Published May 05, 2019 by

Configure Let's Encrypt SSL in Zimbra Mail Server

In this tutorial, we configure let's encrypt SSL in our Zimbra mail server which we have configured in the previous post.

For install ssl in zimbra create file named zimbra-ssl.sh.
 sudo vim zimbra-ssl.sh   
Insert Below script in a zimbra-ssl.sh file and save.
 #!/bin/bash  
   
 # SSL certificate installation in Zimbra  
 # with SSL certificate provided by Let's Encrypt (letsencrypt.org)  
 # Author: Subhash (serverkaka.com)  
   
 # Check if running as root  
 if [ "$(id -u)" != "0" ]; then  
   echo "This script must be run as root" 1>&2  
   exit 1  
 fi  
   
 read -p 'letsencrypt_email [xx@xx.xx]: ' letsencrypt_email  
 read -p 'mail_server_url [xx.xx.xx]: ' mail_server_url  
   
 # Check All variable have a value  
 if [ -z $mail_server_url ] || [ -z $letsencrypt_email ]  
 then  
    echo run script again please insert all value. do not miss any value  
 else  
   
 # Installation start  
 # Stop the jetty or nginx service at Zimbra level  
 su - zimbra -c 'zmproxyctl stop'  
 su - zimbra -c 'zmmailboxdctl stop'  
   
 # Install git and letsencrypt  
 cd /opt/  
 apt-get install git -y  
 git clone https://github.com/letsencrypt/letsencrypt  
 cd letsencrypt  
   
 # Get SSL certificate  
 ./letsencrypt-auto certonly --standalone --non-interactive --agree-tos --email $letsencrypt_email -d $mail_server_url --hsts  
 cd /etc/letsencrypt/live/$mail_server_url  
 cat <<EOF >>chain.pem  
 -----BEGIN CERTIFICATE-----  
 MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/  
 MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT  
 DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow  
 PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD  
 Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB  
 AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O  
 rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq  
 OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b  
 xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw  
 7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD  
 aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV  
 HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG  
 SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69  
 ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr  
 AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz  
 R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5  
 JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo  
 Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ  
 -----END CERTIFICATE-----  
 EOF  
   
 # Verify commercial certificate  
 mkdir /opt/zimbra/ssl/letsencrypt  
 cp /etc/letsencrypt/live/$mail_server_url/* /opt/zimbra/ssl/letsencrypt/  
 chown zimbra:zimbra /opt/zimbra/ssl/letsencrypt/*  
 ls -la /opt/zimbra/ssl/letsencrypt/  
 su - zimbra -c 'cd /opt/zimbra/ssl/letsencrypt/ && /opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem chain.pem'  
   
 # Deploy the new Let's Encrypt SSL certificate  
 cp -a /opt/zimbra/ssl/zimbra /opt/zimbra/ssl/zimbra.$(date "+%Y%m%d")  
 cp /opt/zimbra/ssl/letsencrypt/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key  
 sudo chown zimbra:zimbra /opt/zimbra/ssl/zimbra/commercial/commercial.key  
 su - zimbra -c 'cd /opt/zimbra/ssl/letsencrypt/ && /opt/zimbra/bin/zmcertmgr deploycrt comm cert.pem chain.pem'  
   
 # Restart Zimbra  
 su - zimbra -c 'zmcontrol restart'  
   
 # setting auto https redirect  
 cd /opt && touch https-redirect.sh && chown zimbra:zimbra https-redirect.sh && chmod +x https-redirect.sh  
 cat <<EOF >>/opt/https-redirect.sh  
 zmprov ms $mail_server_url zimbraReverseProxyMailMode redirect  
 EOF  
 su - zimbra -c '/opt/https-redirect.sh'  
 rm /opt/https-redirect.sh  
 fi  
Give execute permission to the zimbra-ssl.sh file
 sudo chmod +x zimbra-ssl.sh  
Finally, now run the zimbra-ssl.sh file
 sudo ./zimbra-ssl.sh  

After successfully script execute, Go to a browser and check https://mail.servrkaka.com/



For more script and installation note check this link: https://github.com/SubhashPatel/Install-Zimbra-mail-server-ubuntu

Read More
Published May 05, 2019 by

Install and Configure Zimbra Mail Server in Ubuntu/Debian

Zimbra Collaboration Suite (ZCS) is a collaborative software suite that includes an email server and web client.

The software consists of both client and server components, and a desktop client. Two versions of Zimbra are available: an open-source version and a commercially supported version ("Network Edition") with closed-source components such as a proprietary Messaging Application Programming Interface connector to Outlook for calendar and contact synchronization.

The ZCS Server uses open source projects such as:
  • Postfix
  • MariaDB (since version 8.5)
  • OpenDKIM (since version 8.0)
  • OpenLDAP
  • Jetty (since version 5)
  • Lucene
  • ClamAV
  • SpamAssassin
  • Amavis (amavisd-new)
  • DSPAM (deprecated starting 8.7)
  • Aspell
  • nginx (since 5.0)
Prerequisite:

2 GHz 64 bit CPU
Minimum 8 GB RAM
Minimum 10 GB disk

Configure Hostname

Edit /etc/hosts and add the line 192.168.0.25 mail.serverkaka.com mail. Change 192.168.0.25 with the Local IP you want to use.
 root@mail:~# cat /etc/hosts  
 127.0.0.1 localhost  
 192.168.0.25 mail.serverkaka.com mail  
Also edit /etc/hostname and the line 'mail'
 root@mail:~# cat /etc/hostname  
 mail  
Reboot the system and test the FQDN of your server with the command hostname -f and hostname.
 root@mail:~# hostname -f   
 mail.serverkaka.com  
 root@mail:~# hostname   
 mail  
DNS Setup Before Install

Before Zimbra installation, we have to set up DNS configuration (A record and MX Record).

A Record
TypeHostPoints toTTL
Amail34.73.91.191 Hour
MX Record
TypeHostPoints toPriorityTTL
MX@mail.serverkaka.com101 Hour
Don't forget to change above value with actual value.

Zimbra Server Installation

For Install  Zimbra mail server Create a file named Zimbra.sh
 sudo vim zimbra.sh  
Insert Below script in a Zimbra.sh file and save.
 #!/bin/bash -x  
   
 # Zimbra mail server installation in Ubuntu 14.04 and 16.04  
 # Author: Subhash (serverkaka.com)  
   
 # Check if running as root  
 if [ "$(id -u)" != "0" ]; then  
   echo "This script must be run as root" 1>&2  
   exit 1  
 fi  
   
 ## Preparing all the variables like IP, Hostname, etc, all of them from the server  
 RANDOMHAM=$(date +%s|sha256sum|base64|head -c 10)  
 RANDOMSPAM=$(date +%s|sha256sum|base64|head -c 10)  
 RANDOMVIRUS=$(date +%s|sha256sum|base64|head -c 10)  
 HOSTNAME=$(hostname -s)  
   
 ##Install a DNS Server  
 sudo apt-get update && sudo apt-get install -y bind9 bind9utils bind9-doc  
 echo "Installing Bind DNS Server"  
 sed "s/-u/-4 -u/g" /etc/default/bind9 > /etc/default/bind9.new  
 mv /etc/default/bind9.new /etc/default/bind9  
 rm /etc/bind/named.conf.options  
 cat <<EOF >>/etc/bind/named.conf.options  
 options {  
 directory "/var/cache/bind";  
 listen-on { $2; }; # ns1 private IP address - listen on private network only  
 allow-transfer { none; }; # disable zone transfers by default  
 forwarders {  
 8.8.8.8;  
 8.8.4.4;  
 };  
 auth-nxdomain no; # conform to RFC1035  
 #listen-on-v6 { any; };  
 };  
 EOF  
 cat <<EOF >>/etc/bind/named.conf.local  
 zone "$1" {  
     type master;  
     file "/etc/bind/db.$1";  
 };  
 EOF  
 touch /etc/bind/db.$1  
 cat <<EOF >/etc/bind/db.$1  
 \$TTL 604800  
 @   IN   SOA  ns1.$1. root.localhost. (  
                 2    ; Serial  
             604800    ; Refresh  
             86400    ; Retry  
             2419200    ; Expire  
             604800 )   ; Negative Cache TTL  
   ;  
   @   IN   NS   ns1.$1.  
   @   IN   A   $2  
   @   IN   MX   10   $HOSTNAME.$1.  
   $HOSTNAME   IN   A   $2  
   ns1   IN   A   $2  
   mail   IN   A   $2  
   pop3   IN   A   $2  
   imap   IN   A   $2  
   imap4   IN   A   $2  
   smtp   IN   A   $2  
 EOF  
 sudo service bind9 restart  
   
 ##Preparing the config files to inject  
 echo "Creating the Scripts files"  
 mkdir /tmp/zcs && cd /tmp/zcs  
 touch /tmp/zcs/installZimbraScript  
 cat <<EOF >/tmp/zcs/installZimbraScript  
 AVDOMAIN="$1"  
 AVUSER="admin@$1"  
 CREATEADMIN="admin@$1"  
 CREATEADMINPASS="$3"  
 CREATEDOMAIN="$1"  
 DOCREATEADMIN="yes"  
 DOCREATEDOMAIN="yes"  
 DOTRAINSA="yes"  
 EXPANDMENU="no"  
 HOSTNAME="$HOSTNAME.$1"  
 HTTPPORT="8080"  
 HTTPPROXY="TRUE"  
 HTTPPROXYPORT="80"  
 HTTPSPORT="8443"  
 HTTPSPROXYPORT="443"  
 IMAPPORT="7143"  
 IMAPPROXYPORT="143"  
 IMAPSSLPORT="7993"  
 IMAPSSLPROXYPORT="993"  
 INSTALL_WEBAPPS="service zimlet zimbra zimbraAdmin"  
 JAVAHOME="/opt/zimbra/common/lib/jvm/java"  
 LDAPAMAVISPASS="$3"  
 LDAPPOSTPASS="$3"  
 LDAPROOTPASS="$3"  
 LDAPADMINPASS="$3"  
 LDAPREPPASS="$3"  
 LDAPBESSEARCHSET="set"  
 LDAPDEFAULTSLOADED="1"  
 LDAPHOST="$HOSTNAME.$1"  
 LDAPPORT="389"  
 LDAPREPLICATIONTYPE="master"  
 LDAPSERVERID="2"  
 MAILBOXDMEMORY="512"  
 MAILPROXY="TRUE"  
 MODE="https"  
 MYSQLMEMORYPERCENT="30"  
 POPPORT="7110"  
 POPPROXYPORT="110"  
 POPSSLPORT="7995"  
 POPSSLPROXYPORT="995"  
 PROXYMODE="https"  
 REMOVE="no"  
 RUNARCHIVING="no"  
 RUNAV="yes"  
 RUNCBPOLICYD="no"  
 RUNDKIM="yes"  
 RUNSA="yes"  
 RUNVMHA="no"  
 SERVICEWEBAPP="yes"  
 SMTPDEST="admin@$1"  
 SMTPHOST="$HOSTNAME.$1"  
 SMTPNOTIFY="yes"  
 SMTPSOURCE="admin@$1"  
 SNMPNOTIFY="yes"  
 SNMPTRAPHOST="$HOSTNAME.$1"  
 SPELLURL="http://$HOSTNAME.$1:7780/aspell.php"  
 STARTSERVERS="yes"  
 SYSTEMMEMORY="3.8"  
 TRAINSAHAM="ham.$RANDOMHAM@$1"  
 TRAINSASPAM="spam.$RANDOMSPAM@$1"  
 UIWEBAPPS="yes"  
 UPGRADE="yes"  
 USEKBSHORTCUTS="TRUE"  
 USESPELL="yes"  
 VERSIONUPDATECHECKS="TRUE"  
 VIRUSQUARANTINE="virus-quarantine.$RANDOMVIRUS@$1"  
 ZIMBRA_REQ_SECURITY="yes"  
 ldap_bes_searcher_password="$3"  
 ldap_dit_base_dn_config="cn=zimbra"  
 ldap_nginx_password="$3"  
 ldap_url="ldap://$HOSTNAME.$1:389"  
 mailboxd_directory="/opt/zimbra/mailboxd"  
 mailboxd_keystore="/opt/zimbra/mailboxd/etc/keystore"  
 mailboxd_keystore_password="$3"  
 mailboxd_server="jetty"  
 mailboxd_truststore="/opt/zimbra/common/lib/jvm/java/jre/lib/security/cacerts"  
 mailboxd_truststore_password="changeit"  
 postfix_mail_owner="postfix"  
 postfix_setgid_group="postdrop"  
 ssl_default_digest="sha256"  
 zimbraDNSMasterIP=""  
 zimbraDNSTCPUpstream="no"  
 zimbraDNSUseTCP="yes"  
 zimbraDNSUseUDP="yes"  
 zimbraDefaultDomainName="$1"  
 zimbraFeatureBriefcasesEnabled="Enabled"  
 zimbraFeatureTasksEnabled="Enabled"  
 zimbraIPMode="ipv4"  
 zimbraMailProxy="FALSE"  
 zimbraMtaMyNetworks="127.0.0.0/8 $2/32 [::1]/128 [fe80::]/64"  
 zimbraPrefTimeZoneId="America/Los_Angeles"  
 zimbraReverseProxyLookupTarget="TRUE"  
 zimbraVersionCheckInterval="1d"  
 zimbraVersionCheckNotificationEmail="admin@$1"  
 zimbraVersionCheckNotificationEmailFrom="admin@$1"  
 zimbraVersionCheckSendNotifications="TRUE"  
 zimbraWebProxy="FALSE"  
 zimbra_ldap_userdn="uid=zimbra,cn=admins,cn=zimbra"  
 zimbra_require_interprocess_security="1"  
 zimbra_server_hostname="$HOSTNAME.$1"  
 INSTALL_PACKAGES="zimbra-core zimbra-ldap zimbra-logger zimbra-mta zimbra-snmp zimbra-store zimbra-apache zimbra-spell zimbra-memcached zimbra-proxy"  
 EOF  
   
 touch /tmp/zcs/installZimbra-keystrokes  
 cat <<EOF >/tmp/zcs/installZimbra-keystrokes  
 y  
 y  
 y  
 y  
 y  
 n  
 y  
 y  
 y  
 y  
 y  
 y  
 y  
 n  
 y  
 y  
 EOF  
   
 ## Install Zimbra Mail Server  
 if [[ `lsb_release -rs` == "16.04" ]]; then  
      echo "Downloading Zimbra Collaboration 8.8.10 for Ubuntu 16.04"  
      wget https://files.zimbra.com/downloads/8.8.10_GA/zcs-8.8.10_GA_3039.UBUNTU16_64.20180928094617.tgz  
      tar xzvf zcs-*  
      echo "Installing Zimbra Collaboration just the Software"  
      cd /tmp/zcs/zcs-* && ./install.sh -s < /tmp/zcs/installZimbra-keystrokes  
      echo "Installing Zimbra Collaboration injecting the configuration"  
      /opt/zimbra/libexec/zmsetup.pl -c /tmp/zcs/installZimbraScript  
 fi  
 if [[ `lsb_release -rs` == "14.04" ]]; then  
      echo "Downloading Zimbra Collaboration 8.8.10 for Ubuntu 16.04"  
      wget https://files.zimbra.com/downloads/8.8.10_GA/zcs-8.8.10_GA_3039.UBUNTU14_64.20180928094617.tgz  
      tar xzvf zcs-*  
      echo "Installing Zimbra Collaboration just the Software"  
      cd /tmp/zcs/zcs-* && ./install.sh -s < /tmp/zcs/installZimbra-keystrokes  
      echo "Installing Zimbra Collaboration injecting the configuration"  
      /opt/zimbra/libexec/zmsetup.pl -c /tmp/zcs/installZimbraScript  
 fi  
   
 ## Restart Zimbra  
 su - zimbra -c 'zmcontrol restart'  
   
 ## Add Crontab for server autostart at startup or reboot   
 cat <(crontab -l) <(echo "@reboot su - zimbra -c 'zmcontrol start'") | crontab -  
   
 echo "You can access now to your Zimbra Collaboration Server"  
 echo "Admin Console: https://"$2":7071"  
 echo "Web Client: https://"$2  
Give execute permission to Zimbra.sh file
 sudo chmod +x zimbra.sh  
Finally, now run the Zimbra.sh file with parameter your domain name, machine Local IP and Admin Password.
 sudo ./zimbra.sh serverkaka.com 192.168.0.25 Zimbra123  
Now sit back and Relax, it will take time up to 30 minutes, depending on your internet and machine speed.

After Successfully script executed below is Access Zimbra Admin Portal & Web Mail Client.

To access Zimbra Mail Web Client, type the following URL in the browser
https://mail.serverkaka.com/



To access the Zimbra Admin Portal, type below URL in Web Browser
https://mail.serverkaka.com:7071/



Below Ports should be open in firewall for Zimbra access from external:
HTTP80
HTTPS443
POP3110
SMTP25
SMTP587
POP3S (Secure POP3)995
IMAP143
IMAPS (Secure IMAP)993

Read More