Beta 1 Install Notes So Far

Zimbra Collaboration 8.8 Beta
User avatar
L. Mark Stone
Ambassador
Ambassador
Posts: 2793
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine, US
ZCS/ZD Version: 10.0.6 Network Edition
Contact:

Beta 1 Install Notes So Far

Post by L. Mark Stone »

Here are my Beta notes so far... I am setting up a four-server test farm: NextCloud server, plus Zimbra Proxy/LDAP Master; Zimbra MTA/LDAP Replica; Zimbra Mailstore1 + Logger

NextCloud installed OK; don't use the SNAP packaging and you'll need to do some Apache tweaking to get an A+ on the Qualys SSL test.

Zimbra installed OK on the Proxy and the MTA, but I've paused the install on the mailbox server because the installer is asking:

Code: Select all

Install zimbra-network-modules-ng [Y]
and I have no idea what that is, nor does a Google search.

So I have two questions please:

1. What is this zimbra-network-modules-ng package for so I can decide whether to install it, and;
2. After I click through my answer to 1. above, will I presented with any other new packages to consider installing?

Thanks!

All the best,
Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
User avatar
jorgedlcruz
Zimbra Alumni
Zimbra Alumni
Posts: 2782
Joined: Thu May 22, 2014 4:47 pm

Re: Beta 1 Install Notes So Far

Post by jorgedlcruz »

Hi Mark,
You are installing Network Edition right? Zimbra Network Modules Next Generation are the new modules included in Network Edition.

After the installation is done, and you selected Y on that option, you need to do this as well:

Code: Select all

zmprov ms `zmhostname` zimbraNetworkModulesNGEnabled TRUE          
zmmailboxdctl restart
After that, you will find a new option on the Admin Console, I will write a wiki about it during weekend maybe.

Best regards
Jorge de la Cruz https://jorgedelacruz.es
Systems Engineer at Veeam Software https://www.veeam.com/
User avatar
L. Mark Stone
Ambassador
Ambassador
Posts: 2793
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine, US
ZCS/ZD Version: 10.0.6 Network Edition
Contact:

Re: Beta 1 Install Notes So Far

Post by L. Mark Stone »

jorgedlcruz wrote:Hi Mark,
You are installing Network Edition right? Zimbra Network Modules Next Generation are the new modules included in Network Edition.

After the installation is done, and you selected Y on that option, you need to do this as well:

Code: Select all

zmprov ms `zmhostname` zimbraNetworkModulesNGEnabled TRUE          
zmmailboxdctl restart
After that, you will find a new option on the Admin Console, I will write a wiki about it during weekend maybe.

Best regards
Yes, Network Edition.

Will this allow me to use Amazon S3 now?

Thanks Jorge!
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
User avatar
L. Mark Stone
Ambassador
Ambassador
Posts: 2793
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine, US
ZCS/ZD Version: 10.0.6 Network Edition
Contact:

Re: Beta 1 Install Notes So Far

Post by L. Mark Stone »

More Notes...

The default Zimbra install only gets a "A" grade on the Qualys SSL labs, and the Wiki for getting an A+ now longer works. Qualys has identified three ciphers in use by Zimbra that are weak; once I excluded those ciphers I was able to get an A+. Here's what I did:

Code: Select all

zimbra@zmail:/tmp$ zmprov gcf zimbraSSLExcludeCipherSuites
zimbraSSLExcludeCipherSuites: .*_RC4_.*
zimbra@zmail:/tmp$ zmprov mcf +zimbraSSLExcludeCipherSuites TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
zimbra@zmail:/tmp$ zmprov mcf +zimbraSSLExcludeCipherSuites TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA  
zimbra@zmail:/tmp$ zmprov mcf +zimbraSSLExcludeCipherSuites TLS_RSA_WITH_3DES_EDE_CBC_SHA    
zimbra@zmail:/tmp$ zmprov gcf zimbraSSLExcludeCipherSuites
zimbraSSLExcludeCipherSuites: .*_RC4_.*
zimbraSSLExcludeCipherSuites: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
zimbraSSLExcludeCipherSuites: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
zimbraSSLExcludeCipherSuites: TLS_RSA_WITH_3DES_EDE_CBC_SHA
zimbra@zmail:/tmp$ zmcontrol restart; sleep 5; zmcontrol status
Host zmail.reliablenetworks.com
	Stopping vmware-ha...Done.
	Stopping zmconfigd...Done.
	Stopping zimlet webapp...Done.
	Stopping zimbraAdmin webapp...Done.
	Stopping zimbra webapp...Done.
	Stopping service webapp...Done.
	Stopping stats...Done.
	Stopping spell...Done.
	Stopping snmp...Done.
	Stopping cbpolicyd...Done.
	Stopping archiving...Done.
	Stopping opendkim...Done.
	Stopping amavis...Done.
	Stopping antivirus...Done.
	Stopping antispam...Done.
	Stopping proxy...Done.
	Stopping memcached...Done.
	Stopping mailbox...Done.
	Stopping logger...Done.
	Stopping dnscache...Done.
	Stopping ldap...Done.
Host zmail.reliablenetworks.com
	Starting ldap...Done.
	Starting zmconfigd...Done.
	Starting memcached...Done.
	Starting proxy...Done.
	Starting snmp...Done.
	Starting stats...Done.
Host zmail.reliablenetworks.com
	ldap                    Running
	memcached               Running
	proxy                   Running
	snmp                    Running
	stats                   Running
	zmconfigd               Running
zimbra@zmail:/tmp$ 
Hope that helps,
Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
User avatar
jorgedlcruz
Zimbra Alumni
Zimbra Alumni
Posts: 2782
Joined: Thu May 22, 2014 4:47 pm

Re: Beta 1 Install Notes So Far

Post by jorgedlcruz »

Hi Mark,
The Wiki to obtain the A+ in Zimbra 8.8 works, I just tried once again, however I'm using a single server, and I see you are trying a proxy server only, maybe that's the issue, if you can narrow more the issue, we can update the Wiki for a Multi-Server Environment.
https://www.ssllabs.com/ssltest/analyze ... .zimbra.io

However it tags the ciphers you mentioned as weak, but still give the A+

Best regards
Jorge de la Cruz https://jorgedelacruz.es
Systems Engineer at Veeam Software https://www.veeam.com/
User avatar
L. Mark Stone
Ambassador
Ambassador
Posts: 2793
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine, US
ZCS/ZD Version: 10.0.6 Network Edition
Contact:

Re: Beta 1 Install Notes So Far

Post by L. Mark Stone »

jorgedlcruz wrote:Hi Mark,
The Wiki to obtain the A+ in Zimbra 8.8 works, I just tried once again, however I'm using a single server, and I see you are trying a proxy server only, maybe that's the issue, if you can narrow more the issue, we can update the Wiki for a Multi-Server Environment.
https://www.ssllabs.com/ssltest/analyze ... .zimbra.io

However it tags the ciphers you mentioned as weak, but still give the A+

Best regards
So I reran the test of our beta system against your link and surprisingly I now get an A+. Further, the only difference I see between your test results and mine (aside from ours being faster... :-) ) is the section regarding DROWN, where we get a chart and you didn't. From the expanded explanation, I don't think that's a problem. Screencap below.

Thanks, and all the best,
Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
User avatar
jorgedlcruz
Zimbra Alumni
Zimbra Alumni
Posts: 2782
Joined: Thu May 22, 2014 4:47 pm

Re: Beta 1 Install Notes So Far

Post by jorgedlcruz »

Good to know Mark!
Well my servers are in the UK, and possibly this test cluster is in the US or so.

Good to know that you have an A+ now.

Keep the feedback coming
Jorge de la Cruz https://jorgedelacruz.es
Systems Engineer at Veeam Software https://www.veeam.com/
User avatar
L. Mark Stone
Ambassador
Ambassador
Posts: 2793
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine, US
ZCS/ZD Version: 10.0.6 Network Edition
Contact:

Re: Beta 1 Install Notes So Far

Post by L. Mark Stone »

jorgedlcruz wrote:Good to know Mark!
Well my servers are in the UK, and possibly this test cluster is in the US or so.

Good to know that you have an A+ now.

Keep the feedback coming
Yes, all our hosting is 100% U.S. of A...

Tweaking the NextCloud server and then will do more testing this week.

All the best,
Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
User avatar
L. Mark Stone
Ambassador
Ambassador
Posts: 2793
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine, US
ZCS/ZD Version: 10.0.6 Network Edition
Contact:

Re: Beta 1 Install Notes So Far

Post by L. Mark Stone »

Configured the NextCloud server OK last night but can't enable the Zimbra Drive App in NextCloud as we have a NextCloud 12 installation and the Zimbra Drive app is only for NextCloud 9-11 at the moment.

Jorge, can we get the Zimbra Drive app updated to support NextCloud 12?

We'll test other stuff in ZCS 8.8 Beta but this is a key feature for us.

Thanks!
Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
User avatar
L. Mark Stone
Ambassador
Ambassador
Posts: 2793
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine, US
ZCS/ZD Version: 10.0.6 Network Edition
Contact:

Re: Beta 1 Install Notes So Far

Post by L. Mark Stone »

We changed the Admin email on installation, as well as the default domain, but it doesn't "take" for these settings:

Code: Select all

zimbra@mb5:~$ zmlocalconfig | grep smtp_ | grep admin
smtp_destination = admin@mb5.reliablenetworks.com
smtp_source = admin@mb5.reliablenetworks.com
So we change them and all is good (Need to do this on all servers in the hosting farm):

Code: Select all

zimbra@mb5:~$ zmlocalconfig -e smtp_destination='admin995@reliablenetworks.com'
zimbra@mb5:~$ zmlocalconfig -e smtp_source='admin995@reliablenetworks.com'
zimbra@mb5:~$ zmlocalconfig | grep smtp_ | grep admin
smtp_destination = admin995@reliablenetworks.com
smtp_source = admin995@reliablenetworks.com
Would be nice if the installer set these to match, or if this extra step were documented in the release notes.

All the best,
Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
Locked