Zimbra Mailserver

For my point of view – there’s no doubt Zimbra Opensource Mailserver – is one of the best product in in the OpenSource Groupware.
Quite Stabil, quick and reliable as a mailserver solution, with the full experience of an Exchange Server. Allthough there still many tweaks, configuration etc – before youre having a fully proved Mailserver.  I’ll try to describe the most important scenarios with the Zimbra Server


  • * a Running installation of Ubuntu 16.04LTS (In this case)
  • * an already created MX-record for a valid domain.


Press on the download link at zimbra.com and fill out the contact information needed for being able to download the server – I normally download zimbra directly to the server.

$ wget http-DOWNLOADLINK
$ tar -xvzf zcs-XXXXXXXXX-gz
$ ./install.sh

This will start your installation of your Zimbra Server, and will ask you a lot of questions during this install process – such as

    • * domain name
  • * admin user and password
  • * creation of ham/spam/virus accounts

Afterwards this installationprocess is done – you’re now getting access to the webinterface for configuration of the Zimbra Server – go https://IP.of.the.zimbra:7071 – login with the admin user credentials created during the install process – the best way is through either Firefox/Chrome browser.

Securing your SMTP setup with spf and openDKIM:

Today there’s a lot of spammers would love if you’re having an openrelay on your mailserver – but mostly they setin your emailaddress as sender(and therefore also reply-to) and then you’re marked as a spammer in the long run – but there many ways to protect you against this.

Secure your mailserver with letsencrypt certificate:

Using Lets Encrypt certificates for your emailserver is quite nice actually – since this will validate and make your emailserver a bit more protected – since every traffic between Server and client er encrypted with SSL and there not are plain text etc. Only problem with using these certificates are they are only valid for 3 months. So the smart way is making this renewal process automaticly so you don’t need to handle this each 3 months.

I dicovered that the best way was using a script created by Lorenzo Miles – located here

$ cd /root
$ git clone https://github.com/YetOpen/certbot-zimbra.git
$ cd certbot_zimbra.sh
$ cp certbot_zimbra.sh /usr/local/bin/
### Run the scrip for initial setup
$ certbot_zimbra.sh -p -j  <– patching nginx
$ certbot_zimbra.sh -n -j  <– create new request.

And thats created the initial setup, request a certificate – insert into zimbra and deploy the certificate for usage in zimbra.
And the automaticly renew process can be run like this:

$ crontab -e
## Add to the bottom

55 4 * * * root /usr/bin/certbot renew --post-hook "/usr/local/src/certbot-zimbra/certbot_zimbra.sh -r -d $(zmhostname)"

And this will check and verify the certificate – and allso renew it – if it op for renewal.  Now all your Clients – Iphone/outlook etc are looking and accepting the certificate for your emailserver.





Redirect http to https for valid SSL certificate:

To secure the server the best way – forcing the use of https certificate from Lets Encrypts, which ensuring the user that is a validated and clean website. To make this work – use this

su zimbra
./libexec/zmproxyconfig -e -w -o -a 8080:80:8443:443 -x both  -H `zmhostname`
# if your proxy is local:
zmprov ms `zmhostname` zimbraReverseProxyMailMode redirect
# if your proxy is proxy.server.name
zmprov ms proxy.server.name zimbraReverseProxyMailMode redirect
zmcontrol restart