<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>In reply on the topic Zimbra and SELinux,</p>
<p>I have ran Zimbra on SELinux in Enforced mode on CentOS 7 for
years without any issues. But I have since moved on to Ubuntu...<br>
<br>
However if you look at how Zimbra runs using `ps auxZ` and the
file permissions using `ls -halZ`you will notice that Zimbra runs
in <i>unconfined</i> mode. This means that Zimbra is not
protected by any SELinux policy and Zimbra can do whatever it
wants even if SELinux is in enforced mode it will not do anything!<br>
</p>
<p>In practice this means that if you enable SELinux you get some
protection against security issues in packages and software that
are installed and provided via the distribution. For example sshd?
Needless to say that most attack vectors will not be covered this
way. So this means you will need to install security updates and
patches as soon as they are available.<br>
</p>
<p>The next question from a sysadmin perspective would be: is it
worth it to enable SELinux? This will depend largely if you run
other software on the Zimbra server as well (which you should not)
and if you can afford down-time if SELinux causes something to
stop working unintentional. It is a hard question to answer, and
it almost does not matter. Many more things make more sense, like
installing a host firewall, checking what processes listen on what
ports. Disable ssh password authentication, disable smtp
authentication on port 25 install fail2ban, install monitoring on
failed imap and other login's, having a lock-out policy etc...
etc.... having a centralized logging server. Having rate
limiting...<br>
</p>
<p>So if Zimbra gets implemented with a real SELinux policy (or if
you are crazy enough to define one) then enabling it will bring
more security. For now it will only bring minimal added security,
but it comes with a small chance of SELinux breaking Zimbra.</p>
<p>one more thing...<br>
</p>
<p>I have noticed that during updates of CentOS (and Fedora), the
maintainers seem to have a hard time keeping SELinux going, I have
seen all sorts of scripts being fired to set/reset new permissions
to deal with changes on SELinux. These scripts can take a LONG
time to complete as they iterate through all files and folders. If
you have a large number of files/folders on your system this can
become an annoyance and cause the system to slow down, or take a
long time to boot the system. Also updates in SELinux and its
policies can and <b>will break custom policies</b> that a
sysadmin should define if running software that is not provided by
the distro. <br>
<br>
This and the fact that there are almost no documented cases on the
Internet where SELinux actually prevented a bad thing from
happening made me decide to disable it on servers with custom
software. In most other cases I just left it on enforced.<br>
</p>
<p>If someone else has any thoughts on this, I'd like to hear it!</p>
<p><br>
</p>
<p> Regards, Barry</p>
<p><br>
</p>
<p><br>
</p>
<div class="moz-cite-prefix">On 4/12/21 10:08 PM, Randy Leiker
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:2082734171.417470.1618258110320.JavaMail.zimbra@skywaynetworks.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div id="zimbraEditorContainer" style="font-family: arial,
helvetica, sans-serif; font-size: 12pt; color: #000000"
class="2">
<div>
<!--StartFragment-->
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>Hello Zeta Alliance Community,<br>
<br>
Here is a summary of this week’s
conference call. A few brief
reminders:<br>
</div>
<ul>
<li>Conference calls are every <span
class="Object"
id="OBJ_PREFIX_DWT2133_com_zimbra_date"><span
class="Object"
id="OBJ_PREFIX_DWT2152_com_zimbra_date"><span
class="Object"
id="OBJ_PREFIX_DWT4259_com_zimbra_date"><span
class="Object"
id="OBJ_PREFIX_DWT4274_com_zimbra_date"><span
class="Object"
id="OBJ_PREFIX_DWT2284_com_zimbra_date"><span
class="Object"
id="OBJ_PREFIX_DWT2295_com_zimbra_date"><span
class="Object"
id="OBJ_PREFIX_DWT3487_com_zimbra_date"><span
class="Object"
id="OBJ_PREFIX_DWT3499_com_zimbra_date"><span
class="Object"
id="OBJ_PREFIX_DWT3936_com_zimbra_date"><span
class="Object"
id="OBJ_PREFIX_DWT3952_com_zimbra_date"><span
class="Object"
id="OBJ_PREFIX_DWT412_com_zimbra_date"><span class="Object"
id="OBJ_PREFIX_DWT426_com_zimbra_date"><span
class="Object"
id="OBJ_PREFIX_DWT3694_com_zimbra_date"><span class="Object"
id="OBJ_PREFIX_DWT3715_com_zimbra_date"><span
class="Object"
id="OBJ_PREFIX_DWT275_com_zimbra_date"><span class="Object"
id="OBJ_PREFIX_DWT298_com_zimbra_date"><span
class="Object"
id="OBJ_PREFIX_DWT149_com_zimbra_date"><span class="Object"
