Zimbra Multi-Server Installation on Ubuntu LTS


Note: Zimbra contains a set of modules that can be installed on the same server (single server installations) or that can be distributed across multiple servers (multi-server installations). If you are new to Zimbra and want to set it up for the first time it’s best to try the single server installation first. You can use this guide for a clean installation of Ubuntu LTS either using a virtual machine or not. This guide is very simple and suitable even for beginners. Here we use Ubuntu 18.04.5 LTS (Bionic Beaver) desktop version but you can use any other versions of Ubuntu as long as it is supported by Zimbra.

In the multi-server installation, you need to separately configure and install Zimbra on different machines with the same operating system. Each machine is a server that should be installed in this order, LDAP server, MTA server, Proxy server, and Mailbox server. The proxy server is usually installed on the MTA server.

Installation procedure in a nutshell

  • LDAP server configuration and installation
  • MTA server configuration and installation (proxy will also be installed on this server)
  • Mailbox server configuration and installation

Either you are using a virtual machine to run your servers or you run each server in a separate machine, make sure you have a clean installation of the operating system on each server machine with these configurations for each server

LDAP Server hostname ldap.example.com IP address 192.168.30.201
MTA/Proxy Server hostname mta.example.com IP address 192.168.30.202
Mailbox Server hostname mail.example.com IP address 192.168.30.203

Some checks

You should perform these checks for each server machine.

Internet connectivity

The first thing you want to check is the internet connectivity, otherwise, you will face some problems and errors which does not necessarily declare there is a problem with the network connectivity. To do so you have several options but we use the one which might not be the most comfortable one but it is a good exercise to start using the terminal.

Open terminal and type

ping google.com

You should not get any errors if you are connected to the internet. You will see a series of something like this

64 bytes from mil07s12-in-f14.1e100.net (216.58.209.46): icmp_seq=9 ttl=113 time=10.0 ms

To stop it you can hit CTRL+C.

Packages and Update

Update the operating system by this command

sudo apt update

There are two packages we are going to use for this guide which are probably pre-installed on Ubuntu but you can run these install commands anyway to make sure.

sudo apt install wget
sudo install nano

and then reboot the system by

reboot

Firewall

You also configure the firewall to open some ports. Install firewalld

sudo apt install firewalld

Open these ports and reload

firewall-cmd --permanent --add-port={25,80,110,143,443,465,587,993,995,5222,5223,9071,7071}/tcp
firewall-cmd --reload

Root access

As you see up to this point you should enter your password each time you use sudo command, to make this easier you can access the root by entering the password only one time. For some configuration we want to make in the future it will be also necessary to access the root. To do so type this command

sudo -i

Enter the password and you will be the root user. You should see the command line now contains the word root.

1. LDAP Server Configuration and installation

Operating system installation

First, you should install an Ubuntu LTS operating system installed as the LDAP server.

Setting timezone, hostname, and hosts

Set the timezone by this command

timedatectl set-timezone Africa/Abidjan

Now set the hostname by

hostnamectl set-hostname ldap.example.com

Open the hosts file

nano /etc/hosts

and add these lines

192.168.30.201 ldap.example.com ldap
192.168.30.202 mta.example.com mta
192.168.30.203 mail.example.com mail

If you don’t understand these commands read this first.

To verify the new settings use these commands

date
ls -l /etc/localtime
hostname
cat /etc/hosts


Using chrony for clock synchronization

apt -y install epel-release
apt -y install deltarpm bind-utils net-toolsyum -y install chrony

enable it by

systemctl start chronyd

Then open the SELinux config file

nano /etc/selinux/config

and add this line

SELINUX=disabled

Backing up the config file by

cp -p /etc/chrony.conf /etc/chrony.conf.bk

Open chrony config file

nano /etc/chrony.conf

and add this file

allow 192.168.30.0/24

Then restart chrony

systemctl restart chronyd

Verify new settings

chronyc tracking
chronyc sources

Installing Dnsmasq

apt -y install dnsmasq
groupadd -r dnsmasquseradd -r -g dnsmasq dnsmasq

enable it

systemctl start dnsmasq

Now back up the config file

cp /etc/dnsmasq.conf /etc/dnsmasq.conf.bk

open the file

nano /etc/dnsmasq.conf

delete everything and add these configurations

bogus-priv
interface=enp0s8
listen-address=127.0.0.1
port=53
bind-interfaces
user=dnsmasq
group=dnsmasq
no-dhcp-interface=enp0s8
pid-file=/var/run/dnsmasq.pid
log-facility=/var/log/dnsmasq.log
log-queries
domain-needed
no-hosts
dns-forward-max=150
cache-size=1000
neg-ttl=3600
resolv-file=/etc/resolv.dnsmasq
no-poll
domain=example.com
server=/example.com/192.168.30.202
address=/example.com/192.168.30.202
address=/ldap.example.com/192.168.30.201
address=/mta.example.com/192.168.30.202
address=/mail.example.com/192.168.30.203
address=/mail.example.com/192.168.30.202
mx-host=example.com,mail.example.com,10
txt-record=example.com
v=spf1 mx ~all

Then create a new file called resolve.dnsmasq and open it

touch /etc/resolv.dnsmasq
nano /etc/resolv.dnsmasq 

Open network interface config file by

nano /etc/sysconfig/network-scripts/ifcfg-enp0s8

Note which interface you should configure, here we should configure enp0s8 as opposed to enp0s3, for understanding which interface to choose read this page.

Comment every line containing DNS by adding # at the beginning of the line, then add these lines

nameserver 8.8.8.8
nameserver 9.9.9.9
DNS1=127.0.0.1
DNS2=8.8.8.8

then restart the network and dnsmasq

systemctl restart network
systemctl restart dnsmasq

Installation of necessary packages for Zimbra

apt -y remove postfix
apt -y install nmap-ncat sudo libidn gmp libaio libstdc++ unzip perl sysstat sqlite

Installation of Zimbra on LDAP Server

Now Install Zimbra on LDAP Server (ldap.example.com)

For learning how to do so read the last section of this page. During the installation we only install these packages of Zimbra: zimbra-core zimbra-ldap zimbra-snmp

Checking Zimbra services

su – zimbra
zmcontrol status

Showing Zimbra LDAP Password on ldap server

su - zimbra
zmlocalconfig -s zimbra_ldap_password ldap_master_url
zimbra_ldap_password = NEflj_jf

2. MTA Server Configuration and installation

Operating system installation

First, you should install an Ubuntu LTS operating system installed as the MTA server.

Setting timezone, hostname, and hosts

Set the timezone by this command

timedatectl set-timezone Africa/Abidjan

Now set the hostname by

hostnamectl set-hostname ldap.example.com

Open the hosts file

nano /etc/hosts

and add these lines

192.168.30.201 ldap.example.com ldap
192.168.30.202 mta.example.com mta
192.168.30.203 mail.example.com mail

If you don’t understand these commands read this first.

To verify the new settings use these commands

date
ls -l /etc/localtime
hostname
cat /etc/hosts


Using chrony for clock synchronization

apt -y install epel-release
apt -y install deltarpm bind-utils net-toolsyum -y install chrony

enable it by

systemctl start chronyd

Backing up the config file by

cp -p /etc/chrony.conf /etc/chrony.conf.bk

Open chrony config file

nano /etc/chrony.conf

Comment every line containing the word server by adding # at the beginning of the file and add this line

server 192.168.30.201 iburst

Then restart chrony

systemctl restart chronyd

Verify new settings

chronyc tracking
chronyc sources

DNS

Open network interface config file by

nano /etc/sysconfig/network-scripts/ifcfg-enp0s8

Note which interface you should configure, here we should configure enp0s8 as opposed to enp0s3, for understanding which interface to choose read this page.

Comment every line containing DNS by adding # at the beginning of the line, then add these lines

DNS1=192.168.30.201
DNS2=8.8.8.8

then restart the network and dnsmasq

systemctl restart network

Installation of necessary packages for Zimbra

apt -y remove postfix
apt -y install nmap-ncat sudo libidn gmp libaio libstdc++ unzip perl sysstat sqlite

Installation of Zimbra on MTA Server

Now Install Zimbra on LDAP Server (mta.example.com)

For learning how to do so read the last section of this page. During the installation, we only install these packages of Zimbra: zimbra-core zimbra-mta zimbra-snmp zimbra-memcached zimbra-proxy

Checking Zimbra services

su – zimbra
zmcontrol status

3. Mailbox Server Configuration and installation

Operating system installation

First, you should install an Ubuntu LTS operating system installed as the Mailbox server.

Setting timezone, hostname, and hosts

Set the timezone by this command

timedatectl set-timezone Africa/Abidjan

Now set the hostname by

hostnamectl set-hostname ldap.example.com

Open the hosts file

nano /etc/hosts

and add these lines

192.168.30.201 ldap.example.com ldap
192.168.30.202 mta.example.com mta
192.168.30.203 mail.example.com mail

If you don’t understand these commands read this first.

To verify the new settings use these commands

date
ls -l /etc/localtime
hostname
cat /etc/hosts


Using chrony for clock synchronization

apt -y install epel-release
apt -y install deltarpm bind-utils net-toolsyum -y install chrony

enable it by

systemctl start chronyd

Then open the SELinux config file

nano /etc/selinux/config

and add this line

SELINUX=disabled

Backing up the config file by

cp -p /etc/chrony.conf /etc/chrony.conf.bk

Open chrony config file

nano /etc/chrony.conf

Comment every line containing the word server by adding # at the beginning of the file and add this line

server 192.168.30.201 iburst

Then restart chrony

systemctl restart chronyd

Verify new settings

chronyc tracking
chronyc sources

DNS

Open network interface config file by

nano /etc/sysconfig/network-scripts/ifcfg-enp0s8

Note which interface you should configure, here we should configure enp0s8 as opposed to enp0s3, for understanding which interface to choose read this page.

Comment every line containing DNS by adding # at the beginning of the line, then add these lines

DNS1=192.168.30.201
DNS2=8.8.8.8

then restart the network and dnsmasq

systemctl restart network

Installation of necessary packages for Zimbra

apt -y remove postfix
apt -y install nmap-ncat sudo libidn gmp libaio libstdc++ unzip perl sysstat sqlite

Installation of Zimbra on Mailbox Server

Now Install Zimbra on LDAP Server (mailbox.example.com)

For learning how to do so read the last section of this page. During the installation, we only install these packages of Zimbra: zimbra-core zimbra-logger zimbra-snmp zimbra-store zimbra-apache
zimbra-convertd

Checking Zimbra services

su – zimbra
zmcontrol status

Finalizing the Installation

Configuring Zimbra Logger Service

The logger service will be run on our Mailbox server (mail.example.com).
First on the Mailbox server (mail.example.com) enter these commands

su - zimbra -c 'zmupdateauthkeys' /opt/zimbra/libexec/zmsyslogsetup

# vi /etc/rsyslog.conf
$ModLoad imudp
$UDPServerRun 514
$ModLoad imtcp
$InputTCPServerRun 514

# systemctl restart rsyslog

su - zimbra -c 'zmprov gacf | grep zimbraLogHostname'

su - zimbra -c 'zmcontrol status'

Then on the LDAP server (ldap.example.com) enter these commands

su - zimbra -c 'zmupdateauthkeys' /opt/zimbra/libexec/zmsyslogsetup
systemctl restart rsyslog
su - zimbra -c 'zmprov gacf | grep zimbraLogHostname'
su - zimbra -c 'zmcontrol status'

Configure Proxy Control

Now on the MTA server (mta.example.com) enter these commands

su - zimbra -c '/opt/zimbra/libexec/zmproxyconfig -e -w -C -H `zmhostname`'
su - zimbra -c 'zmproxyctl restart'
su - zimbra -c 'zmproxyctl status'
firewall-cmd --permanent --zone=public --permanent --add-port=9071/tcpfirewall-cmd --permanent --zone=public --add-rich-rule 'rule family="ipv4" source address="192.168.30.0/24" port protocol="tcp" port="9071" accept'

firewall-cmd --reload
firewall-cmd --list-all

Then log into the Administration Console by entering this address in a browser from your guest
machine if you’re using a virtual machine otherwise use a separate machine to log in

https://192.168.30.202:9071/zimbraAdmin/

Technical writer at Zextras, an open-source and technology enthusiast who creates instructional and technical articles about Zextras and Zimbra.

Post your comment