Zimbra NE Admin Guide 8.6.0

8/20/2019 Zimbra NE Admin Guide 8.6.0

1/355

Zimbra Collaboration

Administrator Guide

Zimbra Collaboration 8.6

Network Edition

December 2014


2/355

Legal Notices

Copyright © 2005-2014 Zimbra, Inc. All rights reserved. This product is protected by U.S. andinternational copyright and intellectual property laws. "Zimbra" is a registered trademark of Zimbra, Inc.in the United States and other jurisdictions.You may not alter or remove any trademark, copyright, orother notice from copies of the content. All other marks and names mentioned herein may be trademarksof their respective companies.

Zimbra, Inc.

3000 Internet Blvd., Suite 200Frisco, Texas 75034

www.zimbra.com

Zimbra Collaboration 8.6

GA - December 2014


3/355

Zimbra Collaboration 8.6 Network Edition iii

Table of Contents

1 Introduct ion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Third-Party Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Support and Contact Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

2 Product Overv iew . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Architectural Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Core Email, Calendar and Collaboration Functionality . . . . . . . . . . . . . 16Zimbra Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Zimbra Application Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Zimbra System Directory Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Web Client Versions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Web Services and Desktop Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Offline Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

3 Licens ing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

License Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23License Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24License Usage by Account Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24License Activation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Automatic License Activation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Manual License Activation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25When Licenses are not Installed or Activated . . . . . . . . . . . . . . . . . 25

Obtain a License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26Managing Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

License Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26License Expiration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26Renewal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Update Your License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

4 Zimbra Mai lbox Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Mailbox Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29Message Store . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29Data Store . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30Index Store. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Web Application Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32Mailstore Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32User Interface Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Web Application Server Split . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32Installation and Configuration of the Web Application Server Split . 32

Backing Up the Mailbox Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33Mailbox Server Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33


4/355

iv Network Edition Zimbra Collaboration 8.6

Administ rator Guide

5 Zimbra LDAP Serv ice . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

LDAP Traffic Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35LDAP Directory Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36Zimbra Collaboration LDAP Schema . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Zimbra Collaboration Objects. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Account Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Internal Authentication Mechanism . . . . . . . . . . . . . . . . . . . . . . . . . 40External LDAP and External AD Authentication Mechanism . . . . . . 40Custom Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Kerberos5 Authentication Mechanism . . . . . . . . . . . . . . . . . . . . . . . 42

Global Address List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43Flushing LDAP Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Flush the Cache for Themes and Locales . . . . . . . . . . . . . . . . . . . . 45Flush Accounts, Groups, COS, Domains, and Servers . . . . . . . . . . 45

6 Zimbra Mai l Transfer Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Incoming Mail Routing Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47Zimbra MTA Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

Postfix Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48SMTP Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49SMTP Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49Sending Non Local Mail to a Different Server . . . . . . . . . . . . . . . . . 49

Anti-Virus and Anti-Spam Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . 50Anti-Virus Protection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50Anti-Spam Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

Receiving and Sending Mail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53Message Queues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

7 Zimbra Proxy Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

Benefits of Using Zimbra Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

Zimbra Proxy Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55Proxy Architecture and Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56Change the Zimbra Proxy Configuration . . . . . . . . . . . . . . . . . . . . . . . . 56Zimbra Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

Zimbra Proxy Ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57Setting Up IMAP and POP Proxy After HTTP Proxy Installation . . . 57

Configure Zimbra HTTP Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59Setting Up HTTP Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60Set Proxy Trusted IP Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

Configure Zimbra Proxy for Kerberos Authentication . . . . . . . . . . . . . . 63

8 Us ing the Admin is t rat ion Conso le . . . . . . . . . . . . . . . . . . . . . . 65

Administrator Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65Change Administrator Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . 65

Log in to the Administration Console . . . . . . . . . . . . . . . . . . . . . . . . . . 66Customize the Login and Logout Pages . . . . . . . . . . . . . . . . . . . . . 66

Managing Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66Message of the Day for Administrators . . . . . . . . . . . . . . . . . . . . . . . . . 66

Create a Message of the Day. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67Remove a Message of the Day . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Zimbra Search . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67


5/355

Zimbra Collaboration 8.6 Network Edition v

9 Manag ing Configurat ion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

Global Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69General Global Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70Setting Up Email Attachment Rules . . . . . . . . . . . . . . . . . . . . . . . . . 71Blocking Email Attachments by File Type . . . . . . . . . . . . . . . . . . . . 72Global MTA Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Global IMAP and POP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74Working With Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

Domain General Information Settings . . . . . . . . . . . . . . . . . . . . . . . 75Global Address List (GAL) Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . 76Using GAL sync accounts for faster access to GAL. . . . . . . . . . . . . 77Authentication Modes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78Virtual Hosts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79Setting Account Limits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79Renaming a Domain. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80Adding a Domain Alias. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80Enabling Support for Domain Disclaimers . . . . . . . . . . . . . . . . . . . . 81Disable Disclaimers for Intra-domain Emails . . . . . . . . . . . . . . . . . . 82Disable the Disclaimer Feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

Zimlets on the Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82Managing Server Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

General Server Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83Change MTA Server Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84Setting Up IP Address Binding. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

Managing SSL Certificates for ZCS . . . . . . . . . . . . . . . . . . . . . . . . . . . 85Installing Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85Viewing Installed Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86Maintaining Valid Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86Install a SSL Certificate for a Domain . . . . . . . . . . . . . . . . . . . . . . . 87

Using DKIM to Authenticate Email Message . . . . . . . . . . . . . . . . . . . . 87Configure ZCS for DKIM Signing . . . . . . . . . . . . . . . . . . . . . . . . . . . 88Update DKIM Data for a Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . 89Remove DKIM Signing from ZCS. . . . . . . . . . . . . . . . . . . . . . . . . . . 90Retrieve DKIM Data for a Domain . . . . . . . . . . . . . . . . . . . . . . . . . . 90

Anti-spam Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90Anti-virus Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94Zimbra Free/Busy Calendar Scheduling . . . . . . . . . . . . . . . . . . . . . . . . 94

ZCS to ZCS Free/Busy Interoperability . . . . . . . . . . . . . . . . . . . . . . 96Setting Up S/MIME . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96S/MIME License. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97Enable S/MIME Feature. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97Importing S/MIME Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

Storage Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

Implementing Hierarchical Storage Management . . . . . . . . . . . . . . 99Email Retention Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100Configure Email Lifetime Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . 100Configure Message Retention and Deletion Policies . . . . . . . . . . . 101Managing the Dumpster. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102Configure Legal Hold on an Account . . . . . . . . . . . . . . . . . . . . . . . 103

Customized Admin Extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103


6/355

vi Network Edition Zimbra Collaboration 8.6


10 Class of Serv ices for Accounts . . . . . . . . . . . . . . . . . . . . . . . 105

Managing Accounts Usage with a COS . . . . . . . . . . . . . . . . . . . . . . . 105Selecting Features and Preferences . . . . . . . . . . . . . . . . . . . . . . . . . . 106

Disable Preferences. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106Set Default Time Zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

Using Server Pools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

Setting Account Quota . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107Set Quotas in Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108

Managing Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109Direct Users to Your Change Password Page. . . . . . . . . . . . . . . . 109Configure a Password Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

Configuring a Login Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110Configuring a Session Timeout Policy . . . . . . . . . . . . . . . . . . . . . . . . 111Managing Default External COS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

11 Customizing Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

Messaging and Collaboration Applications . . . . . . . . . . . . . . . . . . . . . 113Email Messaging Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

Set Up Address Book Features . . . . . . . . . . . . . . . . . . . . . . . . . . . 119Set Up Calendar Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120Set Up Zimbra Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

Setting Zimbra Web Client User Interface Themes . . . . . . . . . . . . . . . 123Other Configuration Settings for Accounts . . . . . . . . . . . . . . . . . . . . . 124

Enable Sharing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124Configure SMS Notification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124Configure Attachment Viewing. . . . . . . . . . . . . . . . . . . . . . . . . . . . 124Display a Warning When Users Try to Navigate Away . . . . . . . . . 125Enabling the Check Box for the Web Client . . . . . . . . . . . . . . . . . . 125Preferences Import/Export . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125Add Words to Spell Dictionary . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

12 Prov is ion ing User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . 127

Creating a Single User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127Migrate Existing Accounts and Import Account Email . . . . . . . . . . . . . 128

Migrate Accounts from a Zimbra Server. . . . . . . . . . . . . . . . . . . . . 128Migrate Accounts from Generic IMAP Servers. . . . . . . . . . . . . . . . 130Migrate Accounts using an XML File . . . . . . . . . . . . . . . . . . . . . . . 132Importing Email for Selected Accounts . . . . . . . . . . . . . . . . . . . . . 133Examples of XML Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

Auto Provisioning New Accounts from External LDAP . . . . . . . . . . . . 135Auto-Provision Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136Configure Eager Mode Auto-Provisioning . . . . . . . . . . . . . . . . . . . 141Configure Lazy Mode Auto-Provisioning . . . . . . . . . . . . . . . . . . . . 143

Manage Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145Set Up the Scheduling Policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

13 Managing User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149

Change Status of Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149Delete an Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150View an Accounts Mailbox . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150Use an Email Alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150Work with Distribution Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150


7/355

Zimbra Collaboration 8.6 Network Edition vii

Setting Subscription Policies for Distribution Lists . . . . . . . . . . . . . 151Management Options for Owners of Distribution Lists. . . . . . . . . . 151Creating a Distribution List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152Managing Access to Distribution Lists . . . . . . . . . . . . . . . . . . . . . . 153Enable Viewing of Distribution List Members for AD Accounts . . . 155

Using Dynamic Distribution Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

Create Dynamic Distribution Lists from the Administration Console 156Using CLI to Manage Dynamic Distribution Lists . . . . . . . . . . . . . . 158Moving a Mailbox . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158

Global Configuration Option for Moving Mailboxes . . . . . . . . . . . . 159

14 Delegated Adminis t rat ion . . . . . . . . . . . . . . . . . . . . . . . . . . . 161

Target Types for Granting Administrative Rights . . . . . . . . . . . . . . . . 161Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

System-defined rights. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162Attribute Right. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

Implementing Delegated Administration . . . . . . . . . . . . . . . . . . . . . . . 165Administrator Groups and Administrators . . . . . . . . . . . . . . . . . . . 165Configure Grants on Administrator Accounts or Admin Groups. . . 166Grant ACLs to a Target . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166

Revoking Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166View Rights Granted to Administrators . . . . . . . . . . . . . . . . . . . . . . . . 167Predefined Delegated Administrator Role . . . . . . . . . . . . . . . . . . . . . . 167

Domain Administration Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167Distribution List Administration Group . . . . . . . . . . . . . . . . . . . . . . 167

Creating Delegated Administrator Roles . . . . . . . . . . . . . . . . . . . . . . . 168

15 Using the Voice Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175

Order of Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176Voice Service Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176Using a Third-Party Unified Communications Server . . . . . . . . . . . . . 177

Cisco URLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177Mitel URLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178

Creating the Voice/Chat Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178Configure Presence (Cisco only) . . . . . . . . . . . . . . . . . . . . . . . . . . 178

Enabling the Voice/Chat Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179Enable Voice/Chat Service on a Domain . . . . . . . . . . . . . . . . . . . . 179Enable Voice/Chat Service on a COS . . . . . . . . . . . . . . . . . . . . . . 179Enable Voice/Chat Service on a User Account . . . . . . . . . . . . . . . 179

Enabling the Voice/Chat Zimlets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

16 Monitoring ZCS Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181

Zimbra Logger . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182

Enable Server Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182Review Server Status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182Enable or Disable Server Services. . . . . . . . . . . . . . . . . . . . . . . . . 183Server Performance Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183Configure Logger Mail Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . 184

Configuring Disk Space Notifications . . . . . . . . . . . . . . . . . . . . . . . . . 184Monitoring Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184Configuring Denial of Service Filter Parameters . . . . . . . . . . . . . . . . . 185

Identifying False Positives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185


8/355

viii Network Edition Zimbra Collaboration 8.6


Customizing DoSFilter Configuration . . . . . . . . . . . . . . . . . . . . . . . 186Tuning Considerations for ZCS 8.0.3 and later . . . . . . . . . . . . . . . 187

Working with Mail Queues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187View Mail Queues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189Flush Message Queues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189

Monitoring Mailbox Quotas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190

View Quota. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190Increase or Decrease Quota . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190Viewing MobileSync Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190Monitoring Authentication Failures . . . . . . . . . . . . . . . . . . . . . . . . . . . 190Viewing Log Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191

Syslog. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192Use log4j to Configure Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . 192Logging Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193Protocol Trace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194Review mailbox.log Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195

Reading a Message Header . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198Fixing Corrupted Mailbox Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199

Check if an Index is Corrupt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199

Repair and Reindex a Corrupt Index . . . . . . . . . . . . . . . . . . . . . . . 200SNMP Monitoring and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 200

SNMP Monitoring Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200SNMP Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200Errors Generating SNMP Traps . . . . . . . . . . . . . . . . . . . . . . . . . . . 200

Checking MariaDB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200Checking for Zimbra Collaboration Software Updates . . . . . . . . . . . . 201Updating Zimbra Connector for Microsoft Outlook . . . . . . . . . . . . . . . 202Types of Notifications and Alerts Sent by Zimbra Collaboration . . . . . 202

Service status change notification . . . . . . . . . . . . . . . . . . . . . . . . . 202Disk usage notification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203Duplicate mysqld processes running notification . . . . . . . . . . . . . . 203SSL certificates expiration notification . . . . . . . . . . . . . . . . . . . . . . 203

Daily report notification. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203Database integrity check notification . . . . . . . . . . . . . . . . . . . . . . . 203Backup completion notification. . . . . . . . . . . . . . . . . . . . . . . . . . . . 204

17 Backup and Restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205

Backing Up the Mailbox Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205Backup Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206

Standard Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206Auto-Grouped Backup Method. . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

Directory Structure for Backup Files . . . . . . . . . . . . . . . . . . . . . . . . . . 208Backup and Restore Using the Administration Console . . . . . . . . . . . 209

Configure Backup from the Admin Console . . . . . . . . . . . . . . . . . . 209

Backup and Restore Using the Command Line Interface . . . . . . . . . . 210Backing up using the Standard Method . . . . . . . . . . . . . . . . . . . . . . . 211

Scheduling a Standard Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . 211Full Backup Process. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213Incremental Backup Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213Find a Specific Backups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214

Abort Full Backup in Progress . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215Backing up using the Auto-Grouped Method . . . . . . . . . . . . . . . . . . . 215

Configure Auto-Grouped Backup from the CLI . . . . . . . . . . . . . . . 215


9/355

Zimbra Collaboration 8.6 Network Edition ix

Schedule Auto-Group Backups . . . . . . . . . . . . . . . . . . . . . . . . . . . 216Backup Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217

Backup Up content Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217Back Up the MySQL Database . . . . . . . . . . . . . . . . . . . . . . . . . . . 217

Managing Disk Space for Backups . . . . . . . . . . . . . . . . . . . . . . . . . . . 218Restoring Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218

Restore Process. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219Stop a Restore Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221Restore Mailboxes When Mail Server Is Down . . . . . . . . . . . . . . . 221Restore Individual Accounts on a Live System . . . . . . . . . . . . . . . 222Exclude Items from a Restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222Restore the LDAP Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223

General Steps for Disaster Recovery . . . . . . . . . . . . . . . . . . . . . . . . . 223Crash Recovery Server Startup . . . . . . . . . . . . . . . . . . . . . . . . . . . 224Restore the Zimbra Collaboration . . . . . . . . . . . . . . . . . . . . . . . . . 224Install ZCS on a New Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225Restoring from Different Failure Scenarios . . . . . . . . . . . . . . . . . . 227Change Local Configuration Files After Restoring Zimbra . . . . . . . 228

Using snapshots to Backup and Restore . . . . . . . . . . . . . . . . . . . . . . 229

18 Zimbra Mobile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231

Mobile Device Security Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231Setting Up Mobile Policies on ZCS . . . . . . . . . . . . . . . . . . . . . . . . . . . 232Mobile Device Security Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233Managing Mobile Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236

Supporting Autodiscover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237Set Up Mobile Synchronization for User Accounts. . . . . . . . . . . . . 237Change Mobile Device Password Policy . . . . . . . . . . . . . . . . . . . . 238

User’s Mobile Device Self-Care Features . . . . . . . . . . . . . . . . . . . . . . 238

19 Arch iving and Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241

How Archiving Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241How Discovery Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242Installing the Archiving Package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243

Install Archiving in a Single-Server Environment . . . . . . . . . . . . . . 243Install zimbra-archiving in a Multi-Server Environment . . . . . . . . . 244

Manage Archiving From the Administration Console . . . . . . . . . . . . . 244Enable Archiving . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245Creating a Dedicated Archive COS . . . . . . . . . . . . . . . . . . . . . . . . 245Set Up Archive Account Name . . . . . . . . . . . . . . . . . . . . . . . . . . . 245Set Up Archiving for a Users Mailbox. . . . . . . . . . . . . . . . . . . . . . . 246

Archive Mailboxes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246Create an archive mailbox and assign a COS . . . . . . . . . . . . . . . . 247Create an Archive Mailbox with No COS or Password . . . . . . . . . 247Enable Archive Forwarding to a Third-party Archiving Server . . . . 247

Searching Across Mailboxes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247Cross Mailbox Search from the Administration Console . . . . . . . . 248

20 Legal Requests for In format ion . . . . . . . . . . . . . . . . . . . . . . . 251

Legal Intercept Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251Set Up Legal Intercept . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251Set Up Legal Intercept to Forward Message Header . . . . . . . . . . . 252


10/355

x Network Edition Zimbra Collaboration 8.6


Modify the Intercept Cover Email Message . . . . . . . . . . . . . . . . . . 252Create Mailbox Snapshots for Legal Discovery . . . . . . . . . . . . . . . . . 253

Create a Mailbox Snapshot Zip File . . . . . . . . . . . . . . . . . . . . . . . . 253

21 Changing Theme Colors and Logo . . . . . . . . . . . . . . . . . . . . 255

Changing Theme Color and Logos on the Zimbra Web Client . . . . . . 255

Customizing Base Theme Colors. . . . . . . . . . . . . . . . . . . . . . . . . . 255Replacing the ZWC Logo. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256Changing Theme Colors and Logo on Admin Console . . . . . . . . . 257Changing Theme Colors and Logo using the CLI . . . . . . . . . . . . . 258Add Your Logos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259

Changing the Logo on the Touch Client . . . . . . . . . . . . . . . . . . . . . . . 260Customizing Base Theme Colors. . . . . . . . . . . . . . . . . . . . . . . . . . 260Replacing the ZWC Logo. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260Using Command Line Interface to add your logos . . . . . . . . . . . . . 260Changing Logo on Admin Console. . . . . . . . . . . . . . . . . . . . . . . . . 260Change Logo by Replacing Files in the Folder Structure. . . . . . . . 260

22 Zimlets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263Manage Zimlets from the Administration Console . . . . . . . . . . . . . . . 263

Deploy Custom Zimlets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264Enable, Disable, or Make Zimlets Mandatory. . . . . . . . . . . . . . . . . 264Undeploy a Zimlet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264Add Proxy-Allowed Domains to a Zimlet . . . . . . . . . . . . . . . . . . . . 265Upgrading a Zimlet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265

Managing Zimlets from the Command Line Interface . . . . . . . . . . . . . 265Deploying Zimlets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265Add Proxy Allowed Domains to a Zimlet . . . . . . . . . . . . . . . . . . . . 266Deploying a Zimlet and Granting Access to a COS . . . . . . . . . . . . 266Viewing Zimlet List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266Changing Zimlet Configurations. . . . . . . . . . . . . . . . . . . . . . . . . . . 266

Upgrading a Zimlet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267Zimbra Gallery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268Customized Zimlets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268

Appendix A Command L ine Uti li ties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269

General Tool Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269Zimbra CLI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270

Using non-ASCII Characters in CLIs . . . . . . . . . . . . . . . . . . . . . . . 275zmprov (Provisioning) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275

Configure Auto-Grouped Backup from the CLI . . . . . . . . . . . . . . . 287Changing Conversations Thread Default . . . . . . . . . . . . . . . . . . . . 288Detect Corrupted Indexes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288

zmaccts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289zmarchiveconfig . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289zmarchivectl . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290zmarchivesearch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290zmbackup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291zmblobchk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293zmcalchk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294zmschedulebackup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294zmbackupabort . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297


