Howto zimbra: Difference between revisions
Mandulete1 (talk | contribs) |
Mandulete1 (talk | contribs) |
||
(80 intermediate revisions by 2 users not shown) | |||
Line 10: | Line 10: | ||
for almalinux8: | for almalinux8: | ||
https://hub.docker.com/r/ovox/zimbrabuild-alma8 | https://hub.docker.com/r/ovox/zimbrabuild-alma8 | ||
= install zimbra = | |||
install the following packages for ubuntu : | |||
apt-get update && apt-get -y install sqlite3 bind9-dnsutils perl perl-base perl-modules nano sudo libpcre3 libgmp10 unzip libgmp3-dev sysstat libexpat1 wget language-pack-en libaio1 pax dnsmasq net-tools | |||
install the following packages rhel: | |||
yum -y install wget nmap-ncat unzip perl-core openssh-clients sysstat net-tools ntpl sudo libidn libstdc++.so.6 gmp libaio dnsmasq | |||
set hostname: | |||
hostnamectl set-hostname vidalinux.net | |||
configure /etc/hosts: | |||
127.0.0.1 localhost | |||
192.168.24.45 vidalinux.net mail.vidalinux.net | |||
configure domain: | |||
cat >> /etc/dnsmasq.conf << EOF | |||
listen-address=127.0.0.1 | |||
interface=eth0 | |||
expand-hosts | |||
domain=vidalinux.net | |||
server=4.2.2.1 | |||
server=4.2.2.2 | |||
address=/.vidalinux.net/127.0.0.1 | |||
address=/.vidalinux.net/192.168.24.45 | |||
mx-host=vidalinux.net,mail.vidalinux.com,1 | |||
addn-hosts=/etc/hosts | |||
cache-size=9500 | |||
EOF | |||
make sure systemd-resolved is disable: | |||
systemctl stop systemd-resolved.service | |||
systemctl disable systemd-resolved.service | |||
start and enable dnsmasq: | |||
systemctl enable dnsmasq.service | |||
systemctl start dnsmasq.service | |||
configure /etc/resolv.conf: | |||
nameserver 127.0.0.1 | |||
test your dns: | |||
nslookup vidalinux.net | |||
decompress zimbra archive: | |||
cd ~/ubuntu20/volume/UBUNTU20_64-DAFFODIL-1000-20230413144723-FOSS-0001 | |||
tar xvf zcs-10.0.0_GA_0001.UBUNTU20_64.20230413144723.tgz | |||
cd zcs-10.0.0_GA_0001.UBUNTU20_64.20230413144723 | |||
run zimbra installer: | |||
./install.sh | |||
make sure to block updates to any zimbra packages: | |||
apt-mark hold zip zimbra-* | |||
access zimbra web interface: | |||
https://vidalinux.net/ | |||
access zimbra web administration interface: | |||
https://vidalinux.net:7071 | |||
= fix webgui error = | |||
if you have an error 404 url not found entering the webui use the following command to fix the issue: | |||
su - zimbra -c "zmprov mcf zimbraModernWebClientDisabled TRUE" && /etc/init.d/zimbra restart | |||
= 07-24-2024 = | |||
this is a hack to fix error when "Installing mailboxd SSL certificates": | |||
/opt/zimbra/mailboxd/etc/keystore didn't exist. | |||
Mon Jul 24 20:49:39 2023 *** Running as zimbra user: /opt/zimbra/bin/zmcertmgr.bk deploycrt self | |||
** Installing imapd certificate '/opt/zimbra/conf/imapd.crt' and key '/opt/zimbra/conf/imapd.key' | |||
** Copying '/opt/zimbra/ssl/zimbra/server/server.crt' to '/opt/zimbra/conf/imapd.crt' | |||
** Copying '/opt/zimbra/ssl/zimbra/server/server.key' to '/opt/zimbra/conf/imapd.key' | |||
** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12' | |||
ERROR: openssl pkcs12 export to '/opt/zimbra/ssl/zimbra/jetty.pkcs12' failed(1): | |||
pkcs12: Unrecognized flag propquery | |||
pkcs12: Use -help for summary. | |||
run the installer, when installation stop do the following: | |||
wget https://pastebin.com/raw/a9Ts3sg9 -O zimbracertmgr.patch | |||
patch /opt/zimbra/bin/zmcertmgr < zimbracertmgr.patch | |||
