Logicalwebhost Cheatsheet

Linux & Open Source Cheatsheets & Howto's

Skip to: Content | Sidebar | Footer

zimbra

How to setup and live with Zimbra, a unified messaging server, sorta like Exchange, but has a free version.

set up Zimbra on CentOS

First, set up a barebones CentOS 6.x or (RedHat 6.x if you prefer the support option) 64-bit (or 32 bit, this howto uses a 64-bit) server, you can get the image here:

wget http://centos.osuosl.org/6.4/isos/x86_64/CentOS-6.4-x86_64-netinstall.iso

Now install that with a static public IP. If you don’t have a static public IP and a DNS entry zimbra will complain loudly and not install.

You have to have a valid DNS record for this server. If you don’t, no amount of coaxing will allow zimbra to install right. This means you should have something on a DNS server for yourdomain.com (obviously change all instances of yourdomain.com to whatever your domain actually is, otherwise it won’t even come close to delivering mail) that says something like:

mail.yourdomain.com. A 1.2.3.4 <-- change 1.2.3.4 to your actual public static IP
mail.yourdomain.com. MX 0 mail.yourdomain.com.
yourdomain.com. MX 0 mail.yourdomain.com.

now login to your CentOS server via ssh and do (note: you may have to register and get a different download link, YMMV, still, the process is similar):

yum install nc
yum remove postfix <-- in case it got installed, zimbra has its own
cd /usr/src/
wget http://files2.zimbra.com/downloads/8.0.4_GA/zcs-8.0.4_GA_5737.RHEL6_64.20130524120036.tgz
tar xfvz zcs-8.0.4_GA_5737.RHEL6_64.20130524120036.tgz
cd zcs-8.0.4_GA_5737.RHEL6_64.20130524120036
./install.sh

now it should start to check your system and complain if you need to update something.

While it’s installing the individual .rpm’s it can take a few minutes for each one, so don’t panic, just sip something and chill…slowly.

During the install you’ll get a configuration menu like:

Main menu
 
   1) Common Configuration:                                                  
   2) zimbra-ldap:                             Enabled                       
   3) zimbra-store:                            Enabled                       
        +Create Admin User:                    yes                           
        +Admin user to create:                 admin@yourdomain.com         
******* +Admin Password                        UNSET                         
        +Anti-virus quarantine user:           virus-quarantine.jay6_agh@yourdomain.com
        +Enable automated spam training:       yes                           
        +Spam training user:                   spam.vazgdyfblg@yourdomain.com
        +Non-spam(Ham) training user:          ham.fulphed55@yourdomain.com 
        +SMTP host:                            mail.yourdomain.com          
        +Web server HTTP port:                 80                            
        +Web server HTTPS port:                443                           
        +Web server mode:                      https                         
        +IMAP server port:                     143                           
        +IMAP server SSL port:                 993                           
        +POP server port:                      110                           
        +POP server SSL port:                  995                           
        +Use spell check server:               yes                           
        +Spell server URL:                     http://mail.yourdomain.com:7780/aspell.php
        +Configure for use with mail proxy:    FALSE                         
        +Configure for use with web proxy:     FALSE                         
        +Enable version update checks:         TRUE                          
        +Enable version update notifications:  TRUE                          
        +Version update notification email:    admin@yourdomain.com         
        +Version update source email:          admin@yourdomain.com         
 
   4) zimbra-mta:                              Enabled                       
   5) zimbra-snmp:                             Enabled                       
   6) zimbra-logger:                           Enabled                       
   7) zimbra-spell:                            Enabled                       
   8) Default Class of Service Configuration:                                
   r) Start servers after configuration        yes                           
   s) Save config to file                                                    
   x) Expand menu                                                            
   q) Quit

at a minimum you should set the admin password (hightlighted with *****) by doing:

3 <-- to go to admin submenu
4 <-- to change the password
enter password you want
r <-- to return to previous menu
a <-- to apply your configuration
Save configuration data to a file? [Yes] <-- just hit enter and it 
Save config in file: [/opt/zimbra/config.13414] <-- just hit enter
Saving config in /opt/zimbra/config.13414...done.
The system will be modified - continue? [No] <-- type Yes and hit Enter

Now it will take a long time and install everything using the configuration you just generated. While it’s generating your different SSL certificates it will look a lot like your machine is hung, DON’T KILL THE PROCESS – BAD THINGS WILL HAPPEN, just let it troll along for a few minutes (or more) for each SSL it needs to create, be patient.

Once it completes visit:

https://yourdomain.com

note you’ll need the httpS vs http. You’ll have to confirm the security exception when you first visit, that’s because the server generated its own certificate, not one by a third party, so your browser will complain unless you upgrade to a third party cert.

Migrating old accounts to your Zimbra box

You can run this either on the source or destination server, or really any server that has imapsync, but CentOS doesn’t have it in the standard repo’s that are enabled here, although Debian/Ubuntu does.

