Category: Mail

  • iredmail increase mail attachment size

    Default mail attachment size in iredmail is 10 MB. To increase mail attachment size, login to server as user root, run following commands

    postconf -e message_size_limit=104857600
    postconf -e mailbox_size_limit=104857600
    systemctl restart postfix
    

    Here 104857600 is 100 MB in bytes (100 * 1024 * 1024). Change this as required. Sending very large file using mail attachment is not recommended, it is better use file sharing services like Google Drive, Dropbox, Microsoft OneDrive or another file hosting service for sharing large files.

    Now edit php.ini file

    vi /etc/php/7.2/fpm/php.ini
    

    Change value for 3 of the following settings. It can be anything above 100 MB or whatever attachment size you want to use.

    memory_limit = 256M;
    upload_max_filesize = 100M;
    post_max_size = 120M;
    

    Restart php-fpm

    systemctl restart php7.2-fpm
    

    Edit roundcube configuration file

    vi /opt/www/roundcubemail/config/config.inc.php
    

    Set value for

    $config['max_message_size'] = '100M';
    

    Edit Nginx config file

    vi /etc/nginx/conf-available/client_max_body_size.conf
    

    Set value for

    client_max_body_size 100m;
    

    restart nginx

    systemctl restart nginx
    
  • Zimbra webmail not working on port 80/443

    On Zimbra mail server, webmail stopped working on Port 80/443. Admin interface worked properly on url https://hostname:7071/. There is no errors displayed under monitor tab of Zimbra Admin.

    To fix, run

    su - zimbra
    zmprov ms `zmhostname` zimbraReverseProxySSLToUpstreamEnabled FALSE
    zmprov ms `zmhostname` zimbraMailMode both
    zmprov ms `zmhostname` zimbraReverseProxyMailMode both
    ./libexec/zmproxyconfig -e -w -o -a 8080:80:8443:443 -x both -H `zmhostname`
    zmcontrol restart
    

    After running this, netstat -lntp start showing nginx running on port 80 and 443

    root@zim:~# netstat -lntp | egrep "80|443"
    tcp        0      0 127.0.0.1:10663         0.0.0.0:*               LISTEN      10980/zmlogger: zmr
    tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      11354/nginx.conf
    tcp        0      0 127.0.0.1:8080          0.0.0.0:*               LISTEN      11098/java      
    tcp        0      0 116.203.102.86:8080     0.0.0.0:*               LISTEN      11098/java      
    tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      11354/nginx.conf
    tcp6       0      0 :::7780                 :::*                    LISTEN      11707/httpd     
    root@zim:~# 
    
  • Zimbra Mail Server CentOS firewall settings

    On CentOS 7 server with firewalld running, used following command to open ports used by Zimbra Mail Server.

    firewall-cmd --zone=public --permanent --add-service=http
    firewall-cmd --zone=public --permanent --add-service=https
    firewall-cmd --zone=public --permanent --add-service=ssh
    firewall-cmd --zone=public --permanent --add-port=110/tcp
    firewall-cmd --zone=public --permanent --add-port=11211/tcp
    firewall-cmd --zone=public --permanent --add-port=143/tcp
    firewall-cmd --zone=public --permanent --add-port=25/tcp
    firewall-cmd --zone=public --permanent --add-port=443/tcp
    firewall-cmd --zone=public --permanent --add-port=465/tcp
    firewall-cmd --zone=public --permanent --add-port=5222/tcp
    firewall-cmd --zone=public --permanent --add-port=5269/tcp
    firewall-cmd --zone=public --permanent --add-port=587/tcp
    firewall-cmd --zone=public --permanent --add-port=7025/tcp
    firewall-cmd --zone=public --permanent --add-port=7071/tcp
    firewall-cmd --zone=public --permanent --add-port=7072/tcp
    firewall-cmd --zone=public --permanent --add-port=7073/tcp
    firewall-cmd --zone=public --permanent --add-port=7110/tcp
    firewall-cmd --zone=public --permanent --add-port=7143/tcp
    firewall-cmd --zone=public --permanent --add-port=7993/tcp
    firewall-cmd --zone=public --permanent --add-port=7995/tcp
    firewall-cmd --zone=public --permanent --add-port=8443/tcp
    firewall-cmd --zone=public --permanent --add-port=993/tcp
    firewall-cmd --zone=public --permanent --add-port=995/tcp
    firewall-cmd --reload
    

    See Zimbra, firewall-cmd

  • Zimbra redirect webmail http to https

    After Zimbra mail server installed, webmail work on url

    https://SERVER-HOSTNAME-HERE/

    If you access webmail with out HTTPS, it won’t work.

    To set HTTP to redirect to HTTPS, login to server as root, switch to user zimbra

    su - zimbra
    

    Run

    zmprov ms SERVER_HOSTNAME_HERE zimbraReverseProxyMailMode redirect
    

    Wait few minutes, HTTP link will redirect to HTTPS.

    [root@correo ~]# netstat -lntp | grep 80                                                                                                                                                                    
    tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      22891/java                                                                                                                  
    tcp6       0      0 :::7780                 :::*                    LISTEN      24005/httpd                                                                                                                 
    [root@correo ~]# su - zimbra                                                                                                                                                                                
    Last login: Thu Aug  8 21:33:52 CST 2019 on pts/0                                                                                                                                                           
    [zimbra@correo ~]$ zmprov ms correo.net.gt zimbraReverseProxyMailMode redirect                                                                                                                              
    [zimbra@correo ~]$
    

    You need to wait few minutes before it can start working on HTTPS port, no restart required.

    Now netstat shows nginx runs on port 80

    [root@correo ~]# netstat -lntp| grep 80
    tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      90391/nginx: master 
    tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      22891/java          
    tcp6       0      0 :::7780                 :::*                    LISTEN      24005/httpd         
    [root@correo ~]# 
    

    See Zimbra

  • Install SSL Certificate on Zimbra mail server

    Install SSL Certificate on Zimbra mail server

    To install SSL certificate for Zimbra Mail Server, login to server, switch to user zimbra

    su - zimbra
    

    Now create file commercial.key, paste your Private key.

    vi /opt/zimbra/ssl/zimbra/commercial/commercial.key
    

    In commercial.crt, paste your SSL certificate.

    vi /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    

    Create commercial_ca.crt with content of your ca-bundle file.

    vi /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt
    

    Verify SSL cerificate

    /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key  /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    

    Zimbra SSL

    If SSL verified sucessfully, you can install it with command

    /opt/zimbra/bin/zmcertmgr deploycrt comm  /opt/zimbra/ssl/zimbra/commercial/commercial.crt /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt
    

    Zimbra SSL install

    To make SSL active, you need to restart Zimbra mail server with command

    zmcontrol restart
    
  • Email Marketing

    https://sendpulse.com – Free upto 500 subscribers.
    https://convertkit.com – Free upto 1000 subscribers.
    https://mailchimp.com – Free upto 2000 subscribers.
    https://www.gmass.co – Allow you to send mass email using Gmail and G Suite.
    OpenEMMInstall instructions.
    https://yamm.com
    https://www.klaviyo.com – email marketing
    https://github.com/AfterShip/email-verifier – email verifier
    https://www.lemlist.com/cold-email-templates – Cold Email Templates.

    Find Email

    https://anymailfinder.com – find email address of business owner.
    https://www.apollo.io/ – Apollo is too for cold-outbound email. They have access to everyone’s email with 99% accuracy and a super simple drip sequence.

    Marketing Ideas

    https://marketingexamples.com
    https://www.facebook.com/ads/library/ – see all currently running facebook ads.
    https://reallygoodemails.com – email templates.

    Other Useful

    https://www.hotjar.com – see what visitors doing on your website.
    https://www.similarweb.com – See what your competition doing.

  • DMARC

    DMARC is used to protect your email from email spoofing. DMARC use SPF and DKIM record to validate your email.

    DMARC is a TXT record added in your domain DNS.

    DMARC record look like

    v=DMARC1;p=POLICY_HERE;pct=100;rua=mailto:[email protected];ruf=mailto:[email protected];rf=afrf
    

    p=POLICY_HERE

    This specifies what to do with incoming email that fails DMARC.

    Valid options are none, quarantine and reject.

    p=none – used for monitoring. If DMARC fails, the remote mail server will send a mail to “rua” or “ruf” tags specified in the DMARC record.

    p=quarantine – tell the recipient mail server to put the message in the SPAM folder if DMARC fails.

    p=reject – reject mail if DMARC fails.

    rf=afrf – Specify the type of report you will get.

