Zimbra 基礎安裝與設定

2018-10-9

Ubuntu 20.04-LXC

一般網路上會教學 Dnsmasq or Bind9 等DNS server,但如果有DNS託管的話(e.g. Cloudflare)可以不用安裝,A/MX/TXT由CF等處理。

或者安裝DNSMASQ: Install Dnsmasq

systemctl disable systemd-resolved
systemctl stop systemd-resolved
systemctl restart dnsmasq
nano /etc/dnsmasq.conf
server=10.0.1.1
listen-address=127.0.0.1
domain=r.com
mx-host= r.com,z.r.com, 10
mx-host= z.ru.com, z.r.com, 5

設定完以後以下兩個指令檢查MX/A:

dig A yourdomain.com
dig MX yourdomain.com

修改Host:

nano /etc/hosts

127.0.0.1 yourdomain.com

選配方式:

systemctl disable systemd-resolved.service
systemctl stop systemd-resolved.servicesuystem
systemctl disable resolvconf.service
systemctl stop resolvconf.service
rm /etc/resolv.conf
nano /etc/resolv.conf
nameserver 168.95.1.1
nameserver 8.8.8.8

正確之後即可開始安裝:

wget https://files.zimbra.com/downloads/8.8.15_GA/zcs-8.8.15_GA_3869.UBUNTU18_64.20190918004220.tgz
tar xvf zcs-8.8.15_GA_3869.UBUNTU18_64.20190918004220.tgz
cd zcs-8.8.15_GA_3869.UBUNTU18_64.20190918004220/

新增GPG Key:

apt install gnupg2 net-tools

新增完成之後先做基礎更新:

apt update && apt upgrade -y

預先移除 postfix 後執行安裝:

apt remove postfix
./install.sh --platform-override

安裝完成之後設定admin passwd 後按 a生效

Setting:

su - zimbra
zmprov -l ms example.com zimbraMtaLmtpHostLookup native
zmprov -l mcf zimbraMtaLmtpHostLookup native
zmmtactl restart
zmprov ms `zmhostname` zimbraMemcachedBindAddress 127.0.0.1 
zmprov ms `zmhostname` zimbraMemcachedClientServerList 127.0.0.1
zmprov ms `zmhostname` zimbraImapCleartextLoginEnabled TRUE
zmprov ms `zmhostname` zimbraPop3CleartextLoginEnabled TRUE
zmprov ms `zmhostname` zimbraMtaTlsAuthOnly FALSE
su - zimbra -c "zmmemcachedctl restart"

當遇到 delivery temporarily suspended: connect to example.com[192.168.0.9]:7025: Connection refused 解決方法

su zimbra
zmprov -l ms example.com zimbraMtaLmtpHostLookup native
zmprov -l mcf zimbraMtaLmtpHostLookup native
zmmtactl restart

smtp Auth Setup:

zmprov mcf zimbraMtaSmtpdSenderLoginMaps proxy:ldap:/opt/zimbra/conf/ldap-slm.cf +zimbraMtaSmtpdSenderRestrictions

在reject_sender_login_mismatch 加上 permit_mynetworks

nano /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf

permit_mynetworks, reject_sender_login_mismatch

SET

zmprov modifyServer example.com zimbraMtaAuthEnabled TRUE
zmprov modifyServer example.com zimbraMtaTlsAuthOnly TRUE
zmprov mcf zimbraMtaSmtpdRejectUnlistedRecipient yes
zmprov mcf zimbraMtaSmtpdRejectUnlistedSender yes
zmmtactl restart
zmconfigdctl restart
zmmemcachedctl restart

重啟服務:

su zimbra
zmcontrol restart

RDNS:

zmprov ms  `zmhostname` zimbraMtaSmtpdBanner mail.example.com
zmcontrol restart

Zimbra Web Nginx Reverse Proxy Conf:

server {
    listen 80;
    server_name example.com;
    location / {
        return 301 https://example.com$request_uri;
    }
}
server {
    listen 443 ssl;
    server_name example.com;
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers   on;
    ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
    server_tokens off;
    add_header X-Frame-Options SAMEORIGIN;
    add_header X-Content-Type-Options nosniff;
    client_max_body_size 50M;

    location / {
        proxy_pass https://10.0.1.171;
        proxy_set_header Host $http_host;
        proxy_set_header Connection "upgrade";
        proxy_set_header X-NginX-Proxy true;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_http_version 1.1;
        proxy_read_timeout 3m;
        proxy_send_timeout 3m;
        sendfile on;
    }
    location /status.xsl {
        return 404;
    }
}

完工之後還需要進行以下設定:

WebDEV+Nextcloud:

https://github.com/Zimbra-Community/owncloud-zimlet

RBL Setting:

https://wiki.zimbra.com/wiki/Anti-spam_Strategies

http://amar-linux.blogspot.com/2017/05/how-to-enable-dnsbl-or-rbl-on-zimbra-to.html

RBL Check:

http://www.anti-abuse.org/multi-rbl-check/

Mail Server Status TEST:

https://talosintelligence.com/reputation_center/email_rep

 

测试你发出邮件的垃圾邮件匹配度:

https://www.mail-tester.com/

DKIM CHECK:

https://dmarcian.com/dkim-validator/

阅读剩余
THE END
Ceph:Install Ceph on Proxmox
<<上一篇
設置ZFS RAM Cache 大小
下一篇>>
相关推荐
Linux:EXT4 VM 硬碟擴充
Other:Zyxel NSA-310 刷入 OpenWRT
WildDuck:安裝與設定
Linux:ArozOS 安裝與建立開機自啟動服務
Proxmox:Failed:Cannot allocate memory at /usr/share/per|5/PVE/Tools.pm line 455. 修正方式
Linux:cfdisk安裝
KVM:args 新增欺騙 Windows 模擬實體機環境
Linux:trousers.service 啟動 tcsd 失敗並無法安裝解決方式(適用於 TPM2.0 裝置)(ProxmoxVE 7.0-12 之後版本適用)
Proxmox:安裝 UEFI 格式造成開機之後卡於初始化修正方式
Linux:dmidecode 查看系統資源列表
pveCLi Uptime: |
Copyright © 2024 pveCLI CoreNext Powered by WordPress