id="OBJ_PREFIX_DWT167_com_zimbra_date"><span
class="Object"
id="OBJ_PREFIX_DWT959_com_zimbra_date"><span class="Object"
id="OBJ_PREFIX_DWT977_com_zimbra_date"><span
class="Object"
id="OBJ_PREFIX_DWT2348_com_zimbra_date"><span class="Object"
id="OBJ_PREFIX_DWT2361_com_zimbra_date"><span
class="Object"
id="OBJ_PREFIX_DWT1883_com_zimbra_date"><span class="Object"
id="OBJ_PREFIX_DWT1906_com_zimbra_date"><span
class="Object"
id="OBJ_PREFIX_DWT5418_com_zimbra_date"><span class="Object"
id="OBJ_PREFIX_DWT5433_com_zimbra_date"><span
class="Object"
id="OBJ_PREFIX_DWT5531_com_zimbra_date"><span class="Object"
id="OBJ_PREFIX_DWT5551_com_zimbra_date"><span
class="Object"
id="OBJ_PREFIX_DWT283_com_zimbra_date"><span class="Object"
id="OBJ_PREFIX_DWT303_com_zimbra_date"><span
class="Object"
id="OBJ_PREFIX_DWT414_com_zimbra_date"><span class="Object"
id="OBJ_PREFIX_DWT429_com_zimbra_date"><span
class="Object"
id="OBJ_PREFIX_DWT1004_com_zimbra_date"><span class="Object"
id="OBJ_PREFIX_DWT1016_com_zimbra_date"><span
class="Object"
id="OBJ_PREFIX_DWT2517_com_zimbra_date"><span class="Object"
id="OBJ_PREFIX_DWT2537_com_zimbra_date"><span
class="Object"
id="OBJ_PREFIX_DWT1554_com_zimbra_date"><span class="Object"
id="OBJ_PREFIX_DWT1568_com_zimbra_date"><span
class="Object"
id="OBJ_PREFIX_DWT1346_com_zimbra_date"><span class="Object"
id="OBJ_PREFIX_DWT1358_com_zimbra_date"><span
class="Object"
id="OBJ_PREFIX_DWT826_com_zimbra_date"><span class="Object"
id="OBJ_PREFIX_DWT844_com_zimbra_date"><span
class="Object"
id="OBJ_PREFIX_DWT1357_com_zimbra_date"><span class="Object"
id="OBJ_PREFIX_DWT1379_com_zimbra_date"><span
class="Object"
id="OBJ_PREFIX_DWT1146_com_zimbra_date"><span class="Object"
id="OBJ_PREFIX_DWT1159_com_zimbra_date"><span
class="Object"
id="OBJ_PREFIX_DWT1355_com_zimbra_date"><span class="Object"
id="OBJ_PREFIX_DWT1368_com_zimbra_date"><span
class="Object"
id="OBJ_PREFIX_DWT1481_com_zimbra_date"><span class="Object"
id="OBJ_PREFIX_DWT1496_com_zimbra_date"><span
class="Object"
id="OBJ_PREFIX_DWT2668_com_zimbra_date"><span class="Object"
id="OBJ_PREFIX_DWT2679_com_zimbra_date"><span
class="Object"
id="OBJ_PREFIX_DWT1781_com_zimbra_date"><span class="Object"
id="OBJ_PREFIX_DWT1807_com_zimbra_date"><span
class="Object"
id="OBJ_PREFIX_DWT6180_com_zimbra_date"><span class="Object"
id="OBJ_PREFIX_DWT6204_com_zimbra_date"><span
class="Object"
id="OBJ_PREFIX_DWT869_com_zimbra_date"><span class="Object"
id="OBJ_PREFIX_DWT884_com_zimbra_date"><span
class="Object"
id="OBJ_PREFIX_DWT2774_com_zimbra_date"><span class="Object"
id="OBJ_PREFIX_DWT2790_com_zimbra_date"><span
class="Object"
id="OBJ_PREFIX_DWT2398_com_zimbra_date"><span class="Object"
id="OBJ_PREFIX_DWT2413_com_zimbra_date"><span
class="Object"
id="OBJ_PREFIX_DWT2510_com_zimbra_date"><span class="Object"
id="OBJ_PREFIX_DWT2533_com_zimbra_date"><span
class="Object"
id="OBJ_PREFIX_DWT2631_com_zimbra_date"><span class="Object"
id="OBJ_PREFIX_DWT2646_com_zimbra_date"><span
class="Object"
id="OBJ_PREFIX_DWT6018_com_zimbra_date"><span class="Object"
id="OBJ_PREFIX_DWT6037_com_zimbra_date"><span
class="Object"
id="OBJ_PREFIX_DWT4431_com_zimbra_date"><span class="Object"
id="OBJ_PREFIX_DWT4445_com_zimbra_date"><span
class="Object"
id="OBJ_PREFIX_DWT2540_com_zimbra_date"><span class="Object"
id="OBJ_PREFIX_DWT2557_com_zimbra_date"><span
class="Object"
id="OBJ_PREFIX_DWT94_com_zimbra_date"><span class="Object"
id="OBJ_PREFIX_DWT110_com_zimbra_date"><span
class="Object"
id="OBJ_PREFIX_DWT1182_com_zimbra_date"><span class="Object"
id="OBJ_PREFIX_DWT1199_com_zimbra_date"><span
class="Object"
role="link"
id="OBJ_PREFIX_DWT3270_com_zimbra_date"><span
class="Object"
role="link"
id="OBJ_PREFIX_DWT3285_com_zimbra_date">Tuesday</span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span>
and open to all using either the
FreeConferenceCall.com VoIP app or
via a dial-in number: <span
class="Object"
id="OBJ_PREFIX_DWT2134_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT2153_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT4260_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT4275_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT2285_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT2296_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT3488_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT3500_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT3937_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT3953_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT413_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT427_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT3695_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT3716_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT276_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT299_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT150_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT168_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT960_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT978_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT2349_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT2362_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT1884_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT1907_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT5419_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT5434_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT5532_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT5552_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT284_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT304_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT415_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT430_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT1005_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT1017_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT2518_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT2538_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT1555_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT1569_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT1347_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT1359_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT827_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT845_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT1358_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT1380_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT1147_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT1160_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT1356_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT1369_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT1482_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT1497_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT2669_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT2680_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT1782_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT1808_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT6181_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT6205_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT870_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT885_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT2775_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT2791_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT2399_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT2414_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT2511_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT2534_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT2632_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT2647_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT6019_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT6038_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT4432_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT4446_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT2541_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT2558_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT95_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT111_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT1183_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT1200_com_zimbra_url"><span
class="Object"
role="link"
id="OBJ_PREFIX_DWT3271_com_zimbra_url"><span
class="Object"
role="link"
id="OBJ_PREFIX_DWT3286_com_zimbra_url"><a
href="https://www.freeconferencecall.com/wall/zetalliance" rel="nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer"
target="_blank"
data-mce-href="https://www.freeconferencecall.com/wall/zetalliance"
moz-do-not-send="true">https://www.freeconferencecall.com/wall/zetalliance</a></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span><br>
</li>
<li>Each week’s call agenda can be
found at: <span style="color:
#000080;" data-mce-style="color:
#000080;"><span
style="font-family: 'arial',
sans-serif;"
data-mce-style="font-family:
'arial', sans-serif;"><span
style="font-size: medium;"
data-mce-style="font-size:
medium;"><span lang="zxx"><u><span
class="Object"
role="link"
id="OBJ_PREFIX_DWT3272_com_zimbra_url"><span
class="Object"
role="link"
id="OBJ_PREFIX_DWT3287_com_zimbra_url"><a
