Howto zimbra: Difference between revisions

From Vidalinux Wiki
Jump to navigation Jump to search
 
(23 intermediate revisions by the same user not shown)
Line 132: Line 132:
  "pass:$kpass", "-nomac",  "2>&1"
  "pass:$kpass", "-nomac",  "2>&1"
= upgrade zimbra to latest FOSS =
= upgrade zimbra to latest FOSS =
before upgrade deploy a new ca self certificate:
backup script for zimbra:
  /opt/zimbra/bin/zmcertmgr createca -new
cat > /usr/local/bin/backup_zimbra << EOF
  /opt/zimbra/bin/zmcertmgr deployca
#!/bin/bash
fix ldap schemas:
DATE=$(date +%F)
ZIM_DIR=/opt/zimbra
BACK_DIR=/mnt/backup
ZIM_VER=$(su - zimbra -c "zmcontrol -v|cut -d ' ' -f2")
HOSTNAME=$(hostname)
DIR_NAME=10.0.0.GA.0001.UBUNTU20.64.2024-10-04
if [ $1 = backup ];
then
if [ ! -d ${BACK_DIR} ];
then
mkdir -p ${BACK_DIR}
fi
# stop zimbra
/etc/init.d/zimbra stop
rsync -av ${ZIM_DIR}/ ${BACK_DIR}/${HOSTNAME}.${ZIM_VER}.${DATE}/
# start zimbra
/etc/init.d/zimbra start
fi
if [ $1 = restore ];
then
rsync -av ${BACK_DIR}/${HOSTNAME}.${DIR_NAME} /opt
fi
EOF
set permissions for backup script:
chmod +x /usr/local/bin/backup_zimbra
backup your zimbra installation:
backup_zimbra backup
verify zimbra ca self sign certificate:
openssl x509 -text -in /opt/zimbra/conf/ca/ca.pem  | grep -A 3 Valid
before upgrade deploy a new ca self sign certificate:
  su - zimbra -c  "/opt/zimbra/bin/zmcertmgr createca -new"
  su - zimbra -c  "/opt/zimbra/bin/zmcertmgr deployca"
stop ldap server:
  su - zimbra -c  "ldap stop"
  su - zimbra -c  "ldap stop"
backup ldap server data:
  su - zimbra -c "/opt/zimbra/libexec/zmslapcat /opt/zimbra/data/ldap/mdb/db"
  su - zimbra -c "/opt/zimbra/libexec/zmslapcat /opt/zimbra/data/ldap/mdb/db"
create ldap attributes txt file:
  cat > /opt/zimbra/data/ldap/mdb/db/attr.txt << EOF
  cat > /opt/zimbra/data/ldap/mdb/db/attr.txt << EOF
  zimbraBrandingFolderName
  zimbraBrandingFolderName
Line 201: Line 238:
  zimbraSignupAffiliate
  zimbraSignupAffiliate
  zimbraSignupRecoveryEmail
  zimbraSignupRecoveryEmail
ZIMBRAMODERNWEBCLIENTENABLED
  zimbraSMTPPublicServiceHostname
  zimbraSMTPPublicServiceHostname
  zimbraSMTPPublicServicePort
  zimbraSMTPPublicServicePort
Line 228: Line 264:
  zimbraZulipChatDomainId
  zimbraZulipChatDomainId
  EOF
  EOF
enter ldap data file directory:
cd /opt/zimbra/data/ldap/mdb/db
grep to check if any unknown attributes are present:
grep -f attr.txt ldap.bak
