How to install Zimbra Mail Server

How to install Zimbra Mail Server

How to install Zimbra Mail Server

zimbra is powerful mailing solution now a days.zimbra installed in split manage, means your can deploy it in multiple server to load balance server as well as remove down time from your mail servers zone.

Web Application
Advanced Zimbra Email ü
Basic Search ü
Address Book ü
Personal Distribution Lists ü
Desktop Clients
POP / IMAP Email ü
CardDAV / iCal / CalDAV Clients ü
Zimbra Desktop with Offline Access ü
Mobile Devices
Zimbra Mobile Web Client ü
POP/IMAP Email for iPhone/Android / Smartphones ü
CardDAV Contacts & CalDAV Calendar for iPhone ü
Server Administration
Zimbra Web Administration Console ü
Command Line Interface (CLI) ü
Integrated Anti-­‐Spam / Anti-­‐Virus ü
LDAP Support ü
Real Time Back Up / Restore ü
Server Clustering / High Availability* ü
Storage Management / HSM ü
Domain Management and Customization
Multi-­‐domain Support ü
Delegate and Domain Administration ü
Rebrand Web Client UI ü
Migration Tools ü

Zimbra Components

Zimbra architecture includes open-source integrations using industry standard protocols. The third-party software listed below is bundled with Zimbra software and installed as part of the installation process. These components have been tested and configured to work with the software.

  • Jetty, the web application server that Zimbra software runs in.
  • Postfix, an open source message transfer agent (MTA) that routes mail messages to the appropriate Zimbra server
  • OpenLDAP software, an open source implementation of the Lightweight Directory Access Protocol (LDAP) that provides user authentication
  • MySQL database software
  • Lucene, an open-source full featured text and search engine
  • Anti-virus and anti-spam open source components including:
    • ClamAV, an anti-virus scanner that protects against malicious files
    • SpamAssassin mail filter that attempt to identify spam
    • Amavisd-new, which interfaces between the MTA and one or more content checkers
    • James/Sieve filtering, used to create filters for email

Zimbra System Directory Tree Structure

Mail Store Usable Storage

Zimbra /opt/Zimbra Zimbra Binaries
Store /store Message Store
DB /db MySQL db
Index /index Message Indexes
Config /conf Configuration Files
Log /log Zimbra Logs
Redo Log /redo Message Replay Logs
Backup /backup Backup

Table 1 : Mail Store Storage Requirements

  • MTA
Name Mount Point File System Description
Boot /boot Ext4
Root / Ext4 Root Partition
Swap Swap Virtual Memory Swap Space
Opt /opt/Zimbra/data/postfix/spool Ext4 Postfix Spool

Table 2 : MTA File System Setup

 

 

  • LDAP Master
LV Name Mount Point File System Description
Boot /boot Ext4
Root / Ext4 Root Partition
Swap Swap Virtual Memory Swap Space
Opt /opt Ext4 Zimbra Binaries
Zimbra /opt/Zimbra/data Ext4 on LVM LDAP Data
Backup /backup Ext4 Backup

Table 3: LDAP Master File System Setup

  • LDAP Replica
LV Name Mount Point File System Description
Boot /boot
Root / Ext4 Root Partition
Swap Swap Virtual Memory Swap Space
Opt /opt Ext4 Zimbra Binaries

Table 4: LDAP Replica File System Setup

  • Mail Store
LV Name Mount Point File System Description
Boot /boot
Root / Ext4 Root Partition
Swap Swap Virtual Memory Swap Space
Opt /opt Ext4 Opt
Zimbra /opt/Zimbra /mountpoints/service-name Ext4 Zimbra Binaries
Store /store Ext4 Message Store
Db /db Ext4 MySql db
Index /index Ext4 Message Indexes
Config /conf Ext4 Configuration Files
Log /log Ext4 Zimbra Logs
Redo Log /redolog Ext4 Message Replay Logs
Backup /backup Ext4 Backup SATA

Table 5 : Mail store File System Setup

 

 

Component Versions

Component Version
VMware Esxi 5.1
RHEL 6.4
ZCS 8.0.3GA

 

The main directories created by the Zimbra installation packages.

The directories not listed in this table are libraries used for building the core Zimbra software

Note: The directory organization is the same for any server in the Zimbra Collaboration Suite, installing under /opt/Zimbra.

