June 2020 Zeta Alliance Weekly Call Summaries

Industry info, happenings near you, and new product integrations. Hosting an event? Invite people here.
User avatar
rleiker
Advanced member
Advanced member
Posts: 80
Joined: Tue Jan 07, 2020 8:23 pm
Location: Kansas City
Contact:

June 2020 Zeta Alliance Weekly Call Summaries

Postby rleiker » Thu Jun 04, 2020 5:35 am

Hello Zimbra Community,

Here is a summary of this week’s conference call. A few brief reminders:

June 2, 2020 Conference Call Summary

Expired Sectigo CA Root Certificate
Mark S. reported encountering challenges with updating the certificate chain for the Sectigo SSL certificates (formerly Comodo CA) installed on his Zimbra servers. He said the issue was triggered by a Sectigo root certificate that expired at the end of May 2020, which was minimally publicized by Sectigo in advance, and which is further described here: https://support.sectigo.com/articles/Kn ... ay-30-2020 . Gary C. and Mark discussed strategies for handling this change on his Zimbra installations.

Zimbra Bug And Enhancement Updates
Mark S. said he was hoping that a fix for an earlier reported Zimbra bug, assigned as ZBUG-1485, which relates to failing mailbox moves across mailbox servers using the doMailboxMove command was included in 8.8.15 Patch 10, as he is currently unable to finish decommissioning a deprecated mailbox server until it is fixed. John H. confirmed that this bug is fixed in both 8.8.15 Patch 10 and 9.0 Patch 3.

The release notes for both 8.8.15 Patch 10 and 9.0 Patch 3, which were published the day after the June 2nd Zeta Alliance call, now include a list of all Zimbra bug IDs fixed within the patches:
Mark also commented on a newly reported bug one of his customers encountered, assigned as ZBUG-1581. It relates to an issue his customer experienced while trying to copy folder trees from their local disk storage to Zimbra Drive. He explained that it appears that only individual files can be uploaded to Zimbra Drive, while folder trees cannot yet be uploaded. John H. confirmed this issue is flagged internally in Zimbra’s Jira bug tracking database as a RFE (request for enhancement).

How To Article For Adding Attachments With A Zimlet in Zimbra 9.0
Barry D. published a new article (https://github.com/Zimbra/zimbra-zimlet-attacher) which provides a walk through of how to write Zimlets that can attach files from an external third-party service in the Zimbra 9.0 Composer.

Zimlet Guide For Supporting Multiple Languages and Storing Metadata in Zimbra 9.0
Barry D. published a guide (https://github.com/Zimbra/zimbra-zimlet-sticky-notes) explaining how to support multiple languages (internationalization) within a Zimlet, in addition to discussing how Zimlets can store custom metadata in Zimbra 9.0.

Barry also mentioned this page (https://wiki.zimbra.com/wiki/DevelopersGuide) which lists several of his recently published articles/guides for getting started with writing Zimlets.

Updating the RMail Zimlet for Zimbra 9.0
Randy L. asked if there were plans to update the RMail Zimlet (https://zimbra.org/extend/items/view/rpost) for Zimbra 9.0. Barry D. suggested that the staff at RPost will need to reach out to the Zimbra Product team to determine the priority for this update.

YouTube Live Stream Event: Building A Zimlet
Barry D. said that he will be presenting a demonstration of how to build a Zimlet on a YouTube Live Stream event on June 18th at 1 pm GMT. Gayle B. said that invites for this event will be sent out soon.

Advance Patch Release Notes For Zimbra Partners
John E. followed-up on a topic from an earlier call and said that a process has been established internally in Synacor to ensure that going forward, the Zimbra Partner Channeltivity Portal will have an advance copy of patch release notes available for partners to review, prior to the general release of Zimbra patches. In earlier Zeta Alliance calls, Zimbra Partners had expressed the importance of receiving advance notice of security and bug fixes to be included within future patches, for the purpose of effectively planning their patching schedules for customers.

Synacor 10-Q Quarterly Report
Mark S. commented that he recently read the Synacor 10-Q quarterly report (https://www.synacor.com/investor-relati ... fault.aspx) and noted that it said Synacor has about 4,000 customers. Mark said that he suspects this number is very low, probably because end users at Zimbra BSPs are not being included in this number.


User avatar
rleiker
Advanced member
Advanced member
Posts: 80
Joined: Tue Jan 07, 2020 8:23 pm
Location: Kansas City
Contact:

Re: June 2020 Zeta Alliance Weekly Call Summaries

Postby rleiker » Thu Jun 11, 2020 6:12 pm

Hello Zimbra Community,

Here is a summary of this week’s conference call. A few brief reminders:

June 9, 2020 Conference Call Summary

Breaking Changes In Zimbra Patches
Marc G. commented that he found that after upgrading to 8.8.15 Patch 10 that his Crontab jobs on his Zimbra servers began failing. Upon investigating, he found it was due to breaking changes introduced to the NG Module command line syntax in Patch 10, as described in the release notes for the Patch. He explained that he felt it is problematic to introduce breaking changes in patches, and suggested that these types of changes should be reserved for Zimbra version upgrades.

Zimbra Docs Issue
Mark S. reported seeing an error in the Zimbra Web Client related to Zimbra Docs which said “This is an unsupported version of Zimbra Docs. To avoid the impression that it is suitable for deployment in enterprises, this message appears when more than 50 documents or 200 connections are in use concurrently.” Cine suggested that Mark opens a Zimbra Support case so it can be escalated to the Zextras development team. Mark confirmed that he opened Zimbra support case number 01011586 related to this issue.

LDAP Multi-Master Replication In Zimbra
Mark G. said that he was considering deploying Multi-Master Replication (MMR) for his LDAP servers in Zimbra (https://wiki.zimbra.com/wiki/LDAP_Multi ... eplication) and asked the opinions of those on the call about their experiences with MMR. Mark S. said that he is aware of one weak point in MMR, which requires that all LDAP master servers continuously have their clocks in near perfect sync with each other. He explained that he has been able to achieve this by running the Chrony service on his LDAP servers. He added that with MMR, he finds it easier to phase LDAP servers in or out of his Zimbra environment, since the only requirement is to change the replication agreements between LDAP servers. He also added that it is possible to run MMR in conjunction with read-only replicas. Mark suggested setting the zmlocalconfig values of ldap_url and ldap_master_url differently on each Zimbra server so that each uses a different preferred order of LDAP servers to evenly spread requests across LDAP servers.

John E. added that another reason to use MMR with replicas, is that it lowers the load on the LDAP master servers, since the replicas can be used for all read-only LDAP requests in Zimbra, while the masters are only needed for LDAP write requests. He recommended adding one or more SSDB servers (https://zimbra.github.io/zimbra-9/admin ... o_use_ssdb), as this will further reduce load on the LDAP servers. Randy L. commented that another benefit of running MMR is that it makes it much easier to do online Zimbra patches and upgrades without needing to take his entire Zimbra cluster offline. He said that the only time he will take his Zimbra cluster offline is when the release notes for a patch or upgrade require a major LDAP schema update.

How Zimbra Handles LDAP Server Failures
Marc G. asked if Zimbra will experience performance issues should LDAP replication fail. John E. said that it may not slow down Zimbra, but it will result in a split-brain scenario, where each LDAP server has conflicting data that will lead to a series of other related problems.

Noah P. asked what happens if an LDAP server is still pingable by a Zimbra mailbox or MTA server, but does not respond correctly to an LDAP request. Randy L. said that Zimbra does not seem to be able to recognize when an invalid LDAP response is received, and continues to try to use a bad LDAP server as long as the LDAP service is still listening and the server is pingable. John E. commented that there is some more development work to be done in this area to make Zimbra more resilient to LDAP server failures.

Sending Email With Outlook Personas And The Zimbra Connector
Randy L. shared an issue encountered by one of his customers running Outlook with multiple personas configured, along with the Zimbra Connector for Outlook (ZCO). The customer said that after upgrading from ZCO 8.8.15 Build 1837 to any later build of ZCO 8.8.15 or ZCO 9.0, prior to ZCO 9.0 Build 1876, the customer encountered the error “permission denied: can not access account user@domain.com” when attempting to send email via some, but not all of his Outlook personas. The customer found that ZCO 9.0 Build 1876 contains a fix for this issue, which is undocumented in the release notes for this ZCO version. John E. commented that the improvements in the recent releases of ZCO are a direct outcome of all of the feedback that Synacor has recently received from Zimbra partners.

