November 2020 Zeta Alliance Weekly Call Summaries

Industry info, happenings near you, and new product integrations. Hosting an event? Invite people here.
User avatar
rleiker
Advanced member
Advanced member
Posts: 149
Joined: Tue Jan 07, 2020 8:23 pm
Location: Kansas City
Contact:

Re: November 2020 Zeta Alliance Weekly Call Summaries

Post by rleiker »

Hello Zimbra Community,

Here is a summary of this week’s conference call. A few brief reminders: November 17, 2020

Erroneous Mailbox.log Entries After Enabling New IMAP Pagination Feature
Randy L. said that after enabling the new zimbra_imap_folder_pagination_enabled setting, introduced in the 8.8.15 Patch 15 and 9.0 Patch 8, he noticed log entries in mailbox.log that look like:

2020-11-17 11:23:19,629 INFO [ImapSSLServer-3] [name=user@domain.com;ip=x.x.x.x;oip=x.x.x.x;via=x.x.x.x(nginx/1.7.1);ua=Microsoft Outlook/16.0.13328.20356;cid=38473;] imap - Imap folder pagination is enabled

2020-11-17 11:23:19,630 INFO [ImapSSLServer-3] [name=user@domain.com;ip=x.x.x.x;oip=x.x.x.x;via=x.x.x.x(nginx/1.7.1);ua=Microsoft Outlook/16.0.13328.20356;cid=38473;] imap - Total folder count - 107 is greater than folder pagination size - 2000

Mark S. said he also has the IMAP pagination feature enabled and for one of his users with a large number of mailbox folders, mailbox.log shows:

2020-11-17 16:46:22,741 INFO  [ImapSSLServer-443] [name=fake_name@mycompany.com;mid=588;ip=x.x.x.x;oip=xxx.xxx.xxx.xxx;via=x.x.x.x(nginx/1.7.1);ua=iPhone Mail/18A8395;cid=304409;] imap - Total folder count - 3967 is greater than folder pagination size - 2000

Randy L. said he will open a bug report with Zimbra, as it was not clear if this is a typo in the logging portion of the IMAP pagination feature, or a logic error in the new pagination feature, which determines if the feature is used or not for a particular mailbox.

Follow-Up: Controlling SMTP Mail Flow In Zimbra
Noah P. provided a status update on the topic of routing email for select domains through specific Zimbra MTA servers, from the November 10th call ( http://forums.zimbra.org/viewtopic.php? ... 17#p299710 ). He said that Rick King (Zimbra Support), has confirmed that the “zimbraSmtpHostname” setting only works for email sent through the Zimbra mailbox server (mailboxd), but does not have any affect on distribution lists or forwarders, since the Zimbra MTA (Postfix) does not use the “zimbraSmtpHostname” setting. Randy L. asked if the “zimbraMailTransport” setting discussed in the Nov. 10th call was of any help, but Noah said it had no impact either for distribution lists and forwarders. Noah said he found a Wiki article ( https://wiki.zimbra.com/wiki/Relay_per_Domain ) related to setting up per domain delivery for outbound email delivery in Postfix, but it involves manual manipulation of Postfix files that Noah was concerned may not survive Zimbra upgrades. He said it would be helpful to have a Zimbra recommended configuration setting to implement per domain SMTP mail flow management. Matthew F. and Marc G. said they ended up modifying Postfix manually to accomplish this same need in their Zimbra environment.

Marc G. suggested opening an RFE (request for enhancement) with Zimbra and Mark S. volunteered to submit the RFE to Zimbra on behalf of Noah. Noah P. asked about the best way to get attention to an RFE. John H. suggested that one person create the RFE, then for all others interested in the same RFE, to make comments on it to draw attention to it, by using the bug look-up feature in the Zimbra Support Portal. John E. added that if you can associate business dollars with an RFE justification to Zimbra in the RFE comments, it can also help draw developer resources to it.

Adding Smart Host Support In Zimbra
Noah P. said he would like to see official Zimbra support for a per-domain smart host setting implemented. In an email commercial hosting use case, this would allow for segregating senders who are authorized to send bulk email, while all others would be routed through MTAs with stronger anti-spam settings. Marc G. commented that his organization needed to implement a similar smart host method in Zimbra, after they began experiencing issues with spam scanning time outs after about 30 seconds, when sending email from the Zimbra Web Client. Marc found that by customizing Zimbra to relay email through an external smart host MTA, it resolved the spam scanning time out issue. Noah P. said that he knows Mark S. uses the Mimecast service with his Zimbra installation and asked if Mark felt that having official smart host support in Zimbra would be helpful in his environment too. Mark said that his customers are presently only using Mimecast for inbound email scanning at this time, but knows that Mimecast supports outbound scanning too. He also commented that intra-domain email does not pass through Mimecast either, such as local email deliveries (LMTP) performed within Zimbra and said that a security use case for implementing official smart host support in Zimbra would be to mitigate the risks associated with a user’s machine being infected with malware, that then sends email to others in the same hosted domain within Zimbra. Those messages would normally be delivered via Zimbra’s LMTP (local mail transfer protocol) without the benefit of any malware/spam scanning.

