The greatest challenge to any thinker is stating the problem in a way that will allow a solution

Bertrand Russell

By

On 14 Jul 2011

Installation, Zimbra

Tags: , ,


Zimbra Collaboration Server (ZCS) is a replacement for Microsoft Exchange, and comes in a nice free open source edition (aka FOSS); and also a premium Network edition (which includes bells and whistles such as support, mobile active-sync, on-line backups, a MS Outlook connector, etc).

The last time I touched MS Exchange it was version 5.5, so I’m in no position to compare the two. I’m not going to make out ZCS is perfect either, but similarly I’ve overheard sys admins voicing plenty of gripes regarding MS Exchange so I doubt ZCS is any worse.  ZCS is in fact very slick in places, and has a healthy support forum to assist in any problems you may have – there are organisations that use FOSS in production (and plenty that use the paid for version as well).

Background

This covers the installation of ZCS on an Ubuntu server (running on a VMware ESX, but that’s not really important).  My server is on an internal private address range (192.168.1.0 / 24), which is NAT’ed to the outside world.  Which means this is a split-DNS set-up (see below for more on what that is).

DNS

Firstly, you need to own a public domain name, then get your ISP to create two DNS records…

  1. MX record – Mail Exchanger (MX) record
    • EG sandfordit.com [MX] -> mail.sandfordit.com
    • sandfordit.com is the domain you own, and mail is hostname of your email server (can be anything you like)
  2. A record– Standard DNS record
    • EG mail.sandfordit.com [A] -> 158.25.34.124
    • 158.25.34.124 is the static IP address assigned by your ISP. You’ll need to set-up a NAT on your router (often oddly called a virtual server in domestic routers) to map incoming mail on TCP 25 to your email server’s actual address (EG 158.25.34.124:25 -> 192.168.1.150:25 .

Note, instead of an A record you can use a CNAME record if you prefer, though obviously the CNAME record will still need to point to a valid A record. Using a CNAME might be preferable, if for example you’ve multiple services running from a single public IP, that you might want to split out in the future to run on separate IP’s, at which point you can replace the CNAME records with A records.   However, I’ve seen it mentioned that officially MX must only point to A records (pointing to CNAME records hasn’t caused me any problems in the past, but you never know).

Split DNS Setup

In order to get round the fact that your exchange server won’t have the same IP (or name even) on the public internet as it will on your internal network, your server needs some way of resolving DNS as if it was.  If your server will have the same IP address wherever its accessed from, ignore the rest of this section.  If it has a private address then you need to pay attention!

This example uses a DNS server is installed locally on the Zimbra server to provide MX record resolution.  Procedure assumes DNS (Bind) is already installed (use apt-get install bind9 to install).

Terminology…

  • Private = Home or internal network IP address and network name
    • EG 192.168.1.150 and mail.home.int
  • Public = Global internet, ISP assigned IP address and registered domain name
    • EG 158.25.34.124 and mail.sandfordit.com

Firstly, add the IP(‘s) of the DNS servers you use for resolution on your other machines to your local DNS server’s list of forwarders (so that your exchange server forwards DNS resolution requests for unknown names to your normal DNS servers), edit /etc/bind/named.conf.options

options {
        directory "/var/cache/bind";
        query-source address * port 53;

        forwarders {
                192.168.1.1; 158.25.30.10;
        };

        auth-nxdomain no;    # conform to RFC1035
};

Edit /etc/resolv.conf to force the server to use its local DNS server for resolution

nameserver 127.0.0.1

Restart bind using /etc/init.d/bind9 restart and check you can resolve external addresses properly.

Now create the internal zone that will eventually contain the local MX record for your exchange server, append the following to /etc/bind/named.conf.local , using your publicly registered domain name

zone "sandfordit.com"  {
    type master;
    file "/etc/bind/db.sandfordit.com";
};

Lastly create the database file for you DNS domain /etc/bind/db.sandfordit.com, using your publicly registered domain name and private (internal) IP address for your exchange server…

;
; BIND data file for sandfordit.com
;
$TTL    604800
@       IN      SOA     mail.sandfordit.com. admin.sandfordit.com. (
                         070725         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      mail
        IN      MX      10 mail
        IN      A       192.168.1.150
mail    IN      A       192.168.1.150

Zimba Install

I was very reliant on this page – take a look: http://wiki.zimbra.com/index.php?title=Ubuntu_8.04_LTS_Server_%28Hardy_Heron%29_Install_Guide

  1. Copy the install to the server
    • EG pscp zcs-6.0.5_GA_2213.UBUNTU8.20100202225756.tgz simons@mail:zcs-6.0.5_GA_2213.UBUNTU8.20100202225756.tgz
  2. Uncompress the package
    • tar -xzf zcs-6.0.5_GA_2213.UBUNTU8.20100202225756.tgz
  3. Start the install
    • ./install.sh
    • The install will fail due to missing packages!
  4. Install the missing prerequisite packages
    • EG apt-get install libpcre3 libgmp3c2 libstdc++5 sysstat
  5. Restart the install
  6. Part-way through the install will complain about your domain not having a DNS record, change the domain to your publicly registered domain (without server hostname, so sandfordit.com rather than mail.sandfordit.com
  7. At the end of the install, address the unconfigured item (ie an admin password)

Once the install is completed, login to administer the exchange server using https://mail:7071

To enforce https for Zimbra Desktop clients use the following commands (requires a restart to take effect)…

su - zimbra
zmtlsctl https

High CPU Workaround

Zimbra seems to have some real issues with constant high CPU spikes every minute, to limit reduce the logging retention and failed process checking.

su - zimbra
zmlocalconfig -e zmmtaconfig_interval=6000
zmprov mcf zimbraLogRawLifetime 7d
zmprov mcf zimbraLogSummaryLifetime 30d
/opt/zimbra/libexec/zmlogprocess

crontab -e
*/60 * * * * /opt/zimbra/libexec/zmstatuslog
  • zmlocalconfig -e zmmtaconfig_interval=6000
    • Increase service failure watchdog interval to 6000 secs

Above seems to help, but doesn’t fix things…!

Additionally, to disable the logging process, maybe (uncomplete)

su - zimbra
hostname                # Gives your server's hostname
zmprov ms <hostname> -zimbraServiceEnabled logger


Leave a Reply

XHTML: You can use these tags if you know what they are: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

ERROR: si-captcha.php plugin says GD image support not detected in PHP!

Contact your web host and ask them why GD image support is not enabled for PHP.

ERROR: si-captcha.php plugin says imagepng function not detected in PHP!

Contact your web host and ask them why imagepng function is not enabled for PHP.