Setup Zimbra 8.8 on Ubuntu 16.04
Written on Thu, 12 April 2018Optional Prerequisite: Install TCP BBR
TCP BBR is designed to counter traffic congestion. If your application frequently suffer from performance due to congestion, try TCP BBR.
Optional Prerequisite: Set up LVM
LVM is an excellent abstraction tool for storage. Highly recommended if you want to expand your storage needs in the future. Check out a related article on setting up infinite storage for web server but ignore the part on web server. Zimbra is commonly install on /opt/ so set the LVM to this folder.
Optional Prerequisite: Set up Swap Partition
Zimbra recommends a minimum of 8GB RAM. However, if you are faced with a situation where you do not have enough RAM and you can't just add more ram easily, you could use swap space partition or file.
Configure hostname
Edit /etc/hosts and add the following line:
| 10.0.0.168 mail.shurn.me mail |
Change 10.0.0.168 to your ip address and the hostname to your hostname.
Edit /etc/hostname to this:
Reboot your server and test that you see your hostname:
| root@mail:~# hostname -f |
| mail.shurn.me |
| root@mail:~# hostname |
Install and Configure BIND DNS
Install bind9
| root@mail:~# apt install bind9 bind9utils |
Edit /etc/bind/named.conf.options, uncomment the forwarders, and add DNS server IP:
| forwarders { |
| 8.8.8.8; 8.8.4.4; |
| }; |
The DNS server is hosted by Google. Choose your own DNS server if you have a preference.
Add the following to /etc/bind/named.conf.local:
| zone "shurn.me" { |
| type master; |
| file "/etc/bind/db.shurn.me"; |
| }; |
| zone "0.0.10.in-addr.arpa" { |
| type master; |
| file "/etc/bind/db.0.0.10"; |
| }; |
| zone "0.0.127.in-addr.arpa" { |
| type master; |
| file "/etc/bind/db.0.0.127"; |
| }; |
Change 0.0.10 to the reverse of your first 3 octet of your IP address, and shurn.me to your top level domain name.
Create /etc/bind/db.shurn.me and add the following:
| $TTL 604800 |
| @ IN SOA mail.shurn.me. admin.shurn.me. ( |
| 20180217 ; Serial |
| 604800 ; Refresh |
| 86400 ; Retry |
| 2419200 ; Expire |
| 604800);Negative Cache TTL |
| ; |
| @ IN NS mail |
| IN MX 10 mail |
| IN A 10.0.0.168 |
| mail IN A 10.0.0.168 |
Change the domain and IP address accordingly.
Create /etc/bind/db.0.0.127 and add the following:
| $TTL 3D |
| @ IN SOA mail.shurn.me. admin.shurn.me. ( |
| 2 ; Serial |
| 8H ; Refresh |
| 2H ; Retry |
| 4W ; Expire |
| 1D);Minimum TTL |
| NS mail.shurn.me |
| 1 PTR localhost. |
Change the domain accordingly
Create /etc/bind/db.0.0.10 and add the following:
| $TTL 3D |
| @ IN SOA mail.shurn.me. admin.shurn.me. ( |
| 1 ; Serial |
| 8H ; Refresh |
| 2H ; Retry |
| 4W ; Expire |
| 1D);Minimum TTL |
| NS shurn.me. |
| 10 PTR shurn.me. |
Change the domain and IP address accordingly.
Restart bind service
| root@mail:~# /etc/init.d/bind9 restart |
| [ ok ] Restarting bind9 (via systemctl): bind9.service. |
Configure static IP address in /etc/network/interfaces:
| source /etc/network/interfaces.d/*.cfg |
| auto eth0 |
| iface eth0 inet static |
| address 10.0.0.168 |
| netmask 255.255.255.0 |
| network 10.0.0.0 |
| broadcast 10.0.0.255 |
| gateway 10.0.0.1 |
| dns-search shurn.me |
| dns-nameservers 10.0.0.168 |
Change the domain and IP address accordingly.
