Skip to main content

Instalation or update

It is necessary to have ZI-LicenseSystem already installed in the system prior to installation any other ZI-* zimlet. Check here: ZI-LicenseSystem - Installation or update

Download the latest version of the zimlet package from https://www.intalio.pl/en/zi-access-downloads and unpack it in /tmp (as root):

cd /tmp
wget https://www.intalio.pl/sites/default/files/modules-files/zi-access-1.9-zimbra9.tar_.gz
tar xvzf zi-access-1.9-zimbra9.tar_.gz

Run installation script (as root):

cd ./ZI-Access-1.9-Zimbra9/
perl ./ZI-Installer --install-deps

At the beginning required perl packages will be installed if they are not available in the system already:

image-1662460986477.png

Answer: Y and wait until package manager finishes its work:

image-1662461747823.png

image-1662461532014.png

Type: Y and press Enter

image-1662461803898.png

When the deployment process is done you will be asked to provide login and password that you can find in the license documents you received from us:

image-1662461878009.png

Choose the license number (usually you will see only one option), press Enter, verify that the details are correct and proceed by answering Y

image-1662462073054.png

Your license will be dowloaded and activated. In the last step you will be asked to restart mailbox service. You can skip it (answer: N) and restart mailbox service manually later but until that zimlet will not work properly.

If you are going to install another zimlet right after this one it's not necessary to restart mailbox at this point and you can do it only once after installing the last one.

image-1662462330191.png

After the mailbox restart, zimlet should be installed. To check it, login on to the Administration Console of your ZCS Server and navigate to Tools and Migration > ZI-LicenseSystem where you can find details about granted licenses or Tools and Migration > ZI-Access where you can setup your zimlet.

image-1662462684070.png

Necessary Zimbra configuration

Originating IP

In a multi-server environment, or any environment running a proxy, the mailboxd server may only log the IP of the connecting proxy instead of the real client IP.

For example:

2022-09-06 15:21:29,972 INFO  [qtp192881625-932://localhost:8080/service/soap/BatchRequest] [name=admin@foss9lab.int.intalio.pl;oip=172.17.0.147;ua=zclient/9.0.0_GA_4373;soapId=7e375894;] account - Authentication successful for user: admin@foss9lab.int.intalio.pl

In such case ZI-Access will not work. 

To solve this we have to define the Trusted IPs of your internal nginx proxies, so that the mailstores will instead capture the data on the originating IP from the HTTP traffic. By default, the zimbraMailTrustedIP is empty:

zmprov gcf zimbraMailTrustedIP

By adding your nginx proxy addresses (as seen by the mailstores) to this attribute, it should then log appropriately. For example, if there are two nginx proxies 10.11.12.1 and 10.11.12.2:

zmprov mcf +zimbraMailTrustedIP 10.11.12.1 +zimbraMailTrustedIP 10.11.12.2

Please note here too, if you are running nginx on the same node as the mailstore, you will need to add both 127.0.0.1 and the real address of that node:

zmprov mcf +zimbraMailTrustedIP 127.0.0.1 +zimbraMailTrustedIP 10.11.12.13

Then restart mailboxd

zmmailboxdctl restart

And check /opt/zimbra/log/mailbox.log to find out that now "oip=" presents the real client IP address

2022-09-06 15:56:50,653 INFO  [qtp192881625-128://localhost:8080/service/soap/BatchRequest] [name=admin@foss9lab.int.intalio.pl;oip=172.17.0.140;ua=zclient/9.0.0_GA_4373;soapId=6fbb7960;] account - Authentication successful for user: admin@foss9lab.int.intalio.pl

reCaptcha

Back to top