Hi Dude, this is the last in a series of zimbra multi server installlation sequence on Ubuntu 20.04. Ok, lets do it install zimbra MTA + memcache + Proxy + Anti Spam + Antivirus on multi server schema. We can sort on a list of the following multi-server zimbra installation sequences:
- Part 1 – Install Zimbra LDAP (DNS, NTP Services).
- Part 2 – Install Zimbra Mailbox.
- Install Zimbra MTA, memcache, Proxy, Antispam, Antivirus. Part 3
Noted: We named this host as Zimbra MTA. Because its basic function is for Mail Transport Agent. In this Zimbra MTA, Memcached, Proxy, Anti Spam and Antivirus services will be running.
Before Install Zimbra MTA Multi Server
Basically the same as in Zimbra LDAP and mailbox preparation, we can repeat the same steps so that this article is not long. I will write a summary here.
Preparation:
- Set IP address static and /etc/hosts.
- Set Hostname and Date Time.
- Disable firewall.
- Install NTP Server. In /etc/ntp.conf disable all server, and add
"server 10.12.12.10 iburst"
. - By default, Ubuntu 20/04 bundling
systemd-resolved
. Edit/etc/systemd/resolved.conf
and set like below.
[Resolve]
DNS=10.12.12.10
#FallbackDNS=
Domains=habibza.in
After that finished, test lookup to other server. It should be answered according to the IP address in the DNS field. As we know, 127.0.0.53 is port systemd-resolver.
root@mta:~# nslookup ldap.habibza.in
Server: 127.0.0.53
Address: 127.0.0.53#53
Non-authoritative answer:
Name: ldap.habibza.in
Address: 10.12.12.10
root@mta:~# nslookup mail.habibza.in
Server: 127.0.0.53
Address: 127.0.0.53#53
Non-authoritative answer:
Name: mail.habibza.in
Address: 10.12.12.12
Next, test the NTP client. Whether it can query the NTP server 10.12.12.10 or not. Use command ntpq -c sysinfo
. Look red line, there is flag sync_ntp. That sign can query properly to ntp server 10.12.12.10.
root@mta:~# ntpq -c sysinfo
associd=0 status=0614 leap_none, sync_ntp, 1 event, freq_mode,
system peer: ldap.habibza.in:123
system peer mode: client
Install Zimbra MTA
After preparation finish, next install zimbra package.
Note: If meet require LDAP passwd, execute this command in zimbra LDAP to retrive zimbra LDAP passwords.
su - zimbra
zmlocalconfig -s | grep ldap_amavis_password
zmlocalconfig -s | grep ldap_nginx_password
zmlocalconfig -s | grep ldap_postfix_password
zmlocalconfig -s | grep ldap_replication_password
zmlocalconfig -s | grep ldap_root_password
zmlocalconfig -s | grep zimbra_ldap_password
After get password, save or copy. And input when needed later when the installation is running.
wget https://files.zimbra.com/downloads/8.8.15_GA/zcs-8.8.15_GA_4179.UBUNTU20_64.20211118033954.tgz
tar -zxvf zcs-8.8.15_GA_4179.UBUNTU20_64.20211118033954.tgz
cd zcs-8.8.15_GA_4179.UBUNTU20_64.20211118033954
./install.sh
Operations logged to /tmp/install.log.v39fi0HW
Checking for existing installation...
zimbra-drive...NOT FOUND
zimbra-imapd...NOT FOUND
...
---CUT---
...