chattr +i /opt/zimbra/bin/zmcertmgr | |||
run the setup script to finish installation: | |||
/opt/zimbra/libexec/zmsetup.pl | |||
= install new theme for zimbra = | |||
for ubuntu: | |||
wget https://download.zextras.com/zextras-theme-installer/latest/zextras-theme-ubuntu.tgz && tar xvf zextras-theme-ubuntu.tgz && cd zextras-theme-installer/packages && dpkg -i zextras-theme_1.0.1_amd64.deb && /etc/init.d/zimbra restart | |||
for centos: | |||
wget https://download.zextras.com/zextras-theme-installer/latest/zextras-theme-centos.tgz && tar xvf zextras-theme-centos.tgz && cd zextras-theme-installer/packages && rpm -ivh zextras-theme-1.0.1.x86_64.rpm && /etc/init.d/zimbra restart | |||
= install ssl certificate = | |||
script for installing ssl certificate: | |||
cat > /usr/local/bin/install-cert-zimbra << "EOF" | |||
#!/bin/bash | |||
DOMAIN=vidalinux.net | |||
CERT_DIR=/root/certificates | |||
CERT_KEY=$DOMAIN.key | |||
CERT_CRT=$DOMAIN.crt | |||
CERT_ROOT=root.pem | |||
SSL_DIR=/opt/zimbra/ssl/letsencrypt | |||
if [ ! -d ${SSL_DIR} ]; | |||
then | |||
echo "creating ssl tmp directory" | |||
mkdir -p ${SSL_DIR} | |||
fi | |||
echo "copying certificates to zimbra directory" | |||
rm -rf $SSL_DIR/* | |||
cp $CERT_DIR/* $SSL_DIR/ | |||
cp $CERT_DIR/$CERT_KEY /opt/zimbra/ssl/zimbra/commercial/commercial.key | |||
chown -R zimbra.zimbra $SSL_DIR/ /opt/zimbra/ssl/zimbra/commercial/commercial.key | |||
echo "verifying letsencrypt ssl certificates" | |||
su - zimbra -c "/opt/zimbra/bin/zmcertmgr verifycrt comm $SSL_DIR/$CERT_KEY $SSL_DIR/$CERT_CRT $SSL_DIR/$CERT_ROOT" | |||
echo "install letsencrypt ssl certificates" | |||
su - zimbra -c "/opt/zimbra/bin/zmcertmgr deploycrt comm $SSL_DIR/$CERT_CRT $SSL_DIR/$CERT_ROOT" | |||
echo "restarting zimbra services" | |||
/etc/init.d/zimbra restart | |||
EOF | |||
fix file permissions: | |||
chmod +x /usr/local/bin/install-cert-zimbra | |||
run the script as root: | |||
install-cert-zimbra | |||
got the following error when installing new certificate: | |||
** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12' | |||
ERROR: openssl pkcs12 export to '/opt/zimbra/ssl/zimbra/jetty.pkcs12' failed(1): | |||
Error creating PKCS12 MAC; no PKCS12KDF support? | |||
Use -nomac if MAC not required and PKCS12KDF support not available. | |||
80C2EBFDFB7F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:373:Global default library context, Algorithm (PKCS12KDF : 192), Properties (<null>) | |||
80C2EBFDFB7F0000:error:1180006B:PKCS12 routines:pkcs12_gen_mac:key gen error:crypto/pkcs12/p12_mutl.c:147: | |||
80C2EBFDFB7F0000:error:1180006D:PKCS12 routines:PKCS12_set_mac:mac generation error:crypto/pkcs12/p12_mutl.c:220: | |||
to fix this error edit /opt/zimbra/bin/zmcertmgr: | |||
# add the following on line 1821 | |||
"pass:$kpass", "-nomac", "2>&1" | |||
# add the following on line 1879 | |||
"pass:$kpass", "-nomac", "2>&1" | |||
= upgrade zimbra to latest FOSS = | |||
backup script for zimbra: | |||
cat > /usr/local/bin/backup_zimbra << EOF | |||
#!/bin/bash | |||
DATE=$(date +%F) | |||
ZIM_DIR=/opt/zimbra | |||
BACK_DIR=/mnt/backup | |||
ZIM_VER=$(su - zimbra -c "zmcontrol -v|cut -d ' ' -f2") | |||
HOSTNAME=$(hostname) | |||
DIR_NAME=10.0.0.GA.0001.UBUNTU20.64.2024-10-04 | |||
if [ $1 = backup ]; | |||
then | |||
if [ ! -d ${BACK_DIR} ]; | |||
then | |||
mkdir -p ${BACK_DIR} | |||
fi | |||
# stop zimbra | |||
/etc/init.d/zimbra stop | |||
rsync -av ${ZIM_DIR}/ ${BACK_DIR}/${HOSTNAME}.${ZIM_VER}.${DATE}/ | |||
# start zimbra | |||
/etc/init.d/zimbra start | |||
fi | |||
if [ $1 = restore ]; | |||
then | |||
rsync -av ${BACK_DIR}/${HOSTNAME}.${DIR_NAME} /opt | |||
fi | |||
EOF | |||
set permissions for backup script: | |||
chmod +x /usr/local/bin/backup_zimbra | |||
backup your zimbra installation: | |||
backup_zimbra backup | |||
verify zimbra ca self sign certificate: | |||
openssl x509 -text -in /opt/zimbra/conf/ca/ca.pem | grep -A 3 Valid | |||
before upgrade deploy a new ca self sign certificate: | |||
su - zimbra -c "/opt/zimbra/bin/zmcertmgr createca -new" | |||
su - zimbra -c "/opt/zimbra/bin/zmcertmgr deployca" | |||
stop ldap server: | |||
su - zimbra -c "ldap stop" | |||
backup ldap server data: | |||
su - zimbra -c "/opt/zimbra/libexec/zmslapcat /opt/zimbra/data/ldap/mdb/db" | |||
create ldap attributes txt file: | |||
cat > /opt/zimbra/data/ldap/mdb/db/attr.txt << EOF | |||
zimbraBrandingFolderName | |||
zimbraContactAffinityEventLoggingEnabled | |||
zimbraCountAccountsEnabled | |||
zimbraDefaultSortByRelevance | |||
zimbraDelayedIndexInactiveAccountAge | |||
zimbraDomainLoginPageEnabled | |||
zimbraDomainLoginPageErrorPath | |||
zimbraDomainLoginPageFallbackPath | |||
zimbraDomainLoginPagePath | |||
zimbraDomainTrialConvertAtExpiration | |||
zimbraDomainTrialExpirationDate | |||
zimbraEventBackendURL | |||
zimbraEventBatchLifetime | |||
zimbraEventBatchMaxSize | |||
zimbraEventIndexInitialNumShards | |||
zimbraEventIndexName | |||
zimbraEventIndexReplicationFactor | |||
zimbraEventLoggingBackends | |||
zimbraEventLoggingEnabled | |||
zimbraEventLoggingNumThreads | |||
zimbraFeatureAllowUsernameInPassword | |||
zimbraFeatureBasicOneToOneChatEnabled | |||
zimbraFeatureChatAllFeaturesEnabled | |||
zimbraFeatureMailRecallEnabled | |||
zimbraFeatureMailRecallTime | |||
zimbraFeatureMaxVideoParticipantsForUser | |||
zimbraFeatureRelatedContactsEnabled | |||
zimbraFeatureRetentionPolicyEnabled | |||
zimbraFeatureSearchHistoryEnabled | |||
zimbraFeatureVideoAllFeaturesEnabled | |||
zimbraFeatureZulipChatEnabled | |||
zimbraIndexingQueueMaxSize | |||
zimbraIndexingQueuePollingInterval | |||
zimbraIndexingQueueTimeout | |||
zimbraIndexPollingInterval | |||
zimbraIndexReIndexThreads | |||
zimbraIndexReplicationTimeout | |||
zimbraIndexTermsCacheSize | |||
zimbraIndexThreads | |||
zimbraIndexURL | |||
zimbraLicenseDaemonServerHost | |||
zimbraMachineLearningBackendURL | |||
zimbraMachineLearningClassifierInfo | |||
zimbraMachineLearningTaskConfig | |||
zimbraMailboxIndexInitialNumShards | |||
zimbraMailboxIndexName | |||
zimbraMailboxInitialized | |||
zimbraMaxIndexingRetries | |||
zimbraMaxSolrBatchDeletionSize | |||
zimbraMobileConfigSigningCertificate | |||
zimbraMobileConfigSigningKey | |||
zimbraModernWebClientDisabled | |||
zimbraNumSearchesForSavedSearchPrompt | |||
zimbraPrefPrimaryTwoFactorAuthMethod | |||
zimbraPrefSlackCalendarReminderEnabled | |||
zimbraReindexBatchSize | |||
zimbraRelatedContactsMaxAge | |||
zimbraRelatedContactsMinConcurrenceCount | |||
zimbraSearchHistoryAge | |||
zimbraServerVersionChangeNotificationDisabled | |||
zimbraSignupAffiliate | |||
zimbraSignupRecoveryEmail | |||
zimbraSMTPPublicServiceHostname | |||
zimbraSMTPPublicServicePort | |||
zimbraSMTPPublicServiceProtocol | |||
zimbraSolrBatchDeletionInterval | |||
