Posted on

existing code to bitbucket

Let’s assume you ‘ve got setup a small project locally and it’s time to add it to bitbucket.

All you need to know is: https://confluence.atlassian.com/bitbucketserver/importing-code-from-an-existing-project-776640909.html

There are a couple of details though that could make your life difficult if you don’t pay the proper attention:

  • Locally: 
git init
git add --all
git commit -m "Initial Commit"
  • Bitbucket: create a repo (but pay attention!) without adding any READMEs. Repo must be empty, otherwise upload will fail! Now, use clone button top-right corner && copy URL.
  • Locally (once again): 
git remote add origin {{copied_url}} 
git push -u origin master

Done!

Posted on

How to merge two zimbra mailboxes

SSH into your zimbra server.

Change to zimbra server: 

su - zimbra

Now type:

/opt/zimbra/bin/zmmailbox -z -m old@example.tld getRestURL "//?fmt=tgz" > /tmp/temp.tgz && /opt/zimbra/bin/zmmailbox -z -m new@example.tld postRestURL "//?fmt=tgz&resolve=modify" /tmp/temp.tgz

Make sure you replace old@example.tld and new@example.tld with proper addresses.

Posted on

xampp + php + curl + ssl = fatal_error

If you use xampp with php and curl you might encounter an error like this:

Fatal error: Uncaught exception 'HttpClientException' with message 'cURL Error: SSL certificate problem: unable to get local issuer certificate' in HttpClient.php

If this is the case the solution is easy:

  1. Download cacert.pem from official curl page https://curl.haxx.se/docs/caextract.html
  2. Copy cacert.pem to c:\xampp\cacert.pem (assuming your xampp installation resides on c:\xampp)
  3. Make sure mod_ssl in enabled on apache (assuming your apache configurations are lying on C:\xampp\apache\conf). Open httpd.conf and make sure line LoadModule ssl_module modules/mod_ssl.so is not commented. Comments are prefixed with #. Disable comment simply by removing #.
  4. Now open php.ini (assuming php.ini is C:\xampp\php). Proportionally to the apache config, locate line extension=php_openssl.dll, remove comment (by deleting #). Make sure you have php_openssl.dll in C:\xampp\php\ext although there’s no reason not have it, I guess if this is the case, you should check the whole xampp installation.
  5. Stay a little bit on php.ini and add the following entries: 
    curl.cainfo="C:/xampp/cacert.pem"
openssl.cafile="C:/xampp/cacert.pem"

    Make sure the paths are correct according to what you have determined in step 1.

  6. This is not required, but if you like keep things tidy in php.ini, move curl.cainfo and openssl.cafile to the proper sections of the php.ini  [curl] and [openssl] respectively.
  7. Restart apache, otherwise your changes won’t have any effect. Reload your page and the error should have been removed.

I hope you’ve found this useful.

 

 

Posted on

zimbra: multiple letsencrypt certificates and Unable to start TLS error

The following guide is tested against zimbra 8.8: Installing a Let’s Encrypt SSL Certificate

If this error occurs: ‘Unable to start TLS: hostname verification failed when connecting to ldap master.
make sure you have included your hostname in your letsencrypt signing domains and follow the guide once again.
For instance, if your hostname is mail5.example.com, use letsencrypt to sign mail5.example.com along with all other domains.

Example:

root@mail5.example.com:~/tmp/letsencrypt# ./letsencrypt-auto certonly --standalone -d mail5.example.com -d mail.example.com -d webmail.example.com -d mail.test.com -d webmail.test.com

Make also sure you append https://www.identrust.com/certificates/trustid/root-download-x3.html to chain.pem

The whole procedure seems a bit tricky but actually it’s easy and it works.

Hopefully, some clever people have developed a bunch of scripts to automate the whole procedure, not all of them work in all cases. We have successfully tested the first automated method (https://github.com/VojtechMyslivec/letsencrypt-zimbra/) and it works great, as long as you keep incuding hostname in your config to avoid the “Unable to start TLS” error.

So open up your config at:

/opt/letsencrypt-zimbra/letsencrypt-zimbra.cfg

And edit the line with common names:


common_names=( "mail5.example.com" "mail.example.com" "webmail.example.com" "mail.test.com" "webmail.test.com" )

 

Automated method installation instructions are very simple – just follow them here: https://github.com/VojtechMyslivec/letsencrypt-zimbra/

The manual method, although hasn’t any real difficulties, has some steps though that might prove a nightmare when it comes to renew certs every 3 months for letsencrypt certs. Anyhow, for all of you manual people, steps are the following:

  • Stop zimbra services: zmcontrol stop
  • Use letsencrypt to fetch the certificates: ./letsencrypt-auto certonly --standalone -d mail5.example.com -d mail.example.com -d webmail.example.com -d mail.test.com -d webmail.test.com. If asked, select expand (E).
  • Append missing certificate to chain.pem
  • Copy created certificates to zimbra location: cp /etc/letsencrypt/live/mail5.example.com/* /opt/zimbra/ssl/letsencrypt/
  • Set rights: chown zimbra:zimbra /opt/zimbra/ssl/letsencrypt/*
  • Login as zimbra: su - zimbra
  • Goto certificates path: cd /opt/zimbra/ssl/letsencrypt
  • Check certificate validity: /opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem chain.pem
  • Take a backup: cp -a /opt/zimbra/ssl/zimbra /opt/zimbra/ssl/zimbra.$(date "+%Y%m%d")
  • Deploy certificates to zimbra installation: /opt/zimbra/bin/zmcertmgr deploycrt comm cert.pem chain.pem
  • Restart zimbra: zmcontrol restart
Posted on

how to configure dkim on zimbra

Just type the following:


su - zimbra
/opt/zimbra/libexec/zmdkimkeyutil -a -d example.com

Then add the output to a txt record in your dns config.

Check your configuration using this link:

https://mxtoolbox.com/dkim.aspx

Posted on

migrate from zimbra to zimbra

Guide below is tested against zimbra 8.6, 8.7, 8.8. It’s not a full zimbra to zimbra migration, missed some things, but it works to migrating most important stuff. There might also exist some minor bugs, but if you have a basic experience in linux shell you won’t have a problem tweaking commands.

Zimbra Server Migration and Zimbra Account Transfer – The Perfect Method

There’s also this link provided by zimbra official wiki, but it’s not at all tested by our team:

https://wiki.zimbra.com/index.php?title=Open_Source_Edition_Backup_Procedure

Posted on

install certbot on ubuntu 16.04

On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you’ll need to do is apt-get the following packages.

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-apache

Reference: https://help.ubuntu.com/community/Repositories/Ubuntu#Adding_PPAs

Posted on

protect zimbra from memcached attack

Spoofing

Zimbra uses memcached and if not properly configured could lead to a vulnerable system.

If you want to read more on memcached attack read this:

https://blog.cloudflare.com/memcrashed-major-amplification-attacks-from-port-11211/

How to resolve this vulnerability in 3 steps:

  1. Enable firewall on your server
  2. Setup zimbra specific rules
  3. Bind memcached to localhost
  4. Deny memcached port from localhost

Let’s start.

Continue reading “protect zimbra from memcached attack”