ZIMBRA INSTALLATION

Zimbra Collaboration Server 8 is amazing, it’s a fresh up take away from the rough hands of Microsoft Exchange. And most importantly, the opensource version has everything that I need. I’ve used it commercially and do recommend it to any clients as it’s just a great platform.

Installation of Zimbra is very easy. I’ve left the comments from my notes to make it easier to understand.
The installation is from a CentOS 6.3 minimal install after doing my routine secure, hardening and updates.

yum -y update

yum -y install wget setuptool system-config-network system-config-firewall ntsysv nscd perl nc sudo sysstat

yum install system-config-network-tui
yum install system-config-firewall-tui
yum install nc
yum install sudo
yum install mysql mysql-server mysql-devel
yum install sysstat
yum install wget
yum install bind bind-utils

 

setup # disable services iptables, sendmail
service iptables stop
service sendmail stop

chkconfig sendmail off
chkconfig netfs off
chkconfig rpcbind off
chkconfig rpcgssd off
chkconfig rpcidmapd off
chkconfig fcoe off
chkconfig iptables off
chkconfig ip6tables off
chkconfig iscsi off
chkconfig iscsid off

 

# Disable Startup Services
service postfix stop
chkconfig postfix off
service sendmail stop
chkconfig sendmail off
# Install nc package
yum -y install nc sysstat
# Disable Selinux (unfortunately, Zimbra does not yet fully support Selinux)
setenforce 0
nano /etc/selinux/config
# Modify
SELINUX=disabled
# Fix hosts file
nano /etc/hosts
# Append
ipaddress hostname.domain.com hostname

echo “0 4 * * * root ntpdate time.stdtime.gov.tw” >> /etc/crontab

 

# Installing Zimbra Opensource
wget http://files2.zimbra.com/downloads/8.0.2_GA/zcs-8.0.2_GA_5569.RHEL6_64.20121210115059.tgz
tar -zxvf zcs-8.0.2_GA_5569.RHEL6_64.20121210115059.tgz
cd zcs-8.0.2_GA_5569.RHEL6_64.20121210115059
# Centos isn’t officially supported but RHEL 6 is so we platform-override
# # THIS WILL TAKE A WHILE ##
# This is run in screen as it may take a while #
# depending on your machine, go grab a coffee #
# You can close the screen with ctrl+A+D and
# continue with your other operations #
# If you get disconnected or want to #
# return to the screen simply use $screen -R #
# Configuration steps following this are very self explanatory #
#
screen ./install.sh –platform-override

tep4. Install Zimbra 8
# cd zcs-8.0.0_GA_5434.RHEL6_64.20120907144639
# ./install.sh –platform-override
Q1. Do you agree with the terms of the software license agreement? [N] Y
Q2. Do you agree with the terms of the software license agreement? [N] Y
Q3. Install zimbra-ldap [Y] Enter
Q4. Install zimbra-logger [Y] Enter
Q5. Install zimbra-mta [Y] Enter
Q6. Install zimbra-snmp [Y] Enter
Q7. Install zimbra-store [Y] Enter
Q8. Install zimbra-apache [Y] Enter
Q9. Install zimbra-spell [Y] Enter
Q10. Install zimbra-memcached [N] Enter
Q11. Install zimbra-proxy [N] Enter
Q12. Install anyway? [N] Y
Q13.The system will be modified. Continue? [N] Y
Q14. Address unconfigured (**) items (? – help) 3
Q15. Select, or ‘r’ for previous menu [r] 4
Q16. Password for admin@zimbra.iwant-in.net (min 6 characters): [KFAYdeL6]
Q17. Select, or ‘r’ for previous menu [r] r
Q18. Select from menu, or press ‘a’ to apply config (? – help) a
Q19. Save configuration data to a file? [Yes] Enter
Q20. Save config in file: [/opt/zimbra/config.8480] Enter
Q21. The system will be modified – continue? [No] Yes
Q22. Notify Zimbra of your installation? [Yes] No
Q23. Configuration complete – press return to exit Enter

