Brief Introduction to Zimbra Internal Architecture

In some cases, you might want to recover your data from Zimbra, or you may be curious about how Zimbra manages users and emails behind the scenes.

I dug into Zimbra’s nuts and bolts because we lost Zimbra’s local LDAP, which took more than 3 days to fix, so I wanted to share what I found about this email server with anyone else who might be experiencing the same problem.

Zimbra uses LDAP, MySQL, and file systems to store emails and relate them to users.

Zimbra Uses local LDAP even if you define an external one for authentication. In fact all users in Zimbra have two different id, one id is stored in mysql which is usually starts from 1 and increase sequentially and the other is resides in a local LDAP and the format of id is universally unique identifier (uuid) a randomly generate number.

There is a table in Zimbra’s MySQL called mailbox where database id is mapped to LDAP uuid and usernames are stored in a field called comment.

Now that we understand how MySQL and LDAP are related, let’s examine how meta data of emails is stored in Zimbra.

In Mysql database you’ll find mboxgroup1..mboxgroup100 databases, these are databases that stores metadata according to actuall .msg files stored in /opt/zimbra/store/0/{ID}. In fact these metadata are the ones are show inside webapp or the one shows with IMAP/POP3.

Each user ID in Zimbra is sharded in Mysql, so if a user logs into his mailbox for the first time, Zimbra will record his ID incrementally in Mysql and then divide by 100 to determine which database the user’s ID will be assigned. You can read more about Zimbra database structure here.

Notes for Recovering a Faulty Zimbra:

If you are going to recover a faulty internal LDAP within Zimbra you need to know couple of notes.

  • Order of users are important, if user id in old Zimbra is 1 then the same user’s id in new Zimbra should be 1 as well
  • You might not need internal LDAP since it only saves uuid, you can create new users in LDAP using zmprov ca username@domain password
  • LDAP database resides in /opt/zimbra/data/ldap/mdb/db/ and its size is 80GB
  • You need to recover mboxgroup1 to 100 if you really care about your old data, you can get a backup using Mysql tools inside Zimbra similar to a regular Mysql
    • //You have have to be root user
    • su - zimbra
    • source ~/bin/zmshutil
    • zmsetvars
    • /opt/zimbra/mysql/bin/mysqldump --user=root --password=$mysql_root_password --socket=$mysql_socket \ --all-databases --flush-logs > {dump-file}.sql
  • Also you need to recover the Zimbra database (this database is inside Mysql don’t confuse this name with the actual Zimbra service). You need to copy this database as well. Within Zimbra’s database there is a table called config. Within this table is a field called db.version which keeps track of changes in Zimbra. Make sure this value is the same inside the new Zimbra as it was in the old Zimbra.
  • Actual Email files are in /opt/zimbra/store/0/{ID}. The {ID} is the same as the id inside mailbox table.