I tried to leave only ipv6, the result was the same, the services that were in ipv6 stayed the same and the ipv4 did not (as expected), I went back to both option and stayed as it was before ... Is it some BUG version 8.7? :shock: Are you saying that when you had: listen [::]:143 ipv6only=off; or l...

Very confusing for sure. If you look at /opt/zimbra/ssl... there are a lot of backups there. zmcertmgr has code to backup those SSLDirs and will call keytool and openssl to perform its function. You can enable debugging with -debug to watch what it is doing. I see some comments in the code in relati...

That is a loaded question. :D For multiple-domain, You have some options but because letsencrypt doesn't do wildcard certs, this may not be the best CA depending on complexity with some environments. If you have a few, then the current limit is 100 domain aliases per certificate so you would need to...

I know what you mean about JAVA... I know nothing about how or even if it has a different keystore location. I take it that the zmmailbox command failed for you? This link might offer some guidance: http://tech.sid3windr.be/2012/10/configuring-zimbra-to-use-your-own-commercial-ssl-certificate/ They ...

Sorry I don't have much more to offer. It is confusing to me that it works for everything else but backup. The message seems to indicate that the keystore doesn't have your CA which if true... then why does everything else work? Odd. I do my certs much differently so I have exhausted the little know...

It kind of looks like IdentTrust.pem wasn't added to the end of your fullchain.cer ... I tend to create the IdentTrust.pem and then cat it. If you did some cut/paste... watch for new lines and other oddities, etc. You should see 3 certs in that fullchain cd wherever_your_certs_are grep BEGIN fullcha...

Do you get the same message when you do the following:



If that worked, does this look correct?

On our servers, we don't see much of our storage costs associated with the db. Given your question, I did it at the disk level to see if we had the problem you mentioned. cd /opt/zimbra/db/data/ find . -size +100M -exec ls -lh {} \; For instance one of the largest accounts is about 50GB of storage b...

ipset is a great choice! if you create them with timeouts then you don't have to worry about taking out addresses that are from legit sites. # used by iptables to slow down smtp attacks ipset create blacklist hash:ip hashsize 4096 timeout 900 ipset create blacklist4hr hash:ip hashsize 4096 timeout 1...

#rewrite_subject 1 #20161205 #subject_tag _STARS(*)_ SPAM _STARS(*)_ #20161212 From my perspective, your rules above have syntax errors for version 3 spamassasin. Ref: https://wiki.apache.org/spamassassin/SubjectRewrite As an aside: The latest rules from /opt/zimbra/libexec/zmsaupdate via cron are ...