How to configure Zimbra + CSF – The Best Zimbra Firewall Configuration

CSF is one of the best opensource firewalls that using in most of the hosting servers like cPanel and Directadmin . Also it is one of the best firewall for installing Zimbra Mail server . This documentation will help you to configure the CSF firewall in a Zimbra Standalone installation server.

Before starting the installation , you may need to read the documentation available on , this will help you to get a quick understanding of ports that required to open in a Zimbra server.

Install CSF :

You can download CSF from and install it . After that open the CSF configuration and enable the following ports,

TCP_IN = "22,25,53,80,110,143,443,465,587,993,995,7071"
TCP_OUT = "22,25,53,80,110,113,443,465,587,993,995,7071"

Now you need to open the file /etc/csf/csf.pignore and add the following zimbra packages paths.


This will help to white list these binaries in CSF

Now you can start the CSF as follows and test it.

# /etc/init.d/csf start

You may need to test the mail server and its functionalities . After that you can disable the testing mode in csf.conf and reload CSF. You can also perform other generic CSF tweaks after that.

Syslint Technologies provide all sort of Zimbra Technical Support and management services.

How to install mod_evasive in cPanel server

Please follow the procedure given below to install and configure  mod_evasive in  cPanel server with apache 2.2.

Download the   latest source file from

# cd /usr/local/src/
# wget /blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz
# tar -xvzf mod_evasive_1.10.1.tar.gz
# cd mod_evasive/
# /usr/local/apache/bin/apxs -cia mod_evasive20.c

Now create a file named  /usr/local/apache/conf/mod_evasive.conf and add the following lines

# cat /usr/local/apache/conf/mod_evasive.conf
LoadModule evasive20_module   modules/
<IfModule mod_evasive20.c>
DOSHashTableSize    3097
DOSPageCount        2
DOSSiteCount        50
DOSPageInterval     1
DOSSiteInterval     1
DOSBlockingPeriod   10

Now include the above file inside  /usr/local/apache/conf/includes/pre_main_global.conf

Include "/usr/local/apache/conf/mod_evasive.conf"

Now rebuild httpd.conf


Now restart apache

/scripts/restartsrv httpd