Zimbra Collaboration Suite is a full-featured email and collaboration platform that includes email, calendaring, contacts, tasks, and document sharing. It provides both a web-based client and support for standard protocols like IMAP, POP3, and SMTP, making it a solid self-hosted alternative to commercial email services. This guide walks through a complete installation of the Zimbra open-source edition on Ubuntu 24.04 LTS, from DNS preparation through to securing the server and creating user accounts.
Prerequisites
Before starting the Zimbra Collaboration Suite installation on Ubuntu 24.04, confirm that you have the following in place:
- A server running Ubuntu 24.04 LTS with at least 8 GB RAM (16 GB recommended), 4 CPU cores, and 25 GB free disk space
- Root or sudo access to the server
- A registered domain name with access to manage DNS records
- A public IP address assigned to the server
- DNS A record pointing the mail hostname (e.g.
mail.example.com) to the server IP - DNS MX record for the domain pointing to the mail hostname
- Ports 25, 80, 110, 143, 443, 465, 587, 993, 995, 7071 open on any upstream firewall
Throughout this guide, we use example.com as the domain and mail.example.com as the mail server FQDN with IP 192.168.10.50. Replace these with your actual values.
Step 1: Configure DNS Records for Zimbra
Zimbra requires proper DNS configuration to send and receive email. At minimum, you need an A record and an MX record. Create these records in your DNS provider’s control panel or on your own PowerDNS server.
| Record Type | Name | Value |
|---|---|---|
| A | mail.example.com | 192.168.10.50 |
| MX | example.com | mail.example.com (priority 10) |
Verify the DNS records are resolving correctly before proceeding.
$ dig A mail.example.com +short
192.168.10.50
$ dig MX example.com +short
10 mail.example.com.If the records are not returning the expected values, wait for DNS propagation or check your DNS zone configuration. Zimbra installation will fail if MX records are not properly set.
Step 2: Set Hostname and Update /etc/hosts
The server hostname must match the FQDN you configured in DNS. Set it with hostnamectl.
sudo hostnamectl set-hostname mail.example.comUpdate /etc/hosts to map the server IP to the FQDN. Open the file for editing.
sudo vim /etc/hostsAdd the following line (replace with your server IP and hostname):
192.168.10.50 mail.example.com mailVerify the hostname resolves correctly.
$ hostname -f
mail.example.comStep 3: Update Ubuntu and Install Dependencies
Update the package index and upgrade all installed packages to the latest versions.
sudo apt update && sudo apt -y full-upgradeReboot if a kernel update was applied.
[ -f /var/run/reboot-required ] && sudo reboot -fInstall the required dependency packages for Zimbra.
sudo apt -y install wget curl gnupg2 apt-transport-https software-properties-common \
net-tools dnsutils libidn11 libpcre3 libgmp10 libexpat1 libstdc++6 \
libperl5.38 libaio1t64 resolvconf unzip pax sysstat sqlite3 netcat-openbsdDisable systemd-resolved (required)
Zimbra ships its own DNS cache and requires port 53 to be free. Ubuntu 24.04 runs systemd-resolved by default, which binds to port 53. Disable it.
sudo systemctl disable --now systemd-resolvedRemove the symlink that systemd-resolved manages and create a static resolv.conf with your preferred DNS server.
sudo rm -f /etc/resolv.conf
echo "nameserver 8.8.8.8" | sudo tee /etc/resolv.conf
echo "nameserver 1.1.1.1" | sudo tee -a /etc/resolv.confDisable Postfix if installed
Zimbra includes its own Postfix MTA. If the system has Postfix already installed, stop and remove it to avoid port conflicts.
sudo systemctl disable --now postfix 2>/dev/null
sudo apt -y purge postfix 2>/dev/nullStep 4: Download Zimbra Collaboration Suite Installer
The Zimbra open-source edition community builds are available from third-party maintainers. Zextras provides builds that are compatible with Ubuntu 24.04. Download the latest Zimbra release archive.
cd /tmp
wget https://files.zimbra.com/downloads/10.1.4/zcs-10.1.4_GA_4680.UBUNTU24_64.20250305121939.tgzIf the link above is outdated, visit the Zimbra downloads page to get the latest URL for Ubuntu 24.04. Extract the downloaded archive.
tar xvf zcs-*.tgzNavigate into the extracted directory.
cd zcs-*/Step 5: Run the Zimbra Install Script
Start the Zimbra installation by running the included install script.
sudo ./install.shAccept the license agreement when prompted.
