1. Login to your Zimbra Admin Console using a browser.
2. In the left navigation pane under Home click Configure. Click Certificate.
3. On the right of the Zimbra Admin console click on the settings icon and select Install Certificate.
4. The Certificate Installation Wizard will pop up.
5. Under Server Name Select the Target server you are going to install the certificate for. Click Next Continue reading “Sectigo SSL certificate installation on Zimbra” »
Before we proceed with Zimbra Collaboration Suite installation process, first login to your server console with root privileges and install the following packages:
# yum -y install unzip net-tools sysstat openssh-clients perl-core libaio nmap-ncat libstdc++.so.6 perl perl-core ntpl nmap sudo libidn gmp libaio libstdc++ unzip sqlite dnsmasq
Next, issue getenforce command to check if Selinux in enabled on your machine. In case the policy is set to Enforced disable it by issuing the below commands:
# setenforce 0
To completely disable Selinux on CentOS, open /etc/selinux/config file with a text editor and set the line SELINUX to disabled.
Assure that wget system utility is also installed on your system by issuing the following command:
# yum install wget
In order for Zimbra to function correctly you must set the local machine hostname and FQDN to point to your server IP Address by running the below commands from root account:
# hostnamectl set-hostname mail
# echo "192.168.0.14 mail.centos7.lan mail " >> /etc/hosts
# cat /etc/hosts
Replace the system hostname and FQDN values accordingly in order to match your own domain settings. Test the hostname and FQDN values by issuing the ping command against both records. Continue reading “Zimbra 8.8 on CentOS 7” »
To change logo (On Zimbra 8.6 and onwards)
zmprov md mail.dscsc.mil.bd zimbraSkinLogoLoginBanner https://yourdomain.com/zimbra/MyLoginBanner.png
zmprov md mail.dscsc.mil.bd zimbraSkinLogoAppBanner https://yourdomain.com/zimbra/MyAppBanner.png
To change logo height:
changed hhe contents of file /opt/zimbra/jetty/webapps/zimbra/skins/_base/base3/skin.properties
90 LoginH1 = margin:0 0 30px 30px;
91 LoginAppName = display:none;
92 LoginLabelColor = @TxtC@
93 LoginButton = @ButtonShadowDefault@ border:1px solid @ButtonBorderColor@;
94 LoginBannerImg = @LogoImgDir@/LoginBanner.png?v=@jsVersion@
//95 LoginBanner = @img(, LoginBannerImg, 450px, 36px)@ //old
95 LoginBanner = @img(, LoginBannerImg, 450px, 90px)@ //new
96 LoginFooterColor = color:@darken(AppC,55)@;
97 LoginErrorPanel = background-color:#FF9; padding:5px; @roundCorners(8px)@
Do a quick search under the usual jetty folders:
find /opt/zimbra/jetty/ -type f -name *jsp -mtime -30
If you find files like:
you’re actually hacked.
Unlike the previous “zmcat” and “dblaunchs” that actually exploit the vuln and load some sh*t this looks like a bad childish attack. It seems that they delete some files under jetty dir, don’t know why.
The attack vector is the same, but, there are no strange processes, there is no persistence. Continue reading “SOLVED Zimbra 8.6 HTTP ERROR 404 Problem accessing /public/error.jsp. Reason: /public/error.jsp” »
1. Get the bundle from Comodo in crt format, or sometimes like a zip file.
2. Place the bundle on your Zimbra mailbox server. You should receive, or download, the next files:
since comodo is acquired by Sectigo, the updated zip might appear as below: Continue reading “Installing a Comodo SSL on Zimbra using CLI” »
In the admin interface go to
Global Settings -> General Information -> Default domain and enter the name of your domain.
Users in that domain can now login without the @domain part.
DNS-based Blackhole List (DNSBL) or Real-time Blackhole List (RBL) is an effort to fight spam emails. It is a blacklist of source IP addresses that have a reputation of sending spam emails. Most email systems can be configured to check these lists and block or flag emails that were sent from domains/IPs listed there. The ‘Blackhole List’ is sometimes called ‘blacklist’ by email admins.
In this tutorial, we’ll see how we can configure RBL with Zimbra using both GUI and CLI.
Method 1 – GUI:
Login to the Zimbra admin console – https://mail.example.com:7071, and then go to Configure.
Then, go to Global Settings. Continue reading “Enable DNSBL or RBL on Zimbra” »
If you’re having trouble receiving mail from outside, you need to find out where the message is failing. When sending your test message, check the Log Files, especially /var/log/zimbra.log, on your MTA server. It’s often helpful to tail the logfile as you send the message:
tail -f /var/log/zimbra.log
If you see nothing logged (no connection, nothing) then the problem likely either DNS or your firewall.
To troubleshoot your firewall, it helps to have an account on a system outside of your network. For mail to flow inbound, servers on the internet need to connect to your MTA on port 25.
The mail domain that your user accounts are created under must have an MX record. To test this:
host -t mx domain
The IP address returned should be the IP (public or private) of your MTA. If it’s the public address, make sure that the Firewall is forwarding port 25 to the MTA. Continue reading “ZImbra troubleshooting incoming mail problems” »
My ZImbra 8.6 was throwing the following error once after my letsencrypt SSL got expired:
Unable to start TLS: SSL connect attempt failed error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed when connecting to ldap master.Cannot determine services - exiting
In order to fix the problem you need to modify the following parameters as Zimbra user:
zmlocalconfig -e ldap_starttls_required=false
zmlocalconfig -e ldap_starttls_supported=0
Then restart zimbra by using
Hope it’ll restarted
This works if you already have an expired letsencrypt ssl certificate and assuming you have already deployed SSL in you zimbra system. However, if you come up here already, and would like to know how to setup letsencrypt on your system you may read my other article here:
Log on Zimbra user then stop proxy and mail box service for renew proccess.
Then return root user and renew Letsencrypt certificate
letsencrypt renew: Change directory to Zimbra Letsecnrpyt SSL folder Continue reading “Zimbra Letsencrypt SSL Renew – Zimbra 8.6” »