Disabling services on Zimbra

This will disable snmp, you may also consider disabling logger and stats.

zmprov ms server.hostname.se -zimbraServiceEnabled snmp



Connecting to a squid proxy securely

Squid allows the use of https_port to specify a port that it will accept proxy requests over SSL.

An example is as follows in the squid.conf file:

https_port 8123 cert=/etc/pki/tls/private/squid.pem

I am using port 8123 as it is already a port allowed under the default SELinux installation on Red Hat Enterprise Linux. The cert instruction is the path to the SSL cert in PEM format. If you do not specify the key Squid assumes it is bundled in the SSL cert PEM file.

Don’t forget to open the firewall port.

At present Firefox and Chrome support connecting to the squid proxy over SSL, though one must use a pac file at the moment rather than the internal application settings.

An example pac file looks like:

cat /var/www/html/wpad.pac
function FindProxyForURL(url, host) {
return “HTTPS proxy.example.com:8123;”

You can then stick the pac file on a friendly web server or on your local file system and point the web browser in the configuration settings.

You can also launch chrome from the command line on mac with the following settings:

open ./Google\ Chrome.app  –args –proxy-server=https://proxy.example.com:8123

Windows will take similar settings details here:


Check your proxy logs to ensure that the proxy is functioning.

PLEASE NOTE: Chrome and Firefox will not take the secure proxy settings in their application configuration settings. They require the use of a proxy.pac / wpad.dat file to function. If you configure the secure proxy in the application settings the web browser will fail to connect and throw an error.

Reducing SPAM

There seems to have been a cascade of SPAM over the last couple of days so I implemented some more anti-spam controls:

In /opt/zimbra/data/spamassassin/localrules/local.cf

I have:


score URIBL_BLACK 3.250

score RAZOR2_CHECK 3.250

score PYZOR_CHECK 3.250

score BAYES_999 4.000

score BAYES_99 4.000

score BAYES_60 2.250

score BAYES_50 1.500

score BAYES_00 -0.500


I have also created files:

 /opt/zimbra/blacklist and


These have been specified in:


the config in /opt/zimbra/conf/amavisd.conf.in reads:

read_hash(\%whitelist_sender, ‘/opt/zimbra/whitelist’);

read_hash(\%blacklist_sender, ‘/opt/zimbra/blacklist’);

The content of the files is for example:


# please run zmamavisdctl restart as zimbra user to make this work.





In /opt/zimbra/conf/salocal.cf.in I have set some more spam rules

body TOPICA_RULE    /topica.com/i

describe TOPICA_RULE Spam delivered from prolific spammer

score TOPICA_RULE   100.5

uri TOPICA_RULE2    /topica.com/i

describe TOPICA_RULE Spam delivered from prolific spammer

score TOPICA_RULE2   100.5

uri TEST_RULEX    /testspamdomain.com/i

describe TEST_RULEX Spam delivered from prolific spammer

score TEST_RULEX   100.5

uri EMV3_RULE    /emv3.com/i

describe EMV3_RULE Spam delivered from prolific spammer

score EMV3_RULE   100.5

header EMV2_RULE  ALL =~ /emv2\.net/i

describe EMV2_RULE Spam delivered from prolific spammer

score EMV2_RULE   100.5


Living with a Jolla phone…

I bought a Jolla phone for a number of reasons, such as the removable battery, not being tied to an Android / Google account and finally something that is not Apple as their software and hardware seems to be gaining bugs like a light at night.

There are a number of limitations to the Jolla for use at the moment. Some of which are in process of being fixed, others I need to submit bugs or feature requests for.



Mail crashes when replying to emails using Zimbra and so I cannot reply to any emails using the default mail app. ActiveSync, Calendars and Contacts are not installed by default so I had to spend a lot of time digging just to make the most basic functionality of a smart phone.

[Update 150201] This has now been fixed. When first logging in with my Jolla account I am offered a good set of default applications to install.

