Category: Mail – ServerOK

Zimbra webmail not working on port 80/443

September 6, 2019

by ServerOk with No Comment Mail

On Zimbra mail server, webmail stopped working on Port 80/443. Admin interface worked properly on url https://hostname:7071/. There is no errors displayed under monitor tab of Zimbra Admin.

To fix, run

su - zimbra
zmprov ms `zmhostname` zimbraReverseProxySSLToUpstreamEnabled FALSE
zmprov ms `zmhostname` zimbraMailMode both
zmprov ms `zmhostname` zimbraReverseProxyMailMode both
./libexec/zmproxyconfig -e -w -o -a 8080:80:8443:443 -x both -H `zmhostname`
zmcontrol restart

su - zimbra

zmprov ms `zmhostname` zimbraReverseProxySSLToUpstreamEnabled FALSE

zmprov ms `zmhostname` zimbraMailMode both

zmprov ms `zmhostname` zimbraReverseProxyMailMode both

./libexec/zmproxyconfig -e -w -o -a 8080:80:8443:443 -x both -H `zmhostname`

zmcontrol restart

After running this, netstat -lntp start showing nginx running on port 80 and 443

root@zim:~# netstat -lntp | egrep "80|443"
tcp        0      0 127.0.0.1:10663         0.0.0.0:*               LISTEN      10980/zmlogger: zmr
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      11354/nginx.conf
tcp        0      0 127.0.0.1:8080          0.0.0.0:*               LISTEN      11098/java      
tcp        0      0 116.203.102.86:8080     0.0.0.0:*               LISTEN      11098/java      
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      11354/nginx.conf
tcp6       0      0 :::7780                 :::*                    LISTEN      11707/httpd     
root@zim:~#

root@zim:~# netstat -lntp | egrep "80|443"

tcp 0 0 127.0.0.1:10663 0.0.0.0:* LISTEN 10980/zmlogger: zmr

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 11354/nginx.conf

tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 11098/java

tcp 0 0 116.203.102.86:8080 0.0.0.0:* LISTEN 11098/java

tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 11354/nginx.conf

tcp6 0 0 :::7780 :::* LISTEN 11707/httpd

root@zim:~#

Zimbra Mail Server CentOS firewall settings

August 9, 2019

by ServerOk with No Comment Mail

On CentOS 7 server with firewalld running, used following command to open ports used by Zimbra Mail Server.

firewall-cmd --zone=public --permanent --add-service=http
firewall-cmd --zone=public --permanent --add-service=https
firewall-cmd --zone=public --permanent --add-service=ssh
firewall-cmd --zone=public --permanent --add-port=110/tcp
firewall-cmd --zone=public --permanent --add-port=11211/tcp
firewall-cmd --zone=public --permanent --add-port=143/tcp
firewall-cmd --zone=public --permanent --add-port=25/tcp
firewall-cmd --zone=public --permanent --add-port=443/tcp
firewall-cmd --zone=public --permanent --add-port=465/tcp
firewall-cmd --zone=public --permanent --add-port=5222/tcp
firewall-cmd --zone=public --permanent --add-port=5269/tcp
firewall-cmd --zone=public --permanent --add-port=587/tcp
firewall-cmd --zone=public --permanent --add-port=7025/tcp
firewall-cmd --zone=public --permanent --add-port=7071/tcp
firewall-cmd --zone=public --permanent --add-port=7072/tcp
firewall-cmd --zone=public --permanent --add-port=7073/tcp
firewall-cmd --zone=public --permanent --add-port=7110/tcp
firewall-cmd --zone=public --permanent --add-port=7143/tcp
firewall-cmd --zone=public --permanent --add-port=7993/tcp
firewall-cmd --zone=public --permanent --add-port=7995/tcp
firewall-cmd --zone=public --permanent --add-port=8443/tcp
firewall-cmd --zone=public --permanent --add-port=993/tcp
firewall-cmd --zone=public --permanent --add-port=995/tcp
firewall-cmd --reload

firewall-cmd --zone=public --permanent --add-service=http

firewall-cmd --zone=public --permanent --add-service=https

firewall-cmd --zone=public --permanent --add-service=ssh

firewall-cmd --zone=public --permanent --add-port=110/tcp

firewall-cmd --zone=public --permanent --add-port=11211/tcp

firewall-cmd --zone=public --permanent --add-port=143/tcp

firewall-cmd --zone=public --permanent --add-port=25/tcp

firewall-cmd --zone=public --permanent --add-port=443/tcp

firewall-cmd --zone=public --permanent --add-port=465/tcp

firewall-cmd --zone=public --permanent --add-port=5222/tcp

firewall-cmd --zone=public --permanent --add-port=5269/tcp

firewall-cmd --zone=public --permanent --add-port=587/tcp

firewall-cmd --zone=public --permanent --add-port=7025/tcp

firewall-cmd --zone=public --permanent --add-port=7071/tcp

firewall-cmd --zone=public --permanent --add-port=7072/tcp

firewall-cmd --zone=public --permanent --add-port=7073/tcp

firewall-cmd --zone=public --permanent --add-port=7110/tcp

firewall-cmd --zone=public --permanent --add-port=7143/tcp

firewall-cmd --zone=public --permanent --add-port=7993/tcp

firewall-cmd --zone=public --permanent --add-port=7995/tcp

firewall-cmd --zone=public --permanent --add-port=8443/tcp

firewall-cmd --zone=public --permanent --add-port=993/tcp

firewall-cmd --zone=public --permanent --add-port=995/tcp

firewall-cmd --reload

See Zimbra, firewall-cmd

Zimbra redirect webmail http to https

August 9, 2019

by ServerOk with No Comment Mail

After Zimbra mail server installed, webmail work on url

https://SERVER-HOSTNAME-HERE/

If you access webmail with out HTTPS, it won’t work.

To set HTTP to redirect to HTTPS, login to server as root, switch to user zimbra

su - zimbra

1	su - zimbra

Run

zmprov ms SERVER_HOSTNAME_HERE zimbraReverseProxyMailMode redirect

1	zmprov ms SERVER_HOSTNAME_HERE zimbraReverseProxyMailMode redirect

Wait few minutes, HTTP link will redirect to HTTPS.

[root@correo ~]# netstat -lntp | grep 80                                                                                                                                                                    
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      22891/java                                                                                                                  
tcp6       0      0 :::7780                 :::*                    LISTEN      24005/httpd                                                                                                                 
[root@correo ~]# su - zimbra                                                                                                                                                                                
Last login: Thu Aug  8 21:33:52 CST 2019 on pts/0                                                                                                                                                           
[zimbra@correo ~]$ zmprov ms correo.net.gt zimbraReverseProxyMailMode redirect                                                                                                                              
[zimbra@correo ~]$

[root@correo ~]# netstat -lntp | grep 80

tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 22891/java

tcp6 0 0 :::7780 :::* LISTEN 24005/httpd

[root@correo ~]# su - zimbra

Last login: Thu Aug 8 21:33:52 CST 2019 on pts/0

[zimbra@correo ~]$ zmprov ms correo.net.gt zimbraReverseProxyMailMode redirect

[zimbra@correo ~]$

You need to wait few minutes before it can start working on HTTPS port, no restart required.

Now netstat shows nginx runs on port 80

[root@correo ~]# netstat -lntp| grep 80
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      90391/nginx: master 
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      22891/java          
tcp6       0      0 :::7780                 :::*                    LISTEN      24005/httpd         
[root@correo ~]#

[root@correo ~]# netstat -lntp| grep 80

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 90391/nginx: master

tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 22891/java

tcp6 0 0 :::7780 :::* LISTEN 24005/httpd

[root@correo ~]#

See Zimbra

Install SSL Certificate on Zimbra mail server

August 9, 2019

by ServerOk with No Comment Mail

To install SSL certificate for Zimbra Mail Server, login to server, switch to user zimbra

su - zimbra

1	su - zimbra

Now create file commercial.key, paste your Private key.

vi /opt/zimbra/ssl/zimbra/commercial/commercial.key

1	vi /opt/zimbra/ssl/zimbra/commercial/commercial.key

In commercial.crt, paste your SSL certificate.

vi /opt/zimbra/ssl/zimbra/commercial/commercial.crt

1	vi /opt/zimbra/ssl/zimbra/commercial/commercial.crt

Create commercial_ca.crt with content of your ca-bundle file.

vi /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt

1	vi /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt

Verify SSL cerificate

/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key  /opt/zimbra/ssl/zimbra/commercial/commercial.crt

1	/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/zimbra/ssl/zimbra/commercial/commercial.crt

If SSL verified sucessfully, you can install it with command

/opt/zimbra/bin/zmcertmgr deploycrt comm  /opt/zimbra/ssl/zimbra/commercial/commercial.crt /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt

1	/opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.crt /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt

To make SSL active, you need to restart Zimbra mail server with command

zmcontrol restart

1	zmcontrol restart

Email Marketing

July 21, 2019

by ServerOk with No Comment Mail

https://www.gmass.co – Allow you to send mass email using Gmail and G Suite.

DMARC

July 11, 2019

by ServerOk with No Comment Mail

DMARC is used to protect your email from email spoofing. DMARC use SPF and DKIM record to validate your email.

DMARC is a TXT record added in your domain DNS.

DMARC record look like

v=DMARC1;p=POLICY_HERE;pct=100;rua=mailto:postmaster@your-domain.com;ruf=mailto:admin@your-domain.com;rf=afrf

1	v=DMARC1;p=POLICY_HERE;pct=100;rua=mailto:postmaster@your-domain.com;ruf=mailto:admin@your-domain.com;rf=afrf

p=POLICY_HERE

This specifies what to do with incoming email that fails DMARC.

Valid options are none, quarantine and reject.

p=none – used for monitoring. If DMARC fails, remote mail server will sent a mail to “rua” or “ruf” tags specified in DMARC record.

p=quarantine – tell recipient mail server to put message in SPAM folder if DMARC fail.

p=reject – reject mail if DMARC fail.

rf=afrf – Specify type of report you will get.

Postfix disable IPv6

June 17, 2019

by ServerOk with No Comment Mail

To disable IPv6 on postfix mail server, edit

vi /etc/postfix/main.cf

1	vi /etc/postfix/main.cf

Find

inet_protocols = all

1	inet_protocols = all

Replace with

inet_protocols = ipv4

1	inet_protocols = ipv4

Restart postfix

systemctl restart postfix

1	systemctl restart postfix

Configure postfix to relay mails using Gmail

May 31, 2019

by ServerOk with No Comment Mail

Install postfix

apt update
apt install postfix libsasl2-modules

1 2	apt update apt install postfix libsasl2-modules

Create file

touch /etc/postfix/sasl_passwd
chmod 600 /etc/postfix/sasl_passwd
vi /etc/postfix/sasl_passwd

touch /etc/postfix/sasl_passwd

chmod 600 /etc/postfix/sasl_passwd

vi /etc/postfix/sasl_passwd

Add

[smtp.gmail.com]:587    user@gmail.com:password

1	[smtp.gmail.com]:587 user@gmail.com:password

Save and exit editor. Run

postmap /etc/postfix/sasl_passwd

1	postmap /etc/postfix/sasl_passwd

Edit postfix configuration file

vi /etc/postfix/main.cf

1	vi /etc/postfix/main.cf

Find and remove

relayhost =

1	relayhost =

At end of the file, add

relayhost = [smtp.gmail.com]:587
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options =
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

relayhost = [smtp.gmail.com]:587

smtp_use_tls = yes

smtp_sasl_auth_enable = yes

smtp_sasl_security_options =

smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

Restart postfix

systemctl restart postfix

1	systemctl restart postfix

Now all mails will be forwarded using gmail.

Test Email Delivery

Install mailutils

apt install mailutils

1	apt install mailutils

To sent test email, run

echo "test" | mail -s "Testing gmail" you@yourdomain.com

1	echo "test" \| mail -s "Testing gmail" you@yourdomain.com

Check mail log

tail -f /var/log/mail.log

1	tail -f /var/log/mail.log

See postfix

Zimbra Unable to validate certificate chain

March 19, 2019

by ServerOk with No Comment Mail

On installing SSL on Zimbra mail server, i get following error

zimbra@zim:~/boby$ /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key  /opt/zimbra/boby/zim_simplecloud_co_za.crt
** Verifying '/opt/zimbra/boby/zim_simplecloud_co_za.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'
Certificate '/opt/zimbra/boby/zim_simplecloud_co_za.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.
** Verifying '/opt/zimbra/boby/zim_simplecloud_co_za.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt'
ERROR: Unable to validate certificate chain: /opt/zimbra/boby/zim_simplecloud_co_za.crt: C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
error 2 at 2 depth lookup:unable to get issuer certificate
zimbra@zim:~/boby$

zimbra@zim:~/boby$ /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/zimbra/boby/zim_simplecloud_co_za.crt

** Verifying '/opt/zimbra/boby/zim_simplecloud_co_za.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'

Certificate '/opt/zimbra/boby/zim_simplecloud_co_za.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.

** Verifying '/opt/zimbra/boby/zim_simplecloud_co_za.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt'

ERROR: Unable to validate certificate chain: /opt/zimbra/boby/zim_simplecloud_co_za.crt: C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority

error 2 at 2 depth lookup:unable to get issuer certificate

zimbra@zim:~/boby$

This was due to SSL cert chain. The ca-bundle file they provided did not work with Zimbra. This is due to some issue with the order in witch CA Certificate files are placed. Here is zimba documentaion related to this issue

https://wiki.zimbra.com/wiki/Fix_depth_lookup:unable_to_get_issuer_certificate

I checked with SSL provider, they initially provided a combined SSL certificate, that have cert file + ca certificate. I tried to install it, but it did not work.

After showing SSL support the screenshot of the SSL install page, they provided me with 3 differnt files.

In the zimbra SSL install, you have option to add more intermediate CA by clicking “Add Intermediate CA” link.

The provided files are

root.ca
intermediate1.ca-bundle
intermediate2.ca-bundle

root.ca

intermediate1.ca-bundle

intermediate2.ca-bundle

I tried to install it using UI, but it failed with some error related to RemoteManager and port 22.

To install on Command line, first you need to login as user zimbra

su - zimbra

1	su - zimbra

I copied all files provided by SSL provider to the server. Change to SSL folder

cd /opt/zimbra/ssl/zimbra/commercial/

1	cd /opt/zimbra/ssl/zimbra/commercial/

Edited the file

vi commercial.crt

1	vi commercial.crt

Pasted the SSL certificate content to this file. commercial.key file have the private key, this get auto generated during the CSR generation process.

Now i tried mixing those 3 files (CA certs) to create commerical_ca.crt, but it failed to work

zimbra@zim:~/ssl/zimbra/commercial$ cat  ~/boby/root.crt ~/boby/intermediate1.ca-bundle > /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt
zimbra@zim:~/ssl/zimbra/commercial$ /opt/zimbra/bin/zmcertmgr verifycrt comm commercial.key commercial.crt
** Verifying 'commercial.crt' against 'commercial.key'
Certificate 'commercial.crt' and private key 'commercial.key' match.
** Verifying 'commercial.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt'
ERROR: Unable to validate certificate chain: Error loading file /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt
140015104063128:error:0906D066:PEM routines:PEM_read_bio:bad end line:pem_lib.c:815:
140015104063128:error:0B084009:x509 certificate routines:X509_load_cert_crl_file:PEM lib:by_file.c:259:
zimbra@zim:~/ssl/zimbra/commercial$

zimbra@zim:~/ssl/zimbra/commercial$ cat ~/boby/root.crt ~/boby/intermediate1.ca-bundle > /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt

zimbra@zim:~/ssl/zimbra/commercial$ /opt/zimbra/bin/zmcertmgr verifycrt comm commercial.key commercial.crt

** Verifying 'commercial.crt' against 'commercial.key'

Certificate 'commercial.crt' and private key 'commercial.key' match.

