How To Install Zimbra 8.5.0 on CentOS 7 Part 1

Posted by

Usually, i am always using SUSE Linux Enterprise Server as operating system for Zimbra Mail Server. But, starting from Zimbra 9.x.x, SLES has been deprecated (end of life) and may be will not supported by Zimbra. Therefore, i attempt to using CentOS as operating system for Zimbra. For easy understanding, this is my information system

Domain     : imanudin.net
Hostname   : mail
IP Address : 192.168.26.11

# Configure Network

First, we must configure network on CentOS. Assuming name of your network interface is eth0

vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=none
IPADDR=192.168.26.11
NETMASK=255.255.255.0
DNS1=192.168.26.11
GATEWAY=192.168.26.2
DNS2=192.168.26.2
USERCTL=no

Restart network service and setup for automatic boot

service network restart
chkconfig network on

# Configure Disable Selinux & Firewall

Open file /etc/sysconfig/selinux and change SELINUX=enforcing become SELINUX=disabled. Also disable some service such as iptables, ip6tables and firewalld.

setenforce 0
service firewalld stop
service iptables stop
service ip6tables stop
systemctl disable firewalld
systemctl disable iptables
systemctl disable ip6tables

# Configure /etc/hosts, /etc/resolv.conf and hostname

Open file /etc/hosts and configure as follows

127.0.0.1     localhost
192.168.26.11 mail.imanudin.net mail

Open file /etc/resolv.conf and configure as follows

search imanudin.net
nameserver 192.168.26.11
nameserver 192.168.26.2
nameserver 8.8.8.8

Do the following command as root

hostname mail.imanudin.net
echo "HOSTNAME=mail.imanudin.net" >> /etc/sysconfig/network

# Disable service sendmail or postfix

Do the following command as root

service sendmail stop
service postfix stop
systemctl disable sendmail
systemctl disable postfix

# Update repo and install package dependency by Zimbra

yum update
yum -y install perl perl-core wget screen w3m elinks openssh-clients openssh-server bind bind-utils unzip nmap sed nc sysstat libaio rsync telnet aspell

# Configure local DNS Server

Zimbra needed lookup to MX records on domain that used. For that purpose, we can configure dns server on machine of Zimbra mail server

Open file /etc/named.conf and add any on listen-on port 53 and allow-query as follows

listen-on port 53 { 127.0.0.1; any; };
allow-query     { localhost; any; };

Create a zone on the bottom of file named.conf as follows

zone "imanudin.net" IN {
type master;
file "db.imanudin.net";
allow-update { none; };
};

Create database for new zone has been created on folder /var/named/

touch /var/named/db.imanudin.net
chgrp named /var/named/db.imanudin.net
vi /var/named/db.imanudin.net

fill as follows

$TTL 1D
@       IN SOA  ns1.imanudin.net. root.imanudin.net. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
@       IN      NS      ns1.imanudin.net.
@       IN      MX      0 mail.imanudin.net.
ns1     IN      A       192.168.26.11
mail    IN      A       192.168.26.11

# Restart Service & Check results configuring DNS Server

service named restart
systemctl enable named
nslookup mail.imanudin.net
dig imanudin.net mx

If results from above command as follows, your configuration dns has been success

[root@mail opt]# nslookup mail.imanudin.net
Server:         192.168.26.11
Address:        192.168.26.11#53
Name: mail.imanudin.net
Address: 192.168.26.11

dns-imanudin.net

Preparation for install Zimbra has been finished. Now we can install zimbra and will explained on next section 😀

Good luck and hopefully useful 😀

87 comments

  1. Hi real nice job, all working well until the final stages:

    3. nslookup server1.example.com

    I get the following error:

    Server: 192.168.***.***
    Address: 192.168.***.***#53 {I have *** my actual details}

    ** server can’t find fcts.in: NXDOMAIN

    Tried googling for workarounds to no avail, do you have any ideas why this is failing?

    thanks and once again great work

    1. EDIT:
      3. nslookup server1.example.com

      I get the following error:

      Server: 192.168.***.***
      Address: 192.168.***.***#53 {I have *** my actual details}

      ** server can’t find server1.example.com: NXDOMAIN

        1. Hi Iman,

          Thanks for the reply, I’ve found the problem it was related to my domain name. The guide is solid my spelling on the other hand is not!

