This tutorial explains how to install the latest version of Zimbra on an Ubuntu Xenial server.
- You have an account and are logged into cloud.scaleway.com
- You have an Ubuntu Xenial server
- You have configured your SSH Key
- You have sudo privileges or access to the root user.
- You have unlocked the SMTP ports
- You have configured a valid reverse DNS for your IP address
- It is recommended to run Zimbra on a machine with at least 8GB of RAM for optimal performances.
The Zimbra Collaboration Suite is designed to provide an end-to-end mail solution that is scalable and highly reliable.
Messaging architecture is built with open technology and well-known standards. The application is composed of a mail server application and a client interface.
1 . Connect to your server using SSH:
2 . Update your system to the latest version:
apt-get update && apt-get upgrade
3 . Edit your
/etc/hosts file so it looks like the following example:
10.10.15.2 zimbra.example.com zimbra 127.0.0.1 localhost
4 . Download and extract the latest version of Zimbra
wget https://files.zimbra.com/downloads/8.8.9_GA/zcs-8.8.9_GA_2055.UBUNTU16_64.20180703080917.tgz tar xfz zcs-8.8.9_GA_2055.UBUNTU16_64.20180703080917.tgz
5 . Enter the Zimbra directory:
6 . Run the setup tool:
7 . Confirm that you agree to the software license, by typing
Do you agree with the terms of the software license agreement? [N]y
8 . Confirm that you want to use the repository of Zimbra, by pressing on
Use Zimbra's package repository [Y]
9 . Zimbra will ask you which packages to install. You can keep the default values and confirm that the system will be modified, by typing
The system will be modified. Continue? [N] Y
The required packages will be downloaded and installed. This may take a while.
10 . Set the domain from
DNS ERROR resolving MX for zimbra.example.com It is suggested that the domain name have an MX record configured in DNS Change domain name? [Yes] Y Create domain: [zimbra.example.com] example.com MX: zimbra.example.com (126.96.36.199) Interface: 127.0.0.1 Interface: 10.16.0.5 done. Checking for port conflicts
11 . Press
4 to set the admin password, enter the new password and confirm by pressing
Store configuration 1) Status: Enabled 2) Create Admin User: yes 3) Admin user to create: email@example.com ** 4) Admin Password UNSET 5) Anti-virus quarantine user: firstname.lastname@example.org 6) Enable automated spam training: yes 7) Spam training user: email@example.com 8) Non-spam(Ham) training user: firstname.lastname@example.org 9) SMTP host: zimbra.example.com 10) Web server HTTP port: 8080 11) Web server HTTPS port: 8443 12) Web server mode: https 13) IMAP server port: 7143 14) IMAP server SSL port: 7993 15) POP server port: 7110 16) POP server SSL port: 7995 17) Use spell check server: yes 18) Spell server URL: http://zimbra.example.com:7780/aspell.php 19) Enable version update checks: TRUE 20) Enable version update notifications: TRUE 21) Version update notification email: email@example.com 22) Version update source email: firstname.lastname@example.org 23) Install mailstore (service webapp): yes 24) Install UI (zimbra,zimbraAdmin webapps): yes Select, or 'r' for previous menu [r] 4 Password for email@example.com (min 6 characters): [KyYxqndxmw] Pa$$w0rd
12 . Press
r to go back to the main menu, then press
5 to enter the DNS configuration and
2to set the DNS resolver to
188.8.131.52 or your preferred DNS server:
[...] 5) zimbra-dnscache: Enabled ******* +Master DNS IP address(es): UNSET +Enable DNS lookups over TCP: yes +Enable DNS lookups over UDP: yes +Only allow TCP to communicate with Master DNS: no 6) zimbra-snmp: Enabled 7) zimbra-store: Enabled 8) zimbra-spell: Enabled 9) zimbra-proxy: Enabled 10) Default Class of Service Configuration: s) Save config to file x) Expand menu q) Quit Address unconfigured (**) items (? - help) 5 DNS Cache configuration 1) Status: Enabled ** 2) Master DNS IP address(es): UNSET 3) Enable DNS lookups over TCP: yes 4) Enable DNS lookups over UDP: yes 5) Only allow TCP to communicate with Master DNS: no Select, or 'r' for previous menu [r] 2 IP Address(es) of Master DNS Server(s), space separated: 184.108.40.206
13 . Press
Enter to confirm your modification.
14 . Press
r to go back to the main menu, then press
a to apply the configuration. When asked if you want to save the configuration, press
Enter, confirm the file name by pressing on
Enter and type
yes when asked if you want the system to be modified:
*** CONFIGURATION COMPLETE - press 'a' to apply Select from menu, or press 'a' to apply config (? - help) a Save configuration data to a file? [Yes] Save config in file: [/opt/zimbra/config.4007] Saving config in /opt/zimbra/config.4007...done. The system will be modified - continue? [No] yes Operations logged to /tmp/zmsetup.20180719-122146.log [...]
The configuration of Zimbra will start.
Please note that this will take a while.
15 . You will be asked if you want to report your installation to Zimbra, you can type
no if you don’t want to do this:
Notify Zimbra of your installation? [Yes] no Notification skipped
16 . Once a message appears, the installation is complete. Press
Enter to exit the setup tool.
17 . You can now login to the admin console at
https://YOUR_SERVER_IP:7071/zimbraAdmin/. Use the user
firstname.lastname@example.org and the password that you have set during the installation to login:
18 . Once you are logged you can click on Get Started to begin with the configuration of the Zimbra server:
19 . The user interface of your Zimbra is available at
https://YOUR_SERVER_IP. Use your complete email address and its password to login:
You can now check your emails, manage your contacts and your calendar.
By default Zimbra uses a self-sgined certificate which can cause warnings in a web browser. To get rid of these warnings, a Let’s Encrypt certificate can be requested.
1 . Connect to your server as root via SSH and install git :
apt-get install git
2 . Switch into the Zimbra user:
3 . Stop the following services:
zmproxyctl stop zmmailboxdctl stop
4 . Exit from the Zimbra user:
5 . Clone and enter the Lets Encrypt Repository:
git clone https://github.com/letsencrypt/letsencrypt cd letsencrypt
6 . Lauch the following command to use the
certonly feature of Let’s Encrypt, as the certificate can’t be integrated into Zimbra automatically:
./letsencrypt-auto certonly --standalone
Fill in the required information when asked. If you need a certificate for multiple domain names, specify them with the
./letsencrypt-auto certonly --standalone -d zimbra.example.com -d zimbra.example.org
7 . The certificate has been issued once the following message appears:
- Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/zimbra.example.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/zimbra.example.com/privkey.pem
You can find the following files in the directory
cert.pem is the certificate
chain.pem is the chain
fullchain.pem is the concatenation of cert.pem + chain.pem
privkey.pem is the private key
Lets Encrypt creates the
chain.pem file without the root CA. Copy the IdenTrust root Certificate and merge it after the
chain.pem should look like:
-----BEGIN CERTIFICATE----- YOUR_CHAIN -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/ MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw 7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69 ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5 JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ -----END CERTIFICATE-----
In short: chain.pem has to be concatened with the root CA. First the chain and the end of the file the root CA. The order is important.
8 . Copy the Let’s Encrypt folder with all files
mkdir /opt/zimbra/ssl/letsencrypt cp /etc/letsencrypt/live/zimbra.grafanatest.tk/* /opt/zimbra/ssl/letsencrypt/ chown zimbra:zimbra /opt/zimbra/ssl/letsencrypt/*
9 . Change into the Zimbra user:
10 . Verify the certificate:
cd /opt/zimbra/ssl/letsencrypt/ /opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem chain.pem
If everything is working fine, the following message will appear:
** Verifying 'cert.pem' against 'privkey.pem' Certificate 'cert.pem' and private key 'privkey.pem' match. ** Verifying 'cert.pem' against 'chain.pem' Valid certificate chain: cert.pem: OK
11 . Backup the existing certificate:
cp -a /opt/zimbra/ssl/zimbra /opt/zimbra/ssl/zimbra.$(date "+%Y%m%d")
12 . Copy the private key into Zimbra’s SSL path:
cp /opt/zimbra/ssl/letsencrypt/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key
13 . Finally deploy the SSL certificate:
/opt/zimbra/bin/zmcertmgr deploycrt comm cert.pem chain.pem
Note: This may take a little while
14 . Restart the Zimbra services:
15 . Go to
https://YOUR_SERVER_IP and you will notice that the connection is now signed by a valid certificate:
Zimbra is configured to use the internal IP of your server for handling your mails.
In case you have reconfigured the internal IP of the server or if it has changed because you have archived the server and restarted it later, you have to re-authorize the new IP in Zimbra.
1 . Connect to your server and and su into the Zimbra user:
2 . Run
ifconfig to detect your internal IP Address.
3 . Run the following command to check if the IP matches:
This command will return a line like the following:
mynetworks = 127.0.0.0/8 10.1.172.115/31
4 . Run a second check from Zimbras LDAP:
zmprov getServer zimbra.example.com | grep zimbraMtaMyNetworks
5 . If the result of the two commands does not provide the actual IP address of your server, you can update it with the following command:
zmprov modifyServer zimbra.example.com zimbraMtaMyNetworks '127.0.0.0/8 YOUR_SERVER_IP/31'
6 . Reload the postfix configuration and restart Zimbra to take the modification into effect:
postfix reload zmcontrol stop zmcontrol start