Table 1 Directory Structure for Zimbra Components

Parent Directory Description
/opt/Zimbra/ Created by all Zimbra installation packages
bin/ Zimbra application files, including the utilities described in Appendix A, Command -Line Utilities
Clamav Clam AV application files for virus and spam controls
conf/ Configuration information
Contrib Third party scripts for conveyance
Convertd Convert service
cyrus-sasl SASL AUTH daemon
data/ldap/hdb OpenLdap data directory
db/ Data Store
doc/ SOAP txt files
Dspam DSPAM antivirus
Httpd Spell server
/ Store
java/ Contains Java application files
jetty/ mailbox application server instance. In this directory, the webapps/Zimbra/skins directory includes the Zimbra UI theme files.
lib/ Libraries
libexec/ Internally used executable
log/ Local logs for Zimbra server application
logger/ RRD and SQLite data files for logger services
mysql/ MySQL database files
openldap/ OpenLDAP server installation, pre-configured to work with Zimbra
postfix/ Postfix server installation, pre-configured to work with Zimbra
redolog/ Contains current transaction logs for the Zimbra server
sleepycat/ Berkeley DB
snmp/ SNMP monitoring files
ssl/ Certificates
store/ Message store
Wiki Contains the Zimbra Documents global template file
Zimbramon/ Contains the control scripts and Perl modules
Zimlets Contains Zimlet zip files that are installed with Zimbra
zimlets-extra Contains Zimlet zip files that can be installed
Zmstat mailbox statistics are saved as .csv files

 


 

Planning for the Zimbra Installation

Zimbra Packages

Zimbra architecture includes open-source integrations using industry standard protocols. The third-party software has been tested and configured to work with the Zimbra software.

The following describes the Zimbra packages that are installed.

  • Zimbra Core. This package includes the libraries, utilities, monitoring tools, and basic configuration files. Zimbra Core is automatically installed on each server.
  • Zimbra LDAP. User authentication is provided through OpenLDAP® software. Each account on the Zimbra server has a unique mailbox ID that is the primary point of reference to identify the account. The OpenLDAP schema has been customized for ZCS. The Zimbra LDAP server must be configured before the other servers. You can set up LDAP replication, configuring a master LDAP server and replica LDAP servers.
  • Zimbra Store. The Zimbra store includes the components for the mailbox server, including Jetty, which is the servlet container the Zimbra software runs within. The Zimbra mailbox server includes the following components:
    • Data store. The data store is a MySQL® database.
    • Message store. The message store is where all email messages and file attachments reside.
    • Index store. Index and search technology is provided through Lucene. Index files are maintained for each mailbox.
  • Zimbra MTA. Postfix is the open source mail transfer agent (MTA) that receives email via SMTP and routes each message to the appropriate Zimbra mailbox server using Local Mail Transfer Protocol (LMTP). The Zimbra MTA also includes the anti-virus and anti-spam components.
  • Zimbra SNMP. Installing the Zimbra SNMP package is optional. If you choose to install Zimbra-SNMP for monitoring, this package should be installed on every Zimbra server.
  • Zimbra Logger. Installing the Zimbra Logger package is optional and is installed on one mailbox server. The Zimbra Logger installs tools for syslog aggregation and reporting. If you do not install Logger, the server statistics section of the administration console will not display

Note: The Logger package must be installed at the same time as the mailbox server.

  • Zimbra Spell. Installing the Zimbra Spell package is optional. Spell is the open source spell checker used on the Zimbra Web Client.
  • Zimbra Apache. This package is installed automatically when Zimbra Spell is installed.
  • Zimbra-convertd. The default is to install one Zimbra-convertd on each Zimbra-store server. Zimbra Proxy. Zimbra proxy can be configured as a POP and IMAP proxy server and for reverse proxy HTTP requests. This package is normally installed on the MTA server or on its own independent server. Zimbra proxy can be installed on more than one server. When the Zimbra-proxy package is installed, the proxy feature is enabled. Installing the Zimbra Proxy is optional.
  • Zimbra-memcached. Memcached is automatically selected when the
  • Zimbra-proxy is installed. At least one server must run Zimbra-memcached when the proxy is in use. All installed Zimbra-proxies can use a single memcached server.

 

Zimbra Port Mapping

 Server Port
Remote Queue Manager 22
Postfix 25
HTTP 80
POP3 110
IMAP 143
LDPA 389
HTTPS 443
Mailboxd IMAP SSL 993
Mailboxd POP SSL 995
Mailbox LMTP 7025
ADMIN CONSOLE 7071,7072

Multi-Server Configuration

The exact configuration for each deployment is highly dependent on variables including the number of mailboxes, mailbox quotas, performance requirements, existing network infrastructure, IT policies, security methodologies, spam filtering requirements, and so forth.

