Kali ini saya akan mencoba melakukan instalasi Zextras Carbonio Community Edition.
Di tutorial kali ini saya menggunakan Ubuntu 22.04
Disini saya menggunakan:
– Domain: warscloud.online
– IP: 103.152.233.108
Pre Configuration
Pointing record MX dan A
Jangan lupa untuk domain reverse nya juga (PTR)
Lakukan update & upgrade
sudo apt update && sudo apt upgrade -ySet hostname (FQDN)
sudo hostnamectl set-hostname mail.warscloud.onlineKonfigurasi /etc/hosts
sudo nano /etc/hostsSehingga menjadi seperti berikut
127.0.0.1 localhost
103.152.233.108 mail.warscloud.online mailLakukan pengecekan
dig mx warscloud.onlineOutput
; <<>> DiG 9.18.28-0ubuntu0.22.04.1-Ubuntu <<>> mx warscloud.online
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41637
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;warscloud.online. IN MX
;; ANSWER SECTION:
warscloud.online. 120 IN MX 0 mail.warscloud.online.
;; Query time: 27 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Sat Aug 24 15:47:09 UTC 2024
;; MSG SIZE rcvd: 66
Pengecekan PTR
nslookup 103.152.233.108Output
108.233.152.103.in-addr.arpa name = mail.warscloud.online.Reboot/Restart
sudo reboot nowInstalasi Repository
Isi form melalui link berikut untuk mendapatkan link repository dari zextras, nantinya script penambahan repo dikirim melalui email oleh zextras
https://zextras.com/carbonio-community-edition#discoverproduct
Lakukan penginstalan sesuai dengan instruksi yang terdapat pada email dari zextras
Instalasi
Download script instalasi
wget https://docs.zextras.com/carbonio-ce/html/_downloads/bed211d6fc1b9ca35f15be01eb9aa3fc/install_carbonio_ce_singleserver_ubuntu.shBerikan permission execute
sudo chmod +x install_carbonio_ce_singleserver_ubuntu.shJalankan script instalasi
sudo ./install_carbonio_ce_singleserver_ubuntu.shMaka proses instalasi akan berjalan, tunggu hingga muncul tampilan berikut
Masukkan IP publik
Ketika instalasi telah selesai akan muncul seperti ini
Simpan dan catat password
Post Configuration
Set password Zextras admin, jika pas zimbra untuk akun adminnya adalah [email protected] di Zextras Carbonio akun adminnya adalah [email protected]
Gunakan user root
su - zextraszmprov setpassword [email protected] PasswordBaruMasuk ke halaman webmail
https://mail.namadomain.com
atau
https://IPADDRESS
Masuk ke halaman web admin
https://mail.namadomain.com:6071
atau
https://IPADDRESS:6071
Install SSL Lets’Encrypt
Install certbot menggunakan snap
sudo snap install --classic certbotBuat symlink binary certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbotCek apakah cerbot sudah bisa digunakan
certbot --versionGenerate Certificate
certbot certonly --key-type rsa --preferred-chain "ISRG Root X1" -d mail.warscloud.onlineMaka akan muncul beberapa pertanyaan seperti berikut
Saving debug log to /var/log/letsencrypt/letsencrypt.log
How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Runs an HTTP server locally which serves the necessary validation files under
the /.well-known/acme-challenge/ request path. Suitable if there is no HTTP
server already running. HTTP challenge only (wildcards not supported).
(standalone)
2: Saves the necessary validation files to a .well-known/acme-challenge/
directory within the nominated webroot path. A seperate HTTP server must be
running and serving files from the webroot path. HTTP challenge only (wildcards
not supported). (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): [email protected]
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf. You must agree in
order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: n
Account registered.
