Zimbra Setups

From Rhomicom Wiki
Jump to navigation Jump to search
 adduser rhouser
 passwd rhouser
 
 yum update -y ; reboot
 yum -y install which openssh openssh-server openssh-clients openssl-libs nano rsync unzip net-tools NetworkManager-tui sysstat perl-core libaio nmap-ncat libstdc++.so.6 wget tar bind-utils -y 
 yum install psmisc 
 #Install and configure firewall-cmd
 hostnamectl set-hostname "mail.rhomicom.com"
 exec bash
# nano /etc/hosts
# 192.168.0.108 mail.rhomicom.com mail

echo 'mail.rhomicom.com' > /etc/hostname
echo '127.0.0.1 mail.rhomicom.com mail' >> /etc/hosts
hostname mail.rhomicom.com
hostname --fqdn

# Do all DNS settings and MX records on Domain Registrar's DNS
dig -t A mail.rhomicom.com
dig -t MX rhomicom.com

#Install Let'sencrypt CentOS7
yum install epel-release
yum install certbot

wget https://files.zimbra.com/downloads/8.8.10_GA/zcs-8.8.10_GA_3039.RHEL7_64.20180928094617.tgz --no-check-certificate
tar zxpvf zcs-8.8.10_GA_3039.RHEL7_64.20180928094617.tgz
cd zcs-8.8.10_GA_3039.RHEL7_64.20180928094617

./install.sh
#Answer Y to all options
# Answer Yes to Create Domain 
# enter domain rhomicom.com
# enter MX mail.rhomicom.com
# Unconfigured Modules, Choose 7
# Choose 4 to set admin password
# choose r to go back
# choose a to apply all settings
# Wait for system to complete configuration and login
su - zimbra -c "zmcontrol start"
su - zimbra -c "zmcontrol stop"
su - zimbra -c "zmcontrol status"
su - zimbra -c "zmcontrol restart"

Uninstall

 cd /root/zimbra/zcs-8.8.10_GA_3039.RHEL7_64.20180928094617
 zcs-8.8.10_GA_3039.RHEL7_64.20180928094617]# ./install.sh -u

Move from Old to New Server

 # On Old Server
 tar -czvf zimbkp29Aug2021-17-39.tar.gz /opt/zimbra/
 # On New Server
 # Install Same version of ZCS
 rsync -avH [email protected]:/home/rhouser/*.t*z --progress --human-readable /home/rhouser
 tar -xzvf zimbkp29Aug2021-17-39.tar.gz
 mv /opt/zimbra /home
 mv opt/zimbra /opt
 /opt/zimbra/libexec/zmfixperms -e -v  # as root
 postfix check
 #temporarily switch to self-signed cert to avoid some SSL/TLS errors
 /opt/zimbra/bin/zmcertmgr createcrt -new -days 3650
 /opt/zimbra/bin/zmcertmgr deploycrt self
 # Alternatively you may disable TLS Connections temporarily
 su - zimbra 
 zmlocalconfig -e ssl_allow_untrusted_certs=true 
 zmlocalconfig -e ldap_starttls_supported=0
 zmlocalconfig -e ldap_starttls_required=false
 zmlocalconfig -e ldap_common_require_tls=0
 zmcontrol restart
 #Validate LDAP Configuration
  su - zimbra
  zmcontrol stop
  zmlocalconfig -s ldap_root_password
  /opt/zimbra/common/sbin/slappasswd -s Y0uRP4S5w0Rd
  #sample output - {SSHA}SXzTa82PbLST97854mZOp746PBLA2378
  cd /opt/zimbra/data/ldap/config/cn=config
  vi olcDatabase={0}config.ldif
  #CHange olcRootPW:: e1NTSEE112123gblVeVJ2UjU3UE1512312366jjkj128080as2bDQ5eVgxNXhWSlFPUWhTQmxhQ1d4L1RaNWdsdVRsWWJyRXJDcTA4V0Y0YVRYOE5ma23451wR3A1QytBZUZocEZ1
  # to  olcRootPw: {SSHA}SXzTa82PbLST97854mZOp746PBLA2378
  zmcontrol start
  # or reboot PC
  # and re-run zcs install
  ./install.sh
# Enable TLS Connections after install if they were disabled
su - zimbra 
zmlocalconfig -e ssl_allow_untrusted_certs=true 
zmlocalconfig -e ldap_starttls_supported=1
zmlocalconfig -e ldap_starttls_required=true
zmlocalconfig -e ldap_common_require_tls=1
zmcontrol restart

Install Letsencrypt Cert Zimbra

sudo certbot --version
sudo su - zimbra -c "zmproxyctl stop"
sudo su - zimbra -c "zmmailboxdctl stop"
export EMAIL="[email protected]"
certbot certonly --standalone   -d mail.rhomicom.com   --preferred-challenges http   --agree-tos   -n   -m $EMAIL   --keep-until-expiring
ls -lh /etc/letsencrypt/live/mail.rhomicom.com/

sudo mkdir /opt/zimbra/ssl/letsencrypt  #NOT NEEDED IN RENEWAL

CERTPATH=/etc/letsencrypt/live/mail.rhomicom.com
sudo \cp -rf $CERTPATH/* /opt/zimbra/ssl/letsencrypt/
ls /opt/zimbra/ssl/letsencrypt/
cat $CERTPATH/chain.pem | sudo tee /opt/zimbra/ssl/letsencrypt/zimbra_chain.pem
cat /opt/zimbra/ssl/letsencrypt/zimbra_chain.pem

#ADD THE LETSENCRYPT CERT
sudo tee -a /opt/zimbra/ssl/letsencrypt/zimbra_chain.pem<<EOF
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----
EOF

cat /opt/zimbra/ssl/letsencrypt/zimbra_chain.pem
sudo chown -R zimbra:zimbra /opt/zimbra/ssl/letsencrypt/
ls -lha /opt/zimbra/ssl/letsencrypt/
sudo chown -R zimbra:zimbra /opt/zimbra/ssl/letsencrypt/
sudo chown -R zimbra:zimbra /etc/letsencrypt/
cd /opt/zimbra/ssl/letsencrypt
ls -halt
ln -sf /etc/letsencrypt/live/mail.rhomicom.com/cert.pem cert.pem
ln -sf /etc/letsencrypt/live/mail.rhomicom.com/chain.pem chain.pem
ln -sf /etc/letsencrypt/live/mail.rhomicom.com/fullchain.pem fullchain.pem
ln -sf /etc/letsencrypt/live/mail.rhomicom.com/privkey.pem privkey.pem
ls -halt
cat cert.pem
sudo chown -R zimbra:zimbra /opt/zimbra/ssl/letsencrypt/
sudo su - zimbra -c '/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/letsencrypt/privkey.pem /opt/zimbra/ssl/letsencrypt/cert.pem /opt/zimbra/ssl/letsencrypt/zimbra_chain.pem'
sudo cp -a /opt/zimbra/ssl/zimbra /opt/zimbra/ssl/zimbra.$(date "+%Y%.m%.d-%H.%M")
sudo cp /opt/zimbra/ssl/letsencrypt/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key
sudo chown zimbra:zimbra /opt/zimbra/ssl/zimbra/commercial/commercial.key
sudo su - zimbra -c '/opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/ssl/letsencrypt/cert.pem /opt/zimbra/ssl/letsencrypt/zimbra_chain.pem'
sudo su - zimbra -c "zmcontrol restart"

SSH Errors on Zimbra Monitor Message Queue

#Regenerating Keys
#To regenerate the ssh keys, on all hosts (as the zimbra user):
 zmsshkeygen
#To deploy the keys, on all hosts (as the zimbra user):
 zmupdateauthkeys
#Verifying sshd configuration
#The authentication method assumes that sshd on the mta is running on port 22, and that RSA Authentication is enabled. You can test the ssh command with:
 ssh -i .ssh/zimbra_identity -o strictHostKeyChecking=no [email protected]
#You should NOT be prompted for a password; if you are, recreate the ssh keys and retry the test.
#If you're not running sshd on port 22, modify the zimbraRemoteManagementPort attribute on the server:
zmprov ms MAIL.DOMAIN.COM zimbraRemoteManagementPort 2222
#Verify in /etc/sshd_config (or /etc/ssh/sshd_config) that the zimbra user is an allow user
#AllowUsers admin zimbra

Other Zimbra Know-hows

 #Redirect http to https
 su - zimbra
 zmprov ms `zmhostname` zimbraReverseProxyMailMode redirect
 zmproxyctl restart
 su - zimbra -c "postqueue -p"

Zimbra Network Settings

 ip a show eth0
 nano /etc/resolv.conf
 chattr +i /etc/resolv.conf ## reverse this using -> chattr -i /etc/resolv.conf
 sudo systemctl restart NetworkManager.service
 /etc/init.d/network restart
  1. vi /etc/dhcp/dhclient-enter-hooks.d/nodnsupdate

OR vi /etc/dhclient-enter-hooks

Append following code:

  1. !/bin/sh

make_resolv_conf(){ : } Save and close the file. Set permissions using the chmod command:

  1. chmod +x /etc/dhcp/dhclient-enter-hooks.d/nodnsupdate

/etc/dhclient-enter-hooks