remove this attributes from ldap backup:
  for i in `cat attr.txt`; do sed -i '/'$i'/d' ldap.bak; done
  for i in `cat attr.txt`; do sed -i '/'$i'/d' ldap.bak; done
cd /opt/zimbra/data/ldap/mdb/db
move current ldap data file to diferent name:
  mv data.mdb data.mdb.old.$(date +%F)
  mv data.mdb data.mdb.old.$(date +%F)
create new ldap data file using backup:
  su - zimbra -c '/opt/zimbra/common/sbin/slapadd -q -b "" -F /opt/zimbra/data/ldap/config -l /opt/zimbra/data/ldap/mdb/db/ldap.bak'
  su - zimbra -c '/opt/zimbra/common/sbin/slapadd -q -b "" -F /opt/zimbra/data/ldap/config -l /opt/zimbra/data/ldap/mdb/db/ldap.bak'
start ldap server:
  su - zimbra -c "ldap start"
  su - zimbra -c "ldap start"
compress old ldap data file:
  gzip data.mdb.old.$(date +%F)
  gzip data.mdb.old.$(date +%F)
stop zimbra:
stop zimbra:
  /etc/init.d/zimbra stop
  /etc/init.d/zimbra stop
move or rename current zimbra directory:
  mv /opt/zimbra /opt/zimbra.working
  mv /opt/zimbra /opt/zimbra.working
remove zimbra packages:
remove zimbra packages:
Line 241: Line 286:
download latest zimbra:
download latest zimbra:
  https://maldua.github.io/zimbra-foss-builder/downloads.html
  https://maldua.github.io/zimbra-foss-builder/downloads.html
https://techfiles.online/zimbra/
install zimbra packages:
install zimbra packages:
  cd zcs-**/
  cd zcs-**/
Line 251: Line 295:
  ./install.sh -s
  ./install.sh -s
again run the install without -s:
again run the install without -s:
  ./install
  ./install.sh
if after upgrade have issues with mailbox not starting:
remove the whole docserver XML block from the jetty config xmls /opt/zimbra/jetty/etc/jetty.xml & /opt/zimbra/jetty/etc/jetty.xml.in
if upgrading from 10.0.6 or older and got the following error:
Saving CA in ldap...failed.
** Saving config key 'zimbraCertAuthorityCertSelfSigned' via zmprov modifyConfig...failed (rc=2)
edit /opt/zimbra/conf/zimbra-attrs-schema to reflect this schema version:
1673397105
edit your ldap backup /opt/zimbra/data/ldap/mdb/db/ldap.bak and change schema version:
zimbraLDAPSchemaVersion: 1673397105
stop your ldap and rename current ldap data file:
mv /opt/zimbra/data/ldap/mdb/db/data.mdb /opt/zimbra/data/ldap/mdb/db/data.mdb.old
then restore from your backup:
su - zimbra -c '/opt/zimbra/common/sbin/slapadd -q -b "" -F /opt/zimbra/data/ldap/config -l /opt/zimbra/data/ldap/mdb/db/ldap.bak'


