Default mail attachment size in iredmail is 10 MB. To increase mail attachment size, login to server as user root, run following commands
|
1 2 3 |
postconf -e message_size_limit=104857600 postconf -e mailbox_size_limit=104857600 systemctl restart postfix |
Here 104857600 is 100 MB in bytes (100 * 1024 * 1024). Change this as required. Sending very large file using mail attachment is not recommended, it is better use file […]
On Zimbra mail server, webmail stopped working on Port 80/443. Admin interface worked properly on url https://hostname:7071/. There is no errors displayed under monitor tab of Zimbra Admin. To fix, run
|
1 2 3 4 5 6 |
su - zimbra zmprov ms `zmhostname` zimbraReverseProxySSLToUpstreamEnabled FALSE zmprov ms `zmhostname` zimbraMailMode both zmprov ms `zmhostname` zimbraReverseProxyMailMode both ./libexec/zmproxyconfig -e -w -o -a 8080:80:8443:443 -x both -H `zmhostname` zmcontrol restart |
After running this, netstat -lntp start showing nginx running on port 80 and 443
|
1 2 3 4 5 6 7 8 |
root@zim:~# netstat -lntp | egrep "80|443" tcp 0 0 127.0.0.1:10663 0.0.0.0:* LISTEN 10980/zmlogger: zmr tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 11354/nginx.conf tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 11098/java tcp 0 0 116.203.102.86:8080 0.0.0.0:* LISTEN 11098/java tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 11354/nginx.conf tcp6 0 0 :::7780 :::* LISTEN 11707/httpd root@zim:~# |
[…]
On CentOS 7 server with firewalld running, used following command to open ports used by Zimbra Mail Server.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
firewall-cmd --zone=public --permanent --add-service=http firewall-cmd --zone=public --permanent --add-service=https firewall-cmd --zone=public --permanent --add-service=ssh firewall-cmd --zone=public --permanent --add-port=110/tcp firewall-cmd --zone=public --permanent --add-port=11211/tcp firewall-cmd --zone=public --permanent --add-port=143/tcp firewall-cmd --zone=public --permanent --add-port=25/tcp firewall-cmd --zone=public --permanent --add-port=443/tcp firewall-cmd --zone=public --permanent --add-port=465/tcp firewall-cmd --zone=public --permanent --add-port=5222/tcp firewall-cmd --zone=public --permanent --add-port=5269/tcp firewall-cmd --zone=public --permanent --add-port=587/tcp firewall-cmd --zone=public --permanent --add-port=7025/tcp firewall-cmd --zone=public --permanent --add-port=7071/tcp firewall-cmd --zone=public --permanent --add-port=7072/tcp firewall-cmd --zone=public --permanent --add-port=7073/tcp firewall-cmd --zone=public --permanent --add-port=7110/tcp firewall-cmd --zone=public --permanent --add-port=7143/tcp firewall-cmd --zone=public --permanent --add-port=7993/tcp firewall-cmd --zone=public --permanent --add-port=7995/tcp firewall-cmd --zone=public --permanent --add-port=8443/tcp firewall-cmd --zone=public --permanent --add-port=993/tcp firewall-cmd --zone=public --permanent --add-port=995/tcp firewall-cmd --reload |
See Zimbra, firewall-cmd […]
After Zimbra mail server installed, webmail work on url https://SERVER-HOSTNAME-HERE/ If you access webmail with out HTTPS, it won’t work. To set HTTP to redirect to HTTPS, login to server as root, switch to user zimbra
|
1 |
su - zimbra |
Run
|
1 |
zmprov ms SERVER_HOSTNAME_HERE zimbraReverseProxyMailMode redirect |
Wait few minutes, HTTP link will redirect to HTTPS.