zimbraSolrMaxRetries | |||
zimbraSolrReplicationFactor | |||
zimbraTrialConvertAtExpiration | |||
zimbraTrialExpirationDate | |||
zimbraTwoFactorAuthEmailCodeLength | |||
zimbraTwoFactorAuthMethodAllowed | |||
zimbraTwoFactorAuthMethodEnabled | |||
zimbraTwoFactorCodeEmailBodyHtml | |||
zimbraTwoFactorCodeEmailBodyText | |||
zimbraTwoFactorCodeEmailFrom | |||
zimbraTwoFactorCodeEmailSubject | |||
zimbraTwoFactorCodeForEmail | |||
zimbraTwoFactorCodeLifetimeForEmail | |||
zimbraUserType | |||
zimbraWebclientUnsupportedBrowserRedirectToClassicEnabled | |||
zimbraWebclientUnsupportedBrowserRedirectToClassicUserAgents | |||
zimbraWebclientUnsupportedBrowserRedirectToErrorPageEnabled | |||
zimbraWebclientUnsupportedBrowserRedirectToErrorPageURL | |||
zimbraWebclientUnsupportedBrowserRedirectToErrorPageUserAgents | |||
zimbraZKClientTimeout | |||
zimbraZulipChatDomainId | |||
EOF | |||
enter ldap data file directory: | |||
cd /opt/zimbra/data/ldap/mdb/db | |||
grep to check if any unknown attributes are present: | |||
grep -f attr.txt ldap.bak | |||
remove this attributes from ldap backup: | |||
for i in `cat attr.txt`; do sed -i '/'$i'/d' ldap.bak; done | |||
move current ldap data file to diferent name: | |||
mv data.mdb data.mdb.old.$(date +%F) | |||
create new ldap data file using backup: | |||
su - zimbra -c '/opt/zimbra/common/sbin/slapadd -q -b "" -F /opt/zimbra/data/ldap/config -l /opt/zimbra/data/ldap/mdb/db/ldap.bak' | |||
start ldap server: | |||
su - zimbra -c "ldap start" | |||
compress old ldap data file: | |||
gzip data.mdb.old.$(date +%F) | |||
stop zimbra: | |||
/etc/init.d/zimbra stop | |||
move or rename current zimbra directory: | |||
mv /opt/zimbra /opt/zimbra.working | |||
remove zimbra packages: | |||
apt remove zimbra-* -y | |||
download latest zimbra: | |||
https://maldua.github.io/zimbra-foss-builder/downloads.html | |||
install zimbra packages: | |||
cd zcs-**/ | |||
./install.sh -s | |||
remove zimbra directory and replace with backup: | |||
rm -rf /opt/zimbra | |||
mv /opt/zimbra.working /opt/zimbra | |||
run zimbra installer again: | |||
./install.sh -s | |||
again run the install without -s: | |||
./install.sh | |||
if after upgrade have issues with mailbox not starting: | |||
remove the whole docserver XML block from the jetty config xmls /opt/zimbra/jetty/etc/jetty.xml & /opt/zimbra/jetty/etc/jetty.xml.in | |||
if upgrading from 10.0.6 or older and got the following error: | |||
Saving CA in ldap...failed. | |||
** Saving config key 'zimbraCertAuthorityCertSelfSigned' via zmprov modifyConfig...failed (rc=2) | |||
edit /opt/zimbra/conf/zimbra-attrs-schema to reflect this schema version: | |||
1673397105 | |||
edit your ldap backup /opt/zimbra/data/ldap/mdb/db/ldap.bak and change schema version: | |||
zimbraLDAPSchemaVersion: 1673397105 | |||
stop your ldap and rename current ldap data file: | |||
mv /opt/zimbra/data/ldap/mdb/db/data.mdb /opt/zimbra/data/ldap/mdb/db/data.mdb.old | |||
then restore from your backup: | |||
su - zimbra -c '/opt/zimbra/common/sbin/slapadd -q -b "" -F /opt/zimbra/data/ldap/config -l /opt/zimbra/data/ldap/mdb/db/ldap.bak' | |||
= references = | = references = | ||
* https://github.com/Zimbra/zm-build | * https://github.com/Zimbra/zm-build | ||
* https://github.com/maldua/zimbra-foss-builder/releases | |||
* https://github.com/Zimbra/packages/tree/develop/thirdparty | |||