= references =
= references =
* https://github.com/Zimbra/zm-build
* https://github.com/Zimbra/zm-build
* https://github.com/maldua/zimbra-foss-builder/releases
* https://github.com/Zimbra/packages/tree/develop/thirdparty
* https://github.com/Zimbra/packages/tree/develop/thirdparty
* https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
* https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
Line 260: Line 318:
* https://www.zimbra.com/downloads/zimbra-collaboration-open-source
* https://www.zimbra.com/downloads/zimbra-collaboration-open-source
* https://github.com/Zimbra-Community/ansible-zimbra-single
* https://github.com/Zimbra-Community/ansible-zimbra-single
* https://forums.zimbra.org/viewtopic.php?t=72619&sid=e9fdc67577517de50b6fe8d9bcfd5918
* https://forums.zimbra.org/viewtopic.php?p=313588#p313588
* https://wiki.zimbra.com/wiki/Purge_old_zmstats_data

Latest revision as of 04:09, 15 October 2024

compile zimbra

install podman:

https://wiki.vidalinux.org/index.php/Howto_podman#install_podman_ubuntu

for ubuntu 18.04:

https://hub.docker.com/r/ovox/zimbrabuild-ubuntu18

for ubuntu 20.04:

https://hub.docker.com/r/ovox/zimbrabuild-ubuntu20

for centos7:

https://hub.docker.com/r/ovox/zimbrabuild-centos7

for almalinux8:

https://hub.docker.com/r/ovox/zimbrabuild-alma8

install zimbra

install the following packages for ubuntu :

apt-get update && apt-get -y install sqlite3 bind9-dnsutils perl perl-base perl-modules nano sudo libpcre3 libgmp10 unzip libgmp3-dev sysstat libexpat1 wget language-pack-en libaio1 pax dnsmasq net-tools

install the following packages rhel:

yum -y install wget nmap-ncat unzip perl-core openssh-clients sysstat net-tools ntpl sudo libidn libstdc++.so.6 gmp libaio dnsmasq       

set hostname:

hostnamectl set-hostname vidalinux.net

configure /etc/hosts:

127.0.0.1 localhost
192.168.24.45 vidalinux.net mail.vidalinux.net

configure domain:

cat >> /etc/dnsmasq.conf << EOF
listen-address=127.0.0.1
interface=eth0
expand-hosts
domain=vidalinux.net
server=4.2.2.1
server=4.2.2.2
address=/.vidalinux.net/127.0.0.1
address=/.vidalinux.net/192.168.24.45
mx-host=vidalinux.net,mail.vidalinux.com,1
addn-hosts=/etc/hosts
cache-size=9500
EOF

make sure systemd-resolved is disable:

systemctl stop systemd-resolved.service
systemctl disable systemd-resolved.service

start and enable dnsmasq:

systemctl enable dnsmasq.service
systemctl start dnsmasq.service

configure /etc/resolv.conf:

nameserver 127.0.0.1

test your dns:

nslookup vidalinux.net

decompress zimbra archive:

cd ~/ubuntu20/volume/UBUNTU20_64-DAFFODIL-1000-20230413144723-FOSS-0001
tar xvf zcs-10.0.0_GA_0001.UBUNTU20_64.20230413144723.tgz
cd zcs-10.0.0_GA_0001.UBUNTU20_64.20230413144723

run zimbra installer:

./install.sh

make sure to block updates to any zimbra packages:

apt-mark hold zip zimbra-*

access zimbra web interface:

https://vidalinux.net/

access zimbra web administration interface:

https://vidalinux.net:7071

fix webgui error

if you have an error 404 url not found entering the webui use the following command to fix the issue:

su - zimbra -c "zmprov mcf zimbraModernWebClientDisabled TRUE" && /etc/init.d/zimbra restart

07-24-2024

this is a hack to fix error when "Installing mailboxd SSL certificates":

/opt/zimbra/mailboxd/etc/keystore didn't exist.
Mon Jul 24 20:49:39 2023 *** Running as zimbra user: /opt/zimbra/bin/zmcertmgr.bk deploycrt self
** Installing imapd certificate '/opt/zimbra/conf/imapd.crt' and key '/opt/zimbra/conf/imapd.key'
** Copying '/opt/zimbra/ssl/zimbra/server/server.crt' to '/opt/zimbra/conf/imapd.crt'
** Copying '/opt/zimbra/ssl/zimbra/server/server.key' to '/opt/zimbra/conf/imapd.key'
** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12'
ERROR: openssl pkcs12 export to '/opt/zimbra/ssl/zimbra/jetty.pkcs12' failed(1):
pkcs12: Unrecognized flag propquery
pkcs12: Use -help for summary.

run the installer, when installation stop do the following:

wget https://pastebin.com/raw/a9Ts3sg9 -O zimbracertmgr.patch
patch /opt/zimbra/bin/zmcertmgr < zimbracertmgr.patch
chattr +i /opt/zimbra/bin/zmcertmgr

run the setup script to finish installation:

/opt/zimbra/libexec/zmsetup.pl

install new theme for zimbra

for ubuntu:

wget https://download.zextras.com/zextras-theme-installer/latest/zextras-theme-ubuntu.tgz && tar xvf zextras-theme-ubuntu.tgz && cd zextras-theme-installer/packages && dpkg -i zextras-theme_1.0.1_amd64.deb && /etc/init.d/zimbra restart 

for centos:

wget https://download.zextras.com/zextras-theme-installer/latest/zextras-theme-centos.tgz && tar xvf zextras-theme-centos.tgz && cd zextras-theme-installer/packages && rpm -ivh zextras-theme-1.0.1.x86_64.rpm && /etc/init.d/zimbra restart

install ssl certificate

script for installing ssl certificate:

cat > /usr/local/bin/install-cert-zimbra << "EOF"
#!/bin/bash
 
DOMAIN=vidalinux.net
CERT_DIR=/root/certificates
CERT_KEY=$DOMAIN.key
CERT_CRT=$DOMAIN.crt
CERT_ROOT=root.pem
SSL_DIR=/opt/zimbra/ssl/letsencrypt

if [ ! -d ${SSL_DIR} ];
then
echo "creating ssl tmp directory"
mkdir -p ${SSL_DIR}
fi
echo "copying certificates to zimbra directory"
rm -rf $SSL_DIR/*
cp $CERT_DIR/* $SSL_DIR/
cp $CERT_DIR/$CERT_KEY /opt/zimbra/ssl/zimbra/commercial/commercial.key
chown -R zimbra.zimbra $SSL_DIR/ /opt/zimbra/ssl/zimbra/commercial/commercial.key
echo "verifying letsencrypt ssl certificates"
su - zimbra -c "/opt/zimbra/bin/zmcertmgr verifycrt comm $SSL_DIR/$CERT_KEY $SSL_DIR/$CERT_CRT $SSL_DIR/$CERT_ROOT"
echo "install letsencrypt ssl certificates"
su - zimbra -c "/opt/zimbra/bin/zmcertmgr deploycrt comm $SSL_DIR/$CERT_CRT $SSL_DIR/$CERT_ROOT"
echo "restarting zimbra services"
/etc/init.d/zimbra restart
EOF

fix file permissions:

chmod +x /usr/local/bin/install-cert-zimbra

run the script as root:

install-cert-zimbra

got the following error when installing new certificate:

** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12'
ERROR: openssl pkcs12 export to '/opt/zimbra/ssl/zimbra/jetty.pkcs12' failed(1):
Error creating PKCS12 MAC; no PKCS12KDF support?
Use -nomac if MAC not required and PKCS12KDF support not available.
80C2EBFDFB7F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:373:Global default library context, Algorithm (PKCS12KDF : 192), Properties (<null>)
80C2EBFDFB7F0000:error:1180006B:PKCS12 routines:pkcs12_gen_mac:key gen error:crypto/pkcs12/p12_mutl.c:147:
80C2EBFDFB7F0000:error:1180006D:PKCS12 routines:PKCS12_set_mac:mac generation error:crypto/pkcs12/p12_mutl.c:220:

to fix this error edit /opt/zimbra/bin/zmcertmgr:

# add the following on line 1821 
"pass:$kpass", "-nomac",  "2>&1"
# add the following on line 1879
"pass:$kpass", "-nomac",  "2>&1"

upgrade zimbra to latest FOSS

backup script for zimbra:

cat > /usr/local/bin/backup_zimbra << EOF
#!/bin/bash

DATE=$(date +%F)
ZIM_DIR=/opt/zimbra
BACK_DIR=/mnt/backup
ZIM_VER=$(su - zimbra -c "zmcontrol -v|cut -d ' ' -f2")
HOSTNAME=$(hostname)
DIR_NAME=10.0.0.GA.0001.UBUNTU20.64.2024-10-04