11/355

Zimbra Collaboration 8.6 Network Edition xi

zmbackupquery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298zmrestore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299zmrestoreoffline (Offline Restore) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301zmrestoreldap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303zmcontrol (Start/Stop/Restart Service) . . . . . . . . . . . . . . . . . . . . . . . . 303zmmboxsearch (Cross Mailbox Search) . . . . . . . . . . . . . . . . . . . . . . . 304

zmmboxmove . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305zmmboxmovequery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305zmpurgeoldmbox . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306zmgsautil . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306zmldappasswd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307zmlocalconfig . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308zmmailbox . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309zmtlsctl . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312zmhsm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314zmlicense . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314zmmetadump . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315zmmypasswd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315zmplayredo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315

zmproxyconfgen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316zmproxypurge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317zmredodump . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318zmskindeploy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319zmsoap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319zmstat-chart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320zmstat-chart-config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321zmstatctl . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321zmthrdump . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321zmtrainsa . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322zmtzupdate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322zmvolume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323zmzimletctl . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324

zmproxyconfig . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325zmsyncreverseproxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327

Appendix B Configuring SPNEGO Single Sign-On . . . . . . . . . . . . . . . . . . . 329

Configuration Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329Create the Kerberos Keytab File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330Configure ZCS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332Configure Your Browser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335Test your setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335Troubleshooting setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336Configure Kerberos Auth with SPNEGO Auth . . . . . . . . . . . . . . . . . . 337Setting Up Single Sign-On Options for ZCO . . . . . . . . . . . . . . . . . . . . 338

Appendix C ZCS Crontab Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339

How to read the crontab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339ZCS Cron Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339

Jobs for crontab.store. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340Jobs for crontab.logger. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340Jobs for crontab.mta. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341

Single Server Crontab -l Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342


12/355

xii Network Edition Zimbra Collaboration 8.6


Appendix D Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351


13/355

Zimbra Collaboration 8.6 Network Edition 13

1 Introduction

Zimbra Collaboration is a full-featured messaging and collaboration solutionthat includes email, address book, calendaring, tasks, and Web documentauthoring.

Topics in this chapter include:

Audience

Third-Party Components

Support and Contact Information

Audience

This guide is intended for system administrators responsible for installing,maintaining, and supporting the server deployment of Zimbra Collaboration.

Readers of this guide should have the following recommended knowledge andskill sets:

Familiarity with the associated technologies and standards Linux operatingsystem, and open source concepts

Industry practices for mail system management

Third-Party Components

Where possible, Zimbra Collaboration adheres to existing industry standardsand open source implementations for backup management, userauthentications, operating platform, and database management. However,Zimbra only supports the specific implementations described in the ZimbraCollaboration architecture overview in the Product Overview chapter asofficially tested and certified for the Zimbra Collaboration. This documentmight occasionally note when other tools are available in the marketplace, butsuch mention does not constitute an endorsement or certification.

Support and Contact Information

Visit www.zimbra.com to join the community and to be a part of building thebest open source messaging solution. We appreciate your feedback andsuggestions.

Contact [email protected] to purchase Zimbra Collaboration


14/355

14 Network Edition Zimbra Collaboration 8.6


Network Edition customers can contact support at [email protected]

Explore the Zimbra Forums for answers to installation or configurationsproblems

Join the Zimbra Forums, to participate and learn more about the ZimbraCollaboration

Let us know what you like about the product and what you would like to see inthe product. Post your ideas to the Zimbra Forum.

If you encounter problems with this software, go to http://bugzilla.zimbra.comto submit a bug report. Make sure to provide enough detail so that the bug canbe easily duplicated.


15/355


2 Product Overview

This chapter gives an overview of Zimbra components, architecture, andapplication packages. An overview is also provided of available web clientversions, or using web services, desktop email clients, or the offline mode.

Architectural Overview

Core Email, Calendar and Collaboration Functionality

Zimbra Components

Zimbra Application Packages

Zimbra System Directory Tree

Web Client Versions

Web Services and Desktop Clients

Offline Mode

Archi tectural Overview

The Zimbra Collaboration architecture is built with well-known open sourcetechnologies and standards based protocols. The architecture consists ofclient interfaces and server components that can be ran in a single node

configuration or deployed across multiple servers for high availability andincreased scalability.

The architecture includes the following core advantages:

Open source integrations. Linux®, Jetty, Postfix, MariaDB, OpenLDAP®.

Uses industry standard open protocols . SMTP, LMTP, SOAP, XML,IMAP, POP.

Modern technology design. HTML5, Javascript, XML, and Java.

Horizontal scalability. Each Zimbra mailbox server includes its ownmailbox accounts and associated message store and indexes. Zimbra has

the flexibility to scale both vertically by adding more system resources or horizontally by adding more servers.

Browser based client interface. Zimbra Web Client gives users easyaccess to all the Zimbra Collaboration features.

Browser based administration console.


16/355



Core Email, Calendar and Collaboration Functionality

Zimbra Collaboration is an innovative messaging and collaboration applicationthat offers the following state-of-the-art solutions that are accessed through abrowser based web client.

Intuitive message management, search, tagging, and sharing.

Personal, external, and shared calendar

Personal and shared Address Books and Distribution Lists.

Personal and Shared Task lists.

Zimbra Components

Zimbra architecture includes open-source integrations using industry standardprotocols. The third-party software listed below is bundled with Zimbrasoftware and installed as part of the installation process. These componentshave been tested and configured to work with the software.

Jetty, the web application server that Zimbra software runs in.

Postfix, an open source mail transfer agent (MTA) that routes mailmessages to the appropriate Zimbra server

OpenLDAP software, an open source implementation of the LightweightDirectory Access Protocol (LDAP) that stores Zimbra systemconfiguration, the Zimbra Global Address List, and provides user authentication. Zimbra can also work with GAL and authentication servicesprovided by external LDAP directories such as Active Directory

MariaDB database software

Lucene, an open source full-featured text and search engine

Autonomy, Inc., a third-party source that converts certain attachment filetypes to HTML

Anti-virus and anti-spam open source components including:

• ClamAV, an anti-virus scanner that protects against malicious files

• SpamAssassin, a mail filter that attempts to identify spam

• Amavisd-new interfaces between the MTA and one or more contentcheckers

James/Sieve filtering, used to create filters for email

LibreOffice for high-fidelity document preview


17/355


Product Overview

Zimbra Appl ication Packages

Zimbra Collaboration includes the following application packages.

Zimbra Core Includes the libraries, uti lit ies, monitoring tools, and basic

configuration files.

zmconfigd is part of zimbra-core and is automaticallyenabled and runs on all systems.

Zimbra Store(mailbox server)

The Zimbra store includes the components for the mailboxserver, including Jetty, which is the servlet container theZimbra software runs within. The Zimbra mailbox serverincludes the following components:

• Data store. The data store is a MariaDB© database.

• Message store. The message store is where all emailmessages and file attachments reside.

• Index store. Index and search technology is provided

through Lucene. Index files are maintained for eachmailbox.

• Web application services. The Jetty web applicationserver runs web applications (webapps) on any storeserver. It provides one or more web applicationservices.

Zimbra LDAP Zimbra Collaboration uses the OpenLDAP® software, anopen source LDAP directory server. User authentication,the Zimbra Global Address List, and configurationattributes are services provided through OpenLDAP. Notethat the Zimbra GAL and authentication services can be

provided by an external LDAP Directory such as ActiveDirectory.

