由于公司使用的是阿里的邮箱,由于个数限制。现在需要公司内部搭建一个邮件服务器,网上找了一部分开源软件最后选择使用zimbra
Zimbra的核心产品是Zimbra协作套件(Zimbra Collaboration Suite,简称ZCS)。除了它的核心功能是电子邮件和日程安排服务器,当然还包括许多其它的功能,就象是下一代的微软Exchange。在电子邮件和日程安排之外,它还提供文档存储和编辑、即时消息以及一个利用获奖技术开发的全功能的管理控制台。ZCS同时也提供移动设备的支持,以及与部署于Windows、Linux或apple操作系统中的桌面程序的同步功能。
环境
系统:Centos7
ip地址:192.168.2.141
安装前准备
1.关闭SELINUX并清空iptable规则
#关闭selinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/sysconfig/selinux
#清空防火墙规则
iptables -F
iptables -X
iptables -z
service iptables save
reboot
2.配置主机名
hostnamectl set-hostname email.cyzys.com
echo "192.168.2.141 email.cyzys.com" >> /etc/hosts
3.安装zimbra所需要的包和库
yum -y update
yum -y install perl perl-core nmap sudo libidn gmp libaio libstdc++ unzip sysstat sqlite nc
4.关闭安装的MTA服务
systemctl stop postfix.service
systemctl disable postfix.service
5.设置阿里域名解析(由于本身的mail域名被其他项目暂用,所以只能设置email的解析)
6.设置公司内部交换机端口转发,从外网转发到192.168.2.141
7.下载并解压zimbra(官网地址:https://www.zimbra.com/downloads/)
wget https://files.zimbra.com/downloads/8.6.0_GA/zcs-8.6.0_GA_1153.RHEL7_64.20141215151110.tgz
tar -zxvf zcs-8.6.0_GA_1153.RHEL7_64.20141215151110
mv zcs-8.6.0_GA_1153.RHEL7_64.20141215151110 /usr/local/zimbra
安装zimbra
cd /usr/local/zimbra
./install.sh --platform-override
Operations logged to /tmp/install.log.2744
Checking for existing installation...
zimbra-ldap...NOT FOUND
zimbra-logger...NOT FOUND
zimbra-mta...NOT FOUND
zimbra-dnscache...NOT FOUND
zimbra-snmp...NOT FOUND
zimbra-store...NOT FOUND
zimbra-apache...NOT FOUND
zimbra-spell...NOT FOUND
zimbra-convertd...NOT FOUND
zimbra-memcached...NOT FOUND
zimbra-proxy...NOT FOUND
zimbra-archiving...NOT FOUND
zimbra-core...NOT FOUND
PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE SOFTWARE.
ZIMBRA, INC. ("ZIMBRA") WILL ONLY LICENSE THIS SOFTWARE TO YOU IF YOU
FIRST ACCEPT THE TERMS OF THIS AGREEMENT. BY DOWNLOADING OR INSTALLING
THE SOFTWARE, OR USING THE PRODUCT, YOU ARE CONSENTING TO BE BOUND BY
THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS
AGREEMENT, THEN DO NOT DOWNLOAD, INSTALL OR USE THE PRODUCT.
License Terms for the Zimbra Collaboration Suite:
http://www.zimbra.com/license/zimbra-public-eula-2-5.html
Do you agree with the terms of the software license agreement? [N] y
Checking for prerequisites...
FOUND: NPTL
FOUND: nmap-ncat-6.40-7
FOUND: sudo-1.8.6p7-17
FOUND: libidn-1.28-4
FOUND: gmp-6.0.0-12
FOUND: libaio-0.3.109-13
FOUND: libstdc++-4.8.5-4
FOUND: unzip-6.0-15
FOUND: perl-core-5.16.3-286
Checking for suggested prerequisites...
FOUND: perl-5.16.3
FOUND: sysstat
FOUND: sqlite
Prerequisite check complete.
Checking for installable packages
Found zimbra-core
Found zimbra-ldap
Found zimbra-logger
Found zimbra-mta
Found zimbra-dnscache
Found zimbra-snmp
Found zimbra-store
Found zimbra-apache
Found zimbra-spell
Found zimbra-memcached
Found zimbra-proxy
Select the packages to install
Install zimbra-ldap [Y]
Install zimbra-logger [Y]
Install zimbra-mta [Y]
Install zimbra-dnscache [Y] n
Install zimbra-snmp [Y]
Install zimbra-store [Y]
Install zimbra-apache [Y]
Install zimbra-spell [Y]
Install zimbra-memcached [Y]
Install zimbra-proxy [Y]
Checking required space for zimbra-core
Checking space for zimbra-store
Checking required packages for zimbra-store
zimbra-store package check complete.
