How To Install Zimbra 8.6 on Linux CentOS 7.0

Share on LinkedIn

This post will walk you through the steps of installing Zimbra 8.6 on CentOS 7.0 and the instructions should work the same for RHEL 7.

There were some CentOS services that were deprecated in 7.0. Two particular that I was comfortable with. Iptables and Ifconfig.

Instructions for installing the iptables feature on CentOS 7.0 can be found here.
Instructions for installing the ifconfig feature on CentOS 7.0 can be found here.

 

Configure DNS Entries on your local DNS server
Setup DNS A Record
Ensure you have a Reverse lookup zone
Setup MX Record

Configure Host Settings
Login as root user
su root

Install pre-requisites
yum install wget make nc sudo sysstat libtool-ltdl glibc perl-core ntp unzip libaio

Set hostname
hostname mail.yourdomain.com

Edit hostname file
nano /etc/hostname
mail.yourdomain.com

Add Hosts Entries
nano /etc/hosts

By default, this is what’s present:
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

Comment out (required for disabling ipv6)
#::1               localhost localhost.localdomain localhost6 localhost6.localdomain6

Add the following:
<server IP>   mail.yourdomain.com MAIL
<local DNS IP> mail.yourdomain.com

Press “Ctl+X” to exit
Select “Y” to save changes
Press “Enter” to get back to CL

 

Disable other services and firewall
service postfix stop
chkconfig postfix off
service ip6tables stop
chkconfig ip6tables off

 

Disable SELINUX
Enter this at command line:
setenforce 0

Update selinux config file
nano /etc/selinux/config
selinux=permissive

Press “Ctl+X” to exit
Select “Y” to save changes
Press “Enter” to get back to CL

 

Completely disable the ipv6 module
To completely disable IPv6 in your system, all you have to do is save the following line in a file inside/etc/modprobe.d/.
cd /etc/modprobe.d/
nano disable-ipv6

Add this to the new file:
ipv6 /bin/true

Press “Ctl+X” to exit
Select “Y” to save changes
Press “Enter” to get back to CL

 

Configure iptables to allow email server traffic
nano /etc/sysconfig/iptables

Add the following

-A INPUT -m state –state NEW -m tcp -p tcp –dport 25 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 110 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 143 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 443 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 389 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 465 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 993 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 995 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 7071 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 7025 -j ACCEPT

Press “Ctl+X” to exit
Select “Y” to save changes
Press “Enter” to get back to CL

 

Download Zimbra Installation
Latest Version 8.6.0 GA Release
http://www.zimbra.com/downloads/zimbra-collaboration-open-source

 

Move Zimbra Download File To New VM
I downloaded the package to my local Windows workstation. From a Windows machine, an additional tool is required.  There are a few options but I downloaded and used WinSCP v 5.5.2. It works.

Copy downloaded Zimbra .tgz file (in this case zcs-8.6.0_GA_1153.RHEL7_64.20141215151110.tgz) from local workstation to /tmp/ directory on new VM. Simple click, drag and drop copies the file.

 

Decompress and Install Zimbra
From the CL, decompress the file by running the following command:
tar xzf zcs-8.6.0_GA_1153.RHEL7_64.20141215151110.tgz

 

Navigate to the newly created/renamed directory:
cd zcs-8.6.0_GA_1153.RHEL7_64.20141215151110

su root
./install.sh

To uninstall (which you will need to do if you run into issues with the installation)
./install.sh -u

 

Change admin password to a more complex password  (this is the admin console login)
“r” to return to previous screen
“a” to apply the changes
Yes to save config to file
Enter to save to default config file
Yes to modify system

Save config in file: [/opt/zimbra/config.23168]
Moving /tmp/zmsetup01072015-114839.log to /opt/zimbra/log

When complete, change user to zimbra
su – zimbra

Check status of Zimbra
zmcontrol status

 

Verify Mail Server is Operational
Open a browser and navigate to https://mail.yourdomain.com (webmail console)

Login using admin and password

 

Open a browser and navigate to https://mail.yourdomain.com:7071 (admin console)
Login using admin and password

 

Once logged into your admin panel, continue configuration
Configure->Global Settings->MTA

Add hostname of your server (in this case, mail)

Added New Domain yourdomain.com

Setup admin@yourdomain.com with Global Admin rights

Deleted domain created at setup mail.yourdomain.com

Create user accounts

Create distribution lists

Create aliases

 

Production

To put this server into production, you will need to:
1. Contact your ISP and request a PTR record or reverse DNS.
2. Acquire a certificate from a trusted source.
3. Setup an MX record with your domain registrar

 

Customizations
Rebranding is limited with the OSS license. Ensure your read and understand the licensing agreement.

Favicon Locations
/opt/zimbra/jetty-distribution-9.1.5.v20140505/webapps/zimbraAdmin/img/logo/favicon.ico
/opt/zimbra/jetty-distribution-9.1.5.v20140505/webapps/zimbra/img/logo/favicon.ico

 

Changing the Page Title

As zimbra user (su – zimbra):
vi /opt/zimbra/jetty/webapps/zimbra/WEB-INF/classes/messages/ZmMsg.properties
[change value for zimbraTitle = <new value>]
vi /opt/zimbra/jetty/webapps/zimbra/WEB-INF/classes/messages/ZhMsg.properties
[change value for zimbraTitle = <new value>]

The first is for the advanced client and the second is for the basic client.
You will need to restart jetty and clear your browser cache/restart browser to see change take effect

As zimbra user,
zmmailboxdctl restart

 

You will most likely run into some issues depending on your environment so good luck!

CentOS 7

iptables on Centos 7

With RHEL 7 / CentOS 7, firewalld  was introduced to manage iptables. IMHO, firewalld is more suited for workstations than for server environments.

It is possible to go back to a more classic iptables setup. First, stop and mask the firewalld service:

systemctl stop firewalld
systemctl mask firewalld

Then, install the iptables-services package:

yum install iptables-services

Enable the service at boot-time:

systemctl enable iptables

Managing the service

systemctl [stop|start|restart] iptables

Saving your firewall rules can be done as follows:

service iptables save

or

/usr/libexec/iptables/iptables.init save

Open LDAP Server TCP Ports on Linux 6.5

What ports should be open in iptables to allow LDAP traffic on your linux server?

Ports 389 and 636

There are a couple ways of doing this.

1. Install nano

yum install nano

2. Edit iptables

nano /etc/sysconfig/iptables

3. These rules work in CentOS version 6.5

-A INPUT -p tcp -m tcp --dport 389 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 636 -j ACCEPT

4. Press Ctrl+X to exit, “Y” to save, and Enter

5. Start or restart iptables depending on its current state

service iptables start

Or

servcie iptables restart

Allow MYSQL Server Incoming Request In Iptables

I’ve read many forums regarding SELinux and iptables in CentOS and Linux. Most say disable them but in most corporate environments, that’s just not an option. Most of our servers are private and can only be accessed if connected via VPN. There are a few that face the public. In any case, it’s either keep your firewalls down and face the wrath or learn how to configure SELinux or iptables. As of right now, I disable SELinux due to my lack of knowledge of it.

To allow incoming request on MYSQL servers running iptables, you need to allow on port 3306.

On our CentOS version 6.5, this is done by adding the rule to the iptables config file.

nano /etc/sysconfig/iptables

 

Add the following line just beneath the entry for the default rule regarding tcp port 22:

-A INPUT -p tcp -m tcp –dport 3306 -j ACCEPT

Press Ctrl+X, “Y” to save and press the Enter key to complete the process.

 

Make sure iptables is enabled:

service iptables status

 

If running, restart the iptables by issuing the following command:

service iptables restart

 

If not running, issue this command:

service iptables start

 

There may be other variables but I know this works for certain on CentOS 6.5.