====== Zimbra with Zextras Add-On ======
See also **[[internet:mail:zimbra:zimbra_zextras_auth|Zimbra with Zextras Auth]]**
**Documentation**: https://docs.zextras.com/suite/html/index.html
===== Zextras Licensing =====
**License File Management**: https://docs.zextras.com/zextras-suite-documentation/latest/license-file-management.html
**License Download**: https://store.zextras.com
Sometimes the permissions get messed up on the downloaded Zextras license file:
chown zimbra.zimbra ./license_*
chmod 777 ./license_*
mv ./license_* /opt/zimbra/
su - zimbra
zxsuite core doUploadLicense ./license_*.zx
zmprov fc zimlet && zmprov fc all
===== Upgrade =====
http://wiki.zextras.com/wiki/ZeXtras_Suite_Installation_Guide#ZeXtras_Suite_full_Upgrade
:!: Installing a newer version will automatically perform an **upgrade**.
===== Installation =====
ZeXtras Suite needs to bind on TCP port 8735 in order to operate for inter-instance communication. The ZeXtras Chat module needs to bind on TCP ports 5222 and/or 5223 in order for any XMPP feature to be functional. Please verify no other service listens on these ports and that port 8735 is properly filtered from public access by your firewall.
apt install binutils
rm -rf ~/zextrasinstall.old && mv ~/zextrasinstall ~/zextrasinstall.old
mkdir ~/zextrasinstall && cd ~/zextrasinstall
wget --limit-rate=300k http://download.zextras.com/zextras_suite-latest.tgz
tar -xzvf zextras_suite-latest.tgz
cd zextras_suite/
./install.sh all
===== Zimbra DoS Filter =====
Zimbra 8+ users might experience slowness and AJAX errors when accessing the Zimbra ZWC or Administration Console because of the Zimbra DoSFilter. In this case, raising the number of Maximum Requests per Second is suggested (see http://wiki.zextras.com/DosFilter for further information)
**Howto**: https://www.missioncriticalemail.com/2018/10/19/using-zimbras-dosfilter-and-failed-login-lockout-policy-together/
http://wiki.zextras.com/wiki/ZeXtras_Suite_and_the_Zimbra_DoSFilter
http://wiki.zimbra.com/wiki/DoSFilter
Whitelist your IP or subnet:
zmprov gcf zimbraHttpThrottleSafeIPs
zmprov mcf +zimbraHttpThrottleSafeIPs 192.168.0.0/24
zmmailboxdctl restart
View results:
grep DoSFilter /opt/zimbra/log/mailbox.log
zgrep DoSFilter /opt/zimbra/log/mailbox.log.*
grep DoSFilter /opt/zimbra/log/zmmailboxd.out
zgrep DoSFilter /opt/zimbra/log/zmmailboxd.out.*
===== Backup =====
**[[http://wiki.zextras.com/wiki/ZxBackup_Admin_Guide|ZxBackup Admin Guide]]**
**[[https://docs.zextras.com/zextras-suite-documentation/latest/backup.html#_backup_on_a_third_party_store_beta|HowTo Use S3 as Backup Storage]]**
**[[https://wiki.zextras.com/wiki/Zx_Backup:_External_Backup|HowTo - Zextras Export/Backup to External Storage]]**
Create the mount point as ''zimbra'' user:
su - zimbra
mkdir /opt/zimbra/backup/zextras
Mount NFS backup storage:
vim /etc/fstab
# Add Zextras Backup store
ip.of.nfs.server:/backup/va-zimbra /opt/zimbra/backup/zextras nfs _netdev 0 0
:!: Make sure the permissions are correct:
chown zimbra.zimbra /opt/zimbra/backup
Finally, initialize the Zextras Backup:
**Zimbra Administration Console -> ZeXtras -> Backup -> Initialize NOW**
===== Mobile =====
http://wiki.zextras.com/wiki/ZxMobile_Admin_Guide
Enable mobile support:
* Per Account, or
* Per CoS
===== Team =====
https://docs.zextras.com/zextras-suite-documentation/latest/team.html
===== Drive =====
https://wiki.zextras.com/wiki/Zextras_Drive
https://wiki.zextras.com/wiki/Zextras_Drive#Briefcase_Migration
:!: To hide the ''Briefcase'' tab, uncheck it in the CoS.
==== Migrate All Briefcase Data to Drive for All Users ====
for user in `zmprov -l gaa | grep -v -e galsync -e spam -e ham -e virus | sort`; do zxsuite drive doImport $user; done
==== Migrate All Briefcase Data Deleting Source Files ====
The command ''zxsuite drive doImport'' has the attribute ''deleteSources true'' which **deletes source files from the briefcase**. You may do the import again with that parameter to clean the briefcases.
:!: Files already imported in Drive will not be modified if you don't use the ''overwrite true'' attribute.
for user in `zmprov -l gaa | grep -v -e galsync -e spam -e ham -e virus | sort`; do zxsuite drive doImport $user deleteSources true; done
===== Zextras Docs =====
Zextras Docs provides the capability to **edit ODF documents** stored in Zextras (Zimbra) Drive in a web browser.
==== Installation ====
https://docs.zextras.com/zextras-suite-documentation/latest/docs.html
==== Test ====
zmlocalconfig -s ldap_master_url zimbra_ldap_user zimbra_ldap_userdn zimbra_ldap_password
nc -zv ldap.example.com 389
ldapsearch -H ldap://ldap.example.com:389 -w p4ssw0rd -D uid=zimbra,cn=admins,cn=zimbra
==== CSF Firewall ====
=== csf.allow ===
Single server Zimbra example:
# Advanced port+ip filtering allowed with the following format
# tcp/udp|in/out|s/d=port|s/d=ip
# Zextras Docs Server - IP 192.168.189.26
tcp|out|d=389|d=192.168.189.29 # Allow LDAP from Zextras Docs to Zimbra
tcp|out|d=8443|d=192.168.189.29 # Allow from Zextras Docs to Zimbra
tcp|in|d=9980|s=192.168.189.29 # Allow from Zimbra
# Zimbra Server - IP 192.168.189.29
tcp|in|d=389|s=192.168.189.26 # Allow LDAP from Zextras Docs
tcp|in|d=8443|s=192.168.189.26 # Allow from Zextras Docs
tcp|out|d=9980|d=192.168.189.26 # Allow to Zextras Docs