Requesting a certificate for mail.warscloud.online
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/mail.warscloud.online/fullchain.pem
Key is saved at: /etc/letsencrypt/live/mail.warscloud.online/privkey.pem
This certificate expires on 2024-11-23.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Persiapan Deploy SSL
cp /etc/letsencrypt/live/mail.warscloud.online/privkey.pem /opt/zextras/ssl/carbonio/commercial/commercial.keycp /etc/letsencrypt/live/mail.warscloud.online/cert.pem /tmpcp /etc/letsencrypt/live/mail.warscloud.online/chain.pem /tmpwget -O /tmp/ISRG-X1.pem https://letsencrypt.org/certs/isrgrootx1.pem.txtcat /tmp/ISRG-X1.pem >> /tmp/chain.pemchown zextras:zextras /opt/zextras/ssl/carbonio/commercial/commercial.keyVerfikasi SSL
su - zextras -c 'zmcertmgr verifycrt comm /opt/zextras/ssl/carbonio/commercial/commercial.key /tmp/cert.pem /tmp/chain.pem'Output
** Verifying '/tmp/cert.pem' against '/opt/zextras/ssl/carbonio/commercial/commercial.key'
Certificate '/tmp/cert.pem' and private key '/opt/zextras/ssl/carbonio/commercial/commercial.key' match.
** Verifying '/tmp/cert.pem' against '/tmp/chain.pem'
Valid certificate chain: /tmp/cert.pem: OKPastikan hasil akhirnya OK, dan bisa lanjut deploy SSL
su - zextras -c 'zmcertmgr deploycrt comm /tmp/cert.pem /tmp/chain.pem'Restart Service Carbonio
su - zextras -c 'zmcontrol restart'Cek apakah sudah SSL sudah berhasil di install
Buat Record SFP, DKIM, DMARC
SPF Record
Kamu bisa menggunakan SPF Record yang spesifik terhadap IP mail server
v=spf1 ip4:103.152.233.108 -allAtau memasukkan opsi include jika domain/subdomain tersebut sudah memiliki SPF record juga
v=spf1 ip4:103.152.233.108 include:mail.warscloud.online include:warscloud.online -all
DKIM Record
Generate DKIM
su - zextras/opt/zextras/libexec/zmdkimkeyutil -a -d warscloud.online -s carbonioOpsi
-sdigunakan untuk memilih selector, jika tidak tanpa opsi-smaka akan dibuatkan secara random
Output
DKIM Data added to LDAP for domain warscloud.online with selector carbonio
Public signature to enter into DNS:
carbonio._domainkey IN TXT ( "v=DKIM1; k=rsa; "
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsPyMHiRX+lOIIS8b5Ppkyd/PHoCpXk+KsxJGnf2pnER5+dERluK9Z5zikFhDCVEMi8cRM60KzrDdcrHUGEYrKpKM+VyZ4TDEy039ywv7SuGTHDa93OWwM4oBcn1wL1CedskuIpyIcnZIoFHAj2S/l58Qv4MEzQLTlWaPCOMMvENR50XyxX9FFhbZ38kLIycfjU5rKh5jVZ6oBl"