if [ $1 = backup ];
then
if [ ! -d ${BACK_DIR} ];
then
mkdir -p ${BACK_DIR}
fi
# stop zimbra
/etc/init.d/zimbra stop
rsync -av ${ZIM_DIR}/ ${BACK_DIR}/${HOSTNAME}.${ZIM_VER}.${DATE}/
# start zimbra
/etc/init.d/zimbra start
fi

if [ $1 = restore ];
then
rsync -av ${BACK_DIR}/${HOSTNAME}.${DIR_NAME} /opt
fi
EOF

set permissions for backup script:

chmod +x /usr/local/bin/backup_zimbra

backup your zimbra installation:

backup_zimbra backup

verify zimbra ca self sign certificate:

openssl x509 -text -in /opt/zimbra/conf/ca/ca.pem  | grep -A 3 Valid

before upgrade deploy a new ca self sign certificate:

su - zimbra -c  "/opt/zimbra/bin/zmcertmgr createca -new"
su - zimbra -c  "/opt/zimbra/bin/zmcertmgr deployca"

stop ldap server:

su - zimbra -c  "ldap stop"

backup ldap server data:

su - zimbra -c "/opt/zimbra/libexec/zmslapcat /opt/zimbra/data/ldap/mdb/db"

create ldap attributes txt file:

cat > /opt/zimbra/data/ldap/mdb/db/attr.txt << EOF
zimbraBrandingFolderName
zimbraContactAffinityEventLoggingEnabled
zimbraCountAccountsEnabled
zimbraDefaultSortByRelevance
zimbraDelayedIndexInactiveAccountAge
zimbraDomainLoginPageEnabled
zimbraDomainLoginPageErrorPath
zimbraDomainLoginPageFallbackPath
zimbraDomainLoginPagePath
zimbraDomainTrialConvertAtExpiration
zimbraDomainTrialExpirationDate
zimbraEventBackendURL
zimbraEventBatchLifetime
zimbraEventBatchMaxSize
zimbraEventIndexInitialNumShards
zimbraEventIndexName
zimbraEventIndexReplicationFactor
zimbraEventLoggingBackends
zimbraEventLoggingEnabled
zimbraEventLoggingNumThreads
zimbraFeatureAllowUsernameInPassword
zimbraFeatureBasicOneToOneChatEnabled
zimbraFeatureChatAllFeaturesEnabled
zimbraFeatureMailRecallEnabled
zimbraFeatureMailRecallTime
zimbraFeatureMaxVideoParticipantsForUser
zimbraFeatureRelatedContactsEnabled
zimbraFeatureRetentionPolicyEnabled
zimbraFeatureSearchHistoryEnabled
zimbraFeatureVideoAllFeaturesEnabled
zimbraFeatureZulipChatEnabled
zimbraIndexingQueueMaxSize
zimbraIndexingQueuePollingInterval
zimbraIndexingQueueTimeout
zimbraIndexPollingInterval
zimbraIndexReIndexThreads
zimbraIndexReplicationTimeout
zimbraIndexTermsCacheSize
zimbraIndexThreads
zimbraIndexURL
zimbraLicenseDaemonServerHost
zimbraMachineLearningBackendURL
zimbraMachineLearningClassifierInfo
zimbraMachineLearningTaskConfig
zimbraMailboxIndexInitialNumShards
zimbraMailboxIndexName
zimbraMailboxInitialized
zimbraMaxIndexingRetries
zimbraMaxSolrBatchDeletionSize
zimbraMobileConfigSigningCertificate
zimbraMobileConfigSigningKey
zimbraModernWebClientDisabled
zimbraNumSearchesForSavedSearchPrompt
zimbraPrefPrimaryTwoFactorAuthMethod
zimbraPrefSlackCalendarReminderEnabled
zimbraReindexBatchSize
zimbraRelatedContactsMaxAge
zimbraRelatedContactsMinConcurrenceCount
zimbraSearchHistoryAge
zimbraServerVersionChangeNotificationDisabled
zimbraSignupAffiliate
zimbraSignupRecoveryEmail
zimbraSMTPPublicServiceHostname
zimbraSMTPPublicServicePort
zimbraSMTPPublicServiceProtocol
zimbraSolrBatchDeletionInterval
zimbraSolrMaxRetries
zimbraSolrReplicationFactor
zimbraTrialConvertAtExpiration
zimbraTrialExpirationDate
zimbraTwoFactorAuthEmailCodeLength
zimbraTwoFactorAuthMethodAllowed
zimbraTwoFactorAuthMethodEnabled
zimbraTwoFactorCodeEmailBodyHtml
zimbraTwoFactorCodeEmailBodyText
zimbraTwoFactorCodeEmailFrom
zimbraTwoFactorCodeEmailSubject
zimbraTwoFactorCodeForEmail
zimbraTwoFactorCodeLifetimeForEmail
zimbraUserType
zimbraWebclientUnsupportedBrowserRedirectToClassicEnabled
zimbraWebclientUnsupportedBrowserRedirectToClassicUserAgents
zimbraWebclientUnsupportedBrowserRedirectToErrorPageEnabled
zimbraWebclientUnsupportedBrowserRedirectToErrorPageURL
zimbraWebclientUnsupportedBrowserRedirectToErrorPageUserAgents
zimbraZKClientTimeout
zimbraZulipChatDomainId
EOF