Installing:
zimbra-core
zimbra-ldap
zimbra-logger
zimbra-mta
zimbra-snmp
zimbra-store
zimbra-apache
zimbra-spell
zimbra-memcached
zimbra-proxy
The system will be modified. Continue? [N] y
Removing /opt/zimbra
Removing zimbra crontab entry...done.
Cleaning up zimbra init scripts...done.
Cleaning up /etc/ld.so.conf...done.
Cleaning up /etc/logrotate.d/zimbra...done.
Cleaning up /etc/security/limits.conf...done.
Finished removing Zimbra Collaboration Server.
Installing packages
zimbra-core......zimbra-core-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
zimbra-ldap......zimbra-ldap-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
zimbra-logger......zimbra-logger-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
zimbra-mta......zimbra-mta-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
zimbra-snmp......zimbra-snmp-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
zimbra-store......zimbra-store-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
zimbra-apache......zimbra-apache-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
zimbra-spell......zimbra-spell-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
zimbra-memcached......zimbra-memcached-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
zimbra-proxy......zimbra-proxy-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
Operations logged to /tmp/zmsetup04082016-205457.log
Installing LDAP configuration database...done.
Setting defaults...
DNS ERROR resolving MX for mail.zimbra.com
It is suggested that the domain name have an MX record configured in DNS
Change domain name? [Yes]
Create domain: [email.zimbra.com] zimbra.com
MX: email.zimbra.com (XXX.XX.XXX.XXX)
Interface: 127.0.0.1
Interface: ::1
Interface: 192.168.2.141
done.
Checking for port conflicts
Main menu
1) Common Configuration:
2) zimbra-ldap: Enabled
3) zimbra-logger: Enabled
4) zimbra-mta: Enabled
5) zimbra-snmp: Enabled
6) zimbra-store: Enabled
+Create Admin User: yes
+Admin user to create: admin@zimbra.com
******* +Admin Password UNSET
+Anti-virus quarantine user: virus-quarantine.vhwa2pqsa7@zimbra.com
+Enable automated spam training: yes
+Spam training user: spam.jqlkpspj@zimbra.com
+Non-spam(Ham) training user: ham.jztdgrii_b@zimbra.com
+SMTP host: email.zimbra.com
+Web server HTTP port: 8080
+Web server HTTPS port: 8443
+Web server mode: https
+IMAP server port: 7143
+IMAP server SSL port: 7993
+POP server port: 7110
+POP server SSL port: 7995
+Use spell check server: yes
+Spell server URL: http://mail.zimbra.com:7780/aspell.php
+Enable version update checks: TRUE
+Enable version update notifications: TRUE
+Version update notification email: admin@zimbra.com
+Version update source email: admin@zimbra.com
+Install mailstore (service webapp): yes
+Install UI (zimbra,zimbraAdmin webapps): yes
7) zimbra-spell: Enabled
8) zimbra-proxy: Enabled
9) Default Class of Service Configuration:
s) Save config to file
x) Expand menu
q) Quit
Address unconfigured (**) items (? - help) 6
Store configuration
1) Status: Enabled
2) Create Admin User: yes
3) Admin user to create: admin@zimbra.com
** 4) Admin Password UNSET
5) Anti-virus quarantine user: virus-quarantine.vhwa2pqsa7@zimbra.com
6) Enable automated spam training: yes
7) Spam training user: spam.jqlkpspj@zimbra.com
8) Non-spam(Ham) training user: ham.jztdgrii_b@zimbra.com
9) SMTP host: email.zimbra.com
10) Web server HTTP port: 8080
11) Web server HTTPS port: 8443
12) Web server mode: https
13) IMAP server port: 7143
14) IMAP server SSL port: 7993
15) POP server port: 7110
16) POP server SSL port: 7995
17) Use spell check server: yes
18) Spell server URL: http://mail.zimbra.com:7780/aspell.php
19) Enable version update checks: TRUE
20) Enable version update notifications: TRUE
21) Version update notification email: admin@zimbra.com
22) Version update source email: admin@zimbra.com
23) Install mailstore (service webapp): yes
24) Install UI (zimbra,zimbraAdmin webapps): yes
Select, or 'r' for previous menu [r] 4
Password for admin@zimbra.com (min 6 characters): [5okG5xTdX] 123456