** Verifying 'commercial.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt'

ERROR: Unable to validate certificate chain: Error loading file /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt

140015104063128:error:0906D066:PEM routines:PEM_read_bio:bad end line:pem_lib.c:815:

140015104063128:error:0B084009:x509 certificate routines:X509_load_cert_crl_file:PEM lib:by_file.c:259:

zimbra@zim:~/ssl/zimbra/commercial$

After few try, mixing ca certificate in following order got it work.

zimbra@zim:~/ssl/zimbra/commercial$ cat   ~/boby/intermediate1.ca-bundle  ~/boby/intermediate2.ca-bundle ~/boby/root.crt > /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt
zimbra@zim:~/ssl/zimbra/commercial$ /opt/zimbra/bin/zmcertmgr verifycrt comm commercial.key commercial.crt
** Verifying 'commercial.crt' against 'commercial.key'
Certificate 'commercial.crt' and private key 'commercial.key' match.
** Verifying 'commercial.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt'
Valid certificate chain: commercial.crt: OK
zimbra@zim:~/ssl/zimbra/commercial$

zimbra@zim:~/ssl/zimbra/commercial$ cat ~/boby/intermediate1.ca-bundle ~/boby/intermediate2.ca-bundle ~/boby/root.crt > /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt

zimbra@zim:~/ssl/zimbra/commercial$ /opt/zimbra/bin/zmcertmgr verifycrt comm commercial.key commercial.crt

** Verifying 'commercial.crt' against 'commercial.key'

Certificate 'commercial.crt' and private key 'commercial.key' match.

** Verifying 'commercial.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt'

Valid certificate chain: commercial.crt: OK

zimbra@zim:~/ssl/zimbra/commercial$

Now installed SSL with

zimbra@zim:~/ssl/zimbra/commercial$ /opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt commercial_ca.crt
** Fixing newlines in 'commercial_ca.crt'
** Verifying 'commercial.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'
Certificate 'commercial.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.
** Verifying 'commercial.crt' against 'commercial_ca.crt'
Valid certificate chain: commercial.crt: OK
** Copying 'commercial.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt'
'commercial.crt' and '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' are identical (not copied) at /opt/zimbra/bin/zmcertmgr line 1278.
** Copying 'commercial_ca.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt'
'commercial_ca.crt' and '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' are identical (not copied) at /opt/zimbra/bin/zmcertmgr line 1278.
** Appending ca chain 'commercial_ca.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt'
** Importing cert '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' as 'zcs-user-commercial_ca' into cacerts '/opt/zimbra/common/lib/jvm/java/jre/lib/security/cacerts'
** NOTE: restart mailboxd to use the imported certificate.
** Saving config key 'zimbraSSLCertificate' via zmprov modifyServer zim.simplecloud.co.za...ok
** Saving config key 'zimbraSSLPrivateKey' via zmprov modifyServer zim.simplecloud.co.za...ok
** Installing imapd certificate '/opt/zimbra/conf/imapd.crt' and key '/opt/zimbra/conf/imapd.key'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/imapd.crt'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/imapd.key'
** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12'
** Creating keystore '/opt/zimbra/conf/imapd.keystore'
** Installing ldap certificate '/opt/zimbra/conf/slapd.crt' and key '/opt/zimbra/conf/slapd.key'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/slapd.crt'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/slapd.key'
** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12'
** Creating keystore '/opt/zimbra/mailboxd/etc/keystore'
** Installing mta certificate '/opt/zimbra/conf/smtpd.crt' and key '/opt/zimbra/conf/smtpd.key'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/smtpd.crt'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/smtpd.key'
** Installing proxy certificate '/opt/zimbra/conf/nginx.crt' and key '/opt/zimbra/conf/nginx.key'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/nginx.crt'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/nginx.key'
** NOTE: restart services to use the new certificates.
** Cleaning up 3 files from '/opt/zimbra/conf/ca'
** Removing /opt/zimbra/conf/ca/ca.key
** Removing /opt/zimbra/conf/ca/ca.pem
** Removing /opt/zimbra/conf/ca/44fca4b1.0
** Copying CA to /opt/zimbra/conf/ca
** Copying '/opt/zimbra/ssl/zimbra/ca/ca.key' to '/opt/zimbra/conf/ca/ca.key'
** Copying '/opt/zimbra/ssl/zimbra/ca/ca.pem' to '/opt/zimbra/conf/ca/ca.pem'
** Creating CA hash symlink '44fca4b1.0' -> 'ca.pem'
** Creating /opt/zimbra/conf/ca/commercial_ca_1.crt
** Creating CA hash symlink '65ff7287.0' -> 'commercial_ca_1.crt'
** Creating /opt/zimbra/conf/ca/commercial_ca_2.crt
** Creating CA hash symlink 'fc5a8f99.0' -> 'commercial_ca_2.crt'
** Creating /opt/zimbra/conf/ca/commercial_ca_3.crt
** Creating CA hash symlink '157753a5.0' -> 'commercial_ca_3.crt'
zimbra@zim:~/ssl/zimbra/commercial$

zimbra@zim:~/ssl/zimbra/commercial$ /opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt commercial_ca.crt

** Fixing newlines in 'commercial_ca.crt'

** Verifying 'commercial.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'

Certificate 'commercial.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.

** Verifying 'commercial.crt' against 'commercial_ca.crt'

Valid certificate chain: commercial.crt: OK

** Copying 'commercial.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt'

'commercial.crt' and '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' are identical (not copied) at /opt/zimbra/bin/zmcertmgr line 1278.

** Copying 'commercial_ca.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt'

'commercial_ca.crt' and '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' are identical (not copied) at /opt/zimbra/bin/zmcertmgr line 1278.

** Appending ca chain 'commercial_ca.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt'

** Importing cert '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' as 'zcs-user-commercial_ca' into cacerts '/opt/zimbra/common/lib/jvm/java/jre/lib/security/cacerts'

** NOTE: restart mailboxd to use the imported certificate.

** Saving config key 'zimbraSSLCertificate' via zmprov modifyServer zim.simplecloud.co.za...ok

** Saving config key 'zimbraSSLPrivateKey' via zmprov modifyServer zim.simplecloud.co.za...ok

** Installing imapd certificate '/opt/zimbra/conf/imapd.crt' and key '/opt/zimbra/conf/imapd.key'

** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/imapd.crt'

** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/imapd.key'

** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12'

** Creating keystore '/opt/zimbra/conf/imapd.keystore'

** Installing ldap certificate '/opt/zimbra/conf/slapd.crt' and key '/opt/zimbra/conf/slapd.key'

** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/slapd.crt'

** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/slapd.key'

** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12'

** Creating keystore '/opt/zimbra/mailboxd/etc/keystore'

** Installing mta certificate '/opt/zimbra/conf/smtpd.crt' and key '/opt/zimbra/conf/smtpd.key'

** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/smtpd.crt'

** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/smtpd.key'

** Installing proxy certificate '/opt/zimbra/conf/nginx.crt' and key '/opt/zimbra/conf/nginx.key'

** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/nginx.crt'

** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/nginx.key'

** NOTE: restart services to use the new certificates.

** Cleaning up 3 files from '/opt/zimbra/conf/ca'

** Removing /opt/zimbra/conf/ca/ca.key

** Removing /opt/zimbra/conf/ca/ca.pem

** Removing /opt/zimbra/conf/ca/44fca4b1.0

** Copying CA to /opt/zimbra/conf/ca

** Copying '/opt/zimbra/ssl/zimbra/ca/ca.key' to '/opt/zimbra/conf/ca/ca.key'

** Copying '/opt/zimbra/ssl/zimbra/ca/ca.pem' to '/opt/zimbra/conf/ca/ca.pem'

** Creating CA hash symlink '44fca4b1.0' -> 'ca.pem'

** Creating /opt/zimbra/conf/ca/commercial_ca_1.crt

** Creating CA hash symlink '65ff7287.0' -> 'commercial_ca_1.crt'

** Creating /opt/zimbra/conf/ca/commercial_ca_2.crt

** Creating CA hash symlink 'fc5a8f99.0' -> 'commercial_ca_2.crt'

** Creating /opt/zimbra/conf/ca/commercial_ca_3.crt

** Creating CA hash symlink '157753a5.0' -> 'commercial_ca_3.crt'

zimbra@zim:~/ssl/zimbra/commercial$

Now rebooted the server, after reboot SSL worked.

Postfix Delete Mails from a user

February 16, 2019

by ServerOk with No Comment Mail

To delete emails from a particular user from postfix mail queue, run

postqueue -p | grep USER_HERE | cut -d' '  -f1 | postsuper -d -

1	postqueue -p \| grep USER_HERE \| cut -d' ' -f1 \| postsuper -d -

See postfix