Results 1 to 4 of 4

Thread: Lots of 1st time install confirmations pls

Hybrid View

  1. #1
    Join Date
    Jul 2008
    Posts
    15
    Rep Power
    7

    Default Lots of 1st time install confirmations pls

    Hi,

    I have installed my 1st single server zcs OS 7.0 environment. However going through the documentation raises a number of questions I would like to understand please.

    I'm a bit wary about putting a large nr of questions in one thread as people tend to answer the ones they can and the others get lost in the noise. By the same token however, I'm also a little wary, as a new user, about (effectively) "spamming" the forum with multiple threads, so hopefully you will understand the multi-faceted post.

    So the questions are;

    managing/adding domains
    -----------------------
    when installing, zimbra recognises the hostname as the 'default' domain (e.g. host.domain.com) and complains if there is no MX record for that hostname FQDN. So during install you change the domain name to 'domain.com', it finds an MX record (e.g. mail.domain.com) and goes its merry way. I really don't want to be digging around in LDAP or MySQL messing with settings before I even have the thing up and running for the first time.

    On a single server zimbra installation, if you have to have your DNS set up (be that on the zimbra box or elsewhere) and pointing to the zimbra host in order to enable you to do the install, how do you keep your present day mail server (which is a manual postfix/dovecot/clamav/spamassassin/horde install) online and working and still get zimbra installed with the necessary settings?

    -------------------------------

    In two different areas of the documentation, it appears to indicate that if I want to;

    1. accept mail for multiple different domains (_not_ virtual domains) or
    2. Want users to be able to access their zimbra accounts via T'Bird, OSX Mail, etc.

    then I HAVE TO have installed the zimbra proxy. EVEN IF I am carrying out a single server install. Is this correct?

    If so, is it possible to install the proxy after the initial install has completed?
    Does it then also automagically configure itself or what do I have to do in order to integrate it?

    -------------------------------

    What benefit/use is there in implementing an "LMTP advertised name" on a single server install? Nothing?
    Ditto the LMTP bind address?

    -------------------------------

    Virtual Hosts - The documentation reads "…The virtual host requires a valid DNS configuration with an A record. Not required for Virtual Hosts…"
    Which is it? Does it need an A record or not?

    -------------------------------

    Documentation simultaneously speaks of domain aliases and virtual domains. Are these the same thing?
    If not, are these absolutely separate from "Domains" you create for which you want to receive email? What I mean here is, if I understand it correctly;
    Code:
    Real Domains			Aliases (*assuming I own these domain names)
    ============			========
    mydomain.com			parents.com, friends.com
    family.com			uncles.com, aunties.com
    -------------------------------

    Installing SSL certs, the documentation speaks of "…For each domain, a virtual host name and Virtual IP address are configured with the virtual domain name and IP address…" If I read this correctly, I have to set this up? Why?

    And can the virtual host name I am now setting up in order to accommodate the SSL cert. be the same as any virtual host name I have set up by which end-users will log on. (I would think it would _have_ to be the same.)

    -------------------------------

    Webmail MTA - Given Zimbra IS a web client, what is the difference between the "Zimbra MTA" and the "Webmail MTA"?

    Presumably zimbra is architected and automatically installed such that the webmail MTA will hand off any externally addressed mails to the relay host (should one be configured)?

    Also, if I'm reading the admin console correctly, zimbra has already installed a webmail MTA using the installed hostname; effectively meaning if I only want the one, I have to do nothing. Is this correct?

    -------------------------------

    Relay MTA - IF I'm going to use a relay MTA, is there any way to add 'relay MTA - authentication information' into zimbra? I.e. separate to the physical user sending the mail - such as the ISP user/pass details?

    -------------------------------

    Enable DNS lookup - disabling this forces all mail to traverse through the relay host, yes?

    -------------------------------

    User URL to login - As I understand it, you set up a 'virtual host' url which end users use to access zimbra. Is this correct? Is there anything else I have to do other than have a valid DNS A record.
    Because using a self-contained test host I have done both these and yet a browser on this self-contained host is unable to connect. This despite a 'dig @127.0.0.1 virtualhost.domain.com' offering up the relevant hostname/IP.

  2. #2
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    Quote Originally Posted by KDoc View Post
    managing/adding domains
    -----------------------
    when installing, zimbra recognises the hostname as the 'default' domain (e.g. host.domain.com) and complains if there is no MX record for that hostname FQDN. So during install you change the domain name to 'domain.com', it finds an MX record (e.g. mail.domain.com) and goes its merry way. I really don't want to be digging around in LDAP or MySQL messing with settings before I even have the thing up and running for the first time.
    The default when setting up a server is to receive mail as root or postmaster@server.domain.com, thus it checks for a mx record on server.domain.com, not domain.com.

    On a single server zimbra installation, if you have to have your DNS set up (be that on the zimbra box or elsewhere) and pointing to the zimbra host in order to enable you to do the install, how do you keep your present day mail server (which is a manual postfix/dovecot/clamav/spamassassin/horde install) online and working and still get zimbra installed with the necessary settings?
    If you intend the server to participate in @domain.com you can certainly use domain.com during setup right off the bat (just don't direct mail there - keep it's mx number high.) Or later simply add another zmprov createDomain (there's even a zmprov renameDomain command but make sure all the zmprov gacf/gs attributes don't use the old default domain anymore).

    dig mx domain.com might return
    ;; ANSWER SECTION:
    domain.com. 600 IN MX 20 server3.domain.com.
    domain.com. 600 IN MX 10 server1.domain.com.
    domain.com. 600 IN MX 10 server2.domain.com.

    Thus server1 and server2 (which have equal mx values of 10) will be tried before server3.

    If not migrating all at once (in one downtime) you should understand this concept: Split Domain - Zimbra :: Wiki
    Also helpful Managing Domains - Zimbra :: Wiki

    -------------------------------

    In two different areas of the documentation, it appears to indicate that if I want to;

    1. accept mail for multiple different domains (_not_ virtual domains) or
    2. Want users to be able to access their zimbra accounts via T'Bird, OSX Mail, etc.

    then I HAVE TO have installed the zimbra proxy. EVEN IF I am carrying out a single server install. Is this correct?
    No you do not need proxy in you're single server situation.

    1) You can create domain1.com and domian2.com, then if you add a user in domain1.com simply add an alias for domain2.com to their account or you can blanket forward an entire domain all at once Managing Domains - Zimbra :: Wiki

    2) Just enable IMAP. POP too if you wish, though I avoid the headaches if I can as 'delete from server on receive' is a typical POP default setting. IMAP keeps everything synced the same no matter where their using it, though it's a little more resource intensive.

    If so, is it possible to install the proxy after the initial install has completed?
    Does it then also automagically configure itself or what do I have to do in order to integrate it?
    Yes it's possible later zmproxyinit, but again you don't need it for you're particular situation.

    -------------------------------

    What benefit/use is there in implementing an "LMTP advertised name" on a single server install? Nothing?
    Ditto the LMTP bind address?

    LMTP is internal/really nothing to do for a single server. For SMTP see http://www.zimbra.com/forums/install...tfix-helo.html

    -------------------------------

    Virtual Hosts - The documentation reads "…The virtual host requires a valid DNS configuration with an A record. Not required for Virtual Hosts…"
    Which is it? Does it need an A record or not?
    Well hitting the webmail.domain2.com should at least take you to your server - hence typically an A is needed, though I think you can make do with a CNAME, but that's double the lookups each time.

    You can test this simply:
    create domain1.com & domain2.com
    create user@domain1.com and user@domain2.com (yes names are identical, our goal is to land in domain2's account)
    create mail.domain1.com and mail.domain2.com A records
    create webmail.domain2.com cname to mail.domain2.com
    add mail.domain2.com & webmail.domain2.com as virtual hosts
    visit mail.domain2.com and login without typing the @domain2.com part of the username
    visit webmail.domain2.com and login without typing the @domain2.com part fo the username


    Documentation simultaneously speaks of domain aliases and virtual domains. Are these the same thing?
    If not, are these absolutely separate from "Domains" you create for which you want to receive email? What I mean here is, if I understand it correctly;
    Code:
    Real Domains			Aliases (*assuming I own these domain names)
    ============			========
    mydomain.com			parents.com, friends.com
    family.com			uncles.com, aunties.com
    Their not the same things, checkout Managing Domains - Zimbra :: Wiki
    Relaying or Forwarding an entire domain, catchalls of non-existant addresses, masquerading outbound.

