CSF is one of the best opensource firewalls that using in most of the hosting servers like cPanel and Directadmin . Also it is one of the best firewall for installing Zimbra Mail server . This documentation will help you to configure the CSF firewall in a Zimbra Standalone installation server.
Before starting the installation , you may need to read the documentation available on http://wiki.zimbra.com/wiki/Ports , this will help you to get a quick understanding of ports that required to open in a Zimbra server.
Install CSF :
rm -fv csf.tgz wget http://www.configserver.com/free/csf.tgz tar -xzf csf.tgz cd csf sh install.sh
Next, test whether you have the required iptables modules: perl /etc/csf/csftest.pl Don't worry if you cannot run all the features, so long as the script doesn't report any FATAL errors After that open the CSF configuration and enable the following ports,
TCP_IN = "22,25,53,80,110,143,443,465,587,993,995,7071" TCP_OUT = "22,25,53,80,110,113,443,465,587,993,995,7071"
Now you need to open the file /etc/csf/csf.pignore and add the following zimbra packages paths.
exe:/opt/zimbra/amavisd/sbin/amavisd exe:/opt/zimbra/clamav/bin/freshclam exe:/opt/zimbra/clamav/sbin/clamd exe:/opt/zimbra/cyrus-sasl/sbin/saslauthd exe:/opt/zimbra/httpd-2.4.3/bin/httpd exe:/opt/zimbra/httpd/bin/rotatelogs exe:/opt/zimbra/java/bin/java exe:/opt/zimbra/libexec/logswatch exe:/opt/zimbra/libexec/zmmailboxdmgr exe:/opt/zimbra/mysql/bin/mysqld exe:/opt/zimbra/opendkim/sbin/opendkim exe:/opt/zimbra/openldap/sbin/slapd exe:/opt/zimbra/postfix/libexec/master
This will help to white list these binaries in CSF
Now you can start the CSF as follows and test it.
# /etc/init.d/csf start
You may need to test the mail server and its functionalities . After that you can disable the testing mode in csf.conf and reload CSF. You can also perform other generic CSF tweaks after that.
Thanks for the tutorial, IT really comes handy for my new CSF
Please help,
when installing I get:
zimbra-proxy …. ….done
Can´t locate Tie/Hash.pm ib @INC (@INC contains: …….) at /opt/zimbra/zimbramon/lib/Net/LDAP.pm line 10
BEGIN failed – compilation aborted at opt/zimbra/zimbramon/lib/Net/LDAP.pm line 10
compilation failed in require at /opt/zimbra/libexec/zmsetup.pl line 22
BEGIN failed – compilation aborted at /opt/zimbra/libexec/zmsetup.pl line 22
Yeah, That’s a perl issue.
Run the below command and let us know the return ?
dpkg -L perl-modules | grep Hash
If it doesn’t return anything then you need to install the Perl-modules .
You can install perl using the following tutorial .
If you are using Red Hat Linux then use up2date command to install most common modules:
# up2date module-name
Use following command to list all supported modules:
# up2date –showall | grep -i ‘perl’
OR use yum command under CentOS/RHEL 5/Fedora core:
# yum list available ‘perl’
If you are using Debian Linux, try to use apt-get command to install common perl module. However following is the recommended way to install a perl module.
A) Start CPAN Shell:
# perl -MCPAN -e shell
B) Install a perl module:
At cpan> shell prompt install module using install module::Name command. For example install module called MIME::Lite:
# cpan> install MIME::Lite
Alternatively, try out the following command:
# cpan -i MIME::Lite
Let us know if you still face any errors .