Zimbra 5 install on CentOS 5 / MX Record

[phoenix]

Have you disabled SElinux? If not, do so and try again.

There is, of course, the obvious question of - do you have valid A & MX records. If I telnet to this mail server: mail.fairhavenchurch.org I actually get a response.

[MrBryce2000]

Ok, please disregard my previous post. All I had to do was reset my server's host name.

I still have the same error as before. If you look on line 242 of the setup log, you will see that zimbra failed to connect to its MySQL server. This did not happen on my 32-bit server. Is there something special with the 64-bit version?

Thanks for your help.

~ Bryce

[MrBryce2000]

Ok, I've discovered that the mysql server is not starting because it can't resolve the hostname. The config file is set to use localhost. What's going on?

[uxbod]

Please post the following :-

Code:

cat /etc/hosts
cat /etc/resolv.conf
cat /etc/nsswitch.conf
dig domain.com mx
dig domain.com ns
host `hostname` <- note backticks

[MrBryce2000]

Thank you very much for your quick reply! I appreciate your help!

FYI, this organization is currently using the POP email that came with their hosting provider. We are setting up Zimbra due to the large amount of email traffic that should be "in house", and the need for a calendar system. In order to prevent any service interruption, we have not altered the A or MX records yet.

One question I do have, is why would Zimbra's MySQL server need to connect via the external host? Why not use localhost?

Here is what you asked for:

cat /etc/hosts

# Do not remove the following line, or various programs
# that require network functionality will fail.
192.168.1.155 mail.fairhavenchurch.org mail
localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6

cat /etc/resolv.conf

search fairhavenchurch.org
nameserver 64.65.223.6
nameserver 64.65.196.6

cat /etc/nsswitch.conf

#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
# nisplus or nis+ Use NIS+ (NIS version 3)
# nis or yp Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far
#

# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis

passwd: files
shadow: files
group: files

#hosts: db files nisplus nis dns
hosts: files dns

# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files

netgroup: nisplus

publickey: nisplus

automount: files nisplus
aliases: files nisplus

dig domain.com mx

; <<>> DiG 9.3.3rc2 <<>> domain.com mx
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30062
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 0

;; QUESTION SECTION:
;domain.com. IN MX

;; ANSWER SECTION:
domain.com. 3600 IN MX 10 sentry.domainbank.com.

;; AUTHORITY SECTION:
domain.com. 60 IN NS ns1.dotsterhost.com.
domain.com. 60 IN NS ns2.dotsterhost.com.
domain.com. 60 IN NS ns3.dotsterhost.com.

;; Query time: 69 msec
;; SERVER: 64.65.223.6#53(64.65.223.6)
;; WHEN: Sun Apr 13 17:38:23 2008
;; MSG SIZE rcvd: 128

dig domain.com ns

; <<>> DiG 9.3.3rc2 <<>> domain.com ns
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53797
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;domain.com. IN NS

;; ANSWER SECTION:
domain.com. 5 IN NS ns1.dotsterhost.com.
domain.com. 5 IN NS ns2.dotsterhost.com.
domain.com. 5 IN NS ns3.dotsterhost.com.

;; Query time: 22 msec
;; SERVER: 64.65.223.6#53(64.65.223.6)
;; WHEN: Sun Apr 13 17:39:18 2008
;; MSG SIZE rcvd: 94

host `hostname` <- note backticks

[root@mail ~]# host 'mail.fairhavenchurch.org'
mail.fairhavenchurch.org has address 64.132.209.10

[uxbod]

Apologies, but the two digs should have been again your own domain name Though looking at your IP address etc it would appear that you are sat behind a firewall, and using a external DNS. Have a read through this Split DNS - Zimbra :: Wiki article as that is how your configuration should be setup.

[MrBryce2000]

I'm sorry, but I don't fully understand the instructions for the split DNS.

Right now this server also handles the Internet traffic (NAT, firewall, filter, etc...). Should I move that to another server in order to dedicate this one to Zimbra?

If I do, then what do I need to set in iptables to ensure that mail will be sent to and received from the outside?

[phoenix]

I'm sorry, but I don't fully understand the instructions for the split DNS.

Right now this server also handles the Internet traffic (NAT, firewall, filter, etc...). Should I move that to another server in order to dedicate this one to Zimbra?

You should not have Zimbra on your firewall. A separate server would be a better idea, you can put it in a DMZ or on the LAN.

If I do, then what do I need to set in iptables to ensure that mail will be sent to and received from the outside?

The simple answer to that is port 25, that will allow mail to be sent and received. If any of your users are outside the LAN then you'll need to open additional ports so they can access the web UI, IMAP etc.

The set-up of a Split DNS is fairly simple. On your public DNS you have your A & MX records pointing to your public IP on the firewall - any ports that you require for zimbra are forwarded to the internal LAN IP. On the LAN you set-up BIND9 with DNS A & MX records for your domain pointing to your internal LAN IP address of the Zimbra server so that Postfix can deliver mail to itself.

[MrBryce2000]

Thank you for your help!

So, let me get this straight. I move my Internet traffic and firewall to another server. On that server, I forward ports 80, 7071, etc... to the Zimbra server (192.168.x.x). On the server handling the Internet, I setup a master zone of mail.fairhavenchurch.org that points to the Zimbra server? Anything else?

~ Bryce

[uxbod]

Do you have your own DNS servers or are they hosted elsewhere ? If Zimbra is the only server which will require DNS on the internal LAN then why not install BIND on that server.