Powered by Blogger.

Zimbra Notes

This is going to be an ongoing post where I list useful commands that I happen across while managing various Zimbra installations. This is mainly for my own sanity but it has the added benefit of possibly being able to help out someone else. Enjoy!
Increasing the Maximum Allowable Attachment Size
By default, this setting is low. Nowadays it’s acceptable to send attachments larger than 10MB (but not obscenely larger). I don’t like it and I discourage my users from sending large attachments via e-mail but if you feel the need to loosen up this restriction, here are the commands to do that:
su -l zimbra
zmprov ms `zmhostname` zimbraFileUploadMaxSize 20971520
zmprov mcf zimbraFileUploadMaxSize 20971520
zmprov ms `zmhostname` zimbraMailContentMaxSize 20971520
zmprov mcf zimbraMailContentMaxSize 20971520
zmprov mcf zimbraMtaMaxMessageSize 20971520
zmmtactl restart
20971520 = 20MB in bytes.
Disabling the Spam Filter
Sometimes it might be desirable to disable spam filtering across an entire domain or COS. For example, if you pay a 3rd party service to do your spam filtering for you.
zmprov md domain.tld +amavisBannedFilesLover TRUE
zmprov md domain.tld +amavisSpamLover TRUE
The first command turns off all filetype filtering for the domain “domain.tld” while the second turns off all spam filtering. If you wanted to do this on a per-account basis, you’d do this:
zmprov ma user@domain.tld +amavisBannedFilesLover TRUE
zmprov ma user@domain.tld +amavisSpamLover TRUE
“ma” stands for “manage account” and “md” stands for “manage domain”. This is used to specify which type of object you are editing/managing. To reverse these changes you would just change the “+” to a “-” in the previous commands or change the “TRUE” to “FALSE”. My understanding is that this:
zmprov ma user@domain.tld -amavisBannedFilesLover TRUE
zmprov ma user@domain.tld -amavisSpamLover TRUE
Accomplishes the same exact thing that this does:
zmprov ma user@domain.tld +amavisBannedFilesLover FALSE
zmprov ma user@domain.tld +amavisSpamLover FALSE
(This is an assumption, someone please correct me if I’m wrong.)
Now, it’s also possible to completely disable spam and virus filtering, here’s how to do it:
zmprov -l ms `zmhostname` -zimbraServiceEnabled antivirus
zmprov -l ms `zmhostname` -zimbraServiceEnabled antispam
However, if you do this, you will end up with an ugly “***UNCHECKED***” tag inserted into the subject line of every e-mail. To get rid of that you’ll need to edit/opt/zimbra/amavisd/sbin/amavisd and change the following value:
$undecipherable_subject_tag = '***UNCHECKED*** ';
$undecipherable_subject_tag = '';
And then restart Zimbra:
/etc/init.d/zimbra restart
Enabling RBLs
zmprov mcf zimbraMtaRestriction "reject_rbl_client cbl.abuseat.org" zimbraMtaRestriction "reject_rbl_client bl.spamcop.net" zimbraMtaRestriction "reject_rbl_client dnsbl.sorbs.net" zimbraMtaRestriction "reject_rbl_client sbl.spamhaus.org" zimbraMtaRestriction "reject_rbl_client relays.mail-abuse.org"
This will enable the following RBLs:
  • cbl.abuseat.org
  • bl.spamcop.net
  • dnsbl.sorbs.net
  • sbl.spamhaus.org
  • relays.mail-abuse.org
To see which zimbraMtaRestriction options are enabled:
zmprov gacf | grep zimbraMtaRestriction
You can also add/remove RBLs from the administration console; you’ll find the option under Configure->Global Settings->MTA in the “DNS Checks” section. I haven’t found how how to remove a single RBL via the CLI without wiping out the whole list — if anyone knows of a way, please let me know!
Archiving/exporting/importing a user’s inbox
This is handy if you want to move a user from one server to another, or if you need to export and archive the mailbox of a user who no longer exists.
zmmailbox -z -m user@domain.tld getRestURL "//?fmt=tgz" > /tmp/user_inbox.tar.gz
Then, to import to another server:
zmmailbox -s -m user@domain.tld postRestURL "//?fmt=tgz&resolve=reset" /tmp/user_inbox.tar.gz
Working with grants
Retrieve grants for a user’s folder (Calendar, in this example):
zmmailbox -z -m user@domain gfg /Calendar
Grant read only access to user1@domain’s calendar to user2@domain
zmmailbox -z -m user1@domain mfg /Calendar account user2@domain r
Remove all grants to user2@domain on user1@domain’s Calendar
zmmailbox -z -m user1@domain mfg /Calendar account user2@domain ''
Permissions are represented by the following letters: r, w, i, x, d, a
(r)ead – search, view overviews and items
(w)rite – edit drafts/contacts/notes, set flags
(i)nsert – copy/add to directory, create subfolders action
(x) – workflow actions, like accepting appointments
(d)elete – delete items and subfolders, set \Deleted flag
(a)dminister – delegate admin and change permissions
So if you wanted to give all rights to user2@domain from the previous example, you’d replace the ‘r’ with ‘rwixda’.
