Install Zimbra on Centos 8

Install Zimbra on Centos 8

Zimbra is a open source email collaboration software. In this blog lets concentrate on how to install a single server setup of Zimbra. 

Zimbra can be installed as a multi-server setup which we will visit in later blogs. 

Following are the Pre-requisites to install zimbra.

1. Set a Fully Qualified Hostname(FQDN) = mail.jkzimbra.com
2. Update host file entry for the host in format - <ip> <FQHN> <HN>
3. Configure a static ip = 192.168.142.128
4. For now we can stop and disable firewalld, iptables, selinux. In later blogs we can go through how to configure these along with zimbra.
5. Install and set-up dns with a A and MX record. Here we will use dnsmasq software to accomplish this.
6. Finally update the system to latest patch level with yum update. 
7. Download the zimbra setup from zimbra.com site. and place it in the server.
8. It is better to have a separate LVM for /opt as the whole zimbra setup and configuration will reside at this mount point.

CentOS version - CentOS Linux release 8.4.2105

Zimbra Version - zcs-8.8.15_GA_3953

Step 1: Perform yum update 

Step 2: Set the hostname as fqdn with hostnamectl as shown in below image.

Step 3: Update host file to reflect as below with FQDN

Step 4:Set a static IP 

Step 5: Stop and disable Firewalld and Selinux

Step 6: Install dnsmasq and configure dnsmasq.conf as below

# yum install dnsmasq

Start dnsmasq service - systemctl start dnsmasq 

Query the mx record and it should return a MX record as shown below with the servers fqdn and correct ip address.

Note: If you are not getting proper result, you may need to update /etc/resolv.conf with correct dnsserver(which has this dnsmasq setup) - here it is the same zimbra server so i have used 192.168.142.128

Step 7: Download zimbra setup and move it to the server in /tmp or /home.

zcs-8.8.15_GA_3953.RHEL8_64.20200629025823.tgz

Extract the setup file as below

# tar -xzvf zcs-8.8.15_GA_3953.RHEL8_64.20200629025823.tgz

Now Lets start with the actual Install and configuration of Zimbra,

Issue the command from inside the zcs* directory.

# install.sh

Installation will start as below,

Answer "Y" where required 

You will receive a DNS error, correct the domain name as you have configured in dns. This error will come as we have configured mx for domain name and not the hostname. you have to change the domain name here so give yes and then provide proper domain name. 

You will be seeing the configuration menu as below,

Set the password for admin user. and view the ldap, postfix, and other users password using appropriate menu numbers. 

You can also update the password here. 

To go to previous menu you can type "r"  and hit enter,

Once you have configured all required options you can apply the configuration - to do so type "a" and hit enter.

It will ask to save config file, type yes or hit enter to accept.

Finally the system to start modifying with given config type yes at the prompt and hit enter.

Sit back and relax, the setup will go through some time and you will get as below.

Zimbra servers will start now.

Post setup tasks

Set up the ssh keys. To populate the ssh keys, as Zimbra user (su-zimbra). Type zmupdateauthkeys and press Enter. The key is updated on /opt/zimbra/.ssh/authorized_keys.

Enabling Server Statistics Display. In order for the server statistics to display on the administration console, the syslog configuration files must be modified.

As root, type /opt/zimbra/libexec/zmsyslogsetup. This enables the server to display statistics.

Lets check the zimbra service status by logging as zimbra user. 

zmcontrol status will give you all service status, all should be running. here dnscache is not running as we have configured dnsmasq and it is running on server it will be conflicting zimbra dnscache. so you can ignore. 

You could have not installed this dnscache by giving "N" during the setup when it asks for dnscache installation or you can configure dnsmasq on separate server. 

Now that we are all set here, Lets open the zimbra web client where we can send and receive emails. 

Note: we can send mail to outside domain now but we will not be able to receive emails as we have not published our domin/MX to global dns - you can contact your domain provider like godaddy to do that. 

Webmail link - https://ipaddress

Note: you will get a ssl warning accept and proceed as we have not yet installed any self signed certificate.

Admin account is already created during installation where you will get all zimbra service related emails. lets login and see how the web email looks, 

Yay!! we got some emails. remember these are not external emails. we only get internal email until we set public dns.

Lets see how admin console looks like. admin console opens with port 7071

Admin console link - https://ipaddress:7071

Ignore the server status failed as it is showing for dnscache which we are not using now.

Thats all we still have a lot more on zimbra. we will get through them in later blogs. 

CronJob

Crontab is to schedule a job at given time or repeat a job at given intervals.

To create a new crontab issue crontab -e

To view the crontab issue crontab -l

[root@host1]# cat /etc/crontabSHELL=/bin/bashPATH=/sbin:/bin:/usr/sbin:/usr/binMAILTO=root
# For details see man 4 crontabs
# Example of job definition:# .---------------- minute (0 - 59)# |  .------------- hour (0 - 23)# |  |  .---------- day of month (1 - 31)# |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...# |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat# |  |  |  |  |# *  *  *  *  * user-name  command to be executed

[root@host1]#

Eg:- If you need to schedule a job to run at 12:30 daily then below to be updated in crontab

30 12 * * * command_to_be_executed

Setting host name in CentOS Linux 8

 

We can set host name to a Linux system by directly updating name in /etc/hostname file which will require reboot. 

