Zimbra using SocketLabs as external SMTP

由於家用ISP會Block 25 port而無發外寄郵件, 所以改用外部SMTP, 一個月2000封對於本人已經很足夠

https://cp.socketlabs.com/

 

一定要先Add sending domain, 沒有驗證的domain寄不出的

其實只需要Verify via Email已經可以運作, 但是如果有使用DKIM和SPF的話, 寄到其他大型Email server比較不會當作垃圾郵件

按SMTP Credentials取得SMTP資料

su - zimbra

# List current settings for backup
zmprov gs mail.youdomain.com zimbraMtaRelayHost
postconf smtp_sasl_password_maps
zmprov gs mail.youdomain.com zimbraMtaSmtpSaslPasswordMaps
postconf smtp_sasl_auth_enable
zmprov gs mail.youdomain.com zimbraMtaSmtpSaslAuthEnable
postconf smtp_cname_overrides_servername
zmprov gs mail.youdomain.com zimbraMtaSmtpCnameOverridesServername
postconf smtp_tls_security_level
zmprov gs mail.youdomain.com zimbraMtaSmtpTlsSecurityLevel

# Start modify settings
zmprov ms mail.youdomain.com zimbraMtaRelayHost smtp.socketlabs.com

echo smtp.socketlabs.com {username}:{password} > /opt/zimbra/conf/relay_password
postmap /opt/zimbra/conf/relay_password
postmap -q smtp.socketlabs.com /opt/zimbra/conf/relay_password

postconf -e smtp_sasl_password_maps=hash:/opt/zimbra/conf/relay_password
zmprov ms mail.youdomain.com zimbraMtaSmtpSaslPasswordMaps lmdb:/opt/zimbra/conf/relay_password

postconf -e smtp_sasl_auth_enable=yes
zmprov ms mail.youdomain.com zimbraMtaSmtpSaslAuthEnable yes

因為以下4句和預設一樣, 所以我沒有使用

#postconf -e smtp_cname_overrides_servername=no
#zmprov ms mail.youdomain.com zimbraMtaSmtpCnameOverridesServername no

#postconf -e smtp_tls_security_level=may
#zmprov ms mail.youdomain.com zimbraMtaSmtpTlsSecurityLevel may

最後還要設定port

zmcontrol restart

Ubuntu 18.04 Zimbra behind NAT

Can't receive self domain email behind NAT

status=deferred (delivery temporarily suspended: connect to mail.mydomain.com[202.xx.xx.xx]:7025: Connection timed out)

su - zimbra
zmdnscachectl stop
zmprov ms `zmhostname` -zimbraServiceEnabled dnscache
zmprov ms `zmhostname` -zimbraServiceInstalled dnscache

CTRL + D

apt install dnsmasq

vi /etc/dnsmasq.d/mydomain.com.conf
server=8.8.8.8
domain=mydomain.com
mx-host=mydomain.com,mail.mydomain.com,5
listen-address=127.0.0.1

systemctl start dnsmasq
systemctl enable dnsmasq

vi /etc/hosts
192.168.xx.xx mail.mydomain.com

dig -t MX @127.0.0.1 mydomain.com
mydomain.com. 0 IN MX 5 mail.mydomain.com.

;; ADDITIONAL SECTION:
mail.mydomain.com. 0 IN A 192.168.xx.xx

vi /etc/netplan/00-installer-config.yaml
nameservers:
addresses:
- 127.0.0.1

su - zimbra
zmcontrol restart

Starting logger...failed

zimbra@mail:~$ zmcontrol status
Host mail.xx.xxx.com
amavis Running
antispam Running
antivirus Running
dnscache Running
ldap Running
logger Stopped
zmlogswatchctl is not running
mailbox Running
memcached Running
mta Running
opendkim Running
proxy Running
service webapp Running
snmp Running
spell Running
stats Running
zimbra webapp Running
zimbraAdmin webapp Running
zimlet webapp Running
zmconfigd Running

Option1
好像是重新重裝一次就可以解決

Option2
/opt/zimbra/log/zmlogswatch.out
Error opening /var/log/zimbra-stats.log: No such file or directory at /opt/zimbra/data/tmp/.swatchdog_script.20942 line 92.

touch /var/log/zimbra-stats.log
chown zimbra:zimbra /var/log/zimbra-stats.log

/opt/zimbra/libexec/zmsyslogsetup

Zimbra Open Source Edition migration

舊機的Zimbra要必需和新機的Zimbra相同版本, 我的舊機是Ubuntu 14.04, Zimbra 8.8.12, 新機會安裝Ubuntu 18.04, Zimbra 8.8.12, 如果安裝過程中有錯誤就看最低下有沒有解決方法

首先在新機Download相同版本解壓及安裝(只安裝不設定加-s), 然後把新的zimbra改名不用
# wget https://files.zimbra.com/downloads/8.8.12_GA/zcs-8.8.12_GA_3794.UBUNTU18_64.20190329045002.tgz
# tar zxvf zcs-8.8.12_GA_3794.UBUNTU18_64.20190329045002.tgz
# cd zcs-8.8.12_GA_3794.UBUNTU18_64.20190329045002/
# ./install.sh -s
# mv /opt/zimbra /opt/zimbra_backup

在舊機停用zimbra, 然後用root壓縮/opt/zimbra再傳送到新機
# su - zimbra
# zmcontrol stop
# exit

Option1
# rsync -e "ssh -p 2222" -axvzKHS /opt/zimbra/ newServerLogin@xxx.xxx.xxx.xxx:/tmp/zimbra

Option2
# tar zcvfS /root/zimbrabackup_20201008.tar.gz /opt/zimbra
# scp /root/zimbrabackup_20201008.tar.gz newServerLogin@xxx.xxx.xxx.xxx:/home/newServerLogin/

在新Server解壓, 改回原位置, 修復權限
# tar zxvfS zimbrabackup_20201008.tar.gz

# mv opt/zimbra /opt/
# /opt/zimbra/libexec/zmfixperms -e -v

應該沒有訊息的
# /opt/zimbra/bin/postfix check

有2次升級都有這個訊息, 但是沒有理會好像都是正常運作
postsuper: Renamed to match inode number: 3 messages
postsuper: warning: QUEUE FILE NAMES WERE CHANGED TO MATCH INODE NUMBERS

再次正式安裝
# cd zcs-8.8.12_GA_3794.UBUNTU18_64.20190329045002/
# ./install.sh

錯誤1
Validating ldap configuration
/usr/bin/perl: symbol lookup error: /opt/zimbra/common/lib/perl5//x86_64-linux-gnu-thread-multi/auto/Socket/Socket.so: undefined symbol: Perl_xs_apiversion_bootcheck
Unknown Error: It should be impossible to reach this statement.

解決方法
# for pkg in $(dpkg -l | grep zimbra | grep perl | awk '{print $2}'); do sudo apt-get install --reinstall $pkg; done

錯誤2
ERROR: Unable to retrive Zimbra GPG key for package validation
Please fix system to allow normal package installation before proceeding

解決方法
# gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 9BE6ED79
Reference
https://wiki.zimbra.com/wiki/Error_%22Unable_to_retrive_Zimbra_GPG_key_for_package_validation%22

錯誤3
Checking for port conflicts
Port conflict detected: 53 (zimbra-dnscache)
Port conflicts detected! - Press Enter/Return key to continue

不用理會

錯誤4
zmlogswatchctl is not running

解決方法
這個應該是8.8.12的bugs, 升級到8.8.15
# wget https://files.zimbra.com/downloads/8.8.15_GA/zcs-8.8.15_GA_3869.UBUNTU18_64.20190918004220.tgz
# tar zxvf zcs-8.8.15_GA_3869.UBUNTU18_64.20190918004220.tgz
# cd zcs-8.8.15_GA_3869.UBUNTU18_64.20190918004220
# ./install.sh

Reference
https://wiki.zimbra.com/wiki/How_to_move_ZCS_to_another_server

zimbra use existing cert

Use existing private key:
cp private.key /opt/zimbra/ssl/zimbra/commercial/commercial.key

copy all cert file to /opt/zimbra/ssl/cert/

Verify:
/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/zimbra/ssl/cert/485c010124755ddb.crt /opt/zimbra/ssl/cert/gd_bundle-g2-g1.crt

Deploy:
/opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/ssl/cert/485c010124755ddb.crt /opt/zimbra/ssl/cert/gd_bundle-g2-g1.crt

View:
/opt/zimbra/bin/zmcertmgr viewdeployedcrt

zmcontrol restart

OR create new private key:
/opt/zimbra/bin/zmcertmgr createcsr comm -new -subject "/C=HK/ST=HK/L=HK/O=Zimbra/OU=Zimbra Collaboration Suite/CN=mail.domain.com" -subjectAltNames mail.domain.com

zimbra relay by destination domain without authentication

List Current setting
zmprov gcf zimbraMtaTransportMaps
zimbraMtaTransportMaps: proxy:ldap:/opt/zimbra/conf/ldap-transport.cf

Add destination domain to relay server or deny
vi /opt/zimbra/common/conf/transport
destination.com :xxx.xxx.xxx.xxx
dontsendto.com error:We don't allow send to dontsendto.com

postmap /opt/zimbra/common/conf/transport

Add "lmdb:/opt/zimbra/common/conf/transport" in to zimbraMtaTransportMaps
zmprov ms mail.abc.com zimbraMtaTransportMaps "lmdb:/opt/zimbra/common/conf/transport,proxy:ldap:/opt/zimbra/conf/ldap-transport.cf"

zmcontrol restart

Bind mail control

SPF

    1. IN TXT "v=spf1 ip4:123.123.123.1 ip4:123.123.123.2 -all"

DMARC
_dmarc IN TXT "v=DMARC1;p=quarantine;rua=mailto:rua@abc.com;ruf=mailto:ruf@abc.com"

DKIM
F4EEC778-4C21-11EA-AD84-83DCF040F65E._domainkey IN TXT ( "v=DKIM1; k=rsa; "
"p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxICrPoI8+AZ85ney0JRnniswBUCeJSCCmV6eWgxotF7ncQdWLFvNadR5gQiWJi0EHnarsVez6ET+jL9IoHgV6QSyUwBraOKPlU+XzlZVUGUnAn1BdsS6LjdT0anJlu07RiLdgfIJL0zufhEsHVSx3EwWrWL3NQlcLIVi0rCThjwIDAQDB" )