Howto zimbra: Difference between revisions
Mandulete1 (talk | contribs) |
Mandulete1 (talk | contribs) |
||
(23 intermediate revisions by the same user not shown) | |||
Line 132: | Line 132: | ||
"pass:$kpass", "-nomac", "2>&1" | "pass:$kpass", "-nomac", "2>&1" | ||
= upgrade zimbra to latest FOSS = | = upgrade zimbra to latest FOSS = | ||
before upgrade deploy a new ca self certificate: | backup script for zimbra: | ||
/opt/zimbra/bin/zmcertmgr createca -new | cat > /usr/local/bin/backup_zimbra << EOF | ||
/opt/zimbra/bin/zmcertmgr deployca | #!/bin/bash | ||
DATE=$(date +%F) | |||
ZIM_DIR=/opt/zimbra | |||
BACK_DIR=/mnt/backup | |||
ZIM_VER=$(su - zimbra -c "zmcontrol -v|cut -d ' ' -f2") | |||
HOSTNAME=$(hostname) | |||
DIR_NAME=10.0.0.GA.0001.UBUNTU20.64.2024-10-04 | |||
if [ $1 = backup ]; | |||
then | |||
if [ ! -d ${BACK_DIR} ]; | |||
then | |||
mkdir -p ${BACK_DIR} | |||
fi | |||
# stop zimbra | |||
/etc/init.d/zimbra stop | |||
rsync -av ${ZIM_DIR}/ ${BACK_DIR}/${HOSTNAME}.${ZIM_VER}.${DATE}/ | |||
# start zimbra | |||
/etc/init.d/zimbra start | |||
fi | |||
if [ $1 = restore ]; | |||
then | |||
rsync -av ${BACK_DIR}/${HOSTNAME}.${DIR_NAME} /opt | |||
fi | |||
EOF | |||
set permissions for backup script: | |||
chmod +x /usr/local/bin/backup_zimbra | |||
backup your zimbra installation: | |||
backup_zimbra backup | |||
verify zimbra ca self sign certificate: | |||
openssl x509 -text -in /opt/zimbra/conf/ca/ca.pem | grep -A 3 Valid | |||
before upgrade deploy a new ca self sign certificate: | |||
su - zimbra -c "/opt/zimbra/bin/zmcertmgr createca -new" | |||
su - zimbra -c "/opt/zimbra/bin/zmcertmgr deployca" | |||
stop ldap server: | |||
su - zimbra -c "ldap stop" | su - zimbra -c "ldap stop" | ||
backup ldap server data: | |||
su - zimbra -c "/opt/zimbra/libexec/zmslapcat /opt/zimbra/data/ldap/mdb/db" | su - zimbra -c "/opt/zimbra/libexec/zmslapcat /opt/zimbra/data/ldap/mdb/db" | ||
create ldap attributes txt file: | |||
cat > /opt/zimbra/data/ldap/mdb/db/attr.txt << EOF | cat > /opt/zimbra/data/ldap/mdb/db/attr.txt << EOF | ||
zimbraBrandingFolderName | zimbraBrandingFolderName | ||
Line 201: | Line 238: | ||
zimbraSignupAffiliate | zimbraSignupAffiliate | ||
zimbraSignupRecoveryEmail | zimbraSignupRecoveryEmail | ||
zimbraSMTPPublicServiceHostname | zimbraSMTPPublicServiceHostname | ||
zimbraSMTPPublicServicePort | zimbraSMTPPublicServicePort | ||
Line 228: | Line 264: | ||
zimbraZulipChatDomainId | zimbraZulipChatDomainId | ||
EOF | EOF | ||
enter ldap data file directory: | |||
cd /opt/zimbra/data/ldap/mdb/db | |||
grep to check if any unknown attributes are present: | |||
grep -f attr.txt ldap.bak | |||
remove this attributes from ldap backup: | |||
for i in `cat attr.txt`; do sed -i '/'$i'/d' ldap.bak; done | for i in `cat attr.txt`; do sed -i '/'$i'/d' ldap.bak; done | ||
move current ldap data file to diferent name: | |||
mv data.mdb data.mdb.old.$(date +%F) | mv data.mdb data.mdb.old.$(date +%F) | ||
create new ldap data file using backup: | |||
su - zimbra -c '/opt/zimbra/common/sbin/slapadd -q -b "" -F /opt/zimbra/data/ldap/config -l /opt/zimbra/data/ldap/mdb/db/ldap.bak' | su - zimbra -c '/opt/zimbra/common/sbin/slapadd -q -b "" -F /opt/zimbra/data/ldap/config -l /opt/zimbra/data/ldap/mdb/db/ldap.bak' | ||
start ldap server: | |||
su - zimbra -c "ldap start" | su - zimbra -c "ldap start" | ||
compress old ldap data file: | |||
gzip data.mdb.old.$(date +%F) | gzip data.mdb.old.$(date +%F) | ||
stop zimbra: | stop zimbra: | ||
/etc/init.d/zimbra stop | /etc/init.d/zimbra stop | ||
move or rename current zimbra directory: | |||
mv /opt/zimbra /opt/zimbra.working | mv /opt/zimbra /opt/zimbra.working | ||
remove zimbra packages: | remove zimbra packages: | ||
Line 241: | Line 286: | ||
download latest zimbra: | download latest zimbra: | ||
https://maldua.github.io/zimbra-foss-builder/downloads.html | https://maldua.github.io/zimbra-foss-builder/downloads.html | ||
install zimbra packages: | install zimbra packages: | ||
cd zcs-**/ | cd zcs-**/ | ||
Line 251: | Line 295: | ||
./install.sh -s | ./install.sh -s | ||
again run the install without -s: | again run the install without -s: | ||
./install | ./install.sh | ||
if after upgrade have issues with mailbox not starting: | |||
remove the whole docserver XML block from the jetty config xmls /opt/zimbra/jetty/etc/jetty.xml & /opt/zimbra/jetty/etc/jetty.xml.in | |||
if upgrading from 10.0.6 or older and got the following error: | |||
Saving CA in ldap...failed. | |||
** Saving config key 'zimbraCertAuthorityCertSelfSigned' via zmprov modifyConfig...failed (rc=2) | |||
edit /opt/zimbra/conf/zimbra-attrs-schema to reflect this schema version: | |||
1673397105 | |||
edit your ldap backup /opt/zimbra/data/ldap/mdb/db/ldap.bak and change schema version: | |||
zimbraLDAPSchemaVersion: 1673397105 | |||
stop your ldap and rename current ldap data file: | |||
mv /opt/zimbra/data/ldap/mdb/db/data.mdb /opt/zimbra/data/ldap/mdb/db/data.mdb.old | |||
then restore from your backup: | |||
su - zimbra -c '/opt/zimbra/common/sbin/slapadd -q -b "" -F /opt/zimbra/data/ldap/config -l /opt/zimbra/data/ldap/mdb/db/ldap.bak' | |||
= references = | = references = | ||
* https://github.com/Zimbra/zm-build | * https://github.com/Zimbra/zm-build | ||
* https://github.com/maldua/zimbra-foss-builder/releases | |||
* https://github.com/Zimbra/packages/tree/develop/thirdparty | * https://github.com/Zimbra/packages/tree/develop/thirdparty | ||
* https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | * https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | ||
Line 260: | Line 318: | ||
* https://www.zimbra.com/downloads/zimbra-collaboration-open-source | * https://www.zimbra.com/downloads/zimbra-collaboration-open-source | ||
* https://github.com/Zimbra-Community/ansible-zimbra-single | * https://github.com/Zimbra-Community/ansible-zimbra-single | ||
* https://forums.zimbra.org/viewtopic.php?t=72619&sid=e9fdc67577517de50b6fe8d9bcfd5918 | |||
* https://forums.zimbra.org/viewtopic.php?p=313588#p313588 | |||
* https://wiki.zimbra.com/wiki/Purge_old_zmstats_data |
Latest revision as of 04:09, 15 October 2024
compile zimbra
install podman:
https://wiki.vidalinux.org/index.php/Howto_podman#install_podman_ubuntu
for ubuntu 18.04:
https://hub.docker.com/r/ovox/zimbrabuild-ubuntu18
for ubuntu 20.04:
https://hub.docker.com/r/ovox/zimbrabuild-ubuntu20
for centos7:
https://hub.docker.com/r/ovox/zimbrabuild-centos7
for almalinux8:
https://hub.docker.com/r/ovox/zimbrabuild-alma8
install zimbra
install the following packages for ubuntu :
apt-get update && apt-get -y install sqlite3 bind9-dnsutils perl perl-base perl-modules nano sudo libpcre3 libgmp10 unzip libgmp3-dev sysstat libexpat1 wget language-pack-en libaio1 pax dnsmasq net-tools
install the following packages rhel:
yum -y install wget nmap-ncat unzip perl-core openssh-clients sysstat net-tools ntpl sudo libidn libstdc++.so.6 gmp libaio dnsmasq
set hostname:
hostnamectl set-hostname vidalinux.net
configure /etc/hosts:
127.0.0.1 localhost 192.168.24.45 vidalinux.net mail.vidalinux.net
configure domain:
cat >> /etc/dnsmasq.conf << EOF listen-address=127.0.0.1 interface=eth0 expand-hosts domain=vidalinux.net server=4.2.2.1 server=4.2.2.2 address=/.vidalinux.net/127.0.0.1 address=/.vidalinux.net/192.168.24.45 mx-host=vidalinux.net,mail.vidalinux.com,1 addn-hosts=/etc/hosts cache-size=9500 EOF
make sure systemd-resolved is disable:
systemctl stop systemd-resolved.service systemctl disable systemd-resolved.service
start and enable dnsmasq:
systemctl enable dnsmasq.service systemctl start dnsmasq.service
configure /etc/resolv.conf:
nameserver 127.0.0.1
test your dns:
nslookup vidalinux.net
decompress zimbra archive:
cd ~/ubuntu20/volume/UBUNTU20_64-DAFFODIL-1000-20230413144723-FOSS-0001 tar xvf zcs-10.0.0_GA_0001.UBUNTU20_64.20230413144723.tgz cd zcs-10.0.0_GA_0001.UBUNTU20_64.20230413144723
run zimbra installer:
./install.sh
make sure to block updates to any zimbra packages:
apt-mark hold zip zimbra-*
access zimbra web interface:
https://vidalinux.net/
access zimbra web administration interface:
https://vidalinux.net:7071
fix webgui error
if you have an error 404 url not found entering the webui use the following command to fix the issue:
su - zimbra -c "zmprov mcf zimbraModernWebClientDisabled TRUE" && /etc/init.d/zimbra restart
07-24-2024
this is a hack to fix error when "Installing mailboxd SSL certificates":
/opt/zimbra/mailboxd/etc/keystore didn't exist. Mon Jul 24 20:49:39 2023 *** Running as zimbra user: /opt/zimbra/bin/zmcertmgr.bk deploycrt self ** Installing imapd certificate '/opt/zimbra/conf/imapd.crt' and key '/opt/zimbra/conf/imapd.key' ** Copying '/opt/zimbra/ssl/zimbra/server/server.crt' to '/opt/zimbra/conf/imapd.crt' ** Copying '/opt/zimbra/ssl/zimbra/server/server.key' to '/opt/zimbra/conf/imapd.key' ** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12' ERROR: openssl pkcs12 export to '/opt/zimbra/ssl/zimbra/jetty.pkcs12' failed(1): pkcs12: Unrecognized flag propquery pkcs12: Use -help for summary.
run the installer, when installation stop do the following:
wget https://pastebin.com/raw/a9Ts3sg9 -O zimbracertmgr.patch patch /opt/zimbra/bin/zmcertmgr < zimbracertmgr.patch chattr +i /opt/zimbra/bin/zmcertmgr
run the setup script to finish installation:
/opt/zimbra/libexec/zmsetup.pl
install new theme for zimbra
for ubuntu:
wget https://download.zextras.com/zextras-theme-installer/latest/zextras-theme-ubuntu.tgz && tar xvf zextras-theme-ubuntu.tgz && cd zextras-theme-installer/packages && dpkg -i zextras-theme_1.0.1_amd64.deb && /etc/init.d/zimbra restart
for centos:
wget https://download.zextras.com/zextras-theme-installer/latest/zextras-theme-centos.tgz && tar xvf zextras-theme-centos.tgz && cd zextras-theme-installer/packages && rpm -ivh zextras-theme-1.0.1.x86_64.rpm && /etc/init.d/zimbra restart
install ssl certificate
script for installing ssl certificate:
cat > /usr/local/bin/install-cert-zimbra << "EOF" #!/bin/bash DOMAIN=vidalinux.net CERT_DIR=/root/certificates CERT_KEY=$DOMAIN.key CERT_CRT=$DOMAIN.crt CERT_ROOT=root.pem SSL_DIR=/opt/zimbra/ssl/letsencrypt if [ ! -d ${SSL_DIR} ]; then echo "creating ssl tmp directory" mkdir -p ${SSL_DIR} fi echo "copying certificates to zimbra directory" rm -rf $SSL_DIR/* cp $CERT_DIR/* $SSL_DIR/ cp $CERT_DIR/$CERT_KEY /opt/zimbra/ssl/zimbra/commercial/commercial.key chown -R zimbra.zimbra $SSL_DIR/ /opt/zimbra/ssl/zimbra/commercial/commercial.key echo "verifying letsencrypt ssl certificates" su - zimbra -c "/opt/zimbra/bin/zmcertmgr verifycrt comm $SSL_DIR/$CERT_KEY $SSL_DIR/$CERT_CRT $SSL_DIR/$CERT_ROOT" echo "install letsencrypt ssl certificates" su - zimbra -c "/opt/zimbra/bin/zmcertmgr deploycrt comm $SSL_DIR/$CERT_CRT $SSL_DIR/$CERT_ROOT" echo "restarting zimbra services" /etc/init.d/zimbra restart EOF
fix file permissions:
chmod +x /usr/local/bin/install-cert-zimbra
run the script as root:
install-cert-zimbra
got the following error when installing new certificate:
** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12' ERROR: openssl pkcs12 export to '/opt/zimbra/ssl/zimbra/jetty.pkcs12' failed(1): Error creating PKCS12 MAC; no PKCS12KDF support? Use -nomac if MAC not required and PKCS12KDF support not available. 80C2EBFDFB7F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:373:Global default library context, Algorithm (PKCS12KDF : 192), Properties (<null>) 80C2EBFDFB7F0000:error:1180006B:PKCS12 routines:pkcs12_gen_mac:key gen error:crypto/pkcs12/p12_mutl.c:147: 80C2EBFDFB7F0000:error:1180006D:PKCS12 routines:PKCS12_set_mac:mac generation error:crypto/pkcs12/p12_mutl.c:220:
to fix this error edit /opt/zimbra/bin/zmcertmgr:
# add the following on line 1821 "pass:$kpass", "-nomac", "2>&1"
# add the following on line 1879 "pass:$kpass", "-nomac", "2>&1"
upgrade zimbra to latest FOSS
backup script for zimbra:
cat > /usr/local/bin/backup_zimbra << EOF #!/bin/bash DATE=$(date +%F) ZIM_DIR=/opt/zimbra BACK_DIR=/mnt/backup ZIM_VER=$(su - zimbra -c "zmcontrol -v|cut -d ' ' -f2") HOSTNAME=$(hostname) DIR_NAME=10.0.0.GA.0001.UBUNTU20.64.2024-10-04 if [ $1 = backup ]; then if [ ! -d ${BACK_DIR} ]; then mkdir -p ${BACK_DIR} fi # stop zimbra /etc/init.d/zimbra stop rsync -av ${ZIM_DIR}/ ${BACK_DIR}/${HOSTNAME}.${ZIM_VER}.${DATE}/ # start zimbra /etc/init.d/zimbra start fi if [ $1 = restore ]; then rsync -av ${BACK_DIR}/${HOSTNAME}.${DIR_NAME} /opt fi EOF
set permissions for backup script:
chmod +x /usr/local/bin/backup_zimbra
backup your zimbra installation:
backup_zimbra backup
verify zimbra ca self sign certificate:
openssl x509 -text -in /opt/zimbra/conf/ca/ca.pem | grep -A 3 Valid
before upgrade deploy a new ca self sign certificate:
su - zimbra -c "/opt/zimbra/bin/zmcertmgr createca -new" su - zimbra -c "/opt/zimbra/bin/zmcertmgr deployca"
stop ldap server:
su - zimbra -c "ldap stop"
backup ldap server data:
su - zimbra -c "/opt/zimbra/libexec/zmslapcat /opt/zimbra/data/ldap/mdb/db"
create ldap attributes txt file:
cat > /opt/zimbra/data/ldap/mdb/db/attr.txt << EOF zimbraBrandingFolderName zimbraContactAffinityEventLoggingEnabled zimbraCountAccountsEnabled zimbraDefaultSortByRelevance zimbraDelayedIndexInactiveAccountAge zimbraDomainLoginPageEnabled zimbraDomainLoginPageErrorPath zimbraDomainLoginPageFallbackPath zimbraDomainLoginPagePath zimbraDomainTrialConvertAtExpiration zimbraDomainTrialExpirationDate zimbraEventBackendURL zimbraEventBatchLifetime zimbraEventBatchMaxSize zimbraEventIndexInitialNumShards zimbraEventIndexName zimbraEventIndexReplicationFactor zimbraEventLoggingBackends zimbraEventLoggingEnabled zimbraEventLoggingNumThreads zimbraFeatureAllowUsernameInPassword zimbraFeatureBasicOneToOneChatEnabled zimbraFeatureChatAllFeaturesEnabled zimbraFeatureMailRecallEnabled zimbraFeatureMailRecallTime zimbraFeatureMaxVideoParticipantsForUser zimbraFeatureRelatedContactsEnabled zimbraFeatureRetentionPolicyEnabled zimbraFeatureSearchHistoryEnabled zimbraFeatureVideoAllFeaturesEnabled zimbraFeatureZulipChatEnabled zimbraIndexingQueueMaxSize zimbraIndexingQueuePollingInterval zimbraIndexingQueueTimeout zimbraIndexPollingInterval zimbraIndexReIndexThreads zimbraIndexReplicationTimeout zimbraIndexTermsCacheSize zimbraIndexThreads zimbraIndexURL zimbraLicenseDaemonServerHost zimbraMachineLearningBackendURL zimbraMachineLearningClassifierInfo zimbraMachineLearningTaskConfig zimbraMailboxIndexInitialNumShards zimbraMailboxIndexName zimbraMailboxInitialized zimbraMaxIndexingRetries zimbraMaxSolrBatchDeletionSize zimbraMobileConfigSigningCertificate zimbraMobileConfigSigningKey zimbraModernWebClientDisabled zimbraNumSearchesForSavedSearchPrompt zimbraPrefPrimaryTwoFactorAuthMethod zimbraPrefSlackCalendarReminderEnabled zimbraReindexBatchSize zimbraRelatedContactsMaxAge zimbraRelatedContactsMinConcurrenceCount zimbraSearchHistoryAge zimbraServerVersionChangeNotificationDisabled zimbraSignupAffiliate zimbraSignupRecoveryEmail zimbraSMTPPublicServiceHostname zimbraSMTPPublicServicePort zimbraSMTPPublicServiceProtocol zimbraSolrBatchDeletionInterval zimbraSolrMaxRetries zimbraSolrReplicationFactor zimbraTrialConvertAtExpiration zimbraTrialExpirationDate zimbraTwoFactorAuthEmailCodeLength zimbraTwoFactorAuthMethodAllowed zimbraTwoFactorAuthMethodEnabled