"6kUe/CFxbUHC+OK+U40CFCx+BP+sC18a6AewduqjRzYp8fp+shRMnQCyAt4qCT1uSgRwNQHdhC6FqoFnOJqnaMlvuvfABAqA9u8dw0/pPQ1dwg3livYK47LV/9yojHdx7GN0b1CQIDAQAB" ) ; ----- DKIM key carbonio for warscloud.online
Jalankan perintah berikut untuk melakukan query untuk DKIM yang sudah di generate
/opt/zextras/libexec/zmdkimkeyutil -q -d warscloud.onlineOutput nya akan menghasilkan private key dan catatan/record DKIM
DKIM Domain:
warscloud.online
DKIM Selector:
carbonio
DKIM Private Key:
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA7n8AlnddG0GRGzJf1Tx74DF1IhT7u4k9xlZ5vF9z4U79txS
QmT7M7BeE2FJ09V8e3+Qh4wQ4BKhFR+I0C70eHZ4O3FXX9y+F5RzEdUu8hd5g7X
a1K9J0wB2bOS1zG0l8dYYpCe+3p/htf6wN1Ep2jQoGz0XtK0IGuM4ZV2gH7ik1k
TxmRz1I1H9D+Ml4CS+U4T7BtKk+H2FYs6lB7U8Hs/U8Qb8nG7n2w5FdV5k3ZX/l
WfJ8y0GRkxMQuCxMptJo9+ITct3L3vN62lvzPtdkh1R0Zk1GZn5M0JFtAyhP0Rc
k2yHhRU07UEpRmf5+73ztYQbhRY/pNf6KFn6vYQupFq8pRi36TE0hwjX19U9BAV
9wIDAQABAoIBABXyC4Sk8WKgUtMl3Gd7Lg9sZHp2B0M80nH2V9pkU0uP5nGvZTj
27HRklm2hr+h2N3B27SgWcFbp/Ar4dptBF2zU8DeUBYJED8SBmB8w6C9K2A/o/m
dZzD6D0Ki4j9F+x2eL7aNHlGkTWuLj3IKhktI/ULpTq6AsUSy3RjrlKjhr9EHpI
JxHnUyVR35ptTQx4rzwl+FhR7A1wK5KbH0QBCoB6lcbrJ2Tn3YgUkeXosG42FBJx
cAX7hzHjOES0RfMi65X1HlXo0m/X9oM/q5pMOAzw5Z5p/yOS/8tJPx4P1nThLNu
HnZCMQwQCRaaGg6OY2r7mpK1B3ShX4EHU4Ej6jXU8osZj/lKzRcnS+7+UTyb9ij
L/eRwwkAqTCkRX/q3HyCqz+nhUMKZhuLkEA1jN9Mws8Qk3BkDK1sdTrF6GNEQW
AmoDBlZZCwxVm4gtoK0hWQxDsut/ro3SuTovQHUMwDg1xEY96TwQ4k6kHvGdKiF
uZLZey/oGx0Egu7J34J8L4vN/XzqW3S5xZFFDAeC2O/0/oVYe7xi80m8Ub4/AqG
c22K8Y2jK2WqH4R09zhtH0mBxQvS3H7JcC/fvc0w4Knq8VVwE0w/E7EBQ2Ll96g
LgZ6W9c4aQ8ip2Z3j9rXoyGC7vFip9vXb++lx28d5bNcWuXodYY5L40Kz/hk/AD
b6EnyZlmNm2vHn7Rjt8Yv0D/cpEKIuSTN0pSo8NYmhK5OkeuoNPi3+xjG0IAyAk
YomC8Ad9KoF4OjwXwJ2A9zT5kvuj1H0KhTk7w9J54lU8cXgC7VzVJr+kF7U0qFb
W/di/Pg8D6D7bSVcQA6J+IXNf3MQn4hTCRIJAAw4rD3yGjUm9k/HRdCGAE7FxA2
/j+RDnbHtnH6ziidFZwN7uzKo6HBR27BzOshyQF6m6v/t8BSA3SO9gGUKby0l1c
jZoJ3EpHOVB4bHChN4cnJJZ6i8ZkKLXkFA1NGvL7jZAsTr0FhzUz14ZwwuqM7GZ
uF3FBqStHUm+gP+BZSVnJr9gYPHN1fNTiAVIAkIuC4U36EGvCySlYYCbdPt2s00
3zRC8HVPRj6gFjJK9jXoReyx80FQ3gC3S1Nm9A1/Tf/yE5H9nCEdHp3LZRZAkE3
n1zMJuChPqtwDDcFz8R0Zz5xIWuFif9BeZ5uUsZRu2bJ2dcmQMCWxuLPHVDM+4Q
EAnOaWJmKMN0V5UGwzzb8Kcdz5eE5GOGbL1n5rkQZ8prAQBL4/Oxn/n2wYYwGA5
Ml9LgY7pq2ZbkHpcmH9D5wUVbzV77GiUZZfFE1UoehncL2w9V/5T08R0aS+I1DB
yK5kFZyzGs4cNfOj8qehcJW5Q3LUBsI7EXLgrCBNxGUB5h6en1mF0sZR7HQnS1h