Store configuration
1) Status: Enabled
2) Create Admin User: yes
3) Admin user to create: admin@zimbra.com
4) Admin Password set
5) Anti-virus quarantine user: virus-quarantine.vhwa2pqsa7@zimbra.com
6) Enable automated spam training: yes
7) Spam training user: spam.jqlkpspj@zimbra.com
8) Non-spam(Ham) training user: ham.jztdgrii_b@zimbra.com
9) SMTP host: mail.zimbra.com
10) Web server HTTP port: 8080
11) Web server HTTPS port: 8443
12) Web server mode: https
13) IMAP server port: 7143
14) IMAP server SSL port: 7993
15) POP server port: 7110
16) POP server SSL port: 7995
17) Use spell check server: yes
18) Spell server URL: http://mail.zimbra.com:7780/aspell.php
19) Enable version update checks: TRUE
20) Enable version update notifications: TRUE
21) Version update notification email: admin@zimbra.com
22) Version update source email: admin@zimbra.com
23) Install mailstore (service webapp): yes
24) Install UI (zimbra,zimbraAdmin webapps): yes
Select, or 'r' for previous menu [r] r
Main menu
1) Common Configuration:
2) zimbra-ldap: Enabled
3) zimbra-logger: Enabled
4) zimbra-mta: Enabled
5) zimbra-snmp: Enabled
6) zimbra-store: Enabled
7) zimbra-spell: Enabled
8) zimbra-proxy: Enabled
9) Default Class of Service Configuration:
s) Save config to file
x) Expand menu
q) Quit
*** CONFIGURATION COMPLETE - press 'a' to apply
Select from menu, or press 'a' to apply config (? - help) a
Save configuration data to a file? [Yes]
Save config in file: [/opt/zimbra/config.11982]
Saving config in /opt/zimbra/config.11982...done.
The system will be modified - continue? [No] yes
Operations logged to /tmp/zmsetup04082016-205457.log
Setting local config values...done.
Initializing core config...Setting up CA...done.
Deploying CA to /opt/zimbra/conf/ca ...done.
Creating SSL zimbra-store certificate...done.
Creating new zimbra-ldap SSL certificate...done.
Creating new zimbra-mta SSL certificate...done.
Creating new zimbra-proxy SSL certificate...done.
Installing mailboxd SSL certificates...done.
Installing MTA SSL certificates...done.
Installing LDAP SSL certificate...done.
Installing Proxy SSL certificate...done.
Initializing ldap...done.
Setting replication password...done.
Setting Postfix password...done.
Setting amavis password...done.
Setting nginx password...done.
Setting BES searcher password...done.
Creating server entry for mail.zimbra.com...done.
Setting Zimbra IP Mode...done.
Saving CA in ldap ...done.
Saving SSL Certificate in ldap ...done.
Setting spell check URL...done.
Setting service ports on mail.zimbra.com...done.
Setting zimbraFeatureTasksEnabled=TRUE...done.
Setting zimbraFeatureBriefcasesEnabled=TRUE...done.
Setting TimeZone Preference...done.
Initializing mta config...done.
Setting services on mail.zimbra.com...done.
Adding mail.zimbra.com to zimbraMailHostPool in default COS...done.
Creating domain zimbra.com...done.
Setting default domain name...done.
Creating domain zimbra.com...already exists.
Creating admin account admin@zimbra.com...done.
Creating root alias...done.
Creating postmaster alias...done.
Creating user spam.jqlkpspj@zimbra.com...done.
Creating user ham.jztdgrii_b@zimbra.com...done.
Creating user virus-quarantine.vhwa2pqsa7@zimbra.com...done.
Setting spam training and Anti-virus quarantine accounts...done.
Initializing store sql database...done.
Setting zimbraSmtpHostname for mail.zimbra.com...done.
Configuring SNMP...done.
Setting up syslog.conf...done.
Starting servers...done.
Installing common zimlets...
com_zimbra_adminversioncheck...done.
com_zimbra_attachcontacts...done.
com_zimbra_attachmail...done.
com_zimbra_bulkprovision...done.
com_zimbra_cert_manager...done.
com_zimbra_clientuploader...done.
com_zimbra_date...done.
com_zimbra_email...done.
com_zimbra_mailarchive...done.
com_zimbra_phone...done.
com_zimbra_proxy_config...done.
com_zimbra_srchhighlighter...done.
com_zimbra_tooltip...done.
com_zimbra_url...done.
com_zimbra_viewmail...done.
com_zimbra_webex...done.
com_zimbra_ymemoticons...done.
