Results 1 to 8 of 8

Thread: Zimbra Config behind a NAT firewall with ISDN connection

  1. #1
    Join Date
    Sep 2006
    Location
    SE Queensland - Australia
    Posts
    9
    Rep Power
    9

    Lightbulb Zimbra Config behind a NAT firewall with ISDN connection

    First I'd like to say what fantastic potential I see in Zimbra - congratulations to the people who have created such a great open source tool. I am planning to set up a small business IT system for some friends and have selected Zimbra as the Email/Calendar tool. I am waiting for the new server hardware to arrive (a week or two away) and have started trying out some stuff on a laptop. I currently have a fresh install of Ubuntu (Breezy Badger) which I plan to use as the Server OS because I have a reasonable knowledge of it. I have installed Zimbra 4.0.1_GA_324.DEBIAN3.1 (with the patches that were described elsewhere in this forum). After a couple of false starts, a bit of research and tinkering I now have 1. A better understanding of Email and 2. A working Zimbra server. At least I am able to create calendar entries and send Emails between users on the private side of the firewall.

    The problem I have is getting Email out through the firewall to the rest of the world. I tried sending an email from a zimbra user to a hotmail account and it doesn't seem to have got through. I haven't started really chasing this down yet - thought I'd see if anyone here has had a similar experience or knows of a howto etc etc.

    I think that getting Email in from the outside world should be OK - I was thinking about fetchmail - more investigation required there too I'm afraid.

    As the business will connect to the internet with a dial on demand ISDN system I was planning on buying a domain and having the mail hosted somewhere. I would then get fetchmail to grab the mail from the host server and poke it into Zimbra.

    I work as a Network engineer so have good knowledge of IP, routing,switching etc. Have a couple of years experience with Linux (various distros) but am not a guru by any means and am rapidly learning about email. Any suggestions will be greatfully accepted. If I work it out myself I'll post it here as I dare say there are others that would be setting up something similar.

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    First thing to do is remove that version of Zimbra from your machine. there's a new release of 4.0.2 that is built for Ubunti (check the announcements sction).

    The problem sending mail is likely to be a DNS problem, if you don't have the 'use DNS option' set then zimbra will act as a local mail server. If you do have the 'use dns' then zimbra will deliver mail anywhere in the world. If you are going to use a dial-on-demand service then you mail will need to be dropped at an outside mail server (as you've already said). There's no problem with doing that, my suggestion would be to look at www.webmin.com and install that - it makes managing fetchmail much easier. To send mail out you'll either need a local DNS server or use a smart host to relay your mail.

    Depending on the amount of mail, this won't be an easy solution without an always-on connection. Is there no method of keeping your ISDN connection on all the time? That would be the best solution.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Join Date
    Sep 2006
    Location
    SE Queensland - Australia
    Posts
    9
    Rep Power
    9

    Thumbs up New Version

    Thanks for the tip on the version. I'll have a look at Announcements and give it a try. Regarding the ISDN - I'm sure that we could organise a continuous ISDN connection (but at what expense ???). This is a small farming business trying to make a profit during a drought so cheep is good! The quantity of email traffic will be fairly small. Historically 10-20 each way per day. The main aim of Zimbra is calendar functions such as booking out vehicles and making appointments for meetings with people etc. Internal email will also provide them with some way of tracking a lot of stuff that currently gets neglected.

    Thanks also for the tips on the fetchmail manager. What you say about DNS makes some sense..... I recall coming across a post somewhere about a split DNS system that I vaguely recollect was something to do with what you have said

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Ah, I'm not used to ISDN (I do remember that it was quite expensive) - I use ADSL and it's 'always-on' (sort of) depending on your provider. If you use the dial on-demand the the problem you're going to have is delivery of outbound mail. Once Zimbra gets an outbound mail then it will try and deliver it either by DNS lookup or by relay to a smart host. The thing I'm not sure about is what zimbra does when it tries to send mail and your connection isn't available i.e. how long it waits for a connection before the mail gets deferred.