Do you agree with the terms of the software license agreement? [N] YSelect the packages to install. Accept the defaults for most packages. Decline zimbra-dnscache if you have your own DNS resolver, and decline zimbra-imapd unless you specifically need it.
Use Zimbra's package repository [Y] Y
Select the packages to install
Install zimbra-ldap [Y] Y
Install zimbra-logger [Y] Y
Install zimbra-mta [Y] Y
Install zimbra-dnscache [Y] N
Install zimbra-snmp [Y] Y
Install zimbra-store [Y] Y
Install zimbra-apache [Y] Y
Install zimbra-spell [Y] Y
Install zimbra-memcached [Y] Y
Install zimbra-proxy [Y] YConfirm the installation when prompted.
The system will be modified. Continue? [N] YThe installer will download and install all selected packages. This takes 10-20 minutes depending on your server speed and network connection.
Step 6: Configure Admin Password and Domain
After package installation completes, the installer presents a configuration menu. If your DNS MX record does not resolve to the hostname directly, you may see a prompt to change the domain name.
DNS ERROR resolving MX for mail.example.com
It is suggested that the domain name have an MX record configured in DNS
Change domain name? [Yes] Yes
Create domain: [mail.example.com] example.comSet the domain to your base domain (e.g. example.com), not the mail server hostname. The main configuration menu appears next. The admin password is marked as UNSET and must be configured before the installation can proceed.
Main menu
1) Common Configuration:
2) zimbra-ldap: Enabled
3) zimbra-logger: Enabled
4) zimbra-mta: Enabled
5) zimbra-snmp: Enabled
6) zimbra-store: Enabled
+Create Admin User: yes
+Admin user to create: [email protected]
******* +Admin Password UNSET
7) zimbra-spell: Enabled
8) zimbra-proxy: Enabled
9) Default Class of Service Configuration:
s) Save config to file
x) Expand menu
q) Quit
Address unconfigured (**) items (? - help) 6Enter 6 to open the zimbra-store configuration, then select option 4 to set the admin password.
Store configuration
1) Status: Enabled
2) Create Admin User: yes
3) Admin user to create: [email protected]
** 4) Admin Password UNSET
5) Anti-virus quarantine user: [email protected]
Select, or 'r' for previous menu [r] 4
Password for [email protected] (min 6 characters): [random] Str0ngP@ssw0rd!After setting the password, press r to return to the main menu. Then press a to apply the configuration.
Select from menu, or press 'a' to apply config (? - help) a
Save configuration data to a file? [Yes] Yes
Save config in file: [/opt/zimbra/config.28045]
Saving config in /opt/zimbra/config.28045...done.
The system will be modified - continue? [No] YesZimbra will now apply all configuration settings, initialize the LDAP directory, configure Postfix, set up the mailbox store, and start all services. This process takes 5-15 minutes. When finished, you will see:
Configuration complete - press return to exitStep 7: Verify Zimbra Services
After installation completes, check the status of all Zimbra services. All commands that manage Zimbra are run as the zimbra system user.
$ sudo su - zimbra -c "zmcontrol status"
Host mail.example.com
amavis Running
antispam Running
antivirus Running
ldap Running
logger Running
mailbox Running
memcached Running
mta Running
opendkim Running
proxy Running
service webapp Running
snmp Running
spell Running
stats Running
zimbra webapp Running
zimbraAdmin webapp Running
zimlet webapp Running
zmconfigd RunningConfirm the installed version.
$ sudo su - zimbra -c "zmcontrol -v"
Release 10.1.4_GA_4680.UBUNTU24_64 UBUNTU24_64 FOSS edition.All services should show “Running”. If any service fails to start, check /opt/zimbra/log/ for detailed error messages.
Step 8: Access the Zimbra Web Admin Console
The Zimbra Admin Console runs on port 7071 over HTTPS. Open it in your browser.
https://mail.example.com:7071Log in with the username [email protected] and the password you set during installation. Your browser will show a certificate warning since Zimbra uses a self-signed certificate by default – accept it to proceed. The admin console is where you manage domains, accounts, distribution lists, and server settings.
Step 9: Access the Zimbra Webmail Client
The webmail interface is available on port 443 (standard HTTPS).
https://mail.example.comUsers log in with their full email address and password. The web client provides email, calendar, contacts, tasks, and file sharing from the browser.
After logging in, the main email dashboard loads with the inbox, calendar sidebar, and quick access to other collaboration tools.
Step 10: Configure Firewall Ports for Zimbra
Ubuntu 24.04 uses UFW (Uncomplicated Firewall) by default. Open all the ports required by Zimbra for email delivery and web access. For a more detailed breakdown, see our guide on Zimbra firewall configuration with UFW.
sudo ufw allow 25/tcp # SMTP
sudo ufw allow 80/tcp # HTTP (Let's Encrypt verification)
sudo ufw allow 110/tcp # POP3
sudo ufw allow 143/tcp # IMAP
sudo ufw allow 443/tcp # HTTPS (webmail)
sudo ufw allow 465/tcp # SMTPS
sudo ufw allow 587/tcp # SMTP submission
sudo ufw allow 993/tcp # IMAPS
sudo ufw allow 995/tcp # POP3S
sudo ufw allow 7071/tcp # Admin consoleEnable UFW if it is not already active.
sudo ufw enableVerify the rules are applied.
$ sudo ufw status
Status: active
To Action From
-- ------ ----
25/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
110/tcp ALLOW Anywhere
143/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
465/tcp ALLOW Anywhere
587/tcp ALLOW Anywhere
993/tcp ALLOW Anywhere
995/tcp ALLOW Anywhere
7071/tcp ALLOW AnywhereStep 11: Configure DNS Records for Mail Delivery
For your Zimbra server to send and receive email reliably, additional DNS records are needed beyond the basic A and MX records. Without these, outgoing mail will likely be rejected or flagged as spam by receiving servers.
Reverse DNS (PTR Record)
Contact your hosting provider or ISP to set a PTR record for your server IP that resolves back to mail.example.com. Most email servers verify that the sending IP has a valid reverse DNS entry.
SPF Record
An SPF (Sender Policy Framework) record tells receiving mail servers which IP addresses are authorized to send email for your domain. Add a TXT record in your DNS zone.
example.com. IN TXT "v=spf1 mx ip4:192.168.10.50 -all"This record authorizes your MX server and the specific IP to send mail, and tells other servers to reject (-all) mail from any other source claiming to be from your domain.
DKIM Record
DKIM (DomainKeys Identified Mail) adds a cryptographic signature to outgoing emails. Zimbra generates DKIM keys automatically. Retrieve the DKIM public key data.
sudo su - zimbra -c "/opt/zimbra/libexec/zmdkimkeyutil -a -d example.com"The output contains the DKIM selector and the public key. It looks like this:
DKIM Data added to LDAP for domain example.com with selector ABCD1234-5678-EFGH
Public signature to enter into DNS:
ABCD1234-5678-EFGH._domainkey IN TXT ( "v=DKIM1; k=rsa; "
"p=MIIBIjANBgkqhki..." )Create a TXT record in your DNS using the selector and key value from the output. The record name follows the format selector._domainkey.example.com.
DMARC Record
DMARC (Domain-based Message Authentication, Reporting and Conformance) ties SPF and DKIM together and tells receiving servers what to do with email that fails authentication checks. Add a TXT record.
_dmarc.example.com. IN TXT "v=DMARC1; p=quarantine; rua=mailto:[email protected]; pct=100"This policy instructs receiving servers to quarantine (send to spam) messages that fail both SPF and DKIM checks, and send aggregate reports to the specified email address. Once you have confirmed everything works, you can change the policy from quarantine to reject for stronger protection.
Step 12: Managing Domains and User Accounts
Zimbra supports hosting multiple domains on a single server. You can manage domains and accounts from both the web admin console and the command line.
Add a new domain
From the Admin Console (port 7071), navigate to “Configure” then “Domains” and click “New”. Enter the domain name and configure the settings. Alternatively, use the command line.
sudo su - zimbra -c "zmprov createDomain newdomain.com zimbraAuthMech zimbra"Verify the domain was created.
$ sudo su - zimbra -c "zmprov getAllDomains"
example.com
newdomain.com
Create user accounts
Add a new user account from the Admin Console under “Manage” then “Accounts” then “New”. Fill in the account name, display name, and password. From the CLI, run the following command.
sudo su - zimbra -c "zmprov createAccount [email protected] 'UserP@ssw0rd' displayName 'John Doe'"List all accounts on the server.
$ sudo su - zimbra -c "zmprov -l getAllAccounts"
[email protected]
[email protected]For managing distribution lists on Zimbra, you can create mailing lists that deliver to multiple recipients from both the admin console and CLI.
Step 13: Install SSL Certificate with Let’s Encrypt
The self-signed certificate that Zimbra installs by default causes browser warnings and may cause email clients to reject the connection. Replace it with a free Let’s Encrypt certificate. First, install Certbot.
sudo apt -y install certbotZimbra’s proxy listens on ports 80 and 443, so stop it temporarily to allow Certbot to use standalone mode for domain verification.
sudo su - zimbra -c "zmproxyctl stop"
sudo su - zimbra -c "zmmailboxdctl stop"Request the certificate.
sudo certbot certonly --standalone -d mail.example.comCertbot saves the certificate files under /etc/letsencrypt/live/mail.example.com/. Now prepare the certificate chain for Zimbra. Copy the files to a working directory.
sudo mkdir -p /opt/zimbra/ssl/letsencrypt
sudo cp /etc/letsencrypt/live/mail.example.com/privkey.pem /opt/zimbra/ssl/letsencrypt/
sudo cp /etc/letsencrypt/live/mail.example.com/cert.pem /opt/zimbra/ssl/letsencrypt/
sudo cp /etc/letsencrypt/live/mail.example.com/chain.pem /opt/zimbra/ssl/letsencrypt/
sudo chown -R zimbra:zimbra /opt/zimbra/ssl/letsencrypt/Verify the certificate.
sudo su - zimbra -c "/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/letsencrypt/privkey.pem /opt/zimbra/ssl/letsencrypt/cert.pem /opt/zimbra/ssl/letsencrypt/chain.pem"If verification passes, deploy the certificate.
sudo cp /opt/zimbra/ssl/letsencrypt/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key
sudo chown zimbra:zimbra /opt/zimbra/ssl/zimbra/commercial/commercial.key
sudo su - zimbra -c "/opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/ssl/letsencrypt/cert.pem /opt/zimbra/ssl/letsencrypt/chain.pem"Restart all Zimbra services to load the new certificate.
sudo su - zimbra -c "zmcontrol restart"For a more detailed walkthrough including auto-renewal setup, see Secure Zimbra Server with Let’s Encrypt SSL Certificate.
Step 14: Set Up Zimbra Backup with zmbackup
Zimbra includes built-in backup tools, but for the open-source edition, zmbackup is a popular community tool that provides full and incremental backups of accounts, including mailbox data, contacts, calendars, and filters. Install zmbackup from GitHub.
sudo apt -y install git ldap-utils
cd /tmp
git clone https://github.com/zmbackup/zmbackup.git
cd zmbackup
sudo ./install.shDuring installation, zmbackup asks for the Zimbra admin email, LDAP password, and backup directory. The LDAP password can be retrieved with the following command.
sudo su - zimbra -c "zmlocalconfig -s zimbra_ldap_password"After installation, run a full backup.
sudo su - zimbra -c "zmbackup -f"List available backups.
$ sudo su - zimbra -c "zmbackup -l"
+---------------------------+---------+----------------------------+
| Session | Type | Date |
+---------------------------+---------+----------------------------+
| full-20260319120000 | Full | 2026-03-19 12:00:00 |
+---------------------------+---------+----------------------------+Schedule daily incremental and weekly full backups using cron. Switch to the zimbra user and edit the crontab.
sudo su - zimbra -c "crontab -e"Add the following entries:
# Full backup every Sunday at 1:00 AM
0 1 * * 0 /opt/zimbra/bin/zmbackup -f
# Incremental backup every day at 1:00 AM (except Sunday)
0 1 * * 1-6 /opt/zimbra/bin/zmbackup -iTo restore an account from backup, use the restore flag. This is useful when restoring Zimbra LDAP or mailbox data from backup.
sudo su - zimbra -c "zmbackup -r -a [email protected]"Step 15: Configure Spam Filtering
Zimbra includes Amavis, SpamAssassin, and ClamAV for spam and virus filtering out of the box. Fine-tune spam handling by adjusting the spam kill score and subject tag.
sudo su - zimbra -c "zmprov modifyConfig zimbraSpamKillPercent 75"
sudo su - zimbra -c "zmprov modifyConfig zimbraSpamTagPercent 33"
sudo su - zimbra -c "zmprov modifyConfig zimbraSpamSubjectTag '[SPAM]'"Train the spam filter by feeding it known spam and ham (legitimate) messages. Zimbra automatically trains the filter when users move messages to their Junk folder or out of it. For manual training, use the following.
sudo su - zimbra -c "zmtrainsa --spam /opt/zimbra/data/amavisd/.spamassassin/spam/"
sudo su - zimbra -c "zmtrainsa --ham /opt/zimbra/data/amavisd/.spamassassin/ham/"You can also configure whitelist and blacklist rules in Zimbra Amavis to fine-tune which senders bypass or trigger spam filtering.
Useful Zimbra Administration Commands
Here are common commands for managing your Zimbra server. All commands run as the zimbra user.
| Command | Description |
|---|---|
zmcontrol status | Show status of all Zimbra services |
zmcontrol restart | Restart all Zimbra services |
zmcontrol stop | Stop all Zimbra services |
zmcontrol start | Start all Zimbra services |
zmprov getAllAccounts | List all user accounts |
zmprov getAllDomains | List all configured domains |
zmprov setAccountPassword [email protected] newpass | Reset a user password |
zmprov deleteAccount [email protected] | Delete a user account |
zmcertmgr viewdeployedcrt | View the currently deployed SSL certificate |
zmmailboxdctl restart | Restart the mailbox service |
zmtlsctl https | Force HTTPS for web access |
Switch to the zimbra user before running these commands.
sudo su - zimbraConclusion
Zimbra Collaboration Suite is now installed and running on Ubuntu 24.04 with DNS records configured, the admin console and webmail accessible, SSL secured with Let’s Encrypt, and backups automated. For a production deployment, consider setting up Zimbra monitoring with Grafana and Telegraf, implementing rate limiting on SMTP, and replicating your LDAP directory for high availability.
Related Guides
- Secure Zimbra Server with Let’s Encrypt SSL Certificate
- Zimbra Firewall Configuration with Ufw and Firewalld
- How To Restore Zimbra LDAP database from Backup
- Import Mail accounts from one server to another using Imapsync
- Configure whitelist and blacklist Zimbra Amavis Spam filtering
