Thursday, March 25, 2010

Zimbra – operating, how to


Zimbra resides in the /opt/zimbra directory, this directory can be migrated between servers as long as the architecture is the same (32bit vs 64bit)

Required Ports
Remote Queue Manager 22
Postifix 25
POP3 110
IMAP 143
LDAP 389
Mailbox IMAP 993
Mailbox POP SSL 995
Mailbox LMTP 7025

./ installs the zimbra
./ -u uninstalls zimbra
./ -s reinstalls the configuration files
but does not touch the data
configuration file /opt/zimbra/config.xxxxx contains all passwords and needs to be backed up for disaster recovery and /opt/zimbra/conf/ localconfig.xml

Upgrade procedure
1. su – zimbra
2. zmbackup –a all –t /tmp/ -s
3. check the status of the backup - tail /opt/zimbra/log/mailbox.log
4. check zimbra services – zmcontrol status
5. stop zimbra services – zmcontrol stop
6. check for any hanging processes – ps waux | grep zimbra
7. kill any processes that were not stopped – kill -9 procID
(any leftover processes that were not stopped with “zmcontrol stop” command
should be investigated as they can possibly indicate more serious issues)
8. run installer - ./
9. check logs - tail /opt/zimbra/log/mailbox.log

1. zmschedulebackup – command to schedule backups

2. /etc/crontab – has a list of all zimbra crons
3. zmbackupquery – lists all backups, status of the backup

4. tail /opt/zimbra/log/mailbox.log – to check the log for the backup

5. zmbackup -f -a all -s – (-f full, -a account, -s server);
this will perform a full backup on all domains on server

1.In disaster recovery restore LDAP info first
2. zmbackupquery - to find out the label
3. zmrestore -lb labelhere -a -ca -pre restored_
(this will restore the admin mailbox with a new name,restored_
4. ldap password - less /opt/zimbra/config.7835
5. reset ldap password –
> zmcontrol start
> zmldappasswd -r newpass
> zmldappasswd newpass


most of commands are issued as a zimbra user,

zmdumpenv -p - to find out all information about the server
zmlicense -p - to see the license
zmzimletctl listzimlets all - lists all zimlets
zmprov sp password - reset admin password
zmprov ca - create account
zmprov aaa - addaccount alias
zmprov -h - help
cd /opt/zimbra/libexec/ ./zmfixperms – fix permissions
(su –root, chown -R zimbra:zimbra /opt/zimbra, cd /opt/zimbra/libexec,./zmfixperms)
zmstat-chart -s /opt/zimbra/zmstat/2008-03-16/ -d /tmp/charts/ - create charts


/opt/zimbra/conf/ – change level of logging

/opt/zimbra/logger/db/data/ - logger
/var/log/zimbra.log - Mail delivery, Postfix
/opt/zimbra/log/audit.log - logs connection and SOAP requests
/opt/zimbra/log/clamd.log - checks if messages are deferred (not delivered)
/opt/zimbra/log/freshclam.log - clam av log
/opt/zimbra/log/httpd_access.log - log for aspell only
/opt/zimbra/log/mailbox.log - MAIN LOG; mailbox delivery and storage,
socket connection,jettylog, jabber
/opt/zimbra/log/zmmailboxd.out - java log file


Slowness reasons

- Postfix queue backup
- MySQL slowquerries (myslow.log)
- Process CPU utilization
- Client responsive time by protocol
- Disk utilities
- Database connections – poll latency
- Cache hitrates
- Database connections in use
- InnoDB buffer pool hit rate
- JVM heap activity
- Thread dump


exhaustive how to:

1. location of static logos
2. Customizing login page:
set the following:
clientLoginNotice = Service provided by domain Inc
splashScreenCopyright =
zimbraLoginTitle = Log In
zimbraLoginMetaDesc =
3. favicon.ico

1. cat /opt/zimbra/log/audit.log | grep "authentication failed" | wc -l
(for brute force attacks, possibly setup a cron job and have it mailed)
2. any script that has an extension .init (/opt/zimbra/libexec)
will reinstall the service. Use it with caution

1 comment:

  1. Hi,

    I really loved to visit your blog. Hope to see more inputs from you in your blog.

    Kim Roddy

    Laptop encryption software uk