Disabling services on Zimbra

This will disable snmp, you may also consider disabling logger and stats.

zmprov ms server.hostname.se -zimbraServiceEnabled snmp



Reducing SPAM

There seems to have been a cascade of SPAM over the last couple of days so I implemented some more anti-spam controls:

In /opt/zimbra/data/spamassassin/localrules/local.cf

I have:


score URIBL_BLACK 3.250

score RAZOR2_CHECK 3.250

score PYZOR_CHECK 3.250

score BAYES_999 4.000

score BAYES_99 4.000

score BAYES_60 2.250

score BAYES_50 1.500

score BAYES_00 -0.500


I have also created files:

 /opt/zimbra/blacklist and


These have been specified in:


the config in /opt/zimbra/conf/amavisd.conf.in reads:

read_hash(\%whitelist_sender, ‘/opt/zimbra/whitelist’);

read_hash(\%blacklist_sender, ‘/opt/zimbra/blacklist’);

The content of the files is for example:


# please run zmamavisdctl restart as zimbra user to make this work.





In /opt/zimbra/conf/salocal.cf.in I have set some more spam rules

body TOPICA_RULE    /topica.com/i

describe TOPICA_RULE Spam delivered from prolific spammer

score TOPICA_RULE   100.5

uri TOPICA_RULE2    /topica.com/i

describe TOPICA_RULE Spam delivered from prolific spammer

score TOPICA_RULE2   100.5

uri TEST_RULEX    /testspamdomain.com/i

describe TEST_RULEX Spam delivered from prolific spammer

score TEST_RULEX   100.5

uri EMV3_RULE    /emv3.com/i

describe EMV3_RULE Spam delivered from prolific spammer

score EMV3_RULE   100.5

header EMV2_RULE  ALL =~ /emv2\.net/i

describe EMV2_RULE Spam delivered from prolific spammer

score EMV2_RULE   100.5


Living with a Jolla phone…

I bought a Jolla phone for a number of reasons, such as the removable battery, not being tied to an Android / Google account and finally something that is not Apple as their software and hardware seems to be gaining bugs like a light at night.

There are a number of limitations to the Jolla for use at the moment. Some of which are in process of being fixed, others I need to submit bugs or feature requests for.



Mail crashes when replying to emails using Zimbra and so I cannot reply to any emails using the default mail app. ActiveSync, Calendars and Contacts are not installed by default so I had to spend a lot of time digging just to make the most basic functionality of a smart phone.

[Update 150201] This has now been fixed. When first logging in with my Jolla account I am offered a good set of default applications to install.

Mail does not recognise .ics attachments and so I cannot receive any calendar invitations. Mail also does not recognise epub files either and so does not offer to open ebooks (such as daily newspapers) when emailed.


Calendar does not allow one to invite others to appointments or meetings. The UI is limited to see one day at a time.

If an ActiveSync account is deleted the calendars that are associated with that ActiveSync account are abandoned on the phone.

[Update 150201 This has now been fixed, when I delete an ActiveSync account Calendars, Contacts and Emails are deleted.]

The only way to delete these is a total phone reset with removal of all data and settings. (Yes one could do it in the terminal; however this is a €500 phone that ought to be able to perform as its competitors.)

Now having disabled my mail within the ActiveSync sccount I added a general mail account as IMAP and now I have two mail accounts , this is just stupid. If I disable mail it should not still show as an available account. In addition now I have two huge mail icons in the first mail screen. This should be closer to how iOS handles a unified inbox. This wastes huge amounts of space and is a poor design.

Notes: There is no notes app to work with an ActiveSync service.

Contacts: If one deletes an ActiveSync account the contacts are abandoned on the phone. The only way to delete these is a complete phone reset. There is an option to delete all contacts; however this does not work.

[Update 150201 This is now fixed]

Camera and software: Light balance is poor, focus is slow, videos are not automatically compressed to be sent, photos can only be sent one by one. (Yes, really one can only select one photo at a time). The photo gallery software is basic. If photos are taken in landscape they are not rotated when using the camera app in portrait, e.g. when emailing photos.

