Hi,

I was wondering if someone could point me to the right direction, currently have NGINX working with rainloop using SSL letsencrypt works great. now im trying to get the Active Sync with zpush working. I got it working by taking down the rainloop, my question is how can i have rainloop and zpush on the same config with 2 roots? i was looking at the manual and saw alias but not sure if i did it correctly this is what i got so far.

Rainloop

            server {
                server_name mail.mydomain.com;
                root /var/www/rainloop/;
                access_log /var/www/rainloop/logs/access.log;
                error_log /var/www/rainloop/logs/error.log;
                index index.php;
            
                location / {
                    try_files $uri $uri/ /index.php?$query_string;
                }
            
                location ~ \.php$ {
                    fastcgi_index index.php;
                    fastcgi_split_path_info ^(.+\.php)(.*)$;
                    fastcgi_keep_conn on;
                    include /etc/nginx/fastcgi_params;
                    fastcgi_pass unix:/var/run/php5-fpm.sock;
                    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            
                }
            
                location ~ /\.ht {
                    deny all;
                }
            
                location ^~ /data {
                  deny all;
                }
            
            
                listen 443 ssl; # managed by Certbot
                ssl_certificate /etc/letsencrypt/live/mail.mydomain.com/fullchain.pem; # managed by Certbot
                ssl_certificate_key /etc/letsencrypt/live/mail.mydomain.com/privkey.pem; # managed by Certbot
                include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
                ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
            
            
                ssl_trusted_certificate /etc/letsencrypt/live/mail.mydomain.com/chain.pem; # managed by Certbot
                ssl_stapling on; # managed by Certbot
                ssl_stapling_verify on; # managed by Certbot
            
            }
            server {
                if ($host = mail.mydomain.com) {
                    return 301 https://$host$request_uri;
                } # managed by Certbot
            
            
                server_name mail.mydomain.com;
                listen 80;
                return 404; # managed by Certbot
            
            
            }
            # HTTP TO HTTPS REDIRECT
            server {
                listen 80;
                server_name mail.mydomain.com;
            return 301 https://$host$request_uri;
            }

and this is my zpush (active sync)

          server {
             listen 443;
             server_name mail.mydomain.com autodiscover.mydomain.com;
         
             ssl on;
             ssl_certificate         /etc/letsencrypt/live/mail.mydomain.com/fullchain.pem;
             ssl_certificate_key     /etc/letsencrypt/live/mail.mydomain.com/privkey.pem;
         
             root    /var/www/zpush;
             index   index.php;
         
             error_log /var/log/nginx/zpush-error.log;
             access_log /var/log/nginx/zpush-access.log;
         
             location / {
                 try_files $uri $uri/ index.php;
             }
         
             location /Microsoft-Server-ActiveSync {
                 rewrite ^(.*)$  /index.php last;
             }
         
            
         
             location ~ .php$ {
                 include /etc/nginx/fastcgi_params;
                 fastcgi_index index.php;
                 fastcgi_param HTTPS on;
                 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                 fastcgi_pass unix:/var/run/php5-fpm.sock;
                 # Z-Push Ping command will be alive for 470s, but be safe
                 fastcgi_read_timeout 630;
             }
         
         }

I was reading about putting the alias but i tried many options and could not get it work.
Any ideas?

Thank you

Hi,
I was wondering if someone could shed some light on the issue im having, currently trying to backup my vm using ZFS
currently using syncoid to backup to a usb which i have accomplished by this command

syncoid -r rpool/data/vm-125-disk-0 usbbak/vm-125-disk

the issue is that there is no retention policy something like to keep 4 days or so 4 snapshots. i checked the manpage does not say anything about retention any ideas?

Thank you

Hi,
I was wondering if someone else has had the same dilemma, so currently i have postfix email server which im moving to zimbra.

