How to setup and live with Zimbra, a unified messaging server, sorta like Exchange, but has a free version.
set up Zimbra on CentOS
First, set up a barebones CentOS 6.x or (RedHat 6.x if you prefer the support option) 64-bit (or 32 bit, this howto uses a 64-bit) server, you can get the image here:
wget http://centos.osuosl.org/6.4/isos/x86_64/CentOS-6.4-x86_64-netinstall.iso |
Now install that with a static public IP. If you don’t have a static public IP and a DNS entry zimbra will complain loudly and not install.
You have to have a valid DNS record for this server. If you don’t, no amount of coaxing will allow zimbra to install right. This means you should have something on a DNS server for yourdomain.com (obviously change all instances of yourdomain.com to whatever your domain actually is, otherwise it won’t even come close to delivering mail) that says something like:
mail.yourdomain.com. A 1.2.3.4 <-- change 1.2.3.4 to your actual public static IP mail.yourdomain.com. MX 0 mail.yourdomain.com. yourdomain.com. MX 0 mail.yourdomain.com. |
now login to your CentOS server via ssh and do (note: you may have to register and get a different download link, YMMV, still, the process is similar):
yum install nc yum remove postfix <-- in case it got installed, zimbra has its own cd /usr/src/ wget http://files2.zimbra.com/downloads/8.0.4_GA/zcs-8.0.4_GA_5737.RHEL6_64.20130524120036.tgz tar xfvz zcs-8.0.4_GA_5737.RHEL6_64.20130524120036.tgz cd zcs-8.0.4_GA_5737.RHEL6_64.20130524120036 ./install.sh |
now it should start to check your system and complain if you need to update something.
While it’s installing the individual .rpm’s it can take a few minutes for each one, so don’t panic, just sip something and chill…slowly.
During the install you’ll get a configuration menu like:
Main menu 1) Common Configuration: 2) zimbra-ldap: Enabled 3) zimbra-store: Enabled +Create Admin User: yes +Admin user to create: admin@yourdomain.com ******* +Admin Password UNSET +Anti-virus quarantine user: virus-quarantine.jay6_agh@yourdomain.com +Enable automated spam training: yes +Spam training user: spam.vazgdyfblg@yourdomain.com +Non-spam(Ham) training user: ham.fulphed55@yourdomain.com +SMTP host: mail.yourdomain.com +Web server HTTP port: 80 +Web server HTTPS port: 443 +Web server mode: https +IMAP server port: 143 +IMAP server SSL port: 993 +POP server port: 110 +POP server SSL port: 995 +Use spell check server: yes +Spell server URL: http://mail.yourdomain.com:7780/aspell.php +Configure for use with mail proxy: FALSE +Configure for use with web proxy: FALSE +Enable version update checks: TRUE +Enable version update notifications: TRUE +Version update notification email: admin@yourdomain.com +Version update source email: admin@yourdomain.com 4) zimbra-mta: Enabled 5) zimbra-snmp: Enabled 6) zimbra-logger: Enabled 7) zimbra-spell: Enabled 8) Default Class of Service Configuration: r) Start servers after configuration yes s) Save config to file x) Expand menu q) Quit |
at a minimum you should set the admin password (hightlighted with *****) by doing:
3 <-- to go to admin submenu 4 <-- to change the password enter password you want r <-- to return to previous menu a <-- to apply your configuration Save configuration data to a file? [Yes] <-- just hit enter and it Save config in file: [/opt/zimbra/config.13414] <-- just hit enter Saving config in /opt/zimbra/config.13414...done. The system will be modified - continue? [No] <-- type Yes and hit Enter |
Now it will take a long time and install everything using the configuration you just generated. While it’s generating your different SSL certificates it will look a lot like your machine is hung, DON’T KILL THE PROCESS – BAD THINGS WILL HAPPEN, just let it troll along for a few minutes (or more) for each SSL it needs to create, be patient.
Once it completes visit:
https://yourdomain.com |
note you’ll need the httpS vs http. You’ll have to confirm the security exception when you first visit, that’s because the server generated its own certificate, not one by a third party, so your browser will complain unless you upgrade to a third party cert.
Migrating old accounts to your Zimbra box
You can run this either on the source or destination server, or really any server that has imapsync, but CentOS doesn’t have it in the standard repo’s that are enabled here, although Debian/Ubuntu does.
Go to the source server (or wherever you have imapsync running) and do
imapsync --nosyncacls --subscribe --syncinternaldates --host1 mail.sourcemailserver.com --user1 sourceemail@sourceserver.com --password1 sourcepassword --host2 mail.destinationserver.com --user2 destinationmail@destinationserver.com --password2 destinationpassword --noauthmd5 --sep2 "/" --prefix2 "" |
You may get a No Cleartext Login error, if you do, do this:
su zimbra cd /opt/zimbra/bin/ zmprov ms `zmhostname` zimbraImapCleartextLoginEnabled TRUE |
Or you can do it through the GUI under Global IMAP settings.
Importing GoDaddy SSL
Download the cert from GoDaddy (I used server type “Apache”), and scp it to your server. Login to your server and do:
su cd /home/user/ (or wherever you put it) unzip mail.yourdomainname.com.zip /opt/zimbra/bin/zmcertmgr deploycrt comm /home/user/mail.yourdomain.com.crt /home/user/gd_bundle.crt |
If your cert expires, it will make the server puke with an error about:
Unable to determine enabled services from ldap. Unable to determine enabled services. Cache is out of date or doesn't exist. |
which has absolutely nothing to do with cache problems, rather an expired cert. I found this code snippet on a support forum, it worked for me.
# su - zimbra -c 'zmcontrol stop' # rm -rf /opt/zimbra/ssl/* # rm -rf /opt/zimbra/ssl/.rnd # /opt/zimbra/java/bin/keytool -delete -alias my_ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit # /opt/zimbra/java/bin/keytool -delete -alias jetty -keystore /opt/zimbra/mailboxd/etc/keystore -storepass `su - zimbra -c 'zmlocalconfig -s -m nokey mailboxd_keystore_password'` #vi /opt/zimbra/bin/zmcertmgr # Find line # SUBJECT="/C=US/ST=N\/A/L=N\/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=${zimbra_server_hostname}" # and change to your company name # then find and change you want value days expire cert validation_days=365 to validation_days=3650 # save /opt/zimbra/bin/zmcertmgr #/opt/zimbra/bin/zmcertmgr createca -new #/opt/zimbra/bin/zmcertmgr deployca -localonly #/opt/zimbra/bin/zmcertmgr createcrt self -new May be you will receive some Failed but ignore them, #/opt/zimbra/bin/zmcertmgr deploycrt self Here also #su - zimbra -c 'zmcontrol start' It should start services successfully. #/opt/zimbra/bin/zmcertmgr deploycrt self #/opt/zimbra/bin/zmcertmgr deployca Everything would be perfect here. #su - zimbra -c 'zmupdateauthkeys' #/opt/zimbra/bin/zmcertmgr viewdeployedcrt |
change message attachment size
This will raise your attachment size to 42MB, change to what you really want, and change your domain name to whatever it really is.
su cd /opt/zimbra/bin su zimbra zmprov ms mail.changetoyourdomain.com zimbraFileUploadMaxSize 44040192 zmprov ms mail.changtoyourdomain.com zimbraMailContentMaxSize 44040192 zmprov mcf zimbraMtaMaxMessageSize 44040192 ./zmcontrol restart |
reset Zimbra admin password
these two commands show who is an admin, and then resets the password for one of them (change the email to what yours is really):
cd /opt/zimbra/bin su zimbra zmprov gaaa zmprov sp <admin email address> <new password> |
zimbra spam fighting
Stock zimbra does and underwhelming job of fighting spam, here are a couple things that might help.
vi /opt/zimbra/conf/salocal.cf.in blacklist_from *@somespamdomain.com whitelist_from you@yahoo.com su zimbra zmmtactl restart && zmamavisdctl restart Rewriting configuration files... done. /postfix-script: refreshing the Postfix mail system Stopping saslauthd...done. Starting saslauthd...done. Stopping amavisd... done. Starting amavisd...done. |
now try to send yourself an email and see if everything still works. You can install a blacklist agent too, Razor (from rpmforge, make sure that is enabled), like this:
yum install perl-Razor-Agent razor-agents mkdir /opt/zimbra/amavisd/.razor; chown -Rf zimbra:zimbra /opt/zimbra/amavisd/.razor su zimbra [zimbra@mail conf]$ razor-admin -home=/opt/zimbra/amavisd/.razor -create [zimbra@mail conf]$ razor-admin -home=/opt/zimbra/amavisd/.razor -discover [zimbra@mail conf]$ razor-admin -home=/opt/zimbra/amavisd/.razor -register Register successful. Identity stored in /opt/zimbra/amavisd/.razor/identity-ruqZLjs999 |
command line tips
how large is a mailbox:
zmmailbox -z -m user@domain.com gms |
How many messages in each folder:
zmmailbox -z -m admin@example.com gaf |
Emptying a folder in someone’s mailbox:
zmmailbox -a admin -p password -m user@domain.com emptyFolder /Inbox |
deleting space in zimbra server
If you run out of space/inodes, you have to delete some files. To check, look at BOTH of these command outputs, as you might have free space, but not free inodes:
df -h df -i |
If you need to delete stuff, run these (from this helpful blog):
cd /var/log du -hs * rm -rf /var/log/zimbra.log.* rm -rf /var/log/messages.* rm -rf /var/log/maillog.* rm -rf /var/log/rpmpkgs.* rm -rf /var/log/boot.log.* rm -rf /var/log/cron.* cat /dev/null > /var/log/maillog cat /dev/null > /var/log/messages cat /dev/null > /var/log/zimbra.log cat /dev/null > /var/log/cbpolicyd.log du -hs * du -sh /opt/zimbra/log rm -rf /opt/zimbra/log/zmswatch.out.* rm -rf /opt/zimbra/log/myslow.log.* rm -rf /opt/zimbra/log/zmmailboxd.out.* rm -rf /opt/zimbra/log/mailbox.log.* rm -rf /opt/zimbra/log/audit.log.* rm -rf /opt/zimbra/log/zmmtaconfig.log.* rm -rf /opt/zimbra/log/zmlogswatch.out.* du -sh /opt/zimbra/log du -sh /opt/zimbra/zmstat rm -rf /opt/zimbra/zmstat/2009-* rm -rf /opt/zimbra/zmstat/2010-* rm -rf /opt/zimbra/zmstat/2011-* du -sh /opt/zimbra/zmstat cd /opt/zimbra/data/amavisd/quarantine find . -mtime +400 -exec rm -Rf -- {} \; ls | wc -l |
To purge an email account inbox:
su zimbra cd /opt/zimbra/bin ./zmmailbox -z -m user@domain.com emptyFolder /Inbox |
migrating between mail servers using imap
/usr/bin/imapsync --buffersize 8192000 --nosyncacls --syncinternaldates --noauthmd5 --nofoldersizes --skipsize --fast \ --exclude "#KnownSpam" --exclude "#FalsePositives" \ --exclude "Trash" --exclude "Deleted Items" \ --exclude "Deleted Messages" --exclude "Deleted" \ --host1 ip.of.source.server --user1 user@whatever.com --password1 'whateverpassword' --ssl2 --authmech2 PLAIN \ --host2 ip.of.dest.server --user2 user@whatever.com --password2 'whateverpassword' --ssl2 --authmech2 PLAIN |
increase max message size
Standard max attachment size is 10MB, here we increase it to 20M, or you can change it whatever you want. Login to your Zimbra server and do:
cd /opt/zimbra/bin su zimbra postconf message_size_limit message_size_limit = 10240000 zmprov modifyConfig zimbraMtaMaxMessageSize 20480000 postfix reload postconf message_size_limit message_size_limit = 20480000 |