zimbra use existing cert

Use existing private key:
cp private.key /opt/zimbra/ssl/zimbra/commercial/commercial.key

copy all cert file to /opt/zimbra/ssl/cert

Verify:
/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/zimbra/ssl/cert/485c010124755ddb.crt /opt/zimbra/ssl/cert/gd_bundle-g2-g1.crt

Deploy:
/opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/ssl/cert/485c010124755ddb.crt /opt/zimbra/ssl/cert/gd_bundle-g2-g1.crt

View:
/opt/zimbra/bin/zmcertmgr viewdeployedcrt

zmcontrol restart

OR create new private key:
/opt/zimbra/bin/zmcertmgr createcsr comm -new -subject “/C=HK/ST=HK/L=HK/O=Zimbra/OU=Zimbra Collaboration Suite/CN=mail.domain.com” -subjectAltNames mail.domain.com

zimbra relay by destination domain without authentication

List Current setting
zmprov gcf zimbraMtaTransportMaps
zimbraMtaTransportMaps: proxy:ldap:/opt/zimbra/conf/ldap-transport.cf

Add destination domain to relay server or deny
vi /opt/zimbra/common/conf/transport
destination.com :xxx.xxx.xxx.xxx
dontsendto.com error:We don’t allow send to dontsendto.com

postmap /opt/zimbra/common/conf/transport

Add “lmdb:/opt/zimbra/common/conf/transport” in to zimbraMtaTransportMaps
zmprov ms mail.abc.com zimbraMtaTransportMaps “lmdb:/opt/zimbra/common/conf/transport,proxy:ldap:/opt/zimbra/conf/ldap-transport.cf”

zmcontrol restart

vCenter cron job not work

Find the top 10 for the large files in /var
du -a /var | sort -n -r | head -n 10

If below log too large we can clean it without delete
/var/log/audit/audit.log
truncate -s 0 audit.log

Check the cron job last run date
ls -l /var/spool/cron/lastrun/

Maybe root password expired
chage -l root
chage -m 0 -M 99999 root

Clean old password remember
true > /etc/security/opasswwd

Bind mail control

SPF

    1. IN TXT “v=spf1 ip4:123.123.123.1 ip4:123.123.123.2 -all”

DMARC
_dmarc IN TXT “v=DMARC1;p=quarantine;rua=mailto:rua@abc.com;ruf=mailto:ruf@abc.com”

DKIM
F4EEC778-4C21-11EA-AD84-83DCF040F65E._domainkey IN TXT ( “v=DKIM1; k=rsa; ”
“p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxICrPoI8+AZ85ney0JRnniswBUCeJSCCmV6eWgxotF7ncQdWLFvNadR5gQiWJi0EHnarsVez6ET+jL9IoHgV6QSyUwBraOKPlU+XzlZVUGUnAn1BdsS6LjdT0anJlu07RiLdgfIJL0zufhEsHVSx3EwWrWL3NQlcLIVi0rCThjwIDAQDB” )

zimbra + DKIM

su – zimbra

Add
/opt/zimbra/libexec/zmdkimkeyutil -a -d abc.com
or
/opt/zimbra/libexec/zmdkimkeyutil -a -b 2048 -d abc.com

List
/opt/zimbra/libexec/zmdkimkeyutil -q -d abc.com

Update
/opt/zimbra/libexec/zmdkimkeyutil -u -d abc.com

 

Add below DKIM from listed before to bind9

DKIM Public signature:
17123458-4C07-11EA-BD1B-35CF8912347D._domainkey IN TXT ( “v=DKIM1; k=rsa; ”
“p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9JuDf0kA73baq8Ch1234XY5k0BdRLmup5z5R/UAtsUGwUGoakgeBih8NQNMNd+iepHQqtrI8Eq0SG25oLi5UPl9knoUyq9cqyF/gkku5LiclvIKWTT892qJ/HJxUqOtDWi8pAXV8hkAOhFVdtweQ37w+SqNtF2UvJCI/npQIML86R23+PCErxCIABZP3mEGK8ZsO1m+63VglC8”
“yTSFP7GMLcIUJ6zp5S5ZknwmTc4f/Sa2PVC8H1UR4UhvN2JKr8Dgr3momdKh7NsUu3StLS8bcWQMX8+PPM8UEZTnuOJz6wCAVxtEj1EANBSIKngA/zb1WYU6/p2IRPsg6DAfmFOQIDAQAB” ) ; —– DKIM key 17123458-4C07-11EA-BD1B-35CF8912347D for abc.com

dig +short txt 17123458-4C07-11EA-BD1B-35CF8912347D._domainkey.abc.com @8.8.8.8