----------------------------------------------------------------------
Do you agree with the terms of the software license agreement? [N] y
Use Zimbra's package repository [Y]
Warning: apt-key output should not be parsed (stdout is not a terminal)
Importing Zimbra GPG key
Configuring package repository
Checking for installable packages
Found zimbra-core (local)
Found zimbra-ldap (local)
Found zimbra-logger (local)
Found zimbra-mta (local)
Found zimbra-dnscache (local)
Found zimbra-snmp (local)
Found zimbra-store (local)
Found zimbra-apache (local)
Found zimbra-spell (local)
Found zimbra-memcached (repo)
Found zimbra-proxy (local)
Found zimbra-drive (repo)
Found zimbra-imapd (local)
Found zimbra-patch (repo)
Found zimbra-mta-patch (repo)
Found zimbra-proxy-patch (repo)
Select the packages to install
Install zimbra-ldap [Y] n
Install zimbra-logger [Y] n
Install zimbra-mta [Y]
Install zimbra-dnscache [Y] n
Install zimbra-snmp [Y]
Install zimbra-store [Y] n
Install zimbra-apache [Y] n
Install zimbra-spell [Y] n
Install zimbra-memcached [Y]
Install zimbra-proxy [Y]
Checking required space for zimbra-core
Installing:
zimbra-core
zimbra-mta
zimbra-snmp
zimbra-memcached
zimbra-proxy
zimbra-mta-patch
zimbra-proxy-patch
The system will be modified. Continue? [N] Y
Beginning Installation - see /tmp/install.log.IwwYpbem for details...
...
---CUT---
...
Checking for port conflicts
Main menu
1) Common Configuration:
+Hostname: mta.habibza.in
******* +Ldap master host: UNSET
+Ldap port: 389
******* +Ldap Admin password: UNSET
+LDAP Base DN: cn=zimbra
+Store ephemeral attributes outside Ldap: no
+Secure interprocess communications: yes
+TimeZone: America/Los_Angeles
+IP Mode: ipv4
+Default SSL digest: sha256
2) zimbra-mta: Enabled
+Enable Spamassassin: yes
+Enable Clam AV: yes
+Enable OpenDKIM: yes
+Notification address for AV alerts: [email protected]
******* +Bind password for postfix ldap user: UNSET
******* +Bind password for amavis ldap user: UNSET
3) zimbra-snmp: Enabled
4) zimbra-proxy: Enabled
s) Save config to file
x) Expand menu
q) Quit
Address unconfigured (**) items (? - help) 1
Common configuration
1) Hostname: mta.habibza.in
** 2) Ldap master host: UNSET
3) Ldap port: 389
** 4) Ldap Admin password: UNSET
5) LDAP Base DN: cn=zimbra
6) Store ephemeral attributes outside Ldap: no
7) Secure interprocess communications: yes
8) TimeZone: America/Los_Angeles
9) IP Mode: ipv4
10) Default SSL digest: sha256
Select, or 'r' for previous menu [r] 2
Please enter the ldap server hostname: ldap.habibza.in
Common configuration
1) Hostname: mta.habibza.in
2) Ldap master host: ldap.habibza.in
3) Ldap port: 389
** 4) Ldap Admin password: UNSET
5) LDAP Base DN: cn=zimbra
6) Store ephemeral attributes outside Ldap: no
7) Secure interprocess communications: yes
8) TimeZone: America/Los_Angeles
9) IP Mode: ipv4
10) Default SSL digest: sha256
Select, or 'r' for previous menu [r] 4
Password for ldap admin user (min 6 characters): 7CB7xJe_4O
Setting defaults from ldap...done.