On my postfix server i had this script that would clean 90 days of emails

#!/bin/bash
 /usr/bin/find /home/in/Maildir/cur -type f -mtime +90 -delete -name "*.mail.mydomain.com:2"
 /usr/bin/find /home/in/Maildir/cur -type f -mtime +90 -delete -name "*.mail.mydomain.com:2,S"
/usr/bin/find /home/in/Maildir/cur -type f -mtime +90 -delete -name "*.mail.mydomain.com"

and this script to clean the other mailboxes

 #!/bin/bash
MAILDIRS=$(find /home/*/Maildir/ -maxdepth 0 -type d)
for basedir in $MAILDIRS; do
  for dir in .Trash .Junk .Spam .Low\ Priority; do
    for dir2 in cur new; do
      [ -e "$basedir/$dir/$dir2" ] && (
        echo "Processing $basedir/$dir/$dir2..."
        find "$basedir/$dir/$dir2/" -type f -mtime +90 -delete
      )
    done
  done
done

I also saw an option on zimbra about retention policy but i think its not automatic as it needs user permission manually?
or am i wrong?

I was looking around but i found a few scripts for zimbra but it deletes amounts of email but not by time

Thank you

Hi
I was wondering if someone could shed some light on the issue im having. Before i had my zabbix agents connecting directly to my zabbix server on different remote sites which worked fine until my zabbix got overloaded. Then on each remote site i put a zabbix proxy which helped alot on my server. So one day one of servers got shutdown and didn't alert me only 30min later which is odd. So my question is how can configure the alert of zabbix when the data stops coming in after 5min rather then 30min?

Thank you

Hi i was wondering if someone has accomplished what im trying to do,
Currently i need to create a filter for all the email users and future users.
I could not find a way on the web console to add that filter without doing one by one,
I did see this command

zmmailbox addFilterRule

but it would be the same way adding one by one so not sure if any more ideas?

Thank you

@gjacobse

why dont you just import it directly?

qm importdisk 100 DietPi_VMware-x86_64-Buster.vmdk zfs-vmdata

this case im running ZFS just change the zfs-vmdata to your lvm location

@scottalanmiller
found out how to do it

first enable headers

zmprov mc default zimbraSieveEditHeaderEnabled TRUE

then create filter

cat /tmp/myfilters

require ["fileinto", "reject", "tag", "flag", "editheader"];

#Filter email based on a subject
if header :contains "Subject" [
  "SPAM"
  ]
{
    fileinto "Junk";
    stop;
}

then copy the sieve filters

cat /tmp/myfilters |xargs -0 zmprov md domain.com zimbraAdminSieveScriptBefore

and it works

@pete-s
correct, whats odd is that it works perfectly fine on HA proxy on pfSense its just that i want to move better to a virtual machine and not depend on pfSense
Im not sure howcome it works on HA proxy and not on NGINX

Hi

I was wondering if someone could shed some light on the issue im having,

Currently i have working great NGINX as reverse proxy for my IIS

Im trying to get working the Strict-Transport-Security, X-Frame-Options, X-Content-Type-Options working my NGINX but it keeps showing that its not getting applied when i check

https://securityheaders.com

#        listen 80;
   listen 443 ssl;
 server_name  sub.domain.com;

  ssl_certificate /etc/letsencrypt/live/sub.domain.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/sub.domain.com/privkey.pem;
        ssl_dhparam /etc/ssl/certs/dhparam.pem;
        ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
        ssl_session_timeout 1d;
        ssl_session_cache shared:SSL:50m;
        ssl_stapling on;
       ssl_stapling_verify on;

## security headers
# Block loading in an iFrame
add_header X-Frame-Options SAMEORIGIN;
# Enforce HTTPS
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
# Blocks hidden malicious scripts
add_header X-Content-Type-Options nosniff;
# Stops scripts from unknown sources
add_header X-XSS-Protection "1; mode=block";
# Content security policy
add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
# Referal policy
add_header Referrer-Policy "origin-when-cross-origin" always;
# permision policy
add_header Feature-Policy "camera 'none'; microphone 'none'; geolocation 'none'" always;
add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always;

        location ~ /.well-known {
        root /var/www/letsencrypt;
        allow all;
    }
        location / {

               proxy_pass http://192.168.3.211:8096/;

#                headers setting

                proxy_set_header Host $host;

                proxy_set_header X-Real-IP $remote_addr;

                proxy_set_header X-Forwarded-For $remote_addr;

                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header X-Client-IP $remote_addr;

                }

        }

im going to assume

proxy_set_header Host $host; is what shows the header of the IIS?