Feedback On The New Zimbra Patch Release Notes Format
Randy L. commented that he liked the inclusion of the Jira tickets fixed in the release notes for 8.8.15 Patch 10 (https://wiki.zimbra.com/wiki/Zimbra_Rel ... ra_Summary) and 9.0 Patch 3 (https://wiki.zimbra.com/wiki/Zimbra_Rel ... ra_Summary). Mark S. agreed and said that it is also helpful from a marketing perspective to see which parts of Zimbra are being actively worked on. John W. also agreed the list of Jira tickets fixed is helpful. John E. said that in the 9.0 Patch 3 release notes, any Jira ticket preceded with the identifier “PREAPPS-(number)” in the Jira list relates to an improvement or fix in the Zimbra 9.0 Modern UI. He also explained that with the Jira ticket numbers, it makes it possible to see the commit history for a Jira ticket in Zimbra’s Github repos, but that the only challenge is in finding the corresponding Zimbra Github repo, since Zimbra currently uses many Github repos.

Protecting The Postfix Submission Port In Zimbra From Abuse
Mark S. shared a blog post that he recently wrote related to protecting the Postifx submission port in Postfix (TCP 587) within Zimbra from brute force password guessing attacks: https://www.missioncriticalemail.com/20 ... sion-only/
User avatar
rleiker
Advanced member
Advanced member
Posts: 80
Joined: Tue Jan 07, 2020 8:23 pm
Location: Kansas City
Contact:

Re: June 2020 Zeta Alliance Weekly Call Summaries

Postby rleiker » Fri Jun 19, 2020 5:40 am

Hello Zimbra Community,

Here is a summary of this week’s conference call. A few brief reminders:

June 16, 2020 Conference Call Summary

Using MMR And SSDB To Balance LDAP Write Requests In Zimbra
Marc G. shared a problem he recently encountered where his LDAP servers in Zimbra became overwhelmed with write requests, eventually leading to the LDAP servers becoming non-responsive, and user authentication requests for mailbox access failing. He described his current LDAP topology as one primary (master) server, which handles read + write requests, and one secondary (slave) server, which handles read-only requests.

To better manage heavy write loads, Marc asked if it is better to use the multi-master replication (MMR) feature, or if it is better to use the SSDB support, both of which are available in Zimbra 8.8.x and newer. For the best performance, resiliency, and scalability, John E. said that it is optimal to use MMR, combined with read-only LDAP replicas and SSDB. He explained that the most important component is MMR, as it provides HA (high availability) for the Zimbra LDAP service, ensuring that there are at least 2 or more LDAP servers that can handle read and write requests, and ensures that users can always authenticate for mailbox access. When combined with LDAP replicas, this allows for Zimbra to send only write requests to the LDAP MMR servers, and all read-requests to the LDAP replicas. If SSDB servers are used, this further removes write loads from the MMR servers, as SSDB is specifically built to perform well with heavy write loads, whereas OpenLDAP generally performs poorly with frequent write requests. John said that since SSDB stores ephemeral (briefly stored) data in Zimbra, such as authentication tokens, CSRF tokens, and last login time stamps, if the SSDB servers should fail, Zimbra will still work, but at the cost of forcing already authenticated users to re-authenticate to continue accessing their mailboxes. As compared to losing all of the LDAP servers, Zimbra will no longer work, and no mailbox access is possible until the LDAP servers are recovered. John said that it is not essential to setup SSDB with HA, and in cases where a single SSDB server is used, there should at least be a process that monitors the SSDB server and restarts it, if needed. He also pointed out that when a customer contacts Zimbra Support regarding an LDAP performance issue, Support will frequently ask the customer to disable the last login time stamp and CSRF tokens, especially if an SSDB server is not yet part of a customer’s Zimbra topology.