* https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | |||
* https://wiki.zimbra.com/wiki/Zimbra_Releases | |||
* https://www.zimbra.com/downloads/zimbra-collaboration-open-source | |||
* https://github.com/Zimbra-Community/ansible-zimbra-single | |||
* https://forums.zimbra.org/viewtopic.php?t=72619&sid=e9fdc67577517de50b6fe8d9bcfd5918 | |||
* https://forums.zimbra.org/viewtopic.php?p=313588#p313588 | |||
* https://wiki.zimbra.com/wiki/Purge_old_zmstats_data |
Latest revision as of 04:09, 15 October 2024
compile zimbra
install podman:
https://wiki.vidalinux.org/index.php/Howto_podman#install_podman_ubuntu
for ubuntu 18.04:
https://hub.docker.com/r/ovox/zimbrabuild-ubuntu18
for ubuntu 20.04:
https://hub.docker.com/r/ovox/zimbrabuild-ubuntu20
for centos7:
https://hub.docker.com/r/ovox/zimbrabuild-centos7
for almalinux8:
https://hub.docker.com/r/ovox/zimbrabuild-alma8
install zimbra
install the following packages for ubuntu :
apt-get update && apt-get -y install sqlite3 bind9-dnsutils perl perl-base perl-modules nano sudo libpcre3 libgmp10 unzip libgmp3-dev sysstat libexpat1 wget language-pack-en libaio1 pax dnsmasq net-tools
install the following packages rhel:
yum -y install wget nmap-ncat unzip perl-core openssh-clients sysstat net-tools ntpl sudo libidn libstdc++.so.6 gmp libaio dnsmasq
set hostname:
hostnamectl set-hostname vidalinux.net
configure /etc/hosts:
127.0.0.1 localhost 192.168.24.45 vidalinux.net mail.vidalinux.net
configure domain:
cat >> /etc/dnsmasq.conf << EOF listen-address=127.0.0.1 interface=eth0 expand-hosts domain=vidalinux.net server=4.2.2.1 server=4.2.2.2 address=/.vidalinux.net/127.0.0.1 address=/.vidalinux.net/192.168.24.45 mx-host=vidalinux.net,mail.vidalinux.com,1 addn-hosts=/etc/hosts cache-size=9500 EOF
make sure systemd-resolved is disable:
systemctl stop systemd-resolved.service systemctl disable systemd-resolved.service
start and enable dnsmasq:
systemctl enable dnsmasq.service systemctl start dnsmasq.service
configure /etc/resolv.conf:
nameserver 127.0.0.1
test your dns:
nslookup vidalinux.net
decompress zimbra archive:
cd ~/ubuntu20/volume/UBUNTU20_64-DAFFODIL-1000-20230413144723-FOSS-0001 tar xvf zcs-10.0.0_GA_0001.UBUNTU20_64.20230413144723.tgz cd zcs-10.0.0_GA_0001.UBUNTU20_64.20230413144723
run zimbra installer:
./install.sh
make sure to block updates to any zimbra packages:
apt-mark hold zip zimbra-*
access zimbra web interface:
https://vidalinux.net/
access zimbra web administration interface:
https://vidalinux.net:7071
fix webgui error
if you have an error 404 url not found entering the webui use the following command to fix the issue:
su - zimbra -c "zmprov mcf zimbraModernWebClientDisabled TRUE" && /etc/init.d/zimbra restart
07-24-2024
this is a hack to fix error when "Installing mailboxd SSL certificates":
/opt/zimbra/mailboxd/etc/keystore didn't exist. Mon Jul 24 20:49:39 2023 *** Running as zimbra user: /opt/zimbra/bin/zmcertmgr.bk deploycrt self ** Installing imapd certificate '/opt/zimbra/conf/imapd.crt' and key '/opt/zimbra/conf/imapd.key' ** Copying '/opt/zimbra/ssl/zimbra/server/server.crt' to '/opt/zimbra/conf/imapd.crt' ** Copying '/opt/zimbra/ssl/zimbra/server/server.key' to '/opt/zimbra/conf/imapd.key' ** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12' ERROR: openssl pkcs12 export to '/opt/zimbra/ssl/zimbra/jetty.pkcs12' failed(1): pkcs12: Unrecognized flag propquery pkcs12: Use -help for summary.
