Zimbra 8.8 on CentOS 7

Before we proceed with Zimbra Collaboration Suite installation process, first login to your server console with root privileges and install the following packages:

# yum -y install unzip net-tools sysstat openssh-clients perl-core libaio nmap-ncat libstdc++.so.6 perl perl-core ntpl nmap sudo libidn gmp libaio libstdc++ unzip sqlite dnsmasq

Next, issue getenforce command to check if Selinux in enabled on your machine. In case the policy is set to Enforced disable it by issuing the below commands:

# getenforce
# setenforce 0
# getenforce

To completely disable Selinux on CentOS, open /etc/selinux/config file with a text editor and set the line SELINUX to disabled.

Assure that wget system utility is also installed on your system by issuing the following command:

# yum install wget

In order for Zimbra to function correctly you must set the local machine hostname and FQDN to point to your server IP Address by running the below commands from root account:

# hostnamectl set-hostname mail
# echo "192.168.0.14 mail.centos7.lan mail " >> /etc/hosts
# cat /etc/hosts

Replace the system hostname and FQDN values accordingly in order to match your own domain settings. Test the hostname and FQDN values by issuing the ping command against both records. Continue reading “Zimbra 8.8 on CentOS 7” »

Share

Zimbra GUI Customization- Logo, Title, Footer

To change logo (On Zimbra 8.6 and onwards)

zmprov md mail.dscsc.mil.bd zimbraSkinLogoLoginBanner https://yourdomain.com/zimbra/MyLoginBanner.png
zmprov md mail.dscsc.mil.bd zimbraSkinLogoAppBanner https://yourdomain.com/zimbra/MyAppBanner.png

To change logo height:

changed hhe contents of file /opt/zimbra/jetty/webapps/zimbra/skins/_base/base3/skin.properties

...
90 LoginH1 = margin:0 0 30px 30px;
91 LoginAppName = display:none;
92 LoginLabelColor = @TxtC@
93 LoginButton = @ButtonShadowDefault@ border:1px solid @ButtonBorderColor@;
94 LoginBannerImg = @LogoImgDir@/LoginBanner.png?v=@jsVersion@

//95 LoginBanner = @img(, LoginBannerImg, 450px, 36px)@ //old
95 LoginBanner = @img(, LoginBannerImg, 450px, 90px)@ //new

96 LoginFooterColor = color:@darken(AppC,55)@;
97 LoginErrorPanel = background-color:#FF9; padding:5px; @roundCorners(8px)@
...

Apply it-

zmmailboxdctl restart
Share

SOLVED Zimbra 8.6 HTTP ERROR 404 Problem accessing /public/error.jsp. Reason: /public/error.jsp

Do a quick search under the usual jetty folders:

find /opt/zimbra/jetty/ -type f -name *jsp -mtime -30

If you find files like:

/opt/zimbra/jetty/webapps/zimbra/js/zimbra/csfe/XZimbra.jsp
/opt/zimbra/jetty/webapps/zimbra/public/Ajax.jsp

you’re actually hacked.

Unlike the previous “zmcat” and “dblaunchs” that actually exploit the vuln and load some sh*t this looks like a bad childish attack. It seems that they delete some files under jetty dir, don’t know why. 
The attack vector is the same, but, there are no strange processes, there is no persistence. Continue reading “SOLVED Zimbra 8.6 HTTP ERROR 404 Problem accessing /public/error.jsp. Reason: /public/error.jsp” »

Share

Installing a Comodo SSL on Zimbra using CLI

1. Get the bundle from Comodo in crt format, or sometimes like a zip file.

2. Place the bundle on your Zimbra mailbox server. You should receive, or download, the next files:

AddTrustExternalCARoot.crt
COMODORSAAddTrustCA.crt
COMODORSADomainValidationSecureServerCA.crt
my_domain_com.crt 

or 

since comodo is acquired by Sectigo, the updated zip might appear as below: Continue reading “Installing a Comodo SSL on Zimbra using CLI” »

Share

Enable DNSBL or RBL on Zimbra

DNS-based Blackhole List (DNSBL) or Real-time Blackhole List (RBL) is an effort to fight spam emails. It is a blacklist of source IP addresses that have a reputation of sending spam emails. Most email systems can be configured to check these lists and block or flag emails that were sent from domains/IPs listed there. The ‘Blackhole List’ is sometimes called ‘blacklist’ by email admins.

