7,166
edits
No edit summary |
No edit summary |
||
(41 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
*Zimbra9, Zimbra10 FOSS | |||
仕事早いw | |||
https://forums.zimbra.org/viewtopic.php?t=72231 | |||
https://techfiles.online/zimbra/ | |||
*Zimbra9, Zimbra10 | |||
Open Source edition が無くなるようなので離脱の準備を始めることにする。 | |||
https://computingforgeeks.com/zimbra-open-source-editions-end-of-support/ | |||
メモ的キーワード opendkim postsrsd | |||
*Apple macos iOS にオレオレ証明書が使えない | |||
昔できた方法がもはや拒否されてるので、この際なので Let’s Encrypt を導入した。 | |||
https://wiki.zimbra.com/wiki/Installing_a_LetsEncrypt_SSL_Certificate | |||
python のバージョン不整合地獄に落ちだが、上の方法が一番近道なので、不整合地獄を力業で解決するのが吉。 | |||
手アップデートやパッケージ hold とか駆使しつつ... | |||
証明書が更新されたあとに自動 restart はまた考える | |||
*オレオレ証明書の更新 | |||
https://wiki.zimbra.com/wiki/Regenerate_Self-Signed_SSL_Certificate_-_Single-Server | |||
zimbra ユーザで | |||
<syntaxhighlight lang="bash" enclose="div"> | |||
/opt/zimbra/bin/zmcertmgr createca -new | |||
/opt/zimbra/bin/zmcertmgr deployca | |||
/opt/zimbra/bin/zmcertmgr createcrt -new -days 365 | |||
/opt/zimbra/bin/zmcertmgr deploycrt self | |||
/opt/zimbra/bin/zmcertmgr viewdeployedcrt | |||
zmcontrol restart | |||
</syntaxhighlight> | |||
*BLOCK customer.worldstream.nl | |||
<syntaxhighlight lang="bash" enclose="div"> | |||
zmprov mcf zimbraMtaHeaderChecks 'pcre:/opt/zimbra/conf/postfix_header_checks pcre:/opt/zimbra/conf/custom_header_checks' | |||
zmmtactl restart | |||
</syntaxhighlight> | |||
/opt/zimbra/conf/custom_header_checks | |||
<syntaxhighlight lang="text" enclose="div"> | |||
/^Received: from customer\.worldstream\.nl/ DISCARD | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="bash" enclose="div"> | |||
/opt/zimbra/common/sbin/postfix reload | |||
</syntaxhighlight> | |||
https://wiki.zimbra.com/wiki/King0770-Notes-Header-Checks | |||
https://gato.intaa.net/archives/12999 | |||
*TLSv1.2 のみしたかったが | |||
iPhone (iOS12) Mail (IMAP) から繋がらず、 TLSv1 を有効にしないといけないらしい...アカンやつやw | |||
*Unable to start TLS: SSL connect attempt failed error: | |||
SSL routines:ssl3_get_server_certificate:certificate verify failed when connecting to ldap master. | |||
apt でパッケージが 8.7b8 から 8.7b9 に upgrade されたら StartTLS がこわれた... | |||
強引な解決方法 | |||
<syntaxhighlight lang="bash" enclose="div"> | |||
zmlocalconfig -e ldap_starttls_supported=0 | |||
</syntaxhighlight> | |||
[https://wiki.zimbra.com/wiki/Unable_to_create_a_successful_TLS_connection_to_the_ldap_masters When upgrading to 8.5x, "Unable to create a successful TLS connection to the ldap masters" comes up] | |||
* gzip: stdin: file size changed while zipping | |||
<syntaxhighlight lang="bash" enclose="div"> | |||
postrotate | |||
kill -USR1 `cat /opt/zimbra/log/nginx.pid 2> /dev/null` 2> /dev/null && sleep 5 || true | |||
endscript | |||
</syntaxhighlight> | |||
[https://sebastian.marsching.com/wiki/Network/Zimbra Network/Zimbra - Sebastian's Wiki] | |||
* OS upgrade の場合 | |||
[https://forums.zimbra.org/viewtopic.php?f=8&t=61175 imbra Collaboration 8.7.x and Ubuntu OS update corrupts/removes Zimbra installation] | |||
<syntaxhighlight lang="bash" enclose="div"> | |||
cd /opt | |||
cd zimbra.lts16 | |||
cp -adpRx bin common/bin common/lib common/libexec common/sbin common/share lib libexec /opt/zimbra | |||
</syntaxhighlight> | |||
コピーがうまくいかないので、tar cf - ./bin|(cd /opt/zimbra;tar xf -) でちまちまコピる | |||
