Logged in: Logged in as: Log in
Search:
Page last modified 13:42, 8 Jan 2010 by PaulLuzzi
The pluzzi.com Wiki > Zimbra Setup
Page Notifications Off

Zimbra Setup

Description

This page basically describes how to configure Zimbra as a standalone server.  For me, this project came about because my QmailToaster appliance was no longer managing spam effectively and was starting to look dated.  I had seen and used Zimbra before and really liked its interface, so it was time.  I chose to use the TurnKey appliance method of getting this going.  Its far easier than the "build yourself" approach, and really has all the best features setup right out of the box.  Note that as of my install (December 2009), TurnKey is using Ubuntu 8.04.3 LTS for the base of all their appliances, so we'll be using that version.

Process/Implementation

Process description.

Here are the steps :

  • Download the software from Zimbra or the TurnKey appliance version like I'm using.
  • Extract the virtual appliance file into some directory that you have access to from VMWare's Converter.
  • Import that virtual machine to your virtual server.
  • Fire up the virtual machine, set the network details (ip, netmask, gateway, dns) from the console menu.
  • Login via shell access (details of credentials are on the TurnKey page linked above) and set the hostname, edit /etc/hosts for hostname, edit /etc/hostname for new hostname, and change hostname in /etc/motd.
  • Reboot.
  • Begin using.

Tuning / Customization

This took a bit of tweaking to get just right.  It does work right out of the box though - so all of these steps were needed just to make it fit in my own environment.  If you like the basic example.com domain, and DHCP ip address, you can skip this entire section.

Here is a list of steps that I had performed to get me to a usable system :

  • As shown above, just be sure that at this point all the network details are setup properly.  So just configure the primary interface as the virtual machine boots up
  • Its probably a good idea to be sure that ISPonfig, 4PSA, or whatever DNS server you are using, has this new appliance listed already
  • On your workstation, point FireFox or your favorite browser to the Zimbra Admin Interface by going to http://your_zimbra_appliance:7071
  • Choose to add an exception, and store it permanently for the certificate error.  (this cert is for Zimbra's own company name and what not - unless you're going to build your own cert later, just save this permanently)
  • Credentials to login to this admin interface can be found on TurnKey's site (linked above).  For ease of use, I'll just write it here too.  As of 12/2009, its "admin@example.com" with password of "turnkey"
  • Launch a putty session to this server or just exit the console menu to get to a shell prompt.
  • Set the new root password
  • Now, here's one tweak that I use - I dont like "default" hostnames.  So if the host is "zimbra" and I run it as a virtual machine, I like my hostname to be "vmZimbra" as an example.  So we have to tweak the TurnKey configuration tool to allow this.  So here we need to update the /usr/local/bin/zimbra-conf script and change the hostname from "mail" to "vmZimbra"
  • Now we can run the update tool, specify our own domain name that we're going to host mail for, and set the new admin password.  So it should look something like this :  "/usr/local/bin/zimbra-conf   mydomain.com   new-password-I-want-to-use"
  • I'm not sure exactly why, but there were still some areas that still had some "example.com" stuff left behind.  So while still in the root session, I had to "cd /opt/zimbra/mailboxd/etc" and change any "example.com" to "mydomain.com".  For me that was the following list of files : jetty.xml.in, zimbraAdmin.web.xml.in, zimbra.web.xml.in, jetty.xml, jetty.properties .  (I wonder if this was even really needed or if I'm just always extra paranoid that something was not done right - but I did this anyway, and its how I run to this day)
  • Because of our changes, we need to rerun the "/etc/init.d/zimbra restart" process now to reflect any new changes (this should be added to the configuration tool, but I think its missing - and may be fixed by the time you read this)
  • In the browser, go back into 7071 interface and remove any unwanted accounts (you may be forced to relogin as well, using the new "admin@mydomain.com" account with the new "new-password-I-want-to-use" password
  • Change the "admin" account to the new "mydomain.com" domain (do the same for wiki if you have or want such an account)
  • Remove any leftover traces of the "example.com" domain
  • Add any other "mydomain.com" emails that you want to have
  • Confirm that the special admin/webmaster type accounts are correct in /opt/zimbra/conf, amavisd.conf dspam.conf httpd.conf localconfig.xml log4j.properties nginx.conf php.ini swatchrc zmssl.cnf files
  • Once again, in root shell session, run the "/etc/init.d/zimbra restart" process


At this point, there should be a fully working system, tweaked to "mydomain.com" format, and there should be enough accounts to login and test out.  Make sure that things look right, services are all running properly, admin is allowed to add accounts, etc, etc.  Just basically test everything out.

Now, in order to use this as the primary mail server, it will require changing dns names for "stmp", "pop", "pop", "imap", "mail", "webmail" or any other mail based alias.  I also created new aliases for secure services "smtps", "imaps", "pops" as well.  All of these now point to my Zimbra appliance.  

Last step is to add new "mx" records in the dns managers.  I'm currently testing out the "4psa" tools and have been using "ISPConfig" for a while as well.  So I set my Zimbra service to a priority of 20 and left my primary mail server as "10" for now.  This will let me send and recieve mail for now, and after everything is good, I'll go ahead and make my primary mail server a priority of 30 later.

Once all the testing works, and things look good, go to your Internet Name Service provider - be it goDaddy, Register.com, or whoever, and add new "A record" in for this new host.  Do the same with the "mx" record as we did on our own locally hosted DNS.

If you're that far, and all looks good and is working properly, its time to map a port through the firewall so we can access this mail server.  Well, its more like mapping several ports.  So edit the firewall and setup ports that Zimbra uses (imap/imaps 143/993, pop/pops 110/995, smtp/smtps 25/465), as well as the interface (http/https 80/443). 

Its now time for the celebration and congratulations toast.  If we got this far without issue, we're really pretty much done as far as getting it up and running.  I would suggest a full reboot, just to be sure that all is good and nothing surprises.

Further Information

Whats left now is to add big brother monitoring, and to convert any historical mail into Zimbra, assuming you want that.  Personally, I did.  I want all my old email (3Gb+) converted from my old Qmail Toaster imap service to this.  I'll add that in the near future.

Convert imap content/data from qmail to Zimbra

Converting the old mail from my qmail-toaster to zimbra wasnt terrible, but wasnt straightforward either.  I ran into issues in each area I tried.   But in the end, these were the successful steps :

  • In a root session on Zimbra, "apt-get install imapsync imapcopy"
  • Point the browser to http://your-zimbra-appliance:7071
  • Go to "Global Settings" then "Imap"
  • Change the setting so that "Enable Clear Text" is enabled
  • Save

 

Now I had to run the imapsync command on an account and see what happens.  Since I'm the only user with access to the servers, I didnt mind having the passwords on the command line, but if you're in a place where more people have shell access, this is not advised :

imapsync --buffersize 8192000 --nosyncacls --subscribe --syncinternaldates --host1 QmailToaster.domain.com --user1 user@domain.com --password1 password --host2 Zimbra.domain.com --user2 user@domain.com --password2 password --noauthmd5 | tee /tmp/user.domain.com.report.txt

Note that a good review of "man imapsync" will help with knowing all the command options and other possibilities.  I was forced to use the noauthmd5 because login to the zimbra domain was failing.  This ties into the option above about "Enable Clear Text" passwords. 

So this command seemed to work, and for any user that had less than about 100 folders, it was ok.  But of course my 3Gb+ account has hundreds and hundreds of folders so it would just stop working after a while.  When I ran that command above, I had "tee" at the end, so that I could capture all the details.  It was a good thing too, because for the folders that failed for me, I had to go through them and run each one manually.  In that review of the /tmp/user.domain.com/report.txt file, I noticed that it was failing to create all the folders - after about 100 or so, it simply started failing the create.  Naturally without the folders, it cant migrate the data.  So as mentioned earlier, a review of "man imapsync" shows more options.  I found that there is an option to do just one folder.  So I ran that for each failed folder, and that worked out the issue.  So here is my little loop script to do that :

grep "From Folder \[INBOX." /tmp/user.domain.com.report.txt | awk -F[ '{print $2}' | awk -F] '{print $1}' > /tmp/user.domain.com.failed.folders.txt
cat /tmp/user.domain.com.failed.folders.txt | while read foldername
 do
  echo "Folder  :$foldername:  is next ..."
  imapsync --host1 QmailToaster.domain.com --user1 user@domain.com --password1 password --host2 Zimbra.domain.com --user2 user@domain.com --password2 password --noauthmd5 --folder "$foldername"
 done

Basically whats happening there, its its going through a list of folders I had taken from the failed report "/tmp/user.domain.com/report.txt" and for each one, it runs the imapsync command on JUST that folder.  So looping through all the failed folders seemed to take care of it.   In my browser, I had a tab open to the user@domain.com mail account, and as the script processed each folder, I could see the folder populated in the browser, and watched the mail count, and mail size increase.  That was nice to see.

Just be sure to go back and disable clear text passwords in Zimbra after the conversion is all over.

Convert squirrelmail address book to Zimbra 

I was trying to do the simple "export to cvs" like is shown here.  It's a great document to show how it should work, because it looks SO easy.  However, everytime I clicked the "export" button, I'd get a whitescreen in my browser.  Something was off there for sure.  I even tried editing the server's php.ini file's memory size parameter from the default to 128Mb to see if it was some sort of issue with that, but no luck.

