Maldua's Zimbra FOSS Builds - Share your feedback

Ask questions about your setup or get help installing ZCS server (ZD section below).
Post Reply
User avatar
adrian.gibanel.btactic
Outstanding Member
Outstanding Member
Posts: 200
Joined: Thu Jan 30, 2014 11:13 am

Re: Maldua's Zimbra FOSS Builds - Share your feedback

Post by adrian.gibanel.btactic »

liverpoolfcfan wrote: Tue May 14, 2024 1:05 pm It is quite weird what the installation script is doing.

I have a LetsEncrypt certificate on my test server. I put the LetsEncrypt CA certificates (X1-Root, X2-Root, E1) into the file /opt/zimbra/conf/ca/ca.pem
Well, that's the standard behaviour. You should install the LetsEncrypt certificate (including its CA) as if it was a commercial certificate instead.
liverpoolfcfan
Elite member
Elite member
Posts: 1138
Joined: Sat Sep 13, 2014 12:47 am

Re: Maldua's Zimbra FOSS Builds - Share your feedback

Post by liverpoolfcfan »

adrian.gibanel.btactic wrote: Wed May 22, 2024 4:21 pm Well, that's the standard behaviour. You should install the LetsEncrypt certificate (including its CA) as if it was a commercial certificate instead.
I have done that too.

It just doesn't make sense to test the validity of the CA/certificate in place, then ignore the fact it is valid and go ahead and create a new CA and a new certificate to overwrite them anyway.
User avatar
adrian.gibanel.btactic
Outstanding Member
Outstanding Member
Posts: 200
Joined: Thu Jan 30, 2014 11:13 am

Re: Maldua's Zimbra FOSS Builds - Share your feedback

Post by adrian.gibanel.btactic »

liverpoolfcfan wrote: Thu May 23, 2024 8:17 am
adrian.gibanel.btactic wrote: Wed May 22, 2024 4:21 pm Well, that's the standard behaviour. You should install the LetsEncrypt certificate (including its CA) as if it was a commercial certificate instead.
I have done that too.

It just doesn't make sense to test the validity of the CA/certificate in place, then ignore the fact it is valid and go ahead and create a new CA and a new certificate to overwrite them anyway.
Sorry, I cannot help you. I recommend you to check the actual source code behind those commands and if you think that behaviour is not ok you can always open a thread in Developers forum and complain there so that they fix or that they explain what it was designed like that in the first place.

The only thing it makes sense to me is that using the Zimbra installations to generate a new self-signed certificate diminishes the self-certificate being expired.
halfgaar
Outstanding Member
Outstanding Member
Posts: 202
Joined: Sat Sep 13, 2014 12:54 am
Location: Netherlands
ZCS/ZD Version: Ubuntu 18.04, 8.8.15_P43
Contact:

Re: Maldua's Zimbra FOSS Builds - Share your feedback

Post by halfgaar »

liverpoolfcfan wrote: Thu May 23, 2024 8:17 am
adrian.gibanel.btactic wrote: Wed May 22, 2024 4:21 pm Well, that's the standard behaviour. You should install the LetsEncrypt certificate (including its CA) as if it was a commercial certificate instead.
I have done that too.

It just doesn't make sense to test the validity of the CA/certificate in place, then ignore the fact it is valid and go ahead and create a new CA and a new certificate to overwrite them anyway.
Can you show your commands to confirm? It would be something like:

Code: Select all

cp privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key
cp chain.pem /tmp
cp cert.pem /tmp

chown zimbra:zimbra /tmp/chain.pem /tmp/cert.pem

sudo -u zimbra /opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/cert.pem /tmp/chain.pem
Then 'zmcontrol restart' perhaps. I have a pet peeve against software that needs restarts for these kinds of thing. I would be OK with manually installing LE cert every three months if that wasn't required.
Consider seriously: because of the history of exploits: block Zimbra web interface with VPN, firewall or HTTP proxy.
User avatar
adrian.gibanel.btactic
Outstanding Member
Outstanding Member
Posts: 200
Joined: Thu Jan 30, 2014 11:13 am

Re: Maldua's Zimbra FOSS Builds - Share your feedback

Post by adrian.gibanel.btactic »

Hello,

Maldua's Zimbra 10.1.0 FOSS Builds have just been released.