enter ldap data file directory:

cd /opt/zimbra/data/ldap/mdb/db

grep to check if any unknown attributes are present:

grep -f attr.txt ldap.bak

remove this attributes from ldap backup:

for i in `cat attr.txt`; do sed -i '/'$i'/d' ldap.bak; done

move current ldap data file to diferent name:

mv data.mdb data.mdb.old.$(date +%F)

create new ldap data file using backup:

su - zimbra -c '/opt/zimbra/common/sbin/slapadd -q -b "" -F /opt/zimbra/data/ldap/config -l /opt/zimbra/data/ldap/mdb/db/ldap.bak'

start ldap server:

su - zimbra -c "ldap start"

compress old ldap data file:

gzip data.mdb.old.$(date +%F)

stop zimbra:

/etc/init.d/zimbra stop

move or rename current zimbra directory:

mv /opt/zimbra /opt/zimbra.working

remove zimbra packages:

apt remove zimbra-* -y

download latest zimbra:

https://maldua.github.io/zimbra-foss-builder/downloads.html

install zimbra packages:

cd zcs-**/
./install.sh -s

remove zimbra directory and replace with backup:

rm -rf /opt/zimbra
mv /opt/zimbra.working /opt/zimbra

run zimbra installer again:

./install.sh -s

again run the install without -s:

./install.sh

if after upgrade have issues with mailbox not starting:

remove the whole docserver XML block from the jetty config xmls /opt/zimbra/jetty/etc/jetty.xml & /opt/zimbra/jetty/etc/jetty.xml.in

if upgrading from 10.0.6 or older and got the following error:

Saving CA in ldap...failed.
** Saving config key 'zimbraCertAuthorityCertSelfSigned' via zmprov modifyConfig...failed (rc=2)

edit /opt/zimbra/conf/zimbra-attrs-schema to reflect this schema version:

1673397105

edit your ldap backup /opt/zimbra/data/ldap/mdb/db/ldap.bak and change schema version:

zimbraLDAPSchemaVersion: 1673397105

stop your ldap and rename current ldap data file:

mv /opt/zimbra/data/ldap/mdb/db/data.mdb /opt/zimbra/data/ldap/mdb/db/data.mdb.old

then restore from your backup:

su - zimbra -c '/opt/zimbra/common/sbin/slapadd -q -b "" -F /opt/zimbra/data/ldap/config -l /opt/zimbra/data/ldap/mdb/db/ldap.bak'

references