Permanently Ban Repeat Offenders With fail2ban

If you’re reading this, you may want to take a look at the “recidive” filter, which watches the fail2ban log itself and adds a more hardcore block on repeat offenders.  It’s not the exact same solution, but may meet your needs much more easily than the setup described here.  There are notes in the comments about this filter.  I’ll leave this post intact anyway, but maybe this will save you some time.  I will not be able to reply to support requests for this functionality, as I no longer use it myself.  Further comments are disabled on this post.

The fail2ban suite is a very useful (if somewhat overcomplicated) tool in the battle against brute force login attempts.  Basically, fail2ban watches your log files, then executes specific commands (such as adding a firewall block for the offender’s IP address) when login failures cross a certain threshold, then reverses that block after a specified back-off period.  One of the servers I administer needs to run SSH on port 22, and fail2ban helped bring brute force attempts from over 70,000 per day (!!!) to around 20-30.  A dramatic decrease of 99.96% – not too shabby.

After this initial success, I expanded the use of fail2ban to other services, including POP3/IMAP, SMTP, WordPress (using a modified version of the “simple-login-log” plugin to log via syslog), and webmail.  Overall, this has been a huge help in minimizing the use of scarce human clock hours to review nuisance log entries.  If you run any authenticated service exposed to the Internet, I highly recommend deploying fail2ban or something similar as a component of your preventive/defensive measures.

Where this process broke down for me, however, was in addressing repeat offenders.  After the firewall block was removed for a given offender’s IP, it was not long before some of the IPs started brute forcing login attempts and were blocked again.  For quite a while, I was content to note the repeat offenders, add them to a permanent firewall block, and press on.  More recently, this chore became frequent enough that it made sense to build that functionality into the fail2ban configuration itself, removing the human (and my clock hours) from the loop.

I quickly found a helpful post from Lukas Camenzind that outlined the basics of what I wanted to accomplish.  His solution, however, implemented a “permanent block first” method, rather than a “repeat offender” one.  After a short bit of testing, I deployed the following solution, which fully addressed my requirements.  Of course, your experience may vary depending on configuration, but this should be enough to get a similar solution deployed in your environment.

First, create the /etc/fail2ban/action.d/iptables-repeater.conf file:

# Fail2ban configuration file
#
# Author: Phil Hagen <phil@identityvector.com>
#

[Definition]

# Option:  actionstart
# Notes.:  command executed once at the start of Fail2Ban.
# Values:  CMD
#
actionstart = iptables -N fail2ban-REPEAT-<name>
              iptables -A fail2ban-REPEAT-<name> -j RETURN
              iptables -I INPUT -j fail2ban-REPEAT-<name>
              # set up from the static file
              cat /etc/fail2ban/ip.blocklist.<name> |grep -v ^\s*#|awk '{print $1}' | while read IP; do iptables -I fail2ban-REPEAT-<name> 1 -s $IP -j DROP; done

# Option:  actionstop
# Notes.:  command executed once at the end of Fail2Ban
# Values:  CMD
#
actionstop = iptables -D INPUT -j fail2ban-REPEAT-<name>
             iptables -F fail2ban-REPEAT-<name>
             iptables -X fail2ban-REPEAT-<name>

# Option:  actioncheck
# Notes.:  command executed once before each actionban command
# Values:  CMD
#
actioncheck = iptables -n -L INPUT | grep -q fail2ban-REPEAT-<name>

# Option:  actionban
# Notes.:  command executed when banning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
# Tags:    <ip>  IP address
#          <failures>  number of failures
#          <time>  unix timestamp of the ban time
# Values:  CMD
#
actionban = iptables -I fail2ban-REPEAT-<name> 1 -s <ip> -j DROP
            # also put into the static file to re-populate after a restart
            ! grep -Fq <ip> /etc/fail2ban/ip.blocklist.<name> && echo "<ip> # fail2ban/$( date '+%%Y-%%m-%%d %%T' ): auto-add for repeat offender" >> /etc/fail2ban/ip.blocklist.<name>

# Option:  actionunban
# Notes.:  command executed when unbanning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
# Tags:    <ip>  IP address
#          <failures>  number of failures
#          <time>  unix timestamp of the ban time
# Values:  CMD
#
actionunban = /bin/true

[Init]

# Defaut name of the chain
#
name = REPEAT

Note that the configuration above will block ALL traffic from offending IPs.

