starter questions

[mskin]

i would like to install Zimbra for a trial period - and try to make a case to my employer. I have downloaded zimbra enterprise server, now i need to make a machine to run it on. i have a 64amd machine at home that i'll install ubuntu 10.4 on - and then i'll go ahead and install the zimbra server.

My questions are these:

can i set this up at home (behind a router), and have my machines at work connect to it? It seems to me that the HTML component would be easy enough through port forwarding, but what about the outlook connection? can that be done easily - remotely?

--or--

Can i set this up at home - get the server running , and then move the zimbra server from my house to my office without much fuss?

what is the A and MX record? i am assuming its the name of my hosted website that also manages our email? IANA — Example domains

thanks in advance

[spectra]

Here's my install process.
1st
----
Giving Credit: This was adapted from a wiki for Ubuntu 8.0.4 LTS using SplitDNS and running behind a NATed firewall. Thanks to the previous creator. I made this work for Ubuntu 10.04.2 LTS 64 bit



Ubuntu 10.04.2 LTS Server (64-bit) Install Guide

The following guide is for installing ZCS on Ubuntu Server 10.04 LTS.

This installation is for a split-DNS setup, where the server resides on a DMZ and so needs to resolve to its own internal (DMZ subnet) IP address rather than the public IP address that is published to the world. This is a setting where a firewall/router supplies the translation from the public IP to the DMZ IP (DNAT--Destination Network Address Translation) so that translation is not known to the server itself. This configuration is desirable for security, but it makes bits of the Zimbra configuration more complex than they might otherwise be.

For simplicity's sake I'm referring to Zimbra's DMZ address as the "private ip address (192.168.125.248)" from here on. By that I mean the Zimbra box has only one IP address, it's on the DMZ, and can be seen by my LAN but not the public. When I say "public IP address (76.234.176.137)" I'm not talking about another address on the Zimbra box, but rather the address that gets DNATed to my box and which is resolved in the world.

* 1 Installing Ubuntu 10.04 LTS
* 2 DNS
* 3 Installing ZCS

------------------------------
Installing Ubuntu 8.04 LTS
------------------------------
Obtain your installation binary from Ubuntu at Download | Ubuntu. Be sure you download the LTS (Longterm Support) Server Edition, NOT the Desktop Edition. Burn the iso file to a CD and boot it in your server. There is an excellent, highly-detailed installation guide for this version at The Perfect Server - Ubuntu Hardy Heron (Ubuntu 8.04 LTS Server) | HowtoForge - Linux Howtos and Tutorials. I highly recommend this guide, particularly if you are new to Linux or Ubuntu specifically. The following points need to be kept in mind as you install:

1) The installation want to configure your LAN via DHCP. Cancel it before it gets that far, and manually configure it with a static IP address, netmask, and gateway. Don't put in a public DNS for your nameserver configuration; instead put in the same IP address that you just gave the machine for its own static IP (this won't let you resolve names on the internet until we do some more configuration below, but it saves headaches later).

IP_Address: 192.168.125.248
Netmask: 255.255.255.0
Gateway: 192.168.125.254
DNS1: 192.168.125.248

2) When the installation asks for a hostname, give it only a one-word hostname (e.g. "mail" or "myserver") NOT the fully-qualified domain name (mail.mydomain.com). In the next screen where it asks for the domain name, give the "mydomain.com" part without the hostname.

Hostname: mail
DomainName: somedomain.net

3) Make a small partition for swap (1.5-2x RAM) and the rest for the OS.
I use 3 separate drives. A 40 gig and 2 similar size drives. One for the system, one for zimbra and one for backing up the entire system. Choose ext3 file system.
Others will recommend separate partitions, RAID and so forth for mailstore, system, etc. Use your own judgement here.

40 gig drive contains:
swap
/
other drive 1 contains:
/opt
other drive 2 contains:
/backup

4) Once the base system has been installed, the installer will ask you for a username, and then a password for that user. This needs to be a non-root user. Whatever you choose, that username and password will be what you use to log in at the command line later, and the same password will be the password for sudo commands. Be sure you remember what you put in here!

login: support password: xxxxxxxxx

5) At the "Software Selection" screen, select DNS Server and OpenSSH Server options for installation, but nothing else. This will allow remote administration (SSH), and will install bind9 which you will need for split DNS.

6) Run the following command to make sure you have all the necessary packages: sudo apt-get install bind9 dnsutils file libgmp3c2 libexpat1 libstdc++5 libltdl3 libperl5.8 perl curl libpcre3 libc6

With these items, your installation will complete and the system will reboot.
Don't worry if you can't do apt install yet. You can do it later too.

-----
DNS
-----
On Ubuntu, check /etc/default/bind9 to see the root directory path for your bind installation. If not other path is specified, then it's most likely /etc/bind/

Proper DNS configuration is PARAMOUNT! If you don't have your DNS working properly, don't even bother trying to install Zimbra, because trying to fix DNS after the fact may result in an install that can do everything except send mail--even from a Zimbra user to himself! So I'll say it again:


Step 1.
If you can't resolve your mailserver's own private IP address (NOT the public IP) using nslookup, fix it BEFORE you install Zimbra!

If your installation above was successful, when you sign on at the command line you'll be able to ping public IP addresses if you know them, but you may not be able to resolve any names to ping them.


Step 2.
Now you have to configure the following files, which are in the directory /etc/bind (for brevity I've deleted the generic comment lines included by the distro). Note that the query-source address and forwarders lines are already there, they just need to be uncommented, and in the case of the forwarders, the ip addresses of your ISP's DNS servers need to be added. Note also that the syntax needs to be EXACTLY as shown below--leave out one semicolon or bracket and the whole thing blows up:

The IPs 68.87.77.134 & 68.87.72.134 as shown below are that of comcast, my ISP for where my Zimbra lives behind my firewall. Be sure to place whatever your DNS is for your situation.

/etc/bind/named.conf.options

options {
directory "/var/cache/bind";
query-source address * port 53;
forwarders {
68.87.77.134; 68.87.72.134;
};
auth-nxdomain no; # conform to RFC1035
};

the ip addresses on this file are public ip addresses of the DNS you use in the outside world. The line "query-source address * port 53" is to allow your machine to hit the DNS if oddball DNS ports are blocked. You can leave it commented if you don't need it.


Step 3.
Check /etc/resolv.conf and make sure it looks like this:
nameserver xxx.xxx.xxx.xxx
The IP address here should be the Zimbra box's private ip address.

search somedomain.net
nameserver 192.168.125.248


Step 4.
Once you've fixed these two files, restart bind

/etc/init.d/bind9 restart

you should be able to resolve names in the outside world. Try something like "ping google.com" and if you get an answer, you're on the way.

Step 5.
Now it's time to get the internal zone working. Append the following lines to /etc/bind/named.conf.local

zone "somedomain.net" {
type master;
file "/etc/bind/db.somedomain.net";
};

Note that you need to type the full pathname to your db.* file. Also, be sure you don't miss a semicolon ";" in any of these lines that have them because a missing semicolon breaks the file.


Step 6.
Now create your file /etc/bind/db.somedomain.net

;
;BIND data file for spectraportal.net
;
$TTL 604800
@ IN SOA mail.somedomain.net. admin.somedomain.net. (
090727 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS mail
IN MX 10 mail
IN A 192.168.125.248
mail IN A 192.168.125.248

The ip address here is again your Zimbra internal ip address; the string "admin.somedomain.net" is replaced with the email address you are using for administration, only with a "." instead of the "@" in the address. Be careful to increment the serial number one higher every time you modify this file or the changes won't stick. Many users use the date they edit the file for the serial number, but as long as you start low and only get higher it really doesn't matter.


Step 7.
Now you may need to reboot the machine (restarting bind9 alone doesn't always work) and try to resolve your mail server.
/etc/init.d/bind9 restart
/sbin/init 6

nslookup somedomain.net
You should get output similar to this:

Server: 192.168.125.248
Address: 192.168.125.248#53

Name: somedomain.net
Address: 192.168.125.248

If it returns your public IP address, 76.234.176.137, your internal DNS is not working.
Fix it, when this failed it was because I placed the wrong IP in /etc/resolv.conf file.


Step 8.
Before you get to the install you also need to modify your /etc/hosts file:
127.0.0.1 localhost.localdomain localhost
192.168.125.248 mail.somedomain.net mail


Step 9.
sudo apt-get install bind9 dnsutils file libgmp3c2 libexpat1 libstdc++5 libltdl3 libperl5.8 perl curl libpcre3 libc6

It's now time to update your packages:
sudo bash (this will ask for your password, enter your administrator's pw, then you'll be at a root prompt)
apt-get -y upgrade; apt-get -y update; apt-get -y dist-upgrade



-----------------
Installing ZCS
-----------------

Step 1.
ssh to the server, 192.168.125.248
go to /backup
mkdir temp
chmod 777 temp
chmod +t temp
place the zimbra file, zcs-7.0.0_GAblah.blah.blah.blah.tgz up to the server in /backup/temp
You can use scp or winscp or any technique you wish. Just get the file on the server where you can expand it and have enough space.


Also, it is possible if the /tmp directory does not have the correct permissions it could hinder your efforts to install ZCS.
Make sure the /tmp directory has the following permissions.
drwxrwxrwt root root /tmp

If your /tmp permissions do not match the above, run the following commands as root:
# chown root:root /tmp **Optional, good chance /tmp is already owned by root**
# chmod 777 /tmp
# chmod +t /tmp


Step 2.
tar -xzf zc*

and it'll create a whole directory /backup/temp/zcs-7.0.0_GAblah.blah.blah.blah.tgz with lots of files inside it. Rename folder to zcs, just to avoid long file name and typing.


Step 3.
Several discussion groups have listed the dependencies not installed by the standard Linux install, but the easy thing to do is try to run the install and let Zimbra give you a list of what's missing.

It's not going to work the first time, but it'll give you a list of missing dependencies. Write down all the package names it says are missing. Your list may be slightly different than mine, but whatever it is, load them. Just separate each package name with a space like this:
apt-get install libpcre3 libgmp3c2 libstdc++5 sysstat sqllite3

cd /backup/temp/zcs
./install.sh


Step 4.
Now re-run your Zimbra install and accept all the defaults except:

When it asks you for your domain, it's going to have your fully-qualified domain name (mail.somedomain.net) rather than just the domain, and probably complain about not having an MX record. Change the domain name to somedomain.net and it will find the names through nslookup, and it will be happy. The rest of the install should proceed without errors.


Step 5.
Towards the end of installation it's going to ask you to "Address unconfigured items" but, if you're doing this from the console and not from an SSH connection with a buffer, the actual item that's unconfigured is off the screen and invisible. It's the admin password, which is in menu item 3.


Step 6.
Finally, when the install is done and it has given you the last "press Enter to finish" you are almost done. I recommend at this point that you convert your webmail to use https rather than http. This is a security question, but it is also discretionary. If you choose to do this, then at the command prompt, type:

su - zimbra
zmtlsctl https


Step 7.
Now reboot the system, and when it comes back up,give it a couple minutes to start the rest of the Zimbra processes. If your installation is successful, you can go to https://somedomain.net:7071 or https://192.168.124.248:7071 to get the administrative console, or

https://somedomain.net to log in as a user and use Zimbra


Step 8.
Users never like typing username@domain.com when logging into zimbra. To allow that and also allow just username login, you can set the following option.
Set Default Domain Name so login is just userid and not userid@domain
zmprov mcf zimbraDefaultDomainName somedomain.net

as root, after upgrade
/opt/zimbra/libexec/scripts/migrate20100913-Mysql51.pl


2nd - I relay emails from Zimbra via my ISP
----------------------------------------------
notes:
1. replace machinename.domainname.com with your actual machine's fully qualified domain name
2. replace actualmachinename.mailserverdomain.com with a real accessible mail server that you plan to use to relay emails
3. replace userid@mailserverdomain.comassword_for userid_used with however you authenticate to the mail server you are using to relay. Basically it's a username@thedomain:thepassword


As user zimbra you do all these steps:

zmprov ms machinename.domainname.com zimbraMtaRelayHost actualmachinename.mailserverdomain.com:25;
echo actualmachinename.mailserverdomain.com userid@mailserverdomain.comassword_for userid_used > /opt/zimbra/conf/relay_password;
postmap hash:/opt/zimbra/conf/relay_password;

postmap -q actualmachinename.mailserverdomain.com /opt/zimbra/conf/relay_password;
postconf -e smtp_sasl_password_maps=hash:/opt/zimbra/conf/relay_password;
postconf -e smtp_sasl_auth_enable=yes;

postconf -e smtp_use_tls=yes;
postfix reload;
postconf -e smtp_cname_overrides_servername=no;
postconf -e smtp_sasl_security_options=noanonymous
postfix reload;

zmlocalconfig -e postfix_smtp_sasl_password_maps=hash:/opt/zimbra/conf/relay_password;
zmlocalconfig -e postfix_smtp_sasl_auth_enable=yes;
zmlocalconfig -e postfix_smtp_use_tls=yes;
zmlocalconfig -e postfix_smtp_cname_overrides_servername=no;
zmlocalconfig -e postfix_smtp_sasl_security_options=noanonymous;

zmprov mcf zimbraLastLogonTimestampFrequency 1h;
zmprov mcf zimbraDefaultDomainName domainname.com;