Zimbra 基礎安裝與設定

Ubuntu 16.04-LXC

一般網路上會教學 Dnsmasq or Bind9 等DNS server,但如果有DNS託管的話(e.g. Cloudflare)可以不用安裝,A/MX/TXT由CF等處理。

或者安裝DNSMASQ: Install Dnsmasq

systemctl disable systemd-resolved
systemctl stop systemd-resolved
systemctl restart dnsmasq
nano /etc/dnsmasq.conf
server=10.0.1.1
listen-address=127.0.0.1
domain=r.com
mx-host= r.com,z.r.com, 10
mx-host= z.ru.com, z.r.com, 5

設定完以後以下兩個指令檢查MX/A:

dig A yourdomain.com
dig MX yourdomain.com

修改Host:

nano /etc/hosts

127.0.0.1 yourdomain.com

正確之後即可開始安裝:

wget https://files.zimbra.com/downloads/8.8.15_GA/zcs-8.8.15_GA_3869.UBUNTU18_64.20190918004220.tgz
tar xvf zcs-8.8.15_GA_3869.UBUNTU18_64.20190918004220.tgz
cd zcs-8.8.15_GA_3869.UBUNTU18_64.20190918004220/

新增GPG Key:

apt install gnupg2 net-tools

新增完成之後先做基礎更新:

apt update && apt upgrade -y

預先移除 postfix 後執行安裝:

apt remove postfix
./install.sh --platform-override

安裝完成之後設定admin passwd 後按 a生效


Setting:

su - zimbra
zmprov -l ms example.com zimbraMtaLmtpHostLookup native
zmprov -l mcf zimbraMtaLmtpHostLookup native
zmmtactl restart
zmprov ms `zmhostname` zimbraMemcachedBindAddress 127.0.0.1 
zmprov ms `zmhostname` zimbraMemcachedClientServerList 127.0.0.1
zmprov ms `zmhostname` zimbraImapCleartextLoginEnabled TRUE
zmprov ms `zmhostname` zimbraPop3CleartextLoginEnabled TRUE
zmprov ms `zmhostname` zimbraMtaTlsAuthOnly FALSE
su - zimbra -c "zmmemcachedctl restart"

當遇到 delivery temporarily suspended: connect to example.com[192.168.0.9]:7025: Connection refused 解決方法

su zimbra
zmprov -l ms example.com zimbraMtaLmtpHostLookup native
zmprov -l mcf zimbraMtaLmtpHostLookup native
zmmtactl restart

smtp Auth Setup:

zmprov mcf zimbraMtaSmtpdSenderLoginMaps proxy:ldap:/opt/zimbra/conf/ldap-slm.cf +zimbraMtaSmtpdSenderRestrictions

在reject_sender_login_mismatch 加上 permit_mynetworks

nano /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf

permit_mynetworks, reject_sender_login_mismatch

SET

zmprov modifyServer example.com zimbraMtaAuthEnabled TRUE
zmprov modifyServer example.com zimbraMtaTlsAuthOnly TRUE
zmprov mcf zimbraMtaSmtpdRejectUnlistedRecipient yes
zmprov mcf zimbraMtaSmtpdRejectUnlistedSender yes
zmmtactl restart
zmconfigdctl restart
zmmemcachedctl restart

重啟服務:

su zimbra
zmcontrol restart

RDNS:

zmprov ms  `zmhostname` zimbraMtaSmtpdBanner mail.example.com
zmcontrol restart

Zimbra Web Nginx Reverse Proxy Conf:

server {
    listen 80;
    server_name example.com;
    location / {
        return 301 https://example.com$request_uri;
    }
}
server {
    listen 443 ssl;
    server_name example.com;
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers   on;
    ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
    server_tokens off;
    add_header X-Frame-Options SAMEORIGIN;
    add_header X-Content-Type-Options nosniff;
    client_max_body_size 50M;

    location / {
        proxy_pass https://10.0.1.171;
        proxy_set_header Host $http_host;
        proxy_set_header Connection "upgrade";
        proxy_set_header X-NginX-Proxy true;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_http_version 1.1;
        proxy_read_timeout 3m;
        proxy_send_timeout 3m;
        sendfile on;
    }
    location /status.xsl {
        return 404;
    }
}

完工之後還需要進行以下設定:

WebDEV+Nextcloud:

https://github.com/Zimbra-Community/owncloud-zimlet


RBL Setting:

https://wiki.zimbra.com/wiki/Anti-spam_Strategies

http://amar-linux.blogspot.com/2017/05/how-to-enable-dnsbl-or-rbl-on-zimbra-to.html


RBL Check:

http://www.anti-abuse.org/multi-rbl-check/


Mail Server Status TEST:

https://talosintelligence.com/reputation_center/email_rep

 


测试你发出邮件的垃圾邮件匹配度:

https://www.mail-tester.com/


DKIM CHECK:

https://dmarcian.com/dkim-validator/

THE END
分享
二维码
< <上一篇
下一篇>>