Thank you

@pete-s yeah i guess im going to have to do that, it just bugs me that NGINX wont pass though the real IP

@pete-s
correct, whats odd is that it works perfectly fine on HA proxy on pfSense its just that i want to move better to a virtual machine and not depend on pfSense
Im not sure howcome it works on HA proxy and not on NGINX

@scottalanmiller
so in my case how would i solve this issue so the backend can see the real IP?

@scottalanmiller
Thanks for the reply, correct i was using before HAproxy on pfSense to do the TLS passthough but moving to NGINX as this server is later on going to manage all the SSL but because i need to migrate exactly the same way i have it currently as HAproxy

but i have configured to pass though but not passing the real IP

Hi

I was wondering if someone could shed some light on the issue im having,

Currently im testing out to TLS pass though to my zimbra server as the SSL has to be in the zimbra server and another wordpress site which also has the SSL

the setup would this this

INTERNET--------NGINX PROXY-------ZIMBRA and ------WORDPRESS SITE

I successfully configured the nginx proxy to TLS passthough but i checked the logs and it seems that not passing the real IP to zimbra or to wordpress

But couldn't figure it out because it wont let me send the proxy headers because im using the TLS passthough

this is the config

root@bunker:~# cat /etc/nginx/modules-enabled/passtru.conf
stream {

        map $ssl_preread_server_name $name {

       wordpress.domain.co wordpress;
        mail.domain.co zimbra;
        default https_default_backend;
    }

    upstream wordpress {
        server 192.168.7.35:443;
    }

    upstream zimbra {
        server 192.168.7.245:443;
    }
log_format basic '$remote_addr [$time_local] '
             '$protocol $status $bytes_sent $bytes_received '
             '$session_time "$upstream_addr" '
             '"$upstream_bytes_sent" "$upstream_bytes_received"
              "$upstream_connect_time"';

access_log /var/log/nginx/access.log basic;
error_log  /var/log/nginx/error.log;

    server {
        listen 443;
        proxy_pass $name;
        proxy_bind $name transparent;
        ssl_preread on;
    }
}

@dbeato the filter moves any subject that has SPAM to the folder junk which adds to all the domains instead of one by one

@gjacobse

why dont you just import it directly?

qm importdisk 100 DietPi_VMware-x86_64-Buster.vmdk zfs-vmdata

this case im running ZFS just change the zfs-vmdata to your lvm location

Hi
I was wondering if its possible what im trying to do, I want to send an email automatically every day to all the users and new users when created automatically. Im not sure if its done though zimbra or though postfix?
any ideas
Thank you

This is what i have so far, currently i have to add the email manually in the addresses.txt and could not figure out how to add the subject
if someone else has a better idea how to modify the script by all means

#!/bin/sh
SENDER="sistemas@mydomain"
ADDRESSFILE="/root/addresses.txt"
SENDMAIL="/usr/sbin/sendmail"

for RECIPIENT in $(cat ${ADDRESSFILE}); do

cat <<EOF | ${SENDMAIL} -i -f "${SENDER}" "${RECIPIENT}"

Hello User,
this is a reminder
EOF

@scottalanmiller
found out how to do it

first enable headers

zmprov mc default zimbraSieveEditHeaderEnabled TRUE

then create filter

cat /tmp/myfilters

require ["fileinto", "reject", "tag", "flag", "editheader"];

#Filter email based on a subject
if header :contains "Subject" [
  "SPAM"
  ]
{
    fileinto "Junk";
    stop;
}

then copy the sieve filters

cat /tmp/myfilters |xargs -0 zmprov md domain.com zimbraAdminSieveScriptBefore

and it works