John E. also mentioned that the OpenLDAP project originally did not support HA, but in working with Zimbra during the early part of its history, the OpenLDAP and Zimbra teams collaborated to effectively bolt on HA capabilities in OpenLDAP.

For a more in-depth explanation of the MMR, LDAP replica, and SSDB options, refer to:


Zimbra’s Compatibility with Redis
Marc G. said that since the Zimbra Administration Guide specifies that a Redis-based client is used to interact with SSDB, he wondered if he could use his existing Redis infrastructure. John E. said that it might work, but recommended testing it carefully. He said that getting SSDB setup in HA is relatively easy, but setting up HA with Redis may be more involved.

Split-Brain When Using OpenLDAP In A MMR Configuration
Mark S. shared an experience he had with another Zimbra installation he used to operate where he had two master LDAP servers become out of sync with each other, leading to a split-brain situation. To correct it, he said he compared the two LDAP databases side-by-side using a third-party LDAP tree visualization tool, which he used to see which LDAP values on either server were newer. He then cloned one of the LDAP master servers, and for each LDAP key value, set the newly re-built master LDAP server to those newest values from the prior two LDAP servers experiencing the split-brain issue.

Built-In Versus External Support For SSDB In Zimbra
Mark S. said that his only concern about SSDB is that Zimbra does not directly support it, since it is up to the Zimbra administrator to separately provision their own SSDB servers, and SSDB is not distributed with Zimbra. John E. said that Mark should raise this point with Zimbra and that not using SSDB creates more risk for LDAP, since intensive writes to LDAP servers are known to create problems.

Free/Busy Issue Resolved
Noah reported that an earlier issue he encountered with the Free/Busy feature in the Zimbra Connector for Outlook, as described at: https://wiki.zimbra.com/wiki/Free_Busy_ ... ZCO.29_.3D has been successfully resolved as of 8.8.15 Patch 9 and 9.0 Patch 2.

Feedback On Using ActiveSync 16.1 In Zimbra
Mark S. reported that after installing 8.8.15 Patch 10, he enabled ActiveSync 16.1 support for his clients, while keeping Samsung devices on ActiveSync 2.5, and said there has been no issues. He said a few clients needed to do a full re-sync of their mailboxes on their phones, with the clients that were mainly affected were those with large mailboxes (25+ GB mailboxes). For those clients, he had each client delete their Exchange profile on their phone, then re-add the profile, followed by allowing a lot of time for the re-synchronization of the mailbox to complete on the client’s phone.

As discussed in the May 5th call summary (http://forums.zimbra.com/viewtopic.php? ... 71#p297273), proceed carefully when performing a global upgrade/downgrade of the ActiveSync version for your clients to ensure a smooth transition to the new global ActiveSync version.
ghen
Posts: 9
Joined: Thu May 12, 2016 1:56 pm
Location: Belgium

Re: June 2020 Zeta Alliance Weekly Call Summaries

Postby ghen » Wed Jun 24, 2020 1:26 pm

Hi

Can I put the following topic on the agenda for next week please: Content-Security-Policy (CSP).
There is demand for this [1] [2] [3], as more and more vulnerability scanners and security audits require it, but except for some pointers to generic documentation on the Security wiki [4], Zimbra has not published much about it at all.

To complicate things, the Zimbra webclient makes extensive use of inline javascript, eval(), inline style, etc, which are considered unsecure, so it will require a fairly "weak" (permissive) CSP to not break any functionality.

Nevertheless it would be helpful if Zimbra could document a working policy that customers can start with (and customize to their specific needs).
User avatar
rleiker
Advanced member
Advanced member
Posts: 80
Joined: Tue Jan 07, 2020 8:23 pm
Location: Kansas City
Contact:

Re: June 2020 Zeta Alliance Weekly Call Summaries

Postby rleiker » Sun Jun 28, 2020 3:56 am

ghen wrote:Hi

Can I put the following topic on the agenda for next week please: Content-Security-Policy (CSP).


Hi Ghen,

The Zeta Alliance call is open to everyone and we would be happy to have you join us to discuss this topic. Our next call is scheduled for this coming Tuesday, June 30th.
User avatar
rleiker
Advanced member
Advanced member
Posts: 80
Joined: Tue Jan 07, 2020 8:23 pm
Location: Kansas City
Contact:

Re: June 2020 Zeta Alliance Weekly Call Summaries

Postby rleiker » Sun Jun 28, 2020 4:02 am

Hello Zimbra Community,

Here is a summary of this week’s conference call. A few brief reminders:

June 23, 2020 Conference Call Summary

ActiveSync Issue When Synchronizing A Large Number Of Folders
Mark S. reported encountering an issue with one of his clients who has both Android and iPhones, which are setup to sync with Zimbra using ActiveSync, where the devices never finish syncing, and endlessly restart the sync process. He said this is occurring in 8.8.15 both prior to and after installing Patch 10. He explained that the affected clients’ devices are syncing mailboxes with large numbers of mailbox folders for email items up to 30 days old, with many of those folders also setup for sharing. The user devices do not report any errors when the sync process fails and restarts, but new email only appears in the Zimbra Web Client, and not on the users’ phones. Each time the sync process fails, most of the contacts and calendar items from the phones also disappear, but then slowly re-appear as each new sync attempt restarts. Mark said that checking the sync.log file on his Zimbra servers shows a warning similar to: “Mobile (username) sync invalid sync key for folder (folder number/ID)”. Mark said he opened a support case with Zimbra Support, and asked those on the call if they had encountered a similar issue with reaching an upper limit on the number of items that ActiveSync can successfully synchronize to a phone.

Cine commented that he recalled a case where a Zimbra user had 158,000 mailbox folders in Outlook, and Outlook was unable to successfully complete a sync within the lifetime of the Zimbra auth token before the auth token expired. He said that 70% of ActiveSync issues tend to be related to issues with calendar items and suggested that if that is the cause of the issue that Mark described, that upgrading the client to ActiveSync version 16 might be the solution, since an estimated 80% of the code related to calendar synchronization was re-written in ActiveSync 16. Cine also suggested using a debug feature built-in to Zimbra (https://docs.zextras.com/zextras-suite- ... leshooting) to determine the point at which errors begin occurring for a given phone during an ActiveSync session. Cine explained that each mailbox folder has a unique sync key assigned to it, and that from Mark’s description, he suspects that after an ActiveSync client (phone) or the Zimbra server reach a certain threshold of errors, it decides to reset the sync key back to 0, thereby resulting in another full re-sync of the phone being attempted. Mark asked if the cause of this issue might be related to multiple devices attempting an ActiveSync against the same folder. Cine said that that should not matter, as the sync keys are device-specific. John E. added that it could be related, as he recalled a case where the heartbeat interval setting may be non-negotiable and cause the phone not to sync at all as was found to be occurring with the Outlook for Android app.

Restricting Subscribed IMAP Folders For the iPhone
Noah P. asked if anyone knew of an IMAP email app, available for the iPhone, that could selectively subscribe to a subset of the email folders within a mailbox, as compared to the default behavior of subscribing to all IMAP folders within a mailbox. Cine suggested Nine (9folders.com), which costs $10. John E. suggested that the native iOS Mail app should be able to be configured to avoid subscribing to select folders, but this capability could not be confirmed during the call.

Mobile Synchronization For Shared Folders
Mark S. said that one of his clients has all of their shared folders currently enabled for syncing with mobile devices and asked how to disable syncing of these folders. Cine said that this is not the default behavior, as shared folders are normally disabled and must be individually enabled for syncing to mobile devices. Mark said he suspects the client might have enabled this setting for all shared folders prior to moving to his hosted Zimbra environment and expressed concern about needing to manually disable this feature for a large number of shared folders. Cine said this is fortunately easy to do and requires a simple three line Bash script to perform a mass update for the client’s shared folders.
User avatar
jeastman
Zimbra Employee
Zimbra Employee
Posts: 33
Joined: Tue Mar 29, 2016 1:36 pm

Re: June 2020 Zeta Alliance Weekly Call Summaries

Postby jeastman » Tue Jun 30, 2020 7:37 pm

Just a small follow-up from last week's call....

I did some research into mobile mail clients which support IMAP subscriptions and was not able to find any that supported that feature. I recall some time ago that there were apps which supported it, but it seems no more. Most apps simply allow you to specify which folders you would like sync'd to the client automatically, but do not provide any means to hide or remove a folder.
John Eastman
User avatar
rleiker
Advanced member
Advanced member
Posts: 80
Joined: Tue Jan 07, 2020 8:23 pm
Location: Kansas City
Contact:

Re: June 2020 Zeta Alliance Weekly Call Summaries

Postby rleiker » Mon Jul 06, 2020 4:39 am

Hello Zimbra Community,

Here is a summary of this week’s conference call. A few brief reminders:

June 30, 2020 Conference Call Summary

iOS Calendar Issues
Gary C. reported that one of his customers is encountering a recurring issue on their iOS devices, configured with Exchange accounts for Zimbra, where calendar appointments are disappearing unexpectedly. Gary opened support case 01020341 on this issue.

John W. and Randy L. said that after upgrading to 8.8.15 Patch 10, both are hearing from multiple customers reporting that calendar appointments on iOS devices, configured with Exchange accounts for Zimbra, are having an issue where accepted calendar invites appear on the invitee’s calendar on the wrong days or times. The days/times shown for a given calendar event seem to be random in nature and are not offset by the same number of hours, suggesting it is not an issue with an incorrect time zone.

Cine commented that both issues might be solved by:
  • Upgrading to 8.8.15 Patch 11 or 9.0 Patch 4, which contains a fix for a related calendar issue affecting NG Mobile
  • Upgrading the affected mobile devices to ActiveSync version 16.1 in Zimbra, while leaving the Samsung Activesync version set at 2.5.

As discussed in earlier Zeta Alliance calls, before changing the global ActiveSync version in Zimbra’s Mobile NG settings, testing should be done by upgrading the ActiveSync version of individual devices with EAS Filters (https://zimbra.github.io/adminguide/lat ... as_filters) to ensure that devices are compatible with ActiveSync 16.1. Cine explained that iOS devices normally ask Zimbra servers for the supported ActiveSync versions once per 24 hours, so an EAS Filter or global ActiveSync version change may not immediately take effect. For Android devices, they may sometimes stop synchronizing, following an ActiveSync version change. The solution is to edit the Exchange profile on an Android device, simply by adding a space to any setting, such as the password field, then removing it, followed by saving the profile. Then, restart the Android device. This is reportedly enough to force affected Android devices to continue syncing, following an ActiveSync version change.

Cine explained that EAS Filters are used in Zimbra, in the order they are listed in the “zxsuite mobile getAllEASFilters” command, so the list needs to be maintained by the Zimbra administrator over time. New filters are added to the bottom of the list. He also said that the first default filter cannot be changed or removed at this time, as it is designed for use by iOS devices. Cine recommended setting up a Mobile Account Logger (https://zimbra.github.io/adminguide/lat ... nt_loggers) in debug mode to monitor when a mobile device re-negotiates the ActiveSync version in the Zimbra sync.log file. For devices that are having trouble completing a sync, Cine suggested using the “zxsuite mobile doAddAccountLogger” command with the window_size option set to 1. This forces a mobile device to sync each mailbox item one at a time, making it much easier to see in the sync.log which mailbox item is causing a sync to fail, so that the problematic item can be removed from the mailbox.

Empty Zimbra Connect Buddy List
Mark S. reported that after installing some OS updates on his Zimbra servers, Zimbra Support recommended that he un-deploy and re-deploy all of the Zimbra Zimlets. Thereafter customers reported that each time upon logging out and logging back in to the Zimbra Web Client, their Zimbra Connect buddy list side bar was empty, however the chat history remains. Mark said that this seemed to be affecting his customers that either presently, or at some point in the past, had Zimbra Connect Advanced features enabled in their COS (class of service). Cine suggested that Mark create a test mailbox to see if he could re-produce the issue, as it could be indicative of a database issue.

Removing Buddies And Past Chats From The Zimbra Connect History
Gary C. asked how to remove someone from the Zimbra Connect chat history. Cine said that if a mailbox is hidden in the Zimbra GAL (global address list), it should then cause the buddy to disappear from the Connect side bar, but the ability to remove chat history and buddies selectively from Zimbra Connect is tentatively planned for a future release, according to the Zextras Road Map (https://www.zextras.com/roadmap-2020/).

Noah P. asked if chats are archived when the Zimbra Archive feature is enabled, for e-discovery requests. Cine said that they are not currently and that he has not yet seen an RFE (request for enhancement) for such a feature.

All SSL Certificates Limited To 1 Year Or Less
Randy L. shared an article (https://www.zdnet.com/article/apple-str ... lifespans/) discussing an upcoming policy change for SSL certificates that will potentially affect many Zimbra installations. Later this year, all SSL certificates will be limited to lifespans of 1 year or less. He commented that it is not clear if web browsers will also enforce this change for Zimbra installations using self-signed SSL certificates, but that it likely would apply, in addition to commercially issued certificates.

Enforcing a Content Security Policy In Zimbra
Geert H. asked about implementing a CSP (Content Security Policy; https://content-security-policy.com) in the Zimbra Web Client. He explained that many security scanning tools alert about web facing apps that do not publish a CSP, such as Zimbra. He said that due to the Web Client’s current extensive use of inline JavaScript, that he suspected a liberal CSP would likely be needed. He cited these mentions on the Zimbra sites in trying to determine how to create a CSP for his Zimbra installation:

Barry D. and John E. said they were unaware of any active efforts to introduce a CSP default policy in Zimbra.

Nginx Upgrade For Zimbra
Geert H. asked about the status of the pending Nginx upgrade for Zimbra (https://github.com/Zimbra/packages/pull/112). He said that this new Nginx version is already working for him in a lab environment. Barry D. said that this is anticipated to arrive in the next quarter, along with a potential OpenSSL upgrade too.

Contact De-Duplication Feature
Noah P. asked for recommendations for a contact de-dupe feature for address books in Zimbra. He said an earlier published contact de-dupe Zimlet does not work in recent Zimbra versions and is no longer supported. Mark S. suggested exporting the contacts from the Zimbra Web Client using the Preferences > Import/Export feature into a Thunderbird contacts file format, then importing them into Thunderbird so that Thunderbird’s contact de-dupe feature can be used, as it offers helpful options for merging similar contacts. This would then be followed by exporting the de-duped contacts from Thunderbird and re-importing back to the Zimbra Web Client.

John W. suggested exporting the contacts to a CSV file format from the Zimbra Web Client, so they can be opened as a spreadsheet, sorted to identify duplications, then re-imported back into the Web Client. John E. said there are some additional supported contact file formats available, starting with about Zimbra 8.8.12. Noah commented that since the Thunderbird de-dupe feature is open source, he wondered if Synacor might consider incorporating it into Zimbra as a native feature.
User avatar
rcardozo1987
Posts: 23
Joined: Tue Sep 10, 2019 9:14 pm
ZCS/ZD Version: NETWORK edition, Patch 8.8.15_P11

Re: June 2020 Zeta Alliance Weekly Call Summaries

Postby rcardozo1987 » Mon Aug 10, 2020 11:31 pm

rleiker wrote:...
Zimbra Bug And Enhancement Updates
Mark S. said he was hoping that a fix for an earlier reported Zimbra bug, assigned as ZBUG-1485, which relates to failing mailbox moves across mailbox servers using the doMailboxMove command was included in 8.8.15 Patch 10, as he is currently unable to finish decommissioning a deprecated mailbox server until it is fixed. John H. confirmed that this bug is fixed in both 8.8.15 Patch 10 and 9.0 Patch 3.
...


@rleiker, I think the doMailboxMove command has some issue. I noticed it in Zimbra 8.8.15 P4 but I am also able to reproduce this issue in Zimbra 8.8.15 P11. Maybe it is a good idea to report it to Synacor... Please, give a look at https://forums.zimbra.org/viewtopic.php?f=15&t=68593&sid=7683f1414943e4895d3a82c6e8e48877

Thanks :D

Return to “Community News”

Who is online

Users browsing this forum: No registered users and 3 guests