Zimbra MTA Postfix is the open source mail transfer agent (MTA) thatreceives email via SMTP and routes each message to theappropriate Zimbra mailbox server using Local MailTransfer Protocol (LMTP).

The Zimbra MTA also includes the anti-virus and anti-spam components.

Zimbra Proxy Zimbra Proxy is a high-performance reverse proxy servicefor passing IMAP[S]/POP[S]/HTTP[S] client requests toother internal ZCS services.This package is normallyinstalled on the MTA server(s) or on its own independentserver(s). When the zimbra-proxy package is installed, theproxy feature is enabled by default. Installing the ZimbraProxy is highly recommended, and required if using aseparate web application server.


18/355



Zimbra Memcached Memcached is automatically selected when the zimbra-proxy is installed. At least one server must run zimbra-memcached when the proxy is in use. You can use asingle memcached server with one or more Zimbraproxies. zimbra-memcached is required if using a separateweb application server.

Zimbra SNMP The Zimbra SNMP package is optional. If you choose toinstall zimbra-SNMP for monitoring, this package shouldbe installed on every Zimbra server.

Zimbra Logger The Zimbra Logger package is optional and is installed onone mailbox server. The Zimbra Logger installs tools forsyslog aggregation and reporting. If you do not installLogger, the server statistics section of the administrationconsole will not display.

The Logger package must be installed at the same time asthe mailbox server.

Zimbra Spell The Zimbra Spell package is optional. Aspell is the opensource spell checker used on the Zimbra Web Client.When Zimbra-Spell is installed, the Zimbra-Apachepackage is also installed.

Zimbra Apache The Zimbra Apache package is installed automaticallywhen Zimbra Spell or Zimbra Convertd is installed.

Zimbra Convertd Zimbra-convertd package is installed on the zimbra-storeserver. Only one Zimbra-convertd package needs to bepresent in the Zimbra Collaboration environment. Thedefault is to install one zimbra-convertd on each zimbra-store server.

When Zimbra-Convertd is installed, the Zimbra-Apachepackage is also installed.

Zimbra Archiving The Zimbra Archiving and Discovery feature is an optionalfeature for ZCS Network Edition. Archiving and Discoveryoffers the ability to store and search all messages thatwere delivered to or sent by ZCS. This package includesthe cross mailbox search function which can be used forboth live and archive mailbox searches. Note: UsingArchiving and Discovery can trigger additional mailboxlicense usage. To find out more about Zimbra Archivingand Discovery, contact Zimbra sales.

1 Inbound Internet mail goes through a firewall and load balancing to theedge MTA for spam filtering.

2 The filtered mail then goes through a second load balancer.

3 An external user connecting to the messaging server also goes through afirewall to the second load balancer.

4 The inbound Internet mail goes to any of the Zimbra MTA servers and goesthrough spam and virus filtering.


19/355


Product Overview

Zimbra System Directory Tree

The following table lists the main directories created by the Zimbra installationpackages.

The directory organization is the same for any server in the ZimbraCollaboration, installing under /opt/zimbra.

Note: The directories not listed in this table are libraries used for building the

core Zimbra software or miscellaneous third-party tools.

5 The designated Zimbra MTA server looks up the addressee’s directoryinformation from the Zimbra LDAP replica server.

6 After obtaining the user’s information from the Zimbra LDAP server, theMTA server sends the mail to the appropriate Zimbra mailbox server.

7 Internal end-user connections are made directly to any Zimbra mailbox

server, which then obtains the user’s directory information from ZimbraLDAP and redirects the user as needed.

8 Server backup can be processed to a mounted disk.

Parent Directory Description

/opt/zimbra/

Created by all Zimbra Collaboration installationpackages

backup/ Backup target contains full and incremental backupdata

bin/ Zimbra Collaboration application files, including the

utilities described in Appendix A, Command -LineUtilities

cdpolicyd Policy functions, throttling

clamav/ Clam AV application files for virus and spam controls

conf/ Configuration information

contrib/ Third-party scripts for conveyance

convertd/ Convert service

cyrus-sasl/ SASL AUTH daemon

data/ Includes data directories for LDAP, mailboxd, postfix,amavisd, clamav

db/ Data Store

docs/ SOAP txt files and technical txt files

dspam/ DSPAM antivirus


20/355



extensions-extra/

Server extensions for different authentication types

extensions-network-extra/

Server extensions for different network versionauthentication types

httpd/ Contains the Apache Web server. Used for both aspelland convertd as separate processes

index/ Index store

java/ Contains Java application files

jetty/ mailboxd application server instance. In this directory,the webapps/zimbra/skins directory includes theZimbra UI theme files

lib/Libraries

libexec/ Internally used executables

log/ Local logs for Zimbra Collaboration server application

logger/ RRD and SQLite data files for logger services

mariadb/ MariaDB database files

net-snmp/ Used for collecting statistics

openldap/ OpenLDAP server installation, pre-configured to workwith Zimbra Collaboration

postfix/ Postfix server installation, pre-configured to work withZimbra Collaboration

redolog/ Contains current transaction logs for the ZimbraCollaboration server

snmp/ SNMP monitoring files

ssl/ Certificates

store/ Message store

zimbramon/ Contains control scripts and Perl modules

zimlets/Contains Zimlet zip files that are installed with Zimbra

zimlets-deployed/

Contains Zimlets that are available with the ZimbraWeb Client

zimlets-network

Contains Zimlet zip files for features that are installedwith the network edition

zmstat/ mailboxd statistics are saved as .csv files

Parent Directory Description


21/355


Product Overview

Web Client Versions

Zimbra offers a standard HTML, advanced Javascript, a mobile client, or touchclient that users can log into to use Zimbra. The web clients include mail,calendar, address book, and task functionality. Users can select the client touse when they log in.

Advanced Web Cl ient includes Ajax capability and offers a full set of webcollaboration features. This web client works best with newer browsersand fast Internet connections.

Standard Web Client is a good option when Internet connections are slowor users prefer HTML-based messaging for navigating within their mailbox.

Mobile Client (Native Mail Client) is used to configure and sync the Zimbramailbox server with the native mail client on a mobile device.

Touch Client (Mobile Web App) provides an experience for touch-capablemobile devices. Its features are a subset of the features found in theZimbra Web Client, including Mail, Contacts and Calendar.

Mobile HTML Client provides mobile access to Zimbra when using theStandard Web Client version.

When users sign in, they view the advanced Zimbra Web Client, unless theyuse the menu on the login screen to change to the standard version. If ZWCdetects the screen resolution to be 800 x 600, users are automaticallyredirected to the standard Zimbra Web Client. Users can still choose theadvanced ZWC but see a warning message suggesting the use of thestandard ZWC for better screen view.

When connecting to Zimbra using a mobile web browser, Zimbra automaticallydetects and defaults to the Touch Client. To use the Mobile Client, you must

configure your mobile device to sync with the Zimbra server.