0SmbwUbmlQ9xXgTf/fblV3V4n9pXVk3kx+2aLXV4Ir8Ej7kAWOpx8O6CElE5wWT
Szw6KlzVZbO/Je3Z2zEpd+H5LtvpQwgyL29xxzJdZ2hS6eo1cMC7eYwACGDDTez
XtMZmUqfIRptdSKtF5HFlcCmAkQCfOeY5p5frqRZZ5vT8qD/BKP2l2ozCzQhwga
EYEAxQ5JrLO2n7WZWFurLkOjMijGvELwGnv4xF57dM7D1F6P5Z6Z/00DtT8DtdR
CDUpYkmbdD/Xn6TY4Wcn5wCRpCE1Mmwo3L0nGfNCMUfx9yE3cG9yL2dqvsgqk07
IK1c4BeAoH0L9uKXfbb1H3Tk5BmeFBsT/N09Omc3Pq2K6xjw3A1xKpDDBLpPfp5
FzAs7R76oETpY9G9AfE3s8G1KJDRKP/l+Eb1L/gYzjc0iBjfERLr5WZWrZ6qBhh
dEexbKDwdFZsC7D1tsIrjGKT5LKsk0A2hCkT+3kCB8R0Y44RmrYlGxdpuqPbnE5
yIlmBQlLk/qWzP5M7HVkPa0vGmVSc0nSJE1uFZy5Gy0esn0KT7ubRZfY8P4oF2j
YkwWpMk5JhpnW6H6z5IVkD0fbmn+fZP6Mj5JcSgM0s3DJTk9PLhSRf+zyKTkfjT
zpxJlZmCP6PAo1QGslxexyD7GyS2eV7DNkWV/wB/sojj68P+z2HzOoyZ8BZHk08
AkRvlKwcGxMEJlccw9K8MGAkRm5k63jtB24+a1b2P8QHCh7gkXYXJkeP4bhD+qO
akZC/cakktwpRUUbNugzLgB0fzLwM9QuWwXVpRlFhYXgZfD4zy+J07k/4iwDAF6
71HtkYb8NBs6R2dyzn/vXXS/qOYF1RM0bu8pLzCKYx2txkCkGn/Wzp8v8zkZSoD
EJh2o8p5ms7gjT5Q36k8T+cF16krCug0P8TzI/qC8KMkCgJEzKiKCF4FPBmhTnt
CCgOPJvAAYjH/1B4FcmwA7msolPZufY8S8Nh5DD2vIBcV8Qcq4FG1H1o4CD4ZkH
T+nNBGjRJ8eGHZ6kC9wD5sBhjLTqk88U0DksgRkpy9HTAANZ4T9U1P3GgK09O2
NmdTMcHDeKlRUuVpC4t4J7KICIIkYgGEXAMPLESIGNATURE
-----END RSA PRIVATE KEY-----
DKIM Public signature:
carbonio._domainkey IN TXT ( "v=DKIM1; k=rsa; "
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsPyMHiRX+lOIIS8b5Ppkyd/PHoCpXk+KsxJGnf2pnER5+dERluK9Z5zikFhDCVEMi8cRM60KzrDdcrHUGEYrKpKM+VyZ4TDEy039ywv7SuGTHDa93OWwM4oBcn1wL1CedskuIpyIcnZIoFHAj2S/l58Qv4MEzQLTlWaPCOMMvENR50XyxX9FFhbZ38kLIycfjU5rKh5jVZ6oBl"
"6kUe/CFxbUHC+OK+U40CFCx+BP+sC18a6AewduqjRzYp8fp+shRMnQCyAt4qCT1uSgRwNQHdhC6FqoFnOJqnaMlvuvfABAqA9u8dw0/pPQ1dwg3livYK47LV/9yojHdx7GN0b1CQIDAQAB" ) ; ----- DKIM key carbonio for warscloud.online
DKIM Identity:
warscloud.online
Perhatikan pada bagian DKIM Public signature:
Salin semua yang ada didalam () tanda kurung, dimulai dari "v=DKIM1; k=rsa; Sampai CQIDAQAB" salin dan tempel kedalam text editor seperti visual studio code atau notepad
Hapus semua tanda " kutip dan spasi yang ada pada key record atau setelah p= sehingga menjadi satu baris
Sehingga menjadi seperti berikut
