How to configure Zimbra + CSF

CSF is one of the best opensource firewalls that using in most of the hosting servers like cPanel and Directadmin . Also it is one of the best firewall for installing Zimbra Mail server . This documentation will help you to configure the CSF firewall in a Zimbra Standalone installation server.

Before starting the installation , you may need to read the documentation available on http://wiki.zimbra.com/wiki/Ports , this will help you to get a quick understanding of ports that required to open in a Zimbra server.

Install CSF :

rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh
Next, test whether you have the required iptables modules:

perl /etc/csf/csftest.pl

Don't worry if you cannot run all the features, so long as the script doesn't
report any FATAL errors

After that open the CSF configuration and enable the following ports,
TCP_IN = "22,25,53,80,110,143,443,465,587,993,995,7071"
TCP_OUT = "22,25,53,80,110,113,443,465,587,993,995,7071"

Now you need to open the file /etc/csf/csf.pignore and add the following zimbra packages paths.

exe:/opt/zimbra/amavisd/sbin/amavisd
exe:/opt/zimbra/clamav/bin/freshclam
exe:/opt/zimbra/clamav/sbin/clamd
exe:/opt/zimbra/cyrus-sasl/sbin/saslauthd
exe:/opt/zimbra/httpd-2.4.3/bin/httpd
exe:/opt/zimbra/httpd/bin/rotatelogs
exe:/opt/zimbra/java/bin/java
exe:/opt/zimbra/libexec/logswatch
exe:/opt/zimbra/libexec/zmmailboxdmgr
exe:/opt/zimbra/mysql/bin/mysqld
exe:/opt/zimbra/opendkim/sbin/opendkim
exe:/opt/zimbra/openldap/sbin/slapd
exe:/opt/zimbra/postfix/libexec/master

This will help to white list these binaries in CSF

Now you can start the CSF as follows and test it.

# /etc/init.d/csf start

You may need to test the mail server and its functionalities . After that you can disable the testing mode in csf.conf and reload CSF. You can also perform other generic CSF tweaks after that.

3 Responses on this post

  1. Please help,

    when installing I get:

    zimbra-proxy …. ….done

    Can´t locate Tie/Hash.pm ib @INC (@INC contains: …….) at /opt/zimbra/zimbramon/lib/Net/LDAP.pm line 10

    BEGIN failed – compilation aborted at opt/zimbra/zimbramon/lib/Net/LDAP.pm line 10

    compilation failed in require at /opt/zimbra/libexec/zmsetup.pl line 22

    BEGIN failed – compilation aborted at /opt/zimbra/libexec/zmsetup.pl line 22

    1. Yeah, That’s a perl issue.

      Run the below command and let us know the return ?

      dpkg -L perl-modules | grep Hash

      If it doesn’t return anything then you need to install the Perl-modules .

      You can install perl using the following tutorial .

      If you are using Red Hat Linux then use up2date command to install most common modules:

      # up2date module-name

      Use following command to list all supported modules:
      # up2date –showall | grep -i ‘perl’

      OR use yum command under CentOS/RHEL 5/Fedora core:
      # yum list available ‘perl’

      If you are using Debian Linux, try to use apt-get command to install common perl module. However following is the recommended way to install a perl module.

      A) Start CPAN Shell:

      # perl -MCPAN -e shell

      B) Install a perl module:

      At cpan> shell prompt install module using install module::Name command. For example install module called MIME::Lite:

      # cpan> install MIME::Lite

      Alternatively, try out the following command:
      # cpan -i MIME::Lite

      Let us know if you still face any errors .

Leave a Reply

Your email address will not be published. Required fields are marked *