Web Services and Desktop Clients

In addition to using a web browser or mobile device to connect to ZimbraCollaboration, connection is available using a web service, such as ExchangeWeb Services (EWS), or a desktop client such as Zimbra Connector toMicrosoft Outlook, which uses MAPI. The following are supported:

Exchange Web Services (EWS) provides client access to enable ZimbraCollaboration to communicate with the Exchange Server when usingMicrosoft Outlook on a Mac device. To enable EWS client access, see the

Class of Service section. EWS is a separately licensed add-on feature.

Messaging Application Programming Interface (MAPI) synchronizes toMicrosoft Outlook 2013/2010/2007/2003 with full delegate, offline accessand support for S/MIME. Use the Zimbra Connector to Outlook to connectto Zimbra Collaboration when using Microsoft Outlook on a Windowsdevice. To enable MAPI (Microsoft Outlook) Connector, see the Class ofService section.


22/355



Support for all POP3, IMAP4, Calendaring Extensions to Web DistributedAuthoring and Versioning (CalDAV), and vCard Extensions to WebDistributed Authoring and Versioning (CardDAV) clients.

Offline Mode

Zimbra Offline Mode allows access to data without network connectivity whenusing the Zimbra Web Client (ZWC).

For example, if there is no server connectivity or server connectivity is lost,ZWC automatically transitions to “offline mode”. When server connectivity isrestored, ZWC automatically reverts to “online mode”.

The offline mode uses HTML5, which uses a caching capability that can beconsidered a super set of the normal browser caching. To enable offline mode

support, see the Class of Service section.


23/355


3 Licensing

A Zimbra license is required in order to create accounts. When you purchase,renew, or change the Zimbra license, you update the Zimbra server with thenew license information.


License Types

License Requirements

License Usage by Account Type

License Activation

Obtain a License

License Types

Zimbra Collaboration licensing gives administrators better visibility and controlinto the licensed features they plan to deploy. You can monitor usages andmanage the following license types.

Accounts limi t. The maximum number of accounts you can create and thenumber of accounts created are shown.

Mobile accounts limit. The maximum number of accounts that can havethe native mail mobile feature enabled.

Touch Client accounts l imit . The maximum number of accounts that canhave the touch client mobile feature enabled.

MAPI accounts lim it. The maximum number of accounts that can useZimbra Connector for Microsoft Outlook (ZCO).

Exchange Web Services (EWS) accounts limi t. The maximum number ofaccounts that can use EWS for connecting to an Exchange server. EWS isa separately licensed add-on.

High-Fidelity Document Preview: The maximum number of accounts that

can use the High-Fidelity document preview. LibreOffice must be installed.

Arch iv ing Accounts l im it . The maximum number of archive accounts thatcan be created. The archive feature must be installed.


24/355



License Requirements

Several types of licenses are available:

Trial. You can obtain a free Trial license from the Zimbra website, atwww.zimbra.com. The trial license allows you to create up to 50 users. It

expires in 60 days. Trial Extended. You can obtain a Trial Extended license from Zimbra Sales

by contacting [email protected] or calling 1-650-427-5701. This licenseallows you to create up to 50 users and is valid for an extended period oftime.

Subscription. You must purchase the Zimbra Subscription license. Thislicense is valid for a specific Zimbra Collaboration system and is encryptedwith the number of Zimbra accounts (seats) you have purchased, theeffective date, and expiration date of the subscription license.

Perpetual. You must purchase the Zimbra Perpetual license. This licenseis similar to a subscription license and is valid for a specific Zimbra

Collaboration system, is encrypted with the number of Zimbra accounts(seats) you have purchased, the effective date, and an expiration date of2099-12-31. When you renew your support agreement, no new perpetuallicense is sent to you, but your Account records in the systems is updatedwith your new support end date.

License Usage by Account Type

Below is a description of Zimbra Collaboration accounts and if they impactyour license limit.

System accounts. System accounts are specific accounts used by Zimbra

Collaboration. They include the spam filter accounts for junk mail (spamand ham), virus quarantine account for email messages with viruses, andGALsync account if you configure GAL for your domain. Do not deletethese accounts! These accounts do not count against your license.

Administ rator account . Administrator and delegated administratoraccounts count against your license.

User accounts. User accounts count against your license account limit.When you delete an account, the license account limit reflects the change.

Al ias account . Aliases do not count against your license.

Distribution list. Distribution lists do not count against your license.

Resource account . Resource accounts (location and resources) do notcount against your Zimbra Collaboration license.

License Activation

All network edition installations require license activation. New installationshave a 10 day grace period from the license issue date before requiring


25/355


Licensing

activation. Your license can be activated by selecting Configure > GlobalSettings > License > Activate License.

Upgraded Zimbra Collaboration versions require an immediate activation tomaintain network feature functionality.

Automat ic License Act ivationLicenses are automatically activated if the Zimbra Collaboration server has aconnection to the Internet and can communicate with the Zimbra Licenseserver. If you are unable to automatically activate your license, see ManualLicense Activation.

Manual License Activation

For systems that do not have external access to the Zimbra License server,you can use the Zimbra Support Portal to manually activate your license. Goto the Zimbra website at www.zimbra.com and click Support to display theZimbra Technical Support page. Click the Zimbra Collaboration Suport link todisplay the Zimbra Support Portal page. Enter your email and password to login.

If you have problems accessing the Zimbra Support Portal, contact ZimbraSupport at [email protected].

When Licenses are not Installed or Activated

If you fail to install or activate your Zimbra Collaboration server license, thefollowing scenarios describe how your Zimbra Collaboration server will beimpacted.

License is not installed. If a license is not installed, Zimbra Collaborationdefaults to single user mode where all features limited by license arelimited to one user.

License is not valid. If the license could not be validated, ZimbraCollaboration defaults to single user mode.

License is not activated. A license activation grace period is 10 days. If forsome reason the license is never activated, Zimbra Collaboration defaultsto single user mode after 10 days.

License is in future. If the license starting date is still in the future, ZimbraCollaboration defaults to single user mode.

License is in grace period. If the license ending date has passed and iswithin the 30 day grace period, all features limited by license are stillenabled, but administrators might see license renewal prompts.

License expired. If the license ending date has passed and the 30 daygrace period expired, the Zimbra Collaboration server defaults to thefeature set of the Open Source Edition.


26/355



Obtain a License

On the Zimbra website, go to Downloads to obtain a trial license from theZimbra Downloads area. Contact Zimbra sales regarding a trial extendedlicense, or to purchase a subscription license or perpetual license, by [email protected].

The subscription and perpetual license can only be installed on the ZimbraCollaboration system for which it is purchased. Only one Zimbra license isrequired for your Zimbra Collaboration environment. This license sets thenumber of accounts that can be created.

Current license information, including the number of accounts purchased, thenumber of accounts used, and the expiration date, can be viewed from GlobalSettings > License.

Managing Licenses

The Update Li cense wizard from the administration console’s Global Settings page is used to upload and install a new license. The Activate License link onthe toolbar activates the license.

Current license information, including the license ID, the issue date, expirationdate, number of accounts purchased, and the number of accounts used canbe viewed from Global Settings > License.

License Information

You must have a Zimbra Collaboration license to create accounts. When youpurchase, renew, or change the Zimbra license, you must update the Zimbraserver with the new license information. The Update License Wizard from the

administration console’s Global Settings is used to upload and install a newlicense. The Acti vate License link on the toolbar activates the license.

