Pre-requisites
To use this guide, you should:
- Have Installed Ubuntu 18.04 server
- Have ssh access to the user – user with sudo privileges
- Have DNS server – Dnsmasq should be fine
The recommended system requirements for a Zimbra server which support up to 50 users are:
- 4 vCPU or more depending on your available resources
- 8 GB RAM or more
- 50 GB available disk space
- DNS Server
Follow steps below to install and configure Zimbra Collaboration server on your Ubuntu 18.04 server.
Step 1: First things first
First of all, update the Ubuntu server:
# sudo apt-get update
# sudo apt-get upgrade
# sudo apt-get dist-upgradeInstall necessary dependencies:
# sudo apt-get install build-essentialStep 2: Configure DNS Server (BIND)
Please note that a separate DNS server is more ideal.
You shouldn’t use single system for both DNS and Zimbra servers.
Add the proper MX records in your DNS server.
Install BIND9
# sudo apt-get install bind9 bind9utilsOptional!! Downloading the DNS Root Servers List
# cd /etc/bind
Download the latest list of the DNS root servers to the /etc/bind/db.root file:
# sudo wget -q -O /etc/bind/db.root https://www.internic.net/zones/named.root
Enable the BIND user to read the root servers list:
# sudo chown bind:bind /etc/bind/db.root
# sudo chmod 640 /etc/bind/db.root
Optionally, set up a Cron job to automatically update the file.Configure /etc/bind/named.conf
# sudo nano /etc/bind/named.conf
--start--
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
--end--Configure /etc/bind/named.conf.options
# sudo nano /etc/bind/named.conf.options
--start--
options {
directory "/var/cache/bind";
notify no;
empty-zones-enable no;
# Adding this Samba generated file will allow for automatic DDNS updates
# To enable dynamic DNS updates using Kerberos
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
# IP addresses and network ranges allowed to query the DNS server:
# allowed users
allow-query {
10.10.40.0/24;
10.10.29.0/24;
localhost;
};
# IP addresses and network ranges allowed to run recursive queries:
# (Zones not served by this DNS server)
# allowed users
allow-recursion {
10.10.40.0/24;
10.10.29.0/24;
localhost;
};
# Forward queries that can not be answered from own zones
# to these DNS servers:
forwarders {
8.8.8.8;
8.8.4.4;
};
# Disable zone transfers
allow-transfer {
none;
};
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
#If auth-nxdomain is 'yes' allows the server to answer authoritatively (the AA bit is set)
#when returning NXDOMAIN (domain does not exist) answers, if 'no' (the default) the
#server will not answer authoritatively.
listen-on-v6 { any; };
};
--end--What is PTR Record?
PTR records are used for the Reverse DNS (Domain Name System) lookup.
Using the IP address you can get the associated domain/hostname.
An A record should exist for every PTR record.
The usage of a reverse DNS setup for a mail server is a good solution.
While in the domain DNS zone the hostname is pointed to an IP address,
using the reverse zone allows to point an IP address to a hostname.
In the Reverse DNS zone, you need to use a PTR Record.
The PTR Record resolves the IP address to a domain/hostname.
Why you need a PTR records?
PTR records provides trust that the given hostname or a domain are
connected to the IP address. The PTR records are
must have for outgoing mail servers,
because most of the mail providers reject or
mark as spam messages received by mail servers without
valid reverse dns configuration
(missing PTR or missmatch A record for the hostname).
Configure /etc/bind/named.conf.local
Add zone for mail server (local zone - pre migration)
# sudo nano /etc/bind/named.conf.local
--start--
zone "bc.com" {
type master;
file "/etc/bind/forward.bc.com";
};
zone "29.10.10.in-addr.arpa" {
type master;
file "/etc/bind/reverse.bc.com";
};
--end--Create bc.com forward zone file
# sudo nano /etc/bind/forward.bc.com
--start--
$TTL 3D
@ IN SOA mail.bc.com. hostmaster.mail.bc.com. (
20190107 ; serial
8H ; refresh
2H ; retry
4W ; expiry
1D ; minimum
)
;Name Server Information
@ IN NS mail.bc.com.
;IP address of Your Domain Name Server(DNS)
mail IN A 10.10.29.60
;Mail Server MX (Mail exchanger) Record
bc.com. IN MX 10 mail.bc.com.
--end--
Enable the BIND user to read the zone file:
# sudo chown bind:bind /etc/bind/forward.bc.com
# sudo chmod 640 /etc/bind/forward.bc.comCreate bc.com reverse zone file
# sudo nano /etc/bind/reverse.bc.com
---
$TTL 3D
@ IN SOA mail.bc.com. hostmaster.mail.bc.com. (
20190107 ; Serial
8H ; Refresh
2H ; Retry
4W ; Expire
1D ; Minimum TTL
)
;Your Name Server Info
@ IN NS mail.bc.com.
mail IN A 10.10.29.60
;Reverse Lookup for Your DNS Server
60 IN PTR mail.bc.com.
---
Enable the BIND user to read the zone file:
# sudo chown bind:bind /etc/bind/reverse.bc.com
# sudo chmod 640 /etc/bind/reverse.bc.comConfigure /etc/bind/named.conf.default-zones
Use default
# sudo systemctl restart bind9Test named conf
# sudo named-checkconf /etc/bind/named.conf.local
# sudo named-checkzone bc.com /etc/bind/forward.bc.com
zone bc.com/IN: loaded serial 20190107
OK
# sudo named-checkzone bc.com /etc/bind/reverse.bc.com
zone bc.com/IN: loaded serial 20190107
OK
----If error permission, check permission, so it can accessed by bind user---------
/etc/bind/db.root
/etc/bind/db.0.0.127
/etc/bind/db.local
/etc/bind/db.127
/etc/bind/db.0
/etc/bind/db.255Step 3: Test DNS Setting at Zimbra Server Side
Go back to your Zimbra server and test the DNS server settings
# nslookup mail.bc.com
Sample output:
Server: 10.10.29.50
Address: 10.10.29.50#53
Name: mail.bc.com
Address: 10.10.29.50
If you an output something like above, it’s good to go.
* Try restart mail server if nslookup not working
# dig mail.bc.com any
# host -a mail.bc.com
# host -a mail.google.comStep 4: Prepare Zimbra Server
Edit /etc/hosts/ file, and add FQDN (fully qualified domain name) of your Ubuntu server
# sudo nano /etc/hosts
--start--
10.10.29.60 mail.bc.com mail
---
10.10.29.60 mail.bc.com mail
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
--end--Add the DNS server IP address in your Ubuntu server’s network configuration file
# sudo nano /etc/netplan/50-cloud-init.yaml
--start--
dns-nameservers 10.10.29.60
---
network:
ethernets:
ens18:
addresses:
- 10.10.29.60/24
gateway4: 10.10.29.254
nameservers:
addresses:
- 10.10.29.60
- 8.8.8.8
version: 2
--end--Edit /etc/resolv.conf file, and add DNS server IP address
Stop system resolved, so etc/resolve.conf become static
# sudo systemctl stop systemd-resolved
# sudo systemctl disable systemd-resolved
Remove the link of resolv.conf
# sudo ls -l /etc/resolv.conf
--start--
lrwxrwxrwx 1 root root 29 Feb 19 09:15 /etc/resolv.conf -> ../run/resolvconf/resolv.conf
--end--
# sudo rm /etc/resolv.conf
Create new one /etc/resolv.conf
# sudo nano /etc/resolv.conf
---
nameserver 10.10.29.60
nameserver 8.8.8.8
---Step 5: Install Zimbra
Download the latest ZCS from the following location depending upon the distribution you use.
# wget https://files.zimbra.com/downloads/8.8.15_GA/zcs-8.8.15_GA_3869.UBUNTU18_64.20190918004220.tgz
Once downloaded, extract it
# tar xvfz zcs-*
Go to the extracted folder
# cd zcs-*
Now, start the deploying Zimbra collaboration suite using command:
# sudo ./install.sh
Type “Y” and press ENTER to accept the license agreement.
Zimbra installer will ask you a series of yes or no type questions throughout the installation.
Just read and answer them accordingly.
Press Y to add Zimbra package repository.
---
Checking for installable packages
Found zimbra-core
Found zimbra-ldap
Found zimbra-logger
Found zimbra-mta
Found zimbra-dnscache
Found zimbra-snmp
Found zimbra-store
Found zimbra-apache
Found zimbra-spell
Found zimbra-memcached
Found zimbra-proxy
Use Zimbra's package repository [Y] ## Press ENTER
---
Next, you need to select Zimbra Packages you want to install. The installer will display the packages one by one.
Just press ENTER to install the package of your choice.
For the purpose of this tutorial, I am going to install all components.
---
Select the packages to install
Install zimbra-ldap [Y]
Install zimbra-logger [Y]
Install zimbra-mta [Y]
Install zimbra-dnscache [Y]
Install zimbra-snmp [Y]
Install zimbra-store [Y]
Install zimbra-apache [Y]
Install zimbra-spell [Y]
Install zimbra-memcached [Y]
Type “Y” and press ENTER to install the selected packages.
---
Installing:
zimbra-core
zimbra-ldap
zimbra-logger
zimbra-mta
zimbra-dnscache
zimbra-snmp
zimbra-store
zimbra-apache
zimbra-spell
zimbra-memcached
zimbra-proxy
The system will be modified. Continue? [N] Y ##Type Y to install the selected packages
---
The installer will start to download and install the packages .
After few minutes, the Zimbra main menu will appear.
---
Main menu
1) Common Configuration:
2) zimbra-ldap: Enabled
3) zimbra-logger: Enabled
4) zimbra-mta: Enabled
5) zimbra-dnscache: Enabled
6) zimbra-snmp: Enabled
7) zimbra-store: Enabled
+Create Admin User: yes
+Admin user to create: admin@mail.bc.com
******* +Admin Password UNSET
+Anti-virus quarantine user: virus-quarantine.mz4gvqg5@mail.bc.com
+Enable automated spam training: yes
+Spam training user: spam.xc6cq3n8fv@mail.bc.com
+Non-spam(Ham) training user: ham.3gmvpkc8w@mail.bc.com
+SMTP host: mail.bc.com
+Web server HTTP port: 8080
+Web server HTTPS port: 8443
+Web server mode: https
+IMAP server port: 7143
+IMAP server SSL port: 7993
+POP server port: 7110
+POP server SSL port: 7995
+Use spell check server: yes
+Spell server URL: http://mail.bc.com:7780/aspell.php
+Enable version update checks: TRUE
+Enable version update notifications: TRUE
+Version update notification email: admin@mail.bc.com
+Version update source email: admin@mail.bc.com
+Install mailstore (service webapp): yes
+Install UI (zimbra,zimbraAdmin webapps): yes
8) zimbra-spell: Enabled
9) zimbra-proxy: Enabled
10) Default Class of Service Configuration:
s) Save config to file
x) Expand menu
q) Quit
Address unconfigured (**) items (? - help)
---
Set password for the Zimbra admin account menu item no 4
So just type number 7 to configure this item.
---
Address unconfigured (**) items (? - help) 7
---
A sub-menu will appear which shows the unconfigured item. As you see here, the unconfigured item no is 4.
So, let us 4 to address this item.
---
Select, or 'r' for previous menu [r] 4
---
Next, enter a password to the Zimbra admin account. Make sure the password is very strong.
Set password for the admin user. Use any strong password. Press enter to update the password.
---
Password for admin@mail.bc.com (min 6 characters): [vduf1n6p]
---
Then, type “r” to return back to main menu.
---
Select, or 'r' for previous menu [r] r
---
The unconfigured item is addressed and configured now.
Type a to apply the changes, and press ENTER to save the configuration file.
Finally, type yes to continue and finish the installation.
---
*** CONFIGURATION COMPLETE - press 'a' to apply
Select from menu, or press 'a' to apply config (? - help) a ##Type 'a' and press ENTER
Save configuration data to a file? [Yes] ## Press ENTER
Save config in file: [/opt/zimbra/config.15814]
Saving config in /opt/zimbra/config.15814...done.
The system will be modified - continue? [No] yes ##Type yes and press ENTER.
---
Congratulations!
At this stage, you will have a working Zimbra collaboration suite in your Ubuntu server.
Log in to Zimbra Admin dashboard
---
Open your web browser and the URL: https://IP-Address:7071/ or https://domain-name:7071
---
Enter the user name and password. The default username is admin, and
the password is the one that you created earlier while installing Zimbra.Step 6: Administering Zimbra
From here, you can do all kind of administration tasks, such as creating, editing and
deleting users, domains, monitoring the zimbra server, managing Email accounts, and so on.
Creating new domain
Let us create a new domain. To do so, click on the Configure -> Domain button on the left menu bar.
The list of available domains, including the default domain, will be found in this section.
To create a new domain, just click on the gear button on the top right side and click New.
Creating new users
Click Manage button on the left menu bar.
Then, click on the gear button on the top right corner and select New.
Log in to Zimbra Web client
Zimbra web client is the user’s personal mailbox where users can send, receive, delete mails, organize taks, manage their calendars etc. To access, the Zimbra web console, just type https://IP-address or https://domain-name in the address bar.
The following screen should appear. Enter the user name and its password that we created earlier from the Admin console.
Step 7: Using zmcontrol CLI
zmcontrol located in /opt/zimbra/bin/
Login as zimbra user before using zmcontrol CLI
# sudo su - zimbra
To reset the password of any user, use the zmprov with the attribute setPassword or
sp using the abbreviation (https://wiki.zimbra.com/wiki/Zmprov):
- zmprov sp <user or admin email address> <new password>
To list all accounts created:
zimbra@mail:~$ zmprov -l gaa
---
admin@mail.bc.com
spam.u3dl6kvkem@mail.bc.com
ham.l22q0fdob@mail.bc.com
virus-quarantine.1c4iqfx6i@mail.bc.com
galsync.uvugw_rk9@mail.bc.com
terry@mail.bc.com
---Step 8: Migration Strategy
Zimbra supports multiple domains on a single IP address; no need to add a second NIC to the server at all.
After you add the second domain in Zimbra’s Administration Console if you do nothing else users in the second domain can login at mail.firstdomain.com and get to their mailbox. You’d also set the MX record for the second domain to point to mail.firstdomain.com.
Now, if you want users in the second domain to be able to log in using mail.seconddomain.com, the in the Administration Console just set up a Virtual Host and in public DNS create a A record for mail.seconddomain.com that points to the same public IP address as the A record for mail.firstdomain.com. In that same Virtual Host setup process, you can add the SSL certificate chain for the second domain.
I can’t speak to current versions of Zimbra, but earlier versions of Zimbra did not function as expected when dual homed without some hacking of the configuration files for certain services. Again, Zimbra really doesn’t need multiple IP addresses; at least from what you describe you should be able to configure multiple domains no problem.
The largest Zimbra system I ever configured domiciled more than 20K domains, routed through a single prxy server with no issues using just one IP address.
Scenario:
- Create new domain in Zimbra
- Imports email accounts into new created domain
- Create new zone for new domain in Bind
- Testing sending email using telnet, to make sure everything working properly
Pointing to new IP:
1. Create new MX record with same priority on domain hosting, do not create 2 domain at same time, better replace the old one
$ host -t mx yourdomain.com
yourdomain.com mail is handled by 10 mx.yourdomain.com.
$ host mx.yourdomain.com
mx.yourdomain.com has address 49.0.1.236
mx.yourdomain.com has address 123.176.121.106
It means the email can be go to one of these servers, can be go to 49.0.1.236 or to 123.176.121.106, round-robin, cannot be both.
Check on google:
# host mx.yourdomain.com 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases:
mx.yourdomain.com has address 123.176.121.106
It means the IP has changed.
- Change IP of SMTP, IMAP, POP3 the next day after new MX get stable
BIND Configuration:
Zone "bc.com" is first zone created when install Zimbra
Create new zone "yourdomain.com"
# sudo nano /etc/bind/named.conf.local
---
zone "yourdomain.com" {
type master;
file "/etc/bind/forward.yourdomain.com";
};
zone "121.176.123.in-addr.arpa" {
type master;
file "/etc/bind/reverse.yourdomain.com";
};
---Create yourdomain forward zone file
# sudo nano /etc/bind/forward.yourdomain.com
---
$TTL 3D
@ IN SOA mail.bc.com. hostmaster.yourdomain.com. (
20190107 ; serial
8H ; refresh
2H ; retry
4W ; expiry
1D ; minimum
)
;Name Server Information
@ IN NS mail.bc.com.
;Mail Server MX (Mail exchanger) Record
yourdomain.com. IN MX 10 mail.yourdomain.com.
;A Record for Host names
mail IN A 123.176.121.106
---
Enable the BIND user to read the zone file:
# sudo chown bind:bind /etc/bind/forward.yourdomain.com
# sudo chmod 640 /etc/bind/forward.yourdomain.comCreate yourdomain reverse zone file
# sudo nano /etc/bind/reverse.yourdomain.com
---
$TTL 3D
@ IN SOA mail.bc.com. hostmaster.yourdomain.com. (
20190107 ; Serial
8H ; Refresh
2H ; Retry
4W ; Expire
1D ; Minimum TTL
)
;Your Name Server Info
@ IN NS mail.bc.com.
;PTR Record IP address to HostName
106 IN PTR mail.yourdomain.com.
---
Enable the BIND user to read the zone file:
# sudo chown bind:bind /etc/bind/reverse.bc.com
# sudo chmod 640 /etc/bind/reverse.bc.comImport Email Accounts
Login as zimbra user before using zmcontrol CLI
# sudo su - zimbra
Create domain
zimbra@mail:~$ zmprov createDomain yourdomain.com
83f4d968-ef81-4caf-bb89-b14b93f1934f
Create account
zimbra@mail:~$ zmprov createAccount terry@yourdomain.com '#bcon123#' displayName 'Terry Fithry' givenName Terry sn Fithry
ff5530e9-077f-47b0-982e-798b71fda55a
Bulk zmprov
Create text file containing this:
Exit zimbra user
# exit
# nano accountfile.zmp
---
createAccount terry@yourdomain.com '#bcon123#' displayName 'Terry Fithry' givenName Terry sn Fithry
dst..
---
Execute as root
adminprod@mail:~$ cat accountfile.zmp | sudo su - zimbra -c zmprov
---
prov> createAccount aji.ardianto@yourdomain.com '#bcon123#Aji' displayName 'Aji Ardianto' givenName Aji sn Ardianto
efa63b93-5356-4637-82c3-058cd72b0bee
...
---Test Email Using Telnet
adminprod@mail:~$ telnet 123.176.121.106 25
Trying 123.176.121.106...
Connected to 123.176.121.106.
Escape character is '^]'.
220-mail.bc.com ESMTP Postfix
220 mail.bc.com ESMTP Postfix
helo mail.bc.com
250 mail.bc.com
mail from: <terry@yourdomain.com>
250 2.1.0 Ok
rcpt to: <terry@yourdomain.com>
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
from: <terry@yourdomain.com>
to: <terry@yourdomain.com>
Subject: test
Test using telnet!
.
250 2.0.0 Ok: queued as BD6662214FC
quit
221 2.0.0 Bye
Connection closed by foreign host.
Cek logs:
adminprod@mail:~$ grep BD6662214FC /var/log/mail.logStep 9: Remove Zimbra Collaboration Suite (If you dont happy with it)
Go the Zimbra directory:
# cd zcs-*
Enter the following command to completely remove it:
# sudo ./install.sh -u
Finally, delete Zimbra directory:
# cd ..
# sudo rm -rf zcs-*Done!
Resources:
https://www.zimbra.com/documentation/
https://blog.zimbra.com/
That’s it. Hope it helps.
Terry
