Setting up a Zimbra Collaboration Suite on Ubuntu Bionic Beaver
Zimbra - Overview
The Zimbra Open Source Collaboration Suite is designed to provide an end-to-end mail solution that is scalable and highly reliable. It consists of both a client and server components.
The web client provides a full-featured collaboration suite that supports email and group calendars.
The complete messaging architecture is built using open technology and well-known standards. It provides POP3 and IMAP access and relies on open-source applications such as Postfix, ClamAV and SpamAssassin.
During this tutorial you will learn how to install the latest version of open-source version of Zimbra on a Elastic Metal server running on Ubuntu Bionic Beaver server.
You may need certain IAM permissions to carry out some actions described on this page. This means:
- you are the Owner of the Scaleway Organization in which the actions will be carried out, or
- you are an IAM user of the Organization, with a policy granting you the necessary permission sets
- You have an account and are logged into the Scaleway console
- You have configured your SSH key
- You have created an Elastic Metal server which is running Ubuntu Bionic Beaver (18.04 LTS)
- You have sudo privileges or access to the root user
- You have configured an A-record pointing to your servers IP address
- You have configured a valid reverse DNS for your IP address
Installing Zimbra Open Source Edition
Connect to your server using SSH:ssh root@SERVER_IP
Update your system to the latest version:apt-get update && apt-get upgrade
/etc/hostsfile so it looks like the following example:220.127.116.11 zimbra.example.com zimbra127.0.0.1 localhost
Configure the DNS settings of your server by editing the file
/etc/resolv.conf. Set it to
18.104.22.168to use Scaleway’s DNS servers.nameserver 22.214.171.124nameserver 126.96.36.199
Download and extract the latest version of Zimbrawget https://files.zimbra.com/downloads/8.8.15_GA/zcs-8.8.15_GA_3869.UBUNTU18_64.20190918004220.tgztar xfz zcs-8.8.15_GA_3869.UBUNTU18_64.20190918004220.tgzImportant:
Request the download link for the latest version directly from Zimbra to make sure you are installing the latest version available.
Enter the Zimbra directory:cd zcs-*
Run the Zimbra installation tool:./install.sh
Confirm that you agree to the software license, by typing
y:Do you agree with the terms of the software license agreement? [N]y
Confirm that you want to use the repository of Zimbra, by pressing on
Enter:Use Zimbra's package repository [Y]
Zimbra will ask you which packages to install. You can keep the default values confirm their installation by typing
y:Select the packages to installInstall zimbra-ldap [Y]Install zimbra-logger [Y]Install zimbra-mta [Y][...]
Confirm the modification of the system by pressing
Y:The system will be modified. Continue? [N]
The required packages will be downloaded and installed. This may take a while.
By default Zimbra is configured to use the domain name
zimbra.example.com. Set it to your own domain name which you want to use for Zimbra, for example
mydomain.comDNS ERROR resolving MX for zimbra.example.comIt is suggested that the domain name have an MX record configured in DNSChange domain name? [Yes] YCreate domain: [zimbra.example.com] mydomain.comMX: zimbra.mydomain.com (188.8.131.52)Interface: 127.0.0.1Interface: 184.108.40.206done.
The Zimbra store configuration displays. Check the configuration:Store configurationMain menu1) Common Configuration:2) zimbra-ldap: Enabled3) zimbra-logger: Enabled4) zimbra-mta: Enabled5) zimbra-dnscache: Enabled6) zimbra-snmp: Enabled7) zimbra-store: Enabled+Create Admin User: yes+Admin user to create: email@example.com******* +Admin Password UNSET+Anti-virus quarantine user: firstname.lastname@example.org+Enable automated spam training: yes+Spam training user: email@example.com+Non-spam(Ham) training user: firstname.lastname@example.org+SMTP host: zimbra.mydomain.com+Web server HTTP port: 8080+Web server HTTPS port: 8443+Web server mode: https+IMAP server port: 7143+IMAP server SSL port: 7993+POP server port: 7110+POP server SSL port: 7995+Use spell check server: yes+Spell server URL: http://zimbra.mydomain.com:7780/aspell.php+Enable version update checks: TRUE+Enable version update notifications: TRUE+Version update notification email: email@example.com+Version update source email: firstname.lastname@example.org+Install mailstore (service webapp): yes+Install UI (zimbra,zimbraAdmin webapps): yes8) zimbra-spell: Enabled9) zimbra-proxy: Enabled10) Default Class of Service Configuration:s) Save config to filex) Expand menuq) Quit
4to set the admin password, enter the new password and confirm by pressing
Enter:Password for email@example.com (min 6 characters): [BKY0Ag8lQ] Pa$$w0rd
rto go back to the main menu and press
ato apply the configuration:Main menu1) Common Configuration:2) zimbra-ldap: Enabled3) zimbra-logger: Enabled4) zimbra-mta: Enabled5) zimbra-dnscache: Enabled6) zimbra-snmp: Enabled7) zimbra-store: Enabled8) zimbra-spell: Enabled9) zimbra-proxy: Enabled10) Default Class of Service Configuration:s) Save config to filex) Expand menuq) Quit*** CONFIGURATION COMPLETE - press 'a' to applySelect from menu, or press 'a' to apply config (? - help) a
Entertwice to save the configuration into a file. Then type
Enterto confirm the modification of the system:Save configuration data to a file? [Yes]Save config in file: [/opt/zimbra/config.30902]Saving config in /opt/zimbra/config.30902...done.The system will be modified - continue? [No] Yes
The configuration of Zimbra will start.
Please note that this will take a while.
You will be asked if you want to report your installation to Zimbra, you can type
noif you don’t want to do this:Notify Zimbra of your installation? [Yes] noNotification skipped
Once a message appears, the installation is complete. Press
Enterto exit the setup tool:Moving /tmp/zmsetup.20200608-100842.log to /opt/zimbra/logConfiguration complete - press return to exit
The installation of Zimbra Open Source is complete now and you can continue with the configuration of your collaboration suite.
Configuring Zimbra Open Source Edition
- You can now login to the admin console at
https://YOUR_SERVER_IP:7071/zimbraAdmin/. Use the user
firstname.lastname@example.org the password that you have set during the installation to login:
- Once you are logged you can click Get Started to begin with the configuration of the Zimbra server:
Add users and accounts as required.
Logging into Zimbra Open Source Edition
The user interface of your Zimbra collaboration suite is available at
https://YOUR_SERVER_IP. Use your complete email address and password to login:
You can now check your emails, manage your contacts and your calendar.
Securing the Connection to Zimbra
By default Zimbra uses a self-signed certificate which can cause warnings in a web browser. To avoid these warnings, request a free Let’s Encrypt TLS/SSL certificate.
Log into to your server, as
rootuser, via SSH, add the certbot repository, and install
certbotto manage the certificate:apt install software-properties-common -yadd-apt-repository universeadd-apt-repository ppa:certbot/certbotapt updateapt install certbot -y
Switch into the Zimbra user:su zimbra
Stop the following services:zmproxyctl stopzmmailboxdctl stop
Exit from the Zimbra user:exit
Lauch the following command to use the
certonlyfeature of certbot:certbot certonly --standalone
Fill in the required information when asked. If you need a certificate for multiple domain names, specify them with the
-d-flag:certbot certonly --standalone -d example.com -d www.example.org
The certificate has been issued once the following message appears:Congratulations! Your certificate and chain have been saved at:/etc/letsencrypt/live/example.com/fullchain.pemYour key file has been saved at:/etc/letsencrypt/live/example.com/privkey.pem
You can find the following files in the directory
cert.pem is the certificate
chain.pem is the chain
fullchain.pem is the concatenation of cert.pem + chain.pem
privkey.pem is the private key
Lets Encrypt creates the
chain.pemfile without the root CA. Copy the IdenTrust root Certificate and merge it after the
chain.pem. The root certificate is available for download here:
In short: chain.pem has to be merged with the root CA. First your certificate chain, and the end of the file the root CA. The order is important.
Copy the Let’s Encrypt folder with all files
/opt/zimbra/ssl/letsencrypt:mkdir /opt/zimbra/ssl/letsencryptmv /etc/letsencrypt/live/mydomain.com/* /opt/zimbra/ssl/letsencrypt/chown zimbra:zimbra /opt/zimbra/ssl/letsencrypt/*
Change into the Zimbra user:su zimbra
Verify the certificate:cd /opt/zimbra/ssl/letsencrypt//opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem chain.pem
If everything is working fine, the following message will appear:** Verifying 'cert.pem' against 'privkey.pem'Certificate 'cert.pem' and private key 'privkey.pem' match.** Verifying 'cert.pem' against 'chain.pem'Valid certificate chain: cert.pem: OK
Backup the existing certificate:cp -a /opt/zimbra/ssl/zimbra /opt/zimbra/ssl/zimbra.$(date "+%Y%m%d")
Copy the private key into Zimbra’s SSL path:cp /opt/zimbra/ssl/letsencrypt/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key
Finally deploy the SSL certificate:/opt/zimbra/bin/zmcertmgr deploycrt comm cert.pem chain.pemNote:
This may take a little while
Restart the Zimbra services:zmcontrol restart
https://YOUR_SERVER_IPand you will notice that the connection is now signed by a valid certificate:Note:
If you are using Zimbra on an Instance, note that the internal IP address might change after a stop/restart of your instance.
You have now successfully installed the Zimbra Collaboration Suite and secured it with Let’s Encrypt certificate.
For more information regarding Zimbra Open Source edition, refer to the official documentation.