zimbra use existing cert

Use existing private key:
cp private.key /opt/zimbra/ssl/zimbra/commercial/commercial.key

copy all cert file to /opt/zimbra/ssl/cert

Verify:
/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/zimbra/ssl/cert/485c010124755ddb.crt /opt/zimbra/ssl/cert/gd_bundle-g2-g1.crt

Deploy:
/opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/ssl/cert/485c010124755ddb.crt /opt/zimbra/ssl/cert/gd_bundle-g2-g1.crt

View:
/opt/zimbra/bin/zmcertmgr viewdeployedcrt

zmcontrol restart

OR create new private key:
/opt/zimbra/bin/zmcertmgr createcsr comm -new -subject “/C=HK/ST=HK/L=HK/O=Zimbra/OU=Zimbra Collaboration Suite/CN=mail.domain.com” -subjectAltNames mail.domain.com

zimbra relay by destination domain without authentication

List Current setting
zmprov gcf zimbraMtaTransportMaps
zimbraMtaTransportMaps: proxy:ldap:/opt/zimbra/conf/ldap-transport.cf

Add destination domain to relay server or deny
vi /opt/zimbra/common/conf/transport
destination.com :xxx.xxx.xxx.xxx
dontsendto.com error:We don’t allow send to dontsendto.com

postmap /opt/zimbra/common/conf/transport

Add “lmdb:/opt/zimbra/common/conf/transport” in to zimbraMtaTransportMaps
zmprov ms mail.abc.com zimbraMtaTransportMaps “lmdb:/opt/zimbra/common/conf/transport,proxy:ldap:/opt/zimbra/conf/ldap-transport.cf”

zmcontrol restart

Bind mail control

SPF

    1. IN TXT “v=spf1 ip4:123.123.123.1 ip4:123.123.123.2 -all”

DMARC
_dmarc IN TXT “v=DMARC1;p=quarantine;rua=mailto:rua@abc.com;ruf=mailto:ruf@abc.com”

DKIM
F4EEC778-4C21-11EA-AD84-83DCF040F65E._domainkey IN TXT ( “v=DKIM1; k=rsa; ”
“p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxICrPoI8+AZ85ney0JRnniswBUCeJSCCmV6eWgxotF7ncQdWLFvNadR5gQiWJi0EHnarsVez6ET+jL9IoHgV6QSyUwBraOKPlU+XzlZVUGUnAn1BdsS6LjdT0anJlu07RiLdgfIJL0zufhEsHVSx3EwWrWL3NQlcLIVi0rCThjwIDAQDB” )

zimbra + DKIM

su – zimbra

Add
/opt/zimbra/libexec/zmdkimkeyutil -a -d abc.com
or
/opt/zimbra/libexec/zmdkimkeyutil -a -b 2048 -d abc.com

List
/opt/zimbra/libexec/zmdkimkeyutil -q -d abc.com

Update
/opt/zimbra/libexec/zmdkimkeyutil -u -d abc.com

 

Add below DKIM from listed before to bind9

DKIM Public signature:
17123458-4C07-11EA-BD1B-35CF8912347D._domainkey IN TXT ( “v=DKIM1; k=rsa; ”
“p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9JuDf0kA73baq8Ch1234XY5k0BdRLmup5z5R/UAtsUGwUGoakgeBih8NQNMNd+iepHQqtrI8Eq0SG25oLi5UPl9knoUyq9cqyF/gkku5LiclvIKWTT892qJ/HJxUqOtDWi8pAXV8hkAOhFVdtweQ37w+SqNtF2UvJCI/npQIML86R23+PCErxCIABZP3mEGK8ZsO1m+63VglC8”
“yTSFP7GMLcIUJ6zp5S5ZknwmTc4f/Sa2PVC8H1UR4UhvN2JKr8Dgr3momdKh7NsUu3StLS8bcWQMX8+PPM8UEZTnuOJz6wCAVxtEj1EANBSIKngA/zb1WYU6/p2IRPsg6DAfmFOQIDAQAB” ) ; —– DKIM key 17123458-4C07-11EA-BD1B-35CF8912347D for abc.com

dig +short txt 17123458-4C07-11EA-BD1B-35CF8912347D._domainkey.abc.com @8.8.8.8

Zimbra upgrade from 8.7.0 to 8.7.11 patch 7

Zimbra Collaboration Open Source

cd zcs-8.7.11_GA_1854.UBUNTU14_64.20170531151956/

./install.sh

Do you agree with the terms of the software license agreement? [N] y

Do you want to verify message store database integrity? [Y] y

Use Zimbra’s package repository [Y] y

Do you wish to upgrade? [Y] y

Install zimbra-chat [N] n

Install zimbra-drive [N] n

The system will be modified. Continue? [N] y

Notify Zimbra of your installation? [Yes] no

cd zcs-patch-8.7.11_GA_3706/

./installPatch.sh

su – zimbra

zmcontrol start

zmcontrol -v