Zimbra Mail Server CentOS firewall settings

On CentOS 7 server with firewalld running, used following command to open ports used by Zimbra Mail Server.

See Zimbra, firewall-cmd

Zimbra redirect webmail http to https

After Zimbra mail server installed, webmail work on url

https://SERVER-HOSTNAME-HERE/

If you access webmail with out HTTPS, it won’t work.

To set HTTP to redirect to HTTPS, login to server as root, switch to user zimbra

Run

Wait few minutes, HTTP link will redirect to HTTPS.

You need to wait few minutes before it can start working on HTTPS port, no restart required.

Now netstat shows nginx runs on port 80

See Zimbra

Zimbra SSL install

Install SSL Certificate on Zimbra mail server

To install SSL certificate for Zimbra Mail Server, login to server, switch to user zimbra

Now create file commercial.key, paste your Private key.

In commercial.crt, paste your SSL certificate.

Create commercial_ca.crt with content of your ca-bundle file.

Verify SSL cerificate

Zimbra SSL

If SSL verified sucessfully, you can install it with command

Zimbra SSL install

To make SSL active, you need to restart Zimbra mail server with command

zimbra

Zimbra Unable to validate certificate chain

On installing SSL on Zimbra mail server, i get following error

This was due to SSL cert chain. The ca-bundle file they provided did not work with Zimbra. This is due to some issue with the order in witch CA Certificate files are placed. Here is zimba documentaion related to this issue

https://wiki.zimbra.com/wiki/Fix_depth_lookup:unable_to_get_issuer_certificate

I checked with SSL provider, they initially provided a combined SSL certificate, that have cert file + ca certificate. I tried to install it, but it did not work.

After showing SSL support the screenshot of the SSL install page, they provided me with 3 differnt files.

zimbra

In the zimbra SSL install, you have option to add more intermediate CA by clicking “Add Intermediate CA” link.

The provided files are

I tried to install it using UI, but it failed with some error related to RemoteManager and port 22.

To install on Command line, first you need to login as user zimbra

I copied all files provided by SSL provider to the server. Change to SSL folder

Edited the file

Pasted the SSL certificate content to this file. commercial.key file have the private key, this get auto generated during the CSR generation process.

Now i tried mixing those 3 files (CA certs) to create commerical_ca.crt, but it failed to work

After few try, mixing ca certificate in following order got it work.

Now installed SSL with

Now rebooted the server, after reboot SSL worked.

zimbra-mail-server

Install Open Source Zimbra Mail Server

To install Zimbra, Download latest version form

https://www.zimbra.org/download/zimbra-collaboration

At the time of this post, latest version is 8.8.8 GA Release.

System Requirments

Zimbra recommends 8 GB of RAM. For detailed system requirements, see Zimbra System Requirements

I have installed on servers with 4 GB RAM with out any problem. If you are installing on server with 4 GB RAM, make sure you add swap in cause you run out of RAM.

Set Hostname

Zimbra need you set set proper hostname for your server. First add an A record for your host name and point it to your server IP.

Now edit /etc/hosts and add an entry like

Where mail.yourdomain.com is your FQDN.

Set MX Record

During installation Zimbra check for MX record, so make sure you set MX record for your domain, point it to the server where you install Zimbra.

Install Zimbra

To install Zimbra, run

It will ask some questions. Most questions, you can just press enter as that is default option (Y).

Once install is done, you will be asked to set admin password.

After install is done, you will be able to login to Zimbra Admin area at

Web mail available at

Zimbra

zmcontrol CLI for Zimbra Mail Server

zmcontrol is CLI tool for managing Zimbra Mail Server.

To use, zmcontrol, you need to become user zimbra.

To stop zimbraAdmin, run

Example

Zimbra

Zimbra

Reset Zimbra Administrator Password
zmcontrol CLI for Zimbra Mail Server
Zimbra Generate DKIM Key
Install Open Source Zimbra Mail Server
Zimbra Unable to validate certificate chain
Install SSL Certificate on Zimbra mail server
Zimbra redirect webmail http to https
Zimbra Mail Server CentOS firewall settings

Login to Zimbra Admin at

https://YOUR_SERVER_IP:7071/zimbraAdmin/

Login to webmail at

https://YOUR_SERVER_IP/

Installation Tips

1) Make sure no postfix pre installed.

2) Set SELinux off

3) Make sure you can ping to hostname, also MX record set for hostname

4) Turn firewall off during installation or open required ports.

Re Run configuration

Start Zimbra Server