@travisdh1 thanks! 🙂

@dbeato the filter moves any subject that has SPAM to the folder junk which adds to all the domains instead of one by one

@nagendra said in Zimbra /tmp/.cache/.kthrotlds 400% CPU usage:

@scottalanmiller said in Zimbra /tmp/.cache/.kthrotlds 400% CPU usage:

nding the compromise. It could be anywhere.

yah better install free zimbra restore the backup...

What is your OS version?

@pattonb said in DNS PTR Record with 2 FQDN Entries with SPAM Check:

@JaredBusch incorrect, Scott has summarized succinctly

That is what you asked. But going with that is not what you actually wanted, then the answer to your original post is that you don't fix anything.

You whitelist the domain in question and move on.

The sender's ISP is in charge of setting the PTR record and there is not a damned thing you can do about it.

If this is a new install, stop now and start over. Ubuntu 16.04 is quite old and should not be being deployed. Zimbra's main install option is CentOS 7 which is current. Those directions are not good, use the actual Zimbra directions, Zimbra installation the correct and current way is plenty easy. There are guides on this site, too.

@JaredBusch said in Email server options:

@Dashrender said in Email server options:

This comparison misses taking it beyond year 5.

Why take it beyond 5 years? Because if it is on premises, it will need to be upgraded again.

@Dashrender said in Email server options:

If you add SA to the original licenses - because you know the plan is the keep using Exchange going forward - it will raise the costs noticeably in the beginning, but come renewal time it will make it significantly less. Less enough to be under O365? not likely, hell, even the 5 year plan would be more expensive for onprem vs O365... but it might lower itself over time because of the SA difference.

SA is a scam to get more money. Always has been for the SMB. With negotiated pricing for Enterprise, it is the right thing.

If you're a company that only upgrades once every 10 years - then yeah... SA is a waste of money, but you're already talking about upgrading again in 5 years, so SA could very much make financial sense - show me the numbers before you poo poo it.

@dbeato said in Zimbra 8.8.12 Released:

@scottalanmiller said in Zimbra 8.8.12 Released:

Wow, They release Open Drive and it only works up to NextCloud 13? NextCloud 16 is in RC today. What the heck?

Yeah, that is weird. Behind the times.

My level of impressed keeps slipping.

@Bend3r said in Odd Zimbra zmconfigd behavior:

@dbeato said in Odd Zimbra zmconfigd behavior:

What is it causing on your Zimbra? mine are unaffected.

For me, everything is working smooth, the only thing I worry about is restart notice messages that are written to zimbra.log every minute.

Jul 2 00:47:20 mail zmconfigd[24959]: Fetching All configs Jul 2 00:47:20 mail zmconfigd[24959]: All configs fetched in 0.07 seconds Jul 2 00:47:26 mail zmconfigd[24959]: Watchdog: service antivirus status is OK. Jul 2 00:47:26 mail zmconfigd[24959]: All rewrite threads completed in 0.00 sec Jul 2 00:47:26 mail zmconfigd[24959]: All restarts completed in 0.00 sec Jul 2 00:48:26 mail zmconfigd[24959]: Fetching All configs Jul 2 00:48:26 mail zmconfigd[24959]: All configs fetched in 0.10 seconds Jul 2 00:48:33 mail zmconfigd[24959]: Watchdog: service antivirus status is OK. Jul 2 00:48:33 mail zmconfigd[24959]: All rewrite threads completed in 0.00 sec Jul 2 00:48:33 mail zmconfigd[24959]: All restarts completed in 0.00 sec

Perhaps, such a behavior is OK (zmconfigd fetches configs,checks them for not being changed and assumes no restarts needed for services)?

I think so. Nothing in there suggests a restart happened.

@scottalanmiller said in Zimbra Services Fail to Start; Removing Stale PIDs:

@dbeato said in Zimbra Services Fail to Start; Removing Stale PIDs:

@dbeato said in Zimbra Services Fail to Start; Removing Stale PIDs:

@scottalanmiller said in Zimbra Services Fail to Start; Removing Stale PIDs:

@dbeato said in Zimbra Services Fail to Start; Removing Stale PIDs:

I have only had this happened on the upgrades between versions and OS upgrade.

This happened to us while simply up and running. Middle of the day. Very odd.

Weird

What version?

8.8.10_GA_3716

Hmmm I just upgraded from 8.8.9 to 8.8.11 last week or two weeks ago.

@anthonyh said in Zimbra, fail2ban, CentOS 7, and firewalld:

@scottalanmiller said in Zimbra, fail2ban, CentOS 7, and firewalld:

https://arstech.net/zimbra-fail2ban-setup/

I came across that article and it's the most promising. Though it's still a iptables based fail2ban configuration. I'm not sure if it's as simple as changing the references to iptables or if tweaking it to work with firewalld is more involved.

I suppose an option is to disable firewalld and install iptables. I've done that before in the past.

Hmm...

That's probably what they did, because you need to disable firewalld to enable iptables.

@EddieJennings said in Zimbra Certbot Scripts:

Since acquiring and renewing a certificate can be automated with Certbot, would it make sense to have the cert in two places? HTTP/HTTPS traffic passes through your ngingX VM, which receives its certificate through its own instance of Certbot. And you have a second instance of certbot that functions on the Zimbra server itself, so you have a cert for IMAP and SMTP connections.

Or, for you, does it not matter that IMAP and SMTP connections are unencrypted? Since beyond your own mail server, there's no guarantee that encrypted connections will exist.

You could, but it would still be such a pain to automate as certbot can't renew the certs alone for Zimbra, that you might as well just use one.

@scottalanmiller said in NGinx Configuration Block for Zimbra Reverse Proxy:

Someone was looking for this specifically so...

server { client_max_body_size 80M; server_name my.domain.com; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_redirect off; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass https://myip:443/; proxy_redirect off; # Socket.IO Support proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } listen 80; ssl_stapling on; ssl_stapling_verify on; ssl_session_cache shared:SSL:10m; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains"; listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/my.domain.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/my.domain.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot }

Remember to create one for the Admin console on port 7071.

@dbeato said in Zimbra Update Fails with Validating LDAP Configuration, Cannot Create TLS Connection to LDAP Masters:

@scottalanmiller said in Zimbra Update Fails with Validating LDAP Configuration, Cannot Create TLS Connection to LDAP Masters:

So it worked by rebooting. WTF

Weird.

Very

Good to know, I use Ubuntu/Debian so I will check for that.

@travisdh1 said in SPAM Filtering with Zimbra:

@dbeato I'm a fan of using their RBL list. Anyone know if that's still available for free?

@travisdh1 also the server is b.barracudacentral.org