Noah P. suggested that a possible path to implementing smart host support in Zimbra might be using a similar method that is currently implemented in Zimbra for handling archiving of email. As an example, he referenced this Wiki article ( https://wiki.zimbra.com/wiki/New_Featur ... journaling ), but said that this does not appear to support per-domain configurations.

Architectural Design Reference For Running Zimbra On AWS
Mark S. shared a new blog post ( https://www.missioncriticalemail.com/20 ... reference/ ) he wrote about some of his customers’ efforts to move an in-house email system to AWS (Amazon Web Services). He wrote the blog article for two audiences: one that is new to AWS, and one that is familiar with AWS, but does not know if they can run Zimbra on AWS. He said his article shows how to deploy Zimbra across multiple availability zones in AWS to help achieve greater HA (high availability).

Zimbra Storage Costs In AWS
Marc G. asked if Cine (Zextras) knew of any reports about using the new S3 support in Zimbra HSM for saving on storage costs in AWS. He said the big unknown cost is put/get requests, and that EBS (elastic block storage) in AWS can be fairly costly. He suspects that the new S3 support introduced in 8.8.15 Patch 16 and 9.0 Patch 9 will be a major money saver for those using AWS’s EBS storage. Cine said he did not have that information available and that it is difficult to obtain it, as this information is very specific to individual use cases by customers. Cine said that instead of moving an entire Zimbra volume, HSM now supports only moving items older than a certain date. He suggested deploying a 3-tier storage schema consisting of: S3 Standard, S3 Infrequent Access, and local (EBS), and using HSM in Zimbra to manage which tier data lives on. Mark S. said in reviewing the AWS pricing for his AWS availability zone, he could not readily see a potential for savings by moving data between S3 Standard to an S3 Infrequent Bucket, and was unsure if a 2 or 3 tier schema should be used in his environment.


Randy Leiker
Skyway Networks, LLC
User avatar
rleiker
Advanced member
Advanced member
Posts: 149
Joined: Tue Jan 07, 2020 8:23 pm
Location: Kansas City
Contact:

Re: November 2020 Zeta Alliance Weekly Call Summaries

Post by rleiker »

Hello Zimbra Community,

Here is a summary of this week’s conference call. A few brief reminders: November 24, 2020

Zimbra Multi-Server Install Issue
Mark S. said while working on a new multi-server install of Zimbra, he successfully installed one Zimbra server as a dedicated LDAP server, then upon attempting to install a second LDAP server (for LDAP high-availability), he encountered the following:

Starting ldap...Done.
Starting zmconfigd…
Broadcast message from systemd-journald@smtp (Tue 2020-11-24 15:25:53 UTC):
zmconfigd[14114]: Can't create listener socket: (-1, 'Unmapped exception: java.net.SocketException: Protocol family unavailable') Failed.
Starting zmconfigd...failed.

Mark said that he has IPv6 disabled on both servers. Barry D. said if Mark disables IPv6, the Zimbra installer will show this error and suggested enabling IPv6, but only with a link local address. Barry said he recalled a similar issue occurring when installing a new Zimbra Docs server with IPv6 disabled. Mark said he would try Barry’s suggestion and share the results on the next Zeta Alliance call.

Patched jQuery Vulnerabilities In Zimbra 8.8.15 Patch 16 and 9.0 Patch 9
Mark S. asked how much importance should be place on patching his Zimbra servers for the recently revealed vulnerabilities in jQuery 3.4.1, as described in the release notes ( https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P16 ). John E. shared a jQuery post with some details ( https://blog.jquery.com/2020/05/04/jque ... egression/ ). Mark S. said that it is his understanding that the vulnerabilities do not appear to be actively exploited, so he felt the jQuery update did not need to be treated as an emergency patch since it has a mid-range CVSS score of 6.5.

Updated Zimbra Mobile Password Feature
Cine shared that with the release of 8.8.15 Patch 16 and 9.0 Patch 9, management of mobile passwords has been moved out of the Zimbra Administration Console and in to the Zimbra Web Client, so that users can now manage their own mobile passwords, instead of only Zimbra Administrators. This has been implemented as a new Zimlet. Cine recommended reading the patch installation release notes carefully for instructions on how to install the new “zimbra-zimlet-auth” package from the Zimbra repo. This change still allows for mobile passwords to be managed from the Zimbra command line too. After installing the patches, refer to https://docs.zextras.com/zextras-suite- ... e-password for a how-to in using the new Zimlet.

Additional Issues Fixed in 8.8.15 Patch 16 and 9.0 Patch 9
Cine commented that these patches also fix an earlier issue with Mobile NG where any email accounts that were set to use a custom Zimbra ID, instead of the default UUID format were creating a problem with mobile device syncing. Certain characters such as / are not supported in Zimbra custom IDs.

John E. commented that the patches also restore the various chart functionality in the Zimbra Administration Console that previously relied on Flash. They now use JavaScript to display, since Flash is end-of-life at the end of December 2020. He said that the upcoming road map for Zimbra for next year is anticipated to include a series of additional improvements for monitoring and metrics in Zimbra.


Randy Leiker
Skyway Networks, LLC
Post Reply