Finished installing common zimlets.
Restarting mailboxd...done.
Creating galsync account for default domain...done.
You have the option of notifying Zimbra of your installation.
This helps us to track the uptake of the Zimbra Collaboration Server.
The only information that will be transmitted is:
The VERSION of zcs installed (8.6.0_GA_1153_RHEL7_64)
The ADMIN EMAIL ADDRESS created (admin@zimbra.com)
Notify Zimbra of your installation? [Yes] no
Notification skipped
Setting up zimbra crontab...done.
Moving /tmp/zmsetup04082016-205457.log to /opt/zimbra/log
Configuration complete - press return to exit
启动zimbra并查看状态
su - zimbra #切换到zimbra用户
zmcontrol start #启动zimbra
zmcontrol status #查看启动状态
Host email.cyzys.com
amavis Running
antispam Running
antivirus Running
dnscache Running
ldap Running
logger Running
mailbox Running
memcached Running
mta Running
opendkim Running
proxy Running
service webapp Running
snmp Running
spell Running
stats Running
zimbra webapp Running
zimbraAdmin webapp Running
zimlet webapp Running
zmconfigd Running
zmcontrol stop #停止zimbra
访问zimbra管理页面,在浏览器输入:
https://192.168.2.141:7071
客户端地址:
https://192.168.2.141
配置web段ssl连接
1.准备工作
首先当然要去阿里云申请的ssl证书下载其他类型证书和根证书,解压缩后有两个文件上传到相应目录,
文件名类似4762328__cyzys.com.key和4762328__cyzys.com.pem
创建目录 /opt/zimbra/ssl/aliyunssl/ 上传这两个文件
2.通过openssl命令把阿里云的私钥转成zimbra能接受的格式
对比Let’s Encrypt和Wosign的证书,这里会涉及到转换阿里云的RSA密钥到PKCS#8的格式,两者的区别,在于开头和结尾的内容。zimbra是不能验证RSA秘钥的。
mkdir /opt/zimbra/ssl/aliyunssl/
cd /opt/zimbra/ssl/aliyunssl
openssl pkcs8 -topk8 -inform PEM -in 4762328__cyzys.com.key -outform PEM -nocrypt -out privkey.pem
mv 4762328__cyzys.com.pem cert.pem
chown zimbra:zimbra /opt/zimbra/ssl/aliyunssl/*
3.创建证书链中间证书chain.pem
在 /opt/zimbra/ssl/aliyunssl/ 创建chain.pem 文件,文件内容也就是中级证书(mid-digicert-ca) + 根证书(Digicert-OV-DV-root.cer)
将阿里云下载证书4762328__cyzys.com.pem的第二部分,也就是第二个—–BEGIN CERTIFICATE—–到—–END CERTIFICATE—–
copy到chain.pem中也就是中级证书(mid-digicert-ca),再将发证机构的根证书追加到chain.pem中也就第二部分的根证书。
cat Digicert-OV-DV-root.cer >> chain.pem #可能还需要转换编码格式 dos2unix chain.pem
4.验证证书
/opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem chain.pem
** Verifying 'cert.pem' against 'privkey.pem'
Certificate 'cert.pem' and private key 'privkey.pem' match.
