Zimbra Notes

This is going to be an ongoing post where I list useful commands that I happen across while managing various Zimbra installations. This is mainly for my own sanity but it has the added benefit of possibly being able to help out someone else. Enjoy!

Configure a domain-wide COS

First, retrieve the ID of the COS:

zmprov gc "My Custom COS" | grep zimbraId

That command will return something like this:

zimbraId: 4158eba0-ee56-4f14-9c28-2f4088888149

Then configure it:

zmprov md mydomain.tld zimbraDomainDefaultCOSId 4158eba0-ee56-4f14-9c28-2f4088888149

Increasing the Maximum Allowable Attachment Size

By default, this setting is low. Nowadays it’s acceptable to send attachments larger than 10MB (but not obscenely larger). I don’t like it and I discourage my users from sending large attachments via e-mail but if you feel the need to loosen up this restriction, here are the commands to do that:

su -l zimbra
zmprov ms `zmhostname` zimbraFileUploadMaxSize 20971520
zmprov mcf zimbraFileUploadMaxSize 20971520
zmprov ms `zmhostname` zimbraMailContentMaxSize 20971520
zmprov mcf zimbraMailContentMaxSize 20971520
zmprov mcf zimbraMtaMaxMessageSize 20971520
zmmtactl restart

20971520 = 20MB in bytes.

Disabling the Spam Filter

Sometimes it might be desirable to disable spam filtering across an entire domain or COS. For example, if you pay a 3rd party service to do your spam filtering for you.

zmprov md domain.tld +amavisBannedFilesLover TRUE
zmprov md domain.tld +amavisSpamLover TRUE

The first command turns off all filetype filtering for the domain “domain.tld” while the second turns off all spam filtering. If you wanted to do this on a per-account basis, you’d do this:

zmprov ma user@domain.tld +amavisBannedFilesLover TRUE
zmprov ma user@domain.tld +amavisSpamLover TRUE

“ma” stands for “manage account” and “md” stands for “manage domain”. This is used to specify which type of object you are editing/managing. To reverse these changes you would just change the “+” to a “-” in the previous commands or change the “TRUE” to “FALSE”. My understanding is that this:

zmprov ma user@domain.tld -amavisBannedFilesLover TRUE
zmprov ma user@domain.tld -amavisSpamLover TRUE

Accomplishes the same exact thing that this does:

zmprov ma user@domain.tld +amavisBannedFilesLover FALSE
zmprov ma user@domain.tld +amavisSpamLover FALSE

(This is an assumption, someone please correct me if I’m wrong.)

Now, it’s also possible to completely disable spam and virus filtering, here’s how to do it:

zmprov -l ms `zmhostname` -zimbraServiceEnabled antivirus
zmprov -l ms `zmhostname` -zimbraServiceEnabled antispam

However, if you do this, you will end up with an ugly “UNCHECKED” tag inserted into the subject line of every e-mail. To get rid of that you’ll need to edit /opt/zimbra/amavisd/sbin/amavisd and change the following value:

$undecipherable_subject_tag = '***UNCHECKED*** ';

to:

$undecipherable_subject_tag = '';

And then restart Zimbra:

/etc/init.d/zimbra restart

Enabling RBLs

zmprov mcf zimbraMtaRestriction "reject_rbl_client cbl.abuseat.org" zimbraMtaRestriction "reject_rbl_client bl.spamcop.net" zimbraMtaRestriction "reject_rbl_client dnsbl.sorbs.net" zimbraMtaRestriction "reject_rbl_client sbl.spamhaus.org" zimbraMtaRestriction "reject_rbl_client relays.mail-abuse.org"

This will enable the following RBLs:

  • cbl.abuseat.org
  • bl.spamcop.net
  • dnsbl.sorbs.net
  • sbl.spamhaus.org
  • relays.mail-abuse.org

To see which zimbraMtaRestriction options are enabled:

zmprov gacf | grep zimbraMtaRestriction

You can also add/remove RBLs from the administration console; you’ll find the option under Configure->Global Settings->MTA in the “DNS Checks” section. I haven’t found how how to remove a single RBL via the CLI without wiping out the whole list — if anyone knows of a way, please let me know!

Archiving/exporting/importing a user’s inbox

This is handy if you want to move a user from one server to another, or if you need to export and archive the mailbox of a user who no longer exists.

zmmailbox -z -m user@domain.tld getRestURL "//?fmt=tgz" > /tmp/user_inbox.tar.gz

Then, to import to another server:

zmmailbox -z -m user@domain.tld postRestURL "//?fmt=tgz&resolve=reset" /tmp/user_inbox.tar.gz

Working with grants

Retrieve grants for a user’s folder (Calendar, in this example):

zmmailbox -z -m user@domain gfg /Calendar

Grant read only access to user1@domain’s calendar to user2@domain

zmmailbox -z -m user1@domain mfg /Calendar account user2@domain r

Remove all grants to user2@domain on user1@domain’s Calendar

zmmailbox -z -m user1@domain mfg /Calendar account user2@domain ''

Permissions are represented by the following letters: r, w, i, x, d, a

(r)ead – search, view overviews and items
(w)rite – edit drafts/contacts/notes, set flags
(i)nsert – copy/add to directory, create subfolders action
(x) – workflow actions, like accepting appointments
(d)elete – delete items and subfolders, set \Deleted flag
(a)dminister – delegate admin and change permissions

So if you wanted to give all rights to user2@domain from the previous example, you’d replace the ‘r’ with ‘rwixda’.

Working with mountpoints

Mount “/Inbox/Shared Data” from user1@domain.tld’s account to “/Inbox/User1 Shared Data” on user2@domain.tld’s account:

zmmailbox -z -m user2@domain.tld cm "/Inbox/User1 Shared Data" user1@domain.tld "/Inbox/Shared Data"

To delete the mountpoint*:

zmmailbox -z -m user2@domain.tld df "/Inbox/User1 Shared Data"

*Be extremely careful when doing this! Make sure that you are deleting the mountpoint and not the source directory (in the example above, this would be the “/Inbox/Shared Data” directory on user1@domain.tld’s account)

Enabling the Dumpster

The dumpster feature allows users (and more importantly, admins) to recover deleted messages. There are four settings that control this behavior:

  • zimbraDumpsterEnabled – TRUE/FALSE determines whether the dumpster feature is enabled
  • zimbraDumpsterPurgeEnabled – TRUE/FALSE determines whether users can empty/purge their dumpster
  • zimbraDumpsterUserVisibleAgend where n is the number of days you’d like to allow users to view/recover the messages stored in the dumpster.
  • zimbraMailDumpsterLifetimend where n is the number of days you’d like to keep items stored in the dumpster before automatically purging them.

Let’s say for example, you want to keep all deleted messages (for legal/auditing purposes) for two years and you don’t want the users to be able to purge the messages they’ve deleted. You’d run a command similar to this one (as the zimbra user):

zmprov mc default zimbraDumpsterEnabled "TRUE" zimbraDumpsterPurgeEnabled "FALSE" zimbraDumpsterUserVisibleAge "1d" zimbraMailDumpsterLifetime "730d"

This will enable the dumpster for the ‘default’ COS; disable purging; allow users to see the messages in their dumpster less than a day old; and keep messages in the dumpster for two years (730 days). This is just an example, of course but it should provide a good understanding as to how to use these options.

Listing all user accounts for a domain

zmprov -l gaa domain.com

Setting a password from the command line

zmprov sp user@domain 'b3%356sf^578685'

Enable local authentication fallback (useful for using both LDAP and local authentication simultaneously)

zmprov md domain.tld zimbraAuthFallbackToLocal TRUE
zmcontrol restart

Getting a list of all folders for an account

zmmailbox -z -m user@domain.tld gaf

Get a list of message IDs for the first 1000 messages in “/OLD Mail/Inbox” and save them to a file

zmmailbox -z -m user@domain.tld search -t message -l 1000 'in:"/Old Mail/Inbox"' | awk '{print $2}' | sed -e '1,4d' | tr '\n' ',' | sed -e 's/,,//g' > messageids.txt 

Then, do something with those messages; in this example, we’re going to move them to “/To Be Deleted”:

zmmailbox -z -m user@domain.tld mm `cat messageids.txt` "/To Be Deleted"

Raise the number of items that Zimbra Desktop or the Zimbra Web Client will display per page

zmprov ma user@domain.tld zimbraPrefMailItemsPerPage 500

Zimbra will only allow any single user account to have 10000 contacts total, this is how you raise that limit

zmprov ma user@domain.tld zimbraContactMaxNumEntries 20000

*Note: Before you do this, take some time to examine whether it’s really necessary. Make sure the account doesn’t have a bunch of duplicate contacts.

List all contacts for an account

zmmailbox -z -m user@domain.tld gact

List all contacts for an account and save the IDs to a file

zmmailbox -z -m user@domain.tld gact | grep 'Id: [0-9].*$' | tr '\n' ',' | sed -e 's/Id: //g' -e 's/,$//g' > contactids.txt

Then, do something with those contact IDs; in this example we’re going to delete them:

zmmailbox -z -m user@domain.tld dct `cat contactids.txt`

Route a user’s e-mail to another mail server

zmprov ma user@domain.tld zimbraMailTransport smtp:someothermailhost.domain.tld:25

… or set a user’s mail transport back to the default setting:

zmprov ma user@domain.tld zimbraMailTransport lmtp:domain.tld:7025

Route an entire domain’s mail through another SMTP server

zmprov md domain.com zimbraMailTransport smtp:mail.someotherdomain.com

Further Reading:

Zimbra Administrator’s Guide

Zmmailbox Reference

What a n00b! | Zimbra junk mail options you didn’t know existed

Zimbra Wiki: Turning on or off RBLS

Zimbra Forums » [SOLVED] unchecked

Zimbra Wiki » Improving Anti-Spam System

Zimbra Account Export / Import from Command Line

Configuring Zimbra for Split Domain During Mail Migration