|
1 2 3 4 5 6 7 |
[root@correo ~]# netstat -lntp | grep 80 tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 22891/java tcp6 0 0 :::7780 :::* LISTEN 24005/httpd [root@correo ~]# su - zimbra Last login: Thu Aug 8 21:33:52 CST 2019 on pts/0 [zimbra@correo ~]$ zmprov ms correo.net.gt zimbraReverseProxyMailMode redirect [zimbra@correo ~]$ |
You need to wait few minutes […]
To install SSL certificate for Zimbra Mail Server, login to server, switch to user zimbra
|
1 |
su - zimbra |
Now create file commercial.key, paste your Private key.
|
1 |
vi /opt/zimbra/ssl/zimbra/commercial/commercial.key |
In commercial.crt, paste your SSL certificate.
|
1 |
vi /opt/zimbra/ssl/zimbra/commercial/commercial.crt |
Create commercial_ca.crt with content of your ca-bundle file.
|
1 |
vi /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt |
Verify SSL cerificate
|
1 |
/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/zimbra/ssl/zimbra/commercial/commercial.crt |
If SSL verified sucessfully, you can install it with command […]
https://convertkit.com – Free upto 1000 subscribers. https://mailchimp.com – Free upto 2000 subscribers. https://www.gmass.co – Allow you to send mass email using Gmail and G Suite. OpenEMM – Install instructions. https://yamm.com […]
DMARC is used to protect your email from email spoofing. DMARC use SPF and DKIM record to validate your email. DMARC is a TXT record added in your domain DNS. DMARC record look like
|
1 |
v=DMARC1;p=POLICY_HERE;pct=100;rua=mailto:postmaster@your-domain.com;ruf=mailto:admin@your-domain.com;rf=afrf |
p=POLICY_HERE This specifies what to do with incoming email that fails DMARC. Valid options are none, quarantine and reject. p=none […]
To disable IPv6 on postfix mail server, edit
|
1 |
vi /etc/postfix/main.cf |
Find
|
1 |
inet_protocols = all |
Replace with
|
1 |
inet_protocols = ipv4 |
Restart postfix
|
1 |
systemctl restart postfix |
Method 2
|
1 2 |
postconf -e inet_protocols=ipv4 systemctl restart postfix |
[…]
Install postfix
|
1 2 |
apt update apt install postfix libsasl2-modules |
Create file
|
1 2 3 |
touch /etc/postfix/sasl_passwd chmod 600 /etc/postfix/sasl_passwd vi /etc/postfix/sasl_passwd |
Add
|
1 |
[smtp.gmail.com]:587 user@gmail.com:password |
Save and exit editor. Run
|
1 |
postmap /etc/postfix/sasl_passwd |
Edit postfix configuration file
|
1 |
vi /etc/postfix/main.cf |
Find and remove
|
1 |
relayhost = |
At end of the file, add
|
1 2 3 4 5 6 |
relayhost = [smtp.gmail.com]:587 smtp_use_tls = yes smtp_sasl_auth_enable = yes smtp_sasl_security_options = smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt |
Restart postfix
|
1 |
systemctl restart postfix |
Now all mails will be forwarded using gmail. Test Email Delivery Install mailutils
|
1 |
apt install mailutils |
On CentOS
|
1 |
yum install mailx |
To sent test email, run […]
On installing SSL on Zimbra mail server, i get following error
|
1 2 3 4 5 6 7 |
zimbra@zim:~/boby$ /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/zimbra/boby/zim_simplecloud_co_za.crt ** Verifying '/opt/zimbra/boby/zim_simplecloud_co_za.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key' Certificate '/opt/zimbra/boby/zim_simplecloud_co_za.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match. ** Verifying '/opt/zimbra/boby/zim_simplecloud_co_za.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' ERROR: Unable to validate certificate chain: /opt/zimbra/boby/zim_simplecloud_co_za.crt: C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority error 2 at 2 depth lookup:unable to get issuer certificate zimbra@zim:~/boby$ |
This was due to SSL cert chain. The ca-bundle file they provided did not work with Zimbra. This is due to some issue with the order in witch CA Certificate files are placed. Here is zimba documentaion related to this issue https://wiki.zimbra.com/wiki/Fix_depth_lookup:unable_to_get_issuer_certificate I […]