Centos7下安装zimbra邮箱

1.更新系统

yum update -y

2.安装软件

yum install -y vim net-tools ntp

3.安装zimbra

4.设置好域名

删除原文件并添加以下行

vim /etc/hostname 
mail

删除原文件并添加以下行

vim /etc/hosts
127.0.0.1       localhost
172.21.100.7   mail.dingxiufeng.cn    mail

5.禁用系统自带MTA服务

systemctl disable postfix.service
systemctl stop postfix.service

6.上传zimbra安装包到服务器

7.解压

tar zxvf zcs-8.6.0_GA_1153.RHEL7_64.20141215151110.tgz

8.进入解压目录并安装zimbra

cd zcs-8.6.0_GA_1153.RHEL7_64.20141215151110
./install.sh

过程

Operations logged to /tmp/install.log.2328
Checking for existing installation...
    zimbra-ldap...NOT FOUND
    zimbra-logger...NOT FOUND
    zimbra-mta...NOT FOUND
    zimbra-dnscache...NOT FOUND
    zimbra-snmp...NOT FOUND
    zimbra-store...NOT FOUND
    zimbra-apache...NOT FOUND
    zimbra-spell...NOT FOUND
    zimbra-convertd...NOT FOUND
    zimbra-memcached...NOT FOUND
    zimbra-proxy...NOT FOUND
    zimbra-archiving...NOT FOUND
    zimbra-core...NOT FOUND


PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE SOFTWARE.
ZIMBRA, INC. ("ZIMBRA") WILL ONLY LICENSE THIS SOFTWARE TO YOU IF YOU
FIRST ACCEPT THE TERMS OF THIS AGREEMENT. BY DOWNLOADING OR INSTALLING
THE SOFTWARE, OR USING THE PRODUCT, YOU ARE CONSENTING TO BE BOUND BY
THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS
AGREEMENT, THEN DO NOT DOWNLOAD, INSTALL OR USE THE PRODUCT.

License Terms for the Zimbra Collaboration Suite:
  http://www.zimbra.com/license/zimbra-public-eula-2-5.html



Do you agree with the terms of the software license agreement? [N] y



Checking for prerequisites...
     FOUND: NPTL
     MISSING: nmap-ncat
     FOUND: sudo-1.8.6p7-17
     FOUND: libidn-1.28-4
     FOUND: gmp-6.0.0-12
     FOUND: libaio-0.3.109-13
     FOUND: libstdc++-4.8.5-4
     MISSING: unzip
     MISSING: perl-core

Checking for suggested prerequisites...
     FOUND: perl-5.16.3
     Unable to find expected sysstat.  Found version 未安装软件包 sysstat  instead.
     FOUND: sqlite

###WARNING###

The suggested version of one or more packages is not installed.
This could cause problems with the operation of Zimbra.

Do you wish to continue? [N] 

Exit? [N] y
Exiting.

根据提示安装相关依赖软件包

yum install nmap-ncat unzip perl-core sysstat -y

继续执行

./install.sh

过程

Operations logged to /tmp/install.log.2542
Checking for existing installation...
    zimbra-ldap...NOT FOUND
    zimbra-logger...NOT FOUND
    zimbra-mta...NOT FOUND
    zimbra-dnscache...NOT FOUND
    zimbra-snmp...NOT FOUND
    zimbra-store...NOT FOUND
    zimbra-apache...NOT FOUND
    zimbra-spell...NOT FOUND
    zimbra-convertd...NOT FOUND
    zimbra-memcached...NOT FOUND
    zimbra-proxy...NOT FOUND
    zimbra-archiving...NOT FOUND
    zimbra-core...NOT FOUND


PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE SOFTWARE.
ZIMBRA, INC. ("ZIMBRA") WILL ONLY LICENSE THIS SOFTWARE TO YOU IF YOU
FIRST ACCEPT THE TERMS OF THIS AGREEMENT. BY DOWNLOADING OR INSTALLING
THE SOFTWARE, OR USING THE PRODUCT, YOU ARE CONSENTING TO BE BOUND BY
THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS
AGREEMENT, THEN DO NOT DOWNLOAD, INSTALL OR USE THE PRODUCT.

License Terms for the Zimbra Collaboration Suite:
  http://www.zimbra.com/license/zimbra-public-eula-2-5.html



Do you agree with the terms of the software license agreement? [N] y



Checking for prerequisites...
     FOUND: NPTL
     FOUND: nmap-ncat-6.40-7
     FOUND: sudo-1.8.6p7-17
     FOUND: libidn-1.28-4
     FOUND: gmp-6.0.0-12
     FOUND: libaio-0.3.109-13
     FOUND: libstdc++-4.8.5-4
     FOUND: unzip-6.0-15
     FOUND: perl-core-5.16.3-286

Checking for suggested prerequisites...
     FOUND: perl-5.16.3
     FOUND: sysstat
     FOUND: sqlite
Prerequisite check complete.

Checking for installable packages

Found zimbra-core
Found zimbra-ldap
Found zimbra-logger
Found zimbra-mta
Found zimbra-dnscache
Found zimbra-snmp
Found zimbra-store
Found zimbra-apache
Found zimbra-spell
Found zimbra-memcached
Found zimbra-proxy


Select the packages to install

Install zimbra-ldap [Y] 

Install zimbra-logger [Y] 

Install zimbra-mta [Y] 

Install zimbra-dnscache [Y] 

Install zimbra-snmp [Y] 

Install zimbra-store [Y] 

Install zimbra-apache [Y] 

Install zimbra-spell [Y] 

Install zimbra-memcached [Y] 

Install zimbra-proxy [Y] 
Checking required space for zimbra-core
Checking space for zimbra-store
Checking required packages for zimbra-store
zimbra-store package check complete.

Installing:
    zimbra-core
    zimbra-ldap
    zimbra-logger
    zimbra-mta
    zimbra-dnscache
    zimbra-snmp
    zimbra-store
    zimbra-apache
    zimbra-spell
    zimbra-memcached
    zimbra-proxy

The system will be modified.  Continue? [N] y

Removing /opt/zimbra
Removing zimbra crontab entry...done.
Cleaning up zimbra init scripts...done.
Cleaning up /etc/ld.so.conf...done.
Cleaning up /etc/security/limits.conf...done.

Finished removing Zimbra Collaboration Server.

Installing packages

    zimbra-core......zimbra-core-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
    zimbra-ldap......zimbra-ldap-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
    zimbra-logger......zimbra-logger-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
    zimbra-mta......zimbra-mta-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
    zimbra-dnscache......zimbra-dnscache-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
    zimbra-snmp......zimbra-snmp-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
    zimbra-store......zimbra-store-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
    zimbra-apache......zimbra-apache-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
    zimbra-spell......zimbra-spell-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
    zimbra-memcached......zimbra-memcached-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
    zimbra-proxy......zimbra-proxy-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
Operations logged to /tmp/zmsetup10242016-135027.log
Installing LDAP configuration database...done.
Setting defaults...sh: /sbin/ifconfig: 没有那个文件或目录


DNS ERROR resolving MX for mail.southbaytech.co
It is suggested that the domain name have an MX record configured in DNS
Change domain name? [Yes] 
Create domain: [mail.southbaytech.co] southbaytech.co
    MX: mail.southbaytech.co (192.168.1.209)

    Interface: 127.0.0.1
    Interface: ::1
    Interface: 192.168.1.204


DNS ERROR - none of the MX records for southbaytech.co
resolve to this host
It is suggested that the MX record resolve to this host
Re-Enter domain name? [Yes] n
done.
Checking for port conflicts
sh: netstat: 未找到命令

Main menu

   1) Common Configuration:                                                  
   2) zimbra-ldap:                             Enabled                       
   3) zimbra-logger:                           Enabled                       
   4) zimbra-mta:                              Enabled                       
   5) zimbra-dnscache:                         Enabled                       
   6) zimbra-snmp:                             Enabled                       
   7) zimbra-store:                            Enabled                       
        +Create Admin User:                    yes                           
        +Admin user to create:                 admin@southbaytech.co         
******* +Admin Password                        UNSET                         
        +Anti-virus quarantine user:           virus-quarantine.vjca4xqt0@southbaytech.co
        +Enable automated spam training:       yes                           
        +Spam training user:                   spam.jskgzxzqkd@southbaytech.co
        +Non-spam(Ham) training user:          ham.8cra1gy7@southbaytech.co  
        +SMTP host:                            mail.southbaytech.co          
        +Web server HTTP port:                 8080                          
        +Web server HTTPS port:                8443                          
        +Web server mode:                      https                         
        +IMAP server port:                     7143                          
        +IMAP server SSL port:                 7993                          
        +POP server port:                      7110                          
        +POP server SSL port:                  7995                          
        +Use spell check server:               yes                           
        +Spell server URL:                     http://mail.southbaytech.co:7780/aspell.php
        +Enable version update checks:         TRUE                          
        +Enable version update notifications:  TRUE                          
        +Version update notification email:    admin@southbaytech.co         
        +Version update source email:          admin@southbaytech.co         
        +Install mailstore (service webapp):   yes                           
        +Install UI (zimbra,zimbraAdmin webapps): yes                           

   8) zimbra-spell:                            Enabled                       
   9) zimbra-proxy:                            Enabled                       
  10) Default Class of Service Configuration:                                
   s) Save config to file                                                    
   x) Expand menu                                                            
   q) Quit                                    

Address unconfigured (**) items  (? - help) 7


Store configuration

   1) Status:                                  Enabled                       
   2) Create Admin User:                       yes                           
   3) Admin user to create:                    admin@southbaytech.co         
** 4) Admin Password                           UNSET                         
   5) Anti-virus quarantine user:              virus-quarantine.vjca4xqt0@southbaytech.co
   6) Enable automated spam training:          yes                           
   7) Spam training user:                      spam.jskgzxzqkd@southbaytech.co
   8) Non-spam(Ham) training user:             ham.8cra1gy7@southbaytech.co  
   9) SMTP host:                               mail.southbaytech.co          
  10) Web server HTTP port:                    8080                          
  11) Web server HTTPS port:                   8443                          
  12) Web server mode:                         https                         
  13) IMAP server port:                        7143                          
  14) IMAP server SSL port:                    7993                          
  15) POP server port:                         7110                          
  16) POP server SSL port:                     7995                          
  17) Use spell check server:                  yes                           
  18) Spell server URL:                        http://mail.southbaytech.co:7780/aspell.php
  19) Enable version update checks:            TRUE                          
  20) Enable version update notifications:     TRUE                          
  21) Version update notification email:       admin@southbaytech.co         
  22) Version update source email:             admin@southbaytech.co         
  23) Install mailstore (service webapp):      yes                           
  24) Install UI (zimbra,zimbraAdmin webapps): yes                           

Select, or 'r' for previous menu [r] 4

Password for admin@southbaytech.co (min 6 characters): [N6Ws0fkc3d] 123456

Store configuration

   1) Status:                                  Enabled                       
   2) Create Admin User:                       yes                           
   3) Admin user to create:                    admin@southbaytech.co         
   4) Admin Password                           set                           
   5) Anti-virus quarantine user:              virus-quarantine.vjca4xqt0@southbaytech.co
   6) Enable automated spam training:          yes                           
   7) Spam training user:                      spam.jskgzxzqkd@southbaytech.co
   8) Non-spam(Ham) training user:             ham.8cra1gy7@southbaytech.co  
   9) SMTP host:                               mail.southbaytech.co          
  10) Web server HTTP port:                    8080                          
  11) Web server HTTPS port:                   8443                          
  12) Web server mode:                         https                         
  13) IMAP server port:                        7143                          
  14) IMAP server SSL port:                    7993                          
  15) POP server port:                         7110                          
  16) POP server SSL port:                     7995                          
  17) Use spell check server:                  yes                           
  18) Spell server URL:                        http://mail.southbaytech.co:7780/aspell.php
  19) Enable version update checks:            TRUE                          
  20) Enable version update notifications:     TRUE                          
  21) Version update notification email:       admin@southbaytech.co         
  22) Version update source email:             admin@southbaytech.co         
  23) Install mailstore (service webapp):      yes                           
  24) Install UI (zimbra,zimbraAdmin webapps): yes                           

Select, or 'r' for previous menu [r] 

Main menu

   1) Common Configuration:                                                  
   2) zimbra-ldap:                             Enabled                       
   3) zimbra-logger:                           Enabled                       
   4) zimbra-mta:                              Enabled                       
   5) zimbra-dnscache:                         Enabled                       
   6) zimbra-snmp:                             Enabled                       
   7) zimbra-store:                            Enabled                       
   8) zimbra-spell:                            Enabled                       
   9) zimbra-proxy:                            Enabled                       
  10) Default Class of Service Configuration:                                
   s) Save config to file                                                    
   x) Expand menu                                                            
   q) Quit                                    

*** CONFIGURATION COMPLETE - press 'a' to apply
Select from menu, or press 'a' to apply config (? - help) a
Save configuration data to a file? [Yes] 
Save config in file: [/opt/zimbra/config.12421] 
Saving config in /opt/zimbra/config.12421...done.
The system will be modified - continue? [No] y
Operations logged to /tmp/zmsetup10242016-135027.log
Setting local config values...done.
Initializing core config...Setting up CA...done.
Deploying CA to /opt/zimbra/conf/ca ...done.
Creating SSL zimbra-store certificate...done.
Creating new zimbra-ldap SSL certificate...done.
Creating new zimbra-mta SSL certificate...done.
Creating new zimbra-proxy SSL certificate...done.
Installing mailboxd SSL certificates...done.
Installing MTA SSL certificates...done.
Installing LDAP SSL certificate...done.
Installing Proxy SSL certificate...done.
Initializing ldap...done.
Setting replication password...done.
Setting Postfix password...done.
Setting amavis password...done.
Setting nginx password...done.
Setting BES searcher  password...done.
Creating server entry for mail.southbaytech.co...done.
Setting Zimbra IP Mode...done.
Saving CA in ldap ...done.
Saving SSL Certificate in ldap ...done.
Setting spell check URL...done.
Setting service ports on mail.southbaytech.co...done.
Setting zimbraFeatureTasksEnabled=TRUE...done.
Setting zimbraFeatureBriefcasesEnabled=TRUE...done.
Setting Master DNS IP address(es)...done.
Setting DNS cache tcp lookup preference...done.
Setting DNS cache udp lookup preference...done.
Setting DNS tcp upstream preference...done.
Setting TimeZone Preference...done.
Initializing mta config...done.
Setting services on mail.southbaytech.co...done.
Adding mail.southbaytech.co to zimbraMailHostPool in default COS...done.
Creating domain southbaytech.co...done.
Setting default domain name...done.
Creating domain southbaytech.co...already exists.
Creating admin account admin@southbaytech.co...done.
Creating root alias...done.
Creating postmaster alias...done.
Creating user spam.jskgzxzqkd@southbaytech.co...done.
Creating user ham.8cra1gy7@southbaytech.co...done.
Creating user virus-quarantine.vjca4xqt0@southbaytech.co...done.
Setting spam training and Anti-virus quarantine accounts...done.
Initializing store sql database...done.
Setting zimbraSmtpHostname for mail.southbaytech.co...done.
Configuring SNMP...done.
Setting up syslog.conf...done.
Starting servers...done.
Installing common zimlets...
    com_zimbra_adminversioncheck...done.
    com_zimbra_attachcontacts...done.
    com_zimbra_attachmail...done.
    com_zimbra_bulkprovision...done.
    com_zimbra_cert_manager...done.
    com_zimbra_clientuploader...done.
    com_zimbra_date...done.
    com_zimbra_email...done.
    com_zimbra_mailarchive...done.
    com_zimbra_phone...done.
    com_zimbra_proxy_config...done.
    com_zimbra_srchhighlighter...done.
    com_zimbra_tooltip...done.
    com_zimbra_url...done.
    com_zimbra_viewmail...done.
    com_zimbra_webex...done.
    com_zimbra_ymemoticons...done.
Finished installing common zimlets.
Restarting mailboxd...done.
Creating galsync account for default domain...done.

