How to Setup Zimbra Mail Server on Ubuntu 16

Zimbra collaboration suite has two flavors- Network edition and open source edition. In this tutorial we will explore quickest and easiest way to install zimbra ( free edition ) mail server along with other components like LDAP, antivirus, antispam, Amavis (amavisd-new) - Content checker, Aspell - Spell checker, MySQL and other collaboration features and a ajax webmail client. Zimbra recommends to disable firewall in the installation process, once installation has been successfully completed, enable the firewall and add the firewall rules to allow traffic to zimbra mailserver. It is also recommended to install ZCS in a fresh system.

System requirements

Ubuntu 16.04 with atleast 4 GB of RAM
Ubuntu Server IP -
Ubuntu Server FQDN -
DNS Server IP - ( Same server , advisable to keep it in a separate server in your network )
Gateway IP -
Domain name -

1. Configure hostname

Edit /etc/hosts and add the line mail. Change with the IP you want to use.

root@mail:~# cat /etc/hosts localhost mail

FQDN configuration

Also edit /etc/hostname and the line 'mail'

root@mail:~# cat /etc/hostname

Reboot the system and test the FQDN of your server with the command hostname -f and hostname.

root@mail:~# hostname -f

root@mail:~# hostname

If you are using any cloud based hosting service then make sure you have set the value of parameter preserve_hostname to true.

2. Install / Configure BIND DNS

We will install BIND name server in the same system where ZCS will be installed. You are free to install BIND name server in another system in your internal network.

Install bind9 by executing following command in the terminal.

# sudo apt-get install bind9 bind9utils

Now edit the file /etc/bind/named.conf and remove '//' from forwarders and add DNS server IP address like below.

forwarders {;;

root@mail:~# cat  /etc/bind/named.conf.options

options {
directory "/var/cache/bind";

forwarders {;;

dnssec-validation auto;

auth-nxdomain no;    # conform to RFC1035
listen-on-v6 { any; };

Edit  /etc/bind/named.conf.local  and add the following.

zone "" {
type master;
file "/etc/bind/";

zone "" {
type master;
file "/etc/bind/db.1.31.172";

zone "" {
type master;
file "/etc/bind/db.0.0.127";

Create and edit the file /etc/bind/ and add the following. Change the filename according to your domain name.

$TTL    604800
@       IN      SOA        (
030512  ; Serial
604800  ; Refresh
86400   ; Retry
2419200 ; Expire
604800 ); Negative Cache TTL
@                 IN      NS              mail
IN                MX    10               mail
IN                A                 
mail            IN       A      

Create and edit the file /etc/bind/db.0.0.127 and add the following.

@         IN      SOA (
2         ; Serial
8H      ; Refresh
2H       ; Retry
4W      ; Expire
1D)      ; Minimum TTL
1         PTR     localhost.

Create and edit the file  /etc/bind/db.1.31.172  and add the following.

@               IN       SOA (
1           ; Serial
8H       ; Refresh
2H       ; Retry
4W       ; Expire
1D)       ; Minimum TTL
10         PTR

Restart bind service

# /etc/init.d/bind9 restart

To configure static IP, Edit  /etc/network/interfaces and add the following. Change the values according to your network configuration.

source /etc/network/interfaces.d/*.cfg

auto eth0
iface eth0 inet static

Configure network interface

Also edit the file /etc/resolv.conf and add the following.


Resolve DNS ( /etc/resolv.conf )

Now test your nameservers dns record with dig

root@mail:~# dig

; <<>> DiG 9.10.3-P4-Ubuntu <<>>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33646
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

; EDNS: version: 0, flags:; udp: 4096
;               IN      A

;; ANSWER SECTION:                604800  IN      A

;; AUTHORITY SECTION:                604800  IN      NS

;; ADDITIONAL SECTION:        604800  IN      A

;; Query time: 1 msec
;; WHEN: Thu Aug 04 04:30:43 UTC 2016
;; MSG SIZE  rcvd: 95

root@mail:~# dig

; <<>> DiG 9.10.3-P4-Ubuntu <<>>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22708
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 4096
;                   IN      A

;; ANSWER SECTION:           27      IN      A

.                       2574    IN      NS
.                       2574    IN      NS
.                       2574    IN      NS
.                       2574    IN      NS
.                       2574    IN      NS
.                       2574    IN      NS
.                       2574    IN      NS
.                       2574    IN      NS
.                       2574    IN      NS
.                       2574    IN      NS
.                       2574    IN      NS
.                       2574    IN      NS
.                       2574    IN      NS

;; Query time: 11 msec
;; WHEN: Thu Aug 04 04:32:04 UTC 2016
;; MSG SIZE  rcvd: 268

Up to this point, we have configured FQDN of the server and a nameserver.

3. Download / Install Zimbra

First disable the firewall by executing the following command in the terminal..

# sudo service ufw disable
# sudo service iptables stop

Download zimbra using wget, extract it and run the installer inside the extracted directory.

# cd ~
# wget
# tar xf zcs-8.7.0_GA_1659.UBUNTU16_64.20160628202554.tgz
# cd zcs-8.7.0_GA_1659.UBUNTU16_64.20160628202554/
# ./

Now the installation will start. Read carefully and answer Yes/No or other values according to your configuration.

WARNING: ZCS is currently only supported on Ubuntu Server 12.04 and 14.04 LTS. You are attempting to install on Ubuntu 16.04.1 LTS which may not work. Support will not be provided if you choose to continue.

Do you wish to continue? [N] y

Operations logged to /tmp/install.log.4P2y60cn
Checking for existing installation...
zimbra-ldap...NOT FOUND
zimbra-logger...NOT FOUND
zimbra-mta...NOT FOUND
zimbra-dnscache...NOT FOUND
zimbra-snmp...NOT FOUND
zimbra-store...NOT FOUND
zimbra-apache...NOT FOUND
zimbra-spell...NOT FOUND
zimbra-convertd...NOT FOUND
zimbra-memcached...NOT FOUND
zimbra-proxy...NOT FOUND
zimbra-archiving...NOT FOUND
zimbra-core...NOT FOUND


License Terms for this Zimbra Collaboration Suite Software:

Do you agree with the terms of the software license agreement? [N] y

Checking for installable packages

Found zimbra-core
Found zimbra-ldap
Found zimbra-logger
Found zimbra-mta
Found zimbra-dnscache
Found zimbra-snmp
Found zimbra-store
Found zimbra-apache
Found zimbra-spell
Found zimbra-memcached
Found zimbra-proxy

Use Zimbra's package repository [Y] y
Configuring package repository

Select the packages to install

Install zimbra-ldap [Y] y

Install zimbra-logger [Y] y

Install zimbra-mta [Y] y

Install zimbra-dnscache [Y] n

Install zimbra-snmp [Y] y

Install zimbra-store [Y] y

Install zimbra-apache [Y] y

Install zimbra-spell [Y] y

Install zimbra-memcached [Y] y

Install zimbra-proxy [Y] y
Checking required space for zimbra-core
Checking space for zimbra-store
Checking required packages for zimbra-store
zimbra-store package check complete.


The system will be modified.  Continue? [N] y

Removing /opt/zimbra
Removing zimbra crontab entry...done.
Cleaning up zimbra init scripts...done.
Cleaning up /etc/security/limits.conf...done.

Finished removing Zimbra Collaboration Server.

