Mail Archives - ServerOK

Postfix email forward

February 6, 2020

by ServerOk with No Comment Mail

On an Ubuntu Server, i done following to setup email forwarding.

Install postfix

apt -y install postfix

1	apt -y install postfix

Edit /etc/postfix/main.cf, add following

vi /etc/postfix/main.cf

1	vi /etc/postfix/main.cf

Add

virtual_mailbox_domains = YOUR-DOMAIN_HERE.com
virtual_mailbox_base = /var/mail/vhosts
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_minimum_uid = 100
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_alias_maps = hash:/etc/postfix/virtual

virtual_mailbox_domains = YOUR-DOMAIN_HERE.com

virtual_mailbox_base = /var/mail/vhosts

virtual_mailbox_maps = hash:/etc/postfix/vmailbox

virtual_minimum_uid = 100

virtual_uid_maps = static:5000

virtual_gid_maps = static:5000

virtual_alias_maps = hash:/etc/postfix/virtual

Create Virtual mailbox

vi /etc/postfix/vmailbox

1	vi /etc/postfix/vmailbox

Add

user1@YOUR-DOMAIN_HERE.com    YOUR-DOMAIN_HERE.com/user1

1	user1@YOUR-DOMAIN_HERE.com YOUR-DOMAIN_HERE.com/user1

Create alias file, used for mail forwarding

vi /etc/postfix/virtual

1	vi /etc/postfix/virtual

Add

admin@YOUR-DOMAIN_HERE.com YOU@gmail.com

1	admin@YOUR-DOMAIN_HERE.com YOU@gmail.com

Wth above configuration, mail coming to [email protected]_HERE.com will get forwarded to [email protected] Email coming to [email protected]_HERE.com get delivered to local mailbox folder.

Now run following commands to make hashmap

postmap /etc/postfix/vmailbox
postmap /etc/postfix/virtual

1 2	postmap /etc/postfix/vmailbox postmap /etc/postfix/virtual

Restart postfix

systemctl restart postfix

1	systemctl restart postfix

iredmail

February 3, 2020

by ServerOk with No Comment Mail

iRedMail allow you to run your own mail server easily. It use postfix mail server for mail delivery.

https://www.iredmail.org/

iredmail increase mail attachment size

January 29, 2020

by ServerOk with No Comment Mail

Default mail attachment size in iredmail is 10 MB. To increase mail attachment size, login to server as user root, run following commands

postconf -e message_size_limit=104857600
postconf -e mailbox_size_limit=104857600
systemctl restart postfix

postconf -e message_size_limit=104857600

postconf -e mailbox_size_limit=104857600

systemctl restart postfix

Here 104857600 is 100 MB in bytes (100 * 1024 * 1024). Change this as required. Sending very large file using mail attachment is not recommended, it is better use file sharing services like Google Drive, Dropbox, Microsoft OneDrive or another file hosting service for sharing large files.

Now edit php.ini file

vi /etc/php/7.2/fpm/php.ini

1	vi /etc/php/7.2/fpm/php.ini

Change value for 3 of the following settings. It can be anything above 100 MB or whatever attachment size you want to use.

memory_limit = 256M;
upload_max_filesize = 100M;
post_max_size = 120M;

memory_limit = 256M;

upload_max_filesize = 100M;

post_max_size = 120M;

Restart php-fpm

systemctl restart php7.2-fpm

1	systemctl restart php7.2-fpm

Edit roundcube configuration file

vi /opt/www/roundcubemail/config/config.inc.php

1	vi /opt/www/roundcubemail/config/config.inc.php

Set value for

$config['max_message_size'] = '100M';

1	$config['max_message_size'] = '100M';

Edit Nginx config file

vi /etc/nginx/conf-available/client_max_body_size.conf

1	vi /etc/nginx/conf-available/client_max_body_size.conf

Set value for

client_max_body_size 100m;

1	client_max_body_size 100m;

restart nginx

systemctl restart nginx

1	systemctl restart nginx

Zimbra webmail not working on port 80/443

September 6, 2019

by ServerOk with No Comment Mail

On Zimbra mail server, webmail stopped working on Port 80/443. Admin interface worked properly on url https://hostname:7071/. There is no errors displayed under monitor tab of Zimbra Admin.

To fix, run

su - zimbra
zmprov ms `zmhostname` zimbraReverseProxySSLToUpstreamEnabled FALSE
zmprov ms `zmhostname` zimbraMailMode both
zmprov ms `zmhostname` zimbraReverseProxyMailMode both
./libexec/zmproxyconfig -e -w -o -a 8080:80:8443:443 -x both -H `zmhostname`
zmcontrol restart

su - zimbra

zmprov ms `zmhostname` zimbraReverseProxySSLToUpstreamEnabled FALSE

zmprov ms `zmhostname` zimbraMailMode both

zmprov ms `zmhostname` zimbraReverseProxyMailMode both

./libexec/zmproxyconfig -e -w -o -a 8080:80:8443:443 -x both -H `zmhostname`

zmcontrol restart

After running this, netstat -lntp start showing nginx running on port 80 and 443

root@zim:~# netstat -lntp | egrep "80|443"
tcp        0      0 127.0.0.1:10663         0.0.0.0:*               LISTEN      10980/zmlogger: zmr
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      11354/nginx.conf
tcp        0      0 127.0.0.1:8080          0.0.0.0:*               LISTEN      11098/java      
tcp        0      0 116.203.102.86:8080     0.0.0.0:*               LISTEN      11098/java      
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      11354/nginx.conf
tcp6       0      0 :::7780                 :::*                    LISTEN      11707/httpd     
root@zim:~#

root@zim:~# netstat -lntp | egrep "80|443"

tcp 0 0 127.0.0.1:10663 0.0.0.0:* LISTEN 10980/zmlogger: zmr

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 11354/nginx.conf

tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 11098/java

tcp 0 0 116.203.102.86:8080 0.0.0.0:* LISTEN 11098/java

tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 11354/nginx.conf

tcp6 0 0 :::7780 :::* LISTEN 11707/httpd

root@zim:~#

Zimbra Mail Server CentOS firewall settings

August 9, 2019

by ServerOk with No Comment Mail

On CentOS 7 server with firewalld running, used following command to open ports used by Zimbra Mail Server.

firewall-cmd --zone=public --permanent --add-service=http
firewall-cmd --zone=public --permanent --add-service=https
firewall-cmd --zone=public --permanent --add-service=ssh
firewall-cmd --zone=public --permanent --add-port=110/tcp
firewall-cmd --zone=public --permanent --add-port=11211/tcp
firewall-cmd --zone=public --permanent --add-port=143/tcp
firewall-cmd --zone=public --permanent --add-port=25/tcp
firewall-cmd --zone=public --permanent --add-port=443/tcp
firewall-cmd --zone=public --permanent --add-port=465/tcp
firewall-cmd --zone=public --permanent --add-port=5222/tcp
firewall-cmd --zone=public --permanent --add-port=5269/tcp
firewall-cmd --zone=public --permanent --add-port=587/tcp
firewall-cmd --zone=public --permanent --add-port=7025/tcp
firewall-cmd --zone=public --permanent --add-port=7071/tcp
firewall-cmd --zone=public --permanent --add-port=7072/tcp
firewall-cmd --zone=public --permanent --add-port=7073/tcp
firewall-cmd --zone=public --permanent --add-port=7110/tcp
firewall-cmd --zone=public --permanent --add-port=7143/tcp
firewall-cmd --zone=public --permanent --add-port=7993/tcp
firewall-cmd --zone=public --permanent --add-port=7995/tcp
firewall-cmd --zone=public --permanent --add-port=8443/tcp
firewall-cmd --zone=public --permanent --add-port=993/tcp
firewall-cmd --zone=public --permanent --add-port=995/tcp
firewall-cmd --reload

firewall-cmd --zone=public --permanent --add-service=http

firewall-cmd --zone=public --permanent --add-service=https

firewall-cmd --zone=public --permanent --add-service=ssh

firewall-cmd --zone=public --permanent --add-port=110/tcp

firewall-cmd --zone=public --permanent --add-port=11211/tcp

firewall-cmd --zone=public --permanent --add-port=143/tcp

firewall-cmd --zone=public --permanent --add-port=25/tcp

firewall-cmd --zone=public --permanent --add-port=443/tcp

firewall-cmd --zone=public --permanent --add-port=465/tcp

firewall-cmd --zone=public --permanent --add-port=5222/tcp

firewall-cmd --zone=public --permanent --add-port=5269/tcp

firewall-cmd --zone=public --permanent --add-port=587/tcp

firewall-cmd --zone=public --permanent --add-port=7025/tcp

firewall-cmd --zone=public --permanent --add-port=7071/tcp

firewall-cmd --zone=public --permanent --add-port=7072/tcp

firewall-cmd --zone=public --permanent --add-port=7073/tcp

firewall-cmd --zone=public --permanent --add-port=7110/tcp

firewall-cmd --zone=public --permanent --add-port=7143/tcp

firewall-cmd --zone=public --permanent --add-port=7993/tcp

firewall-cmd --zone=public --permanent --add-port=7995/tcp

firewall-cmd --zone=public --permanent --add-port=8443/tcp

firewall-cmd --zone=public --permanent --add-port=993/tcp

firewall-cmd --zone=public --permanent --add-port=995/tcp

firewall-cmd --reload

See Zimbra, firewall-cmd

Zimbra redirect webmail http to https

August 9, 2019

by ServerOk with No Comment Mail

After Zimbra mail server installed, webmail work on url

https://SERVER-HOSTNAME-HERE/

If you access webmail with out HTTPS, it won’t work.

