Activesync with Z-Push

[fenice2]

Any plans to add z-push to these builds, I currently use ZeXtras but z-push is quite a mature product and one of the developers (Liverpoolfcfan) is (or was?) a Zimbra user.

[derritter88]

I am also using Z-Push with Zimbra backend - would be interessting as I am stuck with Zimbra FOSS 8.8.15

[beezim-oss]

Hi, I agree, a z-push integration is a good idea. I'm concerned on 2 subjects with this :

• Active Sync licence, I discussed that with the kopano guys at Fosdem but I don't remember exactly in which condition it is possible to use and distribute tools implementing ActiveSync. If someone have more informations on this, I'll appreciate.
• Scalability, based on our experience zpush should be on a separate host and need to be patched to address Store directly any large scale architecture feedback appreciated (no more that 5k users architecture with zpush for me, far more with Zimbra mobile)

[derritter88]

Hi, I agree, a z-push integration is a good idea. I'm concerned on 2 subjects with this :

* Active Sync licence, I discussed that with the kopano guys at Fosdem but I don't remember exactly in which condition it is possible to use and distribute tools implementing ActiveSync. If someone have more informations on this, I'll appreciate.

* Scalability, based on our experience zpush should be on a separate host and need to be patched to address Store directly  any large scale architecture feedback appreciated (no more that 5k users architecture with zpush for me, far more with Zimbra mobile)

Regarding your 1st topic: I found a file called "TRADEMARK" at the Z-Push folder on my mail server: TRADEMARKS.txt

(Just added .txt to have it easier opened).

Regarding your 2nd topic: I am using Z-Push on my mail server together via Zimbra without any performance issues. But I just have 4 users.

[adriangibanelbtactic]

1) The z-push license seems to be Affero GPL v3. Zimbra is mainly GPL v2 so I'm not sure it can be distributed under the same package as z-push. Maybe as a separated package that needs to be downloaded.

2) I've always thought of integrating z-push into Zimbra as the aspell package. Using builtin apache server that listens at 7780 you can serve the same phps as an external z-push server.

Then the nginx proxy configuration is modified so that the /Microsoft-ActiveSync-Server path points to the localhost:7780/z-push/ path .

3) Finally two improvements on z-push would be nice:

• Tweak z-push so that it can query zimbra ldap (or zimbra mailbox) to know if an account has not or not enabled the Sync permissions (Whatever zimbra attribute is used right now for enabling Mobile sync) on NE/NG.
• Being able to enforce a 15 minute between activesync client queries to Zimbra. If the activesync client queries every 1 minute for new messages z-push should always answer: "No new items to sync" till 15 minutes have passed. That way you can avoid mailbox being queried too many times.

[derritter88]

Hi @adriangibanelbtactic ,

ad 2) I am running Z-Push via Apache2 on port 7800 and configured Zimbra NGINX to forward everything with "/Microsoft-Server-ActiveSync" to forward to my Apache2.

ad 3.1) There is a dedicated backend tool for Z-Push -> https://sourceforge.net/projects/zimbrabackend/

I am using this and everything works find without any problems.

[beezim-oss]

Licence

@derritter88 @adriangibanelbtactic about licence, my question in more about ActiveSync protocom implementation that required to buy a licence from Microsoft AFAIK.

integration

I'd rather implement it as php-fpm but this is a minor change.

We can do a first implementation as a Beta for mono server and see where we can go from here.

And to do it nicely, we may want to implement it as a docker to prepare for zimbra FOSS 9+ that will be container based :)

[adriangibanelbtactic]

Hi @adriangibanelbtactic ,

ad 2) I am running Z-Push via Apache2 on port 7800 and configured Zimbra NGINX to forward everything with "/Microsoft-Server-ActiveSync" to forward to my Apache2.

That's not what an average sysadmin user of Zimbra expects. You should be able to select "Z-Push activesync" in your installation and that puts some files under /opt/zimbra/z-push/ (or whatever makes sense under the new Zimbra file path arrangement that they have right now).

ad 3.1) There is a dedicated backend tool for Z-Push -> https://sourceforge.net/projects/zimbrabackend/

I am using this and everything works find without any problems.

Yes, I meant z-push + zimbrabackend of course. I also use z-push+zimbrabackend and it queries mailboxes too often so as @beezim-oss said above it has some scalation issues.

[derritter88]

Regarding "regular sysadmin" I would say It depends: If a sysadmin has a valid subscription license for Zimbra than Active Sync is part of it and there is nothing to do. But if someone uses a FOSS version of Zimbra than there might me some parts which are not included in the open source license.

[beezim-oss]

Hi, we did a few test on the integration with thespell apache, this is not possible dure to the compilation options used. I will continue to investigate this.

[maxxer]

For the configuration it's possible to serve Z-Push directly via Zimbra's nginx, it just requires system php-fpm package (explained here). The advantage of this approach is that nginx+fpm is faster than apache+php, disatvantage requires additional package.

[joaquinmira]

@maxxer That tutorial is Ok, but quite messy about permissions. PHP-FPM daemon default pool in tcp mode port 9000 (/etc/php-fpm.d/www.conf) runs as apache by default (CentOS7). But if we want z-push as a zimbra "feature", it should run as zimbra user, just like the nginx process. Same goes for the section where creates the logs folder doing chown to apache or www-data. And also /var/lib/php subfolders and z-push states folders owner as well (not included but important). Have in mind that apache user may not exist if no httpd package installed, which is not suggested in a Zimbra server (any role) although httpd package is curiously a "dependency" of php/php-fpm packages.

Happy to help in any way and big thanks all for keeping the FOSS version alive. Im a Zimbra admin since v4.5 and z-push backend user since its very first version :)

[beezim-oss]

Abour integration, did someone test this ? https://www.eclipse.org/jetty/documentation/current/configuring-fastcgi.html

If it is working with php fpm, it may be possible to remove the nginx configuration change.

@joaquinmira I agree, package should fit all usual rights and log emplacements.

[marshalleq]

Having no active sync in zimbra oss was the only thing that made me hesitate migrating to it. Looking up how I could get around this lead me to zpush and then to here. I currently have version 8 - but keen to help testing upgrades to 9.x and such - hunting for a procedure now. This is fantastic! :)

[marshalleq]

So we're nearly a year on and a lot of progress has been made. I've been running 9.0 OSS for quite some time, probably about a year actually, with no issues other than needing to get off CentOS Grr. How's progress on Zpush or any other active sync method coming along? It would be very nice.

[marshalleq]

Just came across this: https://sourceforge.net/projects/zimbrabackend/ The instructions are in the download.

I'm not yet sure if this is additional to, or includes the zpush functionality, either way, it's purpose is specifically to enable activesync for Zimbra OSS with zpush.

[derritter88]

I am using the Zimbra backend already. You need to use Z-Push from Kopano + the backend.

[marshalleq]

So you're saying you need Push -> Zimbra backend link above -> Zimbra Server?

[derritter88]

Yes, you need all three indipendend packages. I had it set up and runnring with the latest Zimbra OSS 8.8.15 but recently migrated to Zimbra 9 as there is a package from Zextras. So I still know all the installation steps.

[joaquinmira]

I use it since the very first versions. My current config is on Zimbra single server with some tuning on proxy conf files that routes all activesync requests to Zpush behind Apache on non standard port. This way you can integrate with Zimbra components and use current certificate.

in nginx.conf.web.https.default.template and nginx.conf.web.https.template

For long polling of Microsoft ActiveSync

location ^~ /Microsoft-Server-ActiveSync
{

proxy_buffering off; proxy_pass http://127.0.0.1:8888; proxy_set_header X-Client-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

}

[derritter88]

Hola @joaquinmira , same for me except I have rewritten to Zimbra Nginx configuration so it forwarded all requests for /Microsoft-Server-ActiveSync to Apache where I have installed a separate z-push-apache module.

[adriangibanelbtactic]

If anyone wants to actually help on this (Bringing ActiveSync support to Zimbra 9 FOSS) please learn on how Zimbra configures, builds (and optionally packages) postfix daemon so that it runs and logs in zimbra directories with the correct user owners (usually zimbra:zimbra) as is hinted in https://github.com/beezimOSS/beezoss/issues/4#issuecomment-630542216 .

Then apply what you have learnt to z-push/kopano and z-push backend for zimbra.

At that point we will still need an apache server with php support. Either try to use the aspell one or try to modify its configure and build setting. Or package another apache server with their own settings.

There's also the workaround: https://www.eclipse.org/jetty/documentation/jetty-9/index.html#configuring-fastcgi as suggested in https://github.com/beezimOSS/beezoss/issues/4#issuecomment-630580825 but I'm not very keen on relying on java so much.

Knowing how to setup nginx to proxy Microsoft-Server-ActiveSync path to the right server is needed, yes, but it's only an small piece of the puzzle.