<syntaxhighlight lang="bash" enclose="div"> | |||
cd /opt | |||
cd zimbra.lts16 | |||
tar cf - ./bin ./common/bin ./common/lib ./common/libexec ./common/sbin ./common/share ./lib ./libexec |(cd /opt/zimbra;tar xf -) | |||
</syntaxhighlight> | |||
*よくあるからメモ | |||
zimbra を update したあとに、 | |||
<pre> | |||
Jul 15 16:30:03 mail1 postfix/postdrop[7889]: warning: mail_queue_enter: create file maildrop/370137.7889: Permission denied | |||
</pre> | |||
が大量にでる。 | |||
<syntaxhighlight lang="bash" enclose="div"> | |||
zmcontrol stop | |||
sudo killall postdrop | |||
# もし必要なら | |||
#sudo usermod -a -G postdrop zimbra | |||
#sudo /opt/zimbra/libexec/zmfixperms | |||
zmcontrol start | |||
</syntaxhighlight> | |||
killall postdrop が肝 | |||
*high precision timestamps 再 | |||
/opt/zimbra/common/bin/prepflog.pl | |||
<syntaxhighlight lang="diff" enclose="div"> | |||
250c250 | |||
< /^(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):(\d{2})(?:[\+\-](?:\d{2}):(?:\d{2})|Z) \S+ (.+)$/o) == 10); | |||
--- | |||
> /^(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):(\d{2})(?:\.\d+)?(?:[\+\-](?:\d{2}):(?:\d{2})|Z) \S+ (.+)$/) == 7); | |||
255,256c255,257 | |||
< unless((($cmd, $qid) = $logRmdr =~ m#^(?:postfix|$syslogName)/([^\[:]*).*?: ([^:\s]+)#o) == 2 || | |||
< (($cmd, $qid) = $logRmdr =~ m#^((?:postfix)(?:-script)?)(?:\[\d+\])?: ([^:\s]+)#o) == 2) | |||
--- | |||
> unless((($cmd, $qid) = $logRmdr =~ m#^(?:postfix-?\w*|$syslogName)(?:/(?:smtps|submission))?/([^\[:]*).*?: ([^:\s]+)#o) == 2 || | |||
> (($cmd, $qid) = $logRmdr =~ m#^((?:postfix)(?:-script)?)(?:\[\d+\])?: ([^:\s]+)#o) == 2 || | |||
> (($cmd, $qid) = $logRmdr =~ m#^MailScanner\[\d+\]: (Requeue): (\w+)\.#) == 2) | |||
560c561 | |||
< # return a date string to match in log | |||
--- | |||
> # return traditional and RFC3339 date strings to match in log | |||
562c563 | |||
< my $dateOpt = $_[0]; | |||
--- | |||
> my ($dateOpt) = $_[0]; | |||
572c573 | |||
< my ($t_mday, $t_mon) = (localtime($time))[3,4]; | |||
--- | |||
> my ($t_mday, $t_mon, $t_year) = (localtime($time))[3,4,5]; | |||
574c575 | |||
< return sprintf("%s %2d", $monthNames[$t_mon], $t_mday); | |||
--- | |||
> return sprintf("%s %2d", $monthNames[$t_mon], $t_mday), sprintf("%04d-%02d-%02d", $t_year+1900, $t_mon+1, $t_mday); | |||
</syntaxhighlight> | |||
*postfix : Specific Whitelist/Blacklist per IP | *postfix : Specific Whitelist/Blacklist per IP | ||
[https://wiki.zimbra.com/wiki/Specific_Whitelist/Blacklist_per_IP Specific Whitelist/Blacklist per IP] | [https://wiki.zimbra.com/wiki/Specific_Whitelist/Blacklist_per_IP Specific Whitelist/Blacklist per IP] | ||
Line 9: | Line 153: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
:postmap will need to be rerun on the file anytime an IP address is added or removed. | :postmap will need to be rerun on the file anytime an IP address is added or removed. | ||
:fail2ban というのもある | |||
::結局、大胆に... | |||
<syntaxhighlight lang="bash" enclose="div"> | |||
iptables -A INPUT -s 62.150.168.221 -j DROP | |||
iptables -A INPUT -s 62.150.168.194 -j DROP | |||
</syntaxhighlight> | |||
Line 117: | Line 268: | ||
--- | --- | ||
> # my $today = strftime("%b %e ", localtime); | > # my $today = strftime("%b %e ", localtime); | ||
> my $today = strftime("% | > my $today = strftime("%F", localtime); | ||
</pre> | </pre> | ||