the email was sent.
Simply running ‘/opt/zimbra/libexec/zmmsgtrace’ shows the logs for all the users.
Using ‘-s’ shows all the emails sent by ‘[email protected]’ :
/opt/zimbra/libexec/zmmsgtrace -s [email protected]
‘-r’ sorts emails by the receiver. So for the emails sent to ‘gmail.com’:
/opt/zimbra/libexec/zmmsgtrace -r '@gmail.com'
If you have multiple log files, using ‘/var/log/zimbra*’ will search all of the log files in that directory:
/opt/zimbra/libexec/zmmsgtrace -r '@gmail.com' /var/log/zimbra*
Additional Content
zmprov gs `zmhostname` zimbraServiceEnabled zimbraServiceInstalled
should show dnscache You can remove it by doing
zmprov ms `zmhostname` -zimbraServiceEnabled dnscache -zimbraServiceInstalled dnscache
Checking the current configuration
Note: For the examples here, we will assume the hostname of the zimbra server is “zimbra.example.com” with an IP address of 10.10.130.10.
Get the current value from postconf:
# su - zimbra $ postconf mynetworks mynetworks = 127.0.0.0/8 10.10.130.0/23
This shows that postfix will relay for all machines with 10.10.130.x and 10.10.131.x IP addresses.
Check next whether this is set in the server configuration in the zimbra ldap:
zmprov gs zimbra.example.com zimbraMtaMyNetworks
Up until at least ZCS 4.5.5, this is unset by default; in a future release, this will probably be set. If set, this value will propagate to postconf’s mynetworks when the MTA is restarted.
Examples
Note: For the examples here, we will assume the hostname of the zimbra server is “zimbra.example.com” with an IP address of 10.10.130.10.
Note: Make sure that the localhost “127.0.0.0/8” network is included.
Making sure the LAN interface of the zimbra server itself is allowed
If you see lines like this one in /var/log/zimbra.log when a webmail user (for example, “[email protected]”) tries to send mail (for example, to “[email protected]”):
Jun 28 06:39:23 zimbra postfix/smtpd[31788]: NOQUEUE: reject: RCPT from zimbra.example.com[10.10.130.10]: 554 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<zimbra.example.com>
You probably see this as well:
postconf mynetworks mynetworks = 127.0.0.0/8
If you want to allow all the other machines on the 10.10.130.x network to relay, configure the server like this:
zmprov ms zimbra.example.com zimbraMtaMyNetworks '127.0.0.0/8 10.10.130.0/24' postfix reload
If you don’t want to allow relaying for the network, but only for the zimbra server itself, configure the server like this:
zmprov ms zimbra.example.com zimbraMtaMyNetworks '127.0.0.0/8 10.10.130.10/32' postfix reload
Allowing relaying for a remote machine
Let’s say you have a single machine on a remote network (for example, an automated mailing list manager with the IP address 10.10.200.25), and the current settings look like this:
postconf mynetworks mynetworks = 127.0.0.0/8 10.10.130.0/24
Add the remote machine like this:
zmprov ms zimbra.example.com zimbraMtaMyNetworks '127.0.0.0/8 10.10.130.0/24 10.10.200.25/32' postfix reload
Allowing relaying for a remote network
Let’s say you have POP or IMAP users on a remote network (for example, 192.168.1.x, with a netmask of 255.255.255.0), and the current settings look like this:
postconf mynetworks mynetworks = 127.0.0.0/8 10.10.130.0/24
Add the remote network like this:
zmprov ms zimbra.example.com zimbraMtaMyNetworks '127.0.0.0/8 10.10.130.0/24 192.168.1.0/24' postfix reload
Possible Problems
Make sure you specify the network properly. If you see an error like this in /var/log/zimbra.log, take a look at the subnet notation guide linked below, and compare the CIDR suffixes (/27) with the network address suffixes (.198).
Jul 17 20:29:12 zimbra postfix/smtpd[5092]: fatal: non-null host address bits in "10.10.130.198/27", perhaps you should use "10.10.130.192/27" instead
