Remove DNSCACHE from zimbra services.

If you will get a prompt stating something like “Port conflict detected: 53 (zimbra-dnscache)” with a prompt to hit ENTER to continue, you can just hit enter and let the installation/upgrade run out. Once everything is running, you will see that the Zimbra DnsCahe service is in a stopped state. To fix this error, all you have to do is

# zmcontrol status
# zmprov ms `zmhostname` -zimbraServiceEnabled dnscache
# zmprov ms `zmhostname` -zimbraServiceInstalled dnscache
# zmcontrol status

You will see that the service is removed from Zimbra’s Services.

[zimbra@mail root]$ zmcontrol status
Host mail.server.lan
amavis Running
antispam Running
antivirus Running
ldap Running
logger Running
mailbox Running
memcached Running
mta Running
opendkim Running
proxy Running
service webapp Running
snmp Running
spell Running
stats Running
zimbra webapp Running
zimbraAdmin webapp Running
zimlet webapp Running
zmconfigd Running
Share

Install a Sectigo Domain Validation SSL certificate in Zimbra

We usually get the below four files from Sectigo in the certificate bundle. The file name may vary depending on the certificate type

  1. yourdomain.com.crt – main certificate
  2. AAACertificateServices.crt – Root Certificate
  3. USERTrustRSAAAACA.crt – Intermediate Certificate – 1
  4. SectigoRSADomainValidationSecureServerCA.crt – Intermediate Certificate – 2

Step 1: We shall create two files as below.

commercial_ca.crt (includes root certificate and two intermediate certificates)
commercial.crt (includes main certificate, root certificate and two intermediate certificates)

Step 2: Login to Zimbra server, move to directory /opt/zimbra/ssl/zimbra/commercial and create two files as below.

root@mail:~# cd /opt/zimbra/ssl/zimbra/commercial/
root@mail:/opt/zimbra/ssl/zimbra/commercial# touch commercial_ca.crt
root@mail:/opt/zimbra/ssl/zimbra/commercial# touch commercial.crt

Continue reading “Install a Sectigo Domain Validation SSL certificate in Zimbra” »

Share

Redirect HTTP to HTTPs automatically in Zimbra 8.8

The most popular out of 5 options for proxy services, is to redirect. To do this, you can run the following as zimbra user:

zmprov ms `zmhostname` zimbraReverseProxyMailMode redirect

This will redirect your URLs to the zimbra hostname based HTTPs.

Now, restart the proxy services:

su - zimbra
zmproxyctl restart

Hope this helps.

Src: https://mellowhost.com/blog/how-to-redirect-http-to-https-zimbra-8-8.html

Share

Reset Zimbra Admin Password

Obtain a list of all Administrators

If want to get a list of all administrators, run the next command:

su - zimbra
zmprov gaaa

To reset the administrative password:

su - zimbra
zmprov sp <admin email address> <new password>

Check the new password in the Admin Console

To access the admin console:

https://YOURHOST:7071

Remember that the administrative console (sometimes) requires a full email address as the login name, so you may be using the correct password and the wrong login!

Share

Sectigo SSL certificate installation on Zimbra

1. Login to your Zimbra Admin Console using a browser.

2. In the left navigation pane under Home click Configure. Click Certificate.

3. On the right of the Zimbra Admin console click on the settings icon and select Install Certificate.

4. The Certificate Installation Wizard will pop up.

5. Under Server Name Select the Target server you are going to install the certificate for. Click Next Continue reading “Sectigo SSL certificate installation on Zimbra” »

Share

Zimbra 8.8 on CentOS 7

Before we proceed with Zimbra Collaboration Suite installation process, first login to your server console with root privileges and install the following packages:

# yum -y install unzip net-tools sysstat openssh-clients perl-core libaio nmap-ncat libstdc++.so.6 perl perl-core ntpl nmap sudo libidn gmp libaio libstdc++ unzip sqlite dnsmasq

Next, issue getenforce command to check if Selinux in enabled on your machine. In case the policy is set to Enforced disable it by issuing the below commands:

# getenforce
# setenforce 0
# getenforce

To completely disable Selinux on CentOS, open /etc/selinux/config file with a text editor and set the line SELINUX to disabled.

Assure that wget system utility is also installed on your system by issuing the following command:

# yum install wget

In order for Zimbra to function correctly you must set the local machine hostname and FQDN to point to your server IP Address by running the below commands from root account:

# hostnamectl set-hostname mail
# echo "192.168.0.14 mail.centos7.lan mail " >> /etc/hosts
# cat /etc/hosts

Replace the system hostname and FQDN values accordingly in order to match your own domain settings. Test the hostname and FQDN values by issuing the ping command against both records. Continue reading “Zimbra 8.8 on CentOS 7” »

Share

Zimbra GUI Customization- Logo, Title, Footer

To change logo (On Zimbra 8.6 and onwards)

zmprov md mail.dscsc.mil.bd zimbraSkinLogoLoginBanner https://yourdomain.com/zimbra/MyLoginBanner.png
zmprov md mail.dscsc.mil.bd zimbraSkinLogoAppBanner https://yourdomain.com/zimbra/MyAppBanner.png

To change logo height:

changed hhe contents of file /opt/zimbra/jetty/webapps/zimbra/skins/_base/base3/skin.properties

...
90 LoginH1 = margin:0 0 30px 30px;
91 LoginAppName = display:none;
92 LoginLabelColor = @TxtC@
93 LoginButton = @ButtonShadowDefault@ border:1px solid @ButtonBorderColor@;
94 LoginBannerImg = @LogoImgDir@/LoginBanner.png?v=@jsVersion@

//95 LoginBanner = @img(, LoginBannerImg, 450px, 36px)@ //old
95 LoginBanner = @img(, LoginBannerImg, 450px, 90px)@ //new

96 LoginFooterColor = color:@darken(AppC,55)@;
97 LoginErrorPanel = background-color:#FF9; padding:5px; @roundCorners(8px)@
...

Apply it-

zmmailboxdctl restart
Share

SOLVED Zimbra 8.6 HTTP ERROR 404 Problem accessing /public/error.jsp. Reason: /public/error.jsp

Do a quick search under the usual jetty folders:

find /opt/zimbra/jetty/ -type f -name *jsp -mtime -30

If you find files like:

/opt/zimbra/jetty/webapps/zimbra/js/zimbra/csfe/XZimbra.jsp
/opt/zimbra/jetty/webapps/zimbra/public/Ajax.jsp

you’re actually hacked.

Unlike the previous “zmcat” and “dblaunchs” that actually exploit the vuln and load some sh*t this looks like a bad childish attack. It seems that they delete some files under jetty dir, don’t know why. 
The attack vector is the same, but, there are no strange processes, there is no persistence. Continue reading “SOLVED Zimbra 8.6 HTTP ERROR 404 Problem accessing /public/error.jsp. Reason: /public/error.jsp” »

Share

Installing a Comodo SSL on Zimbra using CLI

1. Get the bundle from Comodo in crt format, or sometimes like a zip file.

2. Place the bundle on your Zimbra mailbox server. You should receive, or download, the next files:

AddTrustExternalCARoot.crt
COMODORSAAddTrustCA.crt
COMODORSADomainValidationSecureServerCA.crt
my_domain_com.crt 

or 

since comodo is acquired by Sectigo, the updated zip might appear as below: Continue reading “Installing a Comodo SSL on Zimbra using CLI” »

Share