Zimbra — различия между версиями

Текущая версия на 10:51, 5 мая 2022

Установка zimbrа в СentOS 7

• Устанавливаем нужные пакеты

yum install perl

• Проверяем правильность hosts файла

vi /etc/hosts

XXX.XXX.XXX.XXX mail.example.com mail

• Скачиваем дистрибутив и md5 файл (Скачать с оффсайта можно здесь https://www.zimbra.com/try/zimbra-collaboration-open-source/)

curl https://files.zimbra.com/downloads/8.8.15_GA/zcs-8.8.15_GA_3869.RHEL7_64.20190918004220.tgz -o zcs-8.8.15_GA_3869.RHEL7_64.20190918004220.tgz 
curl https://files.zimbra.com/downloads/8.8.15_GA/zcs-8.8.15_GA_3869.RHEL7_64.20190918004220.tgz.sha256 -o zcs-8.8.15_GA_3869.RHEL7_64.20190918004220.tgz.sha256

• Проверяем целостность тарбола

sha256sum -c zcs-8.8.15_GA_3869.RHEL7_64.20190918004220.tgz.sha256

• Распаковываем архив

tar xzpf zcs-8.8.15_GA_3869.RHEL7_64.20190918004220.tgz

• Переходим в директорию с дистрибутивом

cd zcs-8.8.15_GA_3869.RHEL7_64.20190918004220

• Запускаем инсталятор (ключ --platform-override разрешает продолжить работу инсталятора вне зависимости какая версия ОС)

./install.sh

• Отвечаем на вопросы

Operations logged to /tmp/install.log.HTSkCGe9
Checking for existing installation...
    zimbra-drive...NOT FOUND
    zimbra-imapd...NOT FOUND
    zimbra-patch...NOT FOUND
    zimbra-mta-patch...NOT FOUND
    zimbra-proxy-patch...NOT FOUND
    zimbra-license-tools...NOT FOUND
    zimbra-license-extension...NOT FOUND
    zimbra-network-store...NOT FOUND
    zimbra-network-modules-ng...NOT FOUND
    zimbra-chat...NOT FOUND
    zimbra-talk...NOT FOUND
    zimbra-ldap...NOT FOUND
    zimbra-logger...NOT FOUND
    zimbra-mta...NOT FOUND
    zimbra-dnscache...NOT FOUND
    zimbra-snmp...NOT FOUND
    zimbra-store...NOT FOUND
    zimbra-apache...NOT FOUND
    zimbra-spell...NOT FOUND
    zimbra-convertd...NOT FOUND
    zimbra-memcached...NOT FOUND
    zimbra-proxy...NOT FOUND
    zimbra-archiving...NOT FOUND
    zimbra-core...NOT FOUND


----------------------------------------------------------------------
PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE SOFTWARE.
SYNACOR, INC. ("SYNACOR") WILL ONLY LICENSE THIS SOFTWARE TO YOU IF YOU
FIRST ACCEPT THE TERMS OF THIS AGREEMENT. BY DOWNLOADING OR INSTALLING
THE SOFTWARE, OR USING THE PRODUCT, YOU ARE CONSENTING TO BE BOUND BY
THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS
AGREEMENT, THEN DO NOT DOWNLOAD, INSTALL OR USE THE PRODUCT. 

License Terms for this Zimbra Collaboration Suite Software:
https://www.zimbra.com/license/zimbra-public-eula-2-6.html
----------------------------------------------------------------------

Do you agree with the terms of the software license agreement? [N] y

Use Zimbra's package repository [Y]  

Importing Zimbra GPG key

Configuring package repository

Checking for installable packages

Found zimbra-core (local)
Found zimbra-ldap (local)
Found zimbra-logger (local)
Found zimbra-mta (local)
Found zimbra-dnscache (local)
Found zimbra-snmp (local)
Found zimbra-store (local)
Found zimbra-apache (local)
Found zimbra-spell (local)
Found zimbra-memcached (repo)
Found zimbra-proxy (local)
Found zimbra-drive (repo)
Found zimbra-imapd (local)
Found zimbra-patch (repo)
Found zimbra-mta-patch (repo)
Found zimbra-proxy-patch (repo)

Select the packages to install

Install zimbra-ldap [Y] 

Install zimbra-logger [Y] 
 
Install zimbra-mta [Y] 

Install zimbra-dnscache [Y] 

Install zimbra-snmp [Y] 

Install zimbra-store [Y] 

Install zimbra-apache [Y] 

Install zimbra-spell [Y] 

Install zimbra-memcached [Y] 

Install zimbra-proxy [Y] 

Install zimbra-drive [Y] 

Install zimbra-imapd (BETA - for evaluation only) [N] 

Install zimbra-chat [Y] 
Checking required space for zimbra-core
Checking space for zimbra-store
Checking required packages for zimbra-store
zimbra-store package check complete.

Installing:

   zimbra-core
   zimbra-ldap
   zimbra-logger
   zimbra-mta
   zimbra-dnscache
   zimbra-snmp
   zimbra-store
   zimbra-apache
   zimbra-spell
   zimbra-memcached
   zimbra-proxy
   zimbra-drive
   zimbra-patch
   zimbra-mta-patch
   zimbra-proxy-patch
   zimbra-chat

The system will be modified. Continue? [N] y

Beginning Installation - see /tmp/install.log.HTSkCGe9 for details...

                         zimbra-core-components will be downloaded and installed.
                           zimbra-timezone-data will be installed.
                         zimbra-common-core-jar will be installed.
                        zimbra-common-mbox-conf will be installed.
                  zimbra-common-mbox-conf-attrs will be installed.
                   zimbra-common-mbox-conf-msgs will be installed.
                 zimbra-common-mbox-conf-rights will be installed.
                          zimbra-common-mbox-db will be installed.
                        zimbra-common-mbox-docs will be installed.
                  zimbra-common-mbox-native-lib will be installed.
                        zimbra-common-core-libs will be installed.
                                    zimbra-core will be installed.
                         zimbra-ldap-components will be downloaded and installed.
                                    zimbra-ldap will be installed.
                                  zimbra-logger will be installed.
                          zimbra-mta-components will be downloaded and installed.
                                     zimbra-mta will be installed.
                     zimbra-dnscache-components will be downloaded and installed.
                                zimbra-dnscache will be installed.
                         zimbra-snmp-components will be downloaded and installed.
                                    zimbra-snmp will be installed.
                        zimbra-store-components will be downloaded and installed.
                      zimbra-jetty-distribution will be downloaded and installed.
                               zimbra-mbox-conf will be installed.
                                zimbra-mbox-war will be installed.
                            zimbra-mbox-service will be installed.
                      zimbra-mbox-webclient-war will be installed.
                  zimbra-mbox-admin-console-war will be installed.
                         zimbra-mbox-store-libs will be installed.
                                   zimbra-store will be installed.
                       zimbra-apache-components will be downloaded and installed.
                                  zimbra-apache will be installed.
                        zimbra-spell-components will be downloaded and installed.
                                   zimbra-spell will be installed.
                               zimbra-memcached will be downloaded and installed.
                        zimbra-proxy-components will be downloaded and installed.
                                   zimbra-proxy will be installed.
                                   zimbra-drive will be downloaded and installed (later).
                                   zimbra-patch will be downloaded and installed (later).
                               zimbra-mta-patch will be downloaded and installed (later).
                             zimbra-proxy-patch will be downloaded and installed (later).
                                    zimbra-chat will be downloaded and installed (later).

Downloading packages (11):

  zimbra-core-components
  zimbra-ldap-components
  zimbra-mta-components
  zimbra-dnscache-components
  zimbra-snmp-components
  zimbra-store-components
  zimbra-jetty-distribution
  zimbra-apache-components
  zimbra-spell-components
  zimbra-memcached
  zimbra-proxy-components
     ...done

Removing /opt/zimbra Removing zimbra crontab entry...done. Cleaning up zimbra init scripts...done. Cleaning up /etc/security/limits.conf...done.

Finished removing Zimbra Collaboration Server.

Installing repo packages (11):

  zimbra-core-components
  zimbra-ldap-components
  zimbra-mta-components
  zimbra-dnscache-components
  zimbra-snmp-components
  zimbra-store-components
  zimbra-jetty-distribution
  zimbra-apache-components
  zimbra-spell-components
  zimbra-memcached
  zimbra-proxy-components
     ...done

Installing local packages (26):

  zimbra-timezone-data
  zimbra-common-core-jar
  zimbra-common-mbox-conf
  zimbra-common-mbox-conf-attrs
  zimbra-common-mbox-conf-msgs
  zimbra-common-mbox-conf-rights
  zimbra-common-mbox-db
  zimbra-common-mbox-docs
  zimbra-common-mbox-native-lib
  zimbra-common-core-libs
  zimbra-core
  zimbra-ldap
  zimbra-logger
  zimbra-mta
  zimbra-dnscache
  zimbra-snmp
  zimbra-mbox-conf
  zimbra-mbox-war
  zimbra-mbox-service
  zimbra-mbox-webclient-war
  zimbra-mbox-admin-console-war
  zimbra-mbox-store-libs
  zimbra-store
  zimbra-apache
  zimbra-spell
  zimbra-proxy
     ...done

Installing extra packages (5):

  zimbra-drive
  zimbra-patch
  zimbra-mta-patch
  zimbra-proxy-patch
  zimbra-chat
     ...done

Running Post Installation Configuration: Operations logged to /tmp/zmsetup.20191008-131819.log Installing LDAP configuration database...done. Setting defaults...

DNS ERROR resolving MX for mail.example.com It is suggested that the domain name have an MX record configured in DNS Change domain name? [Yes] Create domain: [mail.example.com] example.com MX: mail.example.com (77.77.77.77)

Interface: 127.0.0.1 Interface: ::1 Interface: 77.77.77.77 Interface: 2a01:5f8:c4d:9f18::1 done. Checking for port conflicts

Main menu

  1) Common Configuration:                                                  
  2) zimbra-ldap:                             Enabled                       
  3) zimbra-logger:                           Enabled                       
  4) zimbra-mta:                              Enabled                       
  5) zimbra-dnscache:                         Enabled                       
  6) zimbra-snmp:                             Enabled                       
  7) zimbra-store:                            Enabled                       
       +Create Admin User:                    yes                           
       +Admin user to create:                 admin@example.com              

• • • • • • • +Admin Password UNSET

       +Anti-virus quarantine user:           virus-quarantine.4f_4j8tu@example.com
       +Enable automated spam training:       yes                           
       +Spam training user:                   spam.vxfjeyvv@example.com      
       +Non-spam(Ham) training user:          ham.b6zymmmy6k@example.com     
       +SMTP host:                            mail.example.com               
       +Web server HTTP port:                 8080                          
       +Web server HTTPS port:                8443                          
       +Web server mode:                      https                         
       +IMAP server port:                     7143                          
       +IMAP server SSL port:                 7993                          
       +POP server port:                      7110                          
       +POP server SSL port:                  7995                          
       +Use spell check server:               yes                           
       +Spell server URL:                     http://mail.example.com:7780/aspell.php
       +Enable version update checks:         TRUE                          
       +Enable version update notifications:  TRUE                          
       +Version update notification email:    admin@example.com              
       +Version update source email:          admin@example.com              
       +Install mailstore (service webapp):   yes                           
       +Install UI (zimbra,zimbraAdmin webapps): yes                           

  8) zimbra-spell:                            Enabled                       
  9) zimbra-proxy:                            Enabled                       
 10) Default Class of Service Configuration:                                
  s) Save config to file                                                    
  x) Expand menu                                                            
  q) Quit                                    

Address unconfigured (**) items (? - help) 7

Store configuration

  1) Status:                                  Enabled                       
  2) Create Admin User:                       yes                           
  3) Admin user to create:                    admin@example.com              

• • 4) Admin Password UNSET

  5) Anti-virus quarantine user:              virus-quarantine.4f_4j8tu@example.com
  6) Enable automated spam training:          yes                           
  7) Spam training user:                            spam.vxfjeyvv@example.com
  8) Non-spam(Ham) training user:           ham.b6zymmmy6k@example.com      
  9) SMTP host:                               mail.example.com               
 10) Web server HTTP port:                    8080                          
 11) Web server HTTPS port:                   8443                          
 12) Web server mode:                         https                         
 13) IMAP server port:                        7143                          
 14) IMAP server SSL port:                    7993                          
 15) POP server port:                         7110                          
 16) POP server SSL port:                     7995                          
 17) Use spell check server:                  yes                           
 18) Spell server URL:                        http://mail.example.com:7780/aspell.php
 19) Enable version update checks:            TRUE                          
 20) Enable version update notifications:     TRUE                          
 21) Version update notification email:       admin@example.com              
 22) Version update source email:             admin@example.com              
 23) Install mailstore (service webapp):      yes                           
 24) Install UI (zimbra,zimbraAdmin webapps): yes                           

Select, or 'r' for previous menu [r] 4

Password for admin@examle.com (min 6 characters): [dx6Gd59Y]

Store configuration

  1) Status:                                  Enabled                       
  2) Create Admin User:                       yes                           
  3) Admin user to create:                    admin@example.com              
  4) Admin Password                           set                           
  5) Anti-virus quarantine user:              virus-quarantine.4f_4j8tu@example.com
  6) Enable automated spam training:          yes                           
  7) Spam training user:                      spam.vxfjeyvv@example.com      
  8) Non-spam(Ham) training user:             ham.b6zymmmy6k@example.com     
  9) SMTP host:                               mail.example.com               
 10) Web server HTTP port:                    8080                          
 11) Web server HTTPS port:                   8443                          
 12) Web server mode:                         https                         
 13) IMAP server port:                        7143                          
 14) IMAP server SSL port:                    7993                          
 15) POP server port:                         7110                          
 16) POP server SSL port:                     7995                          
 17) Use spell check server:                  yes                           
 18) Spell server URL:                        http://mail.example.com:7780/aspell.php
 19) Enable version update checks:            TRUE                          
 20) Enable version update notifications:     TRUE                          
 21) Version update notification email:       admin@example.com              
 22) Version update source email:             admin@example.com              
 23) Install mailstore (service webapp):      yes                           
 24) Install UI (zimbra,zimbraAdmin webapps): yes                           

Select, or 'r' for previous menu [r] r

Main menu

  1) Common Configuration:                                                  
  2) zimbra-ldap:                             Enabled                       
  3) zimbra-logger:                           Enabled                       
  4) zimbra-mta:                              Enabled                       
  5) zimbra-dnscache:                         Enabled                       
  6) zimbra-snmp:                             Enabled                       
  7) zimbra-store:                            Enabled                       
  8) zimbra-spell:                            Enabled                       
  9) zimbra-proxy:                            Enabled                       
 10) Default Class of Service Configuration:                                
  s) Save config to file                                                    
  x) Expand menu                                                            
  q) Quit                                    

• • • CONFIGURATION COMPLETE - press 'a' to apply

Select from menu, or press 'a' to apply config (? - help) a Save configuration data to a file? [Yes] Save config in file: [/opt/zimbra/config.8121] Saving config in /opt/zimbra/config.8121...done. The system will be modified - continue? [No] y Operations logged to /tmp/zmsetup.20191008-131819.log Setting local config values...done. Initializing core config...Setting up CA...done. Deploying CA to /opt/zimbra/conf/ca ...done. Creating SSL zimbra-store certificate...done. Creating new zimbra-ldap SSL certificate...done. Creating new zimbra-mta SSL certificate...done. Creating new zimbra-proxy SSL certificate...done. Installing mailboxd SSL certificates...done. Installing MTA SSL certificates...done. Installing LDAP SSL certificate...done. Installing Proxy SSL certificate...done. Initializing ldap...done. Setting replication password...done. Setting Postfix password...done. Setting amavis password...done. Setting nginx password...done. Setting BES searcher password...done. Creating server entry for mail.example.com...done. Setting Zimbra IP Mode...done. Saving CA in ldap...done. Saving SSL Certificate in ldap...done. Setting spell check URL...done. Setting service ports on mail.example.com...done. Setting zimbraFeatureTasksEnabled=TRUE...done. Setting zimbraFeatureBriefcasesEnabled=TRUE...done. Checking current setting of zimbraReverseProxyAvailableLookupTargets Querying LDAP for other mailstores Searching LDAP for reverseProxyLookupTargets...done. Adding mail.example.com to zimbraReverseProxyAvailableLookupTargets Setting Master DNS IP address(es)...done. Setting DNS cache tcp lookup preference...done. Setting DNS cache udp lookup preference...done. Setting DNS tcp upstream preference...done. Updating zimbraLDAPSchemaVersion to version '1557224584' Setting TimeZone Preference...done. Disabling strict server name enforcement on mail.example.com...done. Initializing mta config...done. Setting services on mail.example.com...done. Adding mail.example.com to zimbraMailHostPool in default COS...done. Creating domain example.com...done. Setting default domain name...done. Creating domain example.com...already exists. Creating admin account admin@example.com...done. Creating root alias...done. Creating postmaster alias...done. Creating user spam.vxfjeyvv@example.com...done. Creating user ham.b6zymmmy6k@example.com...done. Creating user virus-quarantine.4f_4j8tu@example.com...done. Setting spam training and Anti-virus quarantine accounts...done. Initializing store sql database...done. Setting zimbraSmtpHostname for mail.example.com...done. Configuring SNMP...done. Setting up syslog.conf...done. Starting servers...done. Installing common zimlets... com_zimbra_viewmail...done. com_zextras_drive_open...done. com_zimbra_attachmail...done. com_zimbra_url...done. com_zimbra_srchhighlighter...done. com_zimbra_mailarchive...done. com_zimbra_cert_manager...done. com_zimbra_ymemoticons...done. com_zimbra_clientuploader...done. com_zimbra_attachcontacts...done. com_zimbra_webex...done. com_zimbra_bulkprovision...done. com_zimbra_tooltip...done. com_zimbra_email...done. com_zimbra_adminversioncheck...done. com_zextras_chat_open...done. com_zimbra_date...done. com_zimbra_proxy_config...done. com_zimbra_phone...done. Finished installing common zimlets. Restarting mailboxd...done. Creating galsync account for default domain...done.

You have the option of notifying Zimbra of your installation. This helps us to track the uptake of the Zimbra Collaboration Server. The only information that will be transmitted is: The VERSION of zcs installed (8.8.15_GA_3869_RHEL7_64) The ADMIN EMAIL ADDRESS created (admin@example.com)

Notify Zimbra of your installation? [Yes] no Notification skipped Checking if the NG started running...done. Setting up zimbra crontab...done.

Moving /tmp/zmsetup.20191008-131819.log to /opt/zimbra/log


Configuration complete - press return to exit 

enter

Базовые настройки

• http редирект на https

zmprov ms mail.example.com zimbraReverseProxyMailMode redirect

Настройка DKIM

• Входим под пользователем zimbra

su zimbra

• Генерируем ключ и srv запись

/opt/zimbra/libexec/zmdkimkeyutil -a -d example.com

• Добавляем SRV запись
• Проверяем корректность настроек

/opt/zimbra/common/sbin/opendkim-testkey -d example.com  -s 95688A9C-EA6E-11E9-BFB8-FED05B498264 -x /opt/zimbra/conf/opendkim.conf

• Активируем OpenDKIM и запускаем демона

zmprov ms `zmhostname` +zimbraServiceEnabled opendkim
./libexec/configrewrite opendkim

• В случае если требуется генерировать новый ключ используем след команду

/opt/zimbra/libexec/zmdkimkeyutil -u -d example.com

Настройка Let's Encrypt

• Устанавливаем пакеты

yum install epel-release 
yum install certbot git

• Устанавливаем скрипты letsencrypt-zimbra для автоматической установки и обновления сертификатов

git clone https://github.com/VojtechMyslivec/letsencrypt-zimbra.git /opt/letsencrypt-zimbra
cp /opt/letsencrypt-zimbra/configs/sudoers.conf /etc/sudoers.d/zimbra_certbot
cp /opt/letsencrypt-zimbra/configs/cron.conf /etc/cron.d/letsencrypt-zimbra

• Настраиваем letsencrypt-zimbra

cp /opt/letsencrypt-zimbra/letsencrypt-zimbra.cfg.example /opt/letsencrypt-zimbra/letsencrypt-zimbra.cfg
vi /opt/letsencrypt-zimbra/letsencrypt-zimbra.cfg

email="admin@examle.com"
common_names=( "mail.xamle.com" )

• Устанавливаем сертрификат

sudo -Hiu zimbra /opt/letsencrypt-zimbra/obtain-and-deploy-letsencrypt-cert.sh -v

Настройка фаервола

• Устанавливаем firewalld

yum install firewalld

• Делаем автостарт и запускаем службу

systemctl enable firewalld
systemctl start firewalld

• Добавляем правила для публичных портов

firewall-cmd --zone=public --add-service=http --permanent
firewall-cmd --zone=public --add-service=https --permanent
firewall-cmd --zone=public --add-service=smtp --permanent
firewall-cmd --zone=public --add-service=smtps --permanent
firewall-cmd --zone=public --add-service=imap --permanent
firewall-cmd --zone=public --add-service=imaps --permanent
firewall-cmd --zone=public --add-service=pop3 --permanent
firewall-cmd --zone=public --add-service=pop3s --permanent
firewall-cmd --zone=public --add-port=8443/tcp --permanent

• Дбоавляем правила для админских служб (ldap и админка)

firewall-cmd --permanent --new-zone=admin
firewall-cmd --permanent --zone="admin" --add-source="xx.xx.xx.xx"
firewall-cmd --zone=work --add-service=ldap --permanent
firewall-cmd --zone=work --add-port=7071/tcp --permanent

• Применяем настройки

systemctl reload firewalld

Полезные команды

• сброс пароля админа

su zimbra
zmprov sp <admin email address> <new password>

• разблокировка учётной записи

su zimbra
zmprov ma accountname@domain.com zimbraAccountStatus active

Полезные ссылки

• https://github.com/jsilence/zmbkpose
• https://github.com/Fitblip/Zimbra-PGP
• https://github.com/tubezleb/ADZimbraAccountSync
• http://sourceforge.net/projects/zimbrabackend/?source=directory
• http://sourceforge.net/projects/zimbratoaster/files/Windows/

Синхронизация мобильных устройств (activesync)

Установка ПО (Z-push (http://z-push.org/download/) и плагина zimbra (http://sourceforge.net/projects/zimbrabackend/))

• Скачиваем z-push и zimbrabackend

wget http://download.z-push.org/final/2.1/z-push-2.1.2-1873.tar.gz
wget http://netcologne.dl.sourceforge.net/project/zimbrabackend/Release60/zimbra60.tgz

• Распаковываем в корень веб сервера (исправить)

tar xzpf  z-push-2.1.2-1873.tar.gz
mkdir ./backend/zimbra
cd ./backend/zimbra
tar xzpf zimbra60.tgz

• Создаем каталоги для логов и данных

mkdir /var/log/z-push
chown www-data:www-data /var/log/z-push
mkdir /var/lib/z-push
chown www-data:www-data /var/lib/z-push

Настройка z-push

• Настраиваем апач

<VirtualHost *:80>
	ServerAdmin admin@test.com
	ServerName async.test.com
	
       # Indexes + Directory Root.
       DirectoryIndex index.php
 	DocumentRoot /var/www/
        Alias /Microsoft-Server-ActiveSync /var/wwww/index.php

        <Directory />
                 AllowOverride All
         </Directory>
 
 	php_flag magic_quotes_gpc off
 	php_flag register_globals off
 	php_flag magic_quotes_runtime off
 	php_flag short_open_tag on
</VirtualHost>

• Включаем плагин zimbr'ы

nano ./config.php

Строку

define('BACKEND_PROVIDER', );

заменяем на

define('BACKEND_PROVIDER', "BackendZimbra");

• Прописываем наш сервер Zimbra:

nano backend/zimbra/config.php

define('ZIMBRA_URL', 'https://zimbra.test.com');