Shurn the Awesomer
Setup Zimbra 8.8 on Ubuntu 16.04

Setup Zimbra 8.8 on Ubuntu 16.04

Written on Thu, 12 April 2018

Optional Prerequisite: Install TCP BBR


TCP BBR is designed to counter traffic congestion. If your application frequently suffer from performance due to congestion, try TCP BBR.

Optional Prerequisite: Set up LVM


LVM is an excellent abstraction tool for storage. Highly recommended if you want to expand your storage needs in the future. Check out a related article on setting up infinite storage for web server but ignore the part on web server. Zimbra is commonly install on /opt/ so set the LVM to this folder.

Optional Prerequisite: Set up Swap Partition


Zimbra recommends a minimum of 8GB RAM. However, if you are faced with a situation where you do not have enough RAM and you can't just add more ram easily, you could use swap space partition or file.

Configure hostname


Edit /etc/hosts and add the following line:

10.0.0.168 mail.shurn.me mail


Change 10.0.0.168 to your ip address and the hostname to your hostname.

Edit /etc/hostname to this:

mail

Reboot your server and test that you see your hostname:

root@mail:~# hostname -f
mail.shurn.me
root@mail:~# hostname
mail

Install and Configure BIND DNS


Install bind9

root@mail:~# apt install bind9 bind9utils

Edit /etc/bind/named.conf.options, uncomment the forwarders, and add DNS server IP:

forwarders {
8.8.8.8; 8.8.4.4;
};


The DNS server is hosted by Google. Choose your own DNS server if you have a preference.

Add the following to /etc/bind/named.conf.local:

zone "shurn.me" {
type master;
file "/etc/bind/db.shurn.me";
};
zone "0.0.10.in-addr.arpa" {
type master;
file "/etc/bind/db.0.0.10";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "/etc/bind/db.0.0.127";
};


Change 0.0.10 to the reverse of your first 3 octet of your IP address, and shurn.me to your top level domain name.

Create /etc/bind/db.shurn.me and add the following:

$TTL 604800
@ IN SOA mail.shurn.me. admin.shurn.me. (
20180217 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800);Negative Cache TTL
;
@ IN NS mail
IN MX 10 mail
IN A 10.0.0.168
mail IN A 10.0.0.168


Change the domain and IP address accordingly.

Create /etc/bind/db.0.0.127 and add the following:

$TTL 3D
@ IN SOA mail.shurn.me. admin.shurn.me. (
2 ; Serial
8H ; Refresh
2H ; Retry
4W ; Expire
1D);Minimum TTL
NS mail.shurn.me
1 PTR localhost.


Change the domain accordingly

Create /etc/bind/db.0.0.10 and add the following:

$TTL 3D
@ IN SOA mail.shurn.me. admin.shurn.me. (
1 ; Serial
8H ; Refresh
2H ; Retry
4W ; Expire
1D);Minimum TTL
NS shurn.me.
10 PTR shurn.me.


Change the domain and IP address accordingly.

Restart bind service

root@mail:~# /etc/init.d/bind9 restart
[ ok ] Restarting bind9 (via systemctl): bind9.service.

Configure static IP address in /etc/network/interfaces:

source /etc/network/interfaces.d/*.cfg
auto eth0
iface eth0 inet static
address 10.0.0.168
netmask 255.255.255.0
network 10.0.0.0
broadcast 10.0.0.255
gateway 10.0.0.1
dns-search shurn.me
dns-nameservers 10.0.0.168


Change the domain and IP address accordingly.

