Setup a Zimbra Collaboration Suite on Ubuntu Bionic Beaver

Zimbra Overview

The Zimbra Open Source Collaboration Suite is designed to provide an end-to-end mail solution that is scalable and highly reliable. It consists of both a client and server components.

The web client provides a full-featured collaboration suite that supports email and group calendars.

The complete messaging architecture is built using open technology and well-known standards. It provides POP3 and IMAP access and relies on open-source applications such as Postfix, ClamAV and SpamAssassin.

During this tutorial you will learn how to install the latest version of open-source version of Zimbra on a Bare Metal Cloud Server running on Ubuntu Bionic Beaver server.

Requirements:

  • You have an account and are logged into console.scaleway.com
  • You have configured your SSH Key
  • You have a Bare Metal Cloud Server running on Ubuntu Bionic Beaver (18.04 LTS)
  • You have sudo privileges or access to the root user
  • You have configured an A-record pointing to your servers IP address
  • You have configured a valid reverse DNS for your IP address

Installing Zimbra Open Source Edition

1 . Connect to your server using SSH:

ssh root@SERVER_IP

2 . Update your system to the latest version:

apt-get update && apt-get upgrade

3 . Edit your /etc/hosts file so it looks like the following example:

51.159.31.9   zimbra.example.com     zimbra
127.0.0.1       localhost

4 . Configure the DNS settings of your server by editing the file /etc/resolv.conf. Set it to 62.210.16.6 and 62.210.16.7 to use Scaleway’s DNS servers.

nameserver 62.210.16.6
nameserver 62.210.16.7

5 . Download and extract the latest version of Zimbra

wget https://files.zimbra.com/downloads/8.8.15_GA/zcs-8.8.15_GA_3869.UBUNTU18_64.20190918004220.tgz
tar xfz zcs-8.8.15_GA_3869.UBUNTU18_64.20190918004220.tgz

Important Request the download link for the latest version directly from Zimbra to make sure you are installing the latest version available.

6 . Enter the Zimbra directory:

cd zcs-*

7 . Run the Zimbra installation tool:

./install.sh

8 . Confirm that you agree to the software license, by typing y:

Do you agree with the terms of the software license agreement? [N]y

9 . Confirm that you want to use the repository of Zimbra, by pressing on Enter:

Use Zimbra's package repository [Y]

10 . Zimbra will ask you which packages to install. You can keep the default values confirm their installation by typing y:

Select the packages to install

Install zimbra-ldap [Y]

Install zimbra-logger [Y]

Install zimbra-mta [Y]

[...]

11 . Confirm the modification of the system by pressing Y:

The system will be modified.  Continue? [N]

The required packages will be downloaded and installed. This may take a while.

12 . By default Zimbra is configured to use the domain name zimbra.example.com. Set it to your own domain name which you want to use for Zimbra, for example mydomain.com

DNS ERROR resolving MX for zimbra.example.com
It is suggested that the domain name have an MX record configured in DNS
Change domain name? [Yes] Y
Create domain: [zimbra.example.com] mydomain.com
	MX: zimbra.mydomain.com (123.123.123.123)

	Interface: 127.0.0.1
	Interface: 123.123.123.123

done.

13 . The Zimbra store configuration displays. Check the configuration:

Store configuration

Main menu

   1) Common Configuration:
   2) zimbra-ldap:                             Enabled
   3) zimbra-logger:                           Enabled
   4) zimbra-mta:                              Enabled
   5) zimbra-dnscache:                         Enabled
   6) zimbra-snmp:                             Enabled
   7) zimbra-store:                            Enabled
        +Create Admin User:                    yes
        +Admin user to create:                 admin@mydomain.com
******* +Admin Password                        UNSET
        +Anti-virus quarantine user:           virus-quarantine.mqqxpujcy@mydomain.com
        +Enable automated spam training:       yes
        +Spam training user:                   spam.dmzhfz1ds@mydomain.com
        +Non-spam(Ham) training user:          ham.zxjcx_xxsq@mydomain.com
        +SMTP host:                            zimbra.mydomain.com
        +Web server HTTP port:                 8080
        +Web server HTTPS port:                8443
        +Web server mode:                      https
        +IMAP server port:                     7143
        +IMAP server SSL port:                 7993
        +POP server port:                      7110
        +POP server SSL port:                  7995
        +Use spell check server:               yes
        +Spell server URL:                     http://zimbra.mydomain.com:7780/aspell.php
        +Enable version update checks:         TRUE
        +Enable version update notifications:  TRUE
        +Version update notification email:    admin@mydomain.com
        +Version update source email:          admin@mydomain.com
        +Install mailstore (service webapp):   yes
        +Install UI (zimbra,zimbraAdmin webapps): yes

   8) zimbra-spell:                            Enabled
   9) zimbra-proxy:                            Enabled
  10) Default Class of Service Configuration:
   s) Save config to file
   x) Expand menu
   q) Quit

14 . Press 7, then 4 to set the admin password, enter the new password and confirm by pressing Enter:

Password for admin@mydomain.com (min 6 characters): [BKY0Ag8lQ] Pa$$w0rd

15 . Press r to go back to the main menu and press a to apply the configuration:

Main menu

   1) Common Configuration:
   2) zimbra-ldap:                             Enabled
   3) zimbra-logger:                           Enabled
   4) zimbra-mta:                              Enabled
   5) zimbra-dnscache:                         Enabled
   6) zimbra-snmp:                             Enabled
   7) zimbra-store:                            Enabled
   8) zimbra-spell:                            Enabled
   9) zimbra-proxy:                            Enabled
  10) Default Class of Service Configuration:
   s) Save config to file
   x) Expand menu
   q) Quit

*** CONFIGURATION COMPLETE - press 'a' to apply
Select from menu, or press 'a' to apply config (? - help) a

16 . Press Enter twice to save the configuration into a file. Then type Yes and press Enter to confirm the modification of the system:

Save configuration data to a file? [Yes]
Save config in file: [/opt/zimbra/config.30902]
Saving config in /opt/zimbra/config.30902...done.
The system will be modified - continue? [No] Yes

The configuration of Zimbra will start.

Please note that this will take a while.

17 . You will be asked if you want to report your installation to Zimbra, you can type no if you don’t want to do this:

Notify Zimbra of your installation? [Yes] no
Notification skipped

18 . Once a message appears, the installation is complete. Press Enter to exit the setup tool:

Moving /tmp/zmsetup.20200608-100842.log to /opt/zimbra/log


Configuration complete - press return to exit

The installation of Zimbra Open Source is complete now and you can continue with the configuraion of your collaboration suite.

Configuring Zimbra Open Source Edition

1 . You can now login to the admin console at https://YOUR_SERVER_IP:7071/zimbraAdmin/. Use the user admin@domin.tld and the password that you have set during the installation to login:

ZimbraAdmin Login

2 . Once you are logged you can click on Get Started to begin with the configuration of the Zimbra server:

ZimbraAdmin Configuration

Add users and accounts as required.

Logging into Zimbra Open Source Edition

The user interface of your Zimbra collaboration suite is available at https://YOUR_SERVER_IP. Use your complete email address and password to login:

Zimbra Webmail

You can now check your emails, manage your contacts and your calendar.

Securing the Connection to Zimbra

By default Zimbra uses a self-signed certificate which can cause warnings in a web browser. To avoid these warnings, request a free Let’s Encrypt TLS/SSL certificate.

1 . Log into to your server, as root user, via SSH, add the certbot repository, and install certbot to manage the certificate:

apt install software-properties-common -y
add-apt-repository universe
add-apt-repository ppa:certbot/certbot
apt update 
apt install certbot -y

2 . Switch into the Zimbra user:

su zimbra

3 . Stop the following services:

zmproxyctl stop
zmmailboxdctl stop

4 . Exit from the Zimbra user:

exit

6 . Lauch the following command to use the certonly feature of certbot:

certbot certonly --standalone

Fill in the required information when asked. If you need a certificate for multiple domain names, specify them with the -d-flag:

 certbot certonly --standalone -d example.com -d www.example.org

7 . The certificate has been issued once the following message appears:

- Congratulations! Your certificate and chain have been saved at:
  /etc/letsencrypt/live/example.com/fullchain.pem
  Your key file has been saved at:
  /etc/letsencrypt/live/example.com/privkey.pem

You can find the following files in the directory /etc/letsencrypt/live/example.com:

  • cert.pem is the certificate

  • chain.pem is the chain

  • fullchain.pem is the concatenation of cert.pem + chain.pem

  • privkey.pem is the private key

Lets Encrypt creates the chain.pem file without the root CA. Copy the IdenTrust root Certificate and merge it after the chain.pem. The root certificate is available for download here:

Your chain.pem should look like:

-----BEGIN CERTIFICATE-----
YOUR_CERTIFICATE
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----

In short: chain.pem has to be merged with the root CA. First your certificate chain, and the end of the file the root CA. The order is important.

8 . Copy the Let’s Encrypt folder with all files /etc/letsencrypt/live/zimbra.example.com into /opt/zimbra/ssl/letsencrypt:

mkdir /opt/zimbra/ssl/letsencrypt
mv /etc/letsencrypt/live/mydomain.com/* /opt/zimbra/ssl/letsencrypt/
chown zimbra:zimbra /opt/zimbra/ssl/letsencrypt/*

9 . Change into the Zimbra user:

su zimbra

10 . Verify the certificate:

cd /opt/zimbra/ssl/letsencrypt/
/opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem chain.pem

If everything is working fine, the following message will appear:

** Verifying 'cert.pem' against 'privkey.pem'
Certificate 'cert.pem' and private key 'privkey.pem' match.
** Verifying 'cert.pem' against 'chain.pem'
Valid certificate chain: cert.pem: OK

11 . Backup the existing certificate:

cp -a /opt/zimbra/ssl/zimbra /opt/zimbra/ssl/zimbra.$(date "+%Y%m%d")

12 . Copy the private key into Zimbra’s SSL path:

cp /opt/zimbra/ssl/letsencrypt/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key

13 . Finally deploy the SSL certificate:

/opt/zimbra/bin/zmcertmgr deploycrt comm cert.pem chain.pem

Note: This may take a little while

14 . Restart the Zimbra services:

zmcontrol restart

15 . Go to https://YOUR_SERVER_IP and you will notice that the connection is now signed by a valid certificate:

Zimbra Login with valid SSL

You have now installed successfully the Zimbra Collaboration Suite and secured it with Let’s Encrypt certificate. For more information regarding Zimbra Open Source edition, refer to the official documentation.

Discover a New Cloud Experience

Deploy SSD Cloud Servers in seconds.