target="_blank"
href="https://drive.google.com/drive/folders/1xDyBJFjnfZYxuXJHiDzsXjjMuGGtIl7J"
rel="noopener"
data-mce-href="https://drive.google.com/drive/folders/1xDyBJFjnfZYxuXJHiDzsXjjMuGGtIl7J"
moz-do-not-send="true">https://drive.google.com/drive/folders/1xDyBJFjnfZYxuXJHiDzsXjjMuGGtIl7J</a></span></span></u></span></span></span></span><br>
</li>
<li>A copy of each week’s summary is
also posted to the Zimbra Forums:<br>
<span class="Object"></span>
<ul>
<li><span class="Object">All Prior
Months: <span class="Object"
id="OBJ_PREFIX_DWT829_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT847_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT1360_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT1382_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT1149_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT1162_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT1358_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT1371_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT1484_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT1499_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT2671_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT2682_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT1784_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT1810_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT6183_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT6207_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT872_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT887_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT2777_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT2793_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT2401_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT2416_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT2513_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT2536_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT2634_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT2649_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT6021_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT6040_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT4434_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT4448_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT2543_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT2560_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT97_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT113_com_zimbra_url"><span class="Object"
id="OBJ_PREFIX_DWT1185_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT1202_com_zimbra_url"><span class="Object" role="link"
id="OBJ_PREFIX_DWT3273_com_zimbra_url"><span class="Object" role="link"
id="OBJ_PREFIX_DWT3288_com_zimbra_url"><a
href="https://forums.zimbra.org/viewforum.php?f=9"
rel="nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer"
target="_blank"
data-mce-href="https://forums.zimbra.org/viewforum.php?f=9"
moz-do-not-send="true">https://forums.zimbra.org/viewforum.php?f=9</a></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span><br>
</span></li>
<li><span style="font-family:
'arial', sans-serif;"
data-mce-style="font-family:
'arial', sans-serif;"><span
style="font-size: medium;"
data-mce-style="font-size:
medium;"><span lang="zxx"><span
class="Object"><span
class="Object"
id="OBJ_PREFIX_DWT100_com_zimbra_date"><span
class="Object"
id="OBJ_PREFIX_DWT116_com_zimbra_date"><span
class="Object"
id="OBJ_PREFIX_DWT1188_com_zimbra_date"><span
class="Object"
id="OBJ_PREFIX_DWT1205_com_zimbra_date"><span
class="Object"
role="link"
id="OBJ_PREFIX_DWT3276_com_zimbra_date"><span
class="Object"
role="link"
id="OBJ_PREFIX_DWT3291_com_zimbra_date">January
2021</span></span></span></span></span></span>:
<span class="Object"
id="OBJ_PREFIX_DWT101_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT117_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT1189_com_zimbra_url"><span
class="Object"
id="OBJ_PREFIX_DWT1206_com_zimbra_url"><span
class="Object"
role="link"
id="OBJ_PREFIX_DWT3277_com_zimbra_url"><span
class="Object"
role="link"
id="OBJ_PREFIX_DWT3292_com_zimbra_url"><a
href="https://forums.zimbra.org/viewtopic.php?f=9&t=69121"
rel="nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer
nofollow
noopener
noreferrer"
target="_blank"
data-mce-href="https://forums.zimbra.org/viewtopic.php?f=9&t=69121"
moz-do-not-send="true">https://forums.zimbra.org/viewtopic.php?f=9&t=69121</a></span></span></span></span></span></span><br>
</span></span></span></span></li>
<li><span style="font-family:
'arial', sans-serif;"
data-mce-style="font-family:
'arial', sans-serif;"><span
style="font-size: medium;"
data-mce-style="font-size:
medium;"><span lang="zxx"><span
class="Object">February
2021: <a
href="https://forums.zimbra.org/viewtopic.php?f=9&t=69470"
moz-do-not-send="true">https://forums.zimbra.org/viewtopic.php?f=9&t=69470</a><br
data-mce-bogus="1">
</span></span></span></span></li>
</ul>
</li>
<li>Constructive feedback on these
call summaries is always welcome.</li>
</ul>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<!--EndFragment--> </div>
<div><br data-mce-bogus="1">
</div>
<div>February 2, 2021<br>
<br>
<strong>Using Centralized Storage In Zimbra</strong><br>
Mark S. asked if anyone has implemented the Centralized
Storage ( <a
href="https://zimbra.github.io/adminguide/latest/#centralized-storage"
moz-do-not-send="true">https://zimbra.github.io/adminguide/latest/#centralized-storage</a>
) feature in Zimbra? This allows for storing mailboxes from
multiple Zimbra mail stores within the same directory
structure on an S3 storage volume (AWS S3, Ceph, etc.). Cine
commented that Centralized Storage speeds up mailbox moves
between Zimbra mailbox servers considerably. John E. added
that when using object storage (Centralized Storage), it uses
a single name space for blob storage, that during a mailbox
move, will then move only the mailbox meta data, so few
mailbox blobs move at all. Mark S. asked if he has a single
AWS S3 bucket with two name spaces, where all of his mailboxes
are stored, and he performs a mailbox move, are mailbox blobs
still moving? Cine said in that instance, yes, all mailbox
blobs will still need to be moved between name spaces, but if
he switches to using Centralized Storage under a single name
space in his AWS bucket, then most mailbox blobs will not need
to be moved – only the meta data. Noah P. asked if he has a
primary Zimbra mailbox server volume on-site, and a secondary
volume on an AWS S3 bucket, does Centralized Storage still
work? Cine confirmed it does. Mark S. asked if using a
Zimbra HSM policy that moves email older than 4 weeks to a
secondary volume, when using Centralized Storage, would this
mean that only the most recent 4 weeks of mailbox blobs move?
Cine confirmed this is correct and that customers he has
worked with who use an aggressive HSM policy of keeping only
3-7 days of email in their primary volume on-site with all
older items moved to a secondary volume, when combined with
Centralized Storage, mailbox moves are very fast.<br>
<br>
<strong>Zimbra Disaster Recovery (DR) Restores</strong><br>
Mark S. asked, when restoring a Zimbra mailbox server that has
suddenly failed in a DR situation, what is the recommended way
to do a restore? Cine suggested using the Zextras Raw Restore
feature ( <a
href="https://zimbra.github.io/adminguide/latest/#raw-restore"
moz-do-not-send="true">https://zimbra.github.io/adminguide/latest/#raw-restore</a>
), which is designed for DR use only. Mark S. asked if he has
two mailbox servers, Server 1 and Server 2, and Server 1
fails, should he build Server 3 as the replacement using the
raw restore feature, and if so, does the Raw Restore feature
also update the Zimbra mailbox transport setting for each
mailbox from the failed server, so the Zimbra MTAs (Postfix)
knows the new location of each mailbox? Cine said that it is
not necessary to create a new server name, as the failed
server name can be re-used. Cine suggested referring to the
Raw Restore documentation section that discusses “Running A
Raw Restore” and “Usage Scenarios”. Mark S. commented that he
is trying to save money on storage at AWS by putting as much
on S3 storage as he can, but this has the consequence of also
shortening his Recovery Point Objective during a DR incident.<br>
<br>
<strong>Migrating Mailboxes From Exchange To Zimbra</strong><br>
Marc G. said he has a customer doing a migration from
Microsoft Exchange to Zimbra and asked for suggestions on the
best mailbox migration tool to use. Mark S. suggested taking
a look at BitTitan ( <a href="https://www.bittitan.com/"
moz-do-not-send="true">https://www.bittitan.com/</a> ). He
added that BitTitan supports bi-directional transfers that can
migrate email, contacts, calendars, etc. It also works well
for migrating Office 365 tenants between accounts, since it is
aware of things like Microsoft Teams. This helps in scenarios
where a parent company is spinning off a subsidiary company in
to their own Office 365 account.<br>
<br>
<strong>Zimbra and SELinux</strong><br>
Matthew F. said he is building new Zimbra servers and wondered
if there has been any changes to earlier recommendations to
avoid running Zimbra with SELinux in enforcing mode. Mark S.
