Overview
Zimbra resides in the /opt/zimbra directory, this directory can be migrated between servers as long as the architecture is the same (32bit vs 64bit)
Required Ports
Remote Queue Manager 22
Postifix 25
HTTP 80
POP3 110
IMAP 143
LDAP 389
HTTPS 443
Mailbox IMAP 993
Mailbox POP SSL 995
Mailbox LMTP 7025
Installation
./install.sh installs the zimbra
./install.sh -u uninstalls zimbra
./install.sh -s reinstalls the configuration files
but does not touch the dataUpgrade procedure
1. su – zimbra
2. zmbackup –a all –t /tmp/ -s mail.domain.com
3. check the status of the backup - tail /opt/zimbra/log/mailbox.log
4. check zimbra services – zmcontrol status
5. stop zimbra services – zmcontrol stop
6. check for any hanging processes – ps waux | grep zimbra
7. kill any processes that were not stopped – kill -9 procID
(any leftover processes that were not stopped with “zmcontrol stop” command
should be investigated as they can possibly indicate more serious issues)
8. run installer - ./install.sh
9. check logs - tail /opt/zimbra/log/mailbox.log
Backup
1. zmschedulebackup – command to schedule backups
2. /etc/crontab – has a list of all zimbra crons
3. zmbackupquery – lists all backups, status of the backup
4. tail /opt/zimbra/log/mailbox.log – to check the log for the backup
5. zmbackup -f -a all -s mail.domain.com – (-f full, -a account, -s server);
this will perform a full backup on all domains on server domain.com
Restore
1.In disaster recovery restore LDAP info first
2. zmbackupquery - to find out the label
3. zmrestore -lb labelhere -a admin@domain.com -ca -pre restored_
(this will restore the admin mailbox with a new name,restored_ admin@domain.com)
4. ldap password - less /opt/zimbra/config.7835
5. reset ldap password –
> zmcontrol start
> zmldappasswd -r newpass
> zmldappasswd newpass
Commands
most of commands are issued as a zimbra user,
zmdumpenv -p - to find out all information about the server
zmlicense -p - to see the license
zmzimletctl listzimlets all - lists all zimlets
zmprov sp admin@domain.com password - reset admin password
zmprov ca - create account
zmprov aaa - addaccount alias
zmprov -h - help
cd /opt/zimbra/libexec/ ./zmfixperms – fix permissions
(su –root, chown -R zimbra:zimbra /opt/zimbra, cd /opt/zimbra/libexec,./zmfixperms)
zmstat-chart -s /opt/zimbra/zmstat/2008-03-16/ -d /tmp/charts/ - create charts
Logs
/opt/zimbra/conf/log4j.properties.in – change level of logging
/opt/zimbra/logger/db/data/mail.domain.com.err - logger
/var/log/zimbra.log - Mail delivery, Postfix
/opt/zimbra/log/audit.log - logs connection and SOAP requests
/opt/zimbra/log/clamd.log - checks if messages are deferred (not delivered)
/opt/zimbra/log/freshclam.log - clam av log
/opt/zimbra/log/httpd_access.log - log for aspell only
/opt/zimbra/log/mailbox.log - MAIN LOG; mailbox delivery and storage,
socket connection,jettylog, jabber
/opt/zimbra/log/zmmailboxd.out - java log file
Troubleshooting
Slowness reasons
- Postfix queue backup
- MySQL slowquerries (myslow.log)
- Process CPU utilization
- Client responsive time by protocol
- Disk utilities
- Database connections – poll latency
- Cache hitrates
- Database connections in use
- InnoDB buffer pool hit rate
- JVM heap activity
- Thread dump
Customizing
exhaustive how to: http://files.zimbra.com/docs/skins/index.html
1. location of static logos
/opt/zimbra/jetty/webapps/zimbra/skins/_base/logos
2. Customizing login page:
/opt/zimbra/jetty/webapps/zimbra/WEB-INF/classes/messages/ZmMsg.properties
set the following:
clientLoginNotice = Service provided by domain Inc
splashScreenCopyright =
zimbraLoginTitle = Log In
zimbraLoginMetaDesc = domain.com
3. favicon.ico
/opt/zimbra/jetty/webapps/zimbra/img/logo/favicon.ico
/opt/zimbra/jetty/webapps/zimbraAdmin/img/logo/favicon.ico
Misc
1. cat /opt/zimbra/log/audit.log | grep "authentication failed" | wc -l
(for brute force attacks, possibly setup a cron job and have it mailed)
2. any script that has an extension .init (/opt/zimbra/libexec)
will reinstall the service. Use it with caution
Hi,
ReplyDeleteI really loved to visit your blog. Hope to see more inputs from you in your blog.
Regards
Kim Roddy
Laptop encryption software uk