Shurn the Awesomer
Setup Zimbra 8.8 on Ubuntu 16.04

Setup Zimbra 8.8 on Ubuntu 16.04

Written 1 week, 3 days ago

Optional Prerequisite: Install TCP BBR


TCP BBR is designed to counter traffic congestion. If your application frequently suffer from performance due to congestion, try TCP BBR.

Optional Prerequisite: Set up LVM


LVM is an excellent abstraction tool for storage. Highly recommended if you want to expand your storage needs in the future. Check out a related article on setting up infinite storage for web server but ignore the part on web server. Zimbra is commonly install on /opt/ so set the LVM to this folder.

Optional Prerequisite: Set up Swap Partition


Zimbra recommends a minimum of 8GB RAM. However, if you are faced with a situation where you do not have enough RAM and you can't just add more ram easily, you could use swap space partition or file.

Configure hostname


Edit /etc/hosts and add the following line:

10.0.0.168 mail.shurn.me mail


Change 10.0.0.168 to your ip address and the hostname to your hostname.

Edit /etc/hostname to this:

mail

Reboot your server and test that you see your hostname:

[email protected]:~# hostname -f
mail.shurn.me
[email protected]:~# hostname
mail

Install and Configure BIND DNS


Install bind9

[email protected]:~# apt install bind9 bind9utils

Edit /etc/bind/named.conf.options, uncomment the forwarders, and add DNS server IP:

forwarders {
8.8.8.8; 8.8.4.4;
};


The DNS server is hosted by Google. Choose your own DNS server if you have a preference.

Add the following to /etc/bind/named.conf.local:

zone "shurn.me" {
type master;
file "/etc/bind/db.shurn.me";
};
zone "0.0.10.in-addr.arpa" {
type master;
file "/etc/bind/db.0.0.10";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "/etc/bind/db.0.0.127";
};


Change 0.0.10 to the reverse of your first 3 octet of your IP address, and shurn.me to your top level domain name.

Create /etc/bind/db.shurn.me and add the following:

$TTL 604800
@ IN SOA mail.shurn.me. admin.shurn.me. (
20180217 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800);Negative Cache TTL
;
@ IN NS mail
IN MX 10 mail
IN A 10.0.0.168
mail IN A 10.0.0.168


Change the domain and IP address accordingly.

Create /etc/bind/db.0.0.127 and add the following:

$TTL 3D
@ IN SOA mail.shurn.me. admin.shurn.me. (
2 ; Serial
8H ; Refresh
2H ; Retry
4W ; Expire
1D);Minimum TTL
NS mail.shurn.me
1 PTR localhost.


Change the domain accordingly

Create /etc/bind/db.0.0.10 and add the following:

$TTL 3D
@ IN SOA mail.shurn.me. admin.shurn.me. (
1 ; Serial
8H ; Refresh
2H ; Retry
4W ; Expire
1D);Minimum TTL
NS shurn.me.
10 PTR shurn.me.


Change the domain and IP address accordingly.

Restart bind service

[email protected]:~# /etc/init.d/bind9 restart
[ ok ] Restarting bind9 (via systemctl): bind9.service.

Configure static IP address in /etc/network/interfaces:

source /etc/network/interfaces.d/*.cfg
auto eth0
iface eth0 inet static
address 10.0.0.168
netmask 255.255.255.0
network 10.0.0.0
broadcast 10.0.0.255
gateway 10.0.0.1
dns-search shurn.me
dns-nameservers 10.0.0.168


Change the domain and IP address accordingly.

Edit /etc/resolvconf/resolve.conf.d/base to the following:

nameserver 10.0.0.168
search shurn.me


CHange the domain and IP address accordingly. Then regenerate resolve.conf with:

[email protected]:~# resolvconf -u

Download and install Zimbra


Disable firewall first:

[email protected]:~# service ufw stop

Download and install the latest stable version of Zimbra. At the time of writing, the latest version is 8.8.8.

[email protected]:~# wget https://files.zimbra.com/downloads/8.8.8_GA/zcs-8.8.8_GA_2009.UBUNTU16_64.20180322150747.tgz
[email protected]:~# tar xf zcs-8.8.8_GA_2009.UBUNTU16_64.20180322150747.tgz
[email protected]:~# cd zcs-8.8.8_GA_2009.UBUNTU16_64.20180322150747
[email protected]:~# ./install.sh

Read the instructions and answer accordingly to your requirements:

Do you agree with the terms of the software license agreement? [N] y
Use Zimbra's package repository [Y] y
Install zimbra-ldap [Y]
Install zimbra-logger [Y] y
Install zimbra-mta [Y] y
Install zimbra-dnscache [Y] n
Install zimbra-snmp [Y] y
Install zimbra-store [Y] y
Install zimbra-apache [Y] y
Install zimbra-spell [Y] y
Install zimbra-memcached [Y] y
Install zimbra-proxy [Y] y
Install zimbra-chat [Y] y
Install zimbra-drive [Y] y
Install zimbra-imapd (BETA - for evaluation only) [N] n
The system will be modified. Continue? [N] y
Change domain name? [Yes] Yes
Create domain: [mail.shurn.me] shurn.me
Select from menu, or press 'a' to apply config (? - help) a
Save configuration data to a file? [Yes] y
Save config in file: [/opt/zimbra/config.12345]
The system will be modified - continue? [No] y


Note: This is an abstract of the full installation details. You may experience different installation path.
Highly recommended to set the admin password. Notifying zimbra of your installation is entirely optional.

Go to your favourite browser and browse to your domain like ://mail.shurn.me:7071. Take note of the port 7071, which is the administive login. Without it, you will be presented with the mailbox login.

Send and receive a mail and see that it works.

Installing SSL Certificate


Follow the instructions here to install certbot for your system.

Follow the instructions here for the script to automate letsencrypt installation, except the following:

Location of sudoers.conf


On point 4, the configs/sudoers.conf is located at /opt/letsencrypt-zimbra/configs/sudoers.conf. So you should run the command like this:

[email protected]:~# cp /opt/letsencrypt-zimbra/configs/sudoers.conf /etc/sudoers.d/zimbra_certbot

Zimbra restart might fail


The maintainer has taken note that there is a restart issue at the time of this writing. As such, you need to manually restart zimbra with:

root[email protected]:~# sudo -Hu zimbra /opt/zimbra/bin/zmcontrol restart

zmlogswatch does not start due to Date::Parse not installed


If zmlogswatch does not start, check /opt/zimbra/log/zmlogswatch.out and see if it reports any error related to Date::Parse and Swatchdog. If it does, you should proceed with the installation. Then attempt to restart zimbra again. Obtain the URL from Swatchdog here.

[email protected]:~# apt install build-essential
[email protected]:~# cpan
cpan[1]> install Date::Parse
cpan[2]> install Time::HiRes
cpan[3]> install Date::Calc
cpan[4]> install Date::Format
cpan[5]> install Date::Manip
cpan[6]> install File::Tail
cpan[7]> install Term::ANSIColor
cpan[8]> exit
[email protected]:~# wget https://excellmedia.dl.sourceforge.net/project/swatch/swatchdog/swatchdog-3.2.4.tar.gz
[email protected]:~# tar -zxvf swatchdog-3.2.4.tar.gz
[email protected]:~# mv swatchdog-3.2.4 swatchdog
[email protected]:~# cd swatchdog
[email protected]:~# perl Makefile.PL
[email protected]:~# make
[email protected]:~# make test
[email protected]:~# make install
[email protected]:~# make realclean
[email protected]:~# sudo -Hu zimbra /opt/zimbra/bin/zmcontrol restart

Renewing SSL Certificate


You may set up cron job to renew the certificate. Edit your cron job file with:

[email protected]:~# crontab -e


Add the following:

12 12 * * * sudo -Hu zimbra /opt/letsencrypt-zimbra/obtain-and-deploy-letsencrypt-cert.shsudo -Hu zimbra /opt/zimbra/bin/zmcontrol restart
Installing Memcache on Ubuntu 16.04 for PHP

Installing Memcache on Ubuntu 16.04 for PHP

Written on Fri, 24 November 2017

Installing Memcache on Ubuntu 16.04 is a breeze. All you need are just the right commands and everything is installed.

apt install memcached php-memcached

After that, you just need to restart apache.

systemctl apache2 restart

That's it. You can verify that memcached is installed and working with phpinfo().

Sonarwhal - The best linting tool, so far

Sonarwhal - The best linting tool, so far

Written on Thu, 23 November 2017

I have been using Sonarwhal to check my website for errors for quite a while. This is quite a useful tool to get your website checked for best practises and errors.

So far, I have managed to clear out many issues raised by the online scanner provided free-of-charge. The downside of the scanner right now, is that I cannot set rules. Like I can't ignore certain domains that are not under my control, thus it reports their errors. The other downside I face is also a timeout between scans. I like to scan each time I make a site modification, which can be seconds apart. You can install this tool on your local premise to overcome these limitations.

Some of the errors and best practises I have done are like HSTS, PWA, and other security headers. It's a good tool to use. Give it a try for free.

All the hype about Note 8

All the hype about Note 8

Written on Mon, 11 September 2017

Seems like the world is getting so excited about the new Note 8 from Samsung. There is no shortage of Note 8 reviews. I'm not about to start doing one right now. I'll probably share about me and my wife's experience transiting to the new Note 8.

For me, I've been a long time Android user. Transiting it over from my previous Galaxy S6 Edge is a mere breeze. But my wife has been a long time iPhone 5S user. But you wouldn't believe me when I tell you that she picked up Android really fast. To be fair, she actually used the OPPO R9 model for about a month before she got her hands on Samsung Galaxy Note 8. Using OPPO R9 was already easy enough that when she landed her hands on Note 8, it was just another android to feast her eyes on.


That's her unboxing the phone. You can already tell how excited she is.


From the left, we have Galaxy S6 Edge, Galaxy Note 8, and Oppo R9. Clearly, Note 8 is the tallest of the 3, with R9 coming close.


But when it comes to screen real estate, the Note 8 is clearly the winner.

The data transfer from S6 Edge to Note 8 wasn't as smooth. To be fair, it isn't the fault of Android or Samsung. It's just that the apps ain't designed to transfer well with Smart Switch. The 160+ apps I have to restore through download from Google Play sure took a long time. Eventually, I am still able to smoothly transit to Note 8.

The transition from R9 to Note 8 had an extra hurdle. Smart link won't automatically install on R9. I had to download it from Google Play directly. I suspect it's because it runs on ColorOS, a variant of Android. Other than that, every other procedure is smooth.


If you're on budget, you might want to know that your purchase probably comes with a free phone case.


As expected, you should receive the fast charger. If you're using other phones that supports Qualcomm's Quick Charge, the fast charge should work too.


Now, this is arguably the accessory that stood out most. The ear piece by AKG is absolutely beautiful to listen to. The insulation is very good. I could actually hear more of the audio range than the previous ear piece provided by Samsung. Listening back to my old songs and noticing other instruments that I missed out previously is really eye opening.


I did not get to try out Dex Station much as I did not have a HDMI monitor available at this point of writing. Just one thing I noted, when I attempt to charge my phone with it, it wasn't on fast charge even though the charger supports it. And the phone case I was using interfered with the connection, that it could not fully plug into the Dex Station.

All in all, this is a very good device, as long as it doesn't explode.

Disclaimer: Even though all the photos in this blogpost is shot with Note8, the images have been edited and optimised for web by degrading it slightly, for faster download speeds.

Speed up your website with TCP BBR

Speed up your website with TCP BBR

Written on Wed, 30 August 2017

Google has come up with a new way of handling network congestion, by pretending there is no congestion. OK, maybe exaggerated, but who can blame me when they outrightly state that "1980s-era algorithm assumes that packet loss means network congestion".

BBR stands for Bottleneck Bandwidth and Round-trip propagation time. According to Google, YouTube network throughput improved by 4 percent on average globally. Wordpress also experience massive improvements of up to 2700 times better than the previous best loss-based congestion control.

Sounds impressive? Why not let's give it a try.

Warning


Back up your server before proceeding. You're likely going to need to change Linux Kernal and other system level changes.

Updating Linux Kernel


Check the Linux Kernel Version

uname -mrs


If it's any version less than 4.9, you need to upgrade it. Otherwise, you can skip ahead to the next section.

Search for the latest linux kernal in the repository.

apt search linux-generic

At the time of writing, the latest version is linux-image-4.11.0-14-generic. TCP BBR is only introduced in 4.9 and higher, so choose any version 4.9 or higher and install.

apt install linux-image-4.11.0-14-generic

You need to reboot the server after this.

reboot

Enable TCP BBR


Enable it at sysctl.conf

nano /etc/sysctl.conf

Append the following lines

net.core.default_qdisc=fq
net.ipv4.tcp_congestion_control=bbr

Apply the settings

sysctl --system

Verify the new settings

sysctl net.core.default_qdisc
sysctl net.ipv4.tcp_congestion_control


You should see the output as what you typed in the sysctl.conf

Test it


Does it work? Maybe. When I did a speed test before and after implementing TCP BBR, there was hardly any noticable improvement in speedtest.

About Me

Greetings Earthlings , Shurn the Awesomer is here to give you an awesome time.

This little site is a record of my life, opinions, and views. I'm mainly writing about Technology & Gadgets, Busting Creationist Myths, and other philosophical stuff.

This site is done using CakePHP.

Uptime

With this uptime, how much more can I be proud of to showcase to the world? This uptime monitoring is brought to you by StatusCake since 13th May 2017.

Copyright

I will always check for copyright usage before using any materials on my site. Whenever due, credit shall be given.

However, if you notice that I may have infringed on any copyright material. Please do not hesitate to contact me. All works of every artist deserves to be honoured and respected.