Next, add the appropriate stanza(s) to the /etc/fail2ban/jail.conf file:

[ssh-repeater]
enabled  = true
filter   = sshd
action   = iptables-repeater[name=ssh]
           sendmail-whois[name=SSH-repeater, dest=root, sender=root]
logpath  = /var/log/secure
maxretry = 21
findtime = 31536000
bantime  = 31536000

[wordpress-auth-repeater]
enabled  = true
port     = http,https
filter   = wordpress-auth
action   = iptables-repeater[name=wordpress]
            sendmail-whois[name=wordpress-repeater, dest=root, sender=root]
logpath  = /var/log/secure
maxretry = 35
findtime = 31536000
bantime  = 31536000

In the first jail, I’m using the existing “sshd” log watch filter, but waiting for 21 failed login attempts within a year. (This is three consecutive “basic” blocks, which trigger after seven failed attempts, per the defaults distributed with fail2ban.)  Of course, update this example to suit your distribution’s log location and your preferred service and other parameters.  The second jail uses a custom “wordpress-auth” filter and is slightly less aggressive – allowing 35 failed logins per year before invoking the ban-hammer. Duplicate the jail stanzas and adjust as needed for your systems.

After editing this file, just restart the fail2ban service and watch the contents of the/etc/fail2ban/ip.blocklist.ssh and /etc/fail2ban/ip.blocklist.wordpress files grow.

One debugging note – I found troubleshooting fail2ban quite difficult.  After a while, I found that stopping the service, then running “fail2ban-client -vvv -x start” would give me the verbosity needed to find syntax errors in the configuration files.

UPDATE (April 26, 2014): Per a great recommendation from Jan (below), added a grep to de-duplicate IPs on reboot/service restart.

UPDATE (April 28, 2013): After some great discussion below, I’ve updated the content and linked files per the following:

1. Reverted to blocking all traffic after a block, rather than just the service the brute forcer attacked.
2. The configuration now uses one ip.blocklist file and one iptables chain per jail, rather than sharing.  This prevents some duplicated rules and provides a cleaner segregation for types of blocks.
3. Renamed jail to iptables-repeater.

How to add your Logo in the Login and App window in Open Source or Network Edition

by Jorge De La Cruz on September 1, 2015 in PowerTips – Admins, Zimbra Server

A frequently asked question in our Forums is if Open Source users can re-brand the Login and App Logo. You can find more information about licensing in the next Official FAQ PDF, question 33 through 37 which contains related questions and answers about re-branding the logo, but here are some basics:

• How can I add my Logo to the Login and App window?
  • This blog entry will show you how, without complex changes in CSS or other Zimbra files.
• It is legal to re-brand the logo if I have Open Source?
  • Yes, the CPAL provides that the attribution should be prominently displayed and the size of the logo should be consistent with the size of other elements of the attribution. Therefore, the size of Zimbra’s logo should be consistent with the size of any other logos displayed in the graphical user interface.
  • If you are using Open Source Edition, per license agreement you must have the Zimbra Logo equal to, or greater, than you own Logo. Failing to have the image or an image smaller than yours will violate the license agreement.
• How many times do I need to change it?
  • Only once, and if you have your logo and the Zimbra logo in one file, and they are the same size, it should take no more than 30 seconds.
• How can I white-label the entire Zimbra Login and App window?
  • You must purchase the Network Edition version if you need to do white-labeling in the Zimbra Product.

How to White-Label Zimbra Collaboration?

Re-branding the Logo and White-labeling in Zimbra Collaboration are different things. Re-branding can be done in the Open Source Edition following the steps and the CPAL instructions described in this Post. This step is important to meet the license agreement.

White-Label is a Network Edition Feature and can be done only for our Customers. Please see the image below to understand each status.