said he disables SELinux on his Zimbra servers and Randy L.
said he runs SELinux in permissive mode on his Zimbra servers.<br>
<br>
<strong>Obtaining Status Updates For a Bugzilla Pull Request</strong><br>
Cine asked for suggestions on the best option to request a
status update of a Bugzilla pull request for the Zimbra Open
Source Edition. John H. said that bug updates are only
available through the Zimbra Support Portal at present. Mark
S. commented that open source Zimbra users can buy support, so
they can then gain access to the Support Portal. He also
commented that when he sees Zimbra Forum users post issues
that he knows affect Zimbra Network Edition, he has opened
support cases in the past referencing those Forum posts. Cine
said he has a friend that has found a memory leak bug in the
Nginx version included in Zimbra, and has submitted a pull
request to fix it. John H. suggested that Cine’s friend take
a look at the beta version of Nginx which jumps from Nginx
1.18 to 1.9. John E. suggested that if Cine’s friend posts
comments in the pull request, this may also help draw more
attention to it. John H. added that for anyone willing to
install the beta version of Nginx and OpenSSL, Zimbra is
willing to provide support. If installing the beta version,
he suggested opening a support case to give Zimbra Support a
heads up and mention John Hurley’s name. Nginx has only two
bugs that need to be resolved before it comes out of beta:
ZBUG-2098 and ZBUG-2099, related to an issue with an HTTP/2
configuration file, and a second issue related to some buggy
code that causes Nginx to crash.<br>
<br>
<strong>Zimbra Suite Plus Road Map</strong><br>
Mark S. asked if anyone had heard about updates for the Zimbra
Suite Plus road map. He said he has a prospective customer
interested in Zimbra Suite Plus since they want basic
mailboxes with mobile sync support. The customer is also
interested in Zimbra Connect, but there does not seem to be a
way to add it to Zimbra Suite Plus. No one had any updates to
share and Cine said that it is correct that Zimbra Connect is
not currently available with Zimbra Suite Plus.<br
data-mce-bogus="1">
</div>
<div><br data-mce-bogus="1">
</div>
<div data-marker="__SIG_PRE__">
<div>
<div>
<div><span style="color:rgb( 255 , 102 , 0
);font-weight:bold"><br>
Randy Leiker (</span><span style="font-weight:bold"> <span
style="color:rgb( 51 , 51 , 255
);background-color:rgb( 255 , 255 , 255 )"><a class="moz-txt-link-abbreviated" href="mailto:randy@skywaynetworks.com">randy@skywaynetworks.com</a></span>
<span style="color:rgb( 255 , 102 , 0 )">)</span></span><br>
<span style="color:rgb( 0 , 0 , 153 )">Skyway Networks,
LLC</span><br>
<br>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</body>
</html>