Backup Script for Zimbra with Rsync Over SSH

Description: Here I have uploaded Backup script for Zimbra with Rsync Over SSH

#!/bin/bash
# Zimbra Backup Script
# For Rsync need to configure password less ssh between two Server

# https://servertecholab.blogspot.com/2016/10/password-less-ssh-between-centos.html
# This script is intended to run from the crontab as root
# Local Server Directory Path
DESTLOCAL=/Backup/zimbra_backup

# Remote Server Directory path
DESTREMOTE="root@10.10.10.10:/home/Zimbra_Server_Backup"



# Outputs the time the backup started, for log/tracking purposes
echo Time backup started = $(date +%T)
before="$(date +%s)"

# a backup dir on the local machine. This will fill up over time!
BACKUPDIR=$DESTLOCAL/$(date +%F-%H-%M-%S)

# Now we need to shut down Zimbra to rsync any files that were/are locked
# whilst backing up when the server was up and running.
before2="$(date +%s)"

# Stop Zimbra Services
/etc/init.d/zimbra stop
#su - zimbra -c"/opt/zimbra/bin/zmcontrol stop"
#sleep 15
# Kill any orphaned Zimbra processes
#kill -9 `ps -u zimbra -o "pid="`
pkill -9 -u zimbra


# Only enable the following command if you need all Zimbra user owned
# processes to be killed before syncing
# ps auxww | awk '{print $1" "$2}' | grep zimbra | kill -9 `awk '{print $2}'`


# Sync to backup directory
rsync -avHK --delete --backup --backup-dir=$BACKUPDIR /opt/zimbra/ $DESTLOCAL/zimbra


# Restart Zimbra Services
#su - zimbra -c "/opt/zimbra/bin/zmcontrol start"
/etc/init.d/zimbra start


# Calculates and outputs amount of time the server was down for
after="$(date +%s)"
elapsed="$(expr $after - $before2)"
hours=$(($elapsed / 3600))
elapsed=$(($elapsed - $hours * 3600))
minutes=$(($elapsed / 60))
seconds=$(($elapsed - $minutes * 60))
echo SERVER WAS DOWN FOR: "$hours hours $minutes minutes $seconds seconds"

# Create a txt file in the backup directory that'll contains the current Zimbra
# server version. Handy for knowing what version of Zimbra a backup can be restored to.
# su - zimbra -c "zmcontrol -v > $DESTLOCAL/zimbra/conf/zimbra_version.txt"
# or examine your /opt/zimbra/.install_history

# Display Zimbra services status
echo Displaying Zimbra services status...
su - zimbra -c "/opt/zimbra/bin/zmcontrol status"

# /etc/init.d/zimbra status # seems not to work

# backup the backup dir (but not the backups of the backups) to remote

rsync /opt/zimbra_backup/zimbra/*  -ave  "ssh -c arcfour -p 2255" --recursive --delete-during  root@10.10.10.10:/home/Zimbra_Server_Backup


# Outputs the time the backup finished
echo Time backup finished = $(date +%T)



# Calculates and outputs total time taken

after="$(date +%s)"
elapsed="$(expr $after - $before)"
hours=$(($elapsed / 3600))
elapsed=$(($elapsed - $hours * 3600))
minutes=$(($elapsed / 60))
seconds=$(($elapsed - $minutes * 60))
echo Time taken: "$hours hours $minutes minutes $seconds seconds" > /tmp/status.txt
# end

Zimbra mail box recrovery from crash

Description: Here I have explain how we can recover emails in zimbra and  How we can add emails to new servers from mailbox directory backup.

Procedure: 

• First you need to find  mail id for users in source server. You can find using below mysql command

# su zimbra
# mysql -e "SELECT id,comment FROM zimbra.mailbox;

• You will get username and mailbox id on screen.
• You need to setup zimbra on new server and create users in new destination server
• You can also find mail box id for one user using below command on running zimbra server

$ zmprov getMailboxInfo user1@domain.com
mailboxId: 2
quotaUsed: 0

• Copy mails from source server from respective location [i.e. /opt/zimbra/store/0/2/msg/0]

Note: In given location 2 is store id of user which found using mysql query [/opt/zimbra/store/0/2/msg/0]

• After copy mails make sure to change permission for zimbra user using below command

# chown zimbra.zimbra  /opt/zimbra/store/0/2/msg/0

• After set permission on destination server you need to add emails to mailbox for respective user using below procedure

#su zimbra
$ zmmailbox
mobx> authenticate 
user@domain.com password 
mbox user@domain.com> addMessage INBOX /opt/zimbra/store/0/2/msg/0

Note: /opt/zimbra/store/0/2/msg/0 is the path to the destination mailbox

• You will received info message for mails added in mailbox. Login with user and check emails are showing in mailbox. 

