Installing Let’s Encrypt on a Zimbra Server

Let’s Encrypt must be installed on one Linux machine to obtain the proper SSL Certificate, CA Intermediate, and Private Key. It is not required that it be on the same Zimbra Server, but it could save time and help to obtain the renewals, etc.

First Step is to stop the jetty or nginx service at Zimbra level

zmproxyctl stop
zmmailboxdctl stop

Second step is to Install git on the Server (apt-get install git/yum install git), and then do a git clone of the project on the folder we wantNote: On RedHat/CentOS 6 you will need to enable the EPEL repository before install.

git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt

Let’s now run Let’s Encrypt in auto mode and use the certonly option, because for now the project can’t automatically install the cert on Zimbra servers.

root@zimbra86:~/tmp/letsencrypt# ./letsencrypt-auto certonly --standalone

If you need to have multiple hostnames on the same SSL, so a Multi-SAN, SSL, please run instead, where -d are your domains:

root@zimbra86:~/tmp/letsencrypt# ./letsencrypt-auto certonly --standalone -d xmpp.example.com -d conference.example.com

Continue reading “Installing Let’s Encrypt on a Zimbra Server” »

Share

Zimbra send http traffic to https or keeping both in mix

HTTP proxy can support protocol modes for HTTP or HTTPS only, both HTTP and HTTPS, mixed HTTP and HTTPS or HTTPS redirect from HTTP. Redirect is a popular configuration. This configuration must be made to the proxy servers.

HTTPS redirect from HTTP

zmprov ms proxy.server.name zimbraReverseProxyMailMode redirect

HTTP and HTTPS (support both)

zmprov ms proxy.server.name zimbraReverseProxyMailMode both

HTTPS only

zmprov ms proxy.server.name zimbraReverseProxyMailMode https

HTTP only

zmprov ms proxy.server.name zimbraReverseProxyMailMode http

“mixed” will cause only authentication to be sent over HTTPS

zmprov ms proxy.server.name zimbraReverseProxyMailMode mixed

Src:
https://wiki.zimbra.com/wiki/Enabling_Zimbra_Proxy_and_memcached#Protocol_Requirements_Including_HTTPS_Redirect

Share

Increase mail attachment in Zimbra 8.8

Postfix configuration (zimbraMtaMaxMessageSize and message_size_limit)

You can examine the current value of this parameter like this:

# su - zimbra
$ postconf message_size_limit
message_size_limit = 10240000

This configuration parameter is stored in the zimbra ldap directory, and propagated to postconf’s message_size_limit by zmmtaconfig, which is invoked by the zimbra postfix command. The following commands will set the message_size_limit to 2MB (adjust this value to suit your needs):

# su - zimbra
$ zmprov modifyConfig zimbraMtaMaxMessageSize 2048000
$ postfix reload

You can then confirm the changes with this command:

$ postconf | grep message_size_limit

IMAP Continue reading “Increase mail attachment in Zimbra 8.8” »

Share

Zimbra Exporting all mail addresses

Exporting all addresses (mailboxes, aliases and distribution lists) is a vital tool if you have a backup MX and only want it to accept email for valid recipients. One reason for that is to stop spammers who simply use a dictionary of common names to generate recipient email addresses which would flood a backup MX with undeliverable email. Some anti-spam providers (e.g. Postini) have automatic provisioning processes for making this possible.

A naive process of extracting mailboxes looks like this:

/opt/zimbra/bin/zmaccts | grep 'active' | egrep -v '^\W+' | awk '{print $1}'

Unfortunately, this doesn’t give distribution lists and aliases, so a more sophisticated approach is necessary, for which there is no specific tool and requires using the ldap tool thus: Continue reading “Zimbra Exporting all mail addresses” »

Share

Best Practices on Email Protection: SPF, DKIM and DMARC

Once we installed Zimbra Collaboration, we need to be aware of some additional configurations that will allow us to send emails to other Email systems with an improve Security, such Gmail, Hotmail, Yahoo!, etc. This Wiki article will show the different Email Protection resources that exists, depends of the volume of sent email, will be better to implement only one, or two, or maybe all of them, depends.

SPF
Sender Policy Framework (SPF) is an email validation system, designed to prevent unwanted emails using a spoofing system. To check this common security problem, SPF going to verify the source IP of the email and compare it with a DNS TXT record with a SPF content. 

Where needs to be configured?
SPF needs to be configured in the Public DNS Continue reading “Best Practices on Email Protection: SPF, DKIM and DMARC” »

Share

Zimbra Increasing Attachment Size works for 8.5

Through zimbraGUI didn’t find it how to do it, but through console it appeared to be working with the following set of commands to modify postfix actually-

su zimbra 
zmprov mcf zimbraMtaMaxMessageSize 20971520 
zmprov mcf zimbraFileUploadMaxSize 20971520 
zmprov mcf zimbraMailContentMaxSize 52428800 
zmprov modifyConfig zimbraMtaMaxMessageSize 52428800 
postfix reload

Once theyre executed, restart the server (restarting zimbra won’t reflect the changes made, so need a fresh reboot of OS)

Share

Using DKIM to Authenticate Email Message

Domain Keys Identified Mail (DKIM) defines a domain-level authentication mechanism that lets your organization take responsibility for transmitting an email message in a way that can be verified by a recipient. Your organization can be the originating sending site or an intermediary. Your organization’s reputation is the basis for evaluating whether to trust the message delivery.

You can add a DKIM digital signature to outgoing email messages, associating the message with a domain name of your organization. You can enable DKIM signing for any number of domains that are being hosted by ZCS. It is not required for all domains to have DKIM signing enabled for the feature to work.

DKIM defines an authentication mechanism for email using Continue reading “Using DKIM to Authenticate Email Message” »

Share

Zimbra 8 Community edition on Scientific Linux 6 (64 Bit)

Install SL 6.3 (64 bit)

  • Installing SL6.3 (64bit)  with 'minimal' installation mode
  • Post installing, fix with the Static IP Address (Public IP and I assume the system is not behind firewall)
  • Double check with /etc/resolv.conf file parameters

Prerequisites for ZImbra installation

Let's firsy update-

yum update

Let's install some pckages as well

yum – y install sudo sysstat gmp libidn libstdc++ bind bind-chroot bind-libs bind-utils wget php perl nc sqlite

and few more packages-

yum install compat-libstdc++-33 sysstat

If anything missed out you'll know in the next steps, if anything left google it, chances are you'll be able to yum it :), however for this time being the environment is made. Now proceed to download Zimbra.

Make some backend job-

  • Make sure 'SELINUX' is disabled
  • The iptables service is stopped
  • 'postfix' service is stopped and disabled at runtime and on boot

Download ZImbra

My downloaded edition was-

http://files2.zimbra.com/downloads/8.0.0_GA/zcs-8.0.0_GA_5434.RHEL6_64.20120907144639.tgz

Once downloaded, get inside the extracted folder. Continue reading “Zimbra 8 Community edition on Scientific Linux 6 (64 Bit)” »

Share