Login Banner and Application Banner Sizing

In Zimbra, you will find two different images to re-brand: one is the image that appears in the Login window and the other is the image in the top-left corner when you are logged in. Each image has a different size, and you should constrain your Logo+Zimbra logo (in FOSS case) according to these max sizes:

Application Banner, 200px X 35px in Zimbra Collaboration 8.x

Application Banner, 170px X 42px in Zimbra Collaboration 8.0.x

Login Banner, 440px X 60px in Zimbra Collaboration 8.x

Login Banner, 450px X 36px in Zimbra Collaboration 8.0.x

How to do White-Label the Web Client using Zimbra Collaboration Network Edition

One of the benefits of using the Network Edition of Zimbra Collaboration is that you can  White Label easily. If you have Network Edition, you can remove the Zimbra Logos, change the colors of the Login and App windows, or even create your own Login page.

If you are using Zimbra Collaboration Network Edition, login in the Admin Console, go to the Domain where you want to White-Label following the next path Home > Configure > Domains, then edit the Domain.

In the Preferences of the Domain, click Themes. You will be able to select the Colors of the Theme, or you can use an HEX code. You will also be able to add your own Logos and the URL where the logos will point.

Remember that these steps, as well as the ability to White-Label your Zimbra Web Client, are available only in Network Edition.

Zimbra Official Logo to use with your own Logo in Open Source Edition

You can find the official Logos to use here:

• Color
• White
• Black

Needed commands to set the Logos in Zimbra

Since Zimbra Collaboration 5.0.7, you can set your logos per domain, and you can set the URL where you want to link the logos. Here are the three simple commands to run per domain. As the zimbra user:

Images hosted in external server (recommended)

The recommended way to present the logos is to host the images in a external server and present this public and valid URL to the Zimbra commands. In this case, even if you upgrade the Zimbra release, the logos will remain in the external server:

zmprov md example.com zimbraSkinLogoURL https://mail.example.com
zmprov md example.com zimbraSkinLogoLoginBanner https://www.example.com/MyLoginBanner.png
zmprov md example.com zimbraSkinLogoAppBanner https://www.example.com/MyAppBanner.png
zmmailboxdctl restart

Images hosted in the same Zimbra server (not recommended)

This is not recommended to host the logo files in this path inside the Zimbra server/opt/zimbra/jetty/webapps/zimbra/logos/. Be sure that you give these files the proper zimbra rights, and run the next commands as zimbra user:

mkdir /opt/zimbra/jetty/webapps/zimbra/logos/

Upload your logos to that new folder

zmprov md example.com zimbraSkinLogoURL https://mail.example.com
zmprov md example.com zimbraSkinLogoLoginBanner /logos/MyLoginBanner.png
zmprov md example.com zimbraSkinLogoAppBanner /logos/MyAppBanner.png
zmmailboxdctl restart

If you add your image as root user, you might be want to change the files privileges to Zimbra:

chown zimbra:zimbra /opt/zimbra/jetty/webapps/zimbra/logos/MyLoginBanner.png 
chown zimbra:zimbra /opt/zimbra/jetty/webapps/zimbra/logos/MyAppBanner.png

This method is easier because you don’t use an external server. However, any Zimbra upgrade will replace your Custom Logos and folders with the default versions.

Final result and examples

The final result will be something like the following. For best results, use .png images. If you are using the default template, we recommend using white logos or white stroke over your logo.

For Open Source Users that comply with the CPAL and follow the License Agreement

Login Banner

Application Banner

Let us know if you have any questions or issues using these steps.

Block WordPress xmlprc.php DDOS attacks using Fail2Ban

Block WordPress xmlprc.php DDOS attacks using Fail2Ban

Few days ago, my friend’s WordPress website went down. After investigation, I have figured out that it was receiving massive amount of posts requests to the xmlrpc.php file, which brings the apache and mysql to eat up all the system resources and the website crashed. Fortunately, I have figured out the way to mitigate this attack using Fail2Ban, which I’ll share in this post.

Install the Fail2Ban package using the following command:

apt-get install fail2ban iptables

Make a local copy of jail.conf file for configuration change:

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Open up the jail.local configuration file:

vi /etc/fail2ban/jail.local

Add the following lines at the end (Change the logpath to match with yours):

[xmlrpc]
enabled = true
filter = xmlrpc
action = iptables[name=xmlrpc, port=http, protocol=tcp]
logpath = /var/log/apache2/access.log
bantime = 43600
maxretry = 2

Move to the Fail2Ban’s filter directory:

cd /etc/fail2ban/filter.d/

Here we need to create the filter to trigger an action with iptables:

vi xmlrpc.conf

Add the following lines:

[Definition]
failregex = ^<HOST> .*POST .*xmlrpc\.php.*
ignoreregex =

Restart the Fail2Ban service:

service fail2ban restart

Check the Fail2Ban log and there you will find that it start banning the IP address if everything went well:

tail -f /var/log/fail2ban.log

Hope this will help you!

Block WordPress xmlprc.php DDOS attacks using Fail2Ban

Block WordPress xmlprc.php DDOS attacks using Fail2Ban

Few days ago, my friend’s WordPress website went down. After investigation, I have figured out that it was receiving massive amount of posts requests to the xmlrpc.php file, which brings the apache and mysql to eat up all the system resources and the website crashed. Fortunately, I have figured out the way to mitigate this attack using Fail2Ban, which I’ll share in this post.

Install the Fail2Ban package using the following command:

apt-get install fail2ban iptables

Make a local copy of jail.conf file for configuration change:

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Open up the jail.local configuration file:

vi /etc/fail2ban/jail.local

Add the following lines at the end (Change the logpath to match with yours):

[xmlrpc]
enabled = true
filter = xmlrpc
action = iptables[name=xmlrpc, port=http, protocol=tcp]
logpath = /var/log/apache2/access.log
bantime = 43600
maxretry = 2

Move to the Fail2Ban’s filter directory:

cd /etc/fail2ban/filter.d/

Here we need to create the filter to trigger an action with iptables:

vi xmlrpc.conf

Add the following lines:

[Definition]
failregex = ^<HOST> .*POST .*xmlrpc\.php.*
ignoreregex =

Restart the Fail2Ban service:

service fail2ban restart

Check the Fail2Ban log and there you will find that it start banning the IP address if everything went well:

tail -f /var/log/fail2ban.log

Hope this will help you!

Step by step Zimbra Server installation and configuraiton

Step 1: Install System Packages

1. Before we proceed with Zimbra Collaboration Suite installation process, first login to your server console with root privileges and install the following packages:

# yum -y install unzip net-tools sysstat openssh-clients perl-core libaio nmap-ncat libstdc++.so.6

2. Next, issue getenforce command to check if Selinux in enabled on your machine. In case the policy is set to Enforced disable it by issuing the below commands:

# getenforce

# setenforce 0

# getenforce

To completely disable Selinux on CentOS, open /etc/selinux/config file with a text editor and set the line SELINUX to disabled.

3. Assure that wget system utility is also installed on your system by issuing the following command:

# yum install wget

Step 2: Configure System Hostname

4. In order for Zimbra to function correctly you must set the local machine hostname and FQDN to point to your server IP Address by running the below commands from root account:

# hostnamectl set-hostname mail

# echo "192.168.0.14  mail.mentor-global.net mail " >> /etc/hosts

# cat /etc/hosts

Replace the system hostname and FQDN values accordingly in order to match your own domain settings. Test the hostname and FQDN values by issuing the ping command against both records.

# ping -c1 mail.mentor-global.net

# ping -c1 mail

Step 3: Add a Static IP Address

5. If your server uses a DHCP dynamic IP Address, then you need to edit your network interface card and configure to use a static IP Address. Get the network interfaces information using ip addr command and identify your server external NIC (usually something like enp0s3 or eth0).

# ip addr

Then, run the nmtui-edit command against the interface you need to change settings and assign the interface with a manual IP Address. Use the below screenshots as a guide.

# nmtui-edit enp0s3

Step 4: Disable Unwanted Services

6. A CentOS 7 default installation ships with postfix daemon already installed and running. To disable and erase postfix service run the following commands:

# systemctl stop postfix

# systemctl disable postfix

# yum remove postfix

After the service has been removed issue the ss command in order to check if other daemons incompatible with Zimbra service, such as LDAP, httpd, dovecot are running on your system. If that’s the case remove them as well.

Step 5: Install Zimbra Collaboration Suite Open Source Edition

7. Now it’s time to install Zimbra Collaboration Suite. Go to Zimbra Collaboration Suite download page and grab the latest version on your system by issuing the following command:

----------------- For RHEL/CentOS 7 -----------------

# wget https://files.zimbra.com/downloads/8.6.0_GA/zcs-8.6.0_GA_1153.RHEL7_64.20141215151110.tgz

----------------- For RHEL/CentOS 6 -----------------

# wget https://files.zimbra.com/downloads/8.6.0_GA/zcs-8.6.0_GA_1153.RHEL6_64.20141215151155.tgz

8. After the download completes, use unzip command to extract the archive, enter zimbra extracted directory and list the directory content to locate the installer file.

# tar xfz zcs-8.6.0_GA_1153.RHEL7_64.20141215151110.tgz

# cd zcs-8.6.0_GA_1153.RHEL7_64.20141215151110

# ls

9. Now, start Zimbra installation process by launching in execution the installer script file named install.sh.

After a series of system checks the installer will prompt you to accept the license. Agree the license (y) in order to continue further with the installation process.

# ./install.sh

OR

# ./install.sh --platform-override   [On different platforms other than RHEL]

Sample Output

Operations logged to /tmp/install.log.12951

Checking for existing installation...

zimbra-ldap...NOT FOUND

zimbra-logger...NOT FOUND

zimbra-mta...NOT FOUND

zimbra-dnscache...NOT FOUND

zimbra-snmp...NOT FOUND

zimbra-store...NOT FOUND

zimbra-apache...NOT FOUND

zimbra-spell...NOT FOUND

zimbra-convertd...NOT FOUND

zimbra-memcached...NOT FOUND

zimbra-proxy...NOT FOUND

zimbra-archiving...NOT FOUND

zimbra-core...NOT FOUND

PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE SOFTWARE.

ZIMBRA, INC. ("ZIMBRA") WILL ONLY LICENSE THIS SOFTWARE TO YOU IF YOU

FIRST ACCEPT THE TERMS OF THIS AGREEMENT. BY DOWNLOADING OR INSTALLING

THE SOFTWARE, OR USING THE PRODUCT, YOU ARE CONSENTING TO BE BOUND BY

THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS

AGREEMENT, THEN DO NOT DOWNLOAD, INSTALL OR USE THE PRODUCT.

License Terms for the Zimbra Collaboration Suite:

http://www.zimbra.com/license/zimbra-public-eula-2-5.html

Do you agree with the terms of the software license agreement? [N] y

10. Next, the installation process will prompt you a series of questions in order to configure zimbra daemon properly. Use the below installation excerpt in order to setup zimbra service further.

Checking for prerequisites...

FOUND: NPTL

FOUND: sudo-1.8.6p7-13

FOUND: libidn-1.28-3

FOUND: gmp-6.0.0-11

FOUND: /usr/lib/libstdc++.so.6

Checking for suggested prerequisites...

FOUND: sysstat

FOUND: sqlite

Prerequisite check complete.

Checking for installable packages

Found zimbra-core

Found zimbra-ldap

Found zimbra-logger

Found zimbra-mta

Found zimbra-dnscache

Found zimbra-snmp

Found zimbra-store

Found zimbra-apache

Found zimbra-spell

Found zimbra-memcached

Found zimbra-proxy

Select the packages to install

Install zimbra-ldap [Y] y

11. Next, it will ask you to install the zimbra packages, press Y to install all.

Select the packages to install

Install zimbra-ldap [Y] y

Install zimbra-logger [Y] y

Install zimbra-mta [Y] y

Install zimbra-dnscache [Y] y

Install zimbra-snmp [Y] y

Install zimbra-store [Y] y

Install zimbra-apache [Y] y

Install zimbra-spell [Y] y

Install zimbra-memcached [Y] y

Install zimbra-proxy [Y] y

Checking required space for zimbra-core

Checking space for zimbra-store

Checking required packages for zimbra-store

zimbra-store package check complete.

