Grant McWilliams

Tech Virtualization Xen Howtos Create a Zimbra mail server on Xen

Create a Zimbra mail server on Xen

I this tutorial we'll set up a Xen domU specifically for Zimbra because it likes to take over an entire machine. We'll also set up authenticated mail sending via gmails smtp servers and configure our router to forward requests to the appropriate domU. Lastly we'll use Apache on another machine (virtual or not) to proxy web connections to our DomU.

 

You will want to follow the Create a Centos virtual machine on Xen tutorial before continuing with these instructions. Once you have created your Xen Virtual Machine running CentOS5 proceed with this tutorial.

 

Preparing for installation

Before you install Zimbra you want to set the network settings and hostname. I would advise you to set a static IP address for the Virtual Machine as well as setting the hostname to something unique. If this Virtual Machine is behind a NAT you'll get errors about the DNS name not being able to be resolved. We can edit the /etc/hosts to get rid of those.

/etc/hosts

192.168.1.102   mail.soundlinuxtraining.com

/etc/sysconfig/network

NETWORKING=yes

NETWORKING_IPV6=yes

HOSTNAME=mail.soundlinuxtraining.com

Edit system network settings - set IP address, Netmask etc.. and set the current hostname

system-config-network
hostname mail.soundlinuxtraining.com
service network restart

Shut down Sendmail to avoid conflicts on port 25

service sendmail stop
chkconfig sendmail off

Before installing Zimbra we'll install some of it's dependencies.

yum install fetchmail gmp compat-libstdc++-296 compat-libstdc++-33 libtool-ltdl 

Installing Zimbra

We need to download Zimbra in order to install it.

For 32 bit machines:

wget http://files.zimbra.com/downloads/5.0.7_GA/zcs-5.0.7_GA_2444.RHEL5.20080626020941.tgz

For 64 bit machines:

wget http://files.zimbra.com/downloads/5.0.7_GA/zcs-5.0.7_GA_2444.RHEL5_64.20080626020449.tgz

If these links don't work then just go to http://www.zimbra.com/community/downloads.html and download the latest version for your cpu architecture. Now extract the Zimbra archive

 

tar -zxvpf zcs-*.tgz

Change into the Zimbra directory and run the install program with the --platform-override option. This is so we can install the Redhat EL5 version on CentOS EL5. Say yes to all questions.

./install --platform-override
...
Install zimbra-ldap [Y]
Install zimbra-logger [Y]
Install zimbra-mta [Y]
Install zimbra-snmp [Y]
Install zimbra-store [Y]
Install zimbra-apache [Y]
Install zimbra-spell [Y]
Install zimbra-proxy [Y]

You appear to be installing packages on a platform different
than the platform for which they were built.

This platform is CentOS5_64
Packages found: RHEL5_64
This may or may not work.

Using packages for a platform in which they were not designed for
may result in an installation that is NOT usable. Your support
options may be limited if you choose to continue.


Install anyway? [Y]
The system will be modified. Continue? [Y]

If you're behind a NAT and your FQDN doesn't match your IP address Zimbra will complain and ask you if you want to change it. Say no for now. We'll deal with this later. If all goes well you should get to a menu that looks like this. You need to set the Admin password as denoted by the line of asterisks.

Main menu

1) Common Configuration:                                                 
2) zimbra-ldap:                             Enabled                      
3) zimbra-store:                            Enabled                      
+Create Admin User:                    yes                          
+Admin user to create:                 This email address is being protected from spambots. You need JavaScript enabled to view it.
******* +Admin Password                        UNSET                        
+Enable automated spam training:       yes                          
+Spam training user:                   This email address is being protected from spambots. You need JavaScript enabled to view it.
+Non-spam(Ham) training user:          This email address is being protected from spambots. You need JavaScript enabled to view it.
+Global Documents Account:             This email address is being protected from spambots. You need JavaScript enabled to view it.
+SMTP host:                            mail.soundlinuxtraining.com  
+Web server HTTP port:                 80                           
+Web server HTTPS port:                443                          
+Web server mode:                      http                         
+IMAP server port:                     143                          
+IMAP server SSL port:                 993                          
+POP server port:                      110                          
+POP server SSL port:                  995                          
+Use spell check server:               yes                          
+Spell server URL:                     http://mail.soundlinuxtraining.com:7780/aspell.php
+Configure store for use with reverse mail proxy: FALSE                        
+Configure store for use with reverse web proxy: FALSE                        

4) zimbra-mta:                              Enabled                      
5) zimbra-snmp:                             Enabled                      
6) zimbra-logger:                           Enabled                      
7) zimbra-spell:                            Enabled                      
8) Default Class of Service Configuration:                               
r) Start servers after configuration        yes                          
s) Save config to file                                                   
x) Expand menu                                                           
q) Quit

After you've set the Admin password you can also set the LDAP/Postfix/Amivis passwords by going into menu 2. After you've set these things it will ask you if you want to activate the changes and save the config. Say yes to everything and it will start the services.

If everything goes well you should see this at the end

 

Configuration complete - press return to exit 

 

Troubleshooting Zimbra

Keep everything simple when troubleshooting. Zimbra is a complex system of applications with many commands (most of which I don't have a clue about). You're troubleshooting steps should look something like this.

  1. Make sure zimbra installed and initialized properly
  2. Make sure your Virtual Machine's firewall isn't restricting access
  3. Make sure you have your DNS name resolving to your Virtual Machine's IP address (on all hosts you're accessing it with)
  4. Try accessing your Zimbra administration interface

 

1. Make sure Zimbra installe properly

If you get any errors run the ./install again. I've had to do this three times in a row to get everything working right. Just keep working through it if something doesn't run right. You can check to see if it's all working by using some of the zimbra commands as the user zimbra.

su - zimbra
zmcontrol status

The zmcontrol status command string should show you if all services are started and running. If you want to attempt a restart use the zmcontrol start command string

su - zimbra
zmcontrol start

 

2. Make sure your Virtual Machine's firewall isn't restricting access

iptables -L

3. Make sure DNS resolves

From Host OS

ping mail.soundlinuxtraining.com

PING mail.soundlinuxtraining.com (192.168.1.102) 56(84) bytes of data.
64 bytes from mail.soundlinuxtraining.com (192.168.1.102): icmp_seq=1 ttl=64 time=0.244 ms

Notice this resolves as 192.168.1.102 because of an entry in my /etc/hosts. My Virtual Server is behind a NAT and if I let an outside DNS server resolve it then it would point to my public IP which isn't what I want quite yet.

From Virtual Machine

ping mail.soundlinuxtraining.com

PING mail.soundlinuxtraining.com (192.168.1.102) 56(84) bytes of data.
64 bytes from mail.soundlinuxtraining.com (192.168.1.102): icmp_seq=1 ttl=64 time=0.244 ms

This too is because of an entry in the Virtual Machine's /etc/hosts file. The /etc/hosts file on both Dom0 and DomU looks something like this.

192.168.1.102         mail.soundlinuxtraining.com

 

4. Try accessing your Zimbra administration interface

Use a web browser from the Host OS to access your Virtual Machine's web administration interface

firefox https://mail.soundlinuxtraining.com:7071/zimbraAdmin

Firefox will probably complain about the security certificate being bad and ask if you want to continue or make and exception depending on which version of Firefox you have. Continue and you should see the Admin login window. Login as admin@<your domain>.

 

5. Forwarding port 25 and 80 through your firewall

Forwarding port 25 to domU

 

6. Configuring you Zimbra mail server

After you've successfully logged into Zimbra's admin interface add your domain and a user account and password. My mail server is at mail.soundlinuxtraining.com but my domain is soundlinuxtraining.com so I created a domain named soundlinuxtraining.com and created an account in that domain. Now open another browser window log in as that user to make sure it works.

firefox http://mail.soundlinuxtraining.com/zimbra

7. Setting up gmail as a mail relay

Original Tutorial here

You won't be able to send or receive mail yet as you don't have a mail relay set up. You can specify your ISPs mail server here or do what I do and use googles gmail servers.su - zimbra

zmprov ms mail.soundlinuxtraining.com zimbraMtaRelayHost smtp.gmail.com:587
echo smtp.gmail.com username:password > /opt/zimbra/conf/relay_password
postmap hash:/opt/zimbra/conf/relay_password
postconf -e smtp_sasl_password_maps=hash:/opt/zimbra/conf/relay_password
postconf -e smtp_sasl_auth_enable=yes
postconf -e smtp_cname_overrides_servername=no
postfix reload

 

Here I'm setting the relay host for mail.soundlinuxtraining.com to smtp.gmail.com port number 587. You may or may not need to port number if you use a different relay. Check with the relay provider for more info. Of course change username:password your gmail username and password. I batteled the Zimbra install for quite a while and gmail relaying for quite a while and the answer ended up being to just do it over and over and  over until you get it right. If you have any errors during installing Zimbra then just install it again. I thought I was having a problem with relaying through gmail because when I sent mail it wasn't ending up at the destination. I finally gave up and went to work only to find the mail in my inbox when I go there. Seems it was taking 5 minutes to send it. I'm not sure yet why this is and the logs show that Gmail is not accepting my certificate but ultimately sending the mail anyway. I'll check into it more when I get some time.

8. Accessing Zimbra webmail from a non-dom0 client

So you want to access your email from somewhere else? If your domU is behind a NAT then you'll need to forward port 25 and port 80 through your router to the domU's. You can see in this image that I have port 80 being forwarded to 192.168.1.100 and port 25 is forwarded to 192.168.1.102 (my domU).  All mail being sent to my mail server will be forwarded to the domU at 192.168.1.102. This allows me to have my

Port forwarding

web server and my mail server on different domUs or even physical machines. The problem is the Zimbra webmail is being served up by 192.168.1.102 and all web traffic goes to 192.168.1.100.What we need is for the Apache web server on 192.168.1.100 to proxy all requests for the mail.soundlinuxtraining.com to be passed to the domU.

 

9. Setting up Apache's reverse proxy

All port 80 traffic is being forwarded to 192.168.1.100 so on that machine we want to edit the /etc/httpd/conf/httpd.conf file and add the following virtual host.

 

<virtualhost 192.168.1.100:80>

        ServerName mail.soundlinuxtraining.com

        ProxyVia on

        ProxyRequests Off

        ProxyPass / http://192.168.1.102/

        ProxyPassReverse / http://192.168.1.102/

</virtualhost>

All port 80 (web) requests coming through the outside network will be forwarded by the router to apache on 1921.68.1.100. This virtual host will then grab any of those requests destined for mail.soundlinuxtraining.com will be sent to our domU 1921.68.1.102 and vise versa. Save this and restart apache and test it.

 

Conclusion

That's about it for now. We have a dedicated Zimbra domU behind a NAT with port 25 being forwarded to it. We are using authenticated mail sending through gmails servers to get around ISP mail server restrictions and we're using Apache on another machine to Proxy web requests to the domU.

Now that you've done all of this work it would be wise of you to backup up the domU image file.

 

 

 

Tech Virtualization Xen Howtos Create a Zimbra mail server on Xen