Common configuration
1) Hostname: mta.habibza.in
2) Ldap master host: ldap.habibza.in
3) Ldap port: 389
4) Ldap Admin password: set
5) LDAP Base DN: cn=zimbra
6) Store ephemeral attributes outside Ldap: yes
7) Value for zimbraEphemeralBackendURL: ldap://default
8) Secure interprocess communications: yes
9) TimeZone: Asia/Bangkok
10) IP Mode: ipv4
11) Default SSL digest: sha256
Select, or 'r' for previous menu [r]
Main menu
1) Common Configuration:
+Hostname: mta.habibza.in
+Ldap master host: ldap.habibza.in
+Ldap port: 389
+Ldap Admin password: set
+LDAP Base DN: cn=zimbra
+Store ephemeral attributes outside Ldap: yes
+Value for zimbraEphemeralBackendURL: ldap://default
+Secure interprocess communications: yes
+TimeZone: Asia/Bangkok
+IP Mode: ipv4
+Default SSL digest: sha256
2) zimbra-mta: Enabled
+Enable Spamassassin: yes
+Enable Clam AV: yes
+Enable OpenDKIM: yes
+Notification address for AV alerts: [email protected]
******* +Bind password for postfix ldap user: UNSET
******* +Bind password for amavis ldap user: UNSET
3) zimbra-snmp: Enabled
4) zimbra-proxy: Enabled
+Enable POP/IMAP Proxy: TRUE
+Enable strict server name enforcement? TRUE
+IMAP server port: 7143
+IMAP server SSL port: 7993
+IMAP proxy port: 143
+IMAP SSL proxy port: 993
+POP server port: 7110
+POP server SSL port: 7995
+POP proxy port: 110
+POP SSL proxy port: 995
******* +Bind password for nginx ldap user: Not Verified
+Enable HTTP[S] Proxy: TRUE
+Web server HTTP port: 8080
+Web server HTTPS port: 8443
+HTTP proxy port: 80
+HTTPS proxy port: 443
+Proxy server mode: https
s) Save config to file
x) Expand menu
q) Quit
Address unconfigured (**) items (? - help) 2
Mta configuration
1) Status: Enabled
2) Enable Spamassassin: yes
3) Enable Clam AV: yes
4) Enable OpenDKIM: yes
5) Notification address for AV alerts: [email protected]
** 6) Bind password for postfix ldap user: UNSET
** 7) Bind password for amavis ldap user: UNSET
Select, or 'r' for previous menu [r] 5
Notification address for AV alerts: [[email protected]] [email protected]
Mta configuration
1) Status: Enabled
2) Enable Spamassassin: yes
3) Enable Clam AV: yes
4) Enable OpenDKIM: yes
5) Notification address for AV alerts: [email protected]
** 6) Bind password for postfix ldap user: UNSET
** 7) Bind password for amavis ldap user: UNSET
Select, or 'r' for previous menu [r] 6
Password for ldap Postfix user (min 6 characters): 7CB7xJe_4O
Mta configuration
1) Status: Enabled
2) Enable Spamassassin: yes
3) Enable Clam AV: yes
4) Enable OpenDKIM: yes
5) Notification address for AV alerts: [email protected]
6) Bind password for postfix ldap user: set
** 7) Bind password for amavis ldap user: UNSET
Select, or 'r' for previous menu [r] 7
Password for ldap Amavis user (min 6 characters): 7CB7xJe_4O
Mta configuration
1) Status: Enabled
2) Enable Spamassassin: yes
3) Enable Clam AV: yes
4) Enable OpenDKIM: yes
5) Notification address for AV alerts: [email protected]
6) Bind password for postfix ldap user: set
7) Bind password for amavis ldap user: set
Select, or 'r' for previous menu [r] r
Main menu
1) Common Configuration:
+Hostname: mta.habibza.in
+Ldap master host: ldap.habibza.in
+Ldap port: 389
+Ldap Admin password: set
+LDAP Base DN: cn=zimbra
+Store ephemeral attributes outside Ldap: yes
+Value for zimbraEphemeralBackendURL: ldap://default
+Secure interprocess communications: yes
+TimeZone: Asia/Bangkok
+IP Mode: ipv4
+Default SSL digest: sha256
2) zimbra-mta: Enabled
3) zimbra-snmp: Enabled
4) zimbra-proxy: Enabled
+Enable POP/IMAP Proxy: TRUE
