For my point of view – there’s no doubt Zimbra Opensource Mailserver – is one of the best product in in the OpenSource Groupware.
Quite Stabil, quick and reliable as a mailserver solution, with the full experience of an Exchange Server. Allthough there still many tweaks, configuration etc – before youre having a fully proved Mailserver. I’ll try to describe the most important scenarios with the Zimbra Server
Prequirements:
- * a Running installation of Ubuntu 16.04LTS (In this case)
- * an already created MX-record for a valid domain.
Download:
Press on the download link at zimbra.com and fill out the contact information needed for being able to download the server – I normally download zimbra directly to the server.
$ wget http-DOWNLOADLINK $ tar -xvzf zcs-XXXXXXXXX-gz $ cd zcs-XXXXXXXXXX $ ./install.sh |
This will start your installation of your Zimbra Server, and will ask you a lot of questions during this install process – such as
-
- * domain name
- * admin user and password
- * creation of ham/spam/virus accounts
Afterwards this installationprocess is done – you’re now getting access to the webinterface for configuration of the Zimbra Server – go https://IP.of.the.zimbra:7071 – login with the admin user credentials created during the install process – the best way is through either Firefox/Chrome browser.
Securing your SMTP setup with spf and openDKIM:
Today there’s a lot of spammers would love if you’re having an openrelay on your mailserver – but mostly they setin your emailaddress as sender(and therefore also reply-to) and then you’re marked as a spammer in the long run – but there many ways to protect you against this.
- SPF ( Sender Policy Framwork )
- OpenDKIM keys ( Website )
Secure your mailserver with letsencrypt certificate:
Using Lets Encrypt certificates for your emailserver is quite nice actually – since this will validate and make your emailserver a bit more protected – since every traffic between Server and client er encrypted with SSL and there not are plain text etc. Only problem with using these certificates are they are only valid for 3 months. So the smart way is making this renewal process automaticly so you don’t need to handle this each 3 months.
I dicovered that the best way was using a script created by Lorenzo Miles – located here
$ cd /root $ git clone https://github.com/YetOpen/certbot-zimbra.git $ cd certbot_zimbra.sh $ cp certbot_zimbra.sh /usr/local/bin/ ### Run the scrip for initial setup $ certbot_zimbra.sh -p -j <– patching nginx $ certbot_zimbra.sh -n -j <– create new request. |
And thats created the initial setup, request a certificate – insert into zimbra and deploy the certificate for usage in zimbra.
And the automaticly renew process can be run like this:
$ crontab -e ## Add to the bottom
|
And this will check and verify the certificate – and allso renew it – if it op for renewal. Now all your Clients – Iphone/outlook etc are looking and accepting the certificate for your emailserver.
Redirect http to https for valid SSL certificate:
To secure the server the best way – forcing the use of https certificate from Lets Encrypts, which ensuring the user that is a validated and clean website. To make this work – use this
su zimbra ./libexec/zmproxyconfig -e -w -o -a 8080:80:8443:443 -x both -H `zmhostname` # if your proxy is local: zmprov ms `zmhostname` zimbraReverseProxyMailMode redirect # if your proxy is proxy.server.name zmprov ms proxy.server.name zimbraReverseProxyMailMode redirect zmcontrol restart |