Go to the source server (or wherever you have imapsync running) and do

imapsync --nosyncacls --subscribe --syncinternaldates --host1 mail.sourcemailserver.com --user1 sourceemail@sourceserver.com --password1 sourcepassword --host2 mail.destinationserver.com --user2 destinationmail@destinationserver.com --password2 destinationpassword --noauthmd5 --sep2 "/" --prefix2 ""

You may get a No Cleartext Login error, if you do, do this:

su zimbra
cd /opt/zimbra/bin/
zmprov ms `zmhostname` zimbraImapCleartextLoginEnabled TRUE

Or you can do it through the GUI under Global IMAP settings.

Importing GoDaddy SSL

Download the cert from GoDaddy (I used server type “Apache”), and scp it to your server. Login to your server and do:

su
cd /home/user/ (or wherever you put it)
unzip mail.yourdomainname.com.zip
/opt/zimbra/bin/zmcertmgr deploycrt comm /home/user/mail.yourdomain.com.crt /home/user/gd_bundle.crt

If your cert expires, it will make the server puke with an error about:

Unable to determine enabled services from ldap.
Unable to determine enabled services. Cache is out of date or doesn't exist.

which has absolutely nothing to do with cache problems, rather an expired cert. I found this code snippet on a support forum, it worked for me.

# su - zimbra -c 'zmcontrol stop'
 
# rm -rf /opt/zimbra/ssl/*
 
# rm -rf /opt/zimbra/ssl/.rnd
 
# /opt/zimbra/java/bin/keytool -delete -alias my_ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit
 
# /opt/zimbra/java/bin/keytool -delete -alias jetty -keystore /opt/zimbra/mailboxd/etc/keystore -storepass `su - zimbra -c 'zmlocalconfig -s -m nokey mailboxd_keystore_password'`
 
#vi /opt/zimbra/bin/zmcertmgr
 
# Find line
# SUBJECT="/C=US/ST=N\/A/L=N\/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=${zimbra_server_hostname}"
# and change to your company name
 
# then find and change you want value days expire cert validation_days=365 to validation_days=3650
# save /opt/zimbra/bin/zmcertmgr
 
#/opt/zimbra/bin/zmcertmgr createca -new
 
#/opt/zimbra/bin/zmcertmgr deployca -localonly
 
#/opt/zimbra/bin/zmcertmgr createcrt self -new
 
May be you will receive some Failed but ignore them,
 
#/opt/zimbra/bin/zmcertmgr deploycrt self
 
Here also
 
#su - zimbra -c 'zmcontrol start'
 
It should start services successfully.
 
 
 
#/opt/zimbra/bin/zmcertmgr deploycrt self
 
#/opt/zimbra/bin/zmcertmgr deployca
 
Everything would be perfect here.
 
#su - zimbra -c 'zmupdateauthkeys'
 
#/opt/zimbra/bin/zmcertmgr viewdeployedcrt

change message attachment size

This will raise your attachment size to 42MB, change to what you really want, and change your domain name to whatever it really is.

su
cd /opt/zimbra/bin
su zimbra
zmprov ms mail.changetoyourdomain.com zimbraFileUploadMaxSize 44040192
zmprov ms mail.changtoyourdomain.com zimbraMailContentMaxSize 44040192
zmprov mcf zimbraMtaMaxMessageSize 44040192
./zmcontrol restart

reset Zimbra admin password

these two commands show who is an admin, and then resets the password for one of them (change the email to what yours is really):

cd /opt/zimbra/bin
su zimbra
zmprov gaaa
zmprov sp <admin email address> <new password>

zimbra spam fighting

Stock zimbra does and underwhelming job of fighting spam, here are a couple things that might help.

vi /opt/zimbra/conf/salocal.cf.in
  blacklist_from *@somespamdomain.com
  whitelist_from you@yahoo.com
su zimbra
zmmtactl restart && zmamavisdctl restart
Rewriting configuration files...
done.
/postfix-script: refreshing the Postfix mail system
Stopping saslauthd...done.
Starting saslauthd...done.
Stopping amavisd... done.
Starting amavisd...done.

now try to send yourself an email and see if everything still works. You can install a blacklist agent too, Razor (from rpmforge, make sure that is enabled), like this:

yum install perl-Razor-Agent razor-agents
mkdir /opt/zimbra/amavisd/.razor; chown -Rf zimbra:zimbra /opt/zimbra/amavisd/.razor
su zimbra
[zimbra@mail conf]$ razor-admin -home=/opt/zimbra/amavisd/.razor -create 
[zimbra@mail conf]$ razor-admin -home=/opt/zimbra/amavisd/.razor -discover 
[zimbra@mail conf]$ razor-admin -home=/opt/zimbra/amavisd/.razor -register
Register successful.  Identity stored in /opt/zimbra/amavisd/.razor/identity-ruqZLjs999

Write a comment

You need to login to post comments!