+Enable strict server name enforcement? TRUE
+IMAP server port: 7143
+IMAP server SSL port: 7993
+IMAP proxy port: 143
+IMAP SSL proxy port: 993
+POP server port: 7110
+POP server SSL port: 7995
+POP proxy port: 110
+POP SSL proxy port: 995
******* +Bind password for nginx ldap user: Not Verified
+Enable HTTP[S] Proxy: TRUE
+Web server HTTP port: 8080
+Web server HTTPS port: 8443
+HTTP proxy port: 80
+HTTPS proxy port: 443
+Proxy server mode: https
s) Save config to file
x) Expand menu
q) Quit
Address unconfigured (**) items (? - help) 4
Proxy configuration
1) Status: Enabled
2) Enable POP/IMAP Proxy: TRUE
3) Enable strict server name enforcement? TRUE
4) IMAP server port: 7143
5) IMAP server SSL port: 7993
6) IMAP proxy port: 143
7) IMAP SSL proxy port: 993
8) POP server port: 7110
9) POP server SSL port: 7995
10) POP proxy port: 110
11) POP SSL proxy port: 995
**12) Bind password for nginx ldap user: Not Verified
13) Enable HTTP[S] Proxy: TRUE
14) Web server HTTP port: 8080
15) Web server HTTPS port: 8443
16) HTTP proxy port: 80
17) HTTPS proxy port: 443
18) Proxy server mode: https
Select, or 'r' for previous menu [r] 12
Password for ldap Nginx user (min 6 characters): [hlYBPeVyEF] 7CB7xJe_4O
Proxy configuration
1) Status: Enabled
2) Enable POP/IMAP Proxy: TRUE
3) Enable strict server name enforcement? TRUE
4) IMAP server port: 7143
5) IMAP server SSL port: 7993
6) IMAP proxy port: 143
7) IMAP SSL proxy port: 993
8) POP server port: 7110
9) POP server SSL port: 7995
10) POP proxy port: 110
11) POP SSL proxy port: 995
12) Bind password for nginx ldap user: set
13) Enable HTTP[S] Proxy: TRUE
14) Web server HTTP port: 8080
15) Web server HTTPS port: 8443
16) HTTP proxy port: 80
17) HTTPS proxy port: 443
18) Proxy server mode: https
Select, or 'r' for previous menu [r]
Main menu
1) Common Configuration:
2) zimbra-mta: Enabled
3) zimbra-snmp: Enabled
4) zimbra-proxy: Enabled
s) Save config to file
x) Expand menu
q) Quit
*** CONFIGURATION COMPLETE - press 'a' to apply
Select from menu, or press 'a' to apply config (? - help)
Main menu
1) Common Configuration:
2) zimbra-mta: Enabled
3) zimbra-snmp: Enabled
4) zimbra-proxy: Enabled
s) Save config to file
x) Expand menu
q) Quit
*** CONFIGURATION COMPLETE - press 'a' to apply
Select from menu, or press 'a' to apply config (? - help) a
Save configuration data to a file? [Yes]
Save config in file: [/opt/zimbra/config.25834]
Saving config in /opt/zimbra/config.25834...done.
The system will be modified - continue? [No] Yes
Operations logged to /tmp/zmsetup.20220410-132027.log
Setting local config values...done.
You have the option of notifying Zimbra of your installation.
This helps us to track the uptake of the Zimbra Collaboration Server.
The only information that will be transmitted is:
The VERSION of zcs installed (8.8.15_GA_4179_UBUNTU20_64)
The ADMIN EMAIL ADDRESS created ([email protected])
...
...
Configuration complete - press return to exit
After finished installation. Check zimbra status.
root@mta:~# su - zimbra
zimbra@mta:~$ zmcontrol status
Host mta.habibza.in
amavis Running
antispam Running
antivirus Running
memcached Running
mta Running
opendkim Running
proxy Running
stats Running
zmconfigd Running
Final Touch
Set Up the SSH Keys
To populate the SSH keys, perform the following as the zimbra
user (sudo su - zimbra
) on each server:
zmupdateauthkeys
Enabling Server Statistics Display
In order for the server statistics to display on the administration console, the syslog configuration files must be modified.
Zimbra Collaboration supports the default syslog of a supported operating system. Depending on your operating system, the steps contained in this section might not be correct. See your operating system documentation for specific information about how to enable syslog.
- On each server, as
root
, type/opt/zimbra/libexec/zmsyslogsetup
. This enables the server to display statistics. - On the logger monitor host, you must enable either syslog or rsyslog to log statistics from remote machines:For syslog:
- Edit the
/etc/sysconfig/syslog
file, add-r
to theSYSLOGD_OPTIONS
setting,SYSLOGD_options="-r -m 0"
. - Stop the syslog daemon. Type
/etc/init.d/syslog
stop. - Start the syslog daemon. Type
/etc/init.d/syslog start
.
- Edit the
For syslog on Debian or Ubuntu:
- Edit the
/etc/default/syslogd
file, add-r
to theSYSLOGD_OPTIONS
setting,SYSLOGD_options="-r -m 0"
- Stop the syslog daemon. Type
/etc/init.d/sysklogd stop
. - Start the syslog daemon. Type
/etc/init.d/sysklogd
start.
For rsyslog:
- Uncomment the following lines in
/etc/rsyslog.conf
$modload imudp $UDPServerRun 514 - Restart rsyslog
For rsyslog on RHEL or CentOS:
- Uncomment the following lines in
/etc/rsyslog.conf
.# Provides UDP syslog reception #$ModLoad imudp #$UDPServerRun 514 # Provides TCP syslog reception #$ModLoad imtcp #$InputTCPServerRun 514
On ALL the Mailbox Server
Please attention, run this command on all mailbox server.
/opt/zimbra/libexec/zmproxyconfig -e -m -H mailbox.node.service.hostname
zmcontrol restart
In my case scenario, I will run like this.
/opt/zimbra/libexec/zmproxyconfig -e -m -H mbox1.habibza.in
zmcontrol restart
On the Proxy Server
/opt/zimbra/libexec/zmproxyconfig -e -m -H proxy.node.service.hostname
zmcontrol restart
In my case scenario, run like this.
/opt/zimbra/libexec/zmproxyconfig -e -m -H mta.habibza.in
zmcontrol restart
HTTPS redirect from HTTP
HTTP proxy can support protocol modes for HTTP or HTTPS only, both HTTP and HTTPS, mixed HTTP and HTTPS or HTTPS redirect from HTTP. Redirect is a popular configuration. This configuration must be made to the proxy servers.
zmprov ms proxy.server.name zimbraReverseProxyAdminEnabled TRUE
zmprov ms proxy.server.name zimbraReverseProxyMailMode redirect
In my case.
zmprov ms mta.habibza.in zimbraReverseProxyAdminEnabled TRUE
zmprov ms mta.habibza.in zimbraReverseProxyMailMode redirect
Change Admin Notification
zimbra@mbox1:~$ zmlocalconfig -e [email protected]
zimbra@mbox1:~$ zmlocalconfig -e [email protected]
zimbra@mbox1:~$ zmlocalconfig -e [email protected]
Next, open browser and type this URL.
https://mail.habibza.in:9071/zimbraAdmin/
Reference:
https://zimbra.github.io https://wiki.zimbra.com/wiki/Zimbra_Proxy_Manual:Installing_,_Configuring,_Disabling_the_Zimbra_Proxy https://wiki.zimbra.com/wiki/Enabling_Zimbra_Proxy_and_memcached
Let's Buy Me Coffee. https://saweria.co/habibzain https://ko-fi.com/habibzain
But how to configure HA for Mailbox1 and mailbox2 , becuse both have different IP, how is it sync ?
Hi Sidheswar Biswal.
In this scenario no sync occured.
HA is installed on the MTA Server.
The main function of HA is only to forward and distribute the load of incoming email traffic.