We usually get the below four files from Sectigo in the certificate bundle. The file name may vary depending on the certificate type
- yourdomain.com.crt – main certificate
- AAACertificateServices.crt – Root Certificate
- USERTrustRSAAAACA.crt – Intermediate Certificate – 1
- SectigoRSADomainValidationSecureServerCA.crt – Intermediate Certificate – 2
Step 1: We shall create two files as below.
commercial_ca.crt (includes root certificate and two intermediate certificates)
commercial.crt (includes main certificate, root certificate and two intermediate certificates)
Step 2: Login to Zimbra server, move to directory /opt/zimbra/ssl/zimbra/commercial and create two files as below.
root@mail:~# cd /opt/zimbra/ssl/zimbra/commercial/
root@mail:/opt/zimbra/ssl/zimbra/commercial# touch commercial_ca.crt
root@mail:/opt/zimbra/ssl/zimbra/commercial# touch commercial.crt
Continue reading “Install a Sectigo Domain Validation SSL certificate in Zimbra” »
The most popular out of 5 options for proxy services, is to redirect. To do this, you can run the following as zimbra user:
zmprov ms `zmhostname` zimbraReverseProxyMailMode redirect
This will redirect your URLs to the zimbra hostname based HTTPs.
Now, restart the proxy services:
su - zimbra
Hope this helps.
Obtain a list of all Administrators
If want to get a list of all administrators, run the next command:
su - zimbra
To reset the administrative password:
su - zimbra
zmprov sp <admin email address> <new password>
Check the new password in the Admin Console
To access the admin console:
Remember that the administrative console (sometimes) requires a full email address as the login name, so you may be using the correct password and the wrong login!
1. Login to your Zimbra Admin Console using a browser.
2. In the left navigation pane under Home click Configure. Click Certificate.
3. On the right of the Zimbra Admin console click on the settings icon and select Install Certificate.
4. The Certificate Installation Wizard will pop up.
5. Under Server Name Select the Target server you are going to install the certificate for. Click Next Continue reading “Sectigo SSL certificate installation on Zimbra” »
Before we proceed with Zimbra Collaboration Suite installation process, first login to your server console with root privileges and install the following packages:
# yum -y install unzip net-tools sysstat openssh-clients perl-core libaio nmap-ncat libstdc++.so.6 perl perl-core ntpl nmap sudo libidn gmp libaio libstdc++ unzip sqlite dnsmasq
Next, issue getenforce command to check if Selinux in enabled on your machine. In case the policy is set to Enforced disable it by issuing the below commands:
# setenforce 0
To completely disable Selinux on CentOS, open /etc/selinux/config file with a text editor and set the line SELINUX to disabled.
Assure that wget system utility is also installed on your system by issuing the following command:
# yum install wget
In order for Zimbra to function correctly you must set the local machine hostname and FQDN to point to your server IP Address by running the below commands from root account:
# hostnamectl set-hostname mail
# echo "192.168.0.14 mail.centos7.lan mail " >> /etc/hosts
# cat /etc/hosts
Replace the system hostname and FQDN values accordingly in order to match your own domain settings. Test the hostname and FQDN values by issuing the ping command against both records. Continue reading “Zimbra 8.8 on CentOS 7” »
To change logo (On Zimbra 8.6 and onwards)
zmprov md mail.dscsc.mil.bd zimbraSkinLogoLoginBanner https://yourdomain.com/zimbra/MyLoginBanner.png
zmprov md mail.dscsc.mil.bd zimbraSkinLogoAppBanner https://yourdomain.com/zimbra/MyAppBanner.png
To change logo height:
changed hhe contents of file /opt/zimbra/jetty/webapps/zimbra/skins/_base/base3/skin.properties
90 LoginH1 = margin:0 0 30px 30px;
91 LoginAppName = display:none;
92 LoginLabelColor = @TxtC@
93 LoginButton = @ButtonShadowDefault@ border:1px solid @ButtonBorderColor@;
94 LoginBannerImg = @LogoImgDir@/LoginBanner.png?v=@jsVersion@
//95 LoginBanner = @img(, LoginBannerImg, 450px, 36px)@ //old
95 LoginBanner = @img(, LoginBannerImg, 450px, 90px)@ //new
96 LoginFooterColor = color:@darken(AppC,55)@;
97 LoginErrorPanel = background-color:#FF9; padding:5px; @roundCorners(8px)@
Do a quick search under the usual jetty folders:
find /opt/zimbra/jetty/ -type f -name *jsp -mtime -30
If you find files like:
you’re actually hacked.
Unlike the previous “zmcat” and “dblaunchs” that actually exploit the vuln and load some sh*t this looks like a bad childish attack. It seems that they delete some files under jetty dir, don’t know why.
The attack vector is the same, but, there are no strange processes, there is no persistence. Continue reading “SOLVED Zimbra 8.6 HTTP ERROR 404 Problem accessing /public/error.jsp. Reason: /public/error.jsp” »
1. Get the bundle from Comodo in crt format, or sometimes like a zip file.
2. Place the bundle on your Zimbra mailbox server. You should receive, or download, the next files:
since comodo is acquired by Sectigo, the updated zip might appear as below: Continue reading “Installing a Comodo SSL on Zimbra using CLI” »
In the admin interface go to
Global Settings -> General Information -> Default domain and enter the name of your domain.
Users in that domain can now login without the @domain part.
DNS-based Blackhole List (DNSBL) or Real-time Blackhole List (RBL) is an effort to fight spam emails. It is a blacklist of source IP addresses that have a reputation of sending spam emails. Most email systems can be configured to check these lists and block or flag emails that were sent from domains/IPs listed there. The ‘Blackhole List’ is sometimes called ‘blacklist’ by email admins.
In this tutorial, we’ll see how we can configure RBL with Zimbra using both GUI and CLI.
Method 1 – GUI:
Login to the Zimbra admin console – https://mail.example.com:7071, and then go to Configure.
Then, go to Global Settings. Continue reading “Enable DNSBL or RBL on Zimbra” »