Mail does not recognise .ics attachments and so I cannot receive any calendar invitations. Mail also does not recognise epub files either and so does not offer to open ebooks (such as daily newspapers) when emailed.


Calendar does not allow one to invite others to appointments or meetings. The UI is limited to see one day at a time.

If an ActiveSync account is deleted the calendars that are associated with that ActiveSync account are abandoned on the phone.

[Update 150201 This has now been fixed, when I delete an ActiveSync account Calendars, Contacts and Emails are deleted.]

The only way to delete these is a total phone reset with removal of all data and settings. (Yes one could do it in the terminal; however this is a €500 phone that ought to be able to perform as its competitors.)

Now having disabled my mail within the ActiveSync sccount I added a general mail account as IMAP and now I have two mail accounts , this is just stupid. If I disable mail it should not still show as an available account. In addition now I have two huge mail icons in the first mail screen. This should be closer to how iOS handles a unified inbox. This wastes huge amounts of space and is a poor design.

Notes: There is no notes app to work with an ActiveSync service.

Contacts: If one deletes an ActiveSync account the contacts are abandoned on the phone. The only way to delete these is a complete phone reset. There is an option to delete all contacts; however this does not work.

[Update 150201 This is now fixed]

Camera and software: Light balance is poor, focus is slow, videos are not automatically compressed to be sent, photos can only be sent one by one. (Yes, really one can only select one photo at a time). The photo gallery software is basic. If photos are taken in landscape they are not rotated when using the camera app in portrait, e.g. when emailing photos.

Applications: There is an App store available by default, with links to other android app stores. Some of the app stores require crazy permissions such as wanting to read your text messages and record audio. It would be great to have f-droid.org app store there by default. There are more and more apps arriving.

Missing applications:

Navigation: TomTom or a sensible navigation app. There is Here (Nokia) maps and Google; however neither of these give audio feedback and lane information, which makes navigation slower and harder.

Mail / Calendar / Contacts: These are not fit for purpose at the moment and mean that I cannot use the phone. My family and I share appointments so that we know what we are doing and when. We share photos over email (not one at a time). I want to be able to delete an account and have all the data removed from the phone.

VoIP: I have yet to find a good VoIP application that comes close to Acrobits app, or even just one that I can depend upon. There are a few proprietary that only work with their own service and a couple of poor android VoIP apps.

Streamtome: Streamtome is the reason why I stick on iPad and would not consider a move to an Android tablet. It is the best media streaming app. (XBMC and Plex both screw up listings when they mis-read or mis-interpret metadata.)


The phone itself is larger that an iPhone 4 and has quite a slippery surface. I do not have small hands and I often struggle to use the phone one-handed, owing to it sliding out of my hand, the controls being out of reach. I am considering painting the edges with rubber glue.

Media: The methods for loading media are rudimentary. One method is to remove the SD card and plug it into a PC. If you don’t have an SD card or don’t have an SD slot in your laptop, then one has to enable developer mode, set a user password and then use an ssh client to copy the files across. Most android devices one plugs it in to a laptop using USB and then copies the files across.

Battery: The Battery lasts about a day, it is difficult to tell as there is so much I cannot do with the phone I often leave it lying around, when other devices I may well be using. The battery is removable but one cannot buy replacements. It would be terrific to have a battery charger and cradle like the Blackberry Q10.

Keyboard / touchscreen: Something odd here, I find it much harder to hit the correct keys than I do on the iPhone 4, which has a smaller display. It might be owing to lack of defined keys, or lack of accuracy in the display.


Responsiveness: Some times the UI is either unresponsive because it is doing something or it does not know where I am clicking. If I click on a link in a Twitter client or email sometimes I can wait for 4 seconds for the browser to launch. As this is the only feedback that the click has worked sometimes it takes 8-15 seconds to launch a link as I am often waiting for a link to launch when the UI has not taken the finger impact.

