habibzain Just husband, father and enthusiastic men about System Administration. Love to write short article about it. Perhaps can help and be useful for others.

Install Zimbra MTA – Zimbra Multi Server on Ubuntu 20.04 (Part 3)

8 min read

Install Zimbra Multi Server on Ubuntu 20.04 (Part 3)

Hi Dude, this is the last in a series of zimbra multi server installlation sequence on Ubuntu 20.04. Ok, lets do it install zimbra MTA + memcache + Proxy + Anti Spam + Antivirus on multi server schema. We can sort on a list of the following multi-server zimbra installation sequences:

Noted: We named this host as Zimbra MTA. Because its basic function is for Mail Transport Agent. In this Zimbra MTA, Memcached, Proxy, Anti Spam and Antivirus services will be running.

Before Install Zimbra MTA Multi Server

Basically the same as in Zimbra LDAP and mailbox preparation, we can repeat the same steps so that this article is not long. I will write a summary here.

Preparation:

  1. Set IP address static and /etc/hosts.
  2. Set Hostname and Date Time.
  3. Disable firewall.
  4. Install NTP Server. In /etc/ntp.conf disable all server, and add "server 10.12.12.10 iburst".
  5. By default, Ubuntu 20/04 bundling systemd-resolved. Edit /etc/systemd/resolved.conf and set like below.
[Resolve]
DNS=10.12.12.10
#FallbackDNS=
Domains=habibza.in

After that finished, test lookup to other server. It should be answered according to the IP address in the DNS field. As we know, 127.0.0.53 is port systemd-resolver.

root@mta:~# nslookup ldap.habibza.in
Server:         127.0.0.53
Address:        127.0.0.53#53

Non-authoritative answer:
Name:   ldap.habibza.in
Address: 10.12.12.10

root@mta:~# nslookup mail.habibza.in
Server:         127.0.0.53
Address:        127.0.0.53#53

Non-authoritative answer:
Name:   mail.habibza.in
Address: 10.12.12.12

Next, test the NTP client. Whether it can query the NTP server 10.12.12.10 or not. Use command ntpq -c sysinfo. Look red line, there is flag sync_ntp. That sign can query properly to ntp server 10.12.12.10.

root@mta:~# ntpq -c sysinfo

associd=0 status=0614 leap_none, sync_ntp, 1 event, freq_mode,
system peer:        ldap.habibza.in:123
system peer mode:   client

Install Zimbra MTA

After preparation finish, next install zimbra package.

Note: If meet require LDAP passwd, execute this command in zimbra LDAP to retrive zimbra LDAP passwords.

su - zimbra
zmlocalconfig -s | grep ldap_amavis_password
zmlocalconfig -s | grep ldap_nginx_password
zmlocalconfig -s | grep ldap_postfix_password
zmlocalconfig -s | grep ldap_replication_password
zmlocalconfig -s | grep ldap_root_password
zmlocalconfig -s | grep zimbra_ldap_password

After get password, save or copy. And input when needed later when the installation is running.

wget https://files.zimbra.com/downloads/8.8.15_GA/zcs-8.8.15_GA_4179.UBUNTU20_64.20211118033954.tgz
tar -zxvf zcs-8.8.15_GA_4179.UBUNTU20_64.20211118033954.tgz
cd zcs-8.8.15_GA_4179.UBUNTU20_64.20211118033954
./install.sh

Operations logged to /tmp/install.log.v39fi0HW
Checking for existing installation...
    zimbra-drive...NOT FOUND
    zimbra-imapd...NOT FOUND
    ...
---CUT---
    ...  
----------------------------------------------------------------------
Do you agree with the terms of the software license agreement? [N] y
Use Zimbra's package repository [Y]

Warning: apt-key output should not be parsed (stdout is not a terminal)
Importing Zimbra GPG key
Configuring package repository
Checking for installable packages

Found zimbra-core (local)
Found zimbra-ldap (local)
Found zimbra-logger (local)
Found zimbra-mta (local)
Found zimbra-dnscache (local)
Found zimbra-snmp (local)
Found zimbra-store (local)
Found zimbra-apache (local)
Found zimbra-spell (local)
Found zimbra-memcached (repo)
Found zimbra-proxy (local)
Found zimbra-drive (repo)
Found zimbra-imapd (local)
Found zimbra-patch (repo)
Found zimbra-mta-patch (repo)
Found zimbra-proxy-patch (repo)