run the installer, when installation stop do the following:
wget https://pastebin.com/raw/a9Ts3sg9 -O zimbracertmgr.patch patch /opt/zimbra/bin/zmcertmgr < zimbracertmgr.patch chattr +i /opt/zimbra/bin/zmcertmgr
run the setup script to finish installation:
/opt/zimbra/libexec/zmsetup.pl
install new theme for zimbra
for ubuntu:
wget https://download.zextras.com/zextras-theme-installer/latest/zextras-theme-ubuntu.tgz && tar xvf zextras-theme-ubuntu.tgz && cd zextras-theme-installer/packages && dpkg -i zextras-theme_1.0.1_amd64.deb && /etc/init.d/zimbra restart
for centos:
wget https://download.zextras.com/zextras-theme-installer/latest/zextras-theme-centos.tgz && tar xvf zextras-theme-centos.tgz && cd zextras-theme-installer/packages && rpm -ivh zextras-theme-1.0.1.x86_64.rpm && /etc/init.d/zimbra restart
install ssl certificate
script for installing ssl certificate:
cat > /usr/local/bin/install-cert-zimbra << "EOF" #!/bin/bash DOMAIN=vidalinux.net CERT_DIR=/root/certificates CERT_KEY=$DOMAIN.key CERT_CRT=$DOMAIN.crt CERT_ROOT=root.pem SSL_DIR=/opt/zimbra/ssl/letsencrypt if [ ! -d ${SSL_DIR} ]; then echo "creating ssl tmp directory" mkdir -p ${SSL_DIR} fi echo "copying certificates to zimbra directory" rm -rf $SSL_DIR/* cp $CERT_DIR/* $SSL_DIR/ cp $CERT_DIR/$CERT_KEY /opt/zimbra/ssl/zimbra/commercial/commercial.key chown -R zimbra.zimbra $SSL_DIR/ /opt/zimbra/ssl/zimbra/commercial/commercial.key echo "verifying letsencrypt ssl certificates" su - zimbra -c "/opt/zimbra/bin/zmcertmgr verifycrt comm $SSL_DIR/$CERT_KEY $SSL_DIR/$CERT_CRT $SSL_DIR/$CERT_ROOT" echo "install letsencrypt ssl certificates" su - zimbra -c "/opt/zimbra/bin/zmcertmgr deploycrt comm $SSL_DIR/$CERT_CRT $SSL_DIR/$CERT_ROOT" echo "restarting zimbra services" /etc/init.d/zimbra restart EOF
fix file permissions:
chmod +x /usr/local/bin/install-cert-zimbra
run the script as root:
install-cert-zimbra
got the following error when installing new certificate:
** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12' ERROR: openssl pkcs12 export to '/opt/zimbra/ssl/zimbra/jetty.pkcs12' failed(1): Error creating PKCS12 MAC; no PKCS12KDF support? Use -nomac if MAC not required and PKCS12KDF support not available. 80C2EBFDFB7F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:373:Global default library context, Algorithm (PKCS12KDF : 192), Properties (<null>) 80C2EBFDFB7F0000:error:1180006B:PKCS12 routines:pkcs12_gen_mac:key gen error:crypto/pkcs12/p12_mutl.c:147: 80C2EBFDFB7F0000:error:1180006D:PKCS12 routines:PKCS12_set_mac:mac generation error:crypto/pkcs12/p12_mutl.c:220:
to fix this error edit /opt/zimbra/bin/zmcertmgr:
# add the following on line 1821 "pass:$kpass", "-nomac", "2>&1"
# add the following on line 1879 "pass:$kpass", "-nomac", "2>&1"
upgrade zimbra to latest FOSS
backup script for zimbra:
cat > /usr/local/bin/backup_zimbra << EOF #!/bin/bash DATE=$(date +%F) ZIM_DIR=/opt/zimbra BACK_DIR=/mnt/backup ZIM_VER=$(su - zimbra -c "zmcontrol -v|cut -d ' ' -f2") HOSTNAME=$(hostname) DIR_NAME=10.0.0.GA.0001.UBUNTU20.64.2024-10-04 if [ $1 = backup ]; then if [ ! -d ${BACK_DIR} ]; then mkdir -p ${BACK_DIR} fi # stop zimbra /etc/init.d/zimbra stop rsync -av ${ZIM_DIR}/ ${BACK_DIR}/${HOSTNAME}.${ZIM_VER}.${DATE}/ # start zimbra /etc/init.d/zimbra start fi if [ $1 = restore ]; then rsync -av ${BACK_DIR}/${HOSTNAME}.${DIR_NAME} /opt fi EOF