    Virtual hosts allow a user to login without typing the full @domain.com part, they also allow other things like the chameleon 'skin' features (presenting different colors/logos/theme based upon the domain you hit).

    -------------------------------

    Installing SSL certs, the documentation speaks of "…For each domain, a virtual host name and Virtual IP address are configured with the virtual domain name and IP address…" If I read this correctly, I have to set this up? Why?

    And can the virtual host name I am now setting up in order to accommodate the SSL cert. be the same as any virtual host name I have set up by which end-users will log on. (I would think it would _have_ to be the same.)
    If using 1 cert, and you plan to use virtual hosts, it's best to add those virtual hostnames to the subjectAltNames section of the cert to avoid browser warnings.

    Administration Console and CLI Certificate Tools - Zimbra :: Wiki

    -------------------------------

    Webmail MTA - Given Zimbra IS a web client, what is the difference between the "Zimbra MTA" and the "Webmail MTA"?
    Same thing/horrible wording regardless, but easiest way to put it: MTA refers to Zimbra's postfix, webmail refers to Zimbra's mailboxd/jetty.

    Presumably zimbra is architected and automatically installed such that the webmail MTA will hand off any externally addressed mails to the relay host (should one be configured)?

    Also, if I'm reading the admin console correctly, zimbra has already installed a webmail MTA using the installed hostname; effectively meaning if I only want the one, I have to do nothing. Is this correct?
    Ah now I know what you're asking, correct.

    Leave the 'relay mta' box alone if you don't plan to route your outgoing external mail through another server.

    'Webmail mta' is usually set to just localhost on a single server.

    -------------------------------

    Relay MTA - IF I'm going to use a relay MTA, is there any way to add 'relay MTA - authentication information' into zimbra? I.e. separate to the physical user sending the mail - such as the ISP user/pass details?
    Outgoing SMTP Authentication - Zimbra :: Wiki


    -------------------------------

    Enable DNS lookup - disabling this forces all mail to traverse through the relay host, yes?
    Basically yes. If you don't lookup DNS records you need either a static list of mailservers in /etc/hosts for every external.com you plan to send to OR a relay which can lookup outside domains.

    If you disable DNS Lookups (under the MTA tab of the admin console, or with zmprov), Zimbra will end up using (according to the postconf man page) the "gethostbyname() system library routine which normally also looks in /etc/hosts" (based on the entries on the "hosts" line in /etc/nsswitch.conf). If you do this but don't also specify an SMTP relay host (typically your ISP's SMTP server), which will take care of checking DNS, you will reverse your ability to send mail: suddenly you can send mail to other users on the Zimbra server, but you can't send to the internet (though you can still receive mail from the internet either way).

    -------------------------------

    User URL to login - As I understand it, you set up a 'virtual host' url which end users use to access zimbra. Is this correct? Is there anything else I have to do other than have a valid DNS A record.
    Because using a self-contained test host I have done both these and yet a browser on this self-contained host is unable to connect. This despite a 'dig @127.0.0.1 virtualhost.domain.com' offering up the relevant hostname/IP.
    Think we've covered this scenario above, zmmailboxdct stop/start (really only needed when removing but might refresh it) and test from another system.

    The zimbraDefaultDomain is what users are assumed to be in unless @domainX.com is specified at login or they hit the virtual host which takes care of this without having to type that part.

  3. #3
    Join Date
    Jul 2008
    Posts
    15
    Rep Power
    7

    Default

    Thanks very kindly Mike.

    I'll have a read through those links and possibly come back.

  4. #4
    Join Date
    Jul 2008
    Posts
    15
    Rep Power
    7

    Default

    Quote Originally Posted by mmorse View Post
    If you intend the server to participate in @domain.com you can certainly use domain.com during setup right off the bat (just don't direct mail there - keep it's mx number high.) Or later simply add another zmprov createDomain (there's even a zmprov renameDomain command but make sure all the zmprov gacf/gs attributes don't use the old default domain anymore).
    I actually intend to have zimbra REPLACE the old server, but need it to continue to run in the meantime and effectively want it to continue to run until such time as I am able to migrate all users and mailstores across to zimbra.

