CentOS 7.x Configure or optimize new Zimbra installation
<yambe:breadcrumb self="Configure or optimize new zimbra installation">CentOS_7.x_Zimbra_configuration|Zimbra configuration</yambe:breadcrumb>
CentOS 7.x Configure or optimize new Zimbra installation
Skype zimlet is useful only for skype based calling. If skype based calling is not used it can be disabled using:
- Go to configure -> Class of service
- Right click Default and choose edit
- Under Zimlets, disable com_zimbra_phone and click save.
Enable compression of email data
Enable compression of email data (adds to CPU usage) using:
- Go to configure -> Servers
- Right click on server and click edit
- Go to volumes.
- Choose the data volume (while avoiding compression of index volume) and click edit
- Enable checkmark for "Compress blobs" and click ok.
Configure Zimbra for relay for another servers
Refer CentOS 7.x Zimbra MTA configuration and use command-line as corresponding UI is buggy.
Configure Zimbra to log subjects in zimbra.log
It might make it easier to debug issues if subjects are also logged in zimbra.log. To achieve that use:
su - zimbra echo '/^subject:/ WARN' > /opt/zimbra/conf/custom_header_check zmprov ms `hostname` zimbraMtaHeaderChecks 'pcre:/opt/zimbra/conf/postfix_header_checks regexp:/opt/zimbra/conf/custom_header_check' zmprov mcf zimbraMtaBlockedExtensionWarnRecipient FALSE zmmtactl restart
Refer
- https://forums.zimbra.org/viewtopic.php?t=5522
- https://forums.zextras.com/zimbra-howto/850-zimbra-log-subject-line.html
Disable SSL connections from Proxy to upstream servers
Do not use this as it is. This caused https access to webUI to fail.
To disable proxy to upstream secure connections use:
zmprov ms `hostname` zimbraReverseProxySSLToUpstreamEnabled FALSE zmproxyctl restart
Increase number of IMAP threads and connections
In case of considerable IMAP usage, it might make sense to do the following:
zmprov ms `hostname` zimbraImapMaxConnections 500 zmprov ms `hostname` zimbraImapNumThreads 500
Enable automatic anti-spam definitions update
It is useful feature to have automatic definition download and update. To enable it use:
zmlocalconfig -e antispam_enable_rule_updates=true zmlocalconfig -e antispam_enable_restarts=true zmlocalconfig -e antispam_enable_rule_compilation=true zmamavisdctl restart zmmtactl restart
Refer:
Configure Zimbra to use various anti-spam blacklists
To configure Zimbra to use various anti-spam blacklists use:
- Go to Configure -> Global Settings -> MTA
- Add following as client RBLs
- dsn.rfc-ignorant.org
- dul.dnsbl.sorbs.net
- sbl-xbl.spamhaus.org or zen.spamhaus.org
- bl.spamcop.net
- cbl.abuseat.org
- ix.dnsbl.manitu.net
- combined.rbl.msrbl.net
- rabl.nuclearelephant.com
- psbl.surriel.com
- b.barracudacentral.org
- bl.spamcop.net
- Add following as Client RHSBLs
- dbl.spamhaus.org
- Add following as Reverse client RHSBLs
- dbl.spamhaus.org
- Add following as Sender RHSBLs
- dbl.spamhaus.org
- Use following command as zimbra user:
- zmmtactl restart
On types of blacklists note:
- Client RBLs
- This is an IP-based blacklist. When the client IP address is backlisted, reject the email.
- Client RHSBLs
- Reject email when the client HELO or EHLO hostname is blacklisted.
- Reverse client RHSBLs
- Reject the email when the unverified reverse client hostname is blacklisted. Postfix will fetch the client hostname from PTR record. If the hostname is blacklisted, reject the email.
- Sender RHSBLs
- : Reject email when the MAIL FROM domain is blacklisted.
Some spammers use Google’s mail server, so reject_rhsbl_helo is ineffective, but most of them use their own domain names in the MAIL FROM header, so reject_rhsbl_sender will be effective.
Refer:
- https://wiki.zimbra.com/wiki/Anti-spam_Strategies
- https://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists
- https://www.linuxbabe.com/mail-server/block-email-spam-postfix
If issue is related to Zimbra server being used to send SPAM from compromised internal accounts then refer Prevent spam problem with Zimbra server
Refer:
<yambe:breadcrumb self="Configure or optimize new zimbra installation">CentOS_7.x_Zimbra_configuration|Zimbra configuration</yambe:breadcrumb>