To set HTTP to redirect to HTTPS, login to server as root, switch to user zimbra

su - zimbra

1	su - zimbra

Run

zmprov ms SERVER_HOSTNAME_HERE zimbraReverseProxyMailMode redirect

1	zmprov ms SERVER_HOSTNAME_HERE zimbraReverseProxyMailMode redirect

Wait few minutes, HTTP link will redirect to HTTPS.

[root@correo ~]# netstat -lntp | grep 80                                                                                                                                                                    
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      22891/java                                                                                                                  
tcp6       0      0 :::7780                 :::*                    LISTEN      24005/httpd                                                                                                                 
[root@correo ~]# su - zimbra                                                                                                                                                                                
Last login: Thu Aug  8 21:33:52 CST 2019 on pts/0                                                                                                                                                           
[zimbra@correo ~]$ zmprov ms correo.net.gt zimbraReverseProxyMailMode redirect                                                                                                                              
[zimbra@correo ~]$

[root@correo ~]# netstat -lntp | grep 80

tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 22891/java

tcp6 0 0 :::7780 :::* LISTEN 24005/httpd

[root@correo ~]# su - zimbra

Last login: Thu Aug 8 21:33:52 CST 2019 on pts/0

[zimbra@correo ~]$ zmprov ms correo.net.gt zimbraReverseProxyMailMode redirect

[zimbra@correo ~]$

You need to wait few minutes before it can start working on HTTPS port, no restart required.

Now netstat shows nginx runs on port 80

[root@correo ~]# netstat -lntp| grep 80
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      90391/nginx: master 
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      22891/java          
tcp6       0      0 :::7780                 :::*                    LISTEN      24005/httpd         
[root@correo ~]#

[root@correo ~]# netstat -lntp| grep 80

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 90391/nginx: master

tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 22891/java

tcp6 0 0 :::7780 :::* LISTEN 24005/httpd

[root@correo ~]#

See Zimbra

Install SSL Certificate on Zimbra mail server

August 9, 2019

by ServerOk with No Comment Mail

To install SSL certificate for Zimbra Mail Server, login to server, switch to user zimbra

su - zimbra

1	su - zimbra

Now create file commercial.key, paste your Private key.

vi /opt/zimbra/ssl/zimbra/commercial/commercial.key

1	vi /opt/zimbra/ssl/zimbra/commercial/commercial.key

In commercial.crt, paste your SSL certificate.

vi /opt/zimbra/ssl/zimbra/commercial/commercial.crt

1	vi /opt/zimbra/ssl/zimbra/commercial/commercial.crt

Create commercial_ca.crt with content of your ca-bundle file.

vi /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt

1	vi /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt

Verify SSL cerificate

/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key  /opt/zimbra/ssl/zimbra/commercial/commercial.crt

1	/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/zimbra/ssl/zimbra/commercial/commercial.crt

If SSL verified sucessfully, you can install it with command

/opt/zimbra/bin/zmcertmgr deploycrt comm  /opt/zimbra/ssl/zimbra/commercial/commercial.crt /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt

1	/opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.crt /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt

To make SSL active, you need to restart Zimbra mail server with command

zmcontrol restart

1	zmcontrol restart

Email Marketing

July 21, 2019

by ServerOk with No Comment Mail

https://www.gmass.co – Allow you to send mass email using Gmail and G Suite.
OpenEMM – Install instructions.

DMARC

July 11, 2019

by ServerOk with No Comment Mail

DMARC is used to protect your email from email spoofing. DMARC use SPF and DKIM record to validate your email.

DMARC is a TXT record added in your domain DNS.

DMARC record look like

v=DMARC1;p=POLICY_HERE;pct=100;rua=mailto:postmaster@your-domain.com;ruf=mailto:admin@your-domain.com;rf=afrf

1	v=DMARC1;p=POLICY_HERE;pct=100;rua=mailto:postmaster@your-domain.com;ruf=mailto:admin@your-domain.com;rf=afrf

p=POLICY_HERE

This specifies what to do with incoming email that fails DMARC.

Valid options are none, quarantine and reject.

p=none – used for monitoring. If DMARC fails, remote mail server will sent a mail to “rua” or “ruf” tags specified in DMARC record.

p=quarantine – tell recipient mail server to put message in SPAM folder if DMARC fail.

p=reject – reject mail if DMARC fail.

rf=afrf – Specify type of report you will get.

Postfix disable IPv6

June 17, 2019

by ServerOk with No Comment Mail

To disable IPv6 on postfix mail server, edit

vi /etc/postfix/main.cf

1	vi /etc/postfix/main.cf

Find

inet_protocols = all

1	inet_protocols = all

Replace with

inet_protocols = ipv4

1	inet_protocols = ipv4

Restart postfix

systemctl restart postfix

1	systemctl restart postfix

Method 2

postconf -e inet_protocols=ipv4
systemctl restart postfix

1 2	postconf -e inet_protocols=ipv4 systemctl restart postfix