Following figure shows a typical configuration with incoming traffic and user connection. Alternate ways of configuring at many points within the network are possible.


 

Figure: Typical Configuration with Incoming Traffic and User Connections

ZIMBRA Installation Prerequisites

  • Operating System: Red Hat 6 or above (RHEL 6.5 in current implemented version)
  • DNS Configuration: When you create a domain during the installation process, ZCS checks to see if you have an MX record correctly configured. If it is not, an error is displayed suggesting that the domain name have an MX record configured in DNS.
  • Application Requirement: For Red Hat Enterprise operating systems, the server must also have the following installed
  1. NPTL – Native POSIX Thread Library
  2. Sudo – Superuser, required delegating admins.
  3. libidn– For internationalizing domain names in applications (IDNA)
  4. GMP – GNU Multiple-Precision Library.
  5. nc – arbitrary TCP and UDP connections and listens.

Follow the steps as follows to set the required environment before starting ZCS Setup.

Configure FDQN: (Note: This setting Applied to all the servers)

  • Open your Putty Session
  • Log in as Root
  • Disable unnecessary applications.
  • In System Console open your vi Editor by typing following command

Vi /etc/sysconfig/network

  • Once you execute the above command below given screen will displayed.
  • Set your Appropriate Host name (Note: below screen host name will defer by server to server)

 

Modify /etc/hosts file:

 

Once the required environment is set, Execute the command to stop Linux default send mail service

  • chkconfig sendmail off
  • chkconfig postfix off
  • Now the System is ready for ZCS installation.

Zimbra Installation Process:

Summary:

In Current scenario ZCS application Roles are getting configured on multiple-server node. In order to install Multi-Server Roles we have followed the Guideline by Zimbra (Page # 27) as follows:

Important: Install the servers in the following order.

  1. LDAP server
  2. Zimbra Mailbox Servers
  3. Zimbra MTA Servers
  4. DNS Server.

ZCS Installation

You may refer to Page # 25 of the Zimbra Multi-Server Installation Guide for more information.

  • Copy ZCS 8.0.3 GA installable setup in all the servers.
  • We have downloaded the installation setup of ZCS and copied the same in Folder “Pack” under the root

Path is as Follow: /root/pack/zcs-NETWORK- 8.0.3_GA_5664.RHEL6_64.20130305090219.tgz

  • As you see the above file is in compressed format which needs to be extracted first.
  • Execute following commands to unpack the installed file.
    • Under the directory /root/pack.
    • tar – xvzf zcs-NETWORK-8.0.3_GA_5664.RHEL6_64.20130305090219.tgz
  • After extraction process is completed following file will be added in the same directory.
    • zcs-NETWORK-8.0.3_GA_5664.RHEL6_64.20130305090219.tgz
  • Once you are in same directory execute the installation command as:
    • ./install.sh
  1. The installation process checks to see if Sendmail, Postfix, and MySQL softwares are running, if any application is running one has to disable it. Disabling MySQL is optional, however it is highly recommended. Sendmail and Postfix must be disabled for the Zimbra Collaboration Server to start correctly.
  2. Next, the installer checks to see that the prerequisite software is installed or not. If NPTL, sudo, libidn, cURL, fetchmail, GMP or compat-libstdc++- are not installed, the installation process quits.
  3. In our installation we have already installed the require prerequisite. (refer below screen it shows all require prerequisites are found).

Installing Zimbra LDAP Master Server

Zimbra Master LDAP server configured before installing any other node. We have configured LDAP replication after configuring all Zimbra individual Servers. You may refer to Page # 31 of the Zimbra Multi-Server Installation Guide.

  1. Follow all the steps from ZIMBRA Installation Prerequisites.
  2. Typed Y/yes and pressed enter to install the Zimbra-LDAP, Zimbra-SNMP package, except to that all other were marked No/N.
  3. Type Y, and press Enter to modify the system. The selected packages are installed on the server.

As the hostname of the domain is configured different than the MX and domain name is sahara.in , as it asks whether you would like to go ahead with the default domain name i.e. ldapmaster.sahara.in or like to change it, we have changed it to sahara.in.

  1. The Main menu displays default entries for the Zimbra component we are installing.   To navigate the Main menu, select the menu item to change. You can modify any of the values. To expand the menu to see the configuration values type appropriate value and press enter.
  2. Type 1 to display the Common Configuration submenus.
  3. Type 4 to display the automatically generated LDAP admin password. Changed the password of the admin, write down the password, as it will be required during installation of MTA and Mail Store servers.
  4. Type 6 to set the correct time zone, by default it will come with Asia/Colombo, for Asia/Kolkata, you have to select 47.
  5. Type “r” to return to the Main menu.
  6. When changes to the LDAP configuration menu are complete, enter r to return to the main menu. Type ‘a’ to apply the configuration changes.
  7. When Save configuration data to file appears type ‘Yes’ and press ‘Enter’
  8. The next request asks where to save the files. To accept the default, press Enter. To save the files to another directory, enter the directory and press Enter.
  9. When the system will be modified – continue? Appears type ‘y’ and press Enter.
  10. When Configuration complete – press return to exit displays, press “Enter”.

Installing Zimbra Mailbox Server

As per solution designed we have to deploy 4 mail store servers, the installation process for all the four servers is same as follows. You may refer to Page # 34 of the Zimbra Multi-Server Installation Guide.

  1. Follow all the prerequisite steps section.
  2. Start Zimbra installation by executing command ./install.sh
  3. Typed Y/yes and pressed enter to install the following roles on the all mailstore server.
  • Zimbra-store,
  • Zimbra-apache,
  • Zimbra-spell,
  • Zimbra-convertd,
  • Zimbra-archiving,
  • Zimbra-logger
  • Zimbra-SNMP package,
  1. Except to that all other were marked No/N.

Note: Zimbra-logger is installed on only one mailbox server.

  1. Type “Y”, and press “Enter’ to modify the system. The selected packages are installed on the server
  2. The Main menu displays the default entries for the Zimbra component we are installing.   To navigate the Main menu, select the menu item to change. You can modify any of the values. To expand the menu to see the configuration values type appropriate value and press enter.

 

  1. Type “1” to display the Common Configuration submenus

Type “2”, press ‘Enter”, and type the LDAP host name.

Type “4”, press Enter, and type the LDAP password. After you set these values, the server immediately contacts the LDAP server. If it cannot contact the server, you cannot proceed.

Type “r” to return to the Main menu

From the Main menu, type “2” to go to the Store configuration menu and configure the Zimbra mailbox store server settings.

Type “4” and set the password for the administrator account. (Admin:[email protected])The password is case sensitive and must be a minimum of six characters. YOU ARE REQUESTED TO CHANGE THE PASSWORD AS PER YOUR IT POLICY

During the install process, the admin account is provisioned on the mailbox store server. You log on to the administration console with this password.

Configuration changes set while defining Mail Store server:

Type the corresponding number i.e. 9 and set the SMTP host, this is the MTA server’s hostname. We have set mta1.sahara.in for MailStore1.

Type the corresponding number i.e. 12, if you want to change the default web server mode. The communication protocol options are HTTP, HTTPS, mixed, both or redirect.

Currently in our scenario we have Set Mixed. (refer above screen shot)

We have also enabled POP/IMAP proxy and it is visible in the below screen shot.

Type the corresponding menu number to install the Zimbra license file. Enter the location of the Zimbra license file, i.e. /root/ZCSLicense.xml.

Type “r” to return to the Main menu

When the mailbox server is configured, return to the Main menu and type “a” to apply the configuration changes. Press “Enter” to save the configuration data.

When “Save Configuration data to a file” appears, press “Enter”.

The next request asks where to save the files.

To accept the default, press “Enter”.

To save the files to another directory, enter the directory and then press Enter.

When the “system will be modified – continue?” appears, type “y” and press Enter.

When “Configuration complete – press return to exit” displays, press “Enter”

Installing Zimbra MTA

You may refer to Page # 40 of the Zimbra Multi-Server Installation Guide.

  • Follow all the prerequisite steps
  • Start Zimbra installation by executing same command ./install.sh

Typed Y/yes and pressed enter to install the

  • Zimbra-MTA
  • Zimbra-Proxy
  • Zimbra-memcached
  • Zimbra-SNMP

Select above packages, except to that all other were marked No/N. (Refer installation Screen)

On above screen Type “Y”, and press Enter to install the selected package(s)

The Main menu displays the default entries for the Zimbra component you are installing. To expand the menu to see all the configuration values type number and press Enter.

To navigate the Main menu, select the menu item to change. You can modify any of the values.

The Main menu displays. Type 1 and press Enter to go to the Common Configuration menu.