So I looked around, and found this on the Zimbra site, which I was hopeful for, but still no luck.  I dont know exactly why it wouldnt work.  My qmail toaster hosts about 7 different domains, so all of my user login names are full "user@domain.com" names, not the standard single domain "user" type.  I had thought maybe the "@" character was causing the issue in the php script, so I even navigated to /var/lib/squirrelmail/prefs directory and made a copy of my "user@domain.com" file as "user.domain.com" instead and tried that way ... still no luck.  Eventually I came to the assumption that for some reason the "empty" clauses were not working properly in the condition statements in the php file.  So I modified it so that it looked like this (just change the bold areas to whatever is needed) :

<?php
 header("Content-type: application/force-download");
 header("Content-disposition: attachment; filename=user.domain.com.abook.csv");
 header("Expires: 0");
 header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
 header("Pragma: nocache");
 print("\"Birthday\",\"Business City\",\"Business Country\",\"Business Fax\",\"Business Phone\",\"Business Phone 2\",\"Business Postal Code\",\"Business State\",\"Business Street\",\"Business Street 2\",\"Business Street 3\",\"Callback\",\"Car Phone\",\"Company\",\"Company Main Phone\",\"Department\",\"E-mail Address\",\"E-mail Display Name\",\"E-mail Type\",\"E-mail 2 Address\",\"E-mail 2 Display Name\",\"E-mail 2 Type\",\"E-mail 3 Address\",\"E-mail 3 Display Name\",\"E-mail 3 Type\",\"First Name\",\"Home City\",\"Home Country\",\"Home Fax\",\"Home Phone\",\"Home Phone 2\",\"Home Postal Code\",\"Home State\",\"Home Street\",\"Home Street 2\",\"Home Street 3\",\"Initials\",\"Job Title\",\"Last Name\",\"Middle Name\",\"Mobile Phone\",\"Notes\",\"Other City\",\"Other Country\",\"Other Fax\",\"Other Phone\",\"Other Postal Code\",\"Other State\",\"Other Street\",\"Other Street 2\",\"Other Street 3\",\"Pager\",\"Suffix\",\"Web Page\" ");
 $readfile = file("/var/lib/squirrelmail/prefs/user.domain.com.abook");
 for ($k=0; $k<=count($readfile)-1; $k++)
  {
    $fields = split("\|",$readfile[$k]);
    print("\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"$fields[3]\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"$fields[1]\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"$fields[2]\",\"\",\"\",\"$fields[4]\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\" ");
  } 
?> 

 

So I just did that for each user manually.  So now when I point my browser to that php file : http://squirrelmail-server/src/email/abook_user.php - it would immediately prompt for download location (and had the proper default name set).  So i saved that locally and was able to import it into Zimbra as the instructions say in this document.

Relaying

After that was all done, I did go revisit my other linux/unix hosts on the network, and changed their "relayhost" in either postfix, qmail, sendmail, or whatever - to an alias called "mailhost", and I set "mailhost" in my DNS to point to the Zimbra host.  I should have done this from the get go, but I guess I was lazy 3 years ago and just set my "qmail" host name for relay host on all these boxes.  Now, if I ever change mail servers again, its just changing the DNS record, and no more visiting each host to change the relay parameter.

However, while I thought it was working, as it turns out, it wasn't.  It was relaying through the Qmail server still.  I actually didnt realize it though, until I set up another Zimbra server for another client in another network that didnt have a proper relay server already in place.  Figuring out how to fix it was trickier than I suspected, though the actual fix is not difficult.  Learned a good deal from this site.  Here are those steps :

  • Check if any host other than localhost is allowed to relay right now through postconf utility :
zimbra@Zimbra:~$ postconf mynetworks
mynetworks = 127.0.0.0/8
  • Use the zmprov utility to get the server details for the MTA relay settings for our "zimbra.mydomain.com" server  :
zimbra@Zimbra:~$ zmprov getServer Zimbra.mydomain.com | grep zimbraMtaMyNetworks
zimbraMtaMyNetworks: 127.0.0.0/8
  • Now that we have confirmed that only localhost can relay, modify the MTA for my networks, and add a new network (192.168.1.0/24) that is allowed to relay through our server (zimbra.mydomain.com) :
zimbra@Zimbra:~$ zmprov modifyServer Zimbra.mydomain.com zimbraMtaMyNetworks '127.0.0.0/8 192.168.1.0/24'
  • Reload the postfix configuration :
zimbra@Zimbra:~$ postfix reload
postfix/postfix-script: refreshing the Postfix mail system
  • Check the zimbra log file and watch for a relay to go through (which is reall best if you checked this for a failed message first so you know what you are looking for) : 
zimbra@Zimbra:~$ tail -100f /var/log/zimbra.log
  • Send a test message from another host on your "192.168.1.0" network :
user@somehost:~$ echo "test" | mutt -s "test" webmaster@mydomain.com

 

  • If all went well, you'll see a nice log file entry showing the email passing right through Zimbra like we want.

 

Note that there is a good bit of documentation and information on the Internet about Zimbra.  In fact, there is so much, it can be hard to choose where to look, but I'll take that type of problem any day.  

Tag page
What links here

Files 0

Attach file or image
 

Images 0

 
You must login to post a comment.
Powered by MindTouch Core v.9.08.1