zimbra-management/README.md

# zimbra-management

Zimbra management and monitoring utils.

* [`zimbra-man.sh`](https://git.hmp.today/pavel.muhortov/zimbra-management#zimbra-man-sh)

____

## `zimbra-man`.sh

**Description:**  
> Print length of all zimbra queues or letsencrypt update certificate procedure.

**Dependencies:**  
>
> * privileged rights
> * [zimbra zmcontrol, zmqstat, zmcertmgr](https://www.zimbra.com/) (tested version 8.8.15 on [CentOS 7](https://wiki.centos.org/Manuals/ReleaseNotes/CentOS7.2009))
> * [cerbot](https://certbot.eff.org/) (tested version 2.5.0 on [CentOS 7](https://wiki.centos.org/Manuals/ReleaseNotes/CentOS7.2009))
> * [cert-info.sh](https://git.hmp.today/pavel.muhortov/utils#cert-info-sh)
> * [Python 3](https://www.python.org/downloads/) (tested version 3.9.5 on [CentOS 7](https://wiki.centos.org/Manuals/ReleaseNotes/CentOS7.2009))
> * [sendmail.py](https://git.hmp.today/pavel.muhortov/utils#sendmail-py)

|  POSITION | PARAMETERS   |       DESCRIPTION      |    DEFAULT    |
|-----------|--------------|------------------------|---------------|
|     1     |**[qn]**|execution without pauses||
|     2     |**que**|print length of all zimbra queues|`None`|
|     2     |**svc**|print number of stopped services|`None`|
|     2     |**ssl**|letsencrypt certificate update procedure|`None`|
|     3     |**[/path/to/conf]**|custom configuration file path|`./zimbra-man.conf`|

### Renew certificate by crontab

The first issue of the certificate must be done manually, because you need to answer letsencrypt questions.

```bash
# define first certificate
certfirst=mail.domain.zone

# stop zimbra
sudo su - zimbra -c "/opt/zimbra/bin/zmcontrol stop"

# add additional hostnames, issue certificate and download chain
sudo certbot certonly --standalone --email mail@domain.zone --preferred-chain "ISRG Root X1" --key-type rsa --rsa-key-size 2048 -d "${certfirst}" -d smtp.domain.zone -d pop3.domain.zone -d imap.domain.zone
sudo sh -c "wget -O - https://letsencrypt.org/certs/isrgrootx1.pem.txt --no-check-certificate >> /etc/letsencrypt/live/${certfirst}/chain.pem"

# start zimbra
sudo su - zimbra -c "/opt/zimbra/bin/zmcontrol start"

# copy certificate, define files permission
sudo cp "/etc/letsencrypt/live/${certfirst}/privkey.pem" /opt/zimbra/ssl/zimbra/commercial/commercial.key
sudo cp "/etc/letsencrypt/live/${certfirst}/chain.pem" /opt/zimbra/ssl/zimbra/commercial/chain.pem
sudo cp "/etc/letsencrypt/live/${certfirst}/cert.pem" /opt/zimbra/ssl/zimbra/commercial/cert.pem
sudo chown -R zimbra:zimbra /opt/zimbra/ssl/zimbra/commercial/

# deploy certificate
sudo su - zimbra -c "/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/zimbra/ssl/zimbra/commercial/cert.pem /opt/zimbra/ssl/zimbra/commercial/chain.pem"
sudo su - zimbra -c "/opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/ssl/zimbra/commercial/cert.pem /opt/zimbra/ssl/zimbra/commercial/chain.pem"

# restart zimbra
sudo su - zimbra -c "/opt/zimbra/bin/zmcontrol restart"
```

When the certificate issued, renew certificate is possible by crontab.

```bash
# download
sudo wget https://git.hmp.today/pavel.muhortov/zimbra-management/raw/branch/master/zimbra-man.sh -O /usr/local/bin/zimbra-man.sh
sudo chmod +x /usr/local/bin/zimbra-man.sh
```

```bash
# edit config
sudo tee /usr/local/bin/zimbra-man.conf > /dev/null <<'EOF'
logs=/var/log/zimbra-man.log
python3=/usr/local/opt/python-3.9/bin/python3.9
sendemail=/usr/local/bin/sendmail.py
confemail=/usr/local/bin/sendmail.config
certcheck=/usr/local/bin/cert-info.sh
certfirst=mail.domain.zone
certalias=smtp.domain.zone pop3.domain.zone imap.domain.zone
certemail=mail@domain.zone
EOF
```

```bash
# sudo sh -c "EDITOR=nano crontab -e"
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
0 0 * * 1 bash /usr/local/bin/zimbra-man.sh qn ssl >> /dev/null 2>&1
```

```bash
# check journal
tail -f -n 50 /var/log/zimbra-man.log
```

### Print length of all zimbra queues

```bash
sudo /usr/local/bin/zimbra-man.sh - que
```