====== Zimbra with Zextras Add-On ======

See also **[[internet:mail:zimbra:zimbra_zextras_auth|Zimbra with Zextras Auth]]**

**Documentation**: https://docs.zextras.com/suite/html/index.html

===== Zextras Licensing =====

**License File Management**: https://docs.zextras.com/zextras-suite-documentation/latest/license-file-management.html

**License Download**: https://store.zextras.com

Sometimes the permissions get messed up on the downloaded Zextras license file:

<file>
chown zimbra.zimbra ./license_*
chmod 777 ./license_*
mv ./license_* /opt/zimbra/
su - zimbra
zxsuite core doUploadLicense ./license_*.zx
zmprov fc zimlet && zmprov fc all
</file>

===== Upgrade =====

http://wiki.zextras.com/wiki/ZeXtras_Suite_Installation_Guide#ZeXtras_Suite_full_Upgrade

:!: Installing a newer version will automatically perform an **upgrade**.

===== Installation =====

<note warning>ZeXtras Suite needs to bind on TCP port 8735 in order to operate for inter-instance communication.  The ZeXtras Chat module needs to bind on TCP ports 5222 and/or 5223 in order for any XMPP feature to be functional.  Please verify no other service listens on these ports and that port 8735 is properly filtered from public access by your firewall.</note>

<file>
apt install binutils
</file>

<file>
rm -rf ~/zextrasinstall.old && mv ~/zextrasinstall ~/zextrasinstall.old
mkdir ~/zextrasinstall && cd ~/zextrasinstall
wget --limit-rate=300k http://download.zextras.com/zextras_suite-latest.tgz

tar -xzvf zextras_suite-latest.tgz
cd zextras_suite/
./install.sh all
</file>

===== Zimbra DoS Filter =====

<note important>Zimbra 8+ users might experience slowness and AJAX errors when accessing the Zimbra ZWC or Administration Console because of the Zimbra DoSFilter. In this case, raising the number of Maximum Requests per Second is suggested (see http://wiki.zextras.com/DosFilter for further information)</note>

**Howto**: https://www.missioncriticalemail.com/2018/10/19/using-zimbras-dosfilter-and-failed-login-lockout-policy-together/

http://wiki.zextras.com/wiki/ZeXtras_Suite_and_the_Zimbra_DoSFilter

http://wiki.zimbra.com/wiki/DoSFilter

Whitelist your IP or subnet:

<file>
zmprov gcf zimbraHttpThrottleSafeIPs

zmprov mcf +zimbraHttpThrottleSafeIPs 192.168.0.0/24
zmmailboxdctl restart
</file>

View results:

<file>
grep DoSFilter /opt/zimbra/log/mailbox.log
zgrep DoSFilter /opt/zimbra/log/mailbox.log.*

grep DoSFilter /opt/zimbra/log/zmmailboxd.out
zgrep DoSFilter /opt/zimbra/log/zmmailboxd.out.*
</file>

===== Backup =====

**[[http://wiki.zextras.com/wiki/ZxBackup_Admin_Guide|ZxBackup Admin Guide]]**

**[[https://docs.zextras.com/zextras-suite-documentation/latest/backup.html#_backup_on_a_third_party_store_beta|HowTo Use S3 as Backup Storage]]**

**[[https://wiki.zextras.com/wiki/Zx_Backup:_External_Backup|HowTo - Zextras Export/Backup to External Storage]]**

Create the mount point as ''zimbra'' user:

<file>
su - zimbra
mkdir /opt/zimbra/backup/zextras
</file>

Mount NFS backup storage:

<file>
vim /etc/fstab

# Add Zextras Backup store
ip.of.nfs.server:/backup/va-zimbra               /opt/zimbra/backup/zextras  nfs _netdev         0 0
</file>

:!: Make sure the permissions are correct:

<file>
chown zimbra.zimbra /opt/zimbra/backup
</file>

Finally, initialize the Zextras Backup:

**Zimbra Administration Console -> ZeXtras -> Backup -> Initialize NOW**

===== Mobile =====

http://wiki.zextras.com/wiki/ZxMobile_Admin_Guide

Enable mobile support:

  * Per Account, or
  * Per CoS

===== Team =====

https://docs.zextras.com/zextras-suite-documentation/latest/team.html

===== Drive =====

https://wiki.zextras.com/wiki/Zextras_Drive

https://wiki.zextras.com/wiki/Zextras_Drive#Briefcase_Migration

:!: To hide the ''Briefcase'' tab, uncheck it in the CoS.

==== Migrate All Briefcase Data to Drive for All Users ====

<file>
for user in `zmprov -l gaa | grep -v -e galsync -e spam -e ham -e virus | sort`; do zxsuite drive doImport $user; done
</file>

==== Migrate All Briefcase Data Deleting Source Files ====

The command ''zxsuite drive doImport'' has the attribute ''deleteSources true'' which **deletes source files from the briefcase**. You may do the import again with that parameter to clean the briefcases.

:!: Files already imported in Drive will not be modified if you don't use the ''overwrite true'' attribute.

<file>
for user in `zmprov -l gaa | grep -v -e galsync -e spam -e ham -e virus | sort`; do zxsuite drive doImport $user deleteSources true; done
</file>

===== Zextras Docs =====

Zextras Docs provides the capability to **edit ODF documents** stored in Zextras (Zimbra) Drive in a web browser.

==== Installation ====

https://docs.zextras.com/zextras-suite-documentation/latest/docs.html

==== Test ====

<file>
zmlocalconfig -s ldap_master_url zimbra_ldap_user zimbra_ldap_userdn zimbra_ldap_password

nc -zv ldap.example.com 389

ldapsearch -H ldap://ldap.example.com:389 -w p4ssw0rd -D uid=zimbra,cn=admins,cn=zimbra
</file>

==== CSF Firewall ====

=== csf.allow ===

Single server Zimbra example:

<file>
# Advanced port+ip filtering allowed with the following format
# tcp/udp|in/out|s/d=port|s/d=ip

# Zextras Docs Server - IP 192.168.189.26
tcp|out|d=389|d=192.168.189.29  # Allow LDAP from Zextras Docs to Zimbra
tcp|out|d=8443|d=192.168.189.29 # Allow from Zextras Docs to Zimbra
tcp|in|d=9980|s=192.168.189.29  # Allow from Zimbra

# Zimbra Server - IP 192.168.189.29
tcp|in|d=389|s=192.168.189.26   # Allow LDAP from Zextras Docs
tcp|in|d=8443|s=192.168.189.26  # Allow from Zextras Docs
tcp|out|d=9980|d=192.168.189.26 # Allow to Zextras Docs
</file>