For my point of view – there’s no doubt Zimbra Opensource Mailserver – is one of the best product in in the OpenSource Groupware.
Quite Stabil, quick and reliable as a mailserver solution, with the full experience of an Exchange Server. Allthough there still many tweaks, configuration etc – before youre having a fully proved Mailserver. I’ll try to describe the most important scenarios with the Zimbra Server
- * a Running installation of Ubuntu 16.04LTS (In this case)
- * an already created MX-record for a valid domain.
Press on the download link at zimbra.com and fill out the contact information needed for being able to download the server – I normally download zimbra directly to the server.
|$ wget http-DOWNLOADLINK
$ tar -xvzf zcs-XXXXXXXXX-gz
$ cd zcs-XXXXXXXXXX
This will start your installation of your Zimbra Server, and will ask you a lot of questions during this install process – such as
- * domain name
- * admin user and password
- * creation of ham/spam/virus accounts
Afterwards this installationprocess is done – you’re now getting access to the webinterface for configuration of the Zimbra Server – go https://IP.of.the.zimbra:7071 – login with the admin user credentials created during the install process – the best way is through either Firefox/Chrome browser.
Securing your SMTP setup with spf and openDKIM:
Today there’s a lot of spammers would love if you’re having an openrelay on your mailserver – but mostly they setin your emailaddress as sender(and therefore also reply-to) and then you’re marked as a spammer in the long run – but there many ways to protect you against this.
Secure your mailserver with letsencrypt certificate:
Using Lets Encrypt certificates for your emailserver is quite nice actually – since this will validate and make your emailserver a bit more protected – since every traffic between Server and client er encrypted with SSL and there not are plain text etc. Only problem with using these certificates are they are only valid for 3 months. So the smart way is making this renewal process automaticly so you don’t need to handle this each 3 months.
I dicovered that the best way was using a script created by Lorenzo Miles – located here
|$ cd /root
$ git clone https://github.com/YetOpen/certbot-zimbra.git
$ cd certbot_zimbra.sh
$ cp certbot_zimbra.sh /usr/local/bin/
### Run the scrip for initial setup
$ certbot_zimbra.sh -p -j <– patching nginx
$ certbot_zimbra.sh -n -j <– create new request.
And thats created the initial setup, request a certificate – insert into zimbra and deploy the certificate for usage in zimbra.
And the automaticly renew process can be run like this:
|$ crontab -e
## Add to the bottom
And this will check and verify the certificate – and allso renew it – if it op for renewal. Now all your Clients – Iphone/outlook etc are looking and accepting the certificate for your emailserver.
Redirect http to https for valid SSL certificate:
To secure the server the best way – forcing the use of https certificate from Lets Encrypts, which ensuring the user that is a validated and clean website. To make this work – use this