Email Best Practices: Setup SPF, DKIM and DMARC in Zimbra Mail Server

Description:  To protect mail server against spoofing and mails not delivered in Junk folder in other platforms like Google Apps, Yahoo, and Outlook etc. We need to setup SPF, DKIM and DMARC in Mail server. Please find the below detail information about SPF, DKIM and DMAC as follow:

1. SPF: Sender Policy Framework (SPF) is an email validation system, designed to prevent unwanted emails using a spoofing system. To check this common security problem, SPF going to verify the source IP of the email and compare it with a DNS txt record with a SPF content.

• Mechanisms can be prefixed with one of four qualifiers:

          "+"   Pass

          "-"    Fail

          "~"   SoftFail

          "?"   Neutral

• If a mechanism results in a hit, its qualifier value is used. The default qualifier is "+", i.e. "Pass". For example:

"v=spf1 -all"

"v=spf1 a -all"

"v=spf1 a mx -all"

"v=spf1 +a +mx -all"

“v=spf1 include: yourdomain.net ~all”

2. DKIM [Domain Key Identified Mail]: DKIM is method to associate the domain and the email, allowing to person or company assume the responsibility of the email.

Please generate DKIM key in Zimbra Mail Server using SSH:

 # /opt/zimbra/libexec/zmdkimkeyutil -a -d yourdomain.com

You will receive output as follow:

DKIM Data added to LDAP for domain zimbra.io with selector 25D766CE-CEAC-11E7-B087-020B6DB9DD9A

Public signature to enter into DNS:

25D766CE-CEAC-11E7-B087-020B6DB9DD9A._domainkey IN      TXT     ( "v=DKIM1; k=rsa; "

          "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwA4vVMiV3/14hRMzbKNnBKNThqxTWLi2E5NqqHLccIJg/P33yqwgGVKKUM9HFfXZ8urz6/dl8oNG3oxs73W1sgWHrFRo3ZayHsuUMe+DLyt8wtyR/RUae0nvd6Z6t0lPwujXWBrRS/FeMg/IGA8ExBKjD+aAYdQfH/lhlDGzumTXgbSB0KMzlpOjcum2Aes69rEiR744GGaPb2"

          "X3MxK8vjpeMIx16n2tADb0wKKP19WTF0at5HCP8F4SFflLUPJMOC1Be9FCWjTjNr1qrRZTwCwC7OC9tnV7SsKKXG+8D6hu39Tm5U1GLzpKvLMIv14b6MWsU9cV/iVKH+hQq4YRowIDAQAB" )  ; ----- DKIM key 25D766CE-CEAC-11E7-B087-020B6DB9DD9A for zimbra.io

After generate DKIM test key using below site:

http://dkimcore.org/tools/keycheck.html

Selector: 25D766CE-CEAC-11E7-B087-020B6DB9DD9A

Domain:  yourdomain.com

Key: “p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD4sp8nBr2CqtNJJVYJte+TaX5E4rrRPB2P

ICp/AnkaTsA6J7NADJz21JA+supRZ1VzaGVuHL2vKzTFM7YjR/9pdSNuCLTzpAr3uuqzwna89G

eb5kcz4ICzLt5XoxfEmEtnAz43DidZ/JXDOD/iRprPl+B9k15XHbPVjatmuLReSQIDAQAB”

Add DKIM and SPF in DNS as following screen shot:

3. DMARC: Domain-based Message Authentication, Reporting & Conformance (DMARC) is a technical specification created by a group of organizations that want to help reduce the potential for email-based abuse by solving a couple of long-standing operational, deployment, and reporting issues related to email authentication protocols. 

DMARC standardizes how email receivers perform email authentication using the well-known SPF and DKIM mechanisms. This means that senders will experience consistent authentication results for their messages at AOL, Gmail, Hotmail, Yahoo! and any other email receiver implementing DMARC. We hope this will encourage senders to more broadly authenticate their outbound email which can make email a more reliable way to communicate. 

Add DMARC record as follow:

Type: TXT

Host/Name: _DMARC.yourdomain.com

Value: v=DMARC1; p=none; rua=mailto:spam-reports@yourdomain.com; ruf=mailto:spam-reports@yourdomain.com

Migrate Emails from Gmail to Zimbra

Description: Here I have explained how to migrate emails from google apps account to zimbra server. For migration I have used imapsync utility.

