Multi-server OSS for Shared Hardware.

[gfdos.sys]

Okay before I get smacked for "why would you do that"...
I am trying to get the most out of my hardware....

Looked at:
Multi Server Installation

And here is my situation:
I have 4 machines running Touchscreen kiosks. The minimum requirements for the kiosks is windows 98, 128 meg ram, pIII 600mhz.

You cant GET machines that crappy new anywhere... so I got 4 Coreduo 2.0GHZ machines..... I want to use the extra processor time to run zimbra, as the touch screens are only used for "check in" between 9:30am -10:30am on sat, sun, wed and fri....but run 24-7.

So I'm turning to RHEL 4 with Vmware...
Native os on the machines is RHEL 4, with win98 running in VMware...
no problems so far...

I'm thinking i could breakup the responsibilities as illustrated in a Multiserver setup to these machines and use them to make 1 zimbra server.

Limitations are: 256 meg memory and 50GB hard drive space per machine:

Here is my thought:
machine 1:
LDAP

machine 2 and 3:
Mailstore

machine 4:
MTA

Questions:
1. We have Static outside IP, If I were doing this a single server,
I would port forward:
Remote Queue Manager:22
Postfix:25
HTTP:80
POP3:110
IMAP:143
LDAP:389
HTTPS:443
Tomcat IMAP SSL:993
Tomcat POP SSL:995
Tomcat LMTP:7025
in my router to the internal IP of the zimbra server... but since its now 3 peices on 4 machines, what ports do I forward to which machines?

2. For possible IMAP/Pop3 users that are checking their mail via outlook, or palm versamail... can I just point mail server settings to the public ip/web address (with 2 mailstores) or do I have to have multiple external static ips(dns A records).

3.Any suggestions/warnings/requirements that pertain to my situation other than what is here?:
Multi Server Installation

[gfdos.sys]

Okay... I havent gotten a reply to this so I'm rethinking the issue, and squeezing blood (money) from the stone (not-for-profit organization)

I got them to let me have one of the machines, with a promise they will fundraise for 4 real servers for email....

Here are my revised questions with hope I can get a response before 10/20/2007 when thier old email provider annual contract ends.

I have one machine: 10.9.1.200 running RHEL 4. (2.5 GB RAM)
on that machine I am running:
Each machine has 256MB ram allocated, plus 50GB of hard drive allocated
Installed First
10.9.1.202 RHEL4 ldap.comany.org (domain mail.company.org)
Installed Second
10.9.1.201 RHEL4 mail.company.org (logger on this one)
10.9.1.203 RHEL4 mailstore2.comany.org
Installed Last
10.9.1.204 RHEL4 mta.company.org

I have one static external internet IP I am working with and mail.company.org
(dns A and mx records) point to that ip.

1.Can I use port forwarding to these internal machines like i would with a single zimbra server or do I need to have multiple public IPs and have each machine outside?

I ask this because one of the steps in setting up the server is to TURN OFF THE FIREWALL... and I was hoping to keep these machines "port forwarded" so they had a little bit of protection.

[gfdos.sys]

This is what I have so far on portforwarding... but its still not perfect, because
my users can receive incoming mail but cannot send out going mail:
*Table borrowed from Zimbra Install Guide*

Code:

The following ports are set as defaults when the Zimbra Collaboration Suite is installed.
 
Table 1 Zimbra Port Mapping
	
Service                  Port         PortForwarded to
Remote Queue Manager     22           10.9.1.204 mta.company.org
Postfix                  25           10.9.1.204 mta.company.org
HTTP                     80           10.9.1.201 mail.company.org
POP3                     110          10.9.1.201 mail.company.org
IMAP                     143          10.9.1.201 mail.company.org
LDAP                     389          10.9.1.202 ldap.comany.org
HTTPS                    443          10.9.1.201 mail.company.org
Tomcat IMAP SSL          993          10.9.1.201 mail.company.org
Tomcat POP SSL           995          10.9.1.201 mail.company.org
Tomcat LMTP              7025         10.9.1.201 mail.company.org

What am I missing?

[dwmtractor]

You have what I can only describe as a "creative" set-up that I would fear to try . . .

However since you say everything is behaving except users sending mail, I'm going to guess that your problem is allowed networks (or rather lack thereof) in your MTA. Take a look at your settings in the admin GUI under Global Settings > MTA and look at what is in "MTA Trusted Networks."

I have my Zimbra server in a DMZ and the addresses are DNAT/SNAT translated by my firewall, but I still have to allow the actual IP range of my clients, AS WELL AS any IPs that are masqueraded by any clients in the port forwarding setup. Missing either and some of my clients can't send mail.

While you're at it, I would seriously consider upping the RAM allocations on whichever of your virtual machines is responsible for the Tomcat/Zimbra web interface hosting. You'll find significantly increased performance in the web clients if you do so. . .at least in my hardware-only box it made a huge difference when I went from 512 MB to 2 GB.

Good luck!

Dan