Installing:

zimbra-core

zimbra-ldap

zimbra-logger

zimbra-mta

zimbra-dnscache

zimbra-snmp

zimbra-store

zimbra-apache

zimbra-spell

zimbra-memcached

zimbra-proxy

You appear to be installing packages on a platform different

than the platform for which they were built.

This platform is UNKNOWN_64

Packages found: RHEL7_64

This may or may not work.

Using packages for a platform in which they were not designed for

may result in an installation that is NOT usable. Your support

options may be limited if you choose to continue.

Install anyway? [N] y

12. Finally, it will start zimbra installation process.

The system will be modified.  Continue? [N] y

Removing /opt/zimbra

Removing zimbra crontab entry...done.

Cleaning up zimbra init scripts...done.

Cleaning up /etc/ld.so.conf...done.

Cleaning up /etc/security/limits.conf...done.

Finished removing Zimbra Collaboration Server.

Installing packages

zimbra-core......zimbra-core-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...

zimbra-ldap......zimbra-ldap-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done

zimbra-logger......zimbra-logger-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done

zimbra-mta......zimbra-mta-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done

zimbra-dnscache......zimbra-dnscache-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done

zimbra-snmp......zimbra-snmp-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done

zimbra-store......zimbra-store-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done

zimbra-apache......zimbra-apache-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done

zimbra-spell......zimbra-spell-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done

zimbra-memcached......zimbra-memcached-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done

zimbra-proxy......zimbra-proxy-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done

Operations logged to /tmp/zmsetup01262016-002704.log

Installing LDAP configuration database...done.

Setting defaults...No results returned for A lookup of mail.mentor-global.net

Checked nameservers:

12.168.0.1

8.8.8.8

No results returned for AAAA lookup of mail.mentor-global.net Checked nameservers:

12.168.0.1

8.8.8.8

DNS ERROR resolving mail.mentor-global.net 

It is suggested that the hostname be resolvable via DNS

Change hostname [Yes] yes

Please enter the logical hostname for this host [mail.mentor-global.net]

No results returned for A lookup of mail.mentor-global.net

Checked nameservers:

12.168.0.1

8.8.8.8

DNS ERROR resolving mail.mentor-global.net

It is suggested that the hostname be resolvable via DNS

Re-Enter hostname [Yes] no

DNS ERROR resolving MX for mail.mentor-global.net 

It is suggested that the domain name have an MX record configured in DNS

Change domain name? [Yes] no

done.

Checking for port conflicts

Main menu

1) Common Configuration:

2) zimbra-ldap:                             Enabled

3) zimbra-logger:                           Enabled

4) zimbra-mta:                              Enabled

5) zimbra-dnscache:                         Enabled

6) zimbra-snmp:                             Enabled

7) zimbra-store:                            Enabled

+Create Admin User:                    yes

+Admin user to create:                 admin@mail.mentor-global.net

******* +Admin Password                        UNSET

+Anti-virus quarantine user:       virus-quarantine.7xi47__k@mail.mentor-global.net +Enable automated spam training:       yes

+Spam training user:                   spam.wasleuiv@mail.mentor-global.net

+Non-spam(Ham) training user:          ham.wzmkmrkq@mail.mentor-global.net

+SMTP host:                            mail.mentor-global.net

+Web server HTTP port:                 8080

+Web server HTTPS port:                8443

+Web server mode:                      https

+IMAP server port:                     7143

+IMAP server SSL port:                 7993

+POP server port:                      7110

+POP server SSL port:                  7995

+Use spell check server:               yes

+Spell server URL:              http://mail. mentor-lobal.net:7780/aspell.php

+Enable version update checks:         TRUE

+Enable version update notifications:  TRUE

+Version update notification email:    admin@mail.mentor-global.net

+Version update source email:          admin@mail.mentor-global.net

+Install mailstore (service webapp):   yes

+Install UI (zimbra,zimbraAdmin webapps): yes

8) zimbra-spell:                            Enabled

9) zimbra-proxy:                            Enabled

10) Default Class of Service Configuration:

s) Save config to file

x) Expand menu

q) Quit

Address unconfigured (**) items  (? - help) 7

13. Store configuration.

 1) Status:                                  Enabled

2) Create Admin User:                       yes

3) Admin user to create:                    admin@mail.mentor-global.net

** 4) Admin Password                           UNSET

5) Anti-virus quarantine user:       virusquarantine.7xi47__k@mail.mentor-global.net 