          Thanks again

  2. Disable selinux and all firewalls? What a dumbass. Perhaps learn how to use these tools before suggesting to other that they should turn them off

    1. Hi Free,

      Thanks for your info. That is my mistake not explain why should be disabled.

      That is because i am usually using Firewall/Router Appliance for filter and rule.

      Thanks again Free 😀

      1. i have concern here.
        i think gmail, yahoomail and other major email service providers block messages from my server and one of the reasons they cite is ‘no reverse DNS’ found.

        Would you like to add the zone here!

        Thanks/

        1. Hi Musa,

          You should ask to your ISP to delegate/give PTR Records for your email server. For example :

          ******
          Hi Noc,

          To increase reputation of email, please give PTR/Reverse DNS for my email server like below :

          your-public-address IN PTR mail.imanudin.net
          example
          123.124.125.126 IN PTR mail.imanudin.net

          Thank you
          ********

          HTH 😀

  3. You have any PDF or Word documentation , because i am not familar with linux but i want install zimbra mail server

      1. getting below error when i run nslookup XXX.domain name

        ** server can’t find mail.XXX.com: NXDOMAIN

  4. getting below error when i run nslookup XXX.domain name

    ** server can’t find mail.XXX.com: NXDOMAIN

  5. hi iman,

    I want to use my local windows AD DS Server. how can i accomplish this one? do i need to Configure local DNS Server on my centos mail server?

    Thanks!

    1. Hi Denver,

      Yes, you can using AD DS Server as DNS for Zimbra mail server. Please make sure MX record is refers into Zimbra 😀

  6. what version of zimbra do you prefer , because i am going to install mail server in my job

    thanks for help

  7. Hi, nice job…congratulations for the tutorial. You could do a step by step tutorial for backup of all emails . Thank You.

  8. Hello; I’m not doing wrong but check the ports-law tells me that this conflict port detected 53 ( dns-cache)

    I made the installation under a Firewall pfSense, which may be failing

    1. Hi Osvaldo Ferreyra,

      Are you also install Zimbra DNS-Cache and configure Bind as DNS server? if yes, please disable/uninstall Zimbra DNS-Cache or disable Bind (please choose one)

      1. Iman, thank you for your prompt reply and also for your contribution to the technology.
        greetings

        1. Hello Iman, did you suggested change and get to the point ldap initialization throws me an error (28160). I commented briefly that I have a production server with the same domain, it might cause some conflict that certificates? Stop services and returned to start, and gives the following message
          Failed to start slapd – Attempting debug start to determined error. 55c20c2c
          daemon: bind (7) Failed errno=99 (Cannot assign requested address)
          55c20c2cslap_open_listener:failed on ldap: //zimbra.gargano.com.ar:389

          Any idea that can be

          greetings

          1. Hi Osvaldo Ferreyra,

            Please give me more information about :
            – /etc/hosts
            – /etc/resolv.conf
            – hostname -f
            – service named status

  9. Hi Iman, check the files you mentioned me and cold today I realized that he had mistyped an address on the host so that was not resolving properly. Now I run the installation again and if you notice something wrong.

    Best regards and thank for all

  10. Nice tutorial….however i have a problem below:

    We have just migrated one of our Zimbra hosted domains to an external mail server and modified MX records accordingly.
    Mail is now arriving at the new server successfully, unless it is sent from one of the other domains hosted on our ZImbra installation where it gets delivered to the “legacy” domain locally.
    How do I get Zimbra to route all email traffic externally running correct MX lookups to the new server, rather than using local delivery?

    please note that iwould not want to delete or rename the domain from the old server.

    waiting for help
    Regards jolly joe

    1. Hi Jolly Joe,

      If using Zimbra, you could modify transport for every users. Please see the example below :

      su - zimbra
      zmprov ma user@example.tld zimbraMailTransport smtp:newzimbraserver:25
      

      Note : newzimbraserver is IP address or name of the new server

  11. Hello Iman

    I appreciate your response…
    That is nice, however i host more than 80 domains on the server ..and would wish to formulate a script that automates the process on a domain basis.If you could asist me in ensuring that zimbra performs MX lookups even for local domains (domains on the server), then iguess the issue will have been solved….as changing the mx record for the domain will solved the problem.

    in the current situation, zimbra seems to be ignoring mx lookups for locally hosted domains however much they have different mx records.
    which is the backborne of my problem

    however i welcome any idea

    1. Hi Jolly Joe,

      You could using script for to do that. This is the simple script which one could help you :

      rm /srv/modify-transport.zmp
      su - zimbra -c "zmprov -l gaa | sort" while read account;
      do
      echo "ma $account zimbraMailTransport smtp:newzimbraserver:25" >> /srv/modify-transport.zmp
      done
      

      The above script will make a file with name modify-transport.zmp in /srv/ folder. You should execute again that script

      su - zimbra
      zmprov < /srv/modify-transport.zmp
      

      HTH

  12. Hello Iman:

    Again by specifying your knowledge here. I tell my problem, the server to send arm works well but can not receive email.
    I’m doing the testing in a laboratory armed with an Internet connection that we are changing along with the mail service and pfSense firewall. Production services were configured by a service company so they delegated their dns in domain registration and the different tests I do DNS and point to the test mail my working network connection.

    I somehow make it work without touching anything that is working, or you would have to do to work ?.

  13. Hi Iman,

    I need help how can I change my default domain.

    I have 4 domain on my zimbra mail. I already migrated my first domain example03.com this domain has smallest user account. That why I make this as my primary mail domain on zimbra. Since I Already created all users on remaining 3 domains and initially migrate their mailbox using imapsync.

    What I want now is to retain my original default mail domain which is mail.example.com and my hostname to mail.example.com

    Zimbra Setup:
    hostname: mail.example03.com
    default domain: example03.com

    example.com
    example01.com
    example02.com
    example03.com

    I want to make example.com as my default doamin
    changed my hostname to mail.example.com

    Thanks..

      1. thanks iman,
        can you please validate the steps below:

        1. rename server hostname – mail.exampleo3.com >> mail.example.com
        2. Request to change rDNS on my ISP to also change on my public DNS (go Daddy)
        3. Reconfigure local DNS server change example03.com to example.com (based on your guide on local DNS above)
        4. Change default domain to example.com

        Another question: instead of creating local DNS on zimbra server it’s OK to use my internal Windows DNS server?

        Thanks..

        1. Hi Ferjun,

          All step it seems ok. For DNS, i am recommend you to use local DNS on Zimbra server instead of Internal Windows DNS Server. But, no problem if you want to use internal Windows DNS Server. 😉

  14. Hi Iman,

    Thanks for fine tutorial. I want to know whether DNS server setup as shown above is required for actual production mail server if A and MX record are already configured with domain registrar. Because we already have postfix/dovecot server running and thinking to replace the same with zimbra OSE

    Regards
    Nishant

    1. Hi,

      I am recommend to configure BIND as local dns server. it is aim to lookup IP itself instead of Public DNS when sending to local domain 🙂

  15. Dear Sir
    help me please.
    I have been running ZCS 6.5 opensource. In all of the computers, i am getting this error while login via webmail :
    “Oops! It appears your browser does not allow cookies. You need to enable cookies in order to use the Zimbra Web Client”.
    I have enabled cookies and javascript..
    AM wondering where to go next..
    Thank you in advance.
    Rgds
    Rajesh.A

  16. Hi iman I have a doubt how can I establish the hostname and the domain ?
    Hoping for a fast answer please greetings from Mexico

    1. Hi Edgar,

      Greeting. You can use hostname (for example) mail and your domain (for example) imanudin.net. But, you can use hostname and domain anything as you want 😉

  17. Hi Iman,

    when i do the step service named restart, the Job for named.service has failed.
    what is the problem with this step?

  18. I’m having issues receiving mail from external, looks like it’s being filtered for some reason due to the sender domain although I have whitelisted etc. Please see mail delivery failure message below:

    Jun 1 11:51:24 mail postfix/smtpd[10477]: NOQUEUE: filter: RCPT from pro236-77.mxout.rediffmailpro.com[202.137.236.77]: : Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from= to= proto=ESMTP helo=

    can u help me pls

    1. Hi Rajesh,

      Your log information are not complete and i am not found mail delivery failure from your log. Please try to trace with zmmsgtrace command

      /opt/zimbra/libexec/zmmsgtrace -s external-domain
      

      Note : Please change external-domain with real domain from outside

  19. Pls find the correct error
    Jun 1 11:51:24 mail postfix/smtpd[10477]: NOQUEUE: filter: RCPT from pro236-77.mxout.rediffmailpro.com[202.137.236.77]: : Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from= to= proto=ESMTP helo=

  20. HI Iman

    pls find the full error

    Jun 10 16:16:13 mail postfix/smtpd[21489]:
    NOQUEUE: filter: RCPT from pro236-77.mxout.rediffmailpro.com
    77.mxout.rediffmailpro.com[202.137.236.77]: : Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from= to= proto=ESMTP helo=

    1. Hi Rajesh,

      Your log information still not helpful. Maybe you can try to disable antispam services to re-check the problem

      su - zimbra
      zmprov ms mail.imanudin.net -zimbraServiceEnabled amavis
      zmprov ms mail.imanudin.net -zimbraServiceEnabled antispam
      zmprov ms mail.imanudin.net -zimbraServiceEnabled antivirus
      zmcontrol restart
      

      Please retry to sending email

  21. Jun 13 10:54:40 mail postfix/smtpd[27129]:
    NOQUEUE: filter: RCPT from pro237-249.mxout.rediffmailpro.com
    [202.137.237.249]: :
    Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=
    to=
    proto=ESMTP helo=
    Jun 13 10:54:40 mail postfix/smtpd[27129]:
    NOQUEUE: filter: RCPT from pro237-249.mxout.rediffmailpro.com
    [202.137.237.249]: : Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10024; from= to= proto=ESMTP helo=

  22. not receiving mails from client…
    we cant send full error via post…..can u share your personal mail id
    for sending error….pls….

      1. mas iman, mohon maaf mengganggu kembali.
        saya sudah berhasil kirim email keluar maupun masuk.
        akan tetapi tempat saya mendaftarkan hosting, membutuhkan 2 ns sebagai cadangan.
        ns1.xxxx.com dan ns2.xxxx.com
        mohon bantuannya untuk penambahan ns2-nya mas.

        1. Hi Frandisa,

          Untuk ns1 dan ns2 hanya dibutuhkan apabila membuat DNS public. Konfigurasi DNS pada Zimbra hanya dibutuhkan untuk lokal saja. Jadi tidak perlu ditambahkan

  23. Mas Iman,

    mau tanya lagi, saya sudah beli domain, menggunakan ip public juga. kirim email antar ip dengan blok yang sama sudah berhasil dalam 1 provider. tetapi email keluar tetap failure. sepertinya port 25 saya di blok oleh ISP, adakah cara lain untuk mengganti Port 25 tersebut mas ?
    Terima kasih sebelumnya

  24. hi iman,
    How can I disabled dns zone transfer? i added allow-transfer {“none”;}; in DNS config but not working, vulnerability scanner detected that DNS zone trasfer enabled in my zimbra server

    zone “imanudin.net” IN {
    type master;
    file “db.imanudin.net”;
    allow-update { none; };
    allow-transfer {“none”;};
    };

    thanks!

    1. Hi Daba,
      I don’t much know about DNS. But you can try to change this line
      before

      allow-query     { localhost; any; };
      
      allow-query     { localhost; your-server-address; };
      
  25. Hi Iman, can you help me with the guide on how i can install zimbra using Cloudflare as a thirdparty DNS ?
    If i use cloudflare to route the nameserver do i still need to BIND the DNS ?
    Please help

  26. Hi,

    I have installed Zimbra Community edition 8.8.12 in Digital Ocean server with floating IP assigned. In Zimbra server local DNS is running. The domain NS pointed to cloudflare and DNS is managed by the same, have setup the SPF, DMARC and DKIM for the mail domain. We are able to send and receive emails, however some domain rejecting the emails due to missing PTR ( Yahoo server reject the message, Google deliver to Spam folder). Can you please help me how to setup the PTR and improve the creditability?

  27. mas saya sudah berhasil part 1 ini, trus saya save state di oracle virtual box, nah pas saya lanjutkan besoknya saya ping dulu ke google tidak bisa bahkan nslookup jadi tidak bisa itu gmn ya

  28. jika saya menggunakan virtualbox interface saya enp0s3 apa enp0s8 ? dan jika saya pindah wifi langsung tidak konek bagaimana ya

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.