# Optimization on Lower Memory

su zimbra

zmcontrol status

su zimbra
zmlocalconfig -e tomcat_java_heap_memory_percent=40
zmlocalconfig -e mysql_memory_percent=10
zmlocalconfig -e mysql_table_cache=250
zmlocalconfig -e mailboxd_java_heap_memory_percent=10
zmlocalconfig -e zmmtaconfig_interval=7200
zmmtactl restart

# Using -l option connects to LDAP Server Instead, Fixes the issue with connecting through soap
# Disable Logger Service, Stats and SNMP
# THIS IS ONLY FOR MY LOW MEMORY SETUP. Not recommended for production use.

zmprov -l ms mail.domain.com -zimbraServiceEnabled snmp
zmprov -l ms mail.domain.com -zimbraServiceEnabled logger
zmprov -l ms mail.domain.com -zimbraServiceEnabled stats
zmcontrol stop
zmcontrol start
zmlocalconfig -e zmmtaconfig_interval=7200
zmprov -l mcf zimbraLogRawLifetime 7d
zmprov -l mcf zimbraLogSummaryLifetime 30d
zmmtactl restart

nano /opt/zimbra/conf/my.cnf in:
# Modify
# thread_cache_size = 110
# max_connections = 110

thread_cache_size = 20
max_connections = 20

nano /opt/zimbra/conf/amavisd.conf.in
# Modify
# $max_servers = 10;
$max_servers = 2;

# Configure Iptables Firewall
# enable zimbra ports
$iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 25 -j ACCEPT
$iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT
$iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 110 -j ACCEPT
$iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 143 -j ACCEPT
$iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 389 -j ACCEPT # -s 10.10.3.0/24
$iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 443 -j ACCEPT
$iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 465 -j ACCEPT
$iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 993 -j ACCEPT
$iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 995 -j ACCEPT
$iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 7071 -j ACCEPT # -s 10.10.3.0/24

And that’s it. Do check out the Zimbra website for a full list of features, unfortunately it is quite memory and cpu intensive and

it’s not comparable to the simple postfix squirelmail setups that some may be used to.

But the feature range is amazing and definitely worth a look into for those on the fence.

 

Adding my own WildCard SSL Certificate to Zimbra Collabration Server 8
Installation of Zimbra is a breeze, on my CentOS 6.3 Minimal install it took less than 5 minutes of interaction.

To get the SSL certificate installed took a little more tweaking then the install but after some trial and error the final list of commands were very short.

cp /opt/zimbra/ssl/zimbra/ca.pem /opt/zimbra/ssl/zimbra/ca.pem.bak
echo /dev/null > /opt/zimbra/ssl/zimbra/ca.pem
nano /opt/zimbra/ssl/zimbra/ca/ca.pem
# Insert our ca.pem here, only the certificate not the key
nano /opt/zimbra/ssl/zimbra/commercial/commercial.key
# Insert the .key file contents
nano /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt
# Insert the .crt file contents

# Now we’ll deploy our crt, telling Zimbra it’s a commercial cert (although it’s not)
/opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/ssl/zimbra/ca/ca.pem

# Verify the installed cert
/opt/zimbra/bin/zmcertmgr viewdeployedcrt

# Force SSL with a redirect
zmtlsctl redirect

# Restart
zmcontrol stop
zmcontrol start

 

At command prompt type

su zimbra

zmcontrol status

To start the zimbra services type:
zmcontrol start

Open a browser and log in at http://mail.server.com

For admin panel type: http://mail.server.com:7071

 

Change Zimbra Web Client Logo and Title
Logo Path –> /opt/zimbra/jetty/webapps/zimbra/skins/_base/logos
Logo Files –> AppBanner.png
Title Defined Path –> /opt/zimbra/jetty/webapps/zimbra/WEB-INF/classes/messages/ZmMsg.properties
Title Desc –> zimbraTitle = IWANT-IN WebMail
zimbraLabel = IWANT-IN WebMail\uff1a

 

# su – zimbra

Depois, basta executar:

$ zmprov -l -v mcf zimbraXMPPEnabled TRUE
$ zmprov -v mc default zimbraFeatureIMEnabled TRUE
$ zmprov -v mc default zimbraFeatureInstantNotify TRUE
$ zmcontrol stop
$ zmcontrol start