Type “2”, press Enter, and type the LDAP host name i.e. ldapmaster.sahara.in

Press Enter, and type the LDAP password.

Type “6”, press “Enter”, and type the LDAP postfix password.

Type “7”, press “Enter”, Bind password for LDAP Amavis User.

After setting these values, the server immediately contacts the LDAP server. If it cannot contact the server, you cannot proceed.

Type “r” to return to the Main menu

Type “2” to go to the MTA menu, again Type 2 to set the MTA Authentication host i.e. Zimbra mailbox server’s hostname

Type “4” to go to the Zimbra proxy configuration menu and set the bind password for the nginx LDAP user.

When the MTA server is configured, return to the Main menu and type “a” to apply the configuration changes. Press Enter to save the configuration data.

When Save Configuration data to a file appears, press Enter.

The next request asks where to save the files. To accept the default, press Enter. To save the files to another directory, enter the directory and then press Enter.

When the “system will be modified – continue?” appears, type y and press Enter.

When “Configuration complete – press return to exit” appears, press Enter

Configuring LDAP Replication

Setting up LDAP replication lets you distribute Zimbra server queries to specific replica of LDAP servers. Only one master LDAP server can be set up. This server is authoritative for user information, server configuration, etc. Replica LDAP servers can be defined to improve performance and to reduce the load on the master server. All updates are made to the master server and these updates are replicated to the replica servers.

The Zimbra install program is used to configure a master LDAP server and additional read-only replica LDAP servers. The master LDAP server is installed and configured first, following the normal ZCS installation options. The LDAP replica server installation is modified to point the replica server to the LDAP master host. When the master LDAP server and the replica LDAP servers are correctly installed, the following is automatically configured:

  • SSH keys are set up on each LDAP server
  • Trusted authentication between the master LDAP and the LDAP replica servers is set up
  • The content of the master LDAP directory is copied to the replica LDAP server. Replica LDAP servers are read-only.
  • Zimbra servers are configured to query the replica LDAP server instead of the master LDAP server.

Note: You must install the master LDAP server before you can install replica LDAP servers. After the installation of the master LDAP server has completed continue to the section titled ‘Enabling Replication on the LDAP Master

Enable Replication on the LDAP Master

On the master LDAP server, as a Zimbra user, type: /opt/zimbra/libexec/zmldapenablereplica and press Enter. This enables replication on the LDAP Master.

  • SSH keys are set up on each LDAP server
  • Trusted authentication between the master LDAP and the LDAP replica servers is set up
  • The content of the master LDAP directory is copied to the replica LDAP server.
  • Replica LDAP servers are read-only.

Zimbra servers are configured to query the replica LDAP server instead of the master LDAP server

Installation

The master LDAP server must be running during installation of LDAP replica server. You run the ZCS install program on the replica server to install the LDAP package.

  1. Follow all the steps from ZIMBRA Installation Prerequisites.
  2. Typed Y/yes and pressed enter to install installed following roles on Zimbra Slave LDAP server
  • Zimbra-ldap,
  • Zimbra-SNMP

Package, except to that all other were marked No/N.

Type “Y”, and press Enter to modify the system. The selected packages are installed on the server

The Main menu shows the default entries for the LDAP replica server. To expand the menu type the required number and press Enter.

Type “1” to display the Common Configuration submenus defined host name as ldapslave.sahara.in

Type “2” to change the LDAP Master host name to the name of the Master LDAP host i.e. ldapmaster.sahara.in

Type “3”, to change the port to the same port as configured for the Master LDAP server, we set it to the default i.e. 389

Type “4” and change the password to the Master LDAP Admin user password. Type r to return to the main menu

Type “2” to display the LDAP configuration submenu

Type “2” and change Create Domain: to No

Type “4” for LDAP replication password; enter the same password to match the value on the Master LDAP Admin user password for this local configuration variable.

When LDAP server is configured, type “a” to apply the configuration changes. Press Enter to save the configuration data.

When “Save Configuration data to a file?” appears, press Enter.

The next request asks where to save the files. To accept the default, press Enter. To save the files to another directory, enter the directory and then press Enter.

When “the system will be modified – continue?” appears, type “y” and press Enter.

When “Configuration complete – press return to exit” appears, press Enter

Testing LDAP Replication:

  • Open you Putty Session
  • Open both server console master LDAP and slave LDAP
  • Log in as Zimbra User

Master LDAP Server Console:

LDAP Slave login screenshot

Run below command to search LDAP records in LDAP database, Result should be same as on master server and LDAP Slave server.

#ldapsearch -x -h `zmhostname` -p 389 -D cn=config -w ffa2G_VuF uid=* |wc –l

As Seen in the above screenshot Master Server has 1449 records on Master Server

 

 

Run Same Command on Slave LDAP server and the output should be similar.

# ldapsearch -x -h `zmhostname` -p 389 -D cn=config -w ffa2G_VuF uid=* |wc –l

As you on above screen the same records found on the Zimbra slave LDAP server: 1449

To verified the Created IDs on Master and Slave LDAP server use following command

Zmprov –l gaa (below is the output of Master LDAP server)

 

 

Zmprov –l gaa (Output on slave ldap server)

 

 

DNS Configuration

In order to send and receive email, the Zimbra MTA must be configured in DNS with both A and MX records. For sending mail, the MTA uses DNS to resolve hostnames and email-routing information. To receive mail the MX record must be configured correctly to route the message to the mail server.

During the installation process, ZCS checks to see if you have an MX record correctly configured. If it is not, an error is displayed suggesting that the domain name have an MX record configured in DNS.

You must configure a relay host if you do not enable DNS. After ZCS is installed, go to the Configure>Global Settings>MTA page on the administration console and uncheck Enable DNS lookups. Enter the relay MTA address to use for external delivery.

 

Note: Even if a relay host is configured, an MX record is still required if the ZCS server is going to receive email from the Internet.

To process to configure the DNS Role is as follows:

  • Open putty session

 

Mount ISO file (refer below screen)

Mount -r -t iso9660 /dev/sr0/mnt

Verify the mounted Path is correct by typing

df –h

Go to the mounted path i.e. cd /mnt/ and see the list of files available by typing lS

 

Refer below screen which shows all the files available in /mnt

Under: /mnt /packages

Select rmp ivh bind-9.8.2-0.10.rc1.e16.x86_64.rpm dind-utils-9.8.2.0.10.rcl.e16.x86_64.rpm

Installation process is beginning.

Once the installation process is completed, restart the services.

/etc/init.d/named restart (refer following screen for status)

To check the names zones

Go to # cd /etc/

#cat named .rfc1912.zones

Copy these lines from this file and paste in bottom of named.conf file and save.

Run # cd /var/named/

# cp –v named.localhost sahara.in.zone

Refer the below screen for sahara.in dns configuration

Edit and save the editor

After configuration restart named service

#service name restart

Check the service.

Set require permission to sahara zone.

#chown root.named sahara.in zone

And reload service.

Configuration Of “Web proxy” & “Mail Proxy”

Proxy Configuration

For more information on this you may please refer to Page # 44 of http://files.Zimbra.com/website/docs/8.0/Zimbra_NE_Admin_Guide_8.0.6.pdf

There are two types of Proxy in Zimbra i.e. Web Proxy & Mail Proxy. We enabled both of these proxy(s) on MTA Server with the help of following commands.

mta1.sahara.in#su – zimbra

mta1.sahara.in# zmprov ms mta1.sahara.in +zimbraServiceEnabled proxy

mta1.sahara.in# zmprov gs mta1.sahara.in zimbraServiceInstalled

mta2.sahara.in#su – zimbra

mta2.sahara.in# zmprov ms mta1.sahara.in +zimbraServiceEnabled proxy

mta2.sahara.in# zmprov gs mta1.sahara.in zimbraServiceInstalled

  1. A) Below is screenshot of Zimbra proxy configuration on MTA1 server.

Above Screenshot refers to Web proxy enabled on mta1 Server with both proto type http, https as corresponding Upstream port also enable which will communicated with “Mail Stores” Server.

Admin console port Also enable on web Proxy Server as Upstream admin console port.

Above Screenshot is refer to Mail Proxy Configuration on MTA1 Server with IMAP, IMAPs & POP3,

POP3s According to Upstream Port on “Mail Store” Servers.

Above screenshot refers to Max. Connections per worker.

 

 

MTA2—————————————————–

  1. B) Below is screenshot of Zimbra proxy configuration on MTA1 server.

Above Screenshot refer Web proxy enabled on mta2.sahara.in Server with both proto type http / https as corresponding Up-stream port also enable which will communicated with “Mail Stores” Server.

Admin console port Also enable on web Proxy Server as Upstream admin console port.

Above Screenshot refers to Mail Proxy Configuration on MTA2.sahara.in Server with IMAP, IMAPs & POP3,

 

 

POP3s According to Upstream Port on “Mail Store” Servers.

