Here few tips & tricks based on our Zimbra experience.
SNMP package is optional, and if you want to use it, you need to install on all servers, i decide to not use it.
In case that you need to reinstall the zm packages use
./install.sh –-platform-override
make sure during the zm installation to check if all password are correctly setted and the same at both server.
If you will not setup zimbra configuration correctly you will not be notify to apply configurations in a multiserver envirorment, so check all settings to make smoothly the connections between master and replica.
If you cant apply configuration on the replica server, and LDAP connections work correctly, go on the master LDAP server, as a Zimbra user, type:
/opt/zimbra/libexec/zmldapenablereplica
If you can’t apply configuration because doesn’t show [a] for apply it mean that doesn’t have connection with the other server, or you did’t complete the setup configuration so check all parameters.
After apply configuration you will be asked to save in a conf file, Save config in file: [/opt/zimbra/config.”numbers”] inside that you will find the actual running configuration. Check Timezone on both server and check password on master to be the same on replica
zmlocalconfig -s ldap_replication_password
Important: If you have installed Zimbra MTA on the LDAP server, configure the Amavis and the Postfix passwords.
To find these values, run:
zmlocalconfig -s ldap_amavis_password zmlocalconfig -s ldap_postfix_password zmlocalconfig -s ldap_nginx_password
Use ‘’ for insert the value and to change those value use:
zmlocalconfig -e ldap_nginx_password=’newvalue’
Other password value in zimbra:
antispam_mysql_password antispam_mysql_root_password client_ssl_truststore_password ldap_amavis_password ldap_bes_searcher_password ldap_postfix_password ldap_replication_password ldap_root_password ldap_nginx_password mailbox_keystore_base_password mailbox_keystore_password mailbox_truststore_password mysql_root_password zimbra_ldap_password zimbra_mysql_password zimbra_vami_password
Note: Execution of ‘zmlocalconfig’ without argument shows present Zimbra configuration parameters and values. To see the local config, type:
zmlocalconfig
To check services status use as zimbra user:
zmcontrol (followed by) status start restart stop
To configure proxy use as zimbra user on both servers:
/opt/zimbra/libexec/zmproxyconfig -e -w -H zimbra1.demo.local
on the other
/opt/zimbra/libexec/zmproxyconfig -e -w -H zimbra2.demo.local
In this folder /opt/zimbra/libexec/ are saved all command of zimbra user, than if you search inside you will find the names of the commands and you can also use man to check the commands helps.
Firewall Configuration should be set to No firewall, and the Security Enhanced Linux (SELinux) should be disabled if you don’t know how to hardening.
Postfix | 25 |
HTTP | 80 |
POP3 | 110 |
IMAP | 143 |
LDAP | 389 |
HTTPS | 443 |
Tomcat IMAP SSL | 993 |
Tomcat POP SSL | 995 |
Tomcat LMTP | 7025 |
GAL Attributes in Zimbra
Two possible sources for GAL information are the Zimbra server and the Active Directory server. The relevant LDAP/Active Directory fields are referenced in the Zimbra schema under the same names as listed in the Active Directory schema.
LDAP Mapped Attributes table maps generic GAL search attributes to their Zimbra contact fields.
Like authentication, GAL is configured on a per-domain basis. From the administration console, you can run the GAL Configuration Wizard to configure the domain’s attributes.
The OpenLDAP directory should not be modified directly. Any additions, changes and deletions are made through the Zimbra administration console or from the CLI utility for provisioning, zmprov.
Users modify attributes for their entry (accounts) in the OpenLDAP directory when they change their options from the Zimbra Web Client.
Administrators can also modify LDAP attributes using the command-line tools described in Appendix A: Command-Line Utilities.
Important: Do not use any LDAP browsers to change the Zimbra LDAP content.
When you run the install script, the Zimbra install verifies that the correct prerequisite packages are installed.
Zimbra Core installs the libraries, utilities, and monitoring tools.
Zimbra LDAP installs the OpenLDAP software, an open source LDAP directory services.
Zimbra MTA installs the Postfix open source MTA, the Clam AntiVirus antivirus engine, the SpamAssassin junk mail filter, and the Amavisd-New content filter.
Zimbra Store installs the mailbox server, including Apache Tomcat, the servlet container for the Zimbra server.
Zimbra Spell installs the Aspell open source spelling checker. When Zimbra spell is installed, Zimbra-Apache is also installed.
Zimbra SNMP installs the SNMP package for monitoring. This package is optional.
Zimbra Logger installs tools for syslog aggregation, reporting, and message tracing.
The Zimbra server configuration is menu driven. The installation menu shows you the default configuration values. The menu displays the logical host name and email domain name [mailhost.example.com] as configured on the computer. You can change any of the values. For single server installs, the only value you must define is the administrator’s password. The password is used to log on to the Zimbra administration console.
The default configuration installs the Zimbra-LDAP, the Zimbra-MTA with anti-virus and anti-spam protection, the Zimbra mailbox server, the SNMP monitoring tools (optional), Zimbra-spell (optional), and the logger tool (optional), on one server.
The menu driven installation displays the components and their existing default values. During the installation process you can modify the information.
The table below describes the menu options
Description
–config | -c | <arg> File in which the configuration is stored |
–default | -d | Show default values for keys listed in [args] |
–edit | -e | Edit the configuration file, change keys and values specified. The [args] is in the key=value form. |
–force | -f | Edit the keys whose change is known to be potentially dangerous |
–help | -h | Shows the help for the usage options for this tool |
–info | -i | Shows the documentation for the keys listed in [args] |
–format | -m | <arg> Shows the values in one of these formats: plain (default), xml, shell, nokey. |
–changed | -n | Shows the values for only those keys listed in the [args] that have been changed from their defaults |
–path | -p | Shows which configuration file will be used |
–quiet | -q | Suppress logging |
–random | -r | This option is used with the edit option. Specified key is set to a random password string. |
–show | -s | Forces the display of the password strings |
–unset | -u | Remove a configuration key. If this is a key with compiled-in defaults, set its value to the empty string. |
–expand | -x | Expand values |
The table below lists the CLI commands in /opt/zimbra/bin.
If you use non-ASCII characters in the CLI, in order for the characters to display correctly, you must change this setting to the desired UTF-8 before running the CLI command. To change this, type:
export LC_All=<UTF_locale>
Important: The default locale on the zimbra user system account is LANG=C. This setting is necessary for starting ZCS services. Changing the default LANG=C setting may cause performance issues with amavisd-new and the IM services may fail to start.
Some of the content is from zimbra official documentation site.
—>>> ENJOY!!! <<<—
The official website recommends the following hardware specification for Zimbra open-source edition.
-Intel/AMD 2.0 GHz 64-bit CPU
-A minimum of 8GB of RAM for a single server installation
-10 GB disk space for software and logs, and additional disk space for mail storage and temporary files
-At least 4GB of RAM for each server if you split the server in 2, but all depend of the kind of services you decide to install on each machine.
General Requirements
-Firewall Configuration should be set to “No firewall”.
-RAID-5 is not recommended for installations with more than 100 accounts.
-SSH client software to transfer and install the Zimbra Collaboration software.
-Valid DNS configured with an A record and MX record.
-Servers should be configured to run Network Time Protocol (NTP) on a scheduled basis.
On both centos VM update the OS, install all packages needed for zimbra install, and disable firewall and sendmail services
yum update -y yum install net-tools usbutils firewalld wget nc perl perl-core ntpl nmap sudo libidn gmp libaio libstdc++ unzip sysstat sqlite -y yum erase postfix systemctl stop sendmail systemctl disable sendmail systemctl stop firewalld systemctl disable firewalld
Add following entries to your both host files to change selinux config
vi /etc/selinux/config
change line SELINUX=permissive
Add following entries to your both host files
vi /etc/hosts 10.0.17.101 zimbra1.demo.local zimbra1 10.0.17.102 zimbra2.demo.local zimbra2
and remove all ipv6 relations comment or delete all ::1
Make static address in your NIC on all servers
vi /etc/sysconfig/network-scripts/ifcfg-………
Remove ipv6 configuration in file
vi /etc/sysctl.conf
Append the text below at the end of the file
net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1
Apply and if print 1 everything related to ipv6 is disabled and you can reboot
sysctl -p reboot
Now create and mount the partition will store the data of your mail system, if you are not familiar to this please search on internet to understand better what you are doing.
The server that need the second hard drive to store email data is the server where you are going to install zimbra store service, in our case the server 1.
We suppone that /dev/sda is your main linux HDD and /dev/sdb/ is the second disk that will be mounted on /opt/zimbra.
The above command will help you to understand the status of your system
fdisk -l lsblk lvs pvdisplay /dev/sd... vgdisplay vg...
Let’s create the partition on /dev/sdb/ and mount on /opt/zimbra
mkdir /opt/zimbra pvcreate /dev/sdb pvdisplay /dev/sdb vgcreate vg1 /dev/sdb lvcreate -l 100%FREE -n zmstore vg0 mkfs.ext4 /dev/vg0/zmstore blkid /dev/vg1/* >> /etc/fstab
once the UUID is sent in append to /etc/fstab open the file and delete the title sent as in the example
vi /etc/fstab example: UUID=00000xxxx-xxxxxx-xxxxxxxx /opt/zimbra ext4 defaults 0 0
After save the file mount and check if is mounted correctly
mount -a mount | grep opt lsblk
If everything is ok we are ready to install zimbra, go the folder you decide to use for download zimbra packages
cd /home/ wget https://files.zimbra.com/downloads/8.6.0_GA/zcs-8.6.0_GA_1153.RHEL7_64.20141215151110.tgz tar xzvf zcs-8.6.0_GA_1153.RHEL7_64.20141215151110.tgz cd zcs-8.6.0_GA_1153.RHEL7_64.20141215151110 ./install.sh
in this case we are going to split the zimbra mail server in 2 different server with different services running on the servers, you can decide to use more servers depends of your needs, Let’s install
Services to install in server 1
cd zcs-… ./install.sh
Do you agree with the terms of the software license agreement? [N] Y
Select the packages to install
Install zimbra-ldap [Y]
y
Install zimbra-logger [Y]
y
Install zimbra-mta [Y] N
Install zimbra-dnscache [N] N
Install zimbra-snmp [Y] N
Install zimbra-store [Y]
y
Install zimbra-apache [Y]
y
Install zimbra-spell [Y]
y
Install zimbra-memcached [Y]
y
Install zimbra-proxy [Y] N
after install edit the field marked with **** before to save change timezone change default ldap admin password and make sure all password are set save config and apply. Before to start with second server apply config here and test with:
zmcontrol status
Services to install in second server
cd zcs-… ./install.sh
Do you agree with the terms of the software license agreement? [N] Y
Select the packages to install
Install zimbra-ldap [Y]
n
Install zimbra-logger [Y]
n
Install zimbra-mta [Y]
y
Install zimbra-dnscache [N]
y
Install zimbra-snmp [Y] N
Install zimbra-store [Y]
n
Install zimbra-apache [Y]
n
Install zimbra-spell [Y]
n
Install zimbra-memcached [Y]
y
Install zimbra-proxy [Y] y
before to save change timezone, check ldap_master_host change default ldap admin password as the other server and check all password on the other server with zmlocalconfig -s (password to know).
Set Up the SSH Keys – both servers
We need to manually populate ssh keys on each server
su - zimbra zmupdateauthkeys
Enabling Server Statistics – both servers
In order for the server statistics to display on the administration console, the syslog configuration files must be modified. On each server, as root, type
/opt/zimbra/libexec/zmsyslogsetup
Verify configuration
zmcontrol status
Setting up proxy zimbra1.demo.local
zimbra1.demo.local
su zimbra /opt/zimbra/libexec/zmproxyconfig -e -m -H mailboxsrv.demo... /opt/zimbra/libexec/zmproxyconfig -e -w -H mailboxsrv.demo...
mtasrv.demo…
su zimbra /opt/zimbra/libexec/zmproxyconfig -e -m -H mtasrv.demo... /opt/zimbra/libexec/zmproxyconfig -e -w -H mtasrv.demo... zmcontrol restart
Once installation is complete, do the common following steps on each server to function properly.
1: Restart and Enable crond service
systemctl restart crond systemctl enable crond
2: Open rsyslog.conf file and uncomment following two lines and restart service
vim /etc/rsyslog.conf $ModLoad imudp $UDPServerRun 514 # Provides TCP syslog reception $ModLoad imtcp $InputTCPServerRun 514 service rsyslog restart
3: Restart and Enable rsyslog service
systemctl restart rsyslog systemctl enable rsyslog
4: Now run the below command to update rsyslog
/opt/zimbra/libexec/zmsyslogsetup updateSyslog: Updating /etc/rsyslog.conf...done.
If the installation are successful you can access via web:
https://zimbra1.demo.local:443
for a webmail
https://zimbra2.demo.local:7071/zimbraAdmin
for admin managment site
(use your own link).
—>>> ENJOY!!! <<<—