Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: My Zimbra Installation Recipe

  1. #1
    yonatan is offline Special Member
    Join Date
    May 2010
    Posts
    171
    Rep Power
    5

    Default My Zimbra Installation Recipe

    Background
    I am looking to bring email in-house for a small accountancy firm (< 5 users). I explored outsourcing to a Zimbra hosting provider, but there is only one in the country and we were unsatisfied with their service. As a result, I have decided to set up a Zimbra mail server myself with the help of the Zimbra community

    The purpose of this thread is to verify that the steps and decisions that I make are as sound as possible. Setting up a mail server is a new experience for me, as is the lingo. I have spent the past week reading up as much as I can in the Zimbra forums, as well as various wikis, blogs etc. However, putting all the pieces together in an appropriate way for this accountancy is important and I don't want to make any critical mistakes in terms of security and reliability.

    Infrastructure
    Internet (Dynamic IP) <-> ADSL Modem <-> Cisco ASA 5505 <-> Server (VMWare ESXi host)

    Note: Although the ISP provides a dynamic IP, which renews ever 20 minutes we always get the same one. Also, the ISP blocks port 25.

    I will separate my Zimbra installation into three sections making it more manageable for myself and anyone who is willing to help. Also, I think this will be useful for others looking for a Zimbra installation recipe.

    1. Domain & DNS (Including Firewall) [STATUS: Waiting for feedback]
    2. OS Install & Configuration (Including Split-DNS) [STATUS: Waiting for feedback]
    3. Zimbra Install & Configuration [STATUS: On hold]


    Note: I will update this post with any changes I make after receiving feedback from the community.

    -------------------------------------------------
    1. Domain & DNS (Including Firewall)
    The accountancy firm's domain registrar only handles the domain and points to the ISP's DNS servers. I can administer the domain and any DNS records on the ISP's website.

    Code:
    Domain: mydomain.se
    Public IP: 217.xxx.xxx.xx
    Q1: Through my research I have read about different DNS records, MX, PTR, A, CNAME etc. Should I setup any other records except for MX and A?

    Q2: On the ISP's DNS editor website setting up a DNS record involves filling out four fields: Subdomain, Type, TTL and Data. For my MX and A records:

    Code:
    Subdomain	Type		TTL		Data
    @		MX		?		mail.mydomain.se
    @		A		?		217.xxx.xxx.xx (public IP)
    Have I made a mistake by putting "@" for both records? I understand that the "@" means the root domain, i.e. mydomain.se, but I have seen some people put "mail" instead.

    Also, I am not confident about what time (TTL) to choose for each record.


    Finally the firewall. There is a Cisco ASA 5505 (base license) that needs to be configured for the Zimbra mail server. At the moment there are no ports open and the only way into the LAN is via VPN. I am not a security expert, but I am concerned about security.

    Q3: Are the minimum ports that need to be opened 443 (https), 993 (imaps) and 25 (smtp) for sending and receiving email from the LAN and WAN using a client mail application and Zimbra webmail?

    Q4: The ISP blocks port 25. They have a smtp mail relay thing that is free of charge, but is there any way not to rely on the ISP for sending email, i.e. can I bypass the port 25 restriction?

    Q5: Are there any additional things I should think about before moving to the next section?

    -------------------------------------------------
    2. OS Install & Configuration (Including Split-DNS)
    I've chosen to use Ubuntu Server 8.04.4 LTS installed in a virtual machine, which will run on the ESXi 4 host. I have little Linux experience, so I will outline most of the steps that I've taken in installing and configuring the OS.

    Setting up the virtual machine:
    Code:
    1 vCPU
    2 GB RAM
    20 GB hard drive (vmdk)
    Q6: I looked at the Zimbra Virtual Appliance and it has two vmdks. Should I do something similar for my install?

    The following steps I've compiled from these sources:
    Ubuntu 8.04 LTS Server (Hardy Heron) Install Guide - Zimbra :: Wiki
    [SOLVED] DNS in a nutshell
    Split DNS - Zimbra :: Wiki
    The Perfect Server - Ubuntu Hardy Heron (Ubuntu 8.04 LTS Server) | HowtoForge - Linux Howtos and Tutorials
    http://help.ubuntu.com/community/BIND9ServerHowto

    During the Ubuntu Server installation I interrupted the DHCP network configuration and chose to do a manual network config. with the following settings:

    Code:
    IP: 10.0.1.100
    Netmask: 255.255.255.0
    Gateway: 10.0.1.1
    Nameserver: 10.0.1.100
    Hostname: mail
    Domain: mydomain.se
    At "Partition Disks" I selected "Guided - use entire disk" and accepted the default partition scheme.

    Q7: This question is linked to Q6 about the virtual disk setup. Should I modify the partitioning scheme and if so what would be suitable for my mail server?

    Finally, at the "Software Selection" screen I selected:

    Code:
    DNS server
    OpenSSH server
    Once the installation completed I updated the apt package database and installed any updates:

    Code:
    sudo apt-get update
    sudo apt-get upgrade --show-upgraded
    Now I installed "ntpd" for timekeeping against a network time server:

    Code:
    sudo apt-get install ntp
    Note: The following two links are useful for configuring the ntpd service and making sure you follow best practices for virtual machine time management.

    https://help.ubuntu.com/8.04/serverguide/C/NTP.html
    http://kb.vmware.com/selfservice/mic...rnalId=1006427

    Installing VMware Tools is also recommended and I did using an Operating System Specific Package (OSP). See this link for information: http://www.vmware.com/pdf/osp_install_guide.pdf.

    At this point I tackled Split-DNS. I can't say that I have fully grasped everything that follows, but since Zimbra will be behind a firewall this is essential.

    I started by verifying the hosts file and modifying the first line, so that the file looks like this:

    /etc/hosts
    Code:
    127.0.0.1       localhost.localdomain	localhost
    10.0.1.100      mail.mydomain.se	mail
    
    # The following lines are desirable for IPv6 capable hosts
    ::1     ip6-localhost ip6-loopback
    fe00::0 ip6-localnet
    ff00::0 ip6-mcastprefix
    ff02::1 ip6-allnodes
    ff02::2 ip6-allrouters
    ff02::3 ip6-allhosts
    Next I verified resolv.conf:

    /etc/resolv.conf
    Code:
    search mydomain.se
    nameserver 10.0.1.100
    The next file to modify is named.conf.options. I've seen different variations of this file, but this is what mine looks like. The only thing I've changed is to uncomment "forwarders" and add my ISP's DNS servers.

    /etc/bind/named.conf.options
    Code:
    options {
            directory "/var/cache/bind";
    
            // If there is a firewall between you and nameservers you want
            // to talk to, you might need to uncomment the query-source
            // directive below.  Previous versions of BIND always asked
            // questions using port 53, but BIND 8.1 and later use an unprivileged
            // port by default.
    
            // query-source address * port 53;
    
            // If your ISP provided one or more IP addresses for stable
            // nameservers, you probably want to use them as forwarders.
            // Uncomment the following block, and insert the addresses replacing
            // the all-0's placeholder.
    
            forwarders {
                    195.67.199.39;
                    195.67.199.40;
            };
    
            auth-nxdomain no;    # conform to RFC1035
            listen-on-v6 { any; };
    };
    Q8: Should the forwarders be the ISP's DNS servers or the DNS servers that mydomain.se points to?

    Add a DNS zone by editing named.conf.local. All I did was add the part in bold.

    /etc/bind/named.conf.local
    Code:
    //
    // Do any local configuration here
    //
    
    zone "mydomain.se" {
            type master;
            file "/etc/bind/db.mydomain.se";
    };
    
    // Consider adding the 1918 zones here, if they are not used in your
    // organization
    //include "/etc/bind/zones.rfc1918";
    Next I used an existing zone file as a template (I saw this here https://help.ubuntu.com/community/BIND9ServerHowto):

    Code:
    sudo cp /etc/bind/db.local /etc/bind/db.mydomain.se
    After making a copy I made a number of changes (shown in bold). Again I've seen many variations of this file.:

    /etc/bind/db.mydomain.se
    Code:
    ;
    ; BIND data file for mydomain.se
    ;
    $TTL    604800
    @       IN      SOA     mail.mydomain.se. admin.mydomain.se. (
                            20100603        ; Serial
                             604800         ; Refresh
                              86400         ; Retry
                            2419200         ; Expire
                             604800 )       ; Negative Cache TTL
    ;
    @       IN      NS      mail
            IN      MX      10 mail
            IN      A       10.0.1.100
    mail    IN      A       10.0.1.100
    Q9: There are two things that I'd like help with in the above file.
    a) Should I change the different time durations from the default?
    b) If my understanding of Split-DNS is correct then the four last lines should be the same as the two that I setup in Q2 above, but with the LAN IP. Well they are not as I followed the Ubuntu 8.04 LTS Server (Hardy Heron) Install Guide - Zimbra :: Wiki. Perhaps someone can please clarify this for me.


    Q10: I read something about chrooting BIND. According to the information in Ubuntu's BIND9ServerHowto this is recommended if AppArmor is not installed. Well I have not made any changes to AppArmor and frankly not sure about all of this. What is the recommended approach?

    Finally, I finish off this long section (thank you for reading) by restarting bind:

    Code:
    sudo /etc/init.d/bind9 restart
    Then running the following diagnostics, which hopefully means more to you than me

    dig mydomain.se mx
    Code:
    ; <<>> DiG 9.4.2-P2.1 <<>> mydomain.se mx
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24887
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
    
    ;; QUESTION SECTION:
    ;mydomain.se.		IN	MX
    
    ;; ANSWER SECTION:
    mydomain.se.	604800	IN	MX	10 mail.mydomain.se.
    
    ;; AUTHORITY SECTION:
    mydomain.se.	604800	IN	NS	mail.mydomain.se.
    
    ;; ADDITIONAL SECTION:
    mail.mydomain.se.	604800	IN	A	10.0.1.100
    
    ;; Query time: 2 msec
    ;; SERVER: 10.0.1.100#53(10.0.1.100)
    ;; WHEN: Tue Jun  8 19:56:37 2010
    ;; MSG SIZE  rcvd: 85
    dig mydomain.se any
    Code:
    ; <<>> DiG 9.4.2-P2.1 <<>> mydomain.se any
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53740
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; QUESTION SECTION:
    ;mydomain.se.		IN	ANY
    
    ;; ANSWER SECTION:
    mydomain.se.	604800	IN	SOA	mail.mydomain.se. admin.mydomain.se. 20100603 604800 86400 2419200 604800
    mydomain.se.	604800	IN	NS	mail.mydomain.se.
    mydomain.se.	604800	IN	MX	10 mail.mydomain.se.
    mydomain.se.	604800	IN	A	10.0.1.100
    
    ;; ADDITIONAL SECTION:
    mail.mydomain.se.	604800	IN	A	10.0.1.100
    
    ;; Query time: 1 msec
    ;; SERVER: 10.0.1.100#53(10.0.1.100)
    ;; WHEN: Tue Jun  8 19:57:21 2010
    ;; MSG SIZE  rcvd: 143
    host `hostname`
    Code:
    mail.mydomain.se has address 10.0.1.100
    I know that I've probably covered many basic things, which are not Zimbra specific. Nonetheless, I hope that my systematic approach will help others in the community and also let me learn whether I am doing things correctly.

    -------------------------------------------------
    3. Zimbra Install & Configuration

    Coming as soon as I've hammered out the issues in sections 1 and 2 above!
    Last edited by yonatan; 06-16-2010 at 02:06 PM.

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,582
    Rep Power
    57

    Default

    Some initial thoughts in-line.

    Quote Originally Posted by yonatan View Post
    Infrastructure
    Internet (Dynamic IP) <-> ADSL Modem <-> Cisco ASA 5505 <-> Server (VMWare ESXi host)

    Note: Although the ISP provides a dynamic IP, which renews ever 20 minutes we always get the same one. Also, the ISP blocks port 25.
    You can't always guarantee that you'll get the same IP and must plan accordingly. You will also need to work around the Port 25 block by using a professional service that provides you with a relay (out - I'm assuming it's only outbound block?) on different ports.

    Quote Originally Posted by yonatan View Post
    1. Domain & DNS (Including Firewall)
    The accountancy firm's domain registrar only handles the domain and points to the ISP's DNS servers. I can administer the domain and any DNS records on the ISP's website.
    I'd suggest you use a professional service (such as EasyDNS - there are many others if you search) to host the DNS records, they also provide you with backup should your server be offline.

    Code:
    mydomain.se
    Public IP: 217.xxx.xxx.xx
    Q1: Through my research I have read about different DNS records, MX, PTR, A, CNAME etc. Should I setup any other records except for MX and A?[/QUOTE]You need no DNS records other than A & MX.

    Q2: On the ISP's DNS editor website setting up a DNS record involves filling out four fields: Subdomain, Type, TTL and Data. For my MX and A records:

    Code:
    Subdomain	Type		TTL		Data
    @		MX		?		mail.mydomain.se
    @		A		?		217.xxx.xxx.xx (public IP)
    Have I made a mistake by putting "@" for both records? I understand that the "@" means the root domain, i.e. mydomain.se, but I have seen some people put "mail" instead.

    Also, I am not confident about what time (TTL) to choose for each record.
    [/QUOTE]See my comment above about a professional service.

    Quote Originally Posted by yonatan View Post
    Finally the firewall. There is a Cisco ASA 5505 (base license) that needs to be configured for the Zimbra mail server. At the moment there are no ports open and the only way into the LAN is via VPN. I am not a security expert, but I am concerned about security.

    Q3: Are the minimum ports that need to be opened 443 (https), 993 (imaps) and 25 (smtp) for sending and receiving email from the LAN and WAN using a client mail application and Zimbra webmail?
    There should be no problem if you have only Port 25 & 443 open for SMTP & https web UI access.[/QUOTE]There should be no problem with just those ports open.

    Quote Originally Posted by yonatan View Post
    Q4: The ISP blocks port 25. They have a smtp mail relay thing that is free of charge, but is there any way not to rely on the ISP for sending email, i.e. can I bypass the port 25 restriction?
    See my comment above about using a professional service.

    Q5: Are there any additional things I should think about before moving to the next section?


    Quote Originally Posted by yonatan View Post
    2. OS Install & Configuration (Including Split-DNS)
    I've chosen to use Ubuntu Server 8.04.4 LTS installed in a virtual machine, which will run on the ESXi 4 host. I have little Linux experience, so I will outline most of the steps that I've taken in installing and configuring the OS.

    Setting up the virtual machine:
    Code:
    1 vCPU
    2 GB RAM
    20 GB hard drive (vmdk)
    Depending on the mail levels you'll need more HD space that that and even if the levels are low I'd still suggest getting more HD space.

    Quote Originally Posted by yonatan View Post
    Q6: I looked at the Zimbra Virtual Appliance and it has two vmdks. Should I do something similar for my install?
    I guess that would depend on where you will be allocating your disk space, I'd suggest putting /opt on a different HD from the operating system and make sure that / has enough space for your requirements. You can find many tutorials on what a 'good' partitioning scheme is for linux, they're all different and usually personal to the author of the article. I'd read up on some of them and pick one that makes sense to you.

    Quote Originally Posted by yonatan View Post
    The following steps I've compiled from these sources:
    Ubuntu 8.04 LTS Server (Hardy Heron) Install Guide - Zimbra :: Wiki
    [SOLVED] DNS in a nutshell
    Split DNS - Zimbra :: Wiki
    The Perfect Server - Ubuntu Hardy Heron (Ubuntu 8.04 LTS Server) | HowtoForge - Linux Howtos and Tutorials
    http://help.ubuntu.com/community/BIND9ServerHowto

    During the Ubuntu Server installation I interrupted the DHCP network configuration and chose to do a manual network config. with the following settings:

    Code:
    IP: 10.0.1.100
    Netmask: 255.255.255.0
    Gateway: 10.0.1.1
    Nameserver: 10.0.1.100
    Hostname: mail
    Domain: mydomain.se
    At "Partition Disks" I selected "Guided - use entire disk" and accepted the default partition scheme.

    Q7: This question is linked to Q6 about the virtual disk setup. Should I modify the partitioning scheme and if so what would be suitable for my mail server?

    Finally, at the "Software Selection" screen I selected:

    Code:
    DNS server
    OpenSSH server
    Once the installation completed I updated the apt package database and installed any updates:

    Code:
    sudo apt-get update
    sudo apt-get upgrade --show-upgraded
    Now I installed "ntpd" for timekeeping against a network time server:

    Code:
    sudo apt-get install ntp
    Note: The following two links are useful for configuring the ntpd service and making sure you follow best practices for virtual machine time management.

    https://help.ubuntu.com/8.04/serverguide/C/NTP.html
    http://kb.vmware.com/selfservice/mic...rnalId=1006427

    Installing VMware Tools is also recommended and I did using an Operating System Specific Package (OSP). See this link for information: http://www.vmware.com/pdf/osp_install_guide.pdf.

    At this point I tackled Split-DNS. I can't say that I have fully grasped everything that follows, but since Zimbra will be behind a firewall this is essential.

    I started by verifying the hosts file and modifying the first line, so that the file looks like this:

    /etc/hosts
    Code:
    127.0.0.1       localhost.localdomain	localhost
    10.0.1.100      mail.mydomain.se	mail
    
    # The following lines are desirable for IPv6 capable hosts
    ::1     ip6-localhost ip6-loopback
    fe00::0 ip6-localnet
    ff00::0 ip6-mcastprefix
    ff02::1 ip6-allnodes
    ff02::2 ip6-allrouters
    ff02::3 ip6-allhosts
    Next I verified resolv.conf:

    /etc/resolv.conf
    Code:
    search mydomain.se
    nameserver 10.0.1.100
    The next file to modify is named.conf.options. I've seen different variations of this file, but this is what mine looks like. The only thing I've changed is to uncomment "forwarders" and add my ISP's DNS servers.

    /etc/bind/named.conf.options
    Code:
    options {
            directory "/var/cache/bind";
    
            // If there is a firewall between you and nameservers you want
            // to talk to, you might need to uncomment the query-source
            // directive below.  Previous versions of BIND always asked
            // questions using port 53, but BIND 8.1 and later use an unprivileged
            // port by default.
    
            // query-source address * port 53;
    
            // If your ISP provided one or more IP addresses for stable
            // nameservers, you probably want to use them as forwarders.
            // Uncomment the following block, and insert the addresses replacing
            // the all-0's placeholder.
    
            forwarders {
                    195.67.199.39;
                    195.67.199.40;
            };
    
            auth-nxdomain no;    # conform to RFC1035
            listen-on-v6 { any; };
    };
    Q8: Should the forwarders be the ISP's DNS servers or the DNS servers that mydomain.se points to?

    Add a DNS zone by editing named.conf.local. All I did was add the part in bold.

    /etc/bind/named.conf.local
    Code:
    //
    // Do any local configuration here
    //
    
    zone "mydomain.se" {
            type master;
            file "/etc/bind/db.mydomain.se";
    };
    
    // Consider adding the 1918 zones here, if they are not used in your
    // organization
    //include "/etc/bind/zones.rfc1918";
    Next I used an existing zone file as a template (I saw this here https://help.ubuntu.com/community/BIND9ServerHowto):

    Code:
    sudo cp /etc/bind/db.local /etc/bind/db.mydomain.se
    After making a copy I made a number of changes (shown in bold). Again I've seen many variations of this file.:

    /etc/bind/db.mydomain.se
    Code:
    ;
    ; BIND data file for mydomain.se
    ;
    $TTL    604800
    @       IN      SOA     mail.mydomain.se. admin.mydomain.se. (
                            20100603        ; Serial
                             604800         ; Refresh
                              86400         ; Retry
                            2419200         ; Expire
                             604800 )       ; Negative Cache TTL
    ;
    @       IN      NS      mail
            IN      MX      10 mail
            IN      A       10.0.1.100
    mail    IN      A       10.0.1.100
    Q9: There are two things that I'd like help with in the above file.
    a) Should I change the different time durations from the default?
    b) If my understanding of Split-DNS is correct then the four last lines should be the same as the two that I setup in Q2 above, but with the LAN IP. Well they are not as I followed the Ubuntu 8.04 LTS Server (Hardy Heron) Install Guide - Zimbra :: Wiki. Perhaps someone can please clarify this for me.


    Q10: I read something about chrooting BIND. According to the information in Ubuntu's BIND9ServerHowto this is recommended if AppArmor is not installed. Well I have not made any changes to AppArmor and frankly not sure about all of this. What is the recommended approach?

    Finally, I finish off this long section (thank you for reading) by restarting bind:

    Code:
    sudo /etc/bind/init.d/bind9 restart
    Then running the following diagnostics, which hopefully means more to you than me

    dig mydomain.se mx
    Code:
    ; <<>> DiG 9.4.2-P2.1 <<>> mydomain.se mx
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24887
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
    
    ;; QUESTION SECTION:
    ;mydomain.se.		IN	MX
    
    ;; ANSWER SECTION:
    mydomain.se.	604800	IN	MX	10 mail.mydomain.se.
    
    ;; AUTHORITY SECTION:
    mydomain.se.	604800	IN	NS	mail.mydomain.se.
    
    ;; ADDITIONAL SECTION:
    mail.mydomain.se.	604800	IN	A	10.0.1.100
    
    ;; Query time: 2 msec
    ;; SERVER: 10.0.1.100#53(10.0.1.100)
    ;; WHEN: Tue Jun  8 19:56:37 2010
    ;; MSG SIZE  rcvd: 85
    dig mydomain.se any
    Code:
    ; <<>> DiG 9.4.2-P2.1 <<>> mydomain.se any
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53740
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; QUESTION SECTION:
    ;mydomain.se.		IN	ANY
    
    ;; ANSWER SECTION:
    mydomain.se.	604800	IN	SOA	mail.mydomain.se. admin.mydomain.se. 20100603 604800 86400 2419200 604800
    mydomain.se.	604800	IN	NS	mail.mydomain.se.
    mydomain.se.	604800	IN	MX	10 mail.mydomain.se.
    mydomain.se.	604800	IN	A	10.0.1.100
    
    ;; ADDITIONAL SECTION:
    mail.mydomain.se.	604800	IN	A	10.0.1.100
    
    ;; Query time: 1 msec
    ;; SERVER: 10.0.1.100#53(10.0.1.100)
    ;; WHEN: Tue Jun  8 19:57:21 2010
    ;; MSG SIZE  rcvd: 143
    host `hostname`
    Code:
    mail.mydomain.se has address 10.0.1.100
    There seems to be nothing wrong with the DNS records above, does the install work?

    Quote Originally Posted by yonatan View Post
    I know that I've probably covered many basic things, which are not Zimbra specific. Nonetheless, I hope that my systematic approach will help others in the community and also let me learn whether I am doing things correctly.

    -------------------------------------------------
    3. Zimbra Install & Configuration

    Coming as soon as I've hammered out the issues in sections 1 and 2 above!
    Can't wait.
    Last edited by phoenix; 06-09-2010 at 04:08 AM.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Dirk's Avatar
    Dirk is offline Moderator
    Join Date
    May 2006
    Location
    England.
    Posts
    927
    Rep Power
    10

    Default

    That sure is a lot of information in a single post!

    I'd agree with pretty much everything that Phoenix has already said, especially the disk space issue. We've recently updated the hardware for our server with less than 50 users so that it now has around 600GB and I dont consider that to be excessive, I consider it to be safe.

    The bigest complication in you setup is going to the be ISP, is there any way you can pay a nominal extra fee for a static ip address?

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,582
    Rep Power
    57

    Default

    Quote Originally Posted by Dirk View Post
    The bigest complication in you setup is going to the be ISP, is there any way you can pay a nominal extra fee for a static ip address?
    As port 25 outbound is blocked doesn't the relay through an external server get round the dynamic IP?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    Dirk's Avatar
    Dirk is offline Moderator
    Join Date
    May 2006
    Location
    England.
    Posts
    927
    Rep Power
    10

    Default

    Well, yes, but isnt a dynamic IP going to be problematic for the inbound mail? Plus, if the ISP is being pigheaded enough to block outbound SMTP, then bypassing that will be violating some terms&condition somewhere.

    It may work for weeks/months/years, but what if the ISP blocks SMTP with packet inspection? I'm not suggesting they would, but one of the things that you want to "just work" is your mail server.

  6. #6
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,582
    Rep Power
    57

    Default

    Inbound isn't normally a problem as ISPs usually (I'll stress the 'usually' as I don't know the ISPs t&c) only block outbound to stop spammers but a professional service such as DynDNS will relay inbound and outbound mail to the IP on a different port (usually 587).

    The ISP may block mail by packet inspection but I assume that nobody does that at the moment. I also assume that the o/p will check the t&c to see whether there's any restrictions on running a mail server. Obviously the ISP may offer a fixed IP and allow a mail server on that but that's another question for them. If there are restrictions on hosting a mail server then the obvious answer is to host the server somewhere else.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  7. #7
    batfastad is offline Elite Member
    Join Date
    Aug 2007
    Location
    London, UK
    Posts
    297
    Rep Power
    8

    Default

    Something that could help for outbound mail is to set up your own remote private relay. We bought a cheap VPS from vpslink.com for this purpose, $7 per month, configured postfix on CentOS to only accept mail from us, setup the rDNS so now all our outgoing mail is routed through that. Much better than relying on our ISP's relay.

    HTH
    Cheers, B
    My Zimbra Bugs Wishlist: 16411, 24567, 35676, 36430, 37770, 41872, 43733, 44384, 46383, 47759
    And a way to associate mailto: handlers with a Zimbra Prism webapp

  8. #8
    LMStone's Avatar
    LMStone is offline Moderator
    Join Date
    Sep 2006
    Location
    477 Congress Street | Portland, ME 04101
    Posts
    1,374
    Rep Power
    10

    Default

    Quote Originally Posted by batfastad View Post
    Something that could help for outbound mail is to set up your own remote private relay. We bought a cheap VPS from vpslink.com for this purpose, $7 per month, configured postfix on CentOS to only accept mail from us, setup the rDNS so now all our outgoing mail is routed through that. Much better than relying on our ISP's relay.

    HTH
    Cheers, B
    Curious if the VPS is for outbound-from-your-Zimbra-server only or if you have it configured as an MX for your domain to relay email inbound-to-your-Zimbra-server as well?

    All the best,
    Mark

  9. #9
    batfastad is offline Elite Member
    Join Date
    Aug 2007
    Location
    London, UK
    Posts
    297
    Rep Power
    8

    Default

    Quote Originally Posted by LMStone View Post
    Curious if the VPS is for outbound-from-your-Zimbra-server only or if you have it configured as an MX for your domain to relay email inbound-to-your-Zimbra-server as well?
    Yep outbound only.
    The MX record for our domain points to our static IP assigned by our ISP (BeThere in the UK). At the time I was setting it up, I didn't have time to look into the postfix stuff for getting it configured to act as our inbound.

    Zimbra's anti-spam/anti-virus is such a huge upgrade for us over MS SBS 2003 that I thought it best that Zimbra be the front-line server.
    It's highly unlikely that I could get postfix configured on the VPS to be anywhere near as effective as Zimbra, so I left it just for outbound.

    We send various e-mail newsletters out and sending through our own relay made the delivery much more consistent.
    My Zimbra Bugs Wishlist: 16411, 24567, 35676, 36430, 37770, 41872, 43733, 44384, 46383, 47759
    And a way to associate mailto: handlers with a Zimbra Prism webapp

  10. #10
    LMStone's Avatar
    LMStone is offline Moderator
    Join Date
    Sep 2006
    Location
    477 Congress Street | Portland, ME 04101
    Posts
    1,374
    Rep Power
    10

    Default

    I was curious if you were doing inbound from the VPS because configuring a separate Postfix server to act as a true SmartHost (inbound and outbound) for Zimbra is not trivial on the inbound-from-VPS-to-Zimbra side.

    The Postfix docs presume the SmartHost is configured to accept inbound email only for valid mail addresses. That means you periodically have to export all valid email addresses from Zimbra and then import them into the SmartHost's Postfix configuration.

    We've successfully automated that process for ourselves, but are always curious if someone is doing something different that could benefit our Zimbra hosting and premises-based clients.

    All the best,
    Mark

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [SOLVED] Postfix unavailable - queue down
    By pmona in forum Administrators
    Replies: 20
    Last Post: 01-21-2010, 10:03 PM
  2. Major Issue - 5.0RC2 NE to 5.0GA NE failed
    By DougWare in forum Installation
    Replies: 7
    Last Post: 01-06-2008, 09:56 PM
  3. Can't start Zimbra!
    By zibra in forum Administrators
    Replies: 5
    Last Post: 03-22-2007, 11:34 AM
  4. zmtlsctl give LDAP error
    By sourcehound in forum Administrators
    Replies: 5
    Last Post: 03-11-2007, 03:48 PM
  5. Zimbra server crashed
    By goetzi in forum Administrators
    Replies: 6
    Last Post: 03-25-2006, 01:00 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •