Zimbra 功能很强大,支持中文。
笔者创建环境时间是2024年08月,
环境是windows 10,
使用 VMware workstation 创建 Centos7 系统
1. 使用的文件
CentOS-7-x86_64-DVD-2207-02.iso,这个自行搜素下载,不一定是这个版本
Zimbra 8.8.15
2. Centos 7 虚拟机配置
内存:8G
CPU: 2
存储:20
网络:1个, NAT,
本地测试 IP 地址为 192.168.61.161
本地测试域名:test1138.com
本地邮件测试域名:mail.test1138.com
3. 安装 Centos 7
下面的命令里面第一行,如果是 # cat, 表示显示文件内容,复制的时候,把这一行去掉就可以。
3.1 安装 centos
安装默认最小的版本
3.2 设置IP地址
设置静态IP地址,网关和DNS,配置如下:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
# cat /etc/sysconfig/network-scripts/ifcfg-ens33 TYPE="Ethernet" PROXY_METHOD="none" BROWSER_ONLY="no" BOOTPROTO="static" DEFROUTE="yes" IPV4_FAILURE_FATAL="no" IPV6INIT="yes" IPV6_AUTOCONF="yes" IPV6_DEFROUTE="yes" IPV6_FAILURE_FATAL="no" IPV6_ADDR_GEN_MODE="stable-privacy" NAME="ens33" UUID="d4a0f4ce-7d7d-4ac5-9aea-4e6a2dd0377c" DEVICE="ens33" ONBOOT="yes" IPADDR="192.168.61.161" NETMASK="255.255.255.0" GATEWAY="192.168.61.2" DNS1="192.168.61.2 PEERDNS="no" |
为虚拟机分配静态 IP 地址,这样在 DNS 配置时更加方便,后面会再次修改DNS1。
3.3 检查并配置 SELinux
SELinux 可能会导致上传文件时报错,修改 SELINUX=disabled
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
# cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of three values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted |
重启一下系统
|
1 |
reboot |
4. 修改yum源
如果使用默认的 centos 源,已经无法使用,也无法安装需要的软件
|
1 2 3 4 5 6 |
su - root cp /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo yum clean all yum makecache |
做一次更新
|
1 |
yum update -y |
5. 设置本地 DNS 服务器
在 CentOS 7 上配置 DNS,以便 Zimbra 可以解析本地域名。
5.1 安装 bind
|
1 |
yum install bind bind-utils -y |
配置 named.conf 文件: 编辑 /etc/named.conf,确保允许本地查询和设置相关区域。
5.2 配置 named.conf 文件
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 |
# cat /etc/named.conf // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // // See the BIND Administrator's Reference Manual (ARM) for details about the // configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html options { listen-on port 53 { 127.0.0.1; 192.168.61.161;}; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-query { localhost; 192.168.61.161; }; /* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. - If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface */ recursion yes; dnssec-enable yes; dnssec-validation yes; /* Path to ISC DLV key */ bindkeys-file "/etc/named.root.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; zone "test1138.com" { type master; file "test1138.com.zone"; }; zone "61.168.192.in-addr.arpa" IN { type master; file "61.168.192.in-addr.arpa.zone"; }; |
5.3 创建区域文件 /var/named/test1138.com.zone
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
# cat /var/named/test1138.com.zone $TTL 86400 @ IN SOA ns1.test1138.com. root.test1138.com. ( 2023083101 ; Serial 3600 ; Refresh 1800 ; Retry 604800 ; Expire 86400 ) ; Minimum TTL @ IN NS ns1.test1138.com. ns1 IN A 192.168.61.161 mail IN A 192.168.61.161 @ IN MX 10 mail.test1138.com. |
注意 .com 后面有 “.”
5.4 创建反向解析文件 /var/named/61.168.192.in-addr.arpa.zone
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
# cat /var/named/test1138.com.zone $TTL 86400 @ IN SOA ns1.test1138.com. root.test1138.com. ( 2023083101 ; Serial 3600 ; Refresh 1800 ; Retry 604800 ; Expire 86400 ) ; Minimum TTL @ IN NS ns1.test1138.com. ns1 IN A 192.168.61.161 mail IN A 192.168.61.161 @ IN MX 10 mail.test1138.com. [root@mail ~]# cat /var/named/61.168.192.in-addr.arpa.zone $TTL 86400 @ IN SOA ns1.test1138.com. root.test1138.com. ( 2023083101 ; Serial 3600 ; Refresh 1800 ; Retry 604800 ; Expire 86400 ) ; Minimum TTL @ IN NS ns1.test1138.com. 161 IN PTR mail.test1138.com. |
注意 .com 后面有 “.”
5.5 启动并启用 DNS 服务
|
1 2 |
systemctl start named systemctl enable named |
6. 安装 Zimbra Collaboration Suite (ZCS)
6.1 安装依赖包和工具包
|
1 |
yum install unzip net-tools sysstat openssh-clients perl-core libaio nmap-ncat libstdc++ wget -y |
6.2 下载 Zimbra 安装包
|
1 2 3 4 |
cd /root mkdir zimbra cd zimbra wget https://files.zimbra.com/downloads/8.8.15_GA/zcs-8.8.15_GA_3953.RHEL8_64.20200629025823.tgz |
6.3 解压并运行安装脚本
|
1 2 3 |
tar xf zcs-8.8.15_GA_3953.RHEL8_64.20200629025823.tgz cd zcs-8.8.15_GA_3953.RHEL8_64.20200629025823 ./install.sh |
6.4 安装配置
根据下面的内容选择Yes 或是 Y, N
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
Install zimbra-ldap [Y] Install zimbra-logger [Y] Install zimbra-mta [Y] Install zimbra-dnscache [Y] N Install zimbra-snmp [Y] Install zimbra-store [Y] Install zimbra-apache [Y] Install zimbra-spell [Y] Install zimbra-memcached [Y] Install zimbra-proxy [Y] Install zimbra-drive [Y] Install zimbra-imapd (BETA - for evaluation only) [N] Y Install zimbra-chat [Y] |
如果安装失败,提示没有找到到平台(platform),则再次运行
|
1 |
./install.sh --platform-override |
记住 admin 的密码,因为后面页面登录的时候需要使用
如果遇到下面的信息,因为现在还没有修改 dns,所以 输入N,跳过
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
Installing extra packages (5): zimbra-drive zimbra-patch zimbra-mta-patch zimbra-proxy-patch zimbra-chat ...done Running Post Installation Configuration: Installing zimbra-ldap-patch Operations logged to /tmp/zmsetup.20240831-091729.log Installing LDAP configuration database...done. Setting defaults...No results returned for A lookup of mail.test1138.com Checked nameservers: 192.168.61.2 No results returned for AAAA lookup of mail.test1138.com Checked nameservers: 192.168.61.2 DNS ERROR resolving mail.test1138.com It is suggested that the hostname be resolvable via DNS Change hostname [Yes] |
6.5 配置防火墙
|
1 2 |
firewall-cmd --permanent --add-port={25,80,110,143,443,465,587,993,995,5222,5223,9071,7071}/tcp firewall-cmd --reload |
7. 检查和修改系统配置
7.1 修改网路配置
如果只是本地测试,不上互联网,
修改一下 /etc/sysconfig/network-scripts/ifcfg-ens33 的 DNS1 为 192.168.61.161
网关不需要修改,保持不变
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
# cat /etc/sysconfig/network-scripts/ifcfg-ens33 TYPE="Ethernet" PROXY_METHOD="none" BROWSER_ONLY="no" BOOTPROTO="static" DEFROUTE="yes" IPV4_FAILURE_FATAL="no" IPV6INIT="yes" IPV6_AUTOCONF="yes" IPV6_DEFROUTE="yes" IPV6_FAILURE_FATAL="no" IPV6_ADDR_GEN_MODE="stable-privacy" NAME="ens33" UUID="d4a0f4ce-7d7d-4ac5-9aea-4e6a2dd0377c" DEVICE="ens33" ONBOOT="yes" IPADDR="192.168.61.161" NETMASK="255.255.255.0" GATEWAY="192.168.61.2" DNS1="192.168.61.161 PEERDNS="no" |
修改后,重启系统
7.2 修改 /etc/hosts
/etc/hosts 相当于手动修改 mail.test1138.com 的 dns 解析,这样即使 DNS 设置有问题,Zimbra 仍然可以解析主机名。
|
1 2 3 4 |
# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.61.161 mail.test1138.com |
7.3 检查 /etc/resolv.conf
|
1 2 3 4 |
cat /etc/resolv.conf # Generated by NetworkManager search test1138.com |
7.4 检查域名解析是否正确
解析 mail.test1138.com
|
1 |
dig mail.test1138.com |
下面是样例输出
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
# dig mail.test1138.com ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.16 <<>> mail.test1138.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19442 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;mail.test1138.com. IN A ;; ANSWER SECTION: mail.test1138.com. 86400 IN A 192.168.61.161 ;; AUTHORITY SECTION: test1138.com. 86400 IN NS ns1.test1138.com. ;; ADDITIONAL SECTION: ns1.test1138.com. 86400 IN A 192.168.61.161 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Sep 01 19:39:04 EDT 2024 ;; MSG SIZE rcvd: 96 |
上面内容显示解析到本机地址 192.168.61.161
使用 nslookup 测试
|
1 2 3 4 5 6 |
nslookup mail.test1138.com Server: 127.0.0.1 Address: 127.0.0.1#53 Name: mail.test1138.com Address: 192.168.61.161 |
8. 创建 Zimbra 用户
Zimbra 默认创建的用户 admin 可以管理 zimbra 也可以收发邮件,但是链接不一样
如果使用域名 mail.test1138.com 进行管理和收发邮件,需要管理员权限在windows 下的 hosts 里面添加一个域名解析
路径为 C:\Windows\System32\drivers\etc\hosts
内容样例为:
|
1 |
192.168.61.161 mail.test1138.com |
8.1 管理链接
https://mail.test1138.com:7071
这个链接只能 admin 用户登录,在这里添加新的用户和管理其他配置
admin 的邮件地址为 admin@mail.test1138.com
8.2 新用户登录链接
在例子中我们创建了两个测试用户,邮件地址分别如下:
sender@mail.test1138.com
receiver@mail.test1138.com
为了方便,你可以使用不同的浏览器分别登录这些用户,方便收发邮件。
9. 收发邮件
9.1 登录邮箱
登录邮箱的时候使用 https://mail.test1138.com 登录,记得使用邮件地址登录
9.2 发送邮件
登录后,点击新建邮件就会打开邮件窗口,输入收件人地址,标题,内容或者再添加附件,最后点击发送就可以。
9.3 接收邮件
登录好,选择收件箱,选择右边的刷新按钮,就可以接收邮件了。
10. 疑难杂症
10.1 如何查看 Zimbra 日志
日志目录在 /opt/zimbra/log/
可以通过查看 /opt/zimbra/log/mailbox.log 知道发送和接收的情况
10.2 如何重启 Zimbra
|
1 |
zmcontrol restart |
zmcontrol stop # 停止
zmcontrol start # 运行
10.3 禁用一下模块
比如一些病毒模块,反垃圾模块等
通过如下的命令,可以查看已经开通了哪些模块:
|
1 2 |
su - zimbra zmprov gs zmhostname | grep zimbraServiceEnabled |
样例如下:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
$ zmprov gs `zmhostname` | grep zimbraServiceEnabled zimbraServiceEnabled: amavis zimbraServiceEnabled: antivirus zimbraServiceEnabled: antispam zimbraServiceEnabled: opendkim zimbraServiceEnabled: logger zimbraServiceEnabled: service zimbraServiceEnabled: zimbra zimbraServiceEnabled: zimbraAdmin zimbraServiceEnabled: zimlet zimbraServiceEnabled: mailbox zimbraServiceEnabled: memcached zimbraServiceEnabled: mta zimbraServiceEnabled: stats zimbraServiceEnabled: proxy zimbraServiceEnabled: imapd zimbraServiceEnabled: snmp zimbraServiceEnabled: ldap zimbraServiceEnabled: spell |
如果要禁用病毒模块,反垃圾模块,则如下命令:
|
1 2 3 4 |
zmprov ms `zmhostname` -zimbraServiceEnabled antivirus zmprov ms `zmhostname` -zimbraServiceEnabled amavis zmprov ms `zmhostname` -zimbraServiceEnabled antispam zmcontrol restart |
也可以使用 admin 登录 https://mail.test1138.com:7071
菜单顺序:
Home-> Configure -> Servers
双击 mail.test1138.com 后会弹出新的页面
点击左边的 Services , 在右边的页面里的 Enabled services 不选中 Anti-Spam, Anti-Virus
点击右边的 Save 保持
如下图所示:
10.4 允许加密文档上传
默认是不让加密文档上传的
使用 admin 登录 https://mail.test1138.com:7071
菜单顺序:
Home-> Configure -> Global Settings -> AS/AV
在右边的页面里不选中 Block encrypted archives
点击右边的 Save 保持,如下图所示:
10.5 修改 MTA 地址
菜单顺序:
Home-> Configure -> Servers
双击 mail.test1138.com 后会弹出新的页面
点击左边的 MTA , 在右边的页面里的 Network 下面的 Web mail MTA hostnames 输入你的MTA的IP地址 192.168.61.163 或是域名就可以
点击右边的 Save 保持,如下图所示:
