Installing Zimbra 7 on CentOS

These are personal notes for installing Zimbra 7 on Centos 5, including split DNS for servers behind firewalls.



  • This is for a small installation, where a single server can handle everything.
  • Zimbra is not officially supported on CentOS, even though it comes directly from RHEL’s sources. If you need support from the company, don’t use it.


  • Zimbra 7 is 64-bits. Don’t use the 32-bit versions since they are officially deprecated and are slated to be dropped.
  • If you are installing directly onto bare metal, there should be no problem.
  • If you are installing in a virtual machine, then ensure that the processor has the physical hardware support for 64-bit virtualization, i.e. Intel VT or AMD-V. (None of the older machines that I have support).
  • At least 1.5 GB RAM as an absolute minimum, but Zimbra may be slow at times. The Quick Start guide recommends 4GB.
  • Zimbra will run on a single processor; two are better.
  • I can’t recommend starting with less than 20-40GB HD space. I anticipate adding disks and expanding the file system as needed.

Virtual Machine

  • I like to name the (virtual) physical disks pv00, pv01, pv02, etc. (pv=physical volume) so they’re easy to track.
  • The NIC must be bridged. Save yourself the pain.
  • I remove the floppy disk, sound, card, and printer.

Installing CentOS

Disk Layout

  • I generally create two partitions: /boot and the rest a LVM partition
  • Inside I create a volume group with the name vg00, and create inside of it:
    • lvRoot mounted on /
    • lvTmp mounted on /tmp
    • lvVar mounted on /var
    • lvOpt mounted on /opt
    • lvSwap
    • Unallocated space for expansion of any non-lvOpt partition that threatens to get full. I treat lvOpt differently because it’s the mail storage partition, and if it fills up I want to at least double the amount of space available. If /opt starts to get full, I will:
      • add a whole new disk,
      • add it as a physical volume,
      • expand the volume group with the physical volume,
      • expand lvOpt, and
      • expand the /opt filesystem.

Package Selection

Note that this is not fine tuned, and more akin to a shotgun approach. Even though RHEL is an officially-supported OS, there does not appear to be any recommendations from Zimbra on which package groups to install. This section will be updated if I can find more information.

  • For package selection, deselect Desktop – Gnome.
  • Select Customize now
  • Click Next
  • Ensure that only the following categories are selected for install. Note: This is for simplicity. It does not attempt to strip the system down to its bare nubs.
    • Applications
      • Editors
    • Development
      • Development Libraries
      • Development Tools
      • Legacy Software Development
    • Base System
      • Administration Tools
      • Base
      • Legacy Software Support

First-Time Setup


I noticed that ntpd was not being started. Ensure that it’s checked in the services list or run

chkconfig ntpd on

Firewall Configuration

  • SELinux: Disabled
  • Customize open ports:
    • SSH
    • WWW (HTTP)
    • Secure WWW (HTTPS)
    • Mail (SMTP)
    • Other ports: 143, 993, 110, 995, 7071

Zimbra will not function correctly with SELinux enabled. A reboot is required.

Operating System Finalization

Apply Operating System Updates

Log in as root.

Use yum to update the server.

yum update -y

Package Preparation

Remove sendmail.

yum erase sendmail

Interestingly, this also removes redhat-lsb and mdadm. I’m installing this on a virtual machine that resides on a disk that is already mirrored, so I don’t use any soft RAID.

Ensure dependencies are installed.

yum install gmp compat-libstdc++-33 sysstat sudo libidn wget libtool-ltdl

With the current version of CentOS (5.5), this only installs sysstat and libtool-ltdl.

Visually Verify the /etc/hosts File

The /etc/hosts file should look something like:

# Do not remove the following line, or various programs
# that require network functionality will fail.		localhost.localdomain localhost
::1			localhost6.localdomain6 localhost6
aaa.bbb.ccc.ddd yourhostname

Where aaa.bbb.ccc.ddd is the local behind-the-firewall IP address for the server. Note: This was set to the external IP address for some reason.

If the server resides behind a firewall, the IP address is the local address behind the firewall, which may not match what DNS returns. (The discrepancy will be taken care of below.)

If Behind a Firewall (Set Up Split DNS)

If the server is behind a firewall, split DNS needs to be set up so that when Zimbra tries to perform a lookup for the server, the normal DNS lookup is short-circuited, and the behind-the-firewall IP address comes back to Zimbra.

Install Bind

yum install bind bind-chroot bind-libs bind-utils

Ensure bind starts automatically.

 chkconfig named on

Create the named Configuration File

vim /var/named/chroot/etc/named.conf
chmod 644 /var/named/chroot/etc/named.conf

Insert the following. Be sure to change the forwarders IP address (eee.fff.ggg.hhh, iii.jjj.kkk.lll) to the IP addresses of the old DNS server. Be sure to replace with your own domain.

options {
    directory "/var/named";
    dump-file "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    forwarders {
        eee.fff.ggg.hhh ;
        iii.jjj.kkk.lll ;
include "/etc/rndc.key";
// Specify that this server is the master for
zone "" {
    type master;
    file "";

Create the file described in the file line. Be sure to change to the domain of your server.

vim /var/named/chroot/var/named/
chmod 644 /var/named/chroot/var/named/

Insert the following. Also pay attention the fact that is the system administrator’s e-mail address DNS turns the first period into the @ sign.

@       IN      SOA (
                               10118      ; Serial
                               43200      ; Refresh
                               3600       ; Retry
                               3600000    ; Expire
                               2592000 )  ; Minimum

               IN      NS      aaa.bbb.ccc.ddd
               IN      A       aaa.bbb.ccc.ddd
               IN      MX      10

Adjust resolv.conf

Adjust the resolv.conf file to search the local server for primary DNS

vim /etc/resolv.conf

Change it to look like:

nameserver aaa.bbb.ccc.ddd

Start the named Dæmon

chkconfig named on
service named start

Check its operation with:

dig mx

It should return something similar to:

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_5.3 <<>> mx
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40071
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;		IN	MX

;; ANSWER SECTION:	2592000	IN	MX	10


;; ADDITIONAL SECTION:	2592000	IN	A	aaa.bbb.ccc.ddd

;; Query time: 1 msec
;; SERVER: aaa.bbb.ccc.ddd#53(aaa.bbb.ccc.ddd)
;; WHEN: Sat Mar 12 17:42:25 2011
;; MSG SIZE  rcvd: 93


dig any

should return something like:

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_5.3 <<>> any
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1326
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0


;; ANSWER SECTION:	2592000	IN	SOA 10118 43200 3600 3600000 2592000	2592000	IN	NS	2592000	IN	A	aaa.bbb.ccc.ddd	2592000	IN	MX	10

;; Query time: 1 msec
;; SERVER: aaa.bbb.ccc.ddd#53(aaa.bbb.ccc.ddd)
;; WHEN: Sat Mar 12 17:43:23 2011
;; MSG SIZE  rcvd: 138

The final check is the following. Note! This must be typed verbatim!

host $(hostname)

Should return something like: has address aaa.bbb.ccc.ddd mail is handled by 10

Adjust the Yum Update Dæmon

It may be advisable to tweak the yum dæmon so that it automatically downloads updates and sends an e-mail to notify you that the machine can be updated. Details on how to do that may be found here.

Install Zimbra

Download Zimbra

Download the 64-bit version of Zimbra for Red Hat Enterprise Linux 5 here. I just right click on the link and paste it onto the command line, and make liberal use of tab completion in bash. For example:

cd /tmp
wget wget
tar xvzf zcs-7.0.1_GA_3105.RHEL5_64.20110304210645.tgz
cd zcs-7.0.1_GA_3105.RHEL5_64.20110304210645

Run the Installer

Run the install script.

./ --platform-override

You must include the platform override option, else the installer will abort with the following error:

You appear to be installing packages on a platform different
than the platform for which they were built.

This platform is CentOS5_64
Packages found: RHEL5_64
This may or may not work.

Installation can not continue without manual override.
You can override this safety check with ./ --platform-override

WARNING: Bypassing this check may result in an install or
upgrade that is NOT usable.

You will go through the following steps.

  • License agreement. Type answer with “Y”.
  • Prerequisite check. This should pass cleanly.
  • Package self-test.
  • Select the packages to install. Accept the defaults.
    • zimbra-ldap
    • zimbra-logger
    • zimbra-mta
    • zimbra-snmp
    • zimbra-store
    • zimbra-apache
    • zimbra-spell
    • zimbra-memcached
    • zimbra-proxy
  • A warning that you are not running on Red Hat, with the question, “Install anyway?”. Answer with “Y”.
  • A warning that the system will be modified. Answer with “Y”.
  • Installing packages.
  • Administrative install menu.

On the administrative menu, the important item to do is to set the admin password.

When complete, use “a” to apply the changes, and confirm with “Yes”.

  • When complete, use “a” to apply the changes.
  • Confirm with “Yes”.
  • Accept the default configuration file name.
  • It will warn, “The system will be modified – continue?”. Answer with “Yes”.
  • The installer will set up a few more items, including creating a self-signed SSL certificate.
  • The installer will ask if you want to notify Zimbra of your installation. Your choice.
  • The installer will start the servers.
  • The installer will install zimlets &c.

At last you will see:

Configuration complete - press return to exit

At this point you can point the web browser to port 7071 of the server and log in as the administrator. The install is complete.


  • Zimbra documentation
  • An out-of-date but useful guide is on the Zimbra forums here.
  • Setting up split DNS can be found on the Zimbra wiki here.


This entry was posted in SysAdmin and tagged , , . Bookmark the permalink.

17 Responses to Installing Zimbra 7 on CentOS

  1. Pingback: Adding a GoDaddy SSL Certificate to Zimbra 7 « James Reuben Knowles

  2. james says:

    Hi James,

    Thanks for your excellence guidance on install ZCS 7 on Centos. I’m facing some issue and wonder if you could help. I’m installing zcs 7.1.3 on Centos 5. Below is the error

    Sat Oct 29 17:37:39 2011 zimbra-ldap is enabled
    Sat Oct 29 17:37:39 2011 Initializing ldap…
    Sat Oct 29 17:37:39 2011 *** Running as zimbra user: /opt/zimbra/libexec/zmldapinit
    IO::Socket::INET: connect: timeout at /opt/zimbra/libexec/zmldapinit line 137.
    Sat Oct 29 17:40:18 2011 failed. (28160)

    Thanks in advance

  3. I’d recommend using Google to search for

    IO::Socket::INET: connect: timeout at /opt/zimbra/libexec/zmldapinit

    One possibility is the sudoers file’s permissions are incorrect.

  4. Grifs says:

    Is the setup for Zimbra 64 bit on CentOS 6 very similar.

    I notiticed they have the release out now to run on RHEL6, will you do an updated install guide on it?


  5. Thanks for asking. I haven’t yet updated my notes for CentOS 6, though it’s on the “to do” list.

    I have an older 32-bit Zimbra running on CentOS 5 that is slated for upgrade (read: clean install and copy data), but actually doing it hasn’t made it on to the calendar.

  6. M Owais Khan says:


    Sir this tutorial is really great.. Very very thanks… I installed Zimbra 7.1 on Centos 5.7 with the help of this ………………. Very very Thanksful 2 u.

  7. MrGmaw says:

    Hi James, I have a single case: I have a centos 5.7 installed as firewall, proxy, webserver and zimbra server, this machine has two interfaces: external eth0 and internal eth1 (hosts: mail). I need to take this zimbra server off and install a new one behind this firewall. First of all I need to route external mails (from gmail for instance) trough my firewall (centos-iptables – DNAT) to my new zimbra server (hosts: zimbra) in order to do this, what I must do in the centos-firewall – sendmail, postfix, ports, DNS, zones (named service), etc. (LAN ip public ip .- and in second place how I must configure my new zimbra server ( single LAN interface to send and receive mail from LAN and from outside. In adition what I must do to grant externat internet users access to zimbra client login screen?

    Please help!

    thanks in advance

  8. I wish I could dedicate the time to giving exact answers.

    The firewall settings should be straightforward; you’ll tell it to redirect traffic to the ports Zimbra was using to the new machine’s IP address.

    For the Zimbra server configuration, this is a common thing and the instructions should give details about setting up a server in a DMZ. If you need help with that, this is a good question for the Zimbra forums. People should be able to steer you right.

  9. Jose Luis says:

    What you mean by IP addresses of the “old DNS server” in named.conf configuration.

    Thanks in advance

  10. Jose,

    Yes, that’s poorly worded. If I remember correctly, this should be the IP addresses of the external servers that the server is using for DNS lookup.

  11. MrGmaw says:

    thanks for reply. In the meantime I soleved the issue. All was about restarting the firewall after uninstall zimbra and redefine iptables rules.
    Thank you any way.

  12. I’m glad you got it worked out, and thanks for the feedback. I hope that it’s helpful to somebody else.

  13. ali says:

    James Reuben Knowles, very thank’s for your tutorial really give me a solution, can you make tutorial zimbra 8 for RHEL 6.3??

  14. I have a server that’s slated for replacement and upgrade, but that won’t be for a while.

  15. Asghar Durrani says:

    Wrong one : @ IN SOA (

    Right One: @ IN SOA (

  16. Pingback: Zimbra Certificate Godaddy – +ADw-/title+AD4-Hacked By TURKHACKTEAM.ORG Putin, knowingly and willfully planned airplane attack and the citizen on death. This has caused you to be you're a traitor. Now the citizens of nationalist feelings of the Rus

Leave a Reply