Hello everyone, it's been a while! Good to see many who've made progress on this script here is the updated version for 10.1.7. I tested it myself the repos have been updated and all works well, this is just for installation only. This does not include getting a lets encrypt certificate which can be found in the first post.
This has been updated for Ubuntu 22.04 as of 4/29/2025
So here we go!
I will use my test domain mx.innotel.us for demonstration purposes which is a live server.
Reboot your system for settings to take effect
Reboot your system again for settings to take effect before final installation.
Extra bonus to add zextras theme
Any questions feel free to reach out.
Also if you just wanted to build it on your system follow these instructions below
This has been updated for Ubuntu 22.04 as of 4/29/2025
So here we go!
I will use my test domain mx.innotel.us for demonstration purposes which is a live server.
Code:
cd /usr/src#Install Deps Ubuntuapt update && apt -y upgradeapt -y install gcc make g++ openssl libxml2-dev perl net-tools gnupg2 locate mlocate git software-properties-common openjdk-8-jdk ant ant-optional ruby git maven build-essential#Stop & Remove Postfixsystemctl stop postfixapt -y remove postfix#Install Webmin for Administrationcd /usr/srcwget https://www.webmin.com/download/deb/webmin-current.debdpkg -i webmin-current.debapt -fy install#Set Hostnamehostnamectl set-hostname mx.innotel.us --static#Disable Firewall & Rebootsystemctl stop ufwsystemctl disable ufwrebootCode:
#Install Zimbra#Add Zimbra Keyringapt-key adv --keyserver keyserver.ubuntu.com --recv-keys 9BE6ED79#Update Packagesapt update#Disable systemd-resolved Stubsudo sed -r -i.orig 's/#?DNSStubListener=yes/DNSStubListener=no/g' /etc/systemd/resolved.confsudo systemctl disable systemd-resolvedsudo systemctl stop systemd-resolvedsudo unlink /etc/resolv.confecho -e "nameserver 127.0.0.1\nnameserver 1.1.1.1" | sudo tee /etc/resolv.confapt -y install dnsmasqunlink /etc/dnsmasq.conftee /etc/dnsmasq.conf<<EOFserver=1.1.1.1listen-address=127.0.0.1domain=innotel.usmx-host=innotel.us,mx.innotel.us,0address=/mx.innotel.us/192.168.1.194EOFservice dnsmasq restart#Edit Hostsnano /etc/hosts127.0.0.1 localhost.localdomain localhost::1 localhost.localdomain localhost192.168.1.194 mx.innotel.us mxsudo tee -a /etc/sysctl.conf<<EOFnet.ipv6.conf.all.disable_ipv6 = 1net.ipv6.conf.default.disable_ipv6 = 1net.ipv6.conf.lo.disable_ipv6 = 1EOFsudo sysctl -p#Make sure Iptables is disabledsystemctl stop iptablessystemctl disable iptablessystemctl stop ip6tablessystemctl disable ip6tablesiptables -FrebootCode:
#Install Zimbracd /usr/srcwget https://repo.innotel.us/zcs-10.1.7_GA_1000.UBUNTU22_64.20250429174407.tgztar zxf zcs-10.1.7_GA_1000.UBUNTU22_64.20250429174407.tgzcd zcs-10.1.7_GA_1000.UBUNTU22_64.20250429174407./install.shN for zimbra-dnscache PackageN for OnlyOffice Package7,4 <set password>1,7,37 <set timezone> (America/New_York)r,a,Yes,[Enter],[Enter],Yes <complete setup>#Redirect to HTTPS onlysu zimbrazmprov ms `zmhostname` zimbraReverseProxyMailMode redirectzmprov ms mail.innotel.us zimbraMtaLmtpHostLookup nativezmprov mcf zimbraMtaLmtpHostLookup nativezmproxyctl restartexit#Optional - Create Swapdd if=/dev/zero of=/opt/zimbra/1024Mb.swap bs=1M count=1024chmod 600 /opt/zimbra/1024Mb.swapmkswap /opt/zimbra/1024Mb.swapswapon /opt/zimbra/1024Mb.swap#Install LetsEncrypt SSL Certificatecd /usr/srcapt updateapt -y install python3 python3-venv libaugeas0 libaugeas-dev python3-pipapt -y remove certbotpython3 -m venv /opt/certbot//opt/certbot/bin/pip install --upgrade pip/opt/certbot/bin/pip install certbot certbot-apacheln -s /opt/certbot/bin/certbot /usr/bin/certbot#Automatic renewal setupecho "0 0,12 * * * root /opt/certbot/bin/python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew --force-renewal --preferred-chain "ISRG Root X1"" | tee -a /etc/crontab > /dev/null#Monthly Update for Certbot/opt/certbot/bin/pip install --upgrade certbot certbot-apache#If errorssudo rm -rf /opt/certbot#Stop Zimbra Mailbox & Proxysu zimbrazmproxyctl stopzmmailboxdctl stopexit#Request Certificate##ENABLE HTTP SERVICE ON ZIMBRA IF NECESSARY FOR CERTBOT# sudo su - zimbra# zmprov ms `zmhostname` zimbraReverseProxySSLToUpstreamEnabled FALSE# /opt/zimbra/libexec/zmproxyconfig -e -w -o -a 8080:80:8443:443 -x both -H mx.innotel.us# zmcontrol stop # zmcontrol start# exitcertbot certonly --key-type rsa --preferred-chain "ISRG Root X1" --standalone -d mx.innotel.us#PrivKey/etc/letsencrypt/live/mx.innotel.us/privkey.pem#Cert/etc/letsencrypt/live/mx.innotel.us/fullchain.pem#Add ISRG Root Certificatewget --no-check-certificate -O /tmp/ISRG-X1.pem https://letsencrypt.org/certs/isrgrootx1.pem.txtcat /tmp/ISRG-X1.pem >> /etc/letsencrypt/live/mx.innotel.us/fullchain.pem#Make Lets Encrypt Zimbra Directorymkdir /opt/zimbra/ssl/letsencryptcp /etc/letsencrypt/live/mx.*/* /opt/zimbra/ssl/letsencrypt/#Set Permissionschown zimbra:zimbra /opt/zimbra/ssl/letsencrypt/*#Verify Certificatesu zimbracd /opt/zimbra/ssl/letsencrypt/opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem fullchain.pem#Make Backup & Create Commercial Keycp -a /opt/zimbra/ssl/zimbra /opt/zimbra/ssl/zimbra.$(date "+%Y%m%d")cp /opt/zimbra/ssl/letsencrypt/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key#Deploy Certificate/opt/zimbra/bin/zmcertmgr deploycrt comm cert.pem fullchain.pem#Start Zimbra Mailbox & Proxyzmproxyctl startzmmailboxdctl startexit#Remove Unnecessary filesapt -y autoremove#If you receive snap loop messages or emails#Disable snap reporting emailsdf -Th #Check for /dev/loop and edit the line below to fit the number of loopssu - zimbra zmlocalconfig -e zmstat_df_excludes='/dev/loop0:/dev/loop1:/dev/loop2:/dev/loop3:/dev/loop4:/dev/loop5:/dev/loop6'zmstatctl restart exitswapoff -aCode:
#Add Zextras Zimbra Themecd /usr/srcwget https://repo.innotel.us/zextras-theme-ubuntu.tgzunzip zextras-theme-ubuntu.tgzcd zextras-theme-installerchmod +x install.sh./install.sh <enter> <enter>su - zimbra -c 'zmskindeploy /opt/zimbra/jetty/webapps/zimbra/skins/zextras/'Any questions feel free to reach out.
Also if you just wanted to build it on your system follow these instructions below
Code:
cd /usr/srcmkdir installer-buildcd installer-buildgit clone --depth 1 --branch 10.1.6 https://github.com/Zimbra/zm-build.gitcd zm-buildENV_CACHE_CLEAR_FLAG=true ./build.pl --ant-options -DskipTests=true --git-default-tag=10.1.7,10.1.6,10.1.5,10.1.4,10.1.3,10.1.2,10.1.1,10.1.0 --build-release-no=10.1.7 --build-type=FOSS --build-release=DAFFODIL --build-release-candidate=GA --build-thirdparty-server=files.zimbra.com --no-interactiveStatistics: Posted by innotelinc — Mon Apr 28, 2025 8:18 pm