Installing packages

Local packages  zimbra-core zimbra-ldap zimbra-logger zimbra-mta zimbra-snmp zimbra-store zimbra-apache zimbra-spell zimbra-proxy selected for installation
Monitor /tmp/install.log.4P2y60cn for package installation progress
Remote package installation started
Installing zimbra-core-components  zimbra-ldap-components zimbra-mta-components zimbra-snmp-components zimbra-store-components zimbra-apache-components zimbra-spell-components zimbra-memcached zimbra-proxy-components....
Local package installation started
Installing  zimbra-core zimbra-ldap zimbra-logger zimbra-mta zimbra-snmp zimbra-store zimbra-apache zimbra-spell zimbra-proxy...

Unescaped left brace in regex is deprecated, passed through in regex; marked by <-- HERE in m/\${ <-- HERE zimbra_home}/ at /opt/zimbra/libexec/ line 1514, <DATA> line 755.
Unescaped left brace in regex is deprecated, passed through in regex; marked by <-- HERE in m/\${ <-- HERE zimbra_home}/ at /opt/zimbra/libexec/ line 1557, <DATA> line 755.
Unescaped left brace in regex is deprecated, passed through in regex; marked by <-- HERE in m/\${ <-- HERE zimbra_home}/ at /opt/zimbra/libexec/ line 1686, <DATA> line 755.
Unescaped left brace in regex is deprecated, passed through in regex; marked by <-- HERE in m/\${ <-- HERE zimbra_home}/ at /opt/zimbra/libexec/ line 1727, <DATA> line 755.
Unescaped left brace in regex is deprecated, passed through in regex; marked by <-- HERE in m/\${ <-- HERE zimbra_home}/ at /opt/zimbra/libexec/ line 1736, <DATA> line 755.
Unescaped left brace in regex is deprecated, passed through in regex; marked by <-- HERE in m/\${ <-- HERE zimbra_home}/ at /opt/zimbra/libexec/ line 1745, <DATA> line 755.
Unescaped left brace in regex is deprecated, passed through in regex; marked by <-- HERE in m/\${ <-- HERE zimbra_home}/ at /opt/zimbra/libexec/ line 1754, <DATA> line 755.
Unescaped left brace in regex is deprecated, passed through in regex; marked by <-- HERE in m/\${ <-- HERE zimbra_home}/ at /opt/zimbra/libexec/ line 1763, <DATA> line 755.
Operations logged to /tmp/zmsetup.20160804-170455.log
Installing LDAP configuration database...done.
Setting defaults...

DNS ERROR resolving MX for
It is suggested that the domain name have an MX record configured in DNS
Re-Enter domain name? [Yes] yes
Create domain: []
MX: (

Interface: ::1
Checking for port conflicts

Main menu

1) Common Configuration:
2) zimbra-ldap:                                                 Enabled
3) zimbra-logger:                                              Enabled
4) zimbra-mta:                                                  Enabled
5) zimbra-snmp:                                               Enabled
6) zimbra-store:                                                Enabled
+Create Admin User:                                       yes
+Admin user to create:                          
******* +Admin Password                             UNSET
+Anti-virus quarantine user:                
+Enable automated spam training:                yes
+Spam training user:                              
+Non-spam(Ham) training user:          
+SMTP host:                                            
+Web server HTTP port:                                 8080
+Web server HTTPS port:                               8443
+Web server mode:                                           https
+IMAP server port:                                           7143
+IMAP server SSL port:                                   7993
+POP server port:                                              7110
+POP server SSL port:                                      7995
+Use spell check server:                                    yes
+Spell server URL:                                   
+Enable version update checks:                       TRUE
+Enable version update notifications:            TRUE
+Version update notification email:      
+Version update source email:               
+Install mailstore (service webapp):               yes
+Install UI (zimbra,zimbraAdmin webapps): yes

7) zimbra-spell:                                                   Enabled
8) zimbra-proxy:                                                 Enabled
9) Default Class of Service Configuration:
s) Save config to file
x) Expand menu
q) Quit

Address unconfigured (**) items  (? - help) 6

Now, you must configure the items marked with a couple of stars(****) in front of them.  As you see in the above output, the ‘admin password’ item is not configured. This item is found under Zimbra Store module, which is number 6. To setup the admin password, enter number 6.

Store configuration

1) Status: Enabled

2) Create Admin User: yes

3) Admin user to create:

** 4) Admin Password UNSET

5) Anti-virus quarantine user:

6) Enable automated spam training: yes

7) Spam training user:

8) Non-spam(Ham) training user:

9) SMTP host:

10) Web server HTTP port: 8080

11) Web server HTTPS port: 8443

12) Web server mode: https

13) IMAP server port: 7143

14) IMAP server SSL port: 7993

15) POP server port: 7110

16) POP server SSL port: 7995

17) Use spell check server: yes

18) Spell server URL:

19) Enable version update checks: TRUE

20) Enable version update notifications: TRUE

21) Version update notification email:

22) Version update source email:

23) Install mailstore (service webapp): yes

24) Install UI (zimbra,zimbraAdmin webapps): yes

Select, or 'r' for previous menu [r] 4

Now set password for the admin user.

Password for (min 6 characters): [gbjep4Py1] zimbra.123
Store configuration

1) Status:                                             Enabled
2) Create Admin User:                                  yes
3) Admin user to create:                     
4) Admin Password                                      set
5) Anti-virus quarantine user:               
6) Enable automated spam training:                  yes
7) Spam training user:                       
8) Non-spam(Ham) training user:           
9) SMTP host:                                
10) Web server HTTP port:                              8080
11) Web server HTTPS port:                             8443
12) Web server mode:                                   https
13) IMAP server port:                                  7143
14) IMAP server SSL port:                              7993
15) POP server port:                                   7110
16) POP server SSL port:                               7995
17) Use spell check server:                            yes
18) Spell server URL:                        
19) Enable version update checks:                      TRUE
20) Enable version update notifications:            TRUE
21) Version update notification email:      
22) Version update source email:             
23) Install mailstore (service webapp):                yes
24) Install UI (zimbra,zimbraAdmin webapps):  yes

Select, or 'r' for previous menu [r] r

Now, enter ‘r’ to return to previous menu.

Main menu

1) Common Configuration:
2) zimbra-ldap:                              Enabled
3) zimbra-logger:                            Enabled
4) zimbra-mta:                               Enabled
5) zimbra-snmp:                             Enabled
6) zimbra-store:                             Enabled
7) zimbra-spell:                             Enabled
8) zimbra-proxy:                            Enabled
9) Default Class of Service Configuration:
s) Save config to file
x) Expand menu
q) Quit

Configuration is complete now. Press ‘a’ to apply and type ‘yes’ to complete the setup.

*** CONFIGURATION COMPLETE - press 'a' to apply
Select from menu, or press 'a' to apply config (? - help) a
Save configuration data to a file? [Yes] yes
Save config in file: [/opt/zimbra/config.31029] Saving config in /opt/zimbra/config.31029...done.
The system will be modified - continue? [No] yes
Operations logged to /tmp/zmsetup.20160804-170455.log
Setting local config values...done.
Initializing core config...Setting up CA...done.
Deploying CA to /opt/zimbra/conf/ca ...done.
Creating SSL zimbra-store certificate...done.
Creating new zimbra-ldap SSL certificate...done.
Creating new zimbra-mta SSL certificate...done.
Creating new zimbra-proxy SSL certificate...done.
Installing mailboxd SSL certificates...done.
Installing MTA SSL certificates...done.
Installing LDAP SSL certificate...done.
Installing Proxy SSL certificate...done.
Initializing ldap...done.
Setting replication password...done.
Setting Postfix password...done.
Setting amavis password...done.
Setting nginx password...done.
Setting BES searcher password...done.
Creating server entry for
Setting Zimbra IP Mode...done.
Saving CA in ldap...done.
Saving SSL Certificate in ldap...done.
Setting spell check URL...done.
Setting service ports on
Setting zimbraFeatureTasksEnabled=TRUE...done.
Setting zimbraFeatureBriefcasesEnabled=TRUE...done.
Checking current setting of zimbraReverseProxyAvailableLookupTargets
Querying LDAP for other mailstores
Searching LDAP for reverseProxyLookupTargets...done.
Adding to zimbraReverseProxyAvailableLookupTargets
Setting TimeZone Preference...done.
Initializing mta config...done.
Setting services on
Adding to zimbraMailHostPool in default COS...done.
Creating domain
Setting default domain name...done.
Creating domain exists.
Creating admin account
Creating root alias...done.
Creating postmaster alias...done.
Creating user
Creating user
Creating user
Setting spam training and Anti-virus quarantine accounts...done.
Initializing store sql database...done.
Setting zimbraSmtpHostname for
Configuring SNMP...done.
Setting up syslog.conf...done.
Starting servers...done.
Installing common zimlets...
Finished installing common zimlets.
Restarting mailboxd...done.
Creating galsync account for default domain...done.

You have the option of notifying Zimbra of your installation.
This helps us to track the uptake of the Zimbra Collaboration Server.
The only information that will be transmitted is:
The VERSION of zcs installed (8.7.0_GA_1659_UBUNTU16_64)

Notify Zimbra of your installation? [Yes] Notifying Zimbra of installation via

Notification complete
Setting up zimbra crontab...done.
Moving /tmp/zmsetup.20160804-154559.log to /opt/zimbra/log
Configuration complete - press return to exit

Zimbra installation is now complete. Access admin console using your favorite web browser at

Zimbra Admin Login Page

Click 'Sign In', You will be redirected to Zimbra admin dashboard.

Zimbra Admin Dashboard

Access web console using your favorite web browser at

Zimbra Mailbox Login Page

Click 'Sign In', you will be inside admin mailbox.

Zimbra Mailbox Dashboard

You may get the following error while trying to access the above URLs.

Problem accessing ZCS upstream server. Reason: Cannot connect to the ZCS upstream server. Connection timeout.
Possible reasons:

upstream server is blocked by a firewall

upstream server is failing to send back the response in time

upstream server is down

Please contact your ZCS administrator to fix the problem.
Powered by Nginx-Zimbra://

Access the URL  using curl results in same 504 gateway time-out error

zimbra@mail:/root$ curl -I -k
HTTP/1.1 504 Gateway Time-out
Server: nginx
Date: Fri, 05 Aug 2016 01:45:12 GMT
Content-Type: text/html
Content-Length: 1193
Connection: keep-alive
ETag: "5760599a-4a9"

This is due to upstream server is taking more time than the configured timeout value and as a result client closed the upstream connection. Change the timeout values to a higher value. Execute the following two command to ignore failures that disconnects to mailbox servers and also to immediately reconnect to all mailbox server on any failure.

root@mail:~$ su zimbra
zimbra@mail:~$ cd /opt/zimbra/bin
zimbra@mail:~/bin$ ./zmprov mcf zimbraMailProxyReconnectTimeout 0
zimbra@mail:~/bin$ ./zmprov mcf zimbraMailProxyMaxFails 0

Restart proxies to regenerate the nginx config files with the updated values for 'fail_timeout' & 'max_fails'.

zimbra@mail:~/bin$ zmproxyctl restart

Stopping proxy...done.
Starting proxy...done.

Commands to Zimbra proxy timeout

Try to access the mail URL using CURL.

zimbra@mail:~/bin$ curl -I -k
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 05 Aug 2016 02:17:16 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 0
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Expires: -1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Language: en-US
Set-Cookie: ZM_TEST=true;Secure
Vary: User-Agent
X-UA-Compatible: IE=edge

Now you will be able to connect to the mail server .

4. Configure firewall

ZCS uses a lot of ports to offer its services. It is upon you to decide which services you want to restrict from public domain or which are offered to public. A full list of port number used by ZCS can be found here Lets say you want to access zimbra admin console from outside your network i.e from public domain then you are going to add the following  rules depending on which firewall you are using.

# sudo ufw allow 7071/tcp
# sudo iptables -A INPUT -m state --state NEW -p tcp --dport 7071 -j ACCEPT

By default you want open the following ports for public access.

25 80 110 143 443 465 587 993 995 3443 9071

Now start the firewall.

# service ufw enable
# service iptables start

5. Zimbra commands

You can control zimbra server using  command zmcontrol for starting/stopping zimbra server.

Stop the server using following command.

zimbra@mail:~$ zmcontrol stop

Stopping zmconfigd...Done.
Stopping zimlet webapp...Done.
Stopping zimbraAdmin webapp...Done.
Stopping zimbra webapp...Done.
Stopping service webapp...Done.
Stopping stats...Done.
Stopping mta...Done.
Stopping spell...Done.
Stopping snmp...Done.
Stopping cbpolicyd...Done.
Stopping archiving...Done.
Stopping opendkim...Done.
Stopping amavis...Done.
Stopping antivirus...Done.
Stopping antispam...Done.
Stopping proxy...Done.
Stopping memcached...Done.
Stopping mailbox...Done.
Stopping logger...Done.
Stopping dnscache...Done.
Stopping ldap...Done.

Start the server using following command.

root@mail:~# su zimbra
zimbra@mail:/root$ zmcontrol start

Starting ldap...Done.
Starting zmconfigd...Done.
Starting logger...Done.
Starting mailbox...Done.
Starting memcached...Done.
Starting proxy...Done.
Starting amavis...Done.
Starting antispam...Done.
Starting antivirus...Done.
Starting opendkim...Done.
Starting snmp...Done.
Starting spell...Done.
Starting mta...Done.
Starting stats...Done.
Starting service webapp...Done.
Starting zimbra webapp...Done.
Starting zimbraAdmin webapp...Done.
Starting zimlet webapp...Done.

Find the status of zimbra server.

zimbra@mail:/root$ zmcontrol status

amavis                   Running
antispam               Running
antivirus                Running
ldap                      Running
logger                    Running
mailbox                 Running
memcached           Running
mta                       Running
opendkim              Running
proxy                     Running
service webapp      Running
snmp                      Stopped
zmswatch is not running.
spell                     Running
stats                     Running
zimbra webapp       Running
zimbraAdmin webapp      Running
zimlet webapp           Running
zmconfigd               Running

zmbackup –  Takes full backups and incremental backups of mail host.
zmclamdctl – Start, stop and find the status of Clam AV.
zmlocalconfig – To set or get the local configuration of a Zimbra server for tuning zimbra.
zmloggerctl – Start, stop, reload and find the status of the Zimbra logger service.


Although zimbra comes with lot of features, it consumes a lot of server resources. So it is advisable to install it in a server that matches the basic requirements like at least 4GB RAM, 2GHz. processor speed etc. The advantages of using zimbra are many - zimbra is open source, it has powerful admin tool, reliable message threading, BES support, extends zimbras's functionality with zimlets, spam protection, virus protection and above all you are retaining the data. So whatever is the requirement for mail server in a business environment, zimbra is likely to deliver efficiently.

About Dwijadas Dey

Dwijadas Dey is working with GNU/Linux, Open source systems since 2005. Having avid follower of GNU/Linux, He believes in sharing and spreading the open source ideas to the targeted audience. Apart from freelancing he also writes for community. His current interest includes information and network security.

Author Archive Page

Have anything to say?

Your email address will not be published. Required fields are marked *

All comments are subject to moderation.

1 Comment

  1. Thank you very much, it was very useful.
    By the way, it only worked until I changed the file /etc/bind/db.x.x.x and replaced:

    NS mail..
    1 PTR localhost.

    I hope this helps.