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsPyMHiRX+lOIIS8b5Ppkyd/PHoCpXk+KsxJGnf2pnER5+dERluK9Z5zikFhDCVEMi8cRM60KzrDdcrHUGEYrKpKM+VyZ4TDEy039ywv7SuGTHDa93OWwM4oBcn1wL1CedskuIpyIcnZIoFHAj2S/l58Qv4MEzQLTlWaPCOMMvENR50XyxX9FFhbZ38kLIycfjU5rKh5jVZ6oBl6kUe/CFxbUHC+OK+U40CFCx+BP+sC18a6AewduqjRzYp8fp+shRMnQCyAt4qCT1uSgRwNQHdhC6FqoFnOJqnaMlvuvfABAqA9u8dw0/pPQ1dwg3livYK47LV/9yojHdx7GN0b1CQIDAQABSalin dan buatkan record di DNS sehingga seperti berikut, sesuaikan juga selector sesuai dengan yang telah kita definidikan diatas
Cek apakah penulisan dan DKIM sudah benar/valid melalui situs https://dkimcore.org/tools/
Pastekan Key Record lalu klik Check, Jika valid hasilnya akan seperti berikut
DMARC Record
DMARC Record adalah sebuah record yang menentukan kecocokan,laporan, dan aksi yang dijalankan
Berikut adalah Contoh Record DMARC mode Strick dan Relax.
Relax
v=DMARC1; p=quarantine; rua=mailto:[email protected]; ruf=mailto:[email protected]; sp=quarantine; adkim=r; aspf=r; pct=100Strict
v=DMARC1; p=reject; rua=mailto:[email protected]; adkim=s; aspf=s;Gunakan salah satu saja, untuk arti dari parameter-parameter yang ada pada DMARC Record bisa search di google atau ke chatgpt
Contoh disini saya akan menggunakan contoh DMARC yang Strict
Buatkan akun email [email protected] karena kita telah mendefinisikan pada DMARC Record, agar nantinya ketika ada laporan dari mail server lawan akan masuk ke email tersebut.
Coba lakukan pengiriman email sesama pengguna (Internal Server)
Contoh kali ini saya akan mengirim email dari akun [email protected] ke [email protected]
Troubleshoot
Mail Queue Tidak Tampil Setelah Mengganti Port SSH
Ketika kita mengganti port SSH dan membuka menu MTA mail queue tidak terdapat mail server kita dan ketika kita klik restart scan muncul notifikasi merah namun tidak memberikan keterangan apa-apa
Untuk mengatasi nya ikuti langkah berikut
su - zextraszmprov ms $(hostname -f) zimbraRemoteManagementPort 222Sesuaikan port yang ditandai warna orange dengan port yang saat ini digunakan
Refresh halaman carbonio admin atau logout-login
Hasil akhirnya adalah MTA mail queue sudah normal kembali
Sumber/referensi:
https://imanudin.com/2024/05/29/instalasi-zextras-carbonio-community-edition-ce-pada-ubuntu-22-04/
https://saad.web.id/2024/01/install-ssl-certificate-lets-encrypt-di-carbonio-ce/
https://imanudin.com/2023/07/10/zextras-carbonio-community-edition-ce-panduan-konfigurasi-dkim/
https://imanudin.com/2023/07/17/zextras-carbonio-community-edition-ce-panduan-konfigurasi-dmarc-domain-based-message-authentication-reporting-and-conformance/