Applications: There is an App store available by default, with links to other android app stores. Some of the app stores require crazy permissions such as wanting to read your text messages and record audio. It would be great to have f-droid.org app store there by default. There are more and more apps arriving.

Missing applications:

Navigation: TomTom or a sensible navigation app. There is Here (Nokia) maps and Google; however neither of these give audio feedback and lane information, which makes navigation slower and harder.

Mail / Calendar / Contacts: These are not fit for purpose at the moment and mean that I cannot use the phone. My family and I share appointments so that we know what we are doing and when. We share photos over email (not one at a time). I want to be able to delete an account and have all the data removed from the phone.

VoIP: I have yet to find a good VoIP application that comes close to Acrobits app, or even just one that I can depend upon. There are a few proprietary that only work with their own service and a couple of poor android VoIP apps.

Streamtome: Streamtome is the reason why I stick on iPad and would not consider a move to an Android tablet. It is the best media streaming app. (XBMC and Plex both screw up listings when they mis-read or mis-interpret metadata.)


The phone itself is larger that an iPhone 4 and has quite a slippery surface. I do not have small hands and I often struggle to use the phone one-handed, owing to it sliding out of my hand, the controls being out of reach. I am considering painting the edges with rubber glue.

Media: The methods for loading media are rudimentary. One method is to remove the SD card and plug it into a PC. If you don’t have an SD card or don’t have an SD slot in your laptop, then one has to enable developer mode, set a user password and then use an ssh client to copy the files across. Most android devices one plugs it in to a laptop using USB and then copies the files across.

Battery: The Battery lasts about a day, it is difficult to tell as there is so much I cannot do with the phone I often leave it lying around, when other devices I may well be using. The battery is removable but one cannot buy replacements. It would be terrific to have a battery charger and cradle like the Blackberry Q10.

Keyboard / touchscreen: Something odd here, I find it much harder to hit the correct keys than I do on the iPhone 4, which has a smaller display. It might be owing to lack of defined keys, or lack of accuracy in the display.


Responsiveness: Some times the UI is either unresponsive because it is doing something or it does not know where I am clicking. If I click on a link in a Twitter client or email sometimes I can wait for 4 seconds for the browser to launch. As this is the only feedback that the click has worked sometimes it takes 8-15 seconds to launch a link as I am often waiting for a link to launch when the UI has not taken the finger impact.

Orientation: Very sensitive, it is frequently swivelling to the ‘wrong’ orientation when reading lying down. I find myself having to lock orientation much more that on an iOS device. This is 7 screen swipes compared to one swipe and click on iOS.

Light response: The device responds very quickly to light, which makes it uncomfortable watching or reading on the device. Even just moving round a room or moving one’s hand slightly on the phone can result in it almost blacking out.

Status bar: There is no option to have the time or other alerts shown when using apps. As we spend a lot of time looking at our phones and the current generation have stopped wearing watches it seems odd not to have the option of a status bar with time and date.

Zimbra upgrade from 8.0.7 to 8.50

The upgrade went smoothly. The hiccoughs I had were based on the move of the Postfix postfix_transport_maps to LDAP and the decision to stop supporting hash function in the postfix transportfile from 8.50 onwards. This meant that the setting was broken and then migrated to LDAP.

The error message printed in zimbra.log is:

postfix/trivial-rewrite[22832]: warning: hash:/opt/zimbra/postfix/conf/transportfile is unavailable. unsupported dictionary type: hash

I could see the setting, which had the default setting and the server specific setting. The first output is the global setting that has been migrated, the second is the server specific setting:

zmprov getConfig zimbraMtaTransportMaps

The original result provided two results:

zimbraMtaTransportMaps: proxy:ldap:/opt/zimbra/conf/ldap-transport.cf
zimbraMtaTransportMaps: hash:/opt/zimbra/postfix/conf/transportfile proxy:ldap:/opt/zimbra/conf/ldap-transport.cf

What I want in the end result is:

zimbraMtaTransportMaps: lmdb:/opt/zimbra/postfix/conf/transportfile proxy:ldap:/opt/zimbra/conf/ldap-transport.cf

To change this setting I used to be able to use zmprov; however the new setting is set in LDAP, which will require the use of        .

To start there is a very useful page here: https://wiki.zimbra.com/wiki/Ajcody-LDAP-Topics that gives some great tips to be able to do queries on the Zimbra LDAP database.  Changing to the zimbra user and sourcing the correct variables allows us to do very easy queries. We can do:

su – zimbra source ~/bin/zmshutil zmsetvars ldapsearch -x -H $ldap_master_url -D $zimbra_ldap_userdn -w $zimbra_ldap_password

We are now given the full LDAP dump, which we can pipe through grep to find the transport settings:

ldapsearch -x -H $ldap_master_url -D $zimbra_ldap_userdn -w $zimbra_ldap_password | grep transport

I found two entries here as I mentioned, I want to change both of them.

I ought to be able to do this using zmprov and the zimbraMtaTransportMaps key. There is no example that I could find on the Internet and rather than experiment on the server I cheated and used a graphical LDAP editor to change the setting from hash to LDAP.

I browsed through config and then servers to find the global setting and then the server specific setting respectively.

Now when I run:

zmprov getConfig zimbraMtaTransportMaps

I get the correct result and Zimbra starts accpeting email again.

LDAP Zimbra login screen

LDAP Zimbra login screen

Zimbra LDAP browser

Zimbra LDAP browser

Comments Off on Zimbra upgrade from 8.0.7 to 8.50 more...

Difficulty with calendar sync on my Q10 – Resolved

Note – This has now been resolved. I found a couple of other people who had had similar issues.

Some long term repeat appointments cause all appointments to disappear in the calendar on the device. It also hides all appointments in other ActiveSync calendars too. The solution was to delete long term repeat appointments until the culprit is found. I will be looking through the logs to try to identify the particular issue so it may be fixed permanently.

When I add a new ActiveSync account on a Blackberry Q10 the calendar appointments appear initially but as I suppose the sync completes all the calendar appointments disappear. They still are held as I get reminders but they do not show.


ActiveSync 1

Initial ActiveSync sync with appointments showing












As the sync continues we see the months filling out:

ActiveSync 2

We can see the dates filling out, the larger the date number the more appointments













As the sync completes the appointments all disappear in the Q10 calendar app.

ActiveSync 3

Q10 appointments disappear as the sync completes


Calendar now blank

Calendar now blank












The appointments must still be present as we can see from the screenshot that they appear as a reminder on the lock screen.

ActiveSync 4

The appointments do not show in the Calendar app but do show in the lock screen.

Authenticating against Zimbra LDAP


Put the correct user, hostname and domain in. This is using example.co.uk as a domain. The capital w ensures it asks you for your password.

ldapsearch -x -h $hostname -D uid=$user,ou=people,dc=$example,dc=co,dc=uk -W

This search uses a standard user to authenticate.

You can authenticate using the main LDAP user and password; however I suggest creating a separate user with few permissions, just to make the bind.

You can find out the main LDAP password by running

zmlocalconfig -s | grep ‘ldap_’ | egrep ‘password|url’  as zimbra user on your mail server

If you really want to use the root LDAP user to bind the DN is uid=zimbra,cn=admins,cn=zimbra as seen below

The configuration below allows all zimbra users to connect to the owncloud instance using their zimbra details. Please also note that the default for Zimbra is to use unencrypted connections. This means that the bind is going across the network unencrypted. Hence not a great idea to use the root LDAP user. One can search for how to set up Zimbra to use ldaps.

Main LDAP config for owncloud

Main LDAP config for owncloud

Advanced LDAP config for owncloud

Advanced LDAP config for owncloud

Copyright © 1996-2013 Xander Harkness. All rights reserved.
iDream theme by Templates Next | Powered by WordPress