    Reject Emails that fail DKIM/SPF check

    v=DMARC1; p=reject; rua=mailto:[email protected]
    

    Filter and Reject Only 95% mails

    v=DMARC1; p=reject; pct=95; rua=mailto:[email protected]
    

    Quarantine Emails that fail DKIM/SPF check

    v=DMARC1; p=quarantine; rua=mailto:[email protected]
    

    Back to Mail

  • Postfix disable IPv6

    To disable IPv6 on the postfix mail server, edit

    vi /etc/postfix/main.cf
    

    Find

    inet_protocols = all
    

    Replace with

    inet_protocols = ipv4
    

    Restart postfix

    systemctl restart postfix
    

    Method 2

    postconf -e inet_protocols=ipv4
    systemctl restart postfix
    

    To see the current configuration, run

    [root@server ~]# postconf inet_protocols
    inet_protocols = ipv4
    [root@server ~]# 
    
  • Configure postfix to relay mails using Gmail

    Install postfix

    apt update
    apt install postfix libsasl2-modules
    

    Create file

    touch /etc/postfix/sasl_passwd
    chmod 600 /etc/postfix/sasl_passwd
    vi /etc/postfix/sasl_passwd
    

    Add

    [smtp.gmail.com]:587    [email protected]:password
    

    Save and exit editor. Run

    postmap /etc/postfix/sasl_passwd
    

    Edit postfix configuration file

    vi /etc/postfix/main.cf
    

    Find and remove

    relayhost = 
    

    At end of the file, add

    relayhost = [smtp.gmail.com]:587
    smtp_use_tls = yes
    smtp_sasl_auth_enable = yes
    smtp_sasl_security_options =
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
    smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
    

    Restart postfix

    systemctl restart postfix
    

    Now all mails will be forwarded using gmail.

    Test Email Delivery

    Install mailutils

    apt install mailutils
    

    On CentOS

    yum install mailx
    

    To sent test email, run

    echo "test" | mail -s "Testing gmail" [email protected]
    

    Check mail log

    tail -f /var/log/mail.log
    

    See postfix

  • Zimbra Unable to validate certificate chain

    Zimbra Unable to validate certificate chain

    On installing SSL on the Zimbra mail server, i get the following error

    zimbra@zim:~/boby$ /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key  /opt/zimbra/boby/zim_simplecloud_co_za.crt
    ** Verifying '/opt/zimbra/boby/zim_simplecloud_co_za.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'
    Certificate '/opt/zimbra/boby/zim_simplecloud_co_za.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.
    ** Verifying '/opt/zimbra/boby/zim_simplecloud_co_za.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt'
    ERROR: Unable to validate certificate chain: /opt/zimbra/boby/zim_simplecloud_co_za.crt: C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
    error 2 at 2 depth lookup:unable to get issuer certificate
    zimbra@zim:~/boby$ 

    This was due to SSL cert chain. The ca-bundle file they provided did not work with Zimbra. This is due to some issue with the order in which CA Certificate files are placed. Here is Zimba documentation related to this issue

    https://wiki.zimbra.com/wiki/Fix_depth_lookup:unable_to_get_issuer_certificate

    I checked with SSL provider, and they initially provided a combined SSL certificate, that has cert file + ca certificate. I tried to install it, but it did not work.

    After showing SSL support the screenshot of the SSL install page, they provided me with 3 different files.

    zimbra

    In the zimbra SSL install, you have option to add more intermediate CA by clicking “Add Intermediate CA” link.

    The provided files are

    root.ca
    intermediate1.ca-bundle
    intermediate2.ca-bundle

    I tried to install it using UI, but it failed with some errors related to RemoteManager and port 22.

    To install on Command line, first you need to login as user zimbra

    su - zimbra

    I copied all files provided by SSL provider to the server. Change to SSL folder

    cd /opt/zimbra/ssl/zimbra/commercial/

    Edited the file

    vi commercial.crt

    Pasted the SSL certificate content to this file. commercial.key file have the private key, this get auto generated during the CSR generation process.

    Now i tried mixing those 3 files (CA certs) to create commerical_ca.crt, but it failed to work

    zimbra@zim:~/ssl/zimbra/commercial$ cat  ~/boby/root.crt ~/boby/intermediate1.ca-bundle > /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt
    zimbra@zim:~/ssl/zimbra/commercial$ /opt/zimbra/bin/zmcertmgr verifycrt comm commercial.key commercial.crt
    ** Verifying 'commercial.crt' against 'commercial.key'
    Certificate 'commercial.crt' and private key 'commercial.key' match.
    ** Verifying 'commercial.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt'
    ERROR: Unable to validate certificate chain: Error loading file /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt
    140015104063128:error:0906D066:PEM routines:PEM_read_bio:bad end line:pem_lib.c:815:
    140015104063128:error:0B084009:x509 certificate routines:X509_load_cert_crl_file:PEM lib:by_file.c:259:
    zimbra@zim:~/ssl/zimbra/commercial$

    After few try, mixing ca certificate in the following order got it work.

    zimbra@zim:~/ssl/zimbra/commercial$ cat   ~/boby/intermediate1.ca-bundle  ~/boby/intermediate2.ca-bundle ~/boby/root.crt > /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt
    zimbra@zim:~/ssl/zimbra/commercial$ /opt/zimbra/bin/zmcertmgr verifycrt comm commercial.key commercial.crt
    ** Verifying 'commercial.crt' against 'commercial.key'
    Certificate 'commercial.crt' and private key 'commercial.key' match.
    ** Verifying 'commercial.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt'
    Valid certificate chain: commercial.crt: OK
    zimbra@zim:~/ssl/zimbra/commercial$ 

    Now installed SSL with

    zimbra@zim:~/ssl/zimbra/commercial$ /opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt commercial_ca.crt
    ** Fixing newlines in 'commercial_ca.crt'
    ** Verifying 'commercial.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'
    Certificate 'commercial.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.
    ** Verifying 'commercial.crt' against 'commercial_ca.crt'
    Valid certificate chain: commercial.crt: OK
    ** Copying 'commercial.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt'
    'commercial.crt' and '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' are identical (not copied) at /opt/zimbra/bin/zmcertmgr line 1278.
    ** Copying 'commercial_ca.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt'
    'commercial_ca.crt' and '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' are identical (not copied) at /opt/zimbra/bin/zmcertmgr line 1278.
    ** Appending ca chain 'commercial_ca.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt'
    ** Importing cert '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' as 'zcs-user-commercial_ca' into cacerts '/opt/zimbra/common/lib/jvm/java/jre/lib/security/cacerts'
    ** NOTE: restart mailboxd to use the imported certificate.
    ** Saving config key 'zimbraSSLCertificate' via zmprov modifyServer zim.simplecloud.co.za...ok
    ** Saving config key 'zimbraSSLPrivateKey' via zmprov modifyServer zim.simplecloud.co.za...ok
    ** Installing imapd certificate '/opt/zimbra/conf/imapd.crt' and key '/opt/zimbra/conf/imapd.key'
    ** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/imapd.crt'
    ** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/imapd.key'
    ** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12'
    ** Creating keystore '/opt/zimbra/conf/imapd.keystore'
    ** Installing ldap certificate '/opt/zimbra/conf/slapd.crt' and key '/opt/zimbra/conf/slapd.key'
    ** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/slapd.crt'
    ** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/slapd.key'
    ** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12'
    ** Creating keystore '/opt/zimbra/mailboxd/etc/keystore'
    ** Installing mta certificate '/opt/zimbra/conf/smtpd.crt' and key '/opt/zimbra/conf/smtpd.key'
    ** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/smtpd.crt'
    ** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/smtpd.key'
    ** Installing proxy certificate '/opt/zimbra/conf/nginx.crt' and key '/opt/zimbra/conf/nginx.key'
    ** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/nginx.crt'
    ** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/nginx.key'
    ** NOTE: restart services to use the new certificates.
    ** Cleaning up 3 files from '/opt/zimbra/conf/ca'
    ** Removing /opt/zimbra/conf/ca/ca.key
    ** Removing /opt/zimbra/conf/ca/ca.pem
    ** Removing /opt/zimbra/conf/ca/44fca4b1.0
    ** Copying CA to /opt/zimbra/conf/ca
    ** Copying '/opt/zimbra/ssl/zimbra/ca/ca.key' to '/opt/zimbra/conf/ca/ca.key'
    ** Copying '/opt/zimbra/ssl/zimbra/ca/ca.pem' to '/opt/zimbra/conf/ca/ca.pem'
    ** Creating CA hash symlink '44fca4b1.0' -> 'ca.pem'
    ** Creating /opt/zimbra/conf/ca/commercial_ca_1.crt
    ** Creating CA hash symlink '65ff7287.0' -> 'commercial_ca_1.crt'
    ** Creating /opt/zimbra/conf/ca/commercial_ca_2.crt
    ** Creating CA hash symlink 'fc5a8f99.0' -> 'commercial_ca_2.crt'
    ** Creating /opt/zimbra/conf/ca/commercial_ca_3.crt
    ** Creating CA hash symlink '157753a5.0' -> 'commercial_ca_3.crt'
    zimbra@zim:~/ssl/zimbra/commercial$

    Now rebooted the server, and after reboot SSL worked.

  • Postfix Delete Mails from a user

    To delete emails from a particular user from postfix mail queue, run

    postqueue -p | grep USER_HERE | cut -d' '  -f1 | postsuper -d -  
    

    See postfix