Zimbra, by far the best mail solution out there, making use of postfix, clamav, openldap, amavis,nginx,memcacheed and more defacto standard open source solutions to deliver an enterprise class email solution.
Deploying this to Ubuntu 14 is quite straight forward, but most of the guides out there seem to be incomplete, so here is mine.
Zimbra is a bit resource hungry since it relies on Java, so deploy a VM with 6GB mem (4 works too) and 4 cores. We use a standard 16GB OS partition and move our mailstore to an Nexenta/NFS store at later stage.
1st things first, fetch and untar the binary from zimbra.com, the site is rather slow so it takes some time. The version is 8.6.0/1153 at the time of writing.
wget https://files.zimbra.com/downloads/8.6.0_GA/zcs-8.6.0_GA_1153.UBUNTU14_64.20141215151116.tgz tar -zxvf zcs*
Now, edit your hosts file and hostname to have the correct referrals
127.0.0.1 localhost 192.168.1.15 cinhk1mail01.legal-it.net cinhk1mail01 mail
Now install the pre-requisites, for us on a image in our cloud we need to add
apt-get install libaio1 pax sysstat unzip libgmp10
Next run the ./install.sh and select the components you want. I don’t use DNS Cache since our Internal DNS is rigid and we have MX records for our domains set up correctly, if you do not have this sorted, use dnsmasq as described here: https://www.maketecheasier.com/install-zimbra-ubuntu-server/
Install zimbra-ldap [Y] Install zimbra-logger [Y] Install zimbra-mta [Y] Install zimbra-dnscache [Y] N Install zimbra-snmp [Y] Install zimbra-store [Y] Install zimbra-apache [Y] Install zimbra-spell [Y] Install zimbra-memcached [Y] Install zimbra-proxy [Y] N
After installing the packages, this can take some time, Zimbra will complain about the domain name, change the domain from the FQDN to the actual domain-name
DNS ERROR resolving MX for cinhk1mail01.legal-it.net It is suggested that the domain name have an MX record configured in DNS Change domain name? [Yes] Create domain: [cinhk1mail01.legal-it.net] legal-it.net MX: cinhk1mx01.legal-it.net (192.168.1.15)
Now walk through the setup menu and set the passwords for the Admin user (in the zimbra-store submenu) I personally change all LDAP passwords to something we have recorded in our security database to make addition of servers and separation of roles at a later stage easier. Don’t forget to set the timezone in the common configuration as well. We also enable the option “Configure for use with web proxy: ” since in our house, access to webmail is done through an NGINX reverse proxy.
Now check your installation by running zmcontrol status as the zimbra user:
su - zimbra -c "zmcontrol status"
All should be running and happy at this moment, so it is time for a reboot and see if all comes back after.
Now log in to your zimbra server admin console using your favorite browser (https://cinhk1mail01.legal-it.net:7071) mind it’s an HTTPS. If your server shows all red in the server status (in contradiction to what zmcontrol status had told you before) you might have some RSYSLOG issues. In this case, just create a syslog file (/etc/syslog) with the content:
# Zimbra logs local0.* -/var/log/zimbra.log local1.* -/var/log/zimbra-stats.log auth.* -/var/log/zimbra.log mail.* -/var/log/zimbra.log
and reconfigure zimbra syslog for good measure with /opt/zimbra/libexec/zmsyslogsetup
And restart Zimbra (or reboot) (service zimbra restart), all should be green and happy after.
Now Zimbra can read the correct log files and determine the status of the services.
Next up is the install ZeXtras, an absolutely brilliant add in for Zimbra to enable ZCS to work well with mobile connections, do some easy backups, and most important easily move your data-stores around. We use it on all our production servers and it is certainly worth the few dollars they ask for it, if you need some quote or help with ZeXtras, drop us a line at email@example.com
To install, first wget and untar the add-in.
wget http://www.zextras.com/download/zextras_suite-latest.tgz tar -zxvf zextras_suite-latest.tgz cd zextras_suite-2.0.3 ./install.sh all
2.0.3 is the version at hand to date, follow the install questions and after the install navigate back to the admin console, reload the page to see if the plug in is installed.
Now we have a Nexenta back end storage for NFS and ISCSI, so we use this as our data-store. We created a mount point /mailstore in which we created a folder called store01. we changed the owership to zimbra on this folder (chown zimbra:zimbra /mailstore/store01). Now navigate to the zxPowerstore section of ZexTras and add a new volume pointing to the NFS mount. We don’t need compression as the Nexenta server will take care of that for us.
It’s now time to add our wildcard certificate. If you don’t have one, just go through the setup wizard and create a self signed one or create a request for an issuer and skip this step. But in our case we have our own trusted CA from where we spawn certificates. So if you have the same, do the following:
go to the folder /opt/zimbra/ssl/zimbra/commercial, copy your CA certificate as commercial_ca.crt, your wildcard certificate as commercial.crt and the key as commercial.key. Now verify if all computes with
/opt/zimbra/openssl/bin/openssl verify -CAfile commercial_ca.crt commercial.crt
and if all is good, commit the certificates with
/opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.crt /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt
Now reload your admin page and check if your certificate is used
Now domains (and users) can be added to the server, for external ldap authentication, check this post: http://tonylixu.blogspot.com/2014/06/zimbra-807ga-how-to-configure-external.html