Results 1 to 3 of 3

Thread: Newbie Questions Re Apache Virtual Hosts and Postfix Modifications

  1. #1
    Join Date
    Sep 2006
    Location
    477 Congress Street | Portland, ME 04101
    Posts
    1,374
    Rep Power
    11

    Default Newbie Questions Re Apache Virtual Hosts and Postfix Modifications

    We are looking at setting up a Zimbra 4.0 server on SuSE 10.0 to replacing a Horde system currently supporting our own and several clients' groupware systems.

    We've read through the Admin manual, and searched through these forums and the wiki but still have a few questions.

    Our pilot setup comprises 4.0GA Open Source on SuSE 10.0. The SuSE machine sits behind a firewall that does NAT, so the SuSE box actually has a private IP address. This is how we have set up a number of our existing Postfix boxes. Bind is not installed on any of our boxes, as they are located in a colo that provides fast DNS servers.

    Ideally, we would like to use the Network Edition of Zimbra on SLES10, but that's a separate issue...

    Here are the questions related to our current pilot:

    1. Our understanding is that a NAT'd Postfix installation requires the directive 'proxy_interfaces = in main.cf where is the public IP in the A/MX DNS record combo. Zimbra does not include this statement in main.cf, so are we OK to add this statement by manually editing main.cf?

    2. What is the preferred way in Zimbra to set up virtual hosts for each client's web site? Historically, for each client we have used a unique public/private IP pair, binding the multiple private IPs to the server's NIC, configuring A and MX records in each client's public DNS space, setting up appropriate NAT rules on the firewall, and adding appropriately configured client.conf files in /etc/apache2/conf.d. We do it this way because we brand each client's portal site with each client's own logo, and we are looking at doing the same with the Network edition of Zimbra.

    2a. We also configure Apache for automatic redirect to https on our current system, even for logins. How do we do this with Zimbra?

    3. To what extent will we break Zimbra's scripts by manually editing Postfix's main.cf and related files to take advantage of Postfix's anti-UCE capabilities? Page 35 of the Admin manual says not to hand edit main.cf, because changes will be overwritten. But we want to take better advantage of postfix's header and helo checks (as well as other functionality.)

    3a. We have also used the postfix aliases file to point abuse@, postmaster@, webmaster@, etc for each of our clients' domains to one of our own admin accounts. Can we use the Zimbra aliases gui to set up cross-domain aliases? So that an account like "utility@reliablenetworks.com" can have as aliases addresses like "postmaster@clientAdomain.com"?

    Thanks!
    Mark
    __________________________________________________ ______
    A Message From... L. Mark Stone

    Reliable Networks of Maine, LLC

    "We manage your network so you can manage your business"

    477 Congress Street
    Portland, ME 04101
    Tel: (207) 772-5678
    Web: http://www.rnome.com

    This email was sent from Reliable Networks of Maine LLC.
    It may contain information that is privileged and confidential.
    If you suspect that you were not intended to receive it, please
    delete it and notify us as soon as possible. Thank you.

  2. #2
    Join Date
    Sep 2005
    Posts
    2,103
    Rep Power
    14

    Default

    Quote Originally Posted by LMStone
    We are looking at setting up a Zimbra 4.0 server on SuSE 10.0 to replacing a Horde system currently supporting our own and several clients' groupware systems.

    We've read through the Admin manual, and searched through these forums and the wiki but still have a few questions.

    Our pilot setup comprises 4.0GA Open Source on SuSE 10.0. The SuSE machine sits behind a firewall that does NAT, so the SuSE box actually has a private IP address. This is how we have set up a number of our existing Postfix boxes. Bind is not installed on any of our boxes, as they are located in a colo that provides fast DNS servers.

    Ideally, we would like to use the Network Edition of Zimbra on SLES10, but that's a separate issue...

    Here are the questions related to our current pilot:

    1. Our understanding is that a NAT'd Postfix installation requires the directive 'proxy_interfaces = in main.cf where is the public IP in the A/MX DNS record combo. Zimbra does not include this statement in main.cf, so are we OK to add this statement by manually editing main.cf?
    never hand edit main.cf, use the postconf utility to modify it. su - zimbra; man postconf; man 5 postconf


    2. What is the preferred way in Zimbra to set up virtual hosts for each client's web site? Historically, for each client we have used a unique public/private IP pair, binding the multiple private IPs to the server's NIC, configuring A and MX records in each client's public DNS space, setting up appropriate NAT rules on the firewall, and adding appropriately configured client.conf files in /etc/apache2/conf.d. We do it this way because we brand each client's portal site with each client's own logo, and we are looking at doing the same with the Network edition of Zimbra.
    Not currently supported, since tomcat will bind to all IPs - you'll have to hack the config pretty hard for this.

    2a. We also configure Apache for automatic redirect to https on our current system, even for logins. How do we do this with Zimbra?
    zmtlsctl https
    tomcat restart


    3. To what extent will we break Zimbra's scripts by manually editing Postfix's main.cf and related files to take advantage of Postfix's anti-UCE capabilities? Page 35 of the Admin manual says not to hand edit main.cf, because changes will be overwritten. But we want to take better advantage of postfix's header and helo checks (as well as other functionality.)
    This is already supported in zimbra, just add the appropriate items to ldap (search the forums or the admin guide for this)

    3a. We have also used the postfix aliases file to point abuse@, postmaster@, webmaster@, etc for each of our clients' domains to one of our own admin accounts. Can we use the Zimbra aliases gui to set up cross-domain aliases? So that an account like "utility@reliablenetworks.com" can have as aliases addresses like "postmaster@clientAdomain.com"?
    Yah, cross domain aliases work fine.


    Thanks!
    You're welcome
    Mark
    __________________________________________________ ______
    A Message From... L. Mark Stone

    Reliable Networks of Maine, LLC

    "We manage your network so you can manage your business"

    477 Congress Street
    Portland, ME 04101
    Tel: (207) 772-5678
    Web: http://www.rnome.com

    This email was sent from Reliable Networks of Maine LLC.
    It may contain information that is privileged and confidential.
    If you suspect that you were not intended to receive it, please
    delete it and notify us as soon as possible. Thank you.
    Your signature is way too long.
    Bugzilla - Wiki - Downloads - Before posting... Search!

  3. #3
    Join Date
    Sep 2006
    Location
    477 Congress Street | Portland, ME 04101
    Posts
    1,374
    Rep Power
    11

    Default Follow Up Questions

    Quote Originally Posted by marcmac
    never hand edit main.cf, use the postconf utility to modify it. su - zimbra; man postconf; man 5 postconf
    Easy, thanks.

    Quote Originally Posted by marcmac
    zmtlsctl https
    tomcat restart
    All this does is make httpurzimbrasite.com generate an error. What I wanted to do was redirect the user who tries going to an http page to the https page.

    We do this now by having two virtual host config files in /etc/apache2/conf.d on our SLES server. One file is for redirecting port 80 traffic and the other is to handle 443 traffic. Here are the two files so you can see what I mean:


    ServerName plone.rnome.com
    RewriteEngine On
    # RewriteRule ^/(.*)
    http://localhost:8080/VirtualHostBase/http/plone.rnome.com:80/rnome/VirtualHostRoot/$1
    [L,P]
    # RewriteRule ^/(.*)
    http://localhost:8080/VirtualHostBase/http/plone.rnome.com:80/rnome/VirtualHostRoot/rnome/rnomeplone/$1
    [L,P]
    RewriteRule ^/(.*) https://plone.rnome.com/$1 [L,R]
    ErrorLog /var/log/apache2/plone.rnome.com-error_log
    TransferLog /var/log/apache2/plone.rnome.com-access_log
    ProxyVia on



    ServerName plone.rnome.com
    SSLEngine on
    # SSLCertificateFile /etc/apache2/ssl.crt/server.crt
    SSLCertificateFile /etc/apache2/ssl.crt/plone.rnome.com.crt
    # SSLCertificateKeyFile /etc/apache2/ssl.key/server.pem
    SSLCertificateKeyFile /etc/apache2/ssl.key/plone.rnome.com.key.unsecure
    RewriteEngine On
    RewriteRule ^/(.*)
    http://localhost:8080/VirtualHostBase/https/plone.rnome.com:443/rnome/rnomeplone/VirtualHostRoot/$1
    [L,P]
    # RewriteRule ^/(.*) https://plone.rnome.com/$1 [L,P]
    ErrorLog /var/log/apache2/plone.rnome.com-error_log
    TransferLog /var/log/apache2/plone.rnome.com-access_log
    ProxyVia on







    Quote Originally Posted by marcmac
    ( re postfix anti-uce)
    This is already supported in zimbra, just add the appropriate items to ldap (search the forums or the admin guide for this)
    I'll investigate further, thank you.



    Quote Originally Posted by marcmac
    Your signature is way too long.
    And our attorney wanted an even longer one, so I guess it's true that you can't please all of the people all of the time... :-)

    Thanks for the fast reply btw!
    Mark

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •