ZCS Open Source Multi Server Installation Guide 5.0 (Rev 2 May 2008)
Table of Contents Previous Next Index


Planning for the Installation
Planning for the Installation
Configuration Examples
Downloading the Zimbra Software
Menu-Driven Configuration
Configuring IMAP and POP Proxy Server
Configuring ZCS HTTP Proxy (Beta 5.0.6)
Configuring for Virtual Hosting
This chapter describes the components that are installed and reviews the configuration options that can be made when you install the Zimbra Collaboration Suite.
Zimbra Packages
Zimbra architecture includes open-source integrations using industry standard protocols. The third-party software has been tested and configured to work with the Zimbra software.
The following describes the Zimbra packages that are installed.
Zimbra Core. This package includes the libraries, utilities, monitoring tools, and basic configuration files. Zimbra Core is automatically installed on each server.
Zimbra LDAP. User authentication is provided through OpenLDAP® software. Each account on the Zimbra server has a unique mailbox ID that is the primary point of reference to identify the account. The OpenLDAP schema has been customized for the Zimbra Collaboration Suite. The Zimbra LDAP server must be configured before the other servers. You can set up LDAP replication, configuring a master LDAP server and replica LDAP servers.
Zimbra MTA. Postfix is the open source mail transfer agent (MTA) that receives email via SMTP and routes each message to the appropriate Zimbra mailbox server using Local Mail Transfer Protocol (LMTP). The Zimbra MTA also includes the anti-virus and anti-spam components.
Zimbra Store. The Zimbra store includes the components for the mailbox server, including Jetty, which is the servlet container the Zimbra software runs within. The Zimbra mailbox server includes the following components:
Data store. The data store is a MySQL® database.
Message store. The message store is where all email messages and file attachments reside.
Index store. Index and search technology is provided through Lucene. Index files are maintained for each mailbox.
Zimbra SNMP. Installing the Zimbra SNMP package is optional. If you choose to install Zimbra-SNMP for monitoring, this package should be installed on every Zimbra server.
Zimbra Logger. Installing the Zimbra Logger package is optional. If you install the Logger package, it must be installed on the first mailbox server. The Zimbra logger installs tools for syslog aggregation, reporting, and message tracing. If you do not install Logger, you cannot use the message trace feature. In addition, the server statistics are not captured, and the server statistics section of the administration console will not display.
Note: The Logger package must be installed at the same time as the mailbox server.
Zimbra Spell. Installing the Zimbra Spell package is optional. Aspell is the open source spell checker used on the Zimbra Web Client. When Zimbra-spell is installed, the Zimbra-apache package is also installed.
Zimbra Proxy. Installing the Zimbra Proxy is optional. Use of an IMAP/POP proxy server allows mail retrieval for a domain to be split across multiple Zimbra servers on a per user basis.
Note: The Zimbra Proxy package can be installed with the Zimbra LDAP, the Zimbra MTA, the Zimbra Mailbox server, or on its own server.
The Zimbra server configuration is menu driven. The installation menu displays the default configuration values. The menu displays the logical host name and email domain name [example.com] as configured for the computer.
Configuration Examples
Zimbra Collaboration Suite can be easily scaled for any size of email environment, from very small businesses with fewer than 25 email accounts to large businesses with thousands of email accounts. The following table shows examples of different configuration options.
 
Table 1 Zimbra Collaboration Suite Configuration Options
Small
Medium
Large
Very Large
All ZCS components installed on one server
See the Zimbra Installation Quick Start for installation instructions
Zimbra LDAP and Zimbra message store on one server
Zimbra MTA on a separate server.
Possibly include additional Zimbra MTA servers
Zimbra LDAP on one server
Multiple Zimbra mailbox servers
Multiple Zimbra MTA servers
Zimbra Master LDAP server
Replicas LDAP servers
Multiple Zimbra mailbox servers
Multiple Zimbra MTA servers
Downloading the Zimbra Software
For the latest Zimbra software download, go to www.zimbra.com. Save the Zimbra Collaboration Suite download file to the computers from which you will install the software.
When the Zimbra Collaboration Suite is installed, the following Zimbra applications are saved to the Zimbra server:
Zimbra Collaboration Suite Migration Wizard for Exchange .exe file to migrate Microsoft® Exchange server email accounts to the Zimbra server.
Zimbra Collaboration Suite Migration Wizard for Domino .exe file to migrate Lotus Domino server email accounts to the Zimbra server.
Zimbra Collaboration Suite Import Wizard for Outlook .exe file to allow users to import their Outlook .pst files to the Zimbra server.
Supporting documentation can be found on the administration console Help Desk page or at www.zimbra.com.
Menu-Driven Configuration
The menu driven installation displays the components and their existing default values. During the installation process you can modify the default values. Only those menu options associated with the package being installed are displayed.
The table below describes the Main menu options.
Table 2 Main Menu Options
Server Configured
Main Menu
Description
Common Configuration
 
Hostname
The host name configured in the operating system installation
All
 
LDAP master host
The LDAP master host name. This LDAP host name is configured on every server.
All
LDAP port
The default port is 389.
All
LDAP Admin password
Password for the Zimbra admin user and is configured on every server.
All
TimeZone
Select the time zone to apply to the default COS. The time zone that should be entered is the time zone that the majority of users in the COS will be located. The default time zone is PST (Pacific Time).
All
Require secure interprocess communications
By default startTLS is YES. When startTLS is enabled there is a secure communication between amavis and postfix and the LDAP server.
If this is disabled, ZCS disables the use of startTLS with the LDAP server.
 
 
 
Zimbra LDAP Server
zimbra-ldap
Configuration includes the following:
Status - Enabled. For replica LDAP servers the status is changed to Disabled.
Create Domain Yes. You can create one domain during installation and additional domains can be created from the administration console.
Domain to create — The default domain is the fully qualified hostname of the server. If you created a valid mail domain on your DNS server, enter it here.
LDAP Root password. This password is automatically generated and is used for internal LDAP operations.
LDAP Replication password. This password is automatically generated and is the password used by the LDAP replication server and must be the same password on the LDAP master server and on the replica server.
LDAP Postfix password. This password is automatically generated and is the password used by the postfix user to identify itself to the LDAP server and must be the same password on the LDAP master server and on the MTA server.
LDAP Amavis password.This password is automatically generated and is the password used by the amavis user to identify itself to the LDAP server and must be the same password on the LDAP master server and on the MTA server.
Zimbra Mailbox Server
zimbra-store
Configuration includes the following.
Create Admin User - The administrator account is created during installation. This account is the first account provisioned on the Zimbra server and allows you to log on to the administration console.
Admin user to create - The default is admin@[mailhost.example.com].
Admin Password - You must set the admin account password. The password is case sensitive and must be a minimum of six characters. The administrator name, mail address, and password are required to log in to the administration console.
By default, the automated spam training filter is enabled and two mail accounts are created.
1 -Spam Training User to receive mail notification about mail that was not marked as junk, but should be.
2 -Non-spam (HAM) training user to receive mail notification about mail that was marked as junk, but should not have been.
These addresses are automatically configured to work with the spam training filter. The accounts created have a randomly selected name. To recognize what the account is used for you may want to change this name.
The spam training filter is automatically added to the cron table and runs daily.
 
Zimbra Mailbox Server
zimbra-store (continued)
Global Document Account — The Global Documents account is automatically created when ZCS is installed. The Global Documents account holds the templates and the default Documents Notebook. The Documents feature is enabled from the COS or in individual accounts.
These default port configurations are shown.
SMTP host
Web server HTTP port:- 80
Web server HTTPS port: - 443
Web server mode - Can be HTTP, HTTPS, Mixed, Both or Redirect. Mixed mode uses HTTPS for logging in and HTTP for normal session traffic. Redirect mode redirects any users connecting via HTTP to a HTTPS connection. All modes use SSL encryption for back-end administrative traffic.
IMAP server port: 143
IMAP server SSL port: 993
POP server port: 110
POP server SSL port: 995
Use spell checker server: yes (if installed)
Spell server URL: http://<example.com>:7780/aspell.php
 
Zimbra mailbox server
zimbra-logger
The Logger package is installed on the first mail server. If installed, it is automatically enabled. Logs from all the hosts are sent to the mailbox server where the logger package is installed. This data is used to generate the statistics graphs and is used for message tracing, and reporting.
Zimbra mailbox server
Default Class of Service Configuration
This menu lists major new features for the ZCS release and whether feature are enabled or not. When you change the feature setting during ZCS installation, you change the default COS settings.
Zimbra mailbox server
zimbra-spell
If installed, it is automatically enabled. When composing messages in the Zimbra Web Client, spell check can be run.
Zimbra MTA Server
zimbra-mta
The following options can be modified.
MTA Auth host. This is configured automatically if the MTA authentication server host is on the same server, but must be configured if the authentication server is not on the MTA. The MTA Auth host must be one of the mailbox servers.
Enable Spamassassin. Default is enabled.
Enable ClamAV. Default is enabled.
Notification address for AV alerts. Sets the notification address for AV alerts. You can either accept the default or create a new address. If you create a new address, remember to provision this address from the admin console.
Note: If the virus notification address does not exist and your host name is the same as the domain name on the Zimbra server, the virus notifications queue in the Zimbra MTA server and cannot be delivered.
Bind password for postfix LDAP user. This password must be the same as the postfix password configured on the master LDAP server.
Bind password for amavis LDAP user. This password must be the same as the amavis password configured on the master LDAP server.
All servers, if installed
zimbra-snmp
Installing SNMP is optional, but if installed it must be on all servers.
You can modify the following options
Enable SNMP notifications. The default is No. If you enter yes, you must enter the SNMP Trap hostname.
SNMP Trap hostname
Enable SMTP notification — The default is No.
SMTP Source email address — If you enter yes for SMTP notification, you must enter the SMTP source email address and SMTP Destination email address — destination email address.
 
r) Start servers after configuration
When the installation and configuration is complete, if this is set to Yes, the Zimbra server is automatically started.
 
s) Save config to file
At any time during the installation, you can save the configuration to a file.
 
q) Quit
Quit can be used at any time to quit the installation.
Configuring IMAP and POP Proxy Server
Use of an IMAP/POP proxy server allows routing users of these services to the Zimbra mailbox server on which their mailbox resides. For example, proxying allows users to enter imap.example.com as their IMAP server. The proxy running on imap.example.com inspects their IMAP traffic, does a lookup to determine which backend mailbox server a user’s mailbox lives on (mbs1.example.com, for example), and transparently proxies the connection from user’s IMAP client to the correct mailbox server.
As of ZCS 5.0, the open source nginx proxy is bundled as part of the zimbra-proxy package, and this package can be installed on mailbox servers, MTA servers, or on their own independent servers. When the zimbra-proxy package is installed, the proxy feature is enabled.
Zimbra Proxy Components
Zimbra Proxy includes the following:
Nginx. A high performance IMAP/POP3 proxy server which handles all incoming POP/IMAP requests.
Memcached. A high performance, distributed memory object caching system. Route information is cached for further use in order to increase performance.
Zimbra Proxy Route Lookup Handler. This is a servlet located on the ZCS mailbox server. This servlet handles queries for the user account route information (the server and port number where the user account resides).
When the proxy server is configured, the service ports on backend Zimbra mailbox server are changed to alternate ports. The proxy now services the standard ports for these protocols. This change is applied even if the proxy services are run on their own independent hosts, in order to distinguish and avoid confusion between the services.
If you have any other services running on these ports, turn them off.
 
Table 3 Zimbra IMAP/POP Proxy Server Port Mapping
 
Port
Standard Ports served by Proxy
IMAP Proxy port
143
IMAP SSL proxy port
993
POP proxy port
110
POP SSL proxy port
995
Alternate Ports Served by Mailbox Servers
Route Lookup Handler
7072
IMAP server port
7143
IMAP SSL server port
7993
POP server port
7110
POP SSL server port
7995
When an IMAP or POP3 client logs in through the proxy, the following takes place:
The proxy analyzes the login sequence
Extracts the user name of the user trying to login
Does a HTTP lookup on a mailbox server to find out which server the mailbox of the user attempting to login lives on
This lookup service runs on mailbox servers on port 7072, and this port on mailbox servers should be available from all proxy servers.
Which mailbox servers participate in this lookup is determined by the zimbraReverseProxyLookupTarget server attribute on servers running the mailbox service. By default all mailbox servers participate in this lookup. Lookup is performed round-robin across configured mailbox servers. The result of the login name to mailbox server lookup are cached in memcached (an open source distributed in-memory hashtable). The memcached process is run alongside all IMAP/POP proxy services.
Note: Memcached will be split into its own service in the future.
Configuring ZCS HTTP Proxy (Beta 5.0.6)
In addition to IMAP/POP3 proxying, the Zimra proxy package based on nginx is also able to reverse proxy HTTP requests to the right backend server.
Using an nginx-based reverse proxy for HTTP helps to hide names of backend mailbox servers from end users.
For example, users can always use their web browser to visit the proxy server at http://mail.example.com. The connection from users whose mailbox lives on mbs1. example.com will be proxied to mbs1.example.com by the proxy running on the mail.example.com server. In addition to the ZCS web interface, clients such as REST and CalDAV clients, Zimbra Connector for Outlook and Zimbra Mobile Sync devices are also supported by the proxy.
HTTP reverse proxy routes requests as follows:
If the request has an auth token cookie (ZM_AUTH_TOKEN), the request is routed to the backend mailbox server of the authenticated user.
If the requesting URL can be examined to determine the user name, then the request is routed to the backend mailbox server of the user in the URL. REST, Ca lDAV, and Zimbra Mobile Sync are supported through this mechanism.
If the above methods do not work, the IP hash method is used to load balance the requests across the backend mailbox servers which are able to handle the request or do any necessary internal proxying.
Setting up HTTP Proxy for ZCS
Setup Proxy Node
1.
On each proxy node that has the proxy service installed, enable the proxy for the web. Type
/opt/zimbra/libexec/zmproxyinit -e -w proxy.node.service.hostname
Setup Zimbra Mailbox Servers
2.
Configure each zimbra mailbox server to set the following:
zimbraMailReferMode to reverse-proxied. See Note below.
zimbraMailPort to 8080, to avoid port conflicts.
zimbraMailSSLPort to 8443, to avoid port conflicts.
zimbraMailMode to http. You set Both for http and https. Redirect and Mixed modes cannot be set.
Run:
/opt/zimbra/bin/zmprov modifyServer mailbox.node.service.hostname zimbraMailReferMode reverse-proxied zimbraMailPort 8080 zimbraMailSSLPort 8443 zimbraMailMode http
3.
Restart services on the proxy and mailbox servers, run
zmcontrol stop
zmcontrol start
4.
Configure each domain with the public service host name to be used for REST URLs, commonly used in sharing Document Notebooks, email and Briefcase folders. Run
zmprov modifyDomain <domain.com> zimbraPublicServiceHostname <hostname.domain.com>
Configuring for Virtual Hosting
You can configure multiple virtual hostnames to host more than one domain name on a server. When you create a virtual host, users can log in without have to specify the domain name as part of their user name.
Virtual hosts are configured from the administration console Domains>Virtual Hosts tab. The virtual host requires a valid DNS configuration with an A record.
When users log in, they enter the virtual host name in the browser. For example, https://mail.example.com. When the Zimbra logon screen displays, users enter only their user name and password. The authentication request searches for a domain with that virtual host name. When the virtual host is found, the authentication is completed against that domain.
 
Planning for the Installation

Table of Contents Previous Next Index
ZCS Open Source Multi Server Installation Guide 5.0 (Rev 2 May 2008)
Copyright © 2008 Zimbra Inc.