set permissions for backup script:
chmod +x /usr/local/bin/backup_zimbra
backup your zimbra installation:
backup_zimbra backup
verify zimbra ca self sign certificate:
openssl x509 -text -in /opt/zimbra/conf/ca/ca.pem | grep -A 3 Valid
before upgrade deploy a new ca self sign certificate:
su - zimbra -c "/opt/zimbra/bin/zmcertmgr createca -new" su - zimbra -c "/opt/zimbra/bin/zmcertmgr deployca"
stop ldap server:
su - zimbra -c "ldap stop"
backup ldap server data:
su - zimbra -c "/opt/zimbra/libexec/zmslapcat /opt/zimbra/data/ldap/mdb/db"
create ldap attributes txt file:
cat > /opt/zimbra/data/ldap/mdb/db/attr.txt << EOF zimbraBrandingFolderName zimbraContactAffinityEventLoggingEnabled zimbraCountAccountsEnabled zimbraDefaultSortByRelevance zimbraDelayedIndexInactiveAccountAge zimbraDomainLoginPageEnabled zimbraDomainLoginPageErrorPath zimbraDomainLoginPageFallbackPath zimbraDomainLoginPagePath zimbraDomainTrialConvertAtExpiration zimbraDomainTrialExpirationDate zimbraEventBackendURL zimbraEventBatchLifetime zimbraEventBatchMaxSize zimbraEventIndexInitialNumShards zimbraEventIndexName zimbraEventIndexReplicationFactor zimbraEventLoggingBackends zimbraEventLoggingEnabled zimbraEventLoggingNumThreads zimbraFeatureAllowUsernameInPassword zimbraFeatureBasicOneToOneChatEnabled zimbraFeatureChatAllFeaturesEnabled zimbraFeatureMailRecallEnabled zimbraFeatureMailRecallTime zimbraFeatureMaxVideoParticipantsForUser zimbraFeatureRelatedContactsEnabled zimbraFeatureRetentionPolicyEnabled zimbraFeatureSearchHistoryEnabled zimbraFeatureVideoAllFeaturesEnabled zimbraFeatureZulipChatEnabled zimbraIndexingQueueMaxSize zimbraIndexingQueuePollingInterval zimbraIndexingQueueTimeout zimbraIndexPollingInterval zimbraIndexReIndexThreads zimbraIndexReplicationTimeout zimbraIndexTermsCacheSize zimbraIndexThreads zimbraIndexURL zimbraLicenseDaemonServerHost zimbraMachineLearningBackendURL zimbraMachineLearningClassifierInfo zimbraMachineLearningTaskConfig zimbraMailboxIndexInitialNumShards zimbraMailboxIndexName zimbraMailboxInitialized zimbraMaxIndexingRetries zimbraMaxSolrBatchDeletionSize zimbraMobileConfigSigningCertificate zimbraMobileConfigSigningKey zimbraModernWebClientDisabled zimbraNumSearchesForSavedSearchPrompt zimbraPrefPrimaryTwoFactorAuthMethod zimbraPrefSlackCalendarReminderEnabled zimbraReindexBatchSize zimbraRelatedContactsMaxAge zimbraRelatedContactsMinConcurrenceCount zimbraSearchHistoryAge zimbraServerVersionChangeNotificationDisabled zimbraSignupAffiliate zimbraSignupRecoveryEmail zimbraSMTPPublicServiceHostname zimbraSMTPPublicServicePort zimbraSMTPPublicServiceProtocol zimbraSolrBatchDeletionInterval zimbraSolrMaxRetries zimbraSolrReplicationFactor zimbraTrialConvertAtExpiration zimbraTrialExpirationDate zimbraTwoFactorAuthEmailCodeLength zimbraTwoFactorAuthMethodAllowed zimbraTwoFactorAuthMethodEnabled