Above screenshot refers to Max. Connection per worker on mta2 server

The following sequence shows the architecture and flow of Zimbra Proxy.

  1. End clients connect to Zimbra Proxy using POP/IMAP ports.
  2. When Zimbra Proxy receives an incoming connection, the Nginx component sends an HTTP request to Zimbra Proxy Route Lookup Handler component.
  3. Zimbra Proxy Route Lookup Handler locates the route information for the account being accessed and returns this to Nginx.
  4. The Memcached component stores the route information for the configured period of time (by default, this time is one hour). Nginx will use this route information instead of querying the Zimbra Proxy Route Lookup Handler until the default period of time has expired.
  5. Nginx uses the route information to connect to Zimbra Mailbox.
  6. Zimbra Proxy connects to Zimbra Mailbox and initiates the mail proxy session. The end client behaves as if it is connecting directly to Zimbra Mailbox.

 

 

Zimbra Backup

Zimbra Backup Description

Zimbra Collaboration Server (ZCS) includes a configurable backup manager that resides on every ZCS server and performs both backup and restore functions. You do not have to stop the ZCS server in order to run the backup process. The backup manager can be used to restore a single user, rather than having to restore the entire system in the event that one user’s mailbox becomes corrupted.

Each Zimbra mailbox server generates redo logs that contain current and archived transactions processed by the message store server since the last incremental backup. When the server is restored, after the backed up files are fully restored, any redo logs in the archive and the current redo log in use are replayed to bring the system to the point before the failure.

Backup Methods

Two backup methods are available as follows:

  • The standard backup method is appropriate for enterprise deployments where full backups are run during nonworking days.
  • The auto-grouped backup method is recommended for large ZCS environments where running a full backup of all accounts at one time would take too long.

Standard Backup

The standard backup method runs a weekly full backup and daily incremental backups. A full backup process backs up all the information needed to restore mailboxes, including the LDAP directory server, database, index directory, and message directory for each mailbox. When backing up shared messages, if a file representing a message already exists in the backup, it flags this object as such and does not copy its content again. An incremental backup process backs up the LDAP data and gathers all the redo logs written since the last incremental backup. If the incremental backup process finds no previous full back-up for a mailbox, a full backup is performed on that mailbox.  Incremental backups move the redo logs to the backup directory. The redo logs are a journal of every activity that has taken place. They contain a full copy of all messages delivered, as well as metadata such as tags, contacts, and conversations. These backup files can be used to restore the complete mailbox server or individual mailboxes so that account and message data is completely restored. The LDAP directory is backed up as part of either the full or incremental backup process. All accounts, domains, servers, COS, and other data are backed up. Each mailbox server generates redo logs that contain every transaction processed by that server. If an unexpected shutdown occurs to the server, the redo logs are used for the following:

To ensure that no uncommitted transactions remain, the server reads the current redo log upon startup and re-executes and completes any uncommitted transactions.

  • To recover data written since last full back-up in the event of a server failure.
  • When the server is restored, after the backed up files are fully restored, any redo logs in the archive and the current redo log in use are replayed to bring the system to the point before the failure.
  • The Zimbra MTA is not backed up, as the data is only on the server for a very short time. Custom configurations, such as mailbox server.xml, are not backed up.

Backup Notification

A backup report is sent to the admin mailbox when full and incremental backups are performed. This report shows the success or failure of the backup and includes information about when the backup started and ended, the number of accounts backed up and redo log sequence range.

If the backup failed, additional error information is included.

Auto-Grouped Backup Method

The auto-grouped backup method runs a full backup for different groups of mailboxes at each scheduled backup. The auto-grouped backup method is designed for very large ZCS environments where backing up all accounts can take a long time. Because auto-grouped backups combine full and incremental backup functions, there is no need for incremental backups. Each auto-grouped session runs a full backup of the targeted group of mailboxes. It is not recommended to run auto-grouped backups manually since they are scheduled from the CLI and run automatically at the scheduled times.

For more information please refer to Page # 193 of the document available on http://files.Zimbra.com/website/docs/8.0/Zimbra_NE_Admin_Guide_8.0.6.pdf

Recommendation

In our opinion, since ZIMBRA Backup can backup and restore only at an application level, it is not an appropriate solution in event of platform recovery. We would recommend having some other Disk to Disk & Disk to Tape backup solutions implemented. This would facilitate granule level backup of VMware, OS, and Zimbra Configuration & Mailstore.

