Sharing is a Wonderful Thing

We, sometimes, need to block users to send emails both the internal and external destinations. For example, you are running an email account for receiving CVs only. However, you don’t have to reply them from this account. All the feedback email is maintained from another account. In that case, you may block the user to send emails. It will not impact in email receiving status. Please follow below guideline to achieve our goal. Goal: Restricting users to send emails to all internal and external domains.   Resolution: Step 1: Open the file smtpd_sender_restrictions.cf and add the below line at the top. root@mail:~# vim /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf %%contains VAR:zimbraMtaSmtpdSenderRestrictions check_sender_access lmdb:/opt/zimbra/common/conf/restricted_senders%%   Step 2: Execute the below line as Zimbra user. zimbra@mail:~$ zmprov ms `zmhostname` +zimbraMtaSmtpdSenderRestrictions "check_sender_access lmdb:/opt/zimbra/common/con...

We have to regularly monitor server resources e.g. CPU, RAM, Storage, Network Bandwidth Utilization as a day-to-day activity. By monitoring the resources, we may find out the exact cause of any incident that might occur due to full resource utilization. It can guide us to increase the resources as well if require. We are currently using Observium and Cacti to monitor resource utilization. In order to connect the servers with the observium/Cacti, we have to configure SNMPD in the server. You may follow below guideline to install it in CentOS servers. Test Environment: CentOS 7   Step 1: Install SNMPD. [root@vps ~]# yum install net-snmp net-snmp-utils -y   Step 2: Verify that it is set to start at startup [root@vps ~]# systemctl enable snmpd   Step 3: Rename the existing snmpd.conf file and create a new one. [root@vps ~]#mv /etc/snmp/snmpd.conf   /etc/snmp/snmpd.conf.ori [root@vps ~]#touch /etc/snmp/snmpd.conf   Step 4: Configure ...

We have to regularly monitor server resources e.g. CPU, RAM, Storage, Network Bandwidth Utilization as a day-to-day activity. By monitoring the resources, we may find out the exact cause of any incident that might occur due to full resource utilization. It can guide us to increase the resources as well if require. We are currently using Observium and Cacti to monitor resource utilization. In order to connect the servers with the observium/Cacti, we have to configure SNMPD in the server. You may follow below guideline to install it in Ubuntu servers. Test Environment: Ubuntu 16.04 LTS and Ubuntu 18.04 LTS   Step 1: Install SNMPD. root@mail:~# apt-get install snmpd   Step 2: Rename the existing snmpd.conf file and create a new one. root@mail:~#mv /etc/snmp/snmpd.conf   /etc/snmp/snmpd.conf.ori root@mail:~# touch /etc/snmp/snmpd.conf   Step 3: Configure the SNMP community string. root@mail:~# vim /etc/snmp/snmpd.conf rocommunity mystring@3...

I have been working on WHM/cPanel service since long. Sometimes, we get request from our customer that they would like to manage their VPS fully/partially. In such cases, we can directly provide them root user access or we can provide some privileges access based on the requirement. Here, I shall describe how to achieve the goal. Step 1: Login to shell by using root account. Step 2: Create desired user. In this case it is newuser. You have to change the username as per your requirement. [root@vps ~]#useradd newuser [root@vps ~]#passwd newuser [root@vps ~]#usermod -aG wheel newuser [root@vps ~]#echo "newuser:all" >> /var/cpanel/resellers After performing the above operation, you will be able to login into the system using ssh and WHM. This “newuser” has the full privilege in the system. Suppose, you need a user with some privileged access. You may provide such permission following below procedure. Step 3: Login to WHM using root account Step 4: Se...

In general, there are multiple administrators who manage the mail server. It is wise to use separate administrative account to access in admin portal. It will help to identify the activities performed by an administrator. This article guides you to create an admin account and to provide administrative privileges on an existing account. Create a new admin account: zimbra@mail:~$ zmprov ca newadmin@domain.com newPassword zimbraIsAdminAccount TRUE It will create an admin account with full privilege. Provide administrative privilege to an existing account: zimbra@mail:~$ zmprov ma olduser@domain.com zimbraIsAdminAccount TRUE To change the password for the olduser: zimbra@mail:~$ zmprov sp olduser@domain.com newpassword

I was working on upgrading Zimbra version. After upgrading the Zimbra package, I found an error like below while checking Zimbra log. Error: Apr 29 21:34:46 hmail postfix/postdrop[24236]: warning: mail_queue_enter: create file maildrop/808948.24236: Permission denied Solution: I solved it by executing below commands. zimbra@mail:~$ postfix stop /postfix-script: stopping the Postfix mail system zimbra@mail:~$ killall postdrop zimbra@mail:~$ postfix start /postfix-script: starting the Postfix mail system   I again checked the Zimbra log and error has been disappeared.

Objective:  Install a Comodo/Sectigo Domain Validation (DV) SSL certificate in Zimbra. We usually get the below four files from Sectigo in the certificate bundle. The file name may vary depending on the certificate type 1.     yourdomain.com.crt - main certificate 2.     AAACertificateServices.crt – Root Certificate 3.     USERTrustRSAAAACA.crt – Intermediate Certificate - 1 4.     SectigoRSADomainValidationSecureServerCA.crt - Intermediate Certificate - 2 Step 1:  We shall create two files as below. commercial_ca.crt (includes root certificate and two intermediate certificates) commercial.crt (includes main certificate, root certificate and two intermediate certificates) Step 2:  Login to Zimbra server, move to directory /opt/zimbra/ssl/zimbra/commercial and create two files as below. root@mail:~# cd /opt/zimbra/ssl/zimbra/commercial/ root@mail:/opt/zimbra/ssl/zimbra/comme...

Email security is very important now a days. We always look for inbound email security. However, it is very much important to enhance security for outbound emails too for successful email delivery to the recipient inbox. DomainKeys Identified Mail (DKIM) provides an organization to take responsibility for a message that is in transit. The sending server reputation is responsible for successful email delivery. DKIM provides the message is not being altered in the transmission of message till delivery of it. Technically DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication. In some cases, we have generate 1024 bit DKIM key due to old Zimbra version or lack of support 2048 bit key in DNS servers. The below steps should be performed to achieve the goal of publishing 1024 bit DKIM key. Generate DKIM Key: DKIM signing is done at the domain level, including alias domains. Setting up signing consists of two p...

Email security is very important now a days. We always look for inbound email security. However, it is very much important to enhance security for outbound emails too for successful email delivery to the recipient inbox. DomainKeys Identified Mail (DKIM) provides an organization to take responsibility for a message that is in transit. The sending server reputation is responsible for successful email delivery. DKIM provides the message is not being altered in the transmission of message till delivery of it. Technically DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication. Good Practices: Configure DKIM for all the sending domain.  Configure 2048 bit DKIM key. Change DKIM key in each year to avoid possible attacks. Generate DKIM Key: DKIM signing is done at the domain level, including alias domains. Setting up signing consists of two parts. I. Generate DKIM data. II. U pdating the DNS server w...