Select the packages to install

Install zimbra-ldap [Y] n
Install zimbra-logger [Y] n
Install zimbra-mta [Y]
Install zimbra-dnscache [Y] n
Install zimbra-snmp [Y]
Install zimbra-store [Y] n
Install zimbra-apache [Y] n
Install zimbra-spell [Y] n
Install zimbra-memcached [Y]
Install zimbra-proxy [Y]
Checking required space for zimbra-core

Installing:
    zimbra-core
    zimbra-mta
    zimbra-snmp
    zimbra-memcached
    zimbra-proxy
    zimbra-mta-patch
    zimbra-proxy-patch

The system will be modified.  Continue? [N] Y
Beginning Installation - see /tmp/install.log.IwwYpbem for details...
   ...
---CUT---
   ...  

Checking for port conflicts

Main menu

   1) Common Configuration:
        +Hostname:                             mta.habibza.in
******* +Ldap master host:                     UNSET
        +Ldap port:                            389
******* +Ldap Admin password:                  UNSET
        +LDAP Base DN:                         cn=zimbra
        +Store ephemeral attributes outside Ldap: no
        +Secure interprocess communications:   yes
        +TimeZone:                             America/Los_Angeles
        +IP Mode:                              ipv4
        +Default SSL digest:                   sha256

   2) zimbra-mta:                              Enabled
        +Enable Spamassassin:                  yes
        +Enable Clam AV:                       yes
        +Enable OpenDKIM:                      yes
        +Notification address for AV alerts:   [email protected]
******* +Bind password for postfix ldap user:  UNSET
******* +Bind password for amavis ldap user:   UNSET

   3) zimbra-snmp:                             Enabled
   4) zimbra-proxy:                            Enabled
   s) Save config to file
   x) Expand menu
   q) Quit

Address unconfigured (**) items  (? - help) 1


Common configuration

   1) Hostname:                                mta.habibza.in
** 2) Ldap master host:                        UNSET
   3) Ldap port:                               389
** 4) Ldap Admin password:                     UNSET
   5) LDAP Base DN:                            cn=zimbra
   6) Store ephemeral attributes outside Ldap: no
   7) Secure interprocess communications:      yes
   8) TimeZone:                                America/Los_Angeles
   9) IP Mode:                                 ipv4
  10) Default SSL digest:                      sha256

Select, or 'r' for previous menu [r] 2

Please enter the ldap server hostname: ldap.habibza.in

Common configuration

   1) Hostname:                                mta.habibza.in
   2) Ldap master host:                        ldap.habibza.in
   3) Ldap port:                               389
** 4) Ldap Admin password:                     UNSET
   5) LDAP Base DN:                            cn=zimbra
   6) Store ephemeral attributes outside Ldap: no
   7) Secure interprocess communications:      yes
   8) TimeZone:                                America/Los_Angeles
   9) IP Mode:                                 ipv4
  10) Default SSL digest:                      sha256

Select, or 'r' for previous menu [r] 4

Password for ldap admin user (min 6 characters): 7CB7xJe_4O
Setting defaults from ldap...done.

Common configuration

   1) Hostname:                                mta.habibza.in
   2) Ldap master host:                        ldap.habibza.in
   3) Ldap port:                               389
   4) Ldap Admin password:                     set
   5) LDAP Base DN:                            cn=zimbra
   6) Store ephemeral attributes outside Ldap: yes
   7) Value for zimbraEphemeralBackendURL:     ldap://default
   8) Secure interprocess communications:      yes
   9) TimeZone:                                Asia/Bangkok
  10) IP Mode:                                 ipv4
  11) Default SSL digest:                      sha256

Select, or 'r' for previous menu [r]

Main menu

   1) Common Configuration:
        +Hostname:                             mta.habibza.in
        +Ldap master host:                     ldap.habibza.in
        +Ldap port:                            389
        +Ldap Admin password:                  set
        +LDAP Base DN:                         cn=zimbra
        +Store ephemeral attributes outside Ldap: yes
        +Value for zimbraEphemeralBackendURL:  ldap://default
        +Secure interprocess communications:   yes
        +TimeZone:                             Asia/Bangkok
        +IP Mode:                              ipv4
        +Default SSL digest:                   sha256

   2) zimbra-mta:                              Enabled
        +Enable Spamassassin:                  yes
        +Enable Clam AV:                       yes
        +Enable OpenDKIM:                      yes
        +Notification address for AV alerts:   [email protected]
******* +Bind password for postfix ldap user:  UNSET
******* +Bind password for amavis ldap user:   UNSET

   3) zimbra-snmp:                             Enabled
   4) zimbra-proxy:                            Enabled
        +Enable POP/IMAP Proxy:                TRUE
        +Enable strict server name enforcement? TRUE
        +IMAP server port:                     7143
        +IMAP server SSL port:                 7993
        +IMAP proxy port:                      143
        +IMAP SSL proxy port:                  993
        +POP server port:                      7110
        +POP server SSL port:                  7995
        +POP proxy port:                       110
        +POP SSL proxy port:                   995
******* +Bind password for nginx ldap user:    Not Verified
        +Enable HTTP[S] Proxy:                 TRUE
        +Web server HTTP port:                 8080
        +Web server HTTPS port:                8443
        +HTTP proxy port:                      80
        +HTTPS proxy port:                     443
        +Proxy server mode:                    https

   s) Save config to file
   x) Expand menu
   q) Quit

Address unconfigured (**) items  (? - help) 2


Mta configuration

   1) Status:                                  Enabled
   2) Enable Spamassassin:                     yes
   3) Enable Clam AV:                          yes
   4) Enable OpenDKIM:                         yes
   5) Notification address for AV alerts:      [email protected]
** 6) Bind password for postfix ldap user:     UNSET
** 7) Bind password for amavis ldap user:      UNSET

Select, or 'r' for previous menu [r] 5

Notification address for AV alerts: [[email protected]] [email protected]

Mta configuration

   1) Status:                                  Enabled
   2) Enable Spamassassin:                     yes
   3) Enable Clam AV:                          yes
   4) Enable OpenDKIM:                         yes
   5) Notification address for AV alerts:      [email protected]
** 6) Bind password for postfix ldap user:     UNSET
** 7) Bind password for amavis ldap user:      UNSET

Select, or 'r' for previous menu [r] 6

Password for ldap Postfix user (min 6 characters): 7CB7xJe_4O

Mta configuration

   1) Status:                                  Enabled
   2) Enable Spamassassin:                     yes
   3) Enable Clam AV:                          yes
   4) Enable OpenDKIM:                         yes
   5) Notification address for AV alerts:      [email protected]
   6) Bind password for postfix ldap user:     set
** 7) Bind password for amavis ldap user:      UNSET

Select, or 'r' for previous menu [r] 7

Password for ldap Amavis user (min 6 characters): 7CB7xJe_4O

Mta configuration

   1) Status:                                  Enabled
   2) Enable Spamassassin:                     yes
   3) Enable Clam AV:                          yes
   4) Enable OpenDKIM:                         yes
   5) Notification address for AV alerts:      [email protected]
   6) Bind password for postfix ldap user:     set
   7) Bind password for amavis ldap user:      set

Select, or 'r' for previous menu [r] r

Main menu

   1) Common Configuration:
        +Hostname:                             mta.habibza.in
        +Ldap master host:                     ldap.habibza.in
        +Ldap port:                            389
        +Ldap Admin password:                  set
        +LDAP Base DN:                         cn=zimbra
        +Store ephemeral attributes outside Ldap: yes
        +Value for zimbraEphemeralBackendURL:  ldap://default
        +Secure interprocess communications:   yes
        +TimeZone:                             Asia/Bangkok
        +IP Mode:                              ipv4
        +Default SSL digest:                   sha256

   2) zimbra-mta:                              Enabled
   3) zimbra-snmp:                             Enabled
   4) zimbra-proxy:                            Enabled
        +Enable POP/IMAP Proxy:                TRUE
        +Enable strict server name enforcement? TRUE
        +IMAP server port:                     7143
        +IMAP server SSL port:                 7993
        +IMAP proxy port:                      143
        +IMAP SSL proxy port:                  993
        +POP server port:                      7110
        +POP server SSL port:                  7995
        +POP proxy port:                       110
        +POP SSL proxy port:                   995
******* +Bind password for nginx ldap user:    Not Verified
        +Enable HTTP[S] Proxy:                 TRUE
        +Web server HTTP port:                 8080
        +Web server HTTPS port:                8443
        +HTTP proxy port:                      80
        +HTTPS proxy port:                     443
        +Proxy server mode:                    https

