Powered by Blogger.

How to configure Zimbra + CSF – Great Zimbra Firewall Configuration

CSF is one of the best opensource firewalls that using in most of the hosting servers like cPanel and Directadmin . Also it is one of the best firewall for installing Zimbra Mail server . This documentation will help you to configure the CSF firewall in a Zimbra Standalone installation server.

Before starting the installation , you may need to read the documentation available on http://wiki.zimbra.com/wiki/Ports , this will help you to get a quick understanding of ports that required to open in a Zimbra server.

Install CSF :

rm -fv csf.tgz 
wget https://download.configserver.com/csf.tgz 
tar -xzf csf.tgz 
cd csf 
sh install.sh 

Next, test whether you have the required iptables modules: 

perl /etc/csf/csftest.pl 

Don't worry if you cannot run all the features, so long as the script doesn't report any FATAL errors 

After that open the CSF configuration and enable the following ports, 

TCP_IN = "22,25,53,80,110,143,443,465,587,993,995,7071" 

TCP_OUT = "22,25,53,80,110,113,443,465,587,993,995,7071" 

Now you need to open the file /etc/csf/csf.pignore and add the following zimbra packages paths.

exe:/opt/zimbra/amavisd/sbin/amavisd exe:/opt/zimbra/clamav/bin/freshclam 
exe:/opt/zimbra/cyrus-sasl/sbin/saslauthd exe:/opt/zimbra/clamav/sbin/clamd 

This will help to white list these binaries in CSF

Now you can start the CSF as follows and test it.

# /etc/init.d/csf start

You may need to test the mail server and its functionalities . After that you can disable the testing mode in csf.conf and reload CSF. You can also perform other generic CSF tweaks after that.
    Blogger Comment
    Facebook Comment