These are personal notes for installing Zimbra 7 on Centos 5, including split DNS for servers behind firewalls.
Preliminaries
Caveats
- This is for a small installation, where a single server can handle everything.
- Zimbra is not officially supported on CentOS, even though it comes directly from RHEL’s sources. If you need support from the company, don’t use it.
Requirements
- Zimbra 7 is 64-bits. Don’t use the 32-bit versions since they are officially deprecated and are slated to be dropped.
- If you are installing directly onto bare metal, there should be no problem.
- If you are installing in a virtual machine, then ensure that the processor has the physical hardware support for 64-bit virtualization, i.e. Intel VT or AMD-V. (None of the older machines that I have support).
- At least 1.5 GB RAM as an absolute minimum, but Zimbra may be slow at times. The Quick Start guide recommends 4GB.
- Zimbra will run on a single processor; two are better.
- I can’t recommend starting with less than 20-40GB HD space. I anticipate adding disks and expanding the file system as needed.
Virtual Machine
- I like to name the (virtual) physical disks pv00, pv01, pv02, etc. (pv=physical volume) so they’re easy to track.
- The NIC must be bridged. Save yourself the pain.
- I remove the floppy disk, sound, card, and printer.
Installing CentOS
Disk Layout
- I generally create two partitions: /boot and the rest a LVM partition
- Inside I create a volume group with the name vg00, and create inside of it:
- lvRoot mounted on /
- lvTmp mounted on /tmp
- lvVar mounted on /var
- lvOpt mounted on /opt
- lvSwap
- Unallocated space for expansion of any non-lvOpt partition that threatens to get full. I treat lvOpt differently because it’s the mail storage partition, and if it fills up I want to at least double the amount of space available. If /opt starts to get full, I will:
- add a whole new disk,
- add it as a physical volume,
- expand the volume group with the physical volume,
- expand lvOpt, and
- expand the /opt filesystem.
Package Selection
Note that this is not fine tuned, and more akin to a shotgun approach. Even though RHEL is an officially-supported OS, there does not appear to be any recommendations from Zimbra on which package groups to install. This section will be updated if I can find more information.
- For package selection, deselect Desktop – Gnome.
- Select Customize now
- Click Next
- Ensure that only the following categories are selected for install. Note: This is for simplicity. It does not attempt to strip the system down to its bare nubs.
- Applications
- Editors
- Development
- Development Libraries
- Development Tools
- Legacy Software Development
- Base System
- Administration Tools
- Base
- Legacy Software Support
- Applications
First-Time Setup
Services
I noticed that ntpd was not being started. Ensure that it’s checked in the services list or run
chkconfig ntpd on
Firewall Configuration
- SELinux: Disabled
- Customize open ports:
- SSH
- WWW (HTTP)
- Secure WWW (HTTPS)
- Mail (SMTP)
- Other ports: 143, 993, 110, 995, 7071
Zimbra will not function correctly with SELinux enabled. A reboot is required.
Operating System Finalization
Apply Operating System Updates
Log in as root.
Use yum to update the server.
yum update -y
Package Preparation
Remove sendmail.
yum erase sendmail
Interestingly, this also removes redhat-lsb and mdadm. I’m installing this on a virtual machine that resides on a disk that is already mirrored, so I don’t use any soft RAID.
Ensure dependencies are installed.
yum install gmp compat-libstdc++-33 sysstat sudo libidn wget libtool-ltdl
With the current version of CentOS (5.5), this only installs sysstat and libtool-ltdl.
Visually Verify the /etc/hosts File
The /etc/hosts file should look something like:
# Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 localhost.localdomain localhost ::1 localhost6.localdomain6 localhost6 aaa.bbb.ccc.ddd yourhostname.yourdomain.com yourhostname
Where aaa.bbb.ccc.ddd is the local behind-the-firewall IP address for the server. Note: This was set to the external IP address for some reason.
If the server resides behind a firewall, the IP address is the local address behind the firewall, which may not match what DNS returns. (The discrepancy will be taken care of below.)
If Behind a Firewall (Set Up Split DNS)
If the server is behind a firewall, split DNS needs to be set up so that when Zimbra tries to perform a lookup for the server, the normal DNS lookup is short-circuited, and the behind-the-firewall IP address comes back to Zimbra.
Install Bind
yum install bind bind-chroot bind-libs bind-utils
Ensure bind starts automatically.
chkconfig named on
Create the named Configuration File
vim /var/named/chroot/etc/named.conf chmod 644 /var/named/chroot/etc/named.conf
Insert the following. Be sure to change the forwarders IP address (eee.fff.ggg.hhh, iii.jjj.kkk.lll) to the IP addresses of the old DNS server. Be sure to replace domain.com with your own domain.
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
forwarders {
eee.fff.ggg.hhh ;
iii.jjj.kkk.lll ;
};
};
include "/etc/rndc.key";
// Specify that this server is the master for mail.domain.com
zone "mail.domain.com" {
type master;
file "db.mail.domain.com";
};Create the file described in the file line. Be sure to change domain.com to the domain of your server.
vim /var/named/chroot/var/named/db.mail.domain.com chmod 644 /var/named/chroot/var/named/db.mail.domain.com
Insert the following. Also pay attention the fact that adminaccount.domain.com is the system administrator’s e-mail address adminaccount@domain.com. DNS turns the first period into the @ sign.
@ IN SOA mail.domain.com. adminaccount.domain.com. (
10118 ; Serial
43200 ; Refresh
3600 ; Retry
3600000 ; Expire
2592000 ) ; Minimum
IN NS aaa.bbb.ccc.ddd
IN A aaa.bbb.ccc.ddd
IN MX 10 mail.domain.com.
Adjust resolv.conf
Adjust the resolv.conf file to search the local server for primary DNS
vim /etc/resolv.conf
Change it to look like:
search domain.com nameserver aaa.bbb.ccc.ddd
Start the named Dæmon
chkconfig named on service named start
Check its operation with:
dig mail.domain.com mxIt should return something similar to:
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_5.3 <<>> mail.domain.com mx ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40071 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;mail.domain.com. IN MX ;; ANSWER SECTION: mail.domain.com. 2592000 IN MX 10 mail.domain.com. ;; AUTHORITY SECTION: mail.domain.com. 2592000 IN NS aaa.bbb.ccc.ddd.mail.domain.com. ;; ADDITIONAL SECTION: mail.domain.com. 2592000 IN A aaa.bbb.ccc.ddd ;; Query time: 1 msec ;; SERVER: aaa.bbb.ccc.ddd#53(aaa.bbb.ccc.ddd) ;; WHEN: Sat Mar 12 17:42:25 2011 ;; MSG SIZE rcvd: 93
and
dig mail.domain.com anyshould return something like:
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_5.3 <<>> mail.domain.com any ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1326 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;mail.domain.com. IN ANY ;; ANSWER SECTION: mail.domain.com. 2592000 IN SOA mail.domain.com. sysadmin.domain.com. 10118 43200 3600 3600000 2592000 mail.domain.com. 2592000 IN NS aaa.bbb.ccc.ddd.mail.domain.com. mail.domain.com. 2592000 IN A aaa.bbb.ccc.ddd mail.domain.com. 2592000 IN MX 10 mail.domain.com. ;; Query time: 1 msec ;; SERVER: aaa.bbb.ccc.ddd#53(aaa.bbb.ccc.ddd) ;; WHEN: Sat Mar 12 17:43:23 2011 ;; MSG SIZE rcvd: 138
The final check is the following. Note! This must be typed verbatim!
host $(hostname)
Should return something like:
mail.domain.com has address aaa.bbb.ccc.ddd mail.domain.com mail is handled by 10 mail.domain.com.
Adjust the Yum Update Dæmon
It may be advisable to tweak the yum dæmon so that it automatically downloads updates and sends an e-mail to notify you that the machine can be updated. Details on how to do that may be found here.
Install Zimbra
Download Zimbra
Download the 64-bit version of Zimbra for Red Hat Enterprise Linux 5 here. I just right click on the link and paste it onto the command line, and make liberal use of tab completion in bash. For example:
cd /tmp wget wget http://files2.zimbra.com/downloads/7.0.1_GA/zcs-7.0.1_GA_3105.RHEL5_64.20110304210645.tgz tar xvzf zcs-7.0.1_GA_3105.RHEL5_64.20110304210645.tgz cd zcs-7.0.1_GA_3105.RHEL5_64.20110304210645
Run the Installer
Run the install script.
./install.sh --platform-override
You must include the platform override option, else the installer will abort with the following error:
You appear to be installing packages on a platform different than the platform for which they were built. This platform is CentOS5_64 Packages found: RHEL5_64 This may or may not work. Installation can not continue without manual override. You can override this safety check with ./install.sh --platform-override WARNING: Bypassing this check may result in an install or upgrade that is NOT usable.
You will go through the following steps.
- License agreement. Type answer with “Y”.
- Prerequisite check. This should pass cleanly.
- Package self-test.
- Select the packages to install. Accept the defaults.
- zimbra-ldap
- zimbra-logger
- zimbra-mta
- zimbra-snmp
- zimbra-store
- zimbra-apache
- zimbra-spell
- zimbra-memcached
- zimbra-proxy
- A warning that you are not running on Red Hat, with the question, “Install anyway?”. Answer with “Y”.
- A warning that the system will be modified. Answer with “Y”.
- Installing packages.
- Administrative install menu.
On the administrative menu, the important item to do is to set the admin password.
When complete, use “a” to apply the changes, and confirm with “Yes”.
- When complete, use “a” to apply the changes.
- Confirm with “Yes”.
- Accept the default configuration file name.
- It will warn, “The system will be modified – continue?”. Answer with “Yes”.
- The installer will set up a few more items, including creating a self-signed SSL certificate.
- The installer will ask if you want to notify Zimbra of your installation. Your choice.
- The installer will start the servers.
- The installer will install zimlets &c.
At last you will see:
Configuration complete - press return to exit
At this point you can point the web browser to port 7071 of the server and log in as the administrator. The install is complete.
References
- Zimbra documentation
- An out-of-date but useful guide is on the Zimbra forums here.
- Setting up split DNS can be found on the Zimbra wiki here.
Pingback: Adding a GoDaddy SSL Certificate to Zimbra 7 « James Reuben Knowles
Hi James,
Thanks for your excellence guidance on install ZCS 7 on Centos. I’m facing some issue and wonder if you could help. I’m installing zcs 7.1.3 on Centos 5. Below is the error
Sat Oct 29 17:37:39 2011 zimbra-ldap is enabled
Sat Oct 29 17:37:39 2011 Initializing ldap…
Sat Oct 29 17:37:39 2011 *** Running as zimbra user: /opt/zimbra/libexec/zmldapinit
IO::Socket::INET: connect: timeout at /opt/zimbra/libexec/zmldapinit line 137.
Sat Oct 29 17:40:18 2011 failed. (28160)
Thanks in advance
I’d recommend using Google to search for
IO::Socket::INET: connect: timeout at /opt/zimbra/libexec/zmldapinit
One possibility is the sudoers file’s permissions are incorrect.
Is the setup for Zimbra 64 bit on CentOS 6 very similar.
I notiticed they have the release out now to run on RHEL6, will you do an updated install guide on it?
thanks
Thanks for asking. I haven’t yet updated my notes for CentOS 6, though it’s on the “to do” list.
I have an older 32-bit Zimbra running on CentOS 5 that is slated for upgrade (read: clean install and copy data), but actually doing it hasn’t made it on to the calendar.
Great!!
Sir this tutorial is really great.. Very very thanks… I installed Zimbra 7.1 on Centos 5.7 with the help of this ………………. Very very Thanksful 2 u.
Hi James, I have a single case: I have a centos 5.7 installed as firewall, proxy, webserver and zimbra server, this machine has two interfaces: external eth0 186.42.xxx.xxx and internal eth1 172.25.1.1 (hosts: 172.25.1.1 mail.mydomain.com mail). I need to take this zimbra server off and install a new one behind this firewall. First of all I need to route external mails (from gmail for instance) trough my firewall (centos-iptables – DNAT) to my new zimbra server (hosts: 172.25.1.31 zimbra.mydomain.com zimbra) in order to do this, what I must do in the centos-firewall – sendmail, postfix, ports, DNS, zones (named service), etc. (LAN ip 172.25.1.1 public ip 186.42.xxx.xxx) .- and in second place how I must configure my new zimbra server (172.25.1.31) single LAN interface to send and receive mail from LAN and from outside. In adition what I must do to grant externat internet users access to zimbra client login screen?
Please help!
thanks in advance
I wish I could dedicate the time to giving exact answers.
The firewall settings should be straightforward; you’ll tell it to redirect traffic to the ports Zimbra was using to the new machine’s IP address.
For the Zimbra server configuration, this is a common thing and the instructions should give details about setting up a server in a DMZ. If you need help with that, this is a good question for the Zimbra forums. People should be able to steer you right.
What you mean by IP addresses of the “old DNS server” in named.conf configuration.
Thanks in advance
Jose,
Yes, that’s poorly worded. If I remember correctly, this should be the IP addresses of the external servers that the server is using for DNS lookup.
thanks for reply. In the meantime I soleved the issue. All was about restarting the firewall after uninstall zimbra and redefine iptables rules.
Thank you any way.
I’m glad you got it worked out, and thanks for the feedback. I hope that it’s helpful to somebody else.
James Reuben Knowles, very thank’s for your tutorial really give me a solution, can you make tutorial zimbra 8 for RHEL 6.3??
I have a server that’s slated for replacement and upgrade, but that won’t be for a while.