CentOS Linux Server Guide

CentOS Mail Server

Installing Zimbra Collaboration Server on CentOS
(Part 2: Prepare CentOS 6 Prerequisite Requirement)

Step1: Update CentOS Linux

# yum -y update
Step2: Install prerequisite package for Zimbra installation
#yum - y install sudo sysstat gmp libidn libstdc++ bind bind-chroot bind-libs bind-utils wget
php perl nc sqlite

Step3 : Stop postfix services

The default CentOS come with Postfix automatically, we need to stop it
# service posftfix status
Stop the postfix services and turn the posftfix off from startup
# service postfix stop
# chkconfig postfix off
Step4 : Stop selinux
We need to disable selinux completely. Else, we have lots of startup issues, if you can find a solution to this
matter, please share with us.
# vi /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
Step5 : Add in New rules for Iptables (Linux firewall)
We need add ports to firewall to access from external, there are POP3, POP3s, SSL, Zimbra Admin (7071),
SMTP.
# vi /etc/selinux/config
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

-A INPUT -p icmp -j ACCEPT

-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 7071 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 995 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 587 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
Next, remember to save and reboot the iptables service.
# vi /etc/selinux/config
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 7071 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 995 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 587 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
Finally, List the rules that we created.
[root@mail ~]# vi /etc/sysconfig/iptables
[root@mail ~]# service iptables restart
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
[root@mail ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:7071
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pop3s
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:submission
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)

target prot opt source destination

REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Verify the if our opening ports by running the following command
[root@mail ~]# netstat -tulpn | more
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address Stat e PID/Program name
tcp 0 0 192.168.142.7:389 0.0.0.0:* LIST
EN 1262/slapd
tcp 0 0 127.0.0.1:10663 0.0.0.0:* LIST
EN 2039/zmlogger: zmrr
tcp 0 0 127.0.0.1:10024 0.0.0.0:* LIST
EN 3115/amavisd (maste
tcp 0 0 0.0.0.0:5672 0.0.0.0:* LIST
EN 1151/qpidd
tcp 0 0 127.0.0.1:10025 0.0.0.0:* LIST
EN 3764/master
tcp 0 0 127.0.0.1:10026 0.0.0.0:* LIST
EN 3115/amavisd (maste
tcp 0 0 127.0.0.1:7306 0.0.0.0:* LIST
EN 2738/mysqld
tcp 0 0 0.0.0.0:587 0.0.0.0:* LIST
EN 3764/master
tcp 0 0 0.0.0.0:110 0.0.0.0:* LIST
EN 3032/java
tcp 0 0 0.0.0.0:143 0.0.0.0:* LIST
EN 3032/java
tcp 0 0 127.0.0.1:80 0.0.0.0:* LIST
EN 3032/java
tcp 0 0 127.0.0.1:8465 0.0.0.0:* LIST
EN 3784/opendkim
tcp 0 0 0.0.0.0:465 0.0.0.0:* LIST
EN 3764/master
tcp 0 0 0.0.0.0:7025 0.0.0.0:* LIST
EN 3032/java
tcp 0 0 192.168.142.7:53 0.0.0.0:* LIST
EN 1093/named
tcp 0 0 0.0.0.0:22 0.0.0.0:* LIST
EN 1140/sshd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LIST
EN 3764/master
tcp 0 0 127.0.0.1:953 0.0.0.0:* LIST
EN 1093/named
tcp 0 0 0.0.0.0:443 0.0.0.0:* LIST
EN 3032/java
tcp 0 0 0.0.0.0:7071 0.0.0.0:* LIST
EN 3032/java
tcp 0 0 0.0.0.0:7072 0.0.0.0:* LIST
EN 3032/java
tcp 0 0 0.0.0.0:993 0.0.0.0:* LIST
EN 3032/java
tcp 0 0 0.0.0.0:995 0.0.0.0:* LIST
EN 3032/java
tcp 0 0 127.0.0.1:7171 0.0.0.0:* LIST
EN 1404/java
tcp 0 0 :::7047 :::* LIST
EN 2040/httpd
tcp 0 0 :::5672 :::* LIST

EN 1151/qpidd
tcp 0 0 ::1:53 :::* LIST
EN 1093/named
tcp 0 0 :::22 :::* LIST
EN 1140/sshd
tcp 0 0 ::1:953 :::* LIST
EN 1093/named
tcp 0 0 :::7780 :::* LIST
EN 3501/httpd
udp 0 0 0.0.0.0:36081 0.0.0.0:*
1404/java
udp 0 0 192.168.142.7:53 0.0.0.0:*
1093/named
udp 0 0 ::1:53 :::*
1093/named
Its OK.We are now ready for our CentOS Linux Server setup and move on for our Zimbra 8 installation.

Read More about Zimbra Collaboration Server Setup

CentOS Server Guide by http://www.1a-centosserver.com is licensed under Creative Commons Attribution-NonCommercial-ShareAlike 3.0
Unported License. All trademarks are the property of their respective owners.
Contact Us | Privacy Policy