zimbraTwoFactorCodeEmailBodyHtml zimbraTwoFactorCodeEmailBodyText zimbraTwoFactorCodeEmailFrom zimbraTwoFactorCodeEmailSubject zimbraTwoFactorCodeForEmail zimbraTwoFactorCodeLifetimeForEmail zimbraUserType zimbraWebclientUnsupportedBrowserRedirectToClassicEnabled zimbraWebclientUnsupportedBrowserRedirectToClassicUserAgents zimbraWebclientUnsupportedBrowserRedirectToErrorPageEnabled zimbraWebclientUnsupportedBrowserRedirectToErrorPageURL zimbraWebclientUnsupportedBrowserRedirectToErrorPageUserAgents zimbraZKClientTimeout zimbraZulipChatDomainId EOF
enter ldap data file directory:
cd /opt/zimbra/data/ldap/mdb/db
grep to check if any unknown attributes are present:
grep -f attr.txt ldap.bak
remove this attributes from ldap backup:
for i in `cat attr.txt`; do sed -i '/'$i'/d' ldap.bak; done
move current ldap data file to diferent name:
mv data.mdb data.mdb.old.$(date +%F)
create new ldap data file using backup:
su - zimbra -c '/opt/zimbra/common/sbin/slapadd -q -b "" -F /opt/zimbra/data/ldap/config -l /opt/zimbra/data/ldap/mdb/db/ldap.bak'
start ldap server:
su - zimbra -c "ldap start"
compress old ldap data file:
gzip data.mdb.old.$(date +%F)
stop zimbra:
/etc/init.d/zimbra stop
move or rename current zimbra directory:
mv /opt/zimbra /opt/zimbra.working
remove zimbra packages:
apt remove zimbra-* -y
download latest zimbra:
https://maldua.github.io/zimbra-foss-builder/downloads.html
install zimbra packages:
cd zcs-**/ ./install.sh -s
remove zimbra directory and replace with backup:
rm -rf /opt/zimbra mv /opt/zimbra.working /opt/zimbra
run zimbra installer again:
./install.sh -s
again run the install without -s:
./install.sh
if after upgrade have issues with mailbox not starting:
remove the whole docserver XML block from the jetty config xmls /opt/zimbra/jetty/etc/jetty.xml & /opt/zimbra/jetty/etc/jetty.xml.in
if upgrading from 10.0.6 or older and got the following error:
Saving CA in ldap...failed. ** Saving config key 'zimbraCertAuthorityCertSelfSigned' via zmprov modifyConfig...failed (rc=2)
edit /opt/zimbra/conf/zimbra-attrs-schema to reflect this schema version:
1673397105
edit your ldap backup /opt/zimbra/data/ldap/mdb/db/ldap.bak and change schema version:
zimbraLDAPSchemaVersion: 1673397105
stop your ldap and rename current ldap data file:
mv /opt/zimbra/data/ldap/mdb/db/data.mdb /opt/zimbra/data/ldap/mdb/db/data.mdb.old
then restore from your backup:
su - zimbra -c '/opt/zimbra/common/sbin/slapadd -q -b "" -F /opt/zimbra/data/ldap/config -l /opt/zimbra/data/ldap/mdb/db/ldap.bak'
references
- https://github.com/Zimbra/zm-build
- https://github.com/maldua/zimbra-foss-builder/releases
- https://github.com/Zimbra/packages/tree/develop/thirdparty
- https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
- https://wiki.zimbra.com/wiki/Zimbra_Releases
- https://www.zimbra.com/downloads/zimbra-collaboration-open-source
- https://github.com/Zimbra-Community/ansible-zimbra-single
- https://forums.zimbra.org/viewtopic.php?t=72619&sid=e9fdc67577517de50b6fe8d9bcfd5918
- https://forums.zimbra.org/viewtopic.php?p=313588#p313588
- https://wiki.zimbra.com/wiki/Purge_old_zmstats_data