How to List members of Distribution List in Zimbra

Problem Definition:

Zimbra provides the ability to use a distribution list, that allows you t add members to the list, and when you send mail to the distribution list, zimbra picks all the members and sends the same mail to all the members. This allows you to easily do group mailing or department wise mailing in a company. Zimbra admin panel does not allow you to list/download all the members in one page and download them. One option available from admin panel is to go to the details of the distribution list email address and from the Member pane, you may download the first page of the list. But the page does not allow you to move on. How can we download all the members of distribution list in Zimbra in one command?

How To List/Download Members of Distribution List in Zimbra

You may do it using the zimprov command given by zimbra. Here are the steps to do so:

~ su - zimbra
~ for i in `zmprov gadl` ; do zmprov gdl $i zimbraMailAlias zimbraMailForwardingAddress ; done

# if you want to store them in a file and download them:
for i in `zmprov gadl` ; do zmprov gdl $i zimbraMailAlias zimbraMailForwardingAddress ; done > /tmp/dd_users.txt

How to Install Zimbra Universal UI Theme on Zimbra 8.8.*

WHAT IS ZIMBRA UNIVERSAL UI

Zimbra universal UI is a theme by Zimbra, that is much more modern, professional looking theme, looks much near to Outlook theme. According to Zimbra, this is still in Beta since 2017, and not available anywhere unfortunately to install/download it from Zimbra until you are using one of the Zimbra Cloud by Zimbra Inc.

HOW DID WE MANAGE TO GET ZIMBRA UNIVERSAL UI?

Zeta Alliance had released an unofficial Zimbra 8.8.5 with the Zimbra Universal UI theme in it, that is downloadable here:

zcs-8.8.5_GA_2000.RHEL7_64.20171222124635.tgz

We installed it and tweaked the ZUU theme to be able to use in any Zimbra 8.8.* version available.

HOW TO INSTALL ZIMBRA UNIVERSAL UI

First keep a copy of zimbra folder:

rsync -vrplogDtH /opt/zimbra/jetty/webapps/zimbra /root/zimbra_backup

Then, download a copy of the zimbra UI from here:

wget https://mellowhost.com/downloads/zimbra-ui.tgz

Untar and migrate to zimbra folder:

tar -xvzf zimbra-ui.tgz
rsync -vrplogDtH zimbra/ /opt/zimbra/jetty/webapps/zimbra/

(Optional) This will install a new theme called ‘clarity’ which is our Zimbra Universal UI theme. You may either use this, and advise your users to choose this as a theme, or replace the default Harmony with this one. To do this, you may do the following:

cd /opt/zimbra/jetty/webapps/zimbra/skins
mv harmony harmony_old
ln -sf clarity harmony

This is done only by creating a softlink for old harmony to clarity theme

Now fix the permissions and restart zimbra to make everything work:

# Fix permission
/opt/zimbra/libexec/zmfixperms -v
service zimbra restart

You may now access Zimbra from your browser to see the new theme loading. If you are having trouble with the http access for your webmail, you may use the following to redirect your http webmail to https webmails

How to Fix zmconfigd failed in Zimbra – Starting zmconfigd…failed.

Sometimes, if you restart Zimbra, you see zmconfigd is not starting or saying it’s failed. You may also see the zmconfigd service is not running in the Zimbra admin panel. There are couple of common reasons why zmconfigd fails to start.

Disable IPv6

One reason of zmconfigd fails to start is IPv6, for some reason, it fails to route the IPv6 and fails to start. A quick solution to this problem is to disable ipv6 and restart zmconfigd. You may do this like the following:

#Edit your sysctl.conf file
nano /etc/sysctl.conf

# paste the following inside the file
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

# Save the file, and update sysctl in realtime
sysctl -p

# now try to restart zmconfigd
su - zimbra
zmconfigdctl restart

Now you can check the zmconfigd status with the following, to know if it’s running or not:

[[email protected] ~]# cat /opt/zimbra/log/zmconfigd.pid
19722

If it returns an ID, it means the zmconfigd is running.

Netcat is not installed

Another reason of the error could be because nc is not installed in your system. Zimbra zmconfigd has a dependency on netcat package. Netcat is available through nmap-ncat in centos systems. You may run the following to install netcat:

yum install nc
# or 
yum install nmap-netcat

How to Redirect HTTP to HTTPs Zimbra 8.8.*

Zimbra Supports HTTPs by Default:

By default Zimbra will use HTTPs support only and disable HTTP use on the webmail client. But users will always use non http port to access the webclient. Users do not like to type https before the domain each time to get into the webmail client. Zimbra uses Nginx to run the proxy services to access the Javamail Client of Zimbra. Zimbra supports 5 types of proxy services through Nginx:

  1. redirect
  2. both
  3. http
  4. https
  5. mixed

You may check the following for details:

Enabling_Zimbra_Proxy_and_memcached

How to Redirect HTTP to HTTPs automatically in Zimbra 8.8*

The most popular out of 5 options for proxy services, is to redirect. To do this, you can run the following:

zmprov ms `zmhostname` zimbraReverseProxyMailMode redirect

This will redirect your URLs to the zimbra hostname based HTTPs.

Now, restart the proxy services:

su - zimbra
zmproxyctl restart

Hope this helps.

How To: Restore Zimbra Quarantined Email by Clam AKA Heuristics.Encrypted.PDF Release Point

Zimbra Mail Server automatically quarantines emails that get hit by the Antivirus scan using Clam when the mail is received. While putting the email on the recipient inbox, what it does, instead of giving the original email with the attachment, it sends a virus detected email with the following kind of error message:

Virus (Heuristics.Encrypted.PDF) in mail to YOU

Virus Alert
Our content checker found
virus: Heuristics.Encrypted.PDF

by Zimbra

It actually means, the original mail is now quarantined. Zimbra maintains a virus quarantine email account that is not normally available in the ‘Manage Account’ list of Zimbra Admin panel. You can find it if you search with ‘virus’ in the ‘Search’ box of the admin panel. What zimbra does in quarantine situation, is that, it pushes the mail to the quarantine email instead of original recipient.

Now, to get back the mail delivered to the original recipient, we need to first get the quarantine email account, get the message id, and then we need to inject the mail into the LMTP pipe that bypasses any scanning. Here are the steps on how to do this:

# First get to the zimbra user
$ su - zimbra

# Get the email account that is used to store virus detected mails
$ zmprov gcf zimbraAmavisQuarantineAccount
zimbraAmavisQuarantineAccount: [email protected]

# [email protected] this should be our quarantine email account, now we need to get the quarantine account's mailbox id
$ zmprov gmi [email protected]
mailboxId: 73
quotaUsed: 644183

# Mailbox id here for the quarantine account is 73. Now go to the message storage of this id using the following command: cd /opt/zimbra/store/0/<mailboxId>/msg/0
$ cd /opt/zimbra/store/0/73/msg/0

# list the messages
$ ls *

These are your quarantined emails. Now for example the complainer is ‘[email protected]’. To search for the emails designated for this email account, you may use the following:

$ grep -l [email protected] *
281-1216.msg
300-1400.msg
301-1476.msg

This should return you all the emails that got quarantined for the above user.

Now the question is, how can we get these emails delivered to the designated user bypassing the antivirus/antispam tools. To do this, you need to inject the mail into LMTP pipe. You may do this using ‘zmlmtpinject’ command as following:

$ zmlmtpinject -r [email protected] -s [email protected] 281-1216.msg

Remember, to change [email protected] to the original recipient. [email protected] would be the newly rewritten sender for this mail delivery and ‘281-1216.msg’ is the file name of the original email that you found out from the grep command. You can do lmtp injections for one email mail with each command. So, you would require to do this for each emails.

How to Add a Zimbra User to Allow Distribution List Creation

NB: This is going to be another documentation purpose post.

A distribution list allow you to create a mailing list. So for example if you have a CRM with a member of 100, you want to add them to a list, so that you do not need to email each of them distinctively when required, instead, you keep a list with an email like [email protected] and allow somebody to shoot at that email, which would make sure all the CRM members get the email. In Zimbra, there is a feature called ‘Distribution List’. By default this is only permitted to admin user to create. But in case, you want to permit a user to create distribution list, you would need to use ‘zimprov’ command. Here is the reference:

# su - zimbra
# zmprov grantRight domain yourzimbradomain.com usr [email protected] createDistList

Fairly simple!

How To Renew & Deploy Let’s Encrypt SSL on Zimbra Server – 2020

Ok, there is a reason to put 2020 on the title. Because the process has changed since past. At this moment, I manage a Zimbra server with multiple domains in it, which won’t deploy the ‘other’ domains if not specified. The process is fairly simple, but I am keeping this as a documentation purpose, so that I don’t miss next time.

To renew the certificate for attached domains using certbot is fairly simple, just do:

# certbot renew

Once done, you you want to use the pre-hook and deploy-hook to do the patching and deploying as following using certbot_zimbra.sh

# certbot_zimbra.sh -p
# certbot_zimbra.sh -r -d 'your_domain'

Updated, certbot_zimbra doesn’t take this. ‘-n’ used to be taken as new and ‘-r’ for replacing, now, ‘-r’ is removed. Instead you can use ‘-e’ to specify new domains. So the command for replacement and deployment would be fairly simple as following:

# certbot_zimbra.sh -p
# certbot_zimbra.sh -d -e 'mail.yourdomain.com'
# certbot_zimbra.sh -d -e 'mailapp.yourdomain.com'


… and so on. At this moment, I couldn’t find a way to advise zimbra certbot to follow a list of domains instead of one. But this is probably possible by cracking the certbot.