6) Enable automated spam training:          yes

7) Spam training user:                 spam.wasleuiv@mail.mentor-global.net

8) Non-spam(Ham) training user:         ham.wzmkmrkq@mail.mentor-global.net 9) SMTP host:                               mail.mentor-global.net

10) Web server HTTP port:                    8080

11) Web server HTTPS port:                   8443

12) Web server mode:                         https

13) IMAP server port:                        7143

14) IMAP server SSL port:                    7993

15) POP server port:                         7110

16) POP server SSL port:                     7995

17) Use spell check server:                  yes

18) Spell server URL:           http://mail.mentor-global.net:7780/aspell.php

19) Enable version update checks:            TRUE

20) Enable version update notifications:     TRUE

21) Version update notification email:       admin@mentor-global.net

22) Version update source email:             admin@mentor-global.net

23) Install mailstore (service webapp):      yes

24) Install UI (zimbra,zimbraAdmin webapps): yes

Select, or 'r' for previous menu [r] 4 # Select 4 to set admin password 

Password for admin@mail.mentor-global.net (min 6 characters): [54mE0RmqN] enter admin password here

Store configuration

1) Status:                                  Enabled

2) Create Admin User:                       yes

3) Admin user to create:                    admin@mentor-global.net

4) Admin Password                           set

5) Anti-virus quarantine user:  virus-quarantine.7xi47__k@mail. mentor-global.net

6) Enable automated spam training:          yes

7) Spam training user:                      spam.wasleuiv@mentor-global.net

8) Non-spam(Ham) training user:             ham.wzmkmrkq@mentor-global.net

9) SMTP host:                               mail.mentor-global.net

10) Web server HTTP port:                    8080

11) Web server HTTPS port:                   8443

12) Web server mode:                         https

13) IMAP server port:                        7143

14) IMAP server SSL port:                    7993

15) POP server port:                         7110

16) POP server SSL port:                     7995

17) Use spell check server:                  yes

18) Spell server URL: http://mail.mentor-global.net:7780/aspell.php

19) Enable version update checks:            TRUE

20) Enable version update notifications:     TRUE

21) Version update notification email:       admin@mentor-global.net

22) Version update source email:             admin@mentor-global.net

23) Install mailstore (service webapp):      yes

24) Install UI (zimbra,zimbraAdmin webapps): yes

Select, or 'r' for previous menu [r] r 

Main menu

1) Common Configuration:

2) zimbra-ldap:                             Enabled

3) zimbra-logger:                           Enabled

4) zimbra-mta:                              Enabled

5) zimbra-dnscache:                         Enabled

6) zimbra-snmp:                             Enabled

7) zimbra-store:                            Enabled

8) zimbra-spell:                            Enabled

9) zimbra-proxy:                            Enabled

10) Default Class of Service Configuration:

s) Save config to file

x) Expand menu

q) Quit

*** CONFIGURATION COMPLETE - press 'a' to apply

Select from menu, or press 'a' to apply config (? - help) a  # Apply configuration

Save configuration data to a file? [Yes] Enter

Save config in file: [/opt/zimbra/config.11047]

Saving config in /opt/zimbra/config.11047...done.

The system will be modified - continue? [No] yes

Operations logged to /tmp/zmsetup01262016-002704.log

Setting local config values...done.

Initializing core config...Setting up CA...done.

Deploying CA to /opt/zimbra/conf/ca ...done.

Creating SSL zimbra-store certificate...done.

Creating new zimbra-ldap SSL certificate...done.

Creating new zimbra-mta SSL certificate...done.

Creating new zimbra-proxy SSL certificate...done.

Installing mailboxd SSL certificates...done.

Installing MTA SSL certificates...done.

Installing LDAP SSL certificate...done.

Installing Proxy SSL certificate...done.

Initializing ldap...done.

Setting replication password...done.

Setting Postfix password...done.

Setting amavis password...done.

Setting nginx password...done.

Setting BES searcher  password...done.

Creating server entry for mail.mentor-global.net...done.

Setting Zimbra IP Mode...done.

Saving CA in ldap ...done.

Saving SSL Certificate in ldap ...done.

Setting spell check URL...done.

Setting service ports on mail.mentor-global.net...done.

Setting zimbraFeatureTasksEnabled=TRUE...done.

Setting zimbraFeatureBriefcasesEnabled=TRUE...done.

Setting Master DNS IP address(es)...done.

Setting DNS cache tcp lookup preference...done.

Setting DNS cache udp lookup preference...done.

Setting DNS tcp upstream preference...done.

Setting TimeZone Preference...done.

Initializing mta config...done.

Setting services on mail.mentor-global.net...done.

Adding mail.mentor-global.net to zimbraMailHostPool in default COS...done.

Creating domain mail.mentor-global.net...done.

Setting default domain name...done.

Creating domain mail.mentor-global.net already exists.

Creating admin account admin@mail.mentor-global.net...done.

Creating root alias...done.

Creating postmaster alias...done.

Creating user spam.wasleuiv@mentor-global.net...done.

Creating user ham.wzmkmrkq@mentor-global.net...done.

Creating user virus-quarantine.7xi47__k@ mentor-global.net...done.

Setting spam training and Anti-virus quarantine accounts...done.

Initializing store sql database...done.

Setting zimbraSmtpHostname for mail.mentor-global.net...done.

Configuring SNMP...done.

Setting up syslog.conf...done.

Starting servers...done.

Installing common zimlets...

com_zimbra_adminversioncheck...done.

com_zimbra_attachcontacts...done.

com_zimbra_attachmail...done.

com_zimbra_bulkprovision...done.

com_zimbra_cert_manager...done.

com_zimbra_clientuploader...done.

com_zimbra_date...done.

com_zimbra_email...done.

com_zimbra_mailarchive...done.

com_zimbra_phone...done.

com_zimbra_proxy_config...done.

com_zimbra_srchhighlighter...done.

com_zimbra_tooltip...done.

com_zimbra_url...done.

com_zimbra_viewmail...done.

com_zimbra_webex...done.

com_zimbra_ymemoticons...done.

Finished installing common zimlets.

Restarting mailboxd...done.

Creating galsync account for default domain...done.

You have the option of notifying Zimbra of your installation.

This helps us to track the uptake of the Zimbra Collaboration Server.

The only information that will be transmitted is:

The VERSION of zcs installed (8.6.0_GA_1153_RHEL7_64)

The ADMIN EMAIL ADDRESS created (admin@mentor-global.net)

Notify Zimbra of your installation? [Yes] no

Notification skipped

Setting up zimbra crontab...done.

Moving /tmp/zmsetup01262016-002704.log to /opt/zimbra/log

Configuration complete - press return to exit # Press Enter

 

Step 6: Zimba Initial Configuration

14. After the installation finishes, open a web browser and navigate to your domain name or IP address of the machine running zimbra service, on port 7071 via HTTPS protocol, accept the certificate security error and login with the credentials configured during the installation process. The default username for Zimbra Admin web panel is admin.

https://mail.mentor-global.net:7071

or

https://192.168.1.14:7071 

Zimbra Login

15. Once logged in the admin web console you can start adding your own SSL certificates, create mail accounts, mail aliases and so on. Just remember that the port 7071 is used only for administrative tasks.

Clients can securely login to their webmail boxes using the domain name or the server IP address via HTTPS protocol.

https://mail.mentor-global.net 

or

https://192.168.1.14 

User Webmail Login

User Webmail Dashboard

Congratulations! Now you have a full operating mail stack installed on your premises.

Step 6: Remove or Uninstall Zimbra

If you wish to uninstall Zimbra service alongside with its components run the installer script with the -u option.

# ./install.sh -u

To delete Zimbra installation archive and directory run the below commands:

# cd

# rm -rf zcs-*