   s) Save config to file
   x) Expand menu
   q) Quit

Address unconfigured (**) items  (? - help) 4


Proxy configuration

   1) Status:                                  Enabled
   2) Enable POP/IMAP Proxy:                   TRUE
   3) Enable strict server name enforcement?   TRUE
   4) IMAP server port:                        7143
   5) IMAP server SSL port:                    7993
   6) IMAP proxy port:                         143
   7) IMAP SSL proxy port:                     993
   8) POP server port:                         7110
   9) POP server SSL port:                     7995
  10) POP proxy port:                          110
  11) POP SSL proxy port:                      995
**12) Bind password for nginx ldap user:       Not Verified
  13) Enable HTTP[S] Proxy:                    TRUE
  14) Web server HTTP port:                    8080
  15) Web server HTTPS port:                   8443
  16) HTTP proxy port:                         80
  17) HTTPS proxy port:                        443
  18) Proxy server mode:                       https

Select, or 'r' for previous menu [r] 12

Password for ldap Nginx user (min 6 characters): [hlYBPeVyEF] 7CB7xJe_4O

Proxy configuration

   1) Status:                                  Enabled
   2) Enable POP/IMAP Proxy:                   TRUE
   3) Enable strict server name enforcement?   TRUE
   4) IMAP server port:                        7143
   5) IMAP server SSL port:                    7993
   6) IMAP proxy port:                         143
   7) IMAP SSL proxy port:                     993
   8) POP server port:                         7110
   9) POP server SSL port:                     7995
  10) POP proxy port:                          110
  11) POP SSL proxy port:                      995
  12) Bind password for nginx ldap user:       set
  13) Enable HTTP[S] Proxy:                    TRUE
  14) Web server HTTP port:                    8080
  15) Web server HTTPS port:                   8443
  16) HTTP proxy port:                         80
  17) HTTPS proxy port:                        443
  18) Proxy server mode:                       https

Select, or 'r' for previous menu [r]

Main menu

   1) Common Configuration:
   2) zimbra-mta:                              Enabled
   3) zimbra-snmp:                             Enabled
   4) zimbra-proxy:                            Enabled
   s) Save config to file
   x) Expand menu
   q) Quit

*** CONFIGURATION COMPLETE - press 'a' to apply
Select from menu, or press 'a' to apply config (? - help)

Main menu

   1) Common Configuration:
   2) zimbra-mta:                              Enabled
   3) zimbra-snmp:                             Enabled
   4) zimbra-proxy:                            Enabled
   s) Save config to file
   x) Expand menu
   q) Quit

*** CONFIGURATION COMPLETE - press 'a' to apply
Select from menu, or press 'a' to apply config (? - help) a
Save configuration data to a file? [Yes]
Save config in file: [/opt/zimbra/config.25834]
Saving config in /opt/zimbra/config.25834...done.
The system will be modified - continue? [No] Yes
Operations logged to /tmp/zmsetup.20220410-132027.log
Setting local config values...done.
You have the option of notifying Zimbra of your installation.
This helps us to track the uptake of the Zimbra Collaboration Server.
The only information that will be transmitted is:
        The VERSION of zcs installed (8.8.15_GA_4179_UBUNTU20_64)
        The ADMIN EMAIL ADDRESS created ([email protected])
...
...
Configuration complete - press return to exit

After finished installation. Check zimbra status.

root@mta:~# su - zimbra
zimbra@mta:~$ zmcontrol status
Host mta.habibza.in
        amavis                  Running
        antispam                Running
        antivirus               Running
        memcached               Running
        mta                     Running
        opendkim                Running
        proxy                   Running
        stats                   Running
        zmconfigd               Running

Final Touch

Set Up the SSH Keys

To populate the SSH keys, perform the following as the zimbra user (sudo su - zimbra) on each server:

zmupdateauthkeys

Enabling Server Statistics Display

In order for the server statistics to display on the administration console, the syslog configuration files must be modified.

Zimbra Collaboration supports the default syslog of a supported operating system. Depending on your operating system, the steps contained in this section might not be correct. See your operating system documentation for specific information about how to enable syslog.

  1. On each server, as root, type /opt/zimbra/libexec/zmsyslogsetup. This enables the server to display statistics.
  2. On the logger monitor host, you must enable either syslog or rsyslog to log statistics from remote machines:For syslog:
    1. Edit the /etc/sysconfig/syslog file, add -r to the SYSLOGD_OPTIONS setting, SYSLOGD_options="-r -m 0".
    2. Stop the syslog daemon. Type /etc/init.d/syslog stop.
    3. Start the syslog daemon. Type /etc/init.d/syslog start.

For syslog on Debian or Ubuntu:

  1. Edit the /etc/default/syslogd file, add -r to the SYSLOGD_OPTIONS setting, SYSLOGD_options="-r -m 0"
  2. Stop the syslog daemon. Type /etc/init.d/sysklogd stop.
  3. Start the syslog daemon. Type /etc/init.d/sysklogd start.
See also  Preparation Before Install Zimbra 8.8.15 in Ubuntu 20.04 (Part 1)

For rsyslog:

  1. Uncomment the following lines in /etc/rsyslog.conf$modload imudp $UDPServerRun 514
  2. Restart rsyslog

For rsyslog on RHEL or CentOS:

  1. Uncomment the following lines in /etc/rsyslog.conf.# Provides UDP syslog reception #$ModLoad imudp #$UDPServerRun 514 # Provides TCP syslog reception #$ModLoad imtcp #$InputTCPServerRun 514

On ALL the Mailbox Server

Please attention, run this command on all mailbox server.

/opt/zimbra/libexec/zmproxyconfig -e -m -H mailbox.node.service.hostname
zmcontrol restart

In my case scenario, I will run like this.

/opt/zimbra/libexec/zmproxyconfig -e -m -H mbox1.habibza.in
zmcontrol restart

On the Proxy Server

/opt/zimbra/libexec/zmproxyconfig -e -m -H proxy.node.service.hostname
zmcontrol restart

In my case scenario, run like this.

/opt/zimbra/libexec/zmproxyconfig -e -m -H mta.habibza.in
zmcontrol restart

HTTPS redirect from HTTP

HTTP proxy can support protocol modes for HTTP or HTTPS only, both HTTP and HTTPS, mixed HTTP and HTTPS or HTTPS redirect from HTTP. Redirect is a popular configuration. This configuration must be made to the proxy servers.

zmprov ms proxy.server.name zimbraReverseProxyAdminEnabled TRUE
zmprov ms proxy.server.name zimbraReverseProxyMailMode redirect

In my case.

zmprov ms mta.habibza.in zimbraReverseProxyAdminEnabled TRUE
zmprov ms mta.habibza.in zimbraReverseProxyMailMode redirect

Change Admin Notification

zimbra@mbox1:~$ zmlocalconfig -e [email protected]
zimbra@mbox1:~$ zmlocalconfig -e [email protected]
zimbra@mbox1:~$ zmlocalconfig -e [email protected]

Next, open browser and type this URL.

https://mail.habibza.in:9071/zimbraAdmin/

Reference:

https://zimbra.github.io
https://wiki.zimbra.com/wiki/Zimbra_Proxy_Manual:Installing_,_Configuring,_Disabling_the_Zimbra_Proxy
https://wiki.zimbra.com/wiki/Enabling_Zimbra_Proxy_and_memcached

Let's Buy Me Coffee.

Buy Me a Coffee at ko-fi.com

https://saweria.co/habibzain
https://ko-fi.com/habibzain
habibzain Just husband, father and enthusiastic men about System Administration. Love to write short article about it. Perhaps can help and be useful for others.

Centos Failed Update Kernel

Today I did a kernel update on my server with Centos 7 OS. At the end of the update process, I found a kernel...
habibzain
1 min read

Easy Fix Missing mirrorlist http://mirrorlist.centos.org on CentOS 7

When running yum update or command that utilize the yum system, errors similar to the following are produced: If you’re encountering issues with the...
habibzain
1 min read

Easy Create Laravel Project with Composer

Requirement Laravel, a popular PHP framework, is renowned for its elegant syntax and robust features, making it a top choice for web developers. One...
habibzain
1 min read

2 Replies to “Install Zimbra MTA – Zimbra Multi Server on Ubuntu…”

  1. But how to configure HA for Mailbox1 and mailbox2 , becuse both have different IP, how is it sync ?

    1. Hi Sidheswar Biswal.
      In this scenario no sync occured.
      HA is installed on the MTA Server.
      The main function of HA is only to forward and distribute the load of incoming email traffic.

Leave a Reply

Your email address will not be published. Required fields are marked *

Never miss good article from us, get weekly updates in your inbox