You have the option of notifying Zimbra of your installation.
This helps us to track the uptake of the Zimbra Collaboration Server.
The only information that will be transmitted is:
    The VERSION of zcs installed (8.6.0_GA_1153_RHEL7_64)
    The ADMIN EMAIL ADDRESS created (admin@southbaytech.co)

Notify Zimbra of your installation? [Yes] n
Notification skipped
Setting up zimbra crontab...done.


Moving /tmp/zmsetup10242016-135027.log to /opt/zimbra/log


Configuration complete - press return to exit

9.查看zimbra服务

su zimbra
zmcontrol status

以下表示正常

Host mail.southbaytech.co
    amavis                  Running
    antispam                Running
    antivirus               Running
    dnscache                Running
    ldap                    Running
    logger                  Running
    mailbox                 Running
    memcached               Running
    mta                     Running
    opendkim                Running
    proxy                   Running
    service webapp          Running
    snmp                    Running
    spell                   Running
    stats                   Running
    zimbra webapp           Running
    zimbraAdmin webapp      Running
    zimlet webapp           Running
    zmconfigd               Running

阿里云免费证书为zimbra安装可信任的SSL证书

1.下载证书

  • 阿里云创建完免费SSl证书后,选择证书下载--其他--下载
  • 下载后的文件解压后包括xxx.key、xxx.pem两个文件

2.上传到zimbra服务,修改证书类型

mkdir /opt/zimbra/ssl/aliyunssl/
cd /opt/zimbra/ssl/aliyunssl
openssl pkcs8 -topk8 -inform PEM -in xxx.key -outform PEM -nocrypt -out privkey.pem
mv xxx.pem cert.pem
chown zimbra:zimbra /opt/zimbra/ssl/aliyunssl/*

3.创建证书链中间证书chain.pem

  • 在 /opt/zimbra/ssl/aliyunssl/ 创建chain.pem 文件 也就是中级证书(mid-digicert-ca) + 根证书(root-digiert-ca)
    将阿里云下载证书xxx.pem的第二部分,也就是第二个—–BEGIN CERTIFICATE—–到—–END CERTIFICATE—–

copy到chain.pem中也就是中级证书(mid-digicert-ca),再将发证机构的根证书追加到chain.pem中也就第二部分的根证书。

  • 最新的免费root证书下载:Digicert-OV-DV-root.cer
  • 如此chain.pem也制作完成

4.验证证书

su - zimbra
cd /opt/zimbra/ssl/aliyunssl/
/opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem chain.pem
# 成功提示一下信息
** Verifying 'cert.pem' against 'privkey.pem'
Certificate 'cert.pem' and private key 'privkey.pem' match.
** Verifying 'cert.pem' against 'chain.pem'
Valid certificate chain: cert.pem: OK

5.部署证书

  • 原有证书备份
cp -a /opt/zimbra/ssl/zimbra /opt/zimbra/ssl/zimbra.$(date "+%Y%m%d%H%M%S")
  • 在Zimbra SSL路径下复制私钥
# 先备份再替换
cp /opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/zimbra/ssl/zimbra/commercial/commercial.key.bak
cp /opt/zimbra/ssl/aliyunssl/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key
  • 部署
su - zimbra
cd /opt/zimbra/ssl/aliyunssl/
/opt/zimbra/bin/zmcertmgr deploycrt comm cert.pem chain.pem
  • 重启zimbra服务
zmcontrol restart

6.通过网页查看证书是否生效