====== Zimbra Troubleshooting Tips ======

See also **[[https://www.sonoracomm.com/wiki/doku.php?do=search&id=zimbra|Other Zimbra pages in this wiki]]**

===== Check Status and Reboot =====

<file>
service zimbra stop && reboot
</file>

Check Zimbra status:

<file>
service zimbra status
</file>

<note tip>Be patient. Zimbra takes a long time to start up and even longer for the status in the Admin Console to correctly reflect the current status.</note>

===== Permissions =====

Repair any potential permissions problems with files under ''/opt/zimbra'':

<file>
su - zimbra
zmcontrol stop
logout
/opt/zimbra/libexec/zmfixperms --verbose --extended
su - zimbra
zmcontrol start
</file>

===== Message Tracking =====

https://wiki.zimbra.com/wiki/Postfix-Queue-ID-vs.-message-id-MTA

When a message enters the Postfix system [incoming or outgoing] it is immediately assigned a queue ID.

Postfix/ZCS will most likely have a message leave the Postfix queue for other processing: amavis, filters, etc.  This will cause the message to get a new queue ID(s).  This can also happen if you were to requeue your messages by doing something like: ''postsuper -r''.  **You will need to note the message-id and ALL queue ID's to get the complete picture of what was happening for a particular email.**

Find the ''Message ID'' in the message headers, then use it to find the associated ''Queue ID''s:

<file>
egrep "1544469627.145884.1473273227065.JavaMail.zimbra@mydomain.com" /var/log/zimbra.log
</file>

Then:

<file>
egrep "1544469627.145884.1473273227065.JavaMail.zimbra@mydomain.com|225D286F6F|3C18086F7A|B590286F6F" /var/log/zimbra.log
</file>

===== DoSFilter =====

**HowTo**: https://www.missioncriticalemail.com/2018/10/19/using-zimbras-dosfilter-and-failed-login-lockout-policy-together/

http://wiki.zextras.com/wiki/ZeXtras_Suite_and_the_Zimbra_DoSFilter

http://wiki.zimbra.com/wiki/DoSFilter

<file>
grep DoSFilter /opt/zimbra/log/mailbox.log

grep DoSFilter /opt/zimbra/log/zmmailboxd.out
</file>

Get current values:

<file>
su - zimbra
zmprov gcf zimbraHttpThrottleSafeIPs
zmprov gcf zimbraHttpDosFilterMaxRequestsPerSec  # Default 30
zmprov gcf zimbraHttpDosFilterDelayMillis        # Default -1
</file>

Set additional safe IPs:

<note warning>ZCS prior to 8.7 does not support CIDR, so you must add the IPs individually.</note>

<file>
zmprov mcf +zimbraHttpThrottleSafeIPs 192.168.2.0/24
zmprov mcf +zimbraHttpThrottleSafeIPs 192.168.0.66

zmmailboxdctl restart
</file>

===== zmconfigd is not running =====

Comment out the IPv6 line:

<file>
vim /etc/hosts

#::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
</file>

Then:

<file>
systemctl start zimbra
</file>

===== Root Mail =====

:!: It didn't seem to matter what I did with ''/etc/aliases''.

http://wiki.zimbra.com/index.php?title=How_to_%22fix%22_system%27s_sendmail_to_use_that_of_zimbra

<file>
/usr/sbin/alternatives --install /usr/sbin/sendmail mta /opt/zimbra/postfix/sbin/sendmail 25 \
    --slave /usr/bin/mailq mta-mailq /opt/zimbra/postfix/sbin/mailq \
    --slave /usr/bin/newaliases mta-newaliases /opt/zimbra/postfix/sbin/newaliases \
    --slave /usr/share/man/man1/mailq.1.gz mta-mailqman /opt/zimbra/postfix/man/man1/mailq.1 \
    --slave /usr/share/man/man1/newaliases.1.gz mta-newaliasesman /opt/zimbra/postfix/man/man1/newaliases.1 \
    --slave /usr/share/man/man8/sendmail.8.gz mta-sendmailman /opt/zimbra/postfix/man/man1/sendmail.1 \
    --slave /usr/share/man/man5/aliases.5.gz mta-aliasesman /opt/zimbra/postfix/share/man/man5/aliases.5 \
    --initscript zimbra
/usr/sbin/alternatives --config mta
</file>

If mail sent to ''root'' does not flow into the ''admin'' mailbox, check:

<file>
tail -30 /var/log/maillog
</file>

You may see errors like:

<file>
Nov  5 10:06:29 zimbra postfix/smtp[7400]: BCAAD18289B: to=<root@zimbra.virtualarchitects.com>, relay=none, delay=0.06, delays=0.01/0.04/0/0, dsn=5.4.6, status=bounced (mail for zimbra.virtualarchitects.com loops back to myself)
</file>

You can also test like this:

<file>
echo foo | /usr/sbin/sendmail -f root root && tail -f /var/log/maillog
</file>

In our default Zimbra installation, we only had one domain ''virtualarchitects.com'', but root's mail was aliased to "root@zimbra.virtualarchitects.com".  So I added an alias domain "zimbra.virtualarchitects.com" and an additional mail alias to ''admin'' of "root@zimbra.virtualarchitects.com":

<file>
su - zimbra
zmprov createAliasDomain zimbra.virtualarchitects.com virtualarchitects.com
zmprov aaa admin@virtualarchitects.com root@zimbra.virtualarchitects.com
</file>

===== Changed SSH Port =====

:!: Consider using firewall port forwarding (i.e 2222 -> 22) instead of changing the SSH server on the Zimbra server.

If you changed the SSH port in ''/etc/ssh/sshd_config'', you need to adjust Zimbra:

<file>
zmprov ms zimbra.virtualarchitects.com zimbraRemoteManagementPort 2222
</file>

===== Server Status =====

**Monitoring**: https://hazaq.me/zimbra/2018/02/02/Zimbra-Server-Status.html

Check ''/var/log/zimbra.log'' and ''/var/log/zimbra-stats.log'':

<file>
ll /var/log/zimbra*
</file>

Are they empty with actual logged detail in dated files?  It appears that the ''logrotate'' configuration is broken...

<file>
/usr/sbin/logrotate -d /etc/logrotate.conf
</file>

Run as root:

<file>
/opt/zimbra/libexec/zmsyslogsetup
</file>

===== Cron Job Errors =====

<file>
Use of uninitialized value $current_proto in string eq at /usr/lib64/perl5/Sys/Syslog.pm line 371.
Use of uninitialized value $current_proto in string eq at /usr/lib64/perl5/Sys/Syslog.pm line 374.
</file>

<file>
vim /usr/lib64/perl5/Sys/Syslog.pm

my $current_proto = 0;
</file>

===== Mail Delivered to MTA But Not to Mailbox =====

<file>
tail -30 /opt/zimbra/log/mailbox.log
</file>

If your Zimbra server only has a private IP address and is behind a NAT firewall, you may see errors in ''/var/log/maillog'' or ''/var/log.zimbra.log'' like:

<file>
postfix/lmtp ... status=deferred (connect to your.zimbra.fqdn[your.external.ip.addr]:7025: Connection refused)
</file>

:!: See this link to change the way Zimbra resolves the local IP address: http://wiki.zimbra.com/index.php?title=Incoming_Mail_Problems

Assuming a single-server setup with a properly configured ''/etc/hosts'' file:

<file>
su - zimbra
zmprov ms your.zimbra.fqdn zimbraMtaLmtpHostLookup native
zmmtactl restart
</file>

===== Set Default CoS per Domain =====

Copy a CoS:

<file>
su - zimbra

zmprov cpc <source CoS> <new CoS>
</file>

List classes of service:

<file>
zmprov gac
</file>

Get CoS ID:

<file>
zmprov gc <CoS name>|grep zimbraId
</file>

Modify the default CoS for a domain:

<file>
zmprov md <domain.tld> zimbraDomainDefaultCOSId <your-zimbraId>
</file>

===== Mail System Is Down =====

Sometimes, the Postfix MTA may not start properly.

Try deleting the ''.pid'' file and restarting Postfix:

<file>
cd /opt/zimbra/data/postfix/spool/pid/
service zimbra stop
rm master.pid
service zimbra start
</file>

:!: **Wait** until Zimbra shuts down completely.  Then wait again for it to start up.

The process ID file will be recreated when the MTA starts:

<file>
ll master.pid
</file>