Zimbra Setups
adduser rhouser
passwd rhouser
yum update -y ; reboot
yum -y install which openssh openssh-server openssh-clients openssl-libs nano rsync unzip net-tools NetworkManager-tui sysstat perl-core libaio nmap-ncat libstdc++.so.6 wget tar bind-utils -y
yum install psmisc
#Install and configure firewall-cmd
hostnamectl set-hostname "mail.rhomicom.com"
exec bash
# nano /etc/hosts
# 192.168.0.108 mail.rhomicom.com mail
echo 'mail.rhomicom.com' > /etc/hostname
echo '127.0.0.1 mail.rhomicom.com mail' >> /etc/hosts
hostname mail.rhomicom.com
hostname --fqdn
# Do all DNS settings and MX records on Domain Registrar's DNS
dig -t A mail.rhomicom.com
dig -t MX rhomicom.com
#Install Let'sencrypt CentOS7
yum install epel-release
yum install certbot
wget https://files.zimbra.com/downloads/8.8.10_GA/zcs-8.8.10_GA_3039.RHEL7_64.20180928094617.tgz --no-check-certificate
tar zxpvf zcs-8.8.10_GA_3039.RHEL7_64.20180928094617.tgz
cd zcs-8.8.10_GA_3039.RHEL7_64.20180928094617
./install.sh
#Answer Y to all options
# Answer Yes to Create Domain
# enter domain rhomicom.com
# enter MX mail.rhomicom.com
# Unconfigured Modules, Choose 7
# Choose 4 to set admin password
# choose r to go back
# choose a to apply all settings
# Wait for system to complete configuration and login
su - zimbra -c "zmcontrol start"
su - zimbra -c "zmcontrol stop"
su - zimbra -c "zmcontrol status"
su - zimbra -c "zmcontrol restart"
Uninstall
cd /root/zimbra/zcs-8.8.10_GA_3039.RHEL7_64.20180928094617 zcs-8.8.10_GA_3039.RHEL7_64.20180928094617]# ./install.sh -u
Move from Old to New Server
# On Old Server tar -czvf zimbkp29Aug2021-17-39.tar.gz /opt/zimbra/ # On New Server # Install Same version of ZCS rsync -avH [email protected]:/home/rhouser/*.t*z --progress --human-readable /home/rhouser tar -xzvf zimbkp29Aug2021-17-39.tar.gz mv /opt/zimbra /home mv opt/zimbra /opt /opt/zimbra/libexec/zmfixperms -e -v # as root postfix check #temporarily switch to self-signed cert to avoid some SSL/TLS errors /opt/zimbra/bin/zmcertmgr createcrt -new -days 3650 /opt/zimbra/bin/zmcertmgr deploycrt self # Alternatively you may disable TLS Connections temporarily su - zimbra zmlocalconfig -e ssl_allow_untrusted_certs=true zmlocalconfig -e ldap_starttls_supported=0 zmlocalconfig -e ldap_starttls_required=false zmlocalconfig -e ldap_common_require_tls=0 zmcontrol restart #Validate LDAP Configuration su - zimbra zmcontrol stop zmlocalconfig -s ldap_root_password /opt/zimbra/common/sbin/slappasswd -s Y0uRP4S5w0Rd #sample output - {SSHA}SXzTa82PbLST97854mZOp746PBLA2378 cd /opt/zimbra/data/ldap/config/cn=config vi olcDatabase={0}config.ldif #CHange olcRootPW:: e1NTSEE112123gblVeVJ2UjU3UE1512312366jjkj128080as2bDQ5eVgxNXhWSlFPUWhTQmxhQ1d4L1RaNWdsdVRsWWJyRXJDcTA4V0Y0YVRYOE5ma23451wR3A1QytBZUZocEZ1 # to olcRootPw: {SSHA}SXzTa82PbLST97854mZOp746PBLA2378 zmcontrol start # or reboot PC # and re-run zcs install ./install.sh # Enable TLS Connections after install if they were disabled su - zimbra zmlocalconfig -e ssl_allow_untrusted_certs=true zmlocalconfig -e ldap_starttls_supported=1 zmlocalconfig -e ldap_starttls_required=true zmlocalconfig -e ldap_common_require_tls=1 zmcontrol restart
Install Letsencrypt Cert Zimbra
sudo certbot --version
sudo su - zimbra -c "zmproxyctl stop"
sudo su - zimbra -c "zmmailboxdctl stop"
export EMAIL="[email protected]"
certbot certonly --standalone -d mail.rhomicom.com --preferred-challenges http --agree-tos -n -m $EMAIL --keep-until-expiring
ls -lh /etc/letsencrypt/live/mail.rhomicom.com/
sudo mkdir /opt/zimbra/ssl/letsencrypt #NOT NEEDED IN RENEWAL
CERTPATH=/etc/letsencrypt/live/mail.rhomicom.com
sudo \cp -rf $CERTPATH/* /opt/zimbra/ssl/letsencrypt/
ls /opt/zimbra/ssl/letsencrypt/
cat $CERTPATH/chain.pem | sudo tee /opt/zimbra/ssl/letsencrypt/zimbra_chain.pem
cat /opt/zimbra/ssl/letsencrypt/zimbra_chain.pem
#ADD THE LETSENCRYPT CERT
sudo tee -a /opt/zimbra/ssl/letsencrypt/zimbra_chain.pem<<EOF
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----
EOF
cat /opt/zimbra/ssl/letsencrypt/zimbra_chain.pem
sudo chown -R zimbra:zimbra /opt/zimbra/ssl/letsencrypt/
ls -lha /opt/zimbra/ssl/letsencrypt/
sudo chown -R zimbra:zimbra /opt/zimbra/ssl/letsencrypt/
sudo chown -R zimbra:zimbra /etc/letsencrypt/
cd /opt/zimbra/ssl/letsencrypt
ls -halt
ln -sf /etc/letsencrypt/live/mail.rhomicom.com/cert.pem cert.pem
ln -sf /etc/letsencrypt/live/mail.rhomicom.com/chain.pem chain.pem
ln -sf /etc/letsencrypt/live/mail.rhomicom.com/fullchain.pem fullchain.pem
ln -sf /etc/letsencrypt/live/mail.rhomicom.com/privkey.pem privkey.pem
ls -halt
cat cert.pem
sudo chown -R zimbra:zimbra /opt/zimbra/ssl/letsencrypt/
sudo su - zimbra -c '/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/letsencrypt/privkey.pem /opt/zimbra/ssl/letsencrypt/cert.pem /opt/zimbra/ssl/letsencrypt/zimbra_chain.pem'
sudo cp -a /opt/zimbra/ssl/zimbra /opt/zimbra/ssl/zimbra.$(date "+%Y%.m%.d-%H.%M")
sudo cp /opt/zimbra/ssl/letsencrypt/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key
sudo chown zimbra:zimbra /opt/zimbra/ssl/zimbra/commercial/commercial.key
sudo su - zimbra -c '/opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/ssl/letsencrypt/cert.pem /opt/zimbra/ssl/letsencrypt/zimbra_chain.pem'
sudo su - zimbra -c "zmcontrol restart"
SSH Errors on Zimbra Monitor Message Queue
#Regenerating Keys
#To regenerate the ssh keys, on all hosts (as the zimbra user):
zmsshkeygen
#To deploy the keys, on all hosts (as the zimbra user):
zmupdateauthkeys
#Verifying sshd configuration
#The authentication method assumes that sshd on the mta is running on port 22, and that RSA Authentication is enabled. You can test the ssh command with:
ssh -i .ssh/zimbra_identity -o strictHostKeyChecking=no [email protected]
#You should NOT be prompted for a password; if you are, recreate the ssh keys and retry the test.
#If you're not running sshd on port 22, modify the zimbraRemoteManagementPort attribute on the server:
zmprov ms MAIL.DOMAIN.COM zimbraRemoteManagementPort 2222
#Verify in /etc/sshd_config (or /etc/ssh/sshd_config) that the zimbra user is an allow user
#AllowUsers admin zimbra
Other Zimbra Know-hows
#Redirect http to https su - zimbra zmprov ms `zmhostname` zimbraReverseProxyMailMode redirect zmproxyctl restart su - zimbra -c "postqueue -p"
Zimbra Network Settings
ip a show eth0 nano /etc/resolv.conf chattr +i /etc/resolv.conf ## reverse this using -> chattr -i /etc/resolv.conf sudo systemctl restart NetworkManager.service /etc/init.d/network restart
- vi /etc/dhcp/dhclient-enter-hooks.d/nodnsupdate
OR vi /etc/dhclient-enter-hooks
Append following code:
- !/bin/sh
make_resolv_conf(){ : } Save and close the file. Set permissions using the chmod command:
- chmod +x /etc/dhcp/dhclient-enter-hooks.d/nodnsupdate
/etc/dhclient-enter-hooks