Working with mountpoints
Mount “/Inbox/Shared Data” from user1@domain.tld’s account to “/Inbox/User1 Shared Data” on user2@domain.tld’s account:
zmmailbox -z -m user2@domain.tld cm "/Inbox/User1 Shared Data" user1@domain.tld "/Inbox/Shared Data"
To delete the mountpoint*:
zmmailbox -z -m user2@domain.tld df "/Inbox/User1 Shared Data"
*Be extremely careful when doing this! Make sure that you are deleting the mountpoint and not the source directory (in the example above, this would be the “/Inbox/Shared Data” directory on user1@domain.tld’s account)
Enabling the Dumpster
The dumpster feature allows users (and more importantly, admins) to recover deleted messages. There are four settings that control this behavior:
  • zimbraDumpsterEnabled – TRUE/FALSE determines whether the dumpster feature is enabled
  • zimbraDumpsterPurgeEnabled – TRUE/FALSE determines whether users can empty/purge their dumpster
  • zimbraDumpsterUserVisibleAge – nd where n is the number of days you’d like to allow users to view/recover the messages stored in the dumpster.
  • zimbraMailDumpsterLifetime – nd where n is the number of days you’d like to keep items stored in the dumpster before automatically purging them.
Let’s say for example, you want to keep all deleted messages (for legal/auditing purposes) for two years and you don’t want the users to be able to purge the messages they’ve deleted. You’d run a command similar to this one (as the zimbrauser):
zmprov mc default zimbraDumpsterEnabled "TRUE" zimbraDumpsterPurgeEnabled "FALSE" zimbraDumpsterUserVisibleAge "1d" zimbraMailDumpsterLifetime "730d"
This will enable the dumpster for the ‘default’ COS; disable purging; allow users to see the messages in their dumpster less than a day old; and keep messages in the dumpster for two years (730 days). This is just an example, of course but it should provide a good understanding as to how to use these options.
Listing all user accounts for a domain
zmprov -l gaa domain.com
Setting a password from the command line
zmprov sp user@domain 'b3%356sf^578685'
Enable local authentication fallback (useful for using both LDAP and local authentication simultaneously)
zmprov md domain.tld zimbraAuthFallbackToLocal TRUE
zmcontrol restart
Getting a list of all folders for an account
zmmailbox -z -m user@domain.tld gaf
Get a list of message IDs for the first 1000 messages in “/OLD Mail/Inbox” and save them to a file
zmmailbox -z -m user@domain.tld search -t message -l 1000 'in:"/Old Mail/Inbox"' | awk '{print $2}' | sed -e '1,4d' | tr '\n' ',' | sed -e 's/,,//g' > messageids.txt
Then, do something with those messages; in this example, we’re going to move them to “/To Be Deleted”:
zmmailbox -z -m user@domain.tld mm `cat messageids.txt` "/To Be Deleted"
Raise the number of items that Zimbra Desktop or the Zimbra Web Client will display per page
zmprov ma user@domain.tld zimbraPrefMailItemsPerPage 500
Zimbra will only allow any single user account to have 10000 contacts total, this is how you raise that limit
zmprov ma user@domain.tld zimbraContactMaxNumEntries 20000
*Note: Before you do this, take some time to examine whether it’s really necessary. Make sure the account doesn’t have a bunch of duplicate contacts.
List all contacts for an account
zmmailbox -z -m user@domain.tld gact
List all contacts for an account and save the IDs to a file
zmmailbox -z -m user@domain.tld gact | grep 'Id: [0-9].*$' | tr '\n' ',' | sed -e 's/Id: //g' -e 's/,$//g' > contactids.txt
Then, do something with those contact IDs; in this example we’re going to delete them:
zmmailbox -z -m user@domain.tld dct `cat contactids.txt`
Route a user’s e-mail to another mail server
zmprov ma user@domain.tld zimbraMailTransport smtp:someothermailhost.domain.tld:25
… or set a user’s mail transport back to the default setting:
zmprov ma user@domain.tld zimbraMailTransport lmtp:domain.tld:7025
Further Reading:
    Blogger Comment
    Facebook Comment