{"id":203,"date":"2013-06-01T17:47:27","date_gmt":"2013-06-01T17:47:27","guid":{"rendered":"http:\/\/blog.shineservers.com\/?p=203"},"modified":"2013-06-01T17:47:27","modified_gmt":"2013-06-01T17:47:27","slug":"how-to-configure-zimbra-csf-great-zimbra-firewall-configuration","status":"publish","type":"post","link":"https:\/\/www.shineservers.com\/2013\/06\/01\/how-to-configure-zimbra-csf-great-zimbra-firewall-configuration\/","title":{"rendered":"How to configure Zimbra + CSF \u2013 Great Zimbra Firewall Configuration"},"content":{"rendered":"<p>CSF is one of the best opensource firewalls that using in most of the hosting servers like cPanel and Directadmin . Also it is one of the best firewall for installing <a href=\"http:\/\/zimbra.com\">Zimbra Mail server<\/a> . This documentation will help you to configure the CSF firewall in a Zimbra Standalone installation server.<\/p>\n<p>Before starting the installation , you may need to read the documentation available on http:\/\/wiki.zimbra.com\/wiki\/Ports , this will help you to get a quick understanding of ports that required to open in a Zimbra server.<\/p>\n<p><strong>Install CSF :<\/strong><\/p>\n<blockquote>\n<pre>rm -fv csf.tgz\nwget http:\/\/www.configserver.com\/free\/csf.tgz\ntar -xzf csf.tgz\ncd csf\nsh install.sh<\/pre>\n<\/blockquote>\n<pre>Next, test whether you have the required iptables modules:\n\nperl \/etc\/csf\/csftest.pl\n\nDon't worry if you cannot run all the features, so long as the script doesn't\nreport any FATAL errors\n\nAfter that open the CSF configuration and enable the following ports,<\/pre>\n<blockquote>\n<pre>TCP_IN = \"22,25,53,80,110,143,443,465,587,993,995,7071\"\nTCP_OUT = \"22,25,53,80,110,113,443,465,587,993,995,7071\"<\/pre>\n<\/blockquote>\n<p>Now you need to open the file <strong>\/etc\/csf\/csf.pignore<\/strong> and add the following zimbra packages paths.<\/p>\n<blockquote>\n<pre>exe:\/opt\/zimbra\/amavisd\/sbin\/amavisd\nexe:\/opt\/zimbra\/clamav\/bin\/freshclam\nexe:\/opt\/zimbra\/clamav\/sbin\/clamd\nexe:\/opt\/zimbra\/cyrus-sasl\/sbin\/saslauthd\nexe:\/opt\/zimbra\/httpd-2.4.3\/bin\/httpd\nexe:\/opt\/zimbra\/httpd\/bin\/rotatelogs\nexe:\/opt\/zimbra\/java\/bin\/java\nexe:\/opt\/zimbra\/libexec\/logswatch\nexe:\/opt\/zimbra\/libexec\/zmmailboxdmgr\nexe:\/opt\/zimbra\/mysql\/bin\/mysqld\nexe:\/opt\/zimbra\/opendkim\/sbin\/opendkim\nexe:\/opt\/zimbra\/openldap\/sbin\/slapd\nexe:\/opt\/zimbra\/postfix\/libexec\/master<\/pre>\n<\/blockquote>\n<p>This will help to white list these binaries in CSF<\/p>\n<p>Now you can start the CSF as follows and test it.<\/p>\n<blockquote>\n<pre># \/etc\/init.d\/csf start<\/pre>\n<\/blockquote>\n<p>You may need to test the mail server and its functionalities . After that you can disable the testing mode in csf.conf and reload CSF. You can also perform other generic CSF tweaks after that.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CSF is one of the best opensource firewalls that using in most of the hosting servers like cPanel and Directadmin . Also it is one of the best firewall for installing Zimbra Mail server . This documentation will help you to configure the CSF firewall in a Zimbra Standalone installation server. Before starting the installation [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[58,60],"tags":[89],"class_list":["post-203","post","type-post","status-publish","format-standard","hentry","category-cpanel-control-panel","category-linux","tag-how-to-configure-zimbra-csf-the-best-zimbra-firewall-configuration"],"acf":[],"aioseo_notices":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.shineservers.com\/wp-json\/wp\/v2\/posts\/203","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.shineservers.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.shineservers.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.shineservers.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.shineservers.com\/wp-json\/wp\/v2\/comments?post=203"}],"version-history":[{"count":0,"href":"https:\/\/www.shineservers.com\/wp-json\/wp\/v2\/posts\/203\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.shineservers.com\/wp-json\/wp\/v2\/media?parent=203"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.shineservers.com\/wp-json\/wp\/v2\/categories?post=203"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.shineservers.com\/wp-json\/wp\/v2\/tags?post=203"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}