CSF is one of the best opensource firewalls that using in most of the hosting servers like cPanel and Directadmin . Also it is one of the best firewall for installing Zimbra Mail server . This documentation will help you to configure the CSF firewall in a Zimbra Standalone installation server.
Before starting the installation , you may need to read the documentation available on http://wiki.zimbra.com/wiki/Ports , this will help you to get a quick understanding of ports that required to open in a Zimbra server.
Install CSF :
rm -fv csf.tgz
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh
Next, test whether you have the required iptables modules:
perl /etc/csf/csftest.pl
Don't worry if you cannot run all the features, so long as the script doesn't report any FATAL errors
After that open the CSF configuration and enable the following ports,
TCP_IN = "22,25,53,80,110,143,443,465,587,993,995,7071"
TCP_OUT = "22,25,53,80,110,113,443,465,587,993,995,7071"
Now you need to open the file /etc/csf/csf.pignore and add the following zimbra packages paths.
exe:/opt/zimbra/amavisd/sbin/amavisd exe:/opt/zimbra/clamav/bin/freshclam
exe:/opt/zimbra/cyrus-sasl/sbin/saslauthd exe:/opt/zimbra/clamav/sbin/clamd
exe:/opt/zimbra/httpd/bin/rotatelogs
exe:/opt/zimbra/httpd-x.x.x/bin/httpd
exe:/opt/zimbra/java/bin/java
exe:/opt/zimbra/mysql/bin/mysqld
exe:/opt/zimbra/libexec/logswatch
exe:/opt/zimbra/libexec/zmmailboxdmgr
exe:/opt/zimbra/postfix/libexec/master
exe:/opt/zimbra/opendkim/sbin/opendkim
exe:/opt/zimbra/openldap/sbin/slapd
This will help to white list these binaries in CSF
Now you can start the CSF as follows and test it.
# /etc/init.d/csf start
You may need to test the mail server and its functionalities . After that you can disable the testing mode in csf.conf and reload CSF. You can also perform other generic CSF tweaks after that.
Blogger Comment
Facebook Comment