• Install imapsync in destination Zimbra server using yum 

          # yum install imapsync

• Login user in gmail and allow Imap from account settings as follow:

• Create Email Account in Zimbra Mail Server
• Run below command in zimbra as root:

   # imapsync --host1 74.125.133.108 --user1 user@googleaccount.co.in --password1 password --host2 hostname.zimbradomain.com --user2 user@zimbradomain.com --password2 password --syncinternaldates --ssl1 -ssl2 --noauthmd5  --exclude All Mail --useheader 'Message-ID'

Mass email migration from Google Apps to using imapsync

• ·         Create one user.txt file which contains source and destination users and their passwords like as follow:

          user1@source.tld;user1sourcepassword;user1@destination.tld;user1destinationpassword

          user2@source.tld;user2sourcepassword;user2@destination.tld;user2destinationpassword

          user3@source.tld;user3sourcepassword;user3@destination.tld;user3destinationpassword

• ·         Create shell script in same location and paste below content in it.

#!/bin/bash

#Configure servers

SERVER1= imap.gmail.com

SERVER2=imap.destination.com

#Uncomment to hide folder sizes

#FAST="--nofoldersizes"

#Uncomment to do a dry run (no actual changes)

#DRY="--dry"

#Uncomment to just sync folders (no messages)

#JUSTFOLDERS="--justfolders"

#Uncomment to just connect (no syncs at all)

#JUSTCONNECT="--justconnect"

#Set the path to your imapsync binary

imapsync=imapsync

#Users file

if [ -z "$1" ]

then

echo "No users text file given."

exit

fi

if [ ! -f "$1" ]

then

echo "Given users text file \"$1\" does not exist"

exit

fi

{ while IFS=';' read  u1 p1 u2 p2; do

$imapsync --usecache --tmpdir /var/tmp \

--host1 ${SERVER1} --user1 "$u1" \

--password1 "$p1" --ssl1 \

--host2 ${SERVER2} \

--port2 993 --user2 "$u2" \

--password2 "$p2" --ssl2 \

${FAST} ${DRY} ${JUSTFOLDERS} ${JUSTCONNECT} \

--regextrans2 's{Sent$}{[Gmail]/Sent Mail}' \

--regextrans2 's{Sent Items$}{[Gmail]/Sent Mail}' \

--regextrans2 's{Sent Messages$}{[Gmail]/Sent Mail}' \

--regextrans2 's{Drafts$}{[Gmail]/Drafts}' \

--exclude 'INBOX.Trash|INBOX.spam|INBOX.Apple Mail To Do'

done ; } < $1

Note:  Change as Source and Destination server.

• ·         Run script using below comman

          ./migration.sh users.txt

• ·         The script can take a long time to run, so I suggest using nohup and redirecting the output to a log file:

          nohup ./migration.sh users.txt > migrationlog.txt 2>&1 &

Change IP Address Of Zimbra Mail Server

How to Change IP Address Of Zimbra Mail Server:

•  Check current IP address configuration in postconf

[root@mail /]# su zimbra

[zimbra@mail /]$ postconf mynetworks

mynetworks = 127.0.0.0/8 192.168.1.0/24 [::1]/128 [fe80::]/64

[zimbra@mail /]$

• In this case our postfix will reply for all machines with 192.168.1.X serious all IP address
• Change or Modify IP address using below:

[zimbra@mail /]$ hostname

mail.server.local

[zimbra@mail /]$ zmprov ms mail.server.local zimbraMtaMyNetworks ‘127.0.0.1/8 192.168.1.200/24’

[zimbra@mail /]$ postfix reload

•  Verify configuration after changes

[zimbra@mail /]$ postconf mynetworks

mynetworks = 127.0.0.1/8 192.168.1.200/24

Migrate Mailbox from Cpanel to Zimbra

Procedure

• First step to find list of mail accounts, to find lists you need to install firebug addins in Firefox
• After install firebug Open Cpanel and select Email Accounts tab in Firefox Browser as showing in screen shot

• Select Result per page maximum you can select 100 as given in screen shot. If result more than 100 you need to below exercise multiple time.

• Open Firebug in the website and go into Console>Show command editor, and paste the next code in the right window, and press run.

   var rows = $("#table_email_accts tr.dt_info_row"),

   returnString = "";

   rows.each(function(i, item){

   var tdList = [];

   $(item).find('td:eq(0)').each(function(s, subItem){

   tdList.push($(subItem).text());

   });

   returnString += tdList + "\n";

   });

   console.log(returnString);

• After paste above code in firebug you need to select result per page to 100 you will get result all mail accounts you need to copy it to notepad. Please keep it for we will use in future reference.

Creating the  XML files

Account migration tool in Zimbra server work on two .xml files for bulk migrate accounts.

1. The first xml is for the Account provision
2. The second xml is for the IMAP data import

First xml is for account provision,  Which used to provision multiple email account without importing email

<?xml version="1.0" encoding="UTF-8"?>

<ZCSImport>

<ImportUsers>

<User>

<sn>Sample</sn>

<givenName>Sam</givenName>

<displayName>Sam Sample</displayName>

<RemoteEmailAddress>ssample@example.com</RemoteEmailAddress>

<password>test123</password>

<zimbraPasswordMustChange>TRUE</zimbraPasswordMustChange>

</User>

<User>

<sn>Zackry</sn>

<givenName>Zak</givenName>

<displayName>Zak Zackry</displayName>

<RemoteEmailAddress>zzackry@example.com</RemoteEmailAddress>

<password>test123</password>

<zimbraPasswordMustChange>TRUE</zimbraPasswordMustChange>

</User>

</ImportUsers>

</ZCSImport>

Save this xml file as Cpanel-IMAP-User.xml

The second xml is for import emails.

<?xml version="1.0" encoding="UTF-8"?>

<ZCSImport>

<IMAPHost>imap.gmail.com</IMAPHost>

<IMAPPort>143</IMAPPort>

<ConnectionType>cleartext</ConnectionType>

<UseAdminLogin>0</UseAdminLogin>

<ImportUsers>

<User>

<sn>Sample</sn>

<givenName>Sam</givenName>

<displayName>Sam Sample</displayName>

<RemoteEmailAddress>sam@example.com</RemoteEmailAddress><RemoteIMAPLogin>sam@example.com</RemoteIMAPLogin><remoteIMAPPassword>test123</remoteIMAPPassword>

</User>

<User>

<sn>Zackry</sn>

<givenName>Zak</givenName>

<displayName>Zak Zackry</displayName>

<RemoteEmailAddress>zzackry@example.com</RemoteEmailAddress><RemoteIMAPLogin>sam@example.com</RemoteIMAPLogin><remoteIMAPPassword>test123</remoteIMAPPassword>

</User>

</ImportUsers>

</ZCSImport>

Note: Instead of imap.gmail.com you need to set server address of Domain mail server in above script

After save both xml files open account migration tool from Zimbra admin console from Home>Tools>Migration>Account Migration

• After completed this it shows like this if any error not occurred

Install a SSL certificate on Zimbra

Description:  Here I have define how to install ssl certificate on zimbra mail server

Zimbra mail server supports two possible ways of SSL installation:

• zimbra administration console (web interface)
• zimbra certificate manager (command line interface)

SSL certificate installation via Zimbra Administration Console

• Click on “Configure” from the left list of the main menu:

• In the next window, click on “Certificates” and pick the option “Install Certificate”:

• You will see a separate window where you need to choose the required mail server. Click “Next” afterwards:

• Pick “Install the commercially signed certificate” option to start the installation process

• Review all information that was used for CSR generation. If the information is correct, click on the “Next” button:

• Upload the SSL certificate file, root certificate and intermediate certificates received from the Certificate Authority

• When the SSL installation process is completed, you will see the notification:

• To apply changes, You need to restart Zimbra service.

SSL certificate installation via Zimbra Certificate Manager (command line interface)

• A Zimbra package has the “zmcertmgr” tool to manage SSL certificates
• For version 8.6 or lower, this tool must be run as root. Run this command in the terminal to switch from the default user to the root:
• Generate csr and commercial.key file using below command using zimbra user

$ /opt/zimbra/bin/zmcertmgr createcsr comm -new -subject "/C=IN/ST=Ahmedabad/L=Gujarat/O=companyName Limited CERTIFICATS/CN=domain.com"

• To start the installation process, you need to upload the SSL certificate file (server_domain_com.crt) and CA bundle file (server_domain_com.ca-bundle) to any folder to your hosting server on the temporary basis. For this example, SSL files have been uploaded to the /opt/certificate directory.
• Verify that your certificate received from the Certificate Authority matches the private key generated along with the CSR:

# /opt/zimbra/bin/zmcertmgr verifycrt comm/opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/server_domain_com.crt /opt/certificate/server_domain_com.ca-bundle

• To deploy certificate run as follow:

# /opt/zimbra/bin/zmcertmgr deploycrt comm /opt/server_domain_com.crt /opt/certificate/server_domain_com.ca-bundle

• To verify installed certificate run below command :

#/opt/zimbra/bin/zmcertmgr viewdeployedcrt