Please share your experience when upgrading or installing from scratch.

Versions:
  • 10.1.0
Platforms:
  • RHEL7 (Red Hat Enterprise Linux 7, Oracle Linux 7, CentOS 7)
  • RHEL8 (Red Hat Enterprise Linux 8, Oracle Linux 8, CentOS 8, Rocky Linux 8)
  • Ubuntu 18.04
  • Ubuntu 20.04
  • Ubuntu 22.04 (Flagged as beta as the NE Ubuntu 22.04 download is also flagged as beta).

Thank you very much!

Notes:
  • These are recent releases. They will become stable releases when after 15 days of being public there has not been any major negative feedback.
  • This is not an official Zimbra/Synacor build.
  • Apparently no more patches will be provided by Synacor for Ubuntu 18.04 so I might remove that platform from future builds so that sysadmins consider migrating to Ubuntu 20.04. Update: Zimbra 10.1.0 has an official ZCS 10.1.0 NE for Ubuntu 18.04 so let's keep it anyways.
Known bugs:
Last edited by adrian.gibanel.btactic on Tue Aug 13, 2024 1:18 pm, edited 5 times in total.
halfgaar
Outstanding Member
Outstanding Member
Posts: 202
Joined: Sat Sep 13, 2014 12:54 am
Location: Netherlands
ZCS/ZD Version: Ubuntu 18.04, 8.8.15_P43
Contact:

Re: Maldua's Zimbra FOSS Builds - Share your feedback

Post by halfgaar »

I just tested 'zcs-10.1.0_GA_4200000.UBUNTU18_64.20240719155652.tgz' on a copy of my installation, which is the Ian 10.0.6 semi-dev version (from techfiles.online). Preliminary tests are good:
  • It installs fine. The LDAP attribute problems of 10.0.8 when installing didn't happen on this version. I successfully said: Updating zimbraLDAPSchemaVersion to version '1717060748'.
  • Initial just browsing around and looking at e-mail seems to work. More testing needs to be done.
This is Ubuntu 18.04, which I still need to upgrade. The public wiki on Ubuntu upgrades doesn't have instructions for this; I'm hoping it's not too dissimilar from before.
Consider seriously: because of the history of exploits: block Zimbra web interface with VPN, firewall or HTTP proxy.
uxbod
Ambassador
Ambassador
Posts: 7835
Joined: Fri Jul 17, 2020 1:29 pm

Re: Maldua's Zimbra FOSS Builds - Share your feedback

Post by uxbod »

Watching patiently as would like to use Ubuntu 22.04 so have a long term platform. Thank you for the hard work 🙏
User avatar
adrian.gibanel.btactic
Outstanding Member
Outstanding Member
Posts: 200
Joined: Thu Jan 30, 2014 11:13 am

Re: Maldua's Zimbra FOSS Builds - Share your feedback

Post by adrian.gibanel.btactic »

strengthandmind wrote: Sat Jul 20, 2024 12:13 pm Watching patiently as would like to use Ubuntu 22.04 so have a long term platform. Thank you for the hard work 🙏
I have built the 10.1.0 release for Ubuntu 22.04. It's flagged as beta as per the NE download being flagged as beta).

I have not tested it at all.

So your feedback is highly appreciated.
Last edited by adrian.gibanel.btactic on Tue Jul 30, 2024 1:17 pm, edited 1 time in total.
User avatar
adrian.gibanel.btactic
Outstanding Member
Outstanding Member
Posts: 200
Joined: Thu Jan 30, 2014 11:13 am

Re: Maldua's Zimbra FOSS Builds - Share your feedback

Post by adrian.gibanel.btactic »

halfgaar wrote: Fri Jul 19, 2024 9:26 pm The LDAP attribute problems of 10.0.8 when installing didn't happen on this version. I successfully said: Updating zimbraLDAPSchemaVersion to version '1717060748'.
Well, that makes sense. This is one of the few occasions where the LDAPSchemaVersion from a tagged version is higher or equal than a few weeks old snapshot of the dev branch. This is brand new.
halfgaar
Outstanding Member
Outstanding Member
Posts: 202
Joined: Sat Sep 13, 2014 12:54 am
Location: Netherlands
ZCS/ZD Version: Ubuntu 18.04, 8.8.15_P43
Contact:

Re: Maldua's Zimbra FOSS Builds - Share your feedback

Post by halfgaar »

For the next test step, I tried upgrading my Ubuntu and go from 'zcs-10.1.0_GA_4200000.UBUNTU18_64.20240719155652' to 'zcs-10.1.0_GA_4200000.UBUNTU20_64.20240719155625'. I tried the normal 'install.sh', but also the 'install.sh --software-only' method as described on the wiki, which involves placing back your local config and running '/opt/zimbra/libexec/zmsetup.pl'. Both had the same result, of ldap issues.

The config menu fails on everything ldap. I'll show part of it:

Code: Select all

# /opt/zimbra/libexec/zmsetup.pl                                                                                                       
Operations logged to /tmp/zmsetup.20240728-163918.log                                                                                  
Installing LDAP configuration database...done.                                                                                         
Setting defaults...                                                                                                                    
                                                                                                                                       
DNS ERROR resolving MX for meel.halfgaar.net                                                                                           
It is suggested that the domain name have an MX record configured in DNS      
Change domain name? [Yes] no                                                                                                           
done.                                                                                                                                  
Checking for port conflicts                                                                                                            
Port conflict detected: 53 (zimbra-dnscache)                                                                                           
Port conflicts detected! - Press Enter/Return key to continue                                                                          
Checking ldap status....not running.                                                                                                   
Starting ldap...done.                                                                                                                  
Setting defaults from ldap...done.                                                                                                     
                                                                                                                                       
Main menu                                                                                                                              
                                                                                                                                       
   1) Common Configuration:                                                           
        +Hostname:                             meel.halfgaar.net                                                                       
        +Ldap master host:                     meel.halfgaar.net              
        +Ldap port:                            389                            
******* +Ldap Admin password:                  Not Verified                   
        +Store ephemeral attributes outside Ldap: yes                           
        +Value for zimbraEphemeralBackendURL:  ldap://default                 
        +Secure interprocess communications:   yes                                   
        +TimeZone:                             Europe/Berlin                  
        +IP Mode:                              ipv4                           
        +Default SSL digest:                   sha256                        
                                                                                                                                       
   2) zimbra-ldap:                             Enabled                       
        +Create Domain:                        yes                            
        +Domain to create:                     halfgaar.net                   
        +Ldap root password:                   set                            
        +Ldap replication password:            set                            
******* +Ldap postfix password:                Not Verified                   
******* +Ldap amavis password:                 Not Verified                   
******* +Ldap nginx password:                  Not Verified                   
******* +Ldap Bes Searcher password:           Not Verified
That MX error seems unrelated, nor do I want an MX record on that subdomain.

The log is filled with stuff like:

Code: Select all

Sun Jul 28 16:39:53 2024 Checking ldap on meel.halfgaar.net:389
Sun Jul 28 16:39:53 2024 Unable to bind to ldap://meel.halfgaar.net:389 with user uid=zmbes-searcher,cn=appaccts,cn=zimbra:
Sun Jul 28 16:39:53 2024 Couldn't bind to meel.halfgaar.net as uid=zmbes-searcher,cn=appaccts,cn=zimbra
Sun Jul 28 16:39:53 2024 Checking ldap on meel.halfgaar.net:389
Sun Jul 28 16:39:53 2024 Unable to bind to ldap://meel.halfgaar.net:389 with user uid=zmnginx,cn=appaccts,cn=zimbra:
Sun Jul 28 16:39:53 2024 Couldn't bind to meel.halfgaar.net as uid=zmnginx,cn=appaccts,cn=zimbra
Sun Jul 28 16:39:53 2024 Checking ldap on meel.halfgaar.net:389
Sun Jul 28 16:39:53 2024 Unable to bind to ldap://meel.halfgaar.net:389 with user uid=zmpostfix,cn=appaccts,cn=zimbra:
Sun Jul 28 16:39:53 2024 Couldn't bind to meel.halfgaar.net as uid=zmpostfix,cn=appaccts,cn=zimbra
So far, I haven't found the fix/cause.
Consider seriously: because of the history of exploits: block Zimbra web interface with VPN, firewall or HTTP proxy.
Post Reply