Edit /etc/resolvconf/resolve.conf.d/base to the following:

nameserver 10.0.0.168
search shurn.me


CHange the domain and IP address accordingly. Then regenerate resolve.conf with:

root@mail:~# resolvconf -u

Download and install Zimbra


Disable firewall first:

root@mail:~# service ufw stop

Download and install the latest stable version of Zimbra. At the time of writing, the latest version is 8.8.8.

root@mail:~# wget https://files.zimbra.com/downloads/8.8.8_GA/zcs-8.8.8_GA_2009.UBUNTU16_64.20180322150747.tgz
root@mail:~# tar xf zcs-8.8.8_GA_2009.UBUNTU16_64.20180322150747.tgz
root@mail:~# cd zcs-8.8.8_GA_2009.UBUNTU16_64.20180322150747
root@mail:~# ./install.sh

Read the instructions and answer accordingly to your requirements:

Do you agree with the terms of the software license agreement? [N] y
Use Zimbra's package repository [Y] y
Install zimbra-ldap [Y]
Install zimbra-logger [Y] y
Install zimbra-mta [Y] y
Install zimbra-dnscache [Y] n
Install zimbra-snmp [Y] y
Install zimbra-store [Y] y
Install zimbra-apache [Y] y
Install zimbra-spell [Y] y
Install zimbra-memcached [Y] y
Install zimbra-proxy [Y] y
Install zimbra-chat [Y] y
Install zimbra-drive [Y] y
Install zimbra-imapd (BETA - for evaluation only) [N] n
The system will be modified. Continue? [N] y
Change domain name? [Yes] Yes
Create domain: [mail.shurn.me] shurn.me
Select from menu, or press 'a' to apply config (? - help) a
Save configuration data to a file? [Yes] y
Save config in file: [/opt/zimbra/config.12345]
The system will be modified - continue? [No] y


Note: This is an abstract of the full installation details. You may experience different installation path.
Highly recommended to set the admin password. Notifying zimbra of your installation is entirely optional.

Go to your favourite browser and browse to your domain like ://mail.shurn.me:7071. Take note of the port 7071, which is the administive login. Without it, you will be presented with the mailbox login.

Send and receive a mail and see that it works.

Installing SSL Certificate


Follow the instructions here to install certbot for your system.

Follow the instructions here for the script to automate letsencrypt installation, except the following:

Location of sudoers.conf


On point 4, the configs/sudoers.conf is located at /opt/letsencrypt-zimbra/configs/sudoers.conf. So you should run the command like this:

root@mail:~# cp /opt/letsencrypt-zimbra/configs/sudoers.conf /etc/sudoers.d/zimbra_certbot

Zimbra restart might fail


The maintainer has taken note that there is a restart issue at the time of this writing. As such, you need to manually restart zimbra with:

root@mail:~# sudo -Hu zimbra /opt/zimbra/bin/zmcontrol restart

zmlogswatch does not start due to Date::Parse not installed


If zmlogswatch does not start, check /opt/zimbra/log/zmlogswatch.out and see if it reports any error related to Date::Parse and Swatchdog. If it does, you should proceed with the installation. Then attempt to restart zimbra again. Obtain the URL from Swatchdog here.

root@mail:~# apt install build-essential
root@mail:~# cpan
cpan[1]> install Date::Parse
cpan[2]> install Time::HiRes
cpan[3]> install Date::Calc
cpan[4]> install Date::Format
cpan[5]> install Date::Manip
cpan[6]> install File::Tail
cpan[7]> install Term::ANSIColor
cpan[8]> exit
root@mail:~# wget https://excellmedia.dl.sourceforge.net/project/swatch/swatchdog/swatchdog-3.2.4.tar.gz
root@mail:~# tar -zxvf swatchdog-3.2.4.tar.gz
root@mail:~# mv swatchdog-3.2.4 swatchdog
root@mail:~# cd swatchdog
root@mail:~# perl Makefile.PL
root@mail:~# make
root@mail:~# make test
root@mail:~# make install
root@mail:~# make realclean
root@mail:~# sudo -Hu zimbra /opt/zimbra/bin/zmcontrol restart

Renewing SSL Certificate


You may set up cron job to renew the certificate. Edit your cron job file with:

root@mail:~# crontab -e


Add the following:

12 12 * * * sudo -Hu zimbra /opt/letsencrypt-zimbra/obtain-and-deploy-letsencrypt-cert.shsudo -Hu zimbra /opt/zimbra/bin/zmcontrol restart