zimbraTwoFactorCodeEmailBodyHtml zimbraTwoFactorCodeEmailBodyText zimbraTwoFactorCodeEmailFrom zimbraTwoFactorCodeEmailSubject zimbraTwoFactorCodeForEmail zimbraTwoFactorCodeLifetimeForEmail zimbraUserType zimbraWebclientUnsupportedBrowserRedirectToClassicEnabled zimbraWebclientUnsupportedBrowserRedirectToClassicUserAgents zimbraWebclientUnsupportedBrowserRedirectToErrorPageEnabled zimbraWebclientUnsupportedBrowserRedirectToErrorPageURL zimbraWebclientUnsupportedBrowserRedirectToErrorPageUserAgents zimbraZKClientTimeout zimbraZulipChatDomainId EOF
enter ldap data file directory:
cd /opt/zimbra/data/ldap/mdb/db
grep to check if any unknown attributes are present:
grep -f attr.txt ldap.bak
remove this attributes from ldap backup:
for i in `cat attr.txt`; do sed -i '/'$i'/d' ldap.bak; done
move current ldap data file to diferent name:
mv data.mdb data.mdb.old.$(date +%F)
create new ldap data file using backup:
su - zimbra -c '/opt/zimbra/common/sbin/slapadd -q -b "" -F /opt/zimbra/data/ldap/config -l /opt/zimbra/data/ldap/mdb/db/ldap.bak'
start ldap server:
su - zimbra -c "ldap start"
compress old ldap data file:
gzip data.mdb.old.$(date +%F)
stop zimbra:
/etc/init.d/zimbra stop
move or rename current zimbra directory:
mv /opt/zimbra /opt/zimbra.working
remove zimbra packages:
apt remove zimbra-* -y
download latest zimbra:
https://maldua.github.io/zimbra-foss-builder/downloads.html
install zimbra packages:
cd zcs-**/ ./install.sh -s
remove zimbra directory and replace with backup:
rm -rf /opt/zimbra mv /opt/zimbra.working /opt/zimbra
run zimbra installer again:
./install.sh -s
again run the install without -s:
./install.sh
if after upgrade have issues with mailbox not starting:
remove the whole docserver XML block from the jetty config xmls /opt/zimbra/jetty/etc/jetty.xml & /opt/zimbra/jetty/etc/jetty.xml.in
if upgrading from 10.0.6 or older and got the following error:
Saving CA in ldap...failed. ** Saving config key 'zimbraCertAuthorityCertSelfSigned' via zmprov modifyConfig...failed (rc=2)
edit /opt/zimbra/conf/zimbra-attrs-schema to reflect this schema version:
1673397105
edit your ldap backup /opt/zimbra/data/ldap/mdb/db/ldap.bak and change schema version:
zimbraLDAPSchemaVersion: 1673397105
stop your ldap and rename current ldap data file:
mv /opt/zimbra/data/ldap/mdb/db/data.mdb /opt/zimbra/data/ldap/mdb/db/data.mdb.old
then restore from your backup:
su - zimbra -c '/opt/zimbra/common/sbin/slapadd -q -b "" -F /opt/zimbra/data/ldap/config -l /opt/zimbra/data/ldap/mdb/db/ldap.bak'
references
- https://github.com/Zimbra/zm-build
- https://github.com/maldua/zimbra-foss-builder/releases
- https://github.com/Zimbra/packages/tree/develop/thirdparty
- https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
- https://wiki.zimbra.com/wiki/Zimbra_Releases
- https://www.zimbra.com/downloads/zimbra-collaboration-open-source
- https://github.com/Zimbra-Community/ansible-zimbra-single
- https://forums.zimbra.org/viewtopic.php?t=72619&sid=e9fdc67577517de50b6fe8d9bcfd5918
- https://forums.zimbra.org/viewtopic.php?p=313588#p313588
- https://wiki.zimbra.com/wiki/Purge_old_zmstats_data