1
------------https://dilliganesh.wordpress.com/category/zimbra/page/3/
zimbra user to check all user's mailbox size:-
su - zimbra all_accounts=`zmprov -l gaa`; for account in $all_accounts; do mbox_size=`zmmailbox -z -m $account gms`; echo "Mailbox size of $account = $mbox_size"; done ;
After running above commands you will get output in the below format:-
Mailbox size of user@example.com = 5.72 KB Mailbox size of user2@example.com = 1.38 KB Mailbox size of test@example.com = 0 B Mailbox size of test2@mydomain.com = 19.27 MB Mailbox size of supporttest@supportlab.in = 162.15 KB
zmmailbox -z -m u1@worldcm.tk
cd /opt/zimbra/store/
zmprov gmi user@domain.com | grep mailboxId | cut -f2 -d” “
How to find spam generating email account in zimbra
Run the below command
tail -n 100000 /var/log/mail.log | grep “sasl_username=”
or
tail -n 100000 /var/log/maillog | grep “sasl_username=”
If you want save the output in a file, run the below command
tail -n 100000 /var/log/mail.log | grep “sasl_username=” > smtpauthlogins.txt
Linux command to delete all inbox emails of a domain on Zimbra server
Single Mailbox Folder
root@localhost[~]$ su zimbra
[zimbra@mail root]$ zmmailbox -z -m accountname@domainname.com emptyFolder /Inbox
clean Zimbra mail queue as root user
[root@mailmachine sbin]# /opt/zimbra/common/sbin/mailq | tail -n +2 | awk 'BEGIN { RS = "" } / spam.user@spammer.net/ { print $1 }' | tr -d '*!' | /opt/zimbra/common/sbin/postsuper -d -
----------------------------
/opt/zimbra/common/sbin/mailq | tail -n +2 | awk 'BEGIN { RS = "" } / admin/ { print $1 }' | tr -d '*!' | /opt/zimbra/common/sbin/postsuper -d ---------------------
/opt/zimbra/postfix/sbin/postqueue -pzmcontrol restart# /opt/zimbra/common/sbin/postsuper -d ALL deferredmailq/opt/zimbra/postfix/sbin/postqueue -p | tail -n +2 | awk 'BEGIN { RS = "" } / sender@mail\.com/ { print $1 }' | tr -d '*' | /opt/zimbra/postfix/sbin/postsuper -d -/opt/zimbra/postfix/sbin/postsuper -d ALL/opt/zimbra/common/sbin/postsupe -d ALL/opt/zimbra/postfix/sbin/postsuper -d ALL deferred/opt/zimbra/postfix/sbin/postsuper -d ALL hold# /opt/zimbra/common/sbin/postsuper -d ALL deferredGet user wise Storage
# su zimbra# all_accounts=`zmprov -l gaa`; for account in $all_accounts; do mbox_size=`zmmailbox -z -m $account gms`; echo "Mailbox size of $account = $mbox_size"; done ;Postfix Queues
As zimbra using sudo - show a summary of queue count - ~/libexec/zmqstat:
[zimbra@mail37 ~]$ sudo ~/libexec/zmqstathold=0corrupt=0deferred=0active=0incoming=0As zimbra - /opt/zimbra/postfix/sbin/postqueue -p
[zimbra@mail37 ~]$ /opt/zimbra/postfix/sbin/postqueue -p-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------EC753D0D00* 328 Thu Apr 5 14:34:09 sender@sourcedomainname.local recipient@destinationdomainname.local-- 0 Kbytes in 1 Request.
As zimbra - mailq
[zimbra@mail~]$ mailqMail queue is empty# sudo /opt/zimbra/common/sbin/postcat -qv B8C8C6019C3
Qshape - Print Postfix queue domain and age distribution
/opt/zimbra/bin/qshape
Message In The Queue Get the message id and use post cat:
/opt/zimbra/postfix/sbin/postcat -q EC753D0D00or with more information, include the -v option:
/opt/zimbra/postfix/sbin/postcat -qv EC753D0D00To Flush Postfix Queue/opt/zimbra/postfix/sbin/postqueue -fTo Requeue Messages In Postfix/opt/zimbra/postfix/sbin/postsuper -r ALL
To Delete Single Message From Queue
/opt/zimbra/postfix/sbin/postsuper -d [MSGID From postqueue -p]
To Delete ALL Messages From Queue
/opt/zimbra/postfix/sbin/postsuper -d ALL
Another way to do this:
mailq | awk '{print $1}' | postsuper -d -
To Delete ALL Messages From The Deferred Queue
/opt/zimbra/postfix/sbin/postsuper -d ALL deferred
To Delete ALL Messages From The Hold Queue
/opt/zimbra/postfix/sbin/postsuper -d ALL hold
To Delete Many Messages From Queue
To delete a large number of files one would use:
/opt/zimbra/postfix/sbin/postsuper -d - < filename-with-queue-ids.txt
Problem
While normally 'zmfixperms' is the preferred method to do this, on ZCS v8.7.0[1,2] running "zmfixperms --verbose --extended" sets incorrect permissions to the Postfix binaries.
The following errors are seen when this is the case:
Connect to the Postfix showq service: Permission denied
postqueue: fatal: Connect to the Postfix showq service: Permission denied
Solution
With the help of the following commands, we can set the correct permission and ownership of the Postfix binaries.
[Run as ROOT]
chown root:postdrop /opt/zimbra/common/sbin/postqueuechown root:postdrop /opt/zimbra/common/sbin/postdropchown root:root /opt/zimbra/common/libexec/ -R chmod 755 /opt/zimbra/common/sbin/postqueue chmod 755 /opt/zimbra/common/sbin/postdrop chmod g+s /opt/zimbra/common/sbin/postqueue chmod g+s /opt/zimbra/common/sbin/postdropThis bug has been fixed in ZCS v8.7.3
How to change a Normal account to Admin account in Zimbra
This will create an additional admin account with the password of zimbra
# zmprov ca account_name@domain.com password zimbraIsAdminAccount TRUE
This will transform a normal existed user account into an admin account
# zmprov ma account_name@domain.com zimbraIsAdminAccount TRUE
How to set zimbra login redirect http to https
https://dilliganesh.wordpress.com/2016/09/21/how-to-set-zimbra-login-redirect-http-to-https/
Good way to you can enforce https encrpytion by redirecting http to https:
# su – zimbra
# zmtlsctl redirect
# zmcontrol stop
# zmcontrol start
Zimbra 8 Restriction for Postfix Senders/Recipient step by step
https://dilliganesh.wordpress.com/2014/04/07/zimbra-8-restriction-for-postfix-sendersrecipient-step-by-step/
We can change the below line on zmconfigd.cf for postfix restrictions
[zimbra@mail conf]$ vi /opt/zimbra/conf/zmconfigd.cf
POSTCONF smtpd_recipient_restrictions FILE zmconfigd/smtpd_recipient_restrictions.cf
change to POSTCONF smtpd_recipient_restrictions FILE zmconfigd/postfix_recipient_restrictions.cf
POSTCONF smtpd_reject_unlisted_recipient no
change to POSTCONF smtpd_reject_unlisted_recipient yes
Copy a smtpd_recipient_restrictions.cf to postfix_recipient_restrictions.cf
[zimbra@mail conf]$ cp smtpd_recipient_restrictions.cf postfix_recipient_restrictions.cf
Edit the postfix_recipient_restrictions.cf file and add the below line
[zimbra@mail conf]$ vi postfix_recipient_restrictions.cf
%%contains VAR:zimbraServiceEnabled cbpolicyd, check_policy_service inet:localhost:@@cbpolicyd_bind_port@@%%
check_recipient_access hash:/opt/zimbra/postfix/conf/protected_recipients
Restart the zimbra configuration file..
[zimbra@mail conf]$ zmconfigdctl restart
Create the protected_recipients file and add the user sender list
[zimbra@mail conf]$ vi protected_recipients
block_id@example.com permitted_sender_list
block_id1@example.com permitted_sender_list1
Create the permitted_sender file and add the permitted sender user accounts list
[zimbra@mail conf]$ vi permitted_senders
allow_id@example.com ok
allow_id1@example.com ok
allow_id2@example.com ok
allow_id3@example.com ok
Create a update_protected_recipients file for execute the permitted sender list and protected recipient list
[zimbra@mail conf]$ vi update_protected_recipients
#!/bin/bash
echo “rebuild_permitted_recipients..”
postmap /opt/zimbra/postfix/conf/protected_recipients
echo “rebuild permitted_senders..”
postmap /opt/zimbra/postfix/conf/permitted_senders
echo “rebuild permitted_senders..”
postmap /opt/zimbra/postfix/conf/permitted_senders1
[zimbra@mail conf]$ chmod 755 update_protected_recipients
[zimbra@mail conf]$ /opt/zimbra/postfix/conf/update_protected_recipients
Edit the main.cf and add the following line in bottom..
[zimbra@mail conf]$ vi main.cf
permitted_senders_list = check_recipient_access hash:/opt/zimbra/postfix/conf/permitted_senders, reject
permitted_senders_list1= check_recipient_access hash:/opt/zimbra/postfix/conf/permitted_senders1, reject
smtpd_restriction_classes = permitted_senders_list , permitted_senders_list1
[zimbra@mail conf]$ postfix reload
------------------------------------------------
How to Create auto Bcc for recipient mails for Zimbra 8.7
Auto bcc for recipient mails
[root@email ~]# su zimbra
[zimbra@email conf]$ cd /opt/zimbra/conf
[zimbra@email conf]$ pwd
/opt/zimbra/conf
[zimbra@email conf]$ vi recipient_bcc
mailer@lqs.co.in copy_acc@lqs.co.in
[zimbra@email conf]$ cd ../common/conf/
[zimbra@email conf]$ pwd
/opt/zimbra/common/conf
[zimbra@email conf]$ vi main.cf
recipient_bcc_maps = lmdb:/opt/zimbra/conf/recipient_bcc
[zimbra@email conf]$ postmap /opt/zimbra/conf/recipient_bcc
[zimbra@email conf]$ postfix reload
How to Create auto Bcc for sender mails for Zimbra 8.7
Auto bcc for sender mails
[root@email ~]# su zimbra
[zimbra@email conf]$ cd /opt/zimbra/conf
[zimbra@email conf]$ pwd
/opt/zimbra/conf
[zimbra@email conf]$ vi sender_bcc
mailer@lqs.co.in copy_acc@lqs.co.in
[zimbra@email conf]$ cd ../common/conf/
[zimbra@email conf]$ pwd
/opt/zimbra/common/conf
[zimbra@email conf]$ vi main.cf
add the following line in bottom
sender_bcc_maps = lmdb:/opt/zimbra/conf/sender_bcc
[zimbra@email conf]$ postmap /opt/zimbra/conf/sender_bcc
restart the zimbra postfix
[zimbra@email conf]$ postfix reload
How to change IP Address of Zimbra Mail Server
1. Check out the current value of postconf:
[root@mail /]# su zimbra
[zimbra@mail /]$ postconf mynetworks
mynetworks = 127.0.0.0/8 192.168.1.0/24 [::1]/128 [fe80::]/64
[zimbra@mail /]$
In this case our postfix will reply for all machines with 192.168.1.X serious all IP address
2. If you don’t want to allow relaying for the network, but only for the zimbra server itself, configure the server like this:
[zimbra@mail /]$ hostname
mail.ttdconline.com
[zimbra@mail /]$ zmprov ms mail.ttdconline.com zimbraMtaMyNetworks ‘127.0.0.1/8 192.168.1.200/24’
[zimbra@mail /]$ postfix reload
[zimbra@mail /]$ postconf mynetworks
mynetworks = 127.0.0.1/8 192.168.1.200/24
How to Enable TLS for SMTP Server in Zimbra
First, become user zimbra:
# su zimbra
Set postfix’s smtpd_tls_security_level to may by:
zmprov ms mail.server.com zimbraMtaSmtpTlsSecurityLevel may
or
zmprov modifyServer mail.server.com zimbraMtaSmtpTlsSecurityLevel may
After done, restart MTA server by:
# zmmtactl restart
-------------------------------------------
Rejecting false "mail from" addresses
Zimbra Collaboration 8.5 and above
For Zimbra Collaboration 8.5 and above, please use the next commands to increase the security and reject the logins for users that doesn't exist in the LDAP:
zmprov mcf zimbraMtaSmtpdRejectUnlistedRecipient yes zmprov mcf zimbraMtaSmtpdRejectUnlistedSender yes zmmtactl restart zmconfigdctl restart
For Zimbra Collaboration 8.0.x and previous
Zimbra Collaboration 8.0.x
For Zimbra Collaboration 8.0.x, open the file /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf and add this line into the middle of the file, prior to the tag_as_foreign.re lines: Add this:
check_sender_access hash:/opt/zimbra/conf/domainrestrict
Should looks like:
... check_sender_access hash:/opt/zimbra/conf/domainrestrict %%contains VAR:zimbraServiceEnabled antivirus^ check_sender_access regexp:/opt/zimbra/postfix/conf/tag_as_foreign.re%%
Zimbra Collaboration 7.x
For Zimbra Collaboration 7.x you should follow the next steps:
su - zimbra zmlocalconfig -e postfix_smtpd_sender_restrictions="reject_unknown_sender_domain, permit_mynetworks, permit_sasl_authenticated, check_sender_access hash:/opt/zimbra/conf/domainrestrict, permit"
Remaining steps are same for ZCS 8.0.x and previous versions
Create the file "/opt/zimbra/conf/domainrestrict" and add your domain(s) to it.
localdomain.com REJECT anotherlocaldomain.com REJECT
You can also put some friendly/non-friendly message. Something like this.
localdomain.com REJECT You're not me! anotherlocaldomain.com REJECT You're not me!
Create the hash database of "/opt/zimbra/conf/domainrestrict". Run as 'zimbra' user.
postmap /opt/zimbra/conf/domainrestrict
Restart zmmtactl.
zmmtactl stop zmmtactl start
Restricting Users to Send mails to Certain Domains on Zimbra 8.5
1. Open file /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf and add this line at the top
check_sender_access lmdb:/opt/zimbra/postfix/conf/restricted_senders
2. Open file /opt/zimbra/conf/zmconfigd.cf and add those lines before RESTART mta. This is example on my system
POSTCONF smtpd_restriction_classes local_only POSTCONF local_only FILE postfix_check_recipient_access.cf RESTART mta
3. Create a file /opt/zimbra/conf/postfix_check_recipient_access.cf and add the following line
check_recipient_access lmdb:/opt/zimbra/postfix/conf/local_domains, reject
4. Create a file “/opt/zimbra/postfix/conf/restricted_senders” and list all the users, whom you want to restrict. Follow this syntax:
user@yourdomain.com local_only
5. Create a file “/opt/zimbra/postfix/conf/local_domains” and list all the domains where “restricted users” allowed to sent mails. Please follow this syntax:
yourdomain.com OK otheralloweddomain.com OK
6. Run following commands
postmap /opt/zimbra/postfix/conf/restricted_senders postmap /opt/zimbra/postfix/conf/local_domains zmmtactl stop zmmtactl start
Please try to sending email to allowed domain and not allowed domain. If you insert new user on number 4 or new domain on number 5, don’t forget to running again number 6.
How To Block Emails Or Domains On Zimbra 8 MTA
1. Create a postfix_reject_sender file with the following command
1
2
su - zimbra
vi /opt/zimbra/common/conf/postfix_reject_sender
Enter the email or domain that will be blocked according to the following example.
2. Enter the zimbraMtaSmtpdSenderRestrictions command
zmprov ms `zmhostname` +zimbraMtaSmtpdSenderRestrictions "check_sender_access lmdb:/opt/zimbra/common/conf/postfix_reject_sender"
1
zmprov ms `zmhostname` +zimbraMtaSmtpdSenderRestrictions "check_sender_access lmdb:/opt/zimbra/common/conf/postfix_reject_sender"
3. Postmap the file you created using the following command
1
postmap /opt/zimbra/common/conf/postfix_reject_sender
4. Restart MTA
1
zmmtactl restart
5. To check zimbraMtaSmtpdSenderRestrictions successfully installed using the following command.
1
zmprov gs `zmhostname` | grep zimbraMtaSmtpdSenderRestrictions
If successful, it will appear as follows
zimbraMtaSmtpdSenderRestrictions: check_sender_access lmdb:/opt/zimbra/common/conf/postfix_reject_sender
Add emails in the block list
1. Enter the email you want to block
1
zimbraMtaSmtpdSenderRestrictions: check_sender_access lmdb:/opt/zimbra/common/conf/postfix_reject_sender
1
2
su - zimbra
vi /opt/zimbra/common/conf/postfix_reject_sender
2. Post folder long
Rollback configuration
1. Enter the following command for rollback
zmprov ms `zmhostname` -zimbraMtaSmtpdSenderRestrictions "check_sender_access lmdb:/opt/zimbra/common/conf/postfix_reject_sender"
1
postmap /opt/zimbra/common/conf/postfix_reject_sender
1
zmprov ms `zmhostname` -zimbraMtaSmtpdSenderRestrictions "check_sender_access lmdb:/opt/zimbra/common/conf/postfix_reject_sender"
2. Restart MTA
1
zmmtactl restart
How to Blacklist and Email Whitelists or Domains on Zimbra 8
Usually on the default zimbra score values that are considered spam emails exceed 6.6. The score can be checked on the Original email, on the zimbra webclient in the Action > Show Original menu . As follows how it looks
01
02
03
04
05
06
07
08
09
10
X-Virus-Scanned: amavisd-new at saad.web.id
X-Spam-Flag: NO
X-Spam-Score: 2.288
X-Spam-Level: **
X-Spam-Status: No, score=2.288 required=6.6 tests=[BAYES_20=-0.001,
BODY_SINGLE_WORD=0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DMARC_PASS_NONE=-0.6, HTML_MESSAGE=0.001,
HTML_MIME_NO_HTML_TAG=0.377, MIME_HTML_ONLY=0.723,
MISSING_MIMEOLE=1.899, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001,
T_RP_MATCHES_RCVD=-0.01] autolearn=no autolearn_force=no
Prior to the blacklist and whitelist, you first backup the amavisd.conf.in file with the following command:
The Whitelist way
1. Enter the email line or domain you want to whitelist in the amavisd.conf.in file
1
cp /opt/zimbra/conf/amavisd.conf.in /opt/zimbra/conf/amavisd.conf.in.backup
1
2
su - zimbra
vi /opt/zimbra/conf/amavisd.conf.in
Example
1
2
3
4
5
6
7
{ # a hash-type lookup table (associative array)
'noreply@saad.web.id' => -10.0,
'saad.web.id' => -10.0,
'nobody@cert.org' => -3.0,
'cert-advisory@us-cert.gov' => -3.0,
'owner-alert@iss.net' => -3.0,
'slashdot@slashdot.org' => -3.0,
2. Restart amavis
Blacklist way
1. Enter the email line or domain you want to blacklist in the amavisd.conf.in file
1
zmamavisdctl restart
1
2
su - zimbra
vi /opt/zimbra/conf/amavisd.conf.in
Example
1
2
3
4
5
6
7
{ # a hash-type lookup table (associative array)
'noreply@saad.web.id' => 10.0,
'saad.web.id' => 10.0,
'nobody@cert.org' => -3.0,
'cert-advisory@us-cert.gov' => -3.0,
'owner-alert@iss.net' => -3.0,
'slashdot@slashdot.org' => -3.0,
2. Restart amavis
1
zmamavisdctl restart
good luck
-----------