russel053/ 10 月 9, 2018/ Linux, 其他, 網路服務

Ubuntu 16.04-LXC

一般網路上會教學 Dnsmasq or Bind9 等DNS server,但如果有DNS託管的話(e.g. Cloudflare)可以不用安裝,A/MX/TXT由CF等處理。

設定完以後以下兩個指令檢查MX/A:

dig A yourdomain.com
dig MX yourdomain.com

修改Host:

nano /etc/hosts

127.0.0.1 yourdomain.com

正確之後即可開始安裝:

wget https://files.zimbra.com/downloads/8.8.10_GA/zcs-8.8.10_GA_3039.UBUNTU16_64.20180928094617.tgz
tar xvf zcs-8.8.10_GA_3039.UBUNTU16_64.20180928094617.tgz
cd zcs-8.8.10_GA_3039.UBUNTU16_64.20180928094617/
---------------------------------------------
UBUNTU 18.04 LTS:
wget https://files.zimbra.com/downloads/8.8.12_GA/zcs-8.8.12_GA_3794.UBUNTU18_64.20190329045002.tgz
tar xvf zcs-8.8.12_GA_3794.UBUNTU18_64.20190329045002.tgz
cd zcs-8.8.12_GA_3794.UBUNTU18_64.20190329045002

新增來源:

nano /etc/apt/sources.list.d/zimbra.list

Ubuntu 16.04:
deb     [arch=amd64] https://repo.zimbra.com/apt/87 xenial zimbra
deb     [arch=amd64] https://repo.zimbra.com/apt/889 xenial zimbra
deb-src [arch=amd64] https://repo.zimbra.com/apt/87 xenial zimbra

----------------------------------------------------------------
Ubuntu 18.04:
deb     [arch=amd64] https://repo.zimbra.com/apt/87 bionic zimbra
deb     [arch=amd64] https://repo.zimbra.com/apt/8812 bionic zimbra
deb-src [arch=amd64] https://repo.zimbra.com/apt/87 bionic zimbra

新增GPG Key:

apt install gnupg2
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 9BE6ED79

新增完成之後先做基礎更新:

apt update && apt upgrade -y

預先移除 postfix 後執行安裝:

apt remove postfix
./install.sh --platform-override

安裝完成之後設定admin passwd 後按 a生效


Setting:

su - zimbra
zmprov -l ms example.com zimbraMtaLmtpHostLookup native
zmprov -l mcf zimbraMtaLmtpHostLookup native
zmmtactl restart
zmprov ms `zmhostname` zimbraMemcachedBindAddress 127.0.0.1 
zmprov ms `zmhostname` zimbraMemcachedClientServerList 127.0.0.1
zmprov ms `zmhostname` zimbraImapCleartextLoginEnabled TRUE
zmprov ms `zmhostname` zimbraPop3CleartextLoginEnabled TRUE
zmprov ms `zmhostname` zimbraMtaTlsAuthOnly FALSE
zmprov ms `zmhostname` zimbraImapCleartextLoginEnabled TRUE
zmprov ms `zmhostname` zimbraPop3CleartextLoginEnabled TRUE
zmprov ms `zmhostname` zimbraMtaTlsAuthOnly FALSE
su - zimbra -c "zmmemcachedctl restart"

當遇到 delivery temporarily suspended: connect to example.com[192.168.0.9]:7025: Connection refused 解決方法

su zimbra
zmprov -l ms example.com
zimbraMtaLmtpHostLookup native
zmprov -l mcf zimbraMtaLmtpHostLookup native
zmmtactl restart

smtp Auth Setup:

zmprov mcf zimbraMtaSmtpdSenderLoginMaps proxy:ldap:/opt/zimbra/conf/ldap-slm.cf +zimbraMtaSmtpdSenderRestrictions

在reject_sender_login_mismatch 加上 permit_mynetworks

nano /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf

permit_mynetworks, reject_sender_login_mismatch

SET

zmprov modifyServer example.com
zimbraMtaAuthEnabled TRUE
zmprov modifyServer example.com zimbraMtaTlsAuthOnly TRUE
zmprov mcf zimbraMtaSmtpdRejectUnlistedRecipient yes
zmprov mcf zimbraMtaSmtpdRejectUnlistedSender yes
zmmtactl restart
zmconfigdctl restart
zmmemcachedctl restart

重啟服務:

su zimbra
zmcontrol restart

Zimbra Web Nginx Reverse Proxy Conf:

server {
    listen 80;
    server_name example.com;
    location / {
        return 301 https://example.com$request_uri;
    }
}
server {
    listen 443 ssl;
    server_name example.com;
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers   on;
    ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
    server_tokens off;
    add_header X-Frame-Options SAMEORIGIN;
    add_header X-Content-Type-Options nosniff;
    client_max_body_size 50M;

    location / {
        proxy_pass https://10.0.1.171;
        proxy_set_header Host $http_host;
        proxy_set_header Connection "upgrade";
        proxy_set_header X-NginX-Proxy true;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_http_version 1.1;
        proxy_read_timeout 3m;
        proxy_send_timeout 3m;
        sendfile on;
    }
    location /status.xsl {
        return 404;
    }
}

完工之後還需要進行以下設定:

zimbra 電子郵件保護的最佳實踐:SPF、DKIM、DMARC

WebDEV+Nextcloud:

https://github.com/Zimbra-Community/owncloud-zimlet


RBL Setting:

https://wiki.zimbra.com/wiki/Anti-spam_Strategies

http://amar-linux.blogspot.com/2017/05/how-to-enable-dnsbl-or-rbl-on-zimbra-to.html


RBL Check:

http://www.anti-abuse.org/multi-rbl-check/


DKIMCHRCK:

https://dkimvalidator.com


Mail Server Status TEST:

https://talosintelligence.com/reputation_center/email_rep

Share this Post