** Verifying 'cert.pem' against 'chain.pem'
Valid certificate chain: cert.pem: OK
5.部署证书
部署之前,进行备份
cp -a /opt/zimbra/ssl/zimbra /opt/zimbra/ssl/zimbra.$(date "+%Y%m%d%H%M%S")
在Zimbra SSL路径下复制私钥
在部署SSL证书之前,需要将privkey.pem移动到Zimbra SSL商业路径下,如下所示:
cp /opt/zimbra/ssl/aliyunssl/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key
开始部署
cd /opt/zimbra/ssl/aliyunssl/
/opt/zimbra/bin/zmcertmgr deploycrt comm cert.pem chain.pem
重启zimbra服务
su - zimbra
zmcontrol restart
查看证书
/opt/zimbra/bin/zmcertmgr viewdeployedcrt
配置阿里域名解析和内网端口转发
测试访问ssl和域名是否生效
https://email.cyzys.com/
相关LOGO和标题的更改(网上很多,我随便找了几个)
1、相关logo、Banner等的修改
/opt/zimbra/jetty/webapps/zimbra/skins/_base/logos/AppBanner.png
/opt/zimbra/jetty/webapps/zimbra/skins/_base/logos/LoginBanner.png /opt/zimbra/jetty/webapps/zimbra/img/logo/favicon.ico
2、原客户端登录声明 Zimbra :: 开源通讯和协作办公系统的业界领袖::Zimbra 博客 Zimbra Wiki 修改文件
/opt/zimbra/jetty-distribution-9.1.5.v20140505/webapps/zimbra/WEB-INF/classes/messages/ZmMsg_zh_CN.properties的clientLoginNotice
配置节 引用 clientLoginNotice = /u9014/u725b :: /u5168/u7403/u6700/u5927 /u7684/u4e2d/u6587/u65C5/u6e38/u793e/u533a:😕 tuniu /u535a/u5ba2 即改为:XX :: 全球最大的中文社区::XX 博客
3、修改版权说明: 版权所有 ? 2005-2010 Zimbra, Inc. Zimbra 及 Zimbra 标志是 Zimbra, Inc 的商标。 修改文件
WEB-INF/classes/messages/ZmMsg_zh_CN.properties的splashScreenCopyright配置节 引用 splashScreenCopyright = /u7248/u6743/u6240/u6709 /u00a9 2005-2010 Zimbra,Inc. 即:版权所有 ? 2005-2010 Zimbra,Inc.
4、修改登录标题 Collaboration Suite(协同办公系统) 修改文件 WEB-INF/classes/messages/ZmMsg_zh_CN.properties的splashScreenAppName配置节 引用 splashScreenAppName = /u9014/u725B/u516C/u53F8/u90AE/u4EF6/u7CFB/u7EDF 即:XX公司邮件系统
5、修改登录页面title 修改文件 WEB-INF/classes/messages/ZmMsg_zh_CN.properties的zimbraLoginTitle配置节 引用 zimbraLoginTitle = /u9014/u725B/u90AE/u4EF6/u7CFB/u7EDF /u767b/u5f55 即:XX邮件系统 登录 6、修改密码修改界面文字 修改文件 WEB-INF/classes/messages/ZhMsg_zh_CN.properties的splashScreenAppName配置节 引用 splashScreenAppName = /
zimbra配置启用SMTP认证
配置SMTP认证
zimbra邮件系统安装完成后开启的是TLS认证功能,没有开始postfix的SMTP认证功能。open relay对公网上所有的用户开放,意味着垃圾邮件制造者可以使用我们的邮件服务器做中转站达到发送垃圾邮件的目的,我们的邮件服务器有可能会被反垃圾邮件联盟组织列入黑名单,导致互联网上的邮件服务器拒收我们的邮件,因此我们需要关闭服务器的open relay功能,启用SMTP认证,只给通过认证的用户进行邮件的转发。
测试服务器是否开始SMTP认证,在CMD命令行执行telnet 命令 如下:
[root@email ~]# telnet 192.168.2.141 25
Trying 192.168.2.141...
Connected to 192.168.2.141.
Escape character is '^]'.
220 email.cyzys.com ESMTP Postfix
ehlo email.cyzys.com
250-email.cyzys.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
在以上命令结果中,没有看到任何有关AUTH认证的参数,表明服务器是没有开启SMTP认证功能的。
su - zimbra
zmprov modifyServer email.cyzys.com zimbraMtaTlsAuthOnly FALSE
zmcontrol restart
查看调整以后的参数结果
zimbraAuthTokenNotificationInterval: 60000
zimbraLowestSupportedAuthVersion: 2
zimbraMtaAuthEnabled: TRUE
zimbraMtaAuthTarget: TRUE
zimbraMtaBrokenSaslAuthClients: yes
zimbraMtaSaslAuthEnable: yes
zimbraMtaSmtpSaslAuthEnable: no
zimbraMtaSmtpdSaslAuthenticatedHeader: no
zimbraMtaTlsAuthOnly: FALSE #这项值要FALSE才能进行SMTP认证
zimbraShareNotificationMtaAuthRequired: FALSE
再次测试SMTP开始是否成功
[zimbra@email ~]$ telnet 192.168.2.141 25
Trying 192.168.2.141...
Connected to 192.168.2.141.
Escape character is '^]'.
220 email.cyzys.com ESMTP Postfix
ehlo email.cyzys.com
250-email.cyzys.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN #和SMTP认证相关的参数
250-AUTH=LOGIN PLAIN #和SMTP认证相关的参数
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
#验证结果中出现了2行AUTH的参数,表明服务器的SMTP认证功能已经开启。
扫一扫
6812
到【灌水乐园】发言