Current license information, including the license ID, the issue date, expirationdate, number of accounts purchased, and the number of accounts used canbe viewed from the Global Settings > License page.

When the number of accounts created is equal to the number of accountspurchased you will not be able to create new accounts. You can purchaseadditional accounts or you can delete existing accounts. Contact Zimbra salesto purchase additional accounts.

You must renew your license within 30 days of the expiration date. Starting 30days before the license expires, when you log on to the administrationconsole, a reminder notice is displayed.

License Expiration

When your Zimbra Collaboration Network Edition License expires, a licenseexpiration warning appears in the administrative console and web interface forall users. From the date of the license expiration, there is a 30-day grace


27/355


Licensing

period during which the warning message is displayed, but no features aredisabled.

Upon expiration of the grace period, the server reverts to the feature set of theOpen Source Edition. The following is a list of some of the major functions thatare no longer available upon license expiration:

Backup/Restore

Zimbra Mobile (ActiveSync)

Zimbra Touch Client

Exchange Web Services (EWS)

• EWS is a separately licensed add-on

High-Fidelity Document Preview

Zimbra Connector for Outlook

Zimbra Connector for Blackberry

S/MIME

If you maximize your licensed user limit, you are no longer able to create ordelete accounts.

If you do not plan to renew your license, you can regain the ability to create ordelete accounts by upgrading to Zimbra Collaboration free and open sourcesoftware (FOSS). You should choose the same version of FOSS that you arecurrently running on the Zimbra Collaboration Network Edition for thistransition, after which you can upgrade to the latest version of ZimbraCollaboration FOSS.

RenewalWhen the number of accounts created is equal to the number of accountspurchased you will not be able to create new accounts. You can purchaseadditional accounts or you can delete existing accounts. Contact Zimbra salesto purchase additional accounts.

You must renew your license within 30 days of the expiration date. Starting 30days before the license expires, when you log on to the administrationconsole, a reminder notice is displayed.

Update Your License

When you renew or change the Zimbra license, you update ZimbraCollaboration mailbox servers with the new license information. This can bedone from either the administration console or using the zmlicense CLIcommand.

From the administration console:


28/355



1. Save the license on the computer you use to access the administrationconsole.

2. Log on to the administration console, go to Global Settings > License andon the toolbar click Update Li cense. The License Installation Wizard opens.

3. Browse to select the license file. Click Next. The license file is uploaded.

4. Click Install to install the license file.

5. Click Activate License. Upgraded Zimbra Collaboration versions require animmediate activation to maintain network feature functionality.

Your license information is updated automatically. The cached accountlicense count is automatically refreshed on each mailbox server.


29/355


4 Zimbra Mailbox Server

The Zimbra mailbox server is a dedicated server that manages all the mailboxcontent, including messages, contacts, calendar, and attachments.

The Zimbra mailbox server has dedicated volumes for backup and log files.Each Zimbra mailbox server can see only its own storage volumes. Zimbramailbox servers cannot see, read, or write to another server.

This chapter includes:

Mailbox Server on page 29

Web Application Server on page 32 Web Application Server Split on page 32

Backing Up the Mailbox Server on page 33

Mailbox Server Logs on page 33

Mailbox Server

Each account is configured on one mailbox server, and this account isassociated with a mailbox that contains email messages, attachments,calendar, contacts and collaboration files for that account.

Each mailbox server has its own standalone message store, data store, andindex store for the mailboxes on that server. The following is an overview ofeach store and their directory location.

Message Store

All email messages are stored in MIME format in the Message Store, includingthe message body and file attachments.

The message store is located on each mailbox server under /opt/zimbra/store by defaut. Each mailbox has its own directory named after its internalmailbox ID. Mailbox IDs are unique per server, not system-wide.

Messages with multiple recipients are stored as a single-copy on the messagestore. On UNIX systems, the mailbox directory for each user contains a hardlink to the actual file.

When Zimbra Collaboration is installed, one index volume and one messagevolume are configured on each mailbox server. Each mailbox is assigned to a


30/355



permanent directory on the current index volume. When a new message isdelivered or created, the message is saved in the current message volume.

To manage your email storage resources, you can configure storage volumesfor older messages by implementing a Hierarchical Storage Management(HSM) policy. See Chapter 9, Managing Configuration.

Data Store

The Data Store is a MariaDB database where internal mailbox IDs are linkedwith user accounts. All the message metadata including tags, conversations,and pointers indicate where the messages are stored in the file system. TheMariaDB database files are in /opt/zimbra/db.

Each account (mailbox) resides only on one server. Each server has its ownstandalone data store containing data for the mailboxes on that server.

The data store maps the mailbox IDs to the users’ OpenLDAPaccounts.The primary identifier within the Zimbra Collaboration database

is the mailbox ID, rather than a user name or account name. The mailboxID is only unique within a single mailbox server.

Metadata including user’s set of tag definitions, folders, contacts, calendarappointments, tasks, Briefcase folders, and filter rules are in the data storedatabase.

Information about each mail message, including whether it is read orunread, and which tags are associated is stored in the data storedatabase.

Index Store

The index and search technology is provided through Apache Lucene. Eachemail message and attachment is automatically indexed when the messagearrives. An index file is associated with each account. Index files are in/opt/zimbra/index.

The tokenizing and indexing process is not configurable by administrators orusers.


31/355


Zimbra Mailbox Server

Message Tokenization

The process is as follows:

1. The Zimbra MTA routes the incoming email to the mailbox server thatcontains the account’s mailbox.

2. The mailbox server parses the message, including the header, the body,and all readable file attachments such as PDF files or Microsoft Worddocuments, in order to tokenize the words.

3. The mailbox server passes the tokenized information to Lucene to createthe index files.

Note: Tokenization is the method for indexing by each word. Certain

common patterns, such as phone numbers, email addresses, and

domain names are tokenized as shown in the Message

Tokenization illustration.

stanford.edu

stanford.edu

stanford

edu

Word List

documents

words

containing word

word

1

2

3 4

Lucene

“Jo Brown”

Brown

[email protected]

@zimbra.com

zimbra

Jo

jb


32/355



Web Application Server

The Jetty web application server runs web applications (webapps) on anystore server. It provides one or more web application services.

Mailstore Services

Mailstore services provides the back-end access to mailbox/account data.Webapps for the mailstore include:

Mailstore (mail server) = /opt/zimbra/jetty/webapps/service

Zimlets = /opt/zimbra/jetty/webapps/zimlet

User Interface Services

User Interface services provide front-end user interface access to the mailboxaccount data and administration console, including:

Zimbra Web Client = /opt/zimbra/jetty/webapps/zimbra

Zimbra administrator console = /opt/zimbra/jetty/webapps/zimbraAdmin

Zimlets = /opt/zimbra/jetty/webapps/zimlet

Web Application Server Split

The Web Application Server Split functionality provides an option to separatethe mailstore services (mail server) and the user interface services (web clientserver).