    Let me put another question to you, did you consider using a host provider to run a server/Zimbra for you? That can be reasonably inexpensive and your service would be always available with no power problems usually regular back-ups etc. If you don't want to bother setting up a service then there are providers that run Zimbra and sell you a number of mailboxes. I don't know if that would be useful or cost effective for your requiremenst.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    One thing I meant to add, if you go with a local DNS server then you don't need split-DNS as you'll be collecting mail from enexternal box. Local DNS will just be used for mail delivery, if you need it at all. Let us know what your set-up will be and there'll be someone here who can help.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  6. #6
    Join Date
    Sep 2006
    Location
    SE Queensland - Australia
    Posts
    9
    Rep Power
    9

    Default

    Bill,
    thanks for your advice so far.....
    I started to download the 4.0.2 Ubuntu version but on 56K dialup it was going to be an all-nighter. I'll get it down at work after my holiday. The 4.0.1 version will do to experiment with at the moment. I could only find the developer version too - I note your comment on the announcements section regarding links.

    I found the article on split dns at http://wiki.zimbra.com/index.php?title=Split_dns and it seems to be an answer to my problem. Though it is written around a Red Hat system.

    I have given a bit of thought to your suggestion about a hosted zimbra setup but would prefer a local zimbra server for a couple of reasons: 1. The internet connection is 128K (64K when the fax machine steals a line) so the response times would probably not be great. 2. Being in a rural area the telephone lines are occasionally dug up or otherwise put out of commission for long periods of time and this would isolate the users from their collaboration suite.

    Some more info for you to consider - if you wish to assist me.

    The ISDN connection is hooked up to an IPCOP firewall box that will be providing DHCP and DNS relay.

    There will be 4 Windows XP desktops as the client machines. I figured that I would have a hard enough time teaching the users how to operate Firefox and Open Office without having to make them go completely cold turkey off Microsoft.

    I want to set up a server running Ubuntu with domain authentication services (can I use the LDAP system that zimbra provides to do this????), samba shares for user profiles and data storage and zimbra.

    In normal circumstances this is probably asking a lot from one server but as there are only 4 PCs I'm hoping to get away with it.

    Would it be feasible to also set up a DNS server on the same box as zimbra? Perhaps the minimalist DNS server as described in the split dns article may be the way to go.

  7. #7
    Join Date
    Sep 2006
    Location
    SE Queensland - Australia
    Posts
    9
    Rep Power
    9

    Thumbs up

    Woohoo !!
    I can send email to internal users and out to the internet

    I installed bind9 and thanks to the info at http://www.howtoforge.com/two_in_one_dns_bind9_views
    managed to get DNS resolution for my Zimbra server as well as forwarding DNS requests for external resolutions on to my IPCOP box. I've attached the files that I had to modify in the bind9 configuration. If someone else is doing this then you should be able to just substitute your own IP addresses, domain names and server names

    Note: I added the .doc extensions so I could upload the files

    Now just to work out the fetchmail and make the ISDN connect when there is mail to be sent out
    Attached Files Attached Files

  8. #8
    Join Date
    Sep 2006
    Location
    SE Queensland - Australia
    Posts
    9
    Rep Power
    9

    Exclamation A false start

    My initial excitement over being able to send mail out to the world was short-lived. It turned out that most servers would not accept my messages (although hotmail did). I suspect that this is because the host name of my zimbra server is not able to be resolved by DNS in the big wide world - only on my side of the firewall. After a bit more thought and testing I think I now have a working system - and no I don't need split DNS (as Bill implied earlier on). I will eventually be organising a domain name and a mail host but for my testing I am using my own ISP mail system where I have a couple of different mailboxes ( me@aapt.net.au and me2@aapt.net.au - for example). I rebuilt the Zimbra server and gave it a hostname of aapt.net.au. I also put an entry in the /etc/hosts file that associates aapt.net.au with my local IP address. The install script complained that the MX record didn't point to my machine but I ignored the problem and it installed OK. Once the install completed I logged into the admin console and disabled DNS lookups in the global settings (MTA) so internal mail is routed by the info in /etc/hosts. In the global settings (MTA) I also added my ISPs SMTP server as the MTA relay for external mail. I have set up fetchmail to collect messages from my ISPs mailboxes and forward those messages to Zimbra users with identical usernames. This way the real-world email account me@aapt.net.au is mirrored by the zimbra user me@aapt.net.au so the reply functions work