    So, with that in mind, just to confirm, I can actually approach this 2 ways;

    1. add to the network DNS, an MX record (at a higher MX level, say 40 or 50) for zimbrahost.mydomain.com (i.e. the box on which I am going to install zimbra). Then once everything is migrated across, I simply rejig DNS so that the 0 (or 10) MX 'mail.mydomain.com' record simply points to zimbrahost.mydomain.com's IP and remove the 50 record for zimbrahost.mydomain.com.

    Or

    2. I could theoretically also set up zimbrahost.mydomain.com with its own DNS server copy (showing a 0 - or 10 - MX record for '@mydomain.com' as zimbrahost.mydomain.com itself) and ensure /etc/resolv.conf points to its own IP as nameserver. Simultaneously, I would then have to rejig the genuine network DNS to point to the relevant names, etc for zimbrahost.mydomain.com so I could migrate. Then once ready for zimbra to take over, simply shutdown the zimbrahost.mydomain.com DNS server, and reset /etc/resolv.conf to point to the network DNS. Yes?

    How do both of these methods affect both the "default domain" and "Webmail MTA hostname" settings in zimbra? Can I then just rename/replace those using either admin console or CLI and restart zimbra, hey presto?

    -------------------------------

    Quote Originally Posted by mmorse View Post
    1) You can create domain1.com and domian2.com, then if you add a user in domain1.com simply add an alias for domain2.com to their account or you can blanket forward an entire domain all at once
    Minor misunderstanding here. My bad. If I understand the docs and the above correctly, that will deliver all mail for both domain1 and domain2 to the same inbox.

    I will use alias domains, but I want also to have multiple 'real' domains delivering mail to multiple different mailboxes. Basically using my family domains example from before;

    Code:
    Real Domains			Aliases 
    ============			========
    mydomain.com			parents.com, friends.com
    family.com			uncles.com, aunties.com
    Does this setup still NOT require zimbra proxy to be installed on a single server instance? (See next question with excerpt of Admin Guide talking about SSL certs and multiple domains.)

    Yes, IMAP is the intention.

    -------------------------------

    Quote Originally Posted by mmorse View Post
    Virtual hosts allow a user to login without typing the full @domain.com part, they also allow other things like the chameleon 'skin' features (presenting different colors/logos/theme based upon the domain you hit).
    Again, misunderstanding. I understand virtual "hosts", but the docs speak of both domain aliases and virtual "domains". Further reading inclines me to believe both 'domain alias' and 'virtual domain' are indeed one and the same. I just want to be certain. i.e. Pg 72 of the OS Admin guide reads;

    "…An SSL certificate can be installed for each domain on a ZCS server. Zimbra Proxy must be installed on ZCS and correctly configured to support multiple domains. For each domain, a virtual host name and Virtual IP address are configured with the virtual domain name and IP address…"

    (This excerpt also relates to the question above about whether or not the proxy.)

    -------------------------------

    Quote Originally Posted by mmorse View Post
    Think we've covered this scenario above, zmmailboxdct stop/start (really only needed when removing but might refresh it) and test from another system.

    The zimbraDefaultDomain is what users are assumed to be in unless @domainX.com is specified at login or they hit the virtual host which takes care of this without having to type that part.
    Understood. The stop/start did help, but the same issue remains with SSL. E.g. I have @mydomain set up as default domain. mydomain now has 2 virtual hosts;

    Code:
    http://virtual.mydomain.com	     and
    https://virtual.mydomain.com
    With the 'dig' above (my 1st post) still working, the browser does find, resolve and load 'http://virtual.mydomain.com', but does NOT find or resolve 'https://virtual.mydomain.com'. It doesn't even get as far as the "WARNING: I can't validate the certificate. Are you sure you wanna do this?" browser warning.

    Does zimbra require the cert installed before it will even resolve an SSL virtual host?

Similar Threads

  1. Replies: 3
    Last Post: 10-21-2007, 01:50 AM
  2. Problem with Zimbra Install - Pls Help!
    By joeleo in forum Installation
    Replies: 1
    Last Post: 10-06-2007, 02:35 PM
  3. Replies: 21
    Last Post: 09-27-2007, 12:49 PM
  4. Replies: 16
    Last Post: 11-29-2006, 10:36 AM
  5. install fedora 4 LOTS of processes
    By reza225 in forum Installation
    Replies: 2
    Last Post: 08-30-2006, 10:41 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •