Results 1 to 5 of 5

Thread: Tweaks needed

  1. #1
    Join Date
    Sep 2008
    Posts
    6
    Rep Power
    7

    Default Tweaks needed

    After installing Zimbra there are a few things that we need to properly sort out in order to actually use it in replacement of our previous mail system.

    Firstly, we have multiple domains and multiple sites based around the country. Not only that but certain sites have multple domains. On top of this, we aren't going to be using said domains to access the webmail remotely as we use a 3rd party service for spam/AV services so we don't get that pumped down our line.

    We've bought a new domain name and can access the webmail and have set Zimbra up authenticating from our OpenLDAP server which works pretty well. If we create multiple domains we seem to have to log in using the whole e-mail address which we don't want to do. On the default domain (which by the way is the new domain we registered and won't be accepting mail from) logs in without the need of the whole e-mail address, only the username - any way to fix this? (We are using %u as said in the wiki for auth).

    The way we've worked around the problem is just to add everyone to the default domain and change the canonical address. Now if we add distribution lists we can't hide the fact that it says 'group@unused.domain.com' and if we specifically add it to the alternate domain that distribution list won't show up on the GAL because it seems the way the GAL searches is only down the domain tree the user is attached too (not the whole tree).

    How can we enable accepting mail from certain hosts without using authentication or SSL (as stated above we use a 3rd party service for mail scanning etc) so we need an open relay for their hostnames.

    Are we able to administer/tie in servers from multiple sites into one admin page (we have full intersite connections) or do we have to do it via an admin page on each server.

    Lastly, is there any training/consultancy avaliable in the UK?
    Last edited by rpc; 09-25-2008 at 05:55 AM.

  2. #2
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    Quote Originally Posted by rpc View Post
    We've bought a new domain name and can access the webmail and have set Zimbra up authenticating from our OpenLDAP server which works pretty well. If we create multiple domains we seem to have to log in using the whole e-mail address which we don't want to do. On the default domain (which by the way is the new domain we registered and won't be accepting mail from) logs in without the need of the whole e-mail address, only the username - any way to fix this? (We are using %u as said in the wiki for auth).

    The way we've worked around the problem is just to add everyone to the default domain and change the canonical address. Now if we add distribution lists we can't hide the fact that it says 'group@unused.domain.com' and if we specifically add it to the alternate domain that distribution list won't show up on the GAL because it seems the way the GAL searches is only down the domain tree the user is attached too (not the whole tree).
    As there can only be one default domain - that's just:
    zmprov mcf zimbraDefaultDomainName domainA.com
    and users can login with username/pass.

    However, user's in domainB.com on the other hand will have to type the full login username@domainB.com/pass.

    To solve that you can create a virtual host - so users can log in without having to specify the domain name as part of their user name if they visit that address.

    Admin console GUI > Domains > Virtual Hosts tab. The virtual host requires a valid DNS configuration with an A record.
    OR
    Code:
    zmprov md domainB.com zimbraVirtualHostname webmail.domainB.com
    Users enter the virtual host name as the URL address (webmail.domainB.com) where they enter just their username/pass.
    The authentication request searches for a domain with that virtual host name and authentication is completed against that domain.

    ---Extra info---

    You can configure each domain with the public service host name to be used for REST URLs.
    Used for example in sharing Document notebooks, Mail, and Biefcase folders, as well as Tasks, Contacts, and Calendars; by default shares are generated with the zimbra_server_hostname/zimbraServiceHostname into a URL http://server.domain.com/service/home/username and @domain.com is appended to the username if it varies from the zimbraDefaultDomainName.

    If Zimbra is generating a URL like http://server.domain.com and you'd rather have it http://mail.domain.com or other hostname:
    Code:
    zmprov md domain.tld zimbraPublicServiceHostname hostname.domain.tld
    You can use another FQDN like "mail.domain.tld" as long as 'mail' has a proper DNS entry to point at 'server' both internally and externally.

    In 5.0.9+ REST URL's can now be composed of 3 attributes: zimbraPublicService[Protocol + Hostname + Port] to avoid dependency on zimbraServer objects. 'Protocal' & 'Port' are automatically configured on upgrade if you have 'Hostname' set. Bug 29978 - remove requirement that zimbraPublicServiceHostname have a corresponding zimbraServer object You can just set 'Hostname' and run fine however - ie: if you should forget to set 'Protocol' & 'Port'.

    --- Extra info 2 ---

    Now, if you have a multi server setup you can deploy a login load balancer for the Zimbra server so that all users can log in using the same address/name instead of having to remember which server their mailbox is on.

    You set up a virtual hostname of mail.example.com and configure four mail servers, mail1.example.com to mail4.example.com.

    When users log on to mail.example.com, the load balancer directs the user to any one of the mail servers to verify the log on information. After successfully logging on, users are redirected to the actual server their mail is stored on. While they are logged on, all subsequent requests go directly to their server.

    In order to configure this you must turn on the following for each mail server:
    Code:
    zmlocalconfig -e zimbra_auth_always_send_refer=true

    Quote Originally Posted by rpc View Post
    How can we enable accepting mail from certain hosts without using authentication or SSL (as stated above we use a 3rd party service for mail scanning etc) so we need an open relay for their hostnames.
    By this crossed out I assume you found out how to add my/trusted networks via other threads.

