Zimbra is a suite of tools for Unix/Linux/MacOS systems, which includes a secure mail server, web mail, anti-spam/anti-virus controls, a Web management interface, integrated calendaring, mobile device sync, and more. In many ways, Zimbra is the Unix equivalent to Microsoft Exchange.
In this post, I will be installing Zimbra onto a CentOS virtual machine I created in a previous post. The machine will need at least 1024mb of memory to run the default Zimbra services. I was unable to make it run without errors with any less memory.
1) You will need to install some required packages to proceed with the setup and avoid errors further on:
- wget – download utility we will be using to download the latest version of Zimbra Open Source Edition.
- postfix – an open-source mail transfer agent (MTA) that routes and delivers electronic mail; installation of Zimbra will fail without this package, according to my professor
- ntp – a protocol designed to synchronize the clocks of computers over a network
You can install these packages with the following command:
yum install wget postfix ntp
2) Make sure your time and date are set correctly. You can check time/date by running ‘date’.
If you need to change them you use the same command followed by the current time and date in the format of MMDDhhmm. So for example, if it’s currently April 30 5:55pm, the command would be:
date 04301755
3) Another step that may be important, and that my professor always told the class to complete, is to disable SElinux due to the various errors it may cause considering its stringent security policies. To disable it, use your favorite editor (mine is nano!) and change the SELINUX value in /etc/sysconfig/selinux to the following:
SELINUX=disabled
Then reboot your system.
4) In addition, you may want to turn off your firewall temporarily while installing and setting up Zimbra. I will make a post later about how to configure your firewall so that Zimbra’s required ports are accessible but everything else is secured. To turn off the firewall in CentOS, run:
service iptables stop
5) To find the latest version of Zimbra OSE, visit the following link:
http://www.zimbra.com/downloads/os-downloads.html
I will be using the 32bit x86 version, Red Hat Enterprise Linux 5 (as instructed by my professor). Since I’m installing it on a remote machine, I’m going to use wget to download the software:
wget http://files2.zimbra.com/downloads/6.0.6_GA/zcs-6.0.6_GA_2324.RHEL5.20100406144520.tgz
6) Extract files from the downloaded archive:
tar -xf zcs-6.0.6_GA_2324.RHEL5.20100406144520.tgz
7) Run the install script with a platform-override argument (since we’re installing on CentOS and not Red Hat) and then follow the instructions by installing whatever external packages the setup tells you are required and selecting options that correspond to your configuration (I used the default option at practically every step):
cd zcs-6.0.6_GA_2324.RHEL5.20100406144520 ./install.sh --platform-override
8) If you had any errors during installation, see step 9. Otherwise, if you’ve reached the configuration menu part of the installation, all you’re required to do is to set up the administrator password, as will be denoted by the many * symbols. There are other options you can tinker with if you have more complex needs, but the defaults worked fine for me.
* If you can’t see all the configuration options because the terminal scrolled down too far, you can usually scroll up with the shift+pageup key combination.
9) During installation, I had the following errors:
a)
ERROR: Installation can not proceed. Please fix your /etc/hosts file to contain: 127.0.0.1 localhost.localdomain localhost Zimbra install grants mysql permissions only to localhost and localhost.localdomain users. But Fedora/RH installs leave lines such as these in /etc/hosts: 127.0.0.1 myhost.mydomain.com myhost localhost.localdomain localhost This causes MySQL to reject users coming from 127.0.0.1 as users from myhost.mydomain.com. You can read more details at: http://bugs.mysql.com/bug.php?id=11822
This error is self-explanatory. Using an editor like vi or nano, edit /etc/hosts to match the error’s suggested fix. Here’s an example of my /etc/hosts file.
127.0.0.1 localhost.localdomain localhost ::1 localhost6.localdomain6 localhost6 130.245.127.62 rsheyd.oslab.cs.sunysb.edu rsheyd
b)
Checking for port conflicts
Port conflict detected: 25 (zimbra-mta)
Port conflicts detected! - Any key to continue
That means that some service is using a port Zimbra needs open for one of its services (in this case zimbra-mta). You can proceed with the installation despite the port conflict, but you will need to fix it later to avoid errors.
After you’ve finished Zimbra installation you can check what ports your system is currently using by running:
netstat -tulpn
In my case, postfix, which I installed earlier as per professor’s instruction, was using port 25. According to him it’s needed for Zimbra to function correctly but should be turned off. I’m not exactly sure how that works, but in any case, to turn it off you have to use the following command.
service postfix stop
And to prevent it from starting the next time you reboot your system, run:
chkconfig postfix off
If you don’t clear up the port conflict, there will be MTA-related errors when you try sending emails in Zimbra.
As a side note, postfix is already included in Zimbra-MTA so you may not need to install it separately to begin with, but I haven’t tried installing Zimbra without it.
*Some people may have sendmail blocking port 25 instead. Apply the same steps to sendmail as I did to postfix.
10) Zimbra has pretty basic spam protection as soon as you install it. In addition, its spam protection improves as you receive mail and mark spam as junk mail, due to heuristics and spam-learning algorithms. Google it if you want to know more =).
However, emails that may contain attachments which may be viruses are NOT filtered out by default. In order to filter out attachment formats which may be malicious you have to access the global settings in your administration console, which is accessed using the ‘admin’ account and the password you set during installation, at hostname:7071. In my case, that was: https://rsheyd.oslab.cs.sunysb.edu:7071/.
In Global Settings there should be an attachments tab, which lists all possible malicious attachment formats. I recommend selecting all of them and adding them to the blacklist since none of them are commonly attached files like PDFs, documents, photos, etc. Most are executable files used to infect a client’s computer with viruses.
In my next post I will talk about restricting access to Zimbra and your CentOS machine with iptables (firewall).
Helpful links:
http://library.linode.com/email/zimbra/install-zimbra-centos-5
http://www.zimbra.com/docs/ne/latest/single_server_install/
* Post any questions in my comments and I’ll try my best to answer them!