Difference between revisions of "Building Zimbra on Gentoo"

Latest revision as of 17:08, 24 March 2015

Article Information
This article applies to the following ZCS versions. ZCS 5.0

Here's a howto that will get Zimbra going on a Gentoo install. This method basically leverages debootstrap to get a bare debain sarge install in a chroot environment. The open source zimbra 5.0.9 package for Debian can then be installed. This is working on Gentoo 2008.0 kernel 2.6.25-gentoo-r7. But you shouldn't have any issues running it on recent versions. At first this may seem like extra work and a waste of resources, but to the contrary running Zimbra in a chroot is a pretty good idea. People have been hosting chroot jails on *BSD's to run various internet services for quite some time. This can add a level of protection for the host system. I.e. if the unthinkable happens and an attacker does find a way to gain root through the host services on your Zimbra instance, (s)he will only have access to the chroot environment.

Stopping Apache on the Gentoo host

If you have a web server runing on your host Gentoo system you will need to stop it for now. Later you can change the ports Zimbra will listen on and run your host's web server and your Zimbra web server on the same machine.

# /etc/init.d/apache2 stop

# rc-update delete apache2

Installing Zimbra in a Gentoo chroot

(Some of this was taken from http://www.elfenbeinturm.cc/2006/07/28/zimbra-on-gentoo/)

Emerge debootstrap

# emerge debootstrap

Create the chroot environment

# mkdir /zimbra

Run debootstrap

# debootstrap --arch i386 etch /zimbra http://ftp.debian.org/debian

We are assuming the i386 architecture. Feel free to try others but only i386 has been tested.

Mount proc, dev and sys

# mount -o bind /proc /zimbra/proc

# mount -o bind /dev /zimbra/dev

# mount -o bind /dev/shm /zimbra/dev/shm

# mount -o bind /dev/pts /zimbra/dev/pts

# mount -o bind /sys /zimbra/sys

Chroot to the debian environment

# chroot /zimbra /bin/bash

Set a root password

# passwd

Adjust your hosts and hostname files

# nano -w /etc/hosts

It should look something like this:

111.222.333.444 hostname.example.com hostname
127.0.0.1 localhost.localdomain localhost

# nano -w /etc/hostname

This one should only contain your hostname.

Tell apt where to get all the repositories

This will execute an ncurses menu prompting you to choose a debian mirror pick http or ftp and select a (hopefully) fast mirror:

# apt-setup

Update the package listing

# apt-get update

Install some packages that we will need

# apt-get install ssh wget sudo libidn11 curl fetchmail libgmp3c2 libxml2 libstdc++6 openssl file perl libexpat1 postgrey libperl5.8 psmisc libpcre3 libltdl3

Get the zimbra debian package and untar the archive

# cd ~

# wget http://files.zimbra.com/downloads/5.0.9_GA/zcs-5.0.9_GA_2533.DEBIAN4.0.20080815215219.tgz

# tar -xvzf zcs-5.0.9_GA_2533.DEBIAN4.0.20080815215219.tgz

Run install script in the newly created zcs directory

# cd zcs-5.0.9_GA_2533.DEBIAN4.0.20080815215219

# ./install.sh

Follow the instructions. See the Zimbra documentation for help.

Configure sshd to run on a different port

(This is basically copied from the Zimbra forums at http://www.zimbra.com/forums/installation/9792-zimbra-gentoo-additional-info.html)

sshd running on the Gentoo host conflicts with a service that Zimbra runs. It will hinder Zimbra's ability to monitor queues from the management console. So let's fix it:

# nano -w /etc/ssh/sshd_config

Find the line that reads:

port 22

and change it to:

port 60022

Start sshd

# /etc/init.d/ssh start

Tell Zimbra to run sshd on port 60022

# su - zimbra

$ zmprov ms MAIL.DOMAIN.COM zimbraRemoteManagementPort 60022

substitute MAIL.DOMAIN.COM with the fqdn of your host name

Build and deploy new ssh keys This wasn't needed with version 5.0.8, but if you're using an older version perhaps you'll need it.

$ /opt/zimbra/bin/zmsshkeygen

$ /opt/zimbra/bin/zmupdateauthkeys

Test your Zimbra install

$ /etc/init.d/zimbra start

Creating the init scripts

It would be nice to get Zimbra to start at boot in the default run level. This requires an init script.

Exit chroot and create the gentoo init.d script

$ exit && exit

# nano -w /etc/init.d/zimbra

append init.d script from below

Make the script executable

# chmod +x /etc/init.d/zimbra

Test the init script

# /etc/init.d/zimbra stop

# /etc/init.d/zimbra start

Add it to the default run level

# rc-update add zimbra default

Now you should have a functioning Zimbra system installed in a chroot that you can manage from the host gentoo system at boot or otherwise. If you were running a web server on your host gentoo system you will need to configure Zimbra to listen on different port for web and ssl (try 81 and 1443). Search the zimbra forums there is some documentation for this already in place. You will then be able to cofigure a named based vitual host to link from you gentoo hosted site to zimbra.

