How to configure Zimbra with CSF

CSF is one of the best opensource firewalls that using in most of the hosting servers like cPanel and Directadmin . Also it is one of the best firewall for installing Zimbra Mail server. This documentation will help you How to configure Zimbra with CSF.

We have developed an SPI iptables firewall that is straight-forward, easy and
flexible to configure and secure with extra checks to ensure smooth operation.

csf can be used on any (supported – see the website) generic Linux OS.

The csf installation includes preconfigured configurations and control panel
UI’s for cPanel, DirectAdmin and Webmin

Directory structure:


 /etc/csf/ - configuration files
 /var/lib/csf/ - temporary data files
 /usr/local/csf/bin/ - scripts
 /usr/local/csf/lib/ - perl modules and static data
 /usr/local/csf/tpl/ - email alert templates

Before starting the installation, you may need to read the documentation available on http://wiki.zimbra.com/wiki/Ports, this will help you to get a quick understanding of ports that required to open in a Zimbra server.

Install CSF :

You can download CSF from http://configserver.com/cp/csf.html and install it . After that open the CSF configuration and enable the following ports,

TCP_IN = "22,25,53,80,110,143,443,465,587,993,995,7071"
TCP_OUT = "22,25,53,80,110,113,443,465,587,993,995,7071"

Now you need to open the file /etc/csf/csf.pignore and add the following zimbra packages paths.

exe:/opt/zimbra/amavisd/sbin/amavisd
exe:/opt/zimbra/clamav/bin/freshclam
exe:/opt/zimbra/clamav/sbin/clamd
exe:/opt/zimbra/cyrus-sasl/sbin/saslauthd
exe:/opt/zimbra/httpd-2.4.3/bin/httpd
exe:/opt/zimbra/httpd/bin/rotatelogs
exe:/opt/zimbra/java/bin/java
exe:/opt/zimbra/libexec/logswatch
exe:/opt/zimbra/libexec/zmmailboxdmgr
exe:/opt/zimbra/mysql/bin/mysqld
exe:/opt/zimbra/opendkim/sbin/opendkim
exe:/opt/zimbra/openldap/sbin/slapd
exe:/opt/zimbra/postfix/libexec/master
This will help to white list these binaries in CSF

Now you can start the CSF as follows and test it.

# /etc/init.d/csf start

You may need to test the mail server and its functionalities . After that you can disable the testing mode in csf.conf and reload CSF. You can also perform other generic CSF tweaks after that.

YOU CAN SUPPORT DEVNINJA WITH A CUP OF COFFEE

As we continue to grow, we would wish to reach and impact more people who visit and take advantage of the guides we have on our blog. This is a big task for us and we are so far extremely grateful for the kind people who have shown amazing support for our work over the time we have been online. to search or browse the published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or more ) as a token of appreciation.

How to configure Zimbra with CSF

YOU CAN SUPPORT DEVNINJA WITH A CUP OF COFFEE

How to Install Go Golang on CentOS 7 RHEL 7

How to Change SSH Port When Selinux is Enable on CentOS Linux 7

How to solve the problem “CHECK_NRPE: (ssl_err != 5) Error Nagios

LEAVE A REPLY Cancel reply

Most Popular

Argo CD server address unspecified

Install Helm on CentOS 7

How to Install Go Golang on CentOS 7 RHEL 7

vCenter Server SSH received disconnect Too many authentication failures

Recent Comments

EDITOR PICKS

How to Install an LetsEncrypt SSL Certificate on Zimbra Mail Server (UPDATE!)

Get Mailbox usage report Zimbra

POPULAR POSTS

Argo CD server address unspecified

Install Helm on CentOS 7

How To Recovery Losing ec2 KeyPair

POPULAR CATEGORY

ABOUT US

FOLLOW US