Howto zimbra
compile zimbra
install podman:
https://wiki.vidalinux.org/index.php/Howto_podman#install_podman_ubuntu
for ubuntu 18.04:
https://hub.docker.com/r/ovox/zimbrabuild-ubuntu18
for ubuntu 20.04:
https://hub.docker.com/r/ovox/zimbrabuild-ubuntu20
for centos7:
https://hub.docker.com/r/ovox/zimbrabuild-centos7
for almalinux8:
https://hub.docker.com/r/ovox/zimbrabuild-alma8
install zimbra
install the following packages for ubuntu :
apt-get update && apt-get -y install sqlite3 bind9-dnsutils perl perl-base perl-modules nano sudo libpcre3 libgmp10 unzip libgmp3-dev sysstat libexpat1 wget language-pack-en libaio1 pax dnsmasq net-tools
install the following packages rhel:
yum -y install wget nmap-ncat unzip perl-core openssh-clients sysstat net-tools ntpl sudo libidn libstdc++.so.6 gmp libaio dnsmasq
set hostname:
hostnamectl set-hostname vidalinux.net
configure /etc/hosts:
127.0.0.1 localhost 192.168.24.45 vidalinux.net mail.vidalinux.net
configure domain:
cat >> /etc/dnsmasq.conf << EOF listen-address=127.0.0.1 interface=eth0 expand-hosts domain=vidalinux.net server=4.2.2.1 server=4.2.2.2 address=/.vidalinux.net/127.0.0.1 address=/.vidalinux.net/192.168.24.45 mx-host=vidalinux.net,mail.vidalinux.com,1 addn-hosts=/etc/hosts cache-size=9500 EOF
make sure systemd-resolved is disable:
systemctl stop systemd-resolved.service systemctl disable systemd-resolved.service
start and enable dnsmasq:
systemctl enable dnsmasq.service systemctl start dnsmasq.service
configure /etc/resolv.conf:
nameserver 127.0.0.1
test your dns:
nslookup vidalinux.net
decompress zimbra archive:
cd ~/ubuntu20/volume/UBUNTU20_64-DAFFODIL-1000-20230413144723-FOSS-0001 tar xvf zcs-10.0.0_GA_0001.UBUNTU20_64.20230413144723.tgz cd zcs-10.0.0_GA_0001.UBUNTU20_64.20230413144723
run zimbra installer:
./install.sh
make sure to block updates to any zimbra packages:
apt-mark hold zip zimbra-*
access zimbra web interface:
https://vidalinux.net/
access zimbra web administration interface:
https://vidalinux.net:7071
fix webgui error
if you have an error 404 url not found entering the webui use the following command to fix the issue:
su - zimbra -c "zmprov mcf zimbraModernWebClientDisabled TRUE" && /etc/init.d/zimbra restart
07-24-2024
this is a hack to fix error when "Installing mailboxd SSL certificates":
/opt/zimbra/mailboxd/etc/keystore didn't exist. Mon Jul 24 20:49:39 2023 *** Running as zimbra user: /opt/zimbra/bin/zmcertmgr.bk deploycrt self ** Installing imapd certificate '/opt/zimbra/conf/imapd.crt' and key '/opt/zimbra/conf/imapd.key' ** Copying '/opt/zimbra/ssl/zimbra/server/server.crt' to '/opt/zimbra/conf/imapd.crt' ** Copying '/opt/zimbra/ssl/zimbra/server/server.key' to '/opt/zimbra/conf/imapd.key' ** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12' ERROR: openssl pkcs12 export to '/opt/zimbra/ssl/zimbra/jetty.pkcs12' failed(1): pkcs12: Unrecognized flag propquery pkcs12: Use -help for summary.
run the installer, when installation stop do the following:
wget https://pastebin.com/raw/a9Ts3sg9 -O zimbracertmgr.patch patch /opt/zimbra/bin/zmcertmgr < zimbracertmgr.patch chattr +i /opt/zimbra/bin/zmcertmgr
run the setup script to finish installation:
/opt/zimbra/libexec/zmsetup.pl
install new theme for zimbra
for ubuntu:
wget https://download.zextras.com/zextras-theme-installer/latest/zextras-theme-ubuntu.tgz && tar xvf zextras-theme-ubuntu.tgz && cd zextras-theme-installer/packages && dpkg -i zextras-theme_1.0.1_amd64.deb && /etc/init.d/zimbra restart
for centos:
wget https://download.zextras.com/zextras-theme-installer/latest/zextras-theme-centos.tgz && tar xvf zextras-theme-centos.tgz && cd zextras-theme-installer/packages && rpm -ivh zextras-theme-1.0.1.x86_64.rpm && /etc/init.d/zimbra restart
install ssl certificate
script for installing ssl certificate:
cat > /usr/local/bin/install-cert-zimbra << "EOF" #!/bin/bash DOMAIN=vidalinux.net CERT_DIR=/root/certificates CERT_KEY=$DOMAIN.key CERT_CRT=$DOMAIN.crt CERT_ROOT=root.pem SSL_DIR=/opt/zimbra/ssl/letsencrypt if [ ! -d ${SSL_DIR} ]; then echo "creating ssl tmp directory" mkdir -p ${SSL_DIR} fi echo "copying certificates to zimbra directory" rm -rf $SSL_DIR/* cp $CERT_DIR/* $SSL_DIR/ cp $CERT_DIR/$CERT_KEY /opt/zimbra/ssl/zimbra/commercial/commercial.key chown -R zimbra.zimbra $SSL_DIR/ /opt/zimbra/ssl/zimbra/commercial/commercial.key echo "verifying letsencrypt ssl certificates" su - zimbra -c "/opt/zimbra/bin/zmcertmgr verifycrt comm $SSL_DIR/$CERT_KEY $SSL_DIR/$CERT_CRT $SSL_DIR/$CERT_ROOT" echo "install letsencrypt ssl certificates" su - zimbra -c "/opt/zimbra/bin/zmcertmgr deploycrt comm $SSL_DIR/$CERT_CRT $SSL_DIR/$CERT_ROOT" echo "restarting zimbra services" /etc/init.d/zimbra restart EOF
fix file permissions:
chmod +x /usr/local/bin/install-cert-zimbra
run the script as root:
install-cert-zimbra
got the following error when installing new certificate:
** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12' ERROR: openssl pkcs12 export to '/opt/zimbra/ssl/zimbra/jetty.pkcs12' failed(1): Error creating PKCS12 MAC; no PKCS12KDF support? Use -nomac if MAC not required and PKCS12KDF support not available. 80C2EBFDFB7F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:373:Global default library context, Algorithm (PKCS12KDF : 192), Properties (<null>) 80C2EBFDFB7F0000:error:1180006B:PKCS12 routines:pkcs12_gen_mac:key gen error:crypto/pkcs12/p12_mutl.c:147: 80C2EBFDFB7F0000:error:1180006D:PKCS12 routines:PKCS12_set_mac:mac generation error:crypto/pkcs12/p12_mutl.c:220:
to fix this error edit /opt/zimbra/bin/zmcertmgr:
# add the following on line 1821 "pass:$kpass", "-nomac", "2>&1"
# add the following on line 1879 "pass:$kpass", "-nomac", "2>&1"
upgrade zimbra to latest FOSS
backup script for zimbra:
cat > /usr/local/bin/backup_zimbra << EOF #!/bin/bash DATE=$(date +%F) ZIM_DIR=/opt/zimbra BACK_DIR=/mnt/backup ZIM_VER=$(su - zimbra -c "zmcontrol -v|cut -d ' ' -f2") HOSTNAME=$(hostname) DIR_NAME=10.0.0.GA.0001.UBUNTU20.64.2024-10-04 if [ $1 = backup ]; then if [ ! -d ${BACK_DIR} ]; then mkdir -p ${BACK_DIR} fi # stop zimbra /etc/init.d/zimbra stop rsync -av ${ZIM_DIR}/ ${BACK_DIR}/${HOSTNAME}.${ZIM_VER}.${DATE}/ # start zimbra #/etc/init.d/zimbra start fi if [ $1 = restore ]; then rsync -av ${BACK_DIR}/${HOSTNAME}.${DIR_NAME} /opt fi EOF
before upgrade deploy a new ca self sign certificate:
/opt/zimbra/bin/zmcertmgr createca -new /opt/zimbra/bin/zmcertmgr deployca
fix ldap schemas:
su - zimbra -c "ldap stop" su - zimbra -c "/opt/zimbra/libexec/zmslapcat /opt/zimbra/data/ldap/mdb/db" cat > /opt/zimbra/data/ldap/mdb/db/attr.txt << EOF zimbraBrandingFolderName zimbraContactAffinityEventLoggingEnabled zimbraCountAccountsEnabled zimbraDefaultSortByRelevance zimbraDelayedIndexInactiveAccountAge zimbraDomainLoginPageEnabled zimbraDomainLoginPageErrorPath zimbraDomainLoginPageFallbackPath zimbraDomainLoginPagePath zimbraDomainTrialConvertAtExpiration zimbraDomainTrialExpirationDate zimbraEventBackendURL zimbraEventBatchLifetime zimbraEventBatchMaxSize zimbraEventIndexInitialNumShards zimbraEventIndexName zimbraEventIndexReplicationFactor zimbraEventLoggingBackends zimbraEventLoggingEnabled zimbraEventLoggingNumThreads zimbraFeatureAllowUsernameInPassword zimbraFeatureBasicOneToOneChatEnabled zimbraFeatureChatAllFeaturesEnabled zimbraFeatureMailRecallEnabled zimbraFeatureMailRecallTime zimbraFeatureMaxVideoParticipantsForUser zimbraFeatureRelatedContactsEnabled zimbraFeatureRetentionPolicyEnabled zimbraFeatureSearchHistoryEnabled zimbraFeatureVideoAllFeaturesEnabled zimbraFeatureZulipChatEnabled zimbraIndexingQueueMaxSize zimbraIndexingQueuePollingInterval zimbraIndexingQueueTimeout zimbraIndexPollingInterval zimbraIndexReIndexThreads zimbraIndexReplicationTimeout zimbraIndexTermsCacheSize zimbraIndexThreads zimbraIndexURL zimbraLicenseDaemonServerHost zimbraMachineLearningBackendURL zimbraMachineLearningClassifierInfo zimbraMachineLearningTaskConfig zimbraMailboxIndexInitialNumShards zimbraMailboxIndexName zimbraMailboxInitialized zimbraMaxIndexingRetries zimbraMaxSolrBatchDeletionSize zimbraMobileConfigSigningCertificate zimbraMobileConfigSigningKey zimbraModernWebClientDisabled zimbraNumSearchesForSavedSearchPrompt zimbraPrefPrimaryTwoFactorAuthMethod zimbraPrefSlackCalendarReminderEnabled zimbraReindexBatchSize zimbraRelatedContactsMaxAge zimbraRelatedContactsMinConcurrenceCount zimbraSearchHistoryAge zimbraServerVersionChangeNotificationDisabled zimbraSignupAffiliate zimbraSignupRecoveryEmail ZIMBRAMODERNWEBCLIENTENABLED zimbraSMTPPublicServiceHostname zimbraSMTPPublicServicePort zimbraSMTPPublicServiceProtocol zimbraSolrBatchDeletionInterval zimbraSolrMaxRetries zimbraSolrReplicationFactor zimbraTrialConvertAtExpiration zimbraTrialExpirationDate zimbraTwoFactorAuthEmailCodeLength zimbraTwoFactorAuthMethodAllowed zimbraTwoFactorAuthMethodEnabled zimbraTwoFactorCodeEmailBodyHtml zimbraTwoFactorCodeEmailBodyText zimbraTwoFactorCodeEmailFrom zimbraTwoFactorCodeEmailSubject zimbraTwoFactorCodeForEmail zimbraTwoFactorCodeLifetimeForEmail zimbraUserType zimbraWebclientUnsupportedBrowserRedirectToClassicEnabled zimbraWebclientUnsupportedBrowserRedirectToClassicUserAgents zimbraWebclientUnsupportedBrowserRedirectToErrorPageEnabled zimbraWebclientUnsupportedBrowserRedirectToErrorPageURL zimbraWebclientUnsupportedBrowserRedirectToErrorPageUserAgents zimbraZKClientTimeout zimbraZulipChatDomainId EOF cd /opt/zimbra/data/ldap/mdb/db for i in `cat attr.txt`; do sed -i '/'$i'/d' ldap.bak; done mv data.mdb data.mdb.old.$(date +%F) su - zimbra -c '/opt/zimbra/common/sbin/slapadd -q -b "" -F /opt/zimbra/data/ldap/config -l /opt/zimbra/data/ldap/mdb/db/ldap.bak' su - zimbra -c "ldap start" gzip data.mdb.old.$(date +%F)
stop zimbra:
/etc/init.d/zimbra stop mv /opt/zimbra /opt/zimbra.working
remove zimbra packages:
apt remove zimbra-* -y
download latest zimbra:
https://maldua.github.io/zimbra-foss-builder/downloads.html https://techfiles.online/zimbra/
install zimbra packages:
cd zcs-**/ ./install.sh -s
remove zimbra directory and replace with backup:
rm -rf /opt/zimbra mv /opt/zimbra.working /opt/zimbra
run zimbra installer again:
./install.sh -s
again run the install without -s:
./install
references
- https://github.com/Zimbra/zm-build
- https://github.com/Zimbra/packages/tree/develop/thirdparty
- https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
- https://wiki.zimbra.com/wiki/Zimbra_Releases
- https://www.zimbra.com/downloads/zimbra-collaboration-open-source
- https://github.com/Zimbra-Community/ansible-zimbra-single