For example, a web client server running ‘zimbra,zimbraAdmin’ webappsserving the static UI content like html/css pages, and mail server running‘service’ webapp serving all the SOAP requests. These servers are running insplit mode.

The Web Application Server Split benefits include:

Splitting the web client server from the mail server makes thecustomization process more agile, allowing the roll out of new or updatedweb UI customization without having to restart the mail servers. Thismeans zero down time.

If you want to customize the Zimbra web client or Zimbra administrationconsole, you can take the web client server offline and run customizationor maintenance, while not having to take down the mail server.

The web client server is completely decoupled from mailbox accounts.This means any web client server can service any account request.

Installation and Configuration of the Web Application Server Split

For installation and configuration of the Web Application Server Split, see theZimbra Collaboration Multi-Server Installation Guide.


33/355


Zimbra Mailbox Server

Backing Up the Mailbox Server

Zimbra Collaboration includes a configurable backup manager that resides onevery Zimbra Collaboration server and performs both backup and restorefunctions. You do not have to stop the Zimbra Collaboration server in order torun the backup process. The backup manager can be used to restore a single

user, rather than having to restore the entire system in the event that oneuser’s mailbox becomes corrupted. Full and incremental backups are in /opt/zimbra/backup. See Chapter 17, Backup and Restore.

Each Zimbra mailbox server generates redo logs that contain current andarchived transactions processed by the message store server since the lastincremental backup. When the server is restored, after the backed up files arefully restored, any redo logs in the archive and the current redo log in use are

replayed to bring the system to the point before the failure.

Mailbox Server Logs

A Zimbra Collaboration deployment consists of various third-partycomponents with one or more mailbox servers. Each of the components maygenerate its own logging output. Local logs are in /opt/zimbra/log.

Selected Zimbra Collaboration log messages generate SNMP traps, whichyou can capture using any SNMP monitoring software. See Chapter 16,Monitoring ZCS Servers.

Note: System logs, redo logs, and backup sessions should be on separate

disks to minimize the possibility of unrecoverable data loss in the event

that one of those disks fails.


34/355




35/355


5 Zimbra LDAP Service

LDAP directory services provide a centralized repository for information aboutusers and devices that are authorized to use your Zimbra service. The centralrepository used for Zimbra’s LDAP data is the OpenLDAP directory server.


LDAP Traffic Flow

Zimbra Collaboration LDAP Schema

Account Authentication

Zimbra Collaboration Objects

Global Address List

Flushing LDAP Cache

Note: Zimbra Collaboration supports integration with Microsoft’s Active

Directory Server. Contact support for information on specific directory

implementation scenarios.

The LDAP server is installed when ZCS is installed. Each server has its ownLDAP entry that includes attributes specifying operating parameters. In

addition, a global configuration object sets defaults for any server whose entrydoes not specify every attribute.

A subset of these attributes can be modified through the Zimbra administrationconsole and others through the zmprov CLI utility.

LDAP Traffic Flow

The LDAP Directory Traffic figure shows traffic between the Zimbra-LDAPdirectory server and the other servers in the Zimbra Collaboration system. TheZimbra MTA and the Zimbra Collaboration mailbox server read from, or writeto, the LDAP database on the directory server.

The Zimbra clients connect through the Zimbra server, which connects toLDAP.


36/355



LDAP Directory Traffic

LDAP Directory Hierarchy

LDAP directories are arranged in an hierarchal tree-like structure with twotypes of branches, the mail branches and the config branch. Mail branches areorganized by domain. Entries belong to a domain, such as accounts, groups,aliases, are provisioned under the domain DN in the directory. The configbranch contains admin system entries that are not part of a domain. Configbranch entries include system admin accounts, global config, global grants,COS, servers, mime types, and zimlets.

The Zimbra LDAP Hierarchy figure shows the Zimbra LDAP hierarchy. Eachtype of entry (object) has certain associated object classes.

Zimbra LDAP Hierarchy

directory server

Zimbra mailboxZimbra LDAP

Zimbra MTA

edge MTA

DNS

server

Zimbra CommandLine Tools

ZimbraClients

cn=zimbra

cn=admins cn=confg cn=servers

dc=com

dc=zimbra

ou=people

uid=jane

Domain Branch Config Branch

cn=groups

cn=serverteam

cn=globalgrants cn=zimlets

cn=cos

mime


37/355


Zimbra LDAP Service

An LDAP directory entry consists of a collection of attributes and has aglobally unique distinguished name (dn). The attributes allowed for an entryare determined by the object classes associated with that entry. The values ofthe object class attributes determine the schema rules the entry must follow.

An entry’s object class that determines what kind of entry it is, is called a

structural object class and cannot be changed. Other object classes are calledauxiliary and may be added to or deleted from the entry.

Use of auxiliary object classes in LDAP allows for an object class to becombined with an existing object class. For example, an entry with structuralobject class inetOrgPerson, and auxiliary object class zimbraAccount , wouldbe an account. An entry with the structural object class zimbraServer would bea server in the Zimbra system that has one or more Zimbra packagesinstalled.

Zimbra Collaboration LDAP Schema

At the core of every LDAP implementation is a database organized using aschema.

The Zimbra LDAP schema extends the generic schema included withOpenLDAP software. It is designed to coexist with existing directoryinstallations.

All attributes and object classes specifically created for Zimbra Collaborationare prefaced by “zimbra.,” such as, zimbraAccount object class orzimbraAttachmentsBlocked attribute.

The following schema files are included in the OpenLDAP implementation:

core.schema

cosine.schema

inetorgperson.schema

zimbra.schema

amavisd.schema

dyngroup.schema

nis.schema

Note: You cannot modify the Zimbra schema.


38/355



Zimbra Collaboration Objects

Object Description Object class

Accounts Represents an account on the Zimbra

mailbox server that can be logged into.Account entries are eitheradministrators or user accounts. Theobject class name is zimbraAccount .This object class extends thezimbraMailRecipient object class.

All accounts have the followingproperties:

A name in the format [email protected]

A unique ID that never changes and isnever reused

A set of attributes, some of which areuser-modifiable (preferences) andothers that are only configurable byadministrators

All user accounts are associated with adomain, so a domain must be createdbefore creating any accounts.

zimbraAccount

Class ofService(COS)

Defines the default attributes anaccount has and what features areallowed or denied. The COS controlsfeatures, default preference settings,mailbox quotas, message lifetime,

password restrictions, attachmentblocking, and server pools for creationof new accounts.

zimbraCOS

Domains Represents an email domain such asexample.com or example.org. Adomain must exist before emailaddressed to users in that domain canbe delivered.

zimbraDomain

DistributionLists

Also known as mailing lists, are used tosend mail to all members of a list bysending a single email to the list

address.

zimbraDistributionList


39/355


Zimbra LDAP Service

DynamicGroups

Are like distribution lists. The differenceis members of a dynamic group aredynamically computed by a LDAP

search. The LDAP search filter isdefined in

Zimbra NE Admin Guide 8.6.0

Documents

Transcript of Zimbra NE Admin Guide 8.6.0