    Quote Originally Posted by rpc View Post
    Are we able to administer/tie in servers from multiple sites into one admin page (we have full intersite connections) or do we have to do it via an admin page on each server.
    If they share the same LDAP master server then yes you can manage from one mailstore admin console.

    Quote Originally Posted by rpc View Post
    Lastly, is there any training/consultancy avaliable in the UK?
    Use the contact form at the bottom of the training page to express interest in Zimbra Sponsored one's - there's some europe based HSP's & VAR's that may put on their own as well & might open them to non-customers for a fee. (I should point out that anyone in the community certainly is welcome to sponsor a free event if they are able to provide time & resources.)

  3. #3
    Join Date
    Sep 2008
    Posts
    6
    Rep Power
    7

    Default

    Hi Mike,

    Thanks very much for your very detailed reply. It covered everything I had asked for

    Regarding what you said about sharing the same LDAP master server - do you mean the internal Zimbra one?

    We have encountered 2 more things we would like to tweak.. but so far everything is working very well and compared with the mail system we have been previously using (scalix) we actually have decent logging we can look at!!

    The 2 things;

    How do you change the default setup language? We've looked everywhere in the CoS and can't find that option. Hopefully there is a command line option we can fire for this?

    Lastly is it possible, in the webmail at least, to hide some e-mails in the accounts page under 'From: Choose the name that appears in the "From" field of email messages'? We have aliases set up that we are using for internal forwarding and are therefore won't work for the outside world. We wouldn't like users to be able to select these aliases.

    Thanks again.

  4. #4
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    Quote Originally Posted by rpc View Post
    Regarding what you said about sharing the same LDAP master server - do you mean the internal Zimbra one?
    Yes, essentially what constitutes our definition of multi-server setup & not a separate installation is working from the same ZCS OpenLDAP master.
    If they're connected to the same LDAP master then the admin console is aggregate for your servers/accounts/etc.

    Currently only one master LDAP server can be set up; this server is authoritative for user information, server configuration, etc. Replica LDAP servers can be defined to improve performance and to reduce the load on the master server. All updates are made to the master server and these updates are copied to the replica servers.

    The more replicas you have the more threads there are trying to sync with the only master. If you over-saturate things there's a higher likelihood some replicas will fall behind while others monopolize the master, particularly in a heavy write environment.

    We don't recommend running more than 6 replicas at the moment. (Daisy-chaining replicas is another matter.)

    Upcoming on radar: Bug 27872 – Support multi-master LDAP deployment > Bug 21991 – OpenLDAP 2.4 upgrade with BDB 4.7

    Quote Originally Posted by rpc View Post
    How do you change the default setup language? We've looked everywhere in the CoS and can't find that option. Hopefully there is a command line option we can fire for this?
    Code:
    zmprov mc COSname zimbraPrefLocale en_US
    Quote Originally Posted by rpc View Post
    Lastly is it possible, in the webmail at least, to hide some e-mails in the accounts page under 'From: Choose the name that appears in the "From" field of email messages'? We have aliases set up that we are using for internal forwarding and are therefore won't work for the outside world. We wouldn't like users to be able to select these aliases.
    At the moment there's no easy checkbox per-alias for enabeling in persona (or hiding in GAL).
    But you can make it so they can't configure any personas with those aliases:
    zmprov mc COSname zimbraFeatureIdentitiesEnabled FALSE
    (identities got renamed persona later)

    Bug 14919 – hide aliases in GAL on a per-alias basis
    If you want to make a similar one RFE for "choose which aliases a user can send as" go for it.

    Alternatively you could use a static Postfix table lookup for those aliases instead of using Postfix virtual LDAP mappings, but you wouldn't be able to manage that from the admin console GUI obviously.

  5. #5
    Join Date
    Sep 2008
    Posts
    6
    Rep Power
    7

    Default

    Cheers Mike,

    The 'zmprov mc COSname zimbraFeatureIdentitiesEnabled FALSE ' doesn't seem to have any affect on anythign that we can see.

    The hopefully last problem we have (we are now running the system live) is that we have put a lot of allowed relays into the MTA section however it seems to only have a 256 character limit on the website. We edited a postfix config file to add these manually however every time postfix is restarted these changes are reset. How else can we manually enter relays to bypass the websites 256 character limit?

Similar Threads

  1. BES and Zimbra, what is needed?
    By quietas in forum Zimbra Connector for BlackBerry
    Replies: 1
    Last Post: 09-19-2008, 06:53 PM
  2. firefox 3 tweaks?
    By dagar in forum Administrators
    Replies: 0
    Last Post: 07-15-2008, 03:25 PM
  3. [SOLVED] What ports are needed for zimbra mobile ?
    By timothyalangorman in forum Zimbra Mobile
    Replies: 3
    Last Post: 11-01-2007, 08:29 PM
  4. [SOLVED] does anti-spam tweaks survive upgrade
    By reckless2k2 in forum Installation
    Replies: 2
    Last Post: 09-25-2007, 09:32 AM
  5. How much RAM is really needed for a Zimbra server?
    By danfluidmind in forum Installation
    Replies: 5
    Last Post: 01-29-2007, 01:52 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •