msgbartop
MAC OS X, Linux, Windows and other IT Tips and Tricks
msgbarbottom

23 Oct 16 LibClamAV Error: mpool_malloc(): Attempt to allocate 8388608 bytes

Lately I updated the Ubuntu 12.04 where I run Zimbra 8.x and found that the log file of ‘clamd’ process was filling incredibly fast with the follwoing error line and the emails received’s subject were tagged with ‘**UNCHECKED**’
LibClamAV Error: mpool_malloc(): Attempt to allocate 8388608 bytes. Please report to http://bugs.clamav.net
Finally I found a solution at this post:
https://wiki.zimbra.com/wiki/ClamAV_DB_update_leads_to_**UNCHECKED**_in_all_messages
The solution was to upgrade Zimbra or to disable the Anti-virus from Zimbra with the following commands run a ‘zimbra’ user:
zmprov ms `zmhostname` -zimbraServiceEnabled antivirus
zmcontrol restart

After this the following process of clamd wasn’t present any more and that is good news.
/opt/zimbra/clamav/sbin/clamd --config-file=/opt/zimbra/conf/clamd.conf

That worked and now I have no Antivirus in Zimbra but for now I don’t need it.

17 Jul 13 Some useful commands for Zimbra

Show the expiry date of the installed certificate:
Run as root user:
/opt/zimbra/bin/zmcertmgr viewdeployedcrt all |grep notAfter

Restart all the Zimbra services
Run as zimbra user:
zmcontrol stop ; zmcontrol start

Check the status of all running Zimbra services:
Run as zimbra user:
zmcontrol status

Display the version of the current Zimbra:
Run as zimbra user:
zmcontrol -v

11 Jul 13 Configuring Zimbra to deliver mail using SSL/TLS

Reference:
http://wiki.zimbra.com/index.php?title=Outgoing_SMTP_Authentication#Enable_TLS
ssh root@server.mydomain.com
su - zimbra
zmlocalconfig -e postfix_smtp_tls_security_level=may
zmcontrol restart

Sent an email to normal postfix server:
Check the headers of received email:
Received: from server.mydomain.com (static.66.240.40.188.clients.your-server.de [188.40.240.66])
by mail.mydomain.com (Postfix) with ESMTPS id E457F3E09E for ;
Fri, 19 Apr 2013 23:35:31 +0200 (CEST)

Sent to GMAIL server:
Received: from server.mydomain.com (static.66.240.40.188.clients.your-server.de. [188.40.240.66])
by mx.google.com with ESMTPS id b4si25422716eef.188.2013.04.19.14.39.14
(version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128);

22 Apr 13 Install Geotrust certificate in Zimbra 8.x

The best way to install a RapidSSL cert is via the CLI as the root user.

Reference: (18-12-2012 @ 23:39 BST)
http://elijahpaul.co.uk/2012/12/installing-a-rapidssl-certificate-on-zimbra-8-0/#.UVjDBhlSP5g

1. Start by logging into your Zimbra servers CLI via SSH.

2. As root begin by generating a Certificate Signing Request (CSR).
Below replace ‘mail.yourdomain.com’ with the FQDN of your Zimbra server.
/opt/zimbra/bin/zmcertmgr createcsr comm -new -keysize 2048 -subject "/C=GB/ST=England/L=London/O=Company Name/OU=Company Branch Name/CN=mail.yourdomain.com" -subjectAltNames mail.yourdomain.com

The above command includes the following codes:
/C = Country: The Country is a two-digit code — for the United Kingdom, it’s ‘GB’. A list of country codes is available here –
/ST = State: State is a full name, i.e. ‘California’, ‘Scotland’.
/L = Locality: Locality is a full name, i.e. ‘London’, ‘New York’.
/O = Organization: The Organization Name is your Full Legal Company or Personal Name, as legally registered in your locality.
/OU = Organizational Unit: The Organizational Unit is whichever branch of your company is ordering the certificate such as accounting, marketing, etc.
/CN = Common Name: The Common Name is the Fully Qualified Domain Name (FQDN) for which you are requesting the ssl certificate.
This will be the FQDN of your Zimbra server, e.g. mail.yourdomain.com or zimbra.yourdomain.com

3. Now upload/send the certificate request(CSR) to your SSL provider.
(Zimbra saves it to ‘/opt/zimbra/ssl/zimbra/commercial/commercial.csr’)
They will most likely provide you with your Commercial Certificate via an email in the form of text or an attached file.

Note: If you already have your commercial certificate you only need to start at step 4 below.

4. Save your Commercial Certificate in a temporary file.
If provided as plain text you can cut and paste it into a new file using nano:
nano /tmp/commercial.crt

5. Download and save the root Certificate Authority (CA) for RapidSSL certificates to a temporary file. (e.g. /tmp/ca.crt).
Create the Root CA key:
The root CA for RapidSSL certificates is provided by GeoTrust and can also be found here:
https://ssltest12.bbtest.net/
Again you can cut and paste the following GeoTrust root CA text into a new file using nano.
nano /tmp/ca.crt
Content:
-----BEGIN CERTIFICATE-----
MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG
EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg
R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9
9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq
fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv
iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU
1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+
bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW
MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA
ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l
uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn
Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS
tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un
hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV
5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==
-----END CERTIFICATE-----

6. Download any intermediary CAs from your SSL provider, again to a temporary file.
(e.g. /tmp/ca_intermediary.crt). RapidSSL certs usually come with a single intermediary certificate.
Once again, cut and paste the follwong RapidSSL Intermediate certificate using nano:
nano /tmp/ca_intermediate.crt
Content:
-----BEGIN CERTIFICATE-----
MIID1TCCAr2gAwIBAgIDAjbRMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
YWwgQ0EwHhcNMTAwMjE5MjI0NTA1WhcNMjAwMjE4MjI0NTA1WjA8MQswCQYDVQQG
EwJVUzEXMBUGA1UEChMOR2VvVHJ1c3QsIEluYy4xFDASBgNVBAMTC1JhcGlkU1NM
IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx3H4Vsce2cy1rfa0
l6P7oeYLUF9QqjraD/w9KSRDxhApwfxVQHLuverfn7ZB9EhLyG7+T1cSi1v6kt1e
6K3z8Buxe037z/3R5fjj3Of1c3/fAUnPjFbBvTfjW761T4uL8NpPx+PdVUdp3/Jb
ewdPPeWsIcHIHXro5/YPoar1b96oZU8QiZwD84l6pV4BcjPtqelaHnnzh8jfyMX8
N8iamte4dsywPuf95lTq319SQXhZV63xEtZ/vNWfcNMFbPqjfWdY3SZiHTGSDHl5
HI7PynvBZq+odEj7joLCniyZXHstXZu8W1eefDp6E63yoxhbK1kPzVw662gzxigd
gtFQiwIDAQABo4HZMIHWMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUa2k9ahhC
St2PAmU5/TUkhniRFjAwHwYDVR0jBBgwFoAUwHqYaI2J+6sFZAwRfap9ZbjKzE4w
EgYDVR0TAQH/BAgwBgEB/wIBADA6BgNVHR8EMzAxMC+gLaArhilodHRwOi8vY3Js
Lmdlb3RydXN0LmNvbS9jcmxzL2d0Z2xvYmFsLmNybDA0BggrBgEFBQcBAQQoMCYw
JAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdlb3RydXN0LmNvbTANBgkqhkiG9w0B
AQUFAAOCAQEAq7y8Cl0YlOPBscOoTFXWvrSY8e48HM3P8yQkXJYDJ1j8Nq6iL4/x
/torAsMzvcjdSCIrYA+lAxD9d/jQ7ZZnT/3qRyBwVNypDFV+4ZYlitm12ldKvo2O
SUNjpWxOJ4cl61tt/qJ/OCjgNqutOaWlYsS3XFgsql0BYKZiZ6PAx2Ij9OdsRu61
04BqIhPSLT90T+qvjF+0OJzbrs6vhB6m9jRRWXnT43XcvNfzc9+S7NIgWW+c+5X4
knYYCnwPLKbK3opie9jzzl9ovY8+wXS7FXI6FoOpC+ZNmZzYV+yoAVHHb1c0XqtK
LEL2TxyJeN4mTvVvk0wVaydWTQBUbHq3tw==
-----END CERTIFICATE-----

7. Combine root and intermediary CAs into a temporary file.
cat /tmp/ca.crt /tmp/ca_intermediate.crt > /tmp/ca_chain.crt
8. Copy your private key created and used to create your CSR file into:
/opt/zimbra/ssl/zimbra/commercial/commercial.key
9. Deploy your commercial certificate to Zimbra
/opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/commercial.crt /tmp/ca_chain.crt
The result should look like this:
** Verifying /tmp/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
Certificate (/tmp/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
Valid Certificate: /tmp/commercial.crt: OK
** Copying /tmp/commercial.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
** Appending ca chain /tmp/ca_chain.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
** Importing certificate /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt to CACERTS as zcs-user-commercial_ca...done.
** NOTE: mailboxd must be restarted in order to use the imported certificate.
** Saving server config key zimbraSSLCertificate...done.
** Saving server config key zimbraSSLPrivateKey...done.
** Installing mta certificate and key...done.
** Installing slapd certificate and key...done.
** Installing proxy certificate and key...done.
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
** Installing CA to /opt/zimbra/conf/ca...done.

10. To finish, verify the certificate was deployed.
/opt/zimbra/bin/zmcertmgr viewdeployedcrt
11. Restarting Zimbra services will ensure the new commercial certificate takes effect
su - zimbra
zmcontrol restart

The result should look like this:
Host myhost.mydomain.com
Stopping vmware-ha...Done.
Stopping zmconfigd...Done.
Stopping stats...Done.
Stopping mta...Done.
Stopping spell...Done.
Stopping snmp...Done.
Stopping cbpolicyd...Done.
Stopping archiving...Done.
Stopping antivirus...Done.
Stopping antispam...Done.
Stopping proxy...Done.
Stopping memcached...Done.
Stopping mailbox...Done.
Stopping logger...Done.
Stopping ldap...Done.
Host myhost.mydomain.com
Starting ldap...Done.
Starting zmconfigd...Done.
Starting logger...Done.
Starting mailbox...Done.
Starting memcached...Done.
Starting proxy...Done.
Starting antispam...Done.
Starting antivirus...^@Done.
Starting snmp...Done.
Starting spell...Done.
Starting mta...Done.
Starting stats...Done.

22 Apr 13 Configuring DKIM Authentication in Zimbra

Configuring Zimbra 8.x to use DKIM Authentication
Example for ‘mydomain.com’

ssh root@zimbra.mydomain.com
su - zimbra

Creating the DKIM keys for a domain:
/opt/zimbra/libexec/zmdkimkeyutil -a -d mydomain.com
Example of result:
50F0EEFE-AB8C-11E2-B7AE-FC2CE654A0ED._domainkey IN TXT ( "v=DKIM1; k=rsa; "
"p=MIGfMA0GCSqGSIb3DQEBAQUCA4GNADCBiQKBgQDodIcoFWJsfsSzsdINY/ZiOKn3qKLt+qmEl1cDYApi0PCHwQmqTl9mhRKs3obfgN8O9nT227CDg9NI7MMu8r0fOatQRQ1YHesDmHIo1lELioDNd5QZPg1AUum0CPsDuR+YI5AG5wZhZ4c3ei0Uv3cu4aTIhGrRgnD081sysJ5vZwIDAQAB" ) ; ----- DKIM key 50F0EEFE-AB8C-11E2-B7AE-FC2CE654A0ED for mydomain.com

IMPORTANT: Enter the above result as TXT field in the DNS of example.com domain.

Testing the DKIM keys:


Command syntax:
/opt/zimbra/opendkim/sbin/opendkim-testkey -d example.com -s 0E9F184A-9577-11E1-AD0E-2A2FBBAC6BCB -x /opt/zimbra/conf/opendkim.conf
-d is the domain name (example.com)
-s is the selector name (0E9F184A-9577-11E1-AD0E-2A2FBBAC6BCB…value entered in first field of TXT record)
-x is the configuration file (/opt/zimbra/conf/opendkim.conf)

Example of DNS TXT record:
0E9F184A-9577-11E1-AD0E-2A2FBBAC6BCB._domainkey IN TXT "v=DKIM1; k=rsa; " "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2R............."
Example of key test command:
/opt/zimbra/opendkim/sbin/opendkim-testkey -d example.com -s 0E9F184A-9577-11E1-AD0E-2A2FBBAC6BCB -x /opt/zimbra/conf/opendkim.conf
– If no result is shown: then the Key is correct.
– If something is wrong then the following similar message would show up:
opendkim-testkey: '0E9F184A-9577-11E1-AD0E-2A2FBBAC6BCB._domainkey.example.com' record not found
Retrieving a DKIM key from Zimbra:
/opt/zimbra/libexec/zmdkimkeyutil -q -d example.com
Deleting a DKIM key from Zimbra
/opt/zimbra/libexec/zmdkimkeyutil -r -d example.com
Example of a mail headers sent using DKIM and SPF Authentication
Received: from zimbra.example.com ([84.200.75.211])
by mx.google.com with ESMTPS id fv8si9645396bkc.151.2013.04.22.14.24.39
(version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
Mon, 22 Apr 2013 14:24:39 -0700 (PDT)
Received-SPF: pass (google.com: domain of michel@example.com designates 84.200.75.211 as permitted sender) client-ip=84.200.75.211;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of michel@example.com designates 84.200.75.211 as permitted sender) smtp.mail=michel@example.com;
dkim=pass header.i=@example.com
DKIM-Filter: OpenDKIM Filter v2.7.1 zimbra.example.com 37BCE8CAFC
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=example.com;
s=50F0EEFE-AB8C-11E2-B7AE-FC2CE654A0ED; t=1366665881;
bh=vJ74cUsPMKlw/MROSXLmZbSV7uGHNQFAGzPZcMjnQPU=;
h=Date:From:To:Message-ID:Subject:MIME-Version:Content-Type;
b=w6XTCY+nnfc/jZCtfA4QO7yIMLX9P6Bzlm+r5BGUUwdFTDtLb0CmrE8eYi+8mLDuR
M3wrGuOfo5U239h4ixp6nnc1Ogj5xb3uIfe9xVOQaXBeIz7yKDFWBiUaMT7FQEqpgU
aGBJ96p8bsxwyuU1L3/uSdyyykHPUapGNoTpH/R0=