For additional guidance, check out our community articles detailing the process of migrating from your current platform to Carbonio CE.
For enterprise-level requirements and advanced features, consider checking out Zextras Carbonio – the all-in-one private digital workplace designed for digital sovereignty trusted by the public sector, telcos, and regulated industries.
This article is meant to guide you through a Zimbra multi-server installation on CentOS / RHEL.
We will proceed in the following order:
- Install LDAP server(s)
- Install Zimbra Mailbox Server(s)
- Install MTA Server(s)
- Install Proxy(s)
Before starting with this guide, it is important to draw attention to one aspect:
SUDO:
You need root rights to give most of the commands shown in this guide. You can simply add “sudo” before any command (eg. sudo yum update). There is also the possibility to log in as root using the command: “ sudo su – ” and then entering the root password and in this case you no longer have to enter “sudo” before giving commands.
However it is good practice to avoid performing more actions as root than you need to. Sudo facilitates this by allowing you to run individual commands as root without having to log in as root and without needing an interactive root shell for tasks. If you feel too lazy you can go for “sudo su”, but you have been warned.
Step 1) Setting up the environment
We are now going to set up each server for Zimbra installation.
SubStep 1: Install CentOS / RHEL on all servers
Install the OS on your server and then perform an update:
sudo yum -y updateSubStep 2: Set hostnames
Log in as root user and then set hostnames on each server using the command:
hostnamectl set-hostname <hostname>for example ldap.domain.com
hostnamectl set-hostname ldap.domain.comSubStep 3: Modify /etc/hosts with the proper hostname and IP address
We now need to edit hosts file on each server:
nano /etc/hostsadding IP address and hostname adding the following line:
< ip-address> < hostname > < name >For example:
192.168.56.10 ldap.domain.com ldapDo this on all servers
SubStep 4: Download latest Zimbra release locally on all servers
Download the latest Zimbra package:
wget https://files.zimbra.com/downloads/8.8.15_GA/zcs-8.8.15_GA_3953.RHEL8_64.20200629025823.tgzAnd then unpack:
tar xvf zcs-8.8.15_GA_3953.RHEL8_64.20200629025823.tgzDo it on all servers.
Step 2) Install Zimbra LDAP Server
We will start wit the installation of Zimbra on LDAP server, so what we have to do is to enter the zcs folder:
cd zcs-8.8.15_GA_3953.RHEL8_64.20200629025823.tgzand then start the installation process:
sudo screen ./install.shYou will be asked a couple of question, and then will have to select the proper packages:
Do you agree with the terms of the software license agreement? [N] y
Use Zimbra's package repository [Y] y
Select the packages to install
Install zimbra-ldap [Y] Y
Install zimbra-logger [Y] n
Install zimbra-mta [Y] n
Install zimbra-dnscache [N] n
Install zimbra-snmp [Y] Y
Install zimbra-store [Y] n
Install zimbra-apache [Y] n
Install zimbra-spell [Y] n
Install zimbra-memcached [Y] n
Install zimbra-proxy [Y] n
Install zimbra-chat [N] n
Install zimbra-drive [N] n
Checking required space for zimbra-core
Installing:
zimbra-core
zimbra-ldap
zimbra-snmp
The system will be modified. Continue? [N] Y
The download of packages should now start. At the end you have to configure Ldap master host, hostname, and domain to create:
Common configuration
1) Hostname:
2) Ldap master host:
3) Ldap port: 389
4) Ldap Admin password: set
5) Store ephemeral attributes outside Ldap: no
6) Secure interprocess communications: yes
7) TimeZone: UTC
8) IP Mode: ipv4
9) Default SSL digest: sha256
Ldap configuration
1) Status: Enabled
2) Create Domain: yes
3) Domain to create:
4) Ldap root password: set
5) Ldap replication password: set
6) Ldap postfix password: set
7) Ldap amavis password: set
8) Ldap nginx password: set
9) Ldap Bes Searcher password: set
Once you finished, press a to start the installation and configuration process.
*** CONFIGURATION COMPLETE - press 'a' to apply
Select from menu, or press 'a' to apply config (? - help) a
Save configuration data to a file? [Yes]
Save config in file: [/opt/zimbra/config.31786]
Saving config in /opt/zimbra/config.31786...done.
The system will be modified - continue? [No] Yes
Installation completed.
Step 3) Install Zimbra Mailbox Server
The second one we are going to install is Mailbox Server. We start installation like in the previous step. But we need to select different packages:
Do you agree with the terms of the software license agreement? [N] y
Use Zimbra's package repository [Y] y
Select the packages to install
Install zimbra-ldap [Y] n
Install zimbra-logger [Y] y
Install zimbra-mta [Y] n
Install zimbra-dnscache [N] n
Install zimbra-snmp [Y] y
Install zimbra-store [Y] y
Install zimbra-apache [Y] y
Install zimbra-spell [Y] y
Install zimbra-memcached [Y] n
Install zimbra-proxy [Y] n
Install zimbra-chat [N] n
Install zimbra-drive [N] n
Install zimbra-imapd (BETA - for evaluation only) [N] n
Checking required space for zimbra-core
Installing:
zimbra-core
zimbra-logger
zimbra-snmp
zimbra-store
zimbra-apache
zimbra-spell
zimbra-drive
The system will be modified. Continue? [N] YNow what we need to configure some settings.
Under Common configuration:
- Hostname: mailbox.domain.com
- Ldap master host: ldap.domain.com
- Ldap Admin password: < password >
Under zimbra-store:
- Admin Password: < password >
- SMTP host: < hostname >
- Configure for use with mail proxy: TRUE
- Configure for use with web proxy: TRUE
- Install UI (zimbra,zimbraAdmin webapps): yes
- Install mailstore (service webapp): yes
Feel free to modify any other settings you see necessary and then start the installation process.
Step 4) Install Zimbra MTA Server
We are now looking at the installation of MTA server. In this case, after starting installation as usual, we will select the following packages:
Select the packages to install
Install zimbra-ldap [Y] n
Install zimbra-logger [Y] n
Install zimbra-mta [Y] y
Install zimbra-dnscache [Y] y
Install zimbra-snmp [Y] y
Install zimbra-store [Y] n
Install zimbra-apache [Y] n
Install zimbra-spell [Y] n
Install zimbra-memcached [Y] n
Install zimbra-proxy [Y] n
Install zimbra-chat [N] n
Install zimbra-drive [N] n
Checking required space for zimbra-core
Installing:
zimbra-core
zimbra-mta
zimbra-snmp
zimbra-dnscache
The system will be modified. Continue? [N] y
At the end, on the configurations window, we need to set something as shown in the following steps.
Under 1) Common Configuration, set:
- Hostname:
- Ldap master host:
- Ldap Admin password:
1) Hostname: mta.domain.com
2) Ldap master host: ldap.domain.com
3) Ldap port: 389
4) Ldap Admin password: set
5) LDAP Base DN: cn=zimbra
6) Store ephemeral attributes outside Ldap: yes
7) Value for zimbraEphemeralBackendURL: ldap://default
8) Secure interprocess communications: yes
9) TimeZone: UTC
10) IP Mode: ipv4
11) Default SSL digest: sha256
Under 2) zimbra-mta set
- Bind password for postfix ldap user:
- Bind password for amavis ldap user:
Mta configuration
1) Status: Enabled
2) Enable Spamassassin: yes
3) Enable Clam AV: yes
4) Enable OpenDKIM: yes
5) Notification address for AV alerts: admin@mta.domain.com
6) Bind password for postfix ldap user: set
7) Bind password for amavis ldap user: set
Under zimbra-dnscache, you need to configure master DNS ip addresses separated by space like in the example below:
DNS Cache configuration
1) Status: Enabled
2) Master DNS IP address(es): 8.8.4.4 1.1.1.1 8.8.8.8
3) Enable DNS lookups over TCP: yes
4) Enable DNS lookups over UDP: yes
5) Only allow TCP to communicate with Master DNS: no
Once done, save the settings and type a to begin Zimbra MTA setup.
Step 5) Install Zimbra Proxy Server
Start with Installation of Zimbra as shown above, then in order to install Zimbra Proxy server, you need to select the following packages :
Select the packages to install
Install zimbra-ldap [Y] n
Install zimbra-logger [Y] n
Install zimbra-mta [Y] n
Install zimbra-dnscache [N] n
Install zimbra-snmp [Y] y
Install zimbra-store [Y] n
Install zimbra-apache [Y] n
Install zimbra-spell [Y] n
Install zimbra-memcached [Y] y
Install zimbra-proxy [Y] y
Install zimbra-chat [N] n
Install zimbra-drive [N] n
Checking required space for zimbra-core
Installing:
zimbra-core
zimbra-snmp
zimbra-memcached
zimbra-proxy
The system will be modified. Continue? [N] yFill all required information:
Common configuration
1) Hostname: <proxy.domain.com>
2) Ldap master host: <ldap.domain.com>
3) Ldap port: 389
4) Ldap Admin password: set
5) LDAP Base DN: cn=zimbra
6) Store ephemeral attributes outside Ldap: yes
7) Value for zimbraEphemeralBackendURL: ldap://default
8) Secure interprocess communications: yes
9) TimeZone: UTC
10) IP Mode: ipv4
11) Default SSL digest: sha256
Proxy configuration
1) Status: Enabled
2) Enable POP/IMAP Proxy: TRUE
3) Enable strict server name enforcement? TRUE
4) IMAP server port: 7143
5) IMAP server SSL port: 7993
6) IMAP proxy port: 143
7) IMAP SSL proxy port: 993
8) POP server port: 7110
9) POP server SSL port: 7995
10) POP proxy port: 110
11) POP SSL proxy port: 995
12) Bind password for nginx ldap user: set
13) Enable HTTP[S] Proxy: TRUE
14) Web server HTTP port: 8080
15) Web server HTTPS port: 8443
16) HTTP proxy port: 80
17) HTTPS proxy port: 443
18) Proxy server mode: < > Under Common Configuration, you have to set:
- Hostname:
- Ldap master host:
- Ldap Admin password:
Under Proxy Configuration, rember to choose the server mode according to your requirements. You can set http, https, both, redirect or mixed.
Once you finished with this part, enable proxy console on port 9071 by running the following command, logging as Zimbra user:
sudo su - zimbra
/<path>/zimbra/libexec/zmproxyconfig -e -w -C -H <zmhostname>- This will enable admin console proxy port 9071 on the proxy server
- Make sure mailbox server’s admin console is configured on port 7071 (default)
After making changes restart proxy service:
zmproxyctl restartRemember that the service should bind to port 9071. You can confirm this with ss command:
sudo ss -tunelp | grep 9071To access admin console over a proxy, the URL should be https://proxy.domain.com:9071/