 

 

Zimbra Backup Configuration Process

All Mailstores Server takes backup with help of binary /opt/zimbra/bin/zmbackup locally in /opt/Zimbra/backup As per below Cron Schedules.

# BACKUP BEGIN

0 1 * * 6           /opt/zimbra/bin/zmbackup     -f -a all   –mail-report                       # (Full Backup)

0 1 * * 0-5       /opt/zimbra/bin/zmbackup   -i   –mail-report                                   #( Incremental Backup)

0 0 * * *         /opt/zimbra/bin/zmbackup     -del 1m –mail-report                           # (Delete Backup)

# BACKUP END

*     *     *  *   *        command to be executed

–     –    –   –    –

|     |     |   |    |

|     |     |   |    +—– day of week (0 – 6) (Sunday=0)

|     |     |   +——- month (1 – 12)

|     |     +——— day of       month (1 – 31)

|     +———– hour (0 – 23)

+————- min (0 – 59)

 

Web UI Admin Configuration: login with Admin UI.

 

 

Click on “Configure” in Admin Control Panel .

 

 

 

Click on “Global Settings” in Configure wizard.

Click on “Backup/Restore” in global configure setting.

Configure below Setting:

  • Backup mode “Standard”
  • Number of groups “7”
  • Default backup target “/opt/zimbra/backup”
  • Backup minimum free space “0”
  • Notification email recipients “[email protected]

 

Go back to Admin Home page & click on Tool & Migration.

 

Click on “Backups” Option.

 

Get All Mailstores Backup. Below is Example of mailstore1.sahara.in

You can restore backup on same screen. Select a backup, right Click and then press restore.

ZIMBRA Anti-Spam / Anti-Virus Feature Enablement

Anti-Spam Protection

Mass unsolicited emails are referred to as spam or junk email. The Zimbra Collaboration Server installs the SpamAssassin anti-spam software as the mail filter to identify spam mail. At installation, the spam training filter is enabled and two feedback system mailboxes are created to receive mail notification.

When a message is tagged as spam, the message is delivered to the recipient’s junk folder. Users can view the number of unread messages that are in their junk folder and can open the junk folder to review the messages marked as spam.

You can set rules for handling spam from the Global Settings>AS/AV page. How these rules are configured determine how aggressively spam is filtered.

Zimbra utilizes SpamAssassin to control spam. SpamAssassin uses predefined rules as well as a Bayes database to score messages with a numerical range. Zimbra uses a percentage value to determine “spaminess” based on a SpamAssassin score of 20 as 100%. Any message tagged between 33%-75% is considered spam and delivered to the user’s Junk folder. Messages tagged above 75% are always considered spam and discarded.

Note: The DSPAM spam filter is also included with ZCS but the default is to not enable DSPAM. You can enable DSPAM by setting the localconfig attribute amavis_dspam_enabled to TRUE on the MTA servers.

 

zmlocalconfig -e amavis_dspam_enabled=true

 

Following is the link for enabling Anti-Spam Filtering / Anti-Virus Enablement

 

 

Procedure

To modify the default settings, go to the Configure>Global Settings>AS/AV page.

In the Spam checking Settings section change these settings.

Kill percent. The default is mail that is scored at 75% is considered spam and is not delivered.

Tag percent. The default is mail that is scored at 33% is considered spam and is delivered to the Junk folder.

In the Subject prefix text box, enter the text that should be added to the subject line for messages tagged as spam.

Click Save.

See the Administration Guide for information about the spam training mailboxes

 

 

Operational Instructions

Create New Mail Accounts in Zimbra Mail Server

Open internet browser

Open Zimbra Mail console (https://115.113.103.31:9071/zimbraadmin)

Log in to admin user

Once you logged into console you will see the complete summery as follows:

 

 

Please verify all the server services. (refer below screen)

To Create New Account

Go to Manage > on Setting Tab > Clieck on New (refer Below screen )

 

 

Provide user information:

After putting your information click on “Finish” button and close the window.

 

 

Process to Define Alias :

Go to Aliases Tab and put the Email Id(refer below screen for more information)

Define the Member of:

Process to define mail forwarding on different ID when user is on Leave:

 

 

Define the Mail Features for users.

 

Click “Next”

 

 

Click Next

Click Next

Click Next

Click “Finish”

End-User’s Manual

ADMIN Guide

http://www.zimbra.com/docs/os/latest/administration_guide/wwhelp/wwhimpl/js/html/wwhelp.htm#href=OS_AdminGuide_7_2.Anti-spam_Settings.html