In this tutorial, we’ll see how we can configure RBL with Zimbra using both GUI and CLI.

Method 1 – GUI:

Login to the Zimbra admin console – https://mail.example.com:7071, and then go to Configure.

Then, go to Global Settings. Continue reading “Enable DNSBL or RBL on Zimbra” »

Share

ZImbra troubleshooting incoming mail problems

Problem

If you’re having trouble receiving mail from outside, you need to find out where the message is failing. When sending your test message, check the Log Files, especially /var/log/zimbra.log, on your MTA server. It’s often helpful to tail the logfile as you send the message:

tail -f /var/log/zimbra.log

If you see nothing logged (no connection, nothing) then the problem likely either DNS or your firewall.

Resolution

Firewall
To troubleshoot your firewall, it helps to have an account on a system outside of your network. For mail to flow inbound, servers on the internet need to connect to your MTA on port 25.

DNS issues
The mail domain that your user accounts are created under must have an MX record. To test this:

host -t mx domain

The IP address returned should be the IP (public or private) of your MTA. If it’s the public address, make sure that the Firewall is forwarding port 25 to the MTA. Continue reading “ZImbra troubleshooting incoming mail problems” »

Share

Fix: Unable to start TLS: SSL connect attempt failed error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed when connecting to ldap master.Cannot determine services – exiting

My ZImbra 8.6 was throwing the following error once after my letsencrypt SSL got expired:

Unable to start TLS: SSL connect attempt failed error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed when connecting to ldap master.Cannot determine services - exiting

The Fix:

In order to fix the problem you need to modify the following parameters as Zimbra user:

zmlocalconfig -e ldap_starttls_required=false
zmlocalconfig -e ldap_starttls_supported=0

Then restart zimbra by using

zmcontrol restart

Hope it’ll restarted

Share

Zimbra Letsencrypt SSL Renew – Zimbra 8.6

Let’s Begin:
This works if you already have an expired letsencrypt ssl certificate and assuming you have already deployed SSL in you zimbra system. However, if you come up here already, and would like to know how to setup letsencrypt on your system you may read my other article here:

https://tweenpath.net/installing-encrypt-zimbra-server/ 

Log on Zimbra user then stop proxy and mail box service for renew proccess.

su zimbra
zmproxyctl stop
zmmailboxdctl stop

Then return root user and renew Letsencrypt certificate

exit

letsencrypt renew: Change directory to Zimbra Letsecnrpyt SSL folder Continue reading “Zimbra Letsencrypt SSL Renew – Zimbra 8.6” »

Share

Zimbra – deleting all email in queue by sender

As root user execute:

/opt/zimbra/postfix/sbin/postqueue -p | tail -n +2 | awk 'BEGIN { RS = "" } / sender@mail\.com/ { print $1 }' | tr -d '*' | /opt/zimbra/postfix/sbin/postsuper -d -

To Delete ALL Messages From Queue

/opt/zimbra/postfix/sbin/postsuper -d ALL

Another way to do this:

mailq | awk '{print $1}' | postsuper -d -

To Delete ALL Messages From The Deferred Queue

/opt/zimbra/postfix/sbin/postsuper -d ALL deferred

To Delete ALL Messages From The Hold Queue

/opt/zimbra/postfix/sbin/postsuper -d ALL hold

There’s a nice Zimbra wiki page with detailed on cleaning up mail queues.

https://wiki.zimbra.com/wiki/Managing-The-Postfix-Queues

Share