In CentOS Linux 8 and latest versions we have hostnamectl command that will do the job without need of reboot.

Command - hostnamectl 

Syntax - hostnamectl set-hostname NAME

This will automatically update the /etc/hostname file and no reboot is required. 

Configure local repository on Ubuntu

 

Configure local repository on Ubuntu

Prerequisites:

·        Install Apache2
·        Install apt-utils
·        Install dpkg-dev

Server-side configuration:

1.       Download required packages in one machine.

2.       Create a directory in /var/www/ as below,

            Now move to the binary directory,

4.       Move your downloaded packages to this directory.

5.       Create a file named Packages which apt-get can read using the following command,      

# apt-ftparchive packages > Packages

6.       Now create a zip file of that Packages file created above using below command,

# gzip -c Packages > Packages.gz

Client-side configuration :

1.       Change the internet configurations with no internet.

2.       Edit the /etc/apt/sources.list file as shown below,

deb http://yourIP/localrepo/pkg/binary /

And hash all other lines. Save and exit.

3.       Issue apt-get update the changes you made in sources.list will be updated and you will get a message like below,

Reading packages lists….. Done.

4.       Once successfully verifying the sources you can start installing any package available from your local repository using apt-get.

# apt-get install package_name

Note : you will get a warning like package is not authenticated just continue with yes and the package will be downloaded.

RBL Whitelisting with zimbra postfix

 RBL Whitelisting with zimbra postfix 

Cause: Genuine IP is being Blocked by the RBL.

RBL - Real-time Black hole list.

Common RBL providers - BarracudaCentral, SpamHaus.

When you find any genuine email blocked reason as smtp blacklisted/ip blacklisted in log messages then it can be whitelisted with zimbra postfix as explained below.

Note: If sender domain / IP is blacklisted with global RBL, it might be affected by suspicious infection. Hence try to find the reality and then proceed accordingly. Whitelisting affected senders might increase chances of your domain also getting infected. 

Resolution:

    1. Create a file postfix_rbl_override in /opt/zimbra/conf/

    2. Add the IP/Domain Name to be whitelisted in the file /opt/zimbra/conf/postfix_rbl_override as shown below,

##

192.168.1.5   OK
Domainname.com OK

##

    3. Issue the postmap command as below ,

## postmap /opt/zimbra/conf/postfix_rbl_override

    4. In the smtpd_recipient_restrictions.cf file include the following lines, just above the line reject_unlisted_recipient

check_client_access hash:/opt/zimbra/conf/postfix_rbl_override

check_recipient_access hash:/opt/zimbra/conf/postfix_rbl_override

Note: For 8.x the file is located in opt/zimbra/conf/zmconfigd/smtpd_recipient_restrictions.cf

And for versions below 8.x you should edit the file /opt/zimbra/conf/postfix_recipient_restrictions.cf

After making changes restart the zimbra mta service.

## zmmtactl restart

Configuring samba standalone server

 

Configuring samba standalone server

To share files from linux to windows machine samba is used. Below lets see how to install and configure samba to share files from linux to windows. 

Step 1: Check if samba package is installed, using the following command.

# rpm –qa samba*

Step 2: If samba is not installed then install samba using following command.

# yum install samba

Step 3: Create a Directory you want to share.

# mkdir directory_name

Step 4: Grant the directory full permission.

# chmod 777 directory_name

Step 5: Now create a share user.

# useradd directory_name

Step 6: Create password for the user.

# passwd username

Step 7: Now to share the directory edit the smb.conf file using following command.

# vi /etc/samba/smb.conf

Step 8: Change the workgroup to your workgroup.

Add the following lines in the end of this file /etc/samba/smb.conf

Save this file and exit using Esc :wq

Step 9: check the firewall status, if it is on turn off the firewall.

# service iptables status

Step 10: Turn off firewall.

# service iptables stop

Even after turning off the firewall while rebooting it starts so to permanently turn it off.

# chkconfig iptables off

 Check the firewall status again.

# service iptables status

Step 11: Turn off Selinux

# vi /etc/sysconfig/selinux

Change selinux to disabled if it is in enforcing. Save and quit using Esc :wq

Step 12: Now start samba service.

# service smb start

This starts the samba service but when you restart it turns off to turn it on

# chkconfig smb on

To check the status of samba service

# service smb status

Step 13: Create sharing users password

# smbpasswd -a sharing

Step 14: Reboot your computer and open windows computer and access the shared folder with this password and the username for which you have created the smbpasswd, here it is Sharing(username).

To change permissions for shared folders.

Restricting shared folder to one user alone.

Create a new user you want to allow permission for writing the shared folder.

Edit the smb.conf  file and change the value for writable as no in the folder which you want to restrict, and change the value of write list to the user name which you want to allow permission. Here the user name is Sharing.

Share restricted for all user except for user(Sharing).