Orientation: Very sensitive, it is frequently swivelling to the ‘wrong’ orientation when reading lying down. I find myself having to lock orientation much more that on an iOS device. This is 7 screen swipes compared to one swipe and click on iOS.

Light response: The device responds very quickly to light, which makes it uncomfortable watching or reading on the device. Even just moving round a room or moving one’s hand slightly on the phone can result in it almost blacking out.

Status bar: There is no option to have the time or other alerts shown when using apps. As we spend a lot of time looking at our phones and the current generation have stopped wearing watches it seems odd not to have the option of a status bar with time and date.

Zimbra upgrade from 8.0.7 to 8.50

The upgrade went smoothly. The hiccoughs I had were based on the move of the Postfix postfix_transport_maps to LDAP and the decision to stop supporting hash function in the postfix transportfile from 8.50 onwards. This meant that the setting was broken and then migrated to LDAP.

The error message printed in zimbra.log is:

postfix/trivial-rewrite[22832]: warning: hash:/opt/zimbra/postfix/conf/transportfile is unavailable. unsupported dictionary type: hash

I could see the setting, which had the default setting and the server specific setting. The first output is the global setting that has been migrated, the second is the server specific setting:

zmprov getConfig zimbraMtaTransportMaps

The original result provided two results:

zimbraMtaTransportMaps: proxy:ldap:/opt/zimbra/conf/ldap-transport.cf
zimbraMtaTransportMaps: hash:/opt/zimbra/postfix/conf/transportfile proxy:ldap:/opt/zimbra/conf/ldap-transport.cf

What I want in the end result is:

zimbraMtaTransportMaps: lmdb:/opt/zimbra/postfix/conf/transportfile proxy:ldap:/opt/zimbra/conf/ldap-transport.cf

To change this setting I used to be able to use zmprov; however the new setting is set in LDAP, which will require the use of        .

To start there is a very useful page here: https://wiki.zimbra.com/wiki/Ajcody-LDAP-Topics that gives some great tips to be able to do queries on the Zimbra LDAP database.  Changing to the zimbra user and sourcing the correct variables allows us to do very easy queries. We can do:

su – zimbra source ~/bin/zmshutil zmsetvars ldapsearch -x -H $ldap_master_url -D $zimbra_ldap_userdn -w $zimbra_ldap_password

We are now given the full LDAP dump, which we can pipe through grep to find the transport settings:

ldapsearch -x -H $ldap_master_url -D $zimbra_ldap_userdn -w $zimbra_ldap_password | grep transport

I found two entries here as I mentioned, I want to change both of them.

I ought to be able to do this using zmprov and the zimbraMtaTransportMaps key. There is no example that I could find on the Internet and rather than experiment on the server I cheated and used a graphical LDAP editor to change the setting from hash to LDAP.

I browsed through config and then servers to find the global setting and then the server specific setting respectively.

Now when I run:

zmprov getConfig zimbraMtaTransportMaps

I get the correct result and Zimbra starts accpeting email again.

LDAP Zimbra login screen

LDAP Zimbra login screen

Zimbra LDAP browser

Zimbra LDAP browser

Comments Off on Zimbra upgrade from 8.0.7 to 8.50 more...

Difficulty with calendar sync on my Q10 – Resolved

Note – This has now been resolved. I found a couple of other people who had had similar issues.

Some long term repeat appointments cause all appointments to disappear in the calendar on the device. It also hides all appointments in other ActiveSync calendars too. The solution was to delete long term repeat appointments until the culprit is found. I will be looking through the logs to try to identify the particular issue so it may be fixed permanently.

When I add a new ActiveSync account on a Blackberry Q10 the calendar appointments appear initially but as I suppose the sync completes all the calendar appointments disappear. They still are held as I get reminders but they do not show.


ActiveSync 1

Initial ActiveSync sync with appointments showing












As the sync continues we see the months filling out:

ActiveSync 2

We can see the dates filling out, the larger the date number the more appointments













As the sync completes the appointments all disappear in the Q10 calendar app.

ActiveSync 3

Q10 appointments disappear as the sync completes


Calendar now blank

Calendar now blank












The appointments must still be present as we can see from the screenshot that they appear as a reminder on the lock screen.

ActiveSync 4

The appointments do not show in the Calendar app but do show in the lock screen.

Failure to change Passwords on SugarCRM

It seems that there is a bug in the default install for SugarCRM version 6.5 The error received is something like:
Please provide a new password. Incorrect current password for user. Re-enter password information.

One can work around this error by going to Admin, then setting:
System-Generated Password Expiration to None.

While this is not ideal, I assume that this will be fixed in the next release.

Disable PDFs in Safari

Some consider Safari a very poor PDF reader (myself included).

An easy way to disable Safari as a PDF  reader is the following command executed in a terminal window:

defaults write com.apple.Safari WebKitOmitPDFSupport -bool YES
Comments Off on Disable PDFs in Safari more...

Mounting an encrypted drive

he drive I am using here is a USB drive that has been mounted and encrypted on my laptop running RHEL6 (Red Hat Enterprise Linux 6). I want to mount on a server also running RHEL6.

I run dmesg and I can see that the server recognises it as /dev/sdb:

USB Mass Storage support registered.
usb-storage: device scan complete
scsi 2:0:0:0: Direct-Access     Maxtor 6 Y120M0                PQ: 0 ANSI: 2 CCS
scsi 2:0:0:1: Direct-Access     WDC WD50 00AAKS-00YGA0         PQ: 0 ANSI: 2 CCS
scsi 2:0:0:0: Attached scsi generic sg1 type 0
scsi 2:0:0:1: Attached scsi generic sg2 type 0
sd 2:0:0:0: [sda] 240121728 512-byte logical blocks: (122 GB/114 GiB)
sd 2:0:0:1: [sdb] 976773168 512-byte logical blocks: (500 GB/465 GiB)



The operating system needs a device to talk to the under-lying encryption, to create this device on the new server we can use the cryptsetup utility. I am going to call the disk device d500.


cryptsetup luksOpen /dev/sdb1 d500


We can now look for the new device:

ls /dev/mapper/
control  d500  vg_lump-lv_root  vg_lump-lv_swap


Before we mount the disk we need a directory to mount it to.

mkdir /mnt/d500


Then mount the disk:

mount /dev/mapper/d500 /mnt/d500


We can also see the disk is now mounted:

df -h
/dev/mapper/d500      459G  198M  435G   1% /mnt/d500


If we want the disk to automatically mount upon boot we need to create an entry in /etc/fstab

If you need this to survive a reboot then an entry needs to be entered in /etc/crypttab so that the dev/mapper device is created at every reboot.

The fields are:

Name (that will be created under /dev/mapper/[name])   Device (often identified by UUID) and options (such as password to decrypt)

You can get the UUID by running the command


This will give you by default the UUIDs of all devices on the system.

You can then edit


then add something like:

d500    UUID=2e23233fc-2323-49ba-a239-2872642-fd733219 none

Then when the system boots it will ask for the relevant password.

Adding a disk for SElinux & virt

A short one this.

Add the directories, set the contexts and then restore the contexts.

Still working on disk /mnt/d500


Create the directories I want to use:

mkdir -p /mnt/d500/libvirt/images


Set the context for the libvirt directory:

semanage fcontext -a -t virt_var_lib_t "/mnt/d500/libvirt"


Set the context for the images directory:

semanage fcontext -a -t virt_image_t "/mnt/d500/libvirt(/.*)?"


Then write the contexts:

restorecon -R /mnt/d500/

Then check the contexts:

ls -lZd /mnt/d500/libvirt/images/


Copyright © 1996-2013 Xander Harkness. All rights reserved.
iDream theme by Templates Next | Powered by WordPress