Script: /etc/init.d/zimbra

#!/sbin/runscript

depend() {
    need net
    after portmap
    after iptables
    after dnsmasq
}

start() {

ebegin "Starting Zimbra in chroot environment"

# Mount the dirs
   mount -o bind /proc /zimbra/proc > /dev/null
   mount -o bind /dev /zimbra/dev > /dev/null
   mount -o bind /dev/shm /zimbra/dev/shm > /dev/null
   mount -o bind /dev/pts /zimbra/dev/pts > /dev/null
   mount -o bind /sys /zimbra/sys > /dev/null

# Start the services in chroot
   chroot /zimbra /etc/init.d/sysklogd start
   chroot /zimbra /etc/init.d/cron start
   chroot /zimbra /etc/init.d/ssh start
   chroot /zimbra /etc/init.d/postgrey start
   chroot /zimbra /etc/init.d/zimbra start

eend $? "Errors were encountered while starting Zimbra in chroot environment"

}

stop() {

ebegin "Stopping Zimbra in chroot environment"

# Stop all the services in chroot
   chroot /zimbra /etc/init.d/zimbra stop
   chroot /zimbra /etc/init.d/postgrey stop
   chroot /zimbra /etc/init.d/ssh stop
   chroot /zimbra /etc/init.d/cron stop
   chroot /zimbra /etc/init.d/sysklogd stop


# Unmount the dirs
   umount -f /zimbra/dev/shm > /dev/null
   umount -f /zimbra/dev/pts > /dev/null
   umount -f /zimbra/sys > /dev/null
   umount -f /zimbra/proc > /dev/null
   umount -f /zimbra/dev > /dev/null

eend $? "Errors were encountered while stopping Zimbra in chroot environment"

} 

Script: for account migration from qmail+vpopmail to zimbra

#!/usr/bin/php

// http://wiki.zimbra.com/index.php?title=Password_Migration
// Modified migration script for gentoo+qmail+vpopmail
//


<?php
/////////////////////////////////////////////////////////

$user="user";
$pass="password";
$db="vpopmail";
$table_mbox="vpopmail";
$file="exported.sh";

/////////////////////////////////////////////////////////
echo "This script generates a bash script called: $file
The script contains the commands to re-create the mail accounts on zimbra server.\n\n
";

$mydb = mysql_connect('localhost',$user, $pass) or die ('Error connecting to server');
mysql_select_db($db);
mysql_query("SET CHARACTER SET utf8");
mysql_query("SET NAMES utf8");

$query = "SELECT pw_name,pw_domain,pw_passwd
                FROM $table_mbox";
$dane = mysql_query($query) or die ('Error during query for '.mysql_error());

echo "Writing to $file ...\n";
$fh = fopen($file, "w");
$sp = '@';
fwrite($fh, "#!/bin/sh -x\n\n");

while ($row = mysql_fetch_array($dane, MYSQL_NUM))
{
    $data_mbox = "zmprov ca ".$row[0]."".$sp."".$row[1]." dsfs123hsdyfgbsdgfbsd displayName '".$row[0]."'\n";
    $data_mbox .= "zmprov ma ".$row[0]."".$sp."".$row[1]." userPassword '{crypt}".$row[2]."'"."\n";
    fwrite($fh, $data_mbox);
}
echo "Done.";

Instructions for adding postgrey are found here: http://wiki.zimbra.com/index.php?title=Improving_Anti-spam_system You might have to repeat postgrey adding at every upgrade so you might want to think twice about having it. If you don't, just remove the two lines with postgrey in the init script. However, I highly recommend postgrey as it's really very efficient. Doesn't cost as much processor power as other measures and it catches alot of spam. A good first sentry imhop.

About tweaking; I found the yahoo search bar pretty annoying and it's easily removed, persistent over upgrades:

zmprov mc default zimbraFeatureWebSearchEnabled FALSE

I am still running my old apache so I had to change some ports:

zmprov ms MAIL.DOMAIN.COM zimbraMailPort 8888 zimbraMailSSLPort 8889

If you, like me, like to use https:

http://wiki.zimbra.com/index.php?title=CLI_zmtlsctl_to_set_Web_Server_Mode

Of course, you then access your zimbra installation like so: https://MAIL.DOMAIN.COM:8889 these and many other tweaks can be found in the forums.

Building Zimbra from source on Gentoo

(needs to be documented)