Zimbra 10 FOSS Installation Guide

[innotelinc]

****** UPDATED GUIDE RIGHT HERE *******


Hello everyone, it's been a while! Good to see many who've made progress on this script here is the updated version for 10.1.7. I tested it myself the repos have been updated and all works well, this is just for installation only. This does not include getting a lets encrypt certificate which can be found in the first post.

This has been updated for Ubuntu 22.04 as of 4/29/2025

So here we go!


I will use my test domain mx.innotel.us for demonstration purposes which is a live server.

Code: Select all

cd /usr/src

#Install Deps Ubuntu
apt update && apt -y upgrade
apt -y install gcc make g++ openssl libxml2-dev perl net-tools gnupg2 locate mlocate git software-properties-common openjdk-8-jdk ant ant-optional ruby git maven build-essential

#Stop & Remove Postfix
systemctl stop postfix
apt -y remove postfix

#Install Webmin for Administration
cd /usr/src
wget https://www.webmin.com/download/deb/webmin-current.deb
dpkg -i webmin-current.deb
apt -fy install

#Set Hostname
hostnamectl set-hostname mx.innotel.us --static

#Disable Firewall & Reboot
systemctl stop ufw
systemctl disable ufw

reboot

Reboot your system for settings to take effect

Code: Select all

#Install Zimbra

#Update Packages
apt update


#Disable systemd-resolved Stub
sudo sed -r -i.orig 's/#?DNSStubListener=yes/DNSStubListener=no/g' /etc/systemd/resolved.conf
sudo systemctl disable systemd-resolved
sudo systemctl stop systemd-resolved
sudo unlink /etc/resolv.conf
echo -e "nameserver 127.0.0.1\nnameserver 1.1.1.1" | sudo tee /etc/resolv.conf

apt -y install dnsmasq


unlink /etc/dnsmasq.conf

tee /etc/dnsmasq.conf<<EOF
server=1.1.1.1
listen-address=127.0.0.1
domain=innotel.us
mx-host=innotel.us,mx.innotel.us,0
address=/mx.innotel.us/192.168.1.194
EOF

service dnsmasq restart

#Edit Hosts
nano /etc/hosts

127.0.0.1 localhost.localdomain localhost
::1 localhost.localdomain localhost
192.168.1.194 mx.innotel.us mx

sudo tee -a /etc/sysctl.conf<<EOF
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
EOF

sudo sysctl -p

#Make sure Iptables is disabled

systemctl stop iptables
systemctl disable iptables
systemctl stop ip6tables
systemctl disable ip6tables
iptables -F

reboot

Reboot your system again for settings to take effect before final installation.

Code: Select all

#Install Zimbra
cd /usr/src
wget https://repo.innotel.us/zcs-10.1.7_GA_1000.UBUNTU22_64.20250429174407.tgz
tar zxf zcs-10.1.7_GA_1000.UBUNTU22_64.20250429174407.tgz
cd zcs-10.1.7_GA_1000.UBUNTU22_64.20250429174407
./install.sh

N for zimbra-dnscache Package
N for OnlyOffice Package

7,4 <set password>
1,7,37 <set timezone> (America/New_York)
r,a,Yes,[Enter],[Enter],Yes <complete setup>


#Redirect to HTTPS only
su zimbra
zmprov ms `zmhostname` zimbraReverseProxyMailMode redirect
zmprov ms mail.innotel.us zimbraMtaLmtpHostLookup native
zmprov mcf zimbraMtaLmtpHostLookup native
zmproxyctl restart
exit

#Optional - Create Swap
dd if=/dev/zero of=/opt/zimbra/1024Mb.swap bs=1M count=1024
chmod 600 /opt/zimbra/1024Mb.swap
mkswap /opt/zimbra/1024Mb.swap
swapon /opt/zimbra/1024Mb.swap

#Install LetsEncrypt SSL Certificate
cd /usr/src
apt update
apt -y install python3 python3-venv libaugeas0 libaugeas-dev python3-pip

apt -y remove certbot
python3 -m venv /opt/certbot/
/opt/certbot/bin/pip install --upgrade pip
/opt/certbot/bin/pip install certbot certbot-apache
ln -s /opt/certbot/bin/certbot /usr/bin/certbot

#Automatic renewal setup
echo "0 0,12 * * * root /opt/certbot/bin/python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew --force-renewal --preferred-chain "ISRG Root X1"" | tee -a /etc/crontab > /dev/null

#Monthly Update for Certbot
/opt/certbot/bin/pip install --upgrade certbot certbot-apache

#If errors
sudo rm -rf /opt/certbot

#Stop Zimbra Mailbox & Proxy
su zimbra
zmproxyctl stop
zmmailboxdctl stop
exit

#Request Certificate

##ENABLE HTTP SERVICE ON ZIMBRA IF NECESSARY FOR CERTBOT
# sudo su - zimbra
# zmprov ms `zmhostname` zimbraReverseProxySSLToUpstreamEnabled FALSE
# /opt/zimbra/libexec/zmproxyconfig -e -w -o -a 8080:80:8443:443 -x both -H  mx.innotel.us
# zmcontrol  stop 
# zmcontrol start
# exit

certbot certonly --key-type rsa --preferred-chain "ISRG Root X1" --standalone -d mx.innotel.us


#PrivKey
/etc/letsencrypt/live/mx.innotel.us/privkey.pem

#Cert
/etc/letsencrypt/live/mx.innotel.us/fullchain.pem


#Add ISRG Root Certificate
wget --no-check-certificate -O /tmp/ISRG-X1.pem https://letsencrypt.org/certs/isrgrootx1.pem.txt
cat /tmp/ISRG-X1.pem >> /etc/letsencrypt/live/mx.innotel.us/fullchain.pem


#Make Lets Encrypt Zimbra Directory
mkdir /opt/zimbra/ssl/letsencrypt
cp /etc/letsencrypt/live/mx.*/* /opt/zimbra/ssl/letsencrypt/


#Set Permissions
chown zimbra:zimbra /opt/zimbra/ssl/letsencrypt/*


#Verify Certificate
su zimbra
cd /opt/zimbra/ssl/letsencrypt
/opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem fullchain.pem


#Make Backup & Create Commercial Key
cp -a /opt/zimbra/ssl/zimbra /opt/zimbra/ssl/zimbra.$(date "+%Y%m%d")
cp /opt/zimbra/ssl/letsencrypt/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key


#Deploy Certificate
/opt/zimbra/bin/zmcertmgr deploycrt comm cert.pem fullchain.pem


#Start Zimbra Mailbox & Proxy
zmproxyctl start
zmmailboxdctl start
exit


#Remove Unnecessary files
apt -y autoremove


#If you receive snap loop messages or emails
#Disable snap reporting emails
df -Th #Check for /dev/loop and edit the line below to fit the number of loops
su - zimbra 
zmlocalconfig -e zmstat_df_excludes='/dev/loop0:/dev/loop1:/dev/loop2:/dev/loop3:/dev/loop4:/dev/loop5:/dev/loop6'
zmstatctl restart 
exit

swapoff -a

Extra bonus to add zextras theme

Code: Select all

#Add Zextras Zimbra Theme

cd /usr/src
wget https://repo.innotel.us/zextras-theme-ubuntu.tgz
unzip zextras-theme-ubuntu.tgz
cd zextras-theme-installer
chmod +x install.sh
./install.sh <enter> <enter>

su - zimbra -c 'zmskindeploy /opt/zimbra/jetty/webapps/zimbra/skins/zextras/'

Any questions feel free to reach out.

Also if you just wanted to build it on your system follow these instructions below

Code: Select all

cd /usr/src
mkdir installer-build
cd installer-build
git clone --depth 1 --branch 10.1.6 https://github.com/Zimbra/zm-build.git
cd zm-build
ENV_CACHE_CLEAR_FLAG=true ./build.pl --ant-options -DskipTests=true --git-default-tag=10.1.7,10.1.6,10.1.5,10.1.4,10.1.3,10.1.2,10.1.1,10.1.0 --build-release-no=10.1.7 --build-type=FOSS --build-release=DAFFODIL --build-release-candidate=GA --build-thirdparty-server=files.zimbra.com --no-interactive

[popsmile]

Thank you for share

[tunguyen1080]

Hi Darnel!

I have successfully installed your zimbra 10 foss. All services are running but when I upload the text file, the document cannot be processed with onlyoffice. Can you help me fix it

Code: Select all

  
  	amavis                  Running
        antispam                Running
        antivirus               Running
        ldap                    Running
        logger                  Running
        mailbox                 Running
        memcached               Running
        mta                     Running
        onlyoffice              Running
        opendkim                Running
        proxy                   Running
        service webapp          Running
        snmp                    Running
        spell                   Running
        stats                   Running
        zimbra webapp           Running
        zimbraAdmin webapp      Running
        zimlet webapp           Running
        zmconfigd               Running

Code: Select all

HTTP ERROR 400 unsupported format
URI:	/service/home/admin@abc123.com/Briefcase/check.docx
STATUS:	400
MESSAGE:	unsupported format
SERVLET:	UserServlet

[innotelinc]

I'm getting this same error as well it seems to have something to do with the url linking /service/home without that part it would work correctly have to dig into the code, im new at this so please bear with me.

[umashankar.avagadda]

Hi Darnel!

I have successfully installed your zimbra 10 foss. All services are running but when I upload the text file, the document cannot be processed with onlyoffice. Can you help me fix it

Code: Select all

  
  	amavis                  Running
        antispam                Running
        antivirus               Running
        ldap                    Running
        logger                  Running
        mailbox                 Running
        memcached               Running
        mta                     Running
        onlyoffice              Running
        opendkim                Running
        proxy                   Running
        service webapp          Running
        snmp                    Running
        spell                   Running
        stats                   Running
        zimbra webapp           Running
        zimbraAdmin webapp      Running
        zimlet webapp           Running
        zmconfigd               Running

Code: Select all

HTTP ERROR 400 unsupported format
URI:	/service/home/admin@abc123.com/Briefcase/check.docx
STATUS:	400
MESSAGE:	unsupported format
SERVLET:	UserServlet

OnlyOffice is supported in the Network Edition.

[innotelinc]

That would solve that issue. I've created a new build for 10.0.4 at http://repo.innotel.us/zcs-10.0.4_GA_10 ... 123303.tgz

[Rusi]

Hi Folks!

I just registered now, to tell you a big THANKS!
Especcially to innotelinc for the great job!

On the main page it is writen: 10.0.4_GA_1000.NETWORK
However:
zmcontrol -v
Release 10.0.4.GA.1000.UBUNTU20.64 UBUNTU20_64 FOSS edition.

??

[asark]

A great guide!

Has anyone used the build from here? https://zintalio.com/

[Rusi]

A great guide!

Has anyone used the build from here? https://zintalio.com/

Hello,

Yes I tried. I got a link from them... Unfortunately it was not working. I do not have instructions of the installation like do by innotelinc...
It has some problem with the ldap database, and also some packages were missing....

Maybe I made some mistakes, I tried several times...

[H_Rocky]

I'm building my own builds for RHEL 8 and Ubuntu 20.04. I build both 9.0 and 10. You can try: https://drive.janskolnik.net/s/cyjYjzkHT9nqGgQ