Edit /etc/resolvconf/resolve.conf.d/base to the following:
| nameserver 10.0.0.168 |
| search shurn.me |
CHange the domain and IP address accordingly. Then regenerate resolve.conf with:
| root@mail:~# resolvconf -u |
Download and install Zimbra
Disable firewall first:
| root@mail:~# service ufw stop |
Download and install the latest stable version of Zimbra. At the time of writing, the latest version is 8.8.8.
| root@mail:~# wget https://files.zimbra.com/downloads/8.8.8_GA/zcs-8.8.8_GA_2009.UBUNTU16_64.20180322150747.tgz |
| root@mail:~# tar xf zcs-8.8.8_GA_2009.UBUNTU16_64.20180322150747.tgz |
| root@mail:~# cd zcs-8.8.8_GA_2009.UBUNTU16_64.20180322150747 |
| root@mail:~# ./install.sh |
Read the instructions and answer accordingly to your requirements:
| Do you agree with the terms of the software license agreement? [N] y |
| Use Zimbra's package repository [Y] y |
| Install zimbra-ldap [Y] |
| Install zimbra-logger [Y] y |
| Install zimbra-mta [Y] y |
| Install zimbra-dnscache [Y] n |
| Install zimbra-snmp [Y] y |
| Install zimbra-store [Y] y |
| Install zimbra-apache [Y] y |
| Install zimbra-spell [Y] y |
| Install zimbra-memcached [Y] y |
| Install zimbra-proxy [Y] y |
| Install zimbra-chat [Y] y |
| Install zimbra-drive [Y] y |
| Install zimbra-imapd (BETA - for evaluation only) [N] n |
| The system will be modified. Continue? [N] y |
| Change domain name? [Yes] Yes |
| Create domain: [mail.shurn.me] shurn.me |
| Select from menu, or press 'a' to apply config (? - help) a |
| Save configuration data to a file? [Yes] y |
| Save config in file: [/opt/zimbra/config.12345] |
| The system will be modified - continue? [No] y |
Note: This is an abstract of the full installation details. You may experience different installation path.
Highly recommended to set the admin password. Notifying zimbra of your installation is entirely optional.
Go to your favourite browser and browse to your domain like ://mail.shurn.me:7071. Take note of the port 7071, which is the administive login. Without it, you will be presented with the mailbox login.
Send and receive a mail and see that it works.
Installing SSL Certificate
Follow the instructions here to install certbot for your system.
Follow the instructions here for the script to automate letsencrypt installation, except the following:
Location of sudoers.conf
On point 4, the configs/sudoers.conf is located at /opt/letsencrypt-zimbra/configs/sudoers.conf. So you should run the command like this:
| root@mail:~# cp /opt/letsencrypt-zimbra/configs/sudoers.conf /etc/sudoers.d/zimbra_certbot |
Zimbra restart might fail
The maintainer has taken note that there is a restart issue at the time of this writing. As such, you need to manually restart zimbra with:
| root@mail:~# sudo -Hu zimbra /opt/zimbra/bin/zmcontrol restart |
zmlogswatch does not start due to Date::Parse not installed
If zmlogswatch does not start, check /opt/zimbra/log/zmlogswatch.out and see if it reports any error related to Date::Parse and Swatchdog. If it does, you should proceed with the installation. Then attempt to restart zimbra again. Obtain the URL from Swatchdog here.
| root@mail:~# apt install build-essential |
| root@mail:~# cpan |
| cpan[1]> install Date::Parse |
| cpan[2]> install Time::HiRes |
| cpan[3]> install Date::Calc |
| cpan[4]> install Date::Format |
| cpan[5]> install Date::Manip |
| cpan[6]> install File::Tail |
| cpan[7]> install Term::ANSIColor |
| cpan[8]> exit |
| root@mail:~# wget https://excellmedia.dl.sourceforge.net/project/swatch/swatchdog/swatchdog-3.2.4.tar.gz |
| root@mail:~# tar -zxvf swatchdog-3.2.4.tar.gz |
| root@mail:~# mv swatchdog-3.2.4 swatchdog |
| root@mail:~# cd swatchdog |
| root@mail:~# perl Makefile.PL |
| root@mail:~# make |
| root@mail:~# make test |
| root@mail:~# make install |
| root@mail:~# make realclean |
| root@mail:~# sudo -Hu zimbra /opt/zimbra/bin/zmcontrol restart |
Renewing SSL Certificate
You may set up cron job to renew the certificate. Edit your cron job file with:
| root@mail:~# crontab -e |
Add the following:
| 12 12 * * * sudo -Hu zimbra /opt/letsencrypt-zimbra/obtain-and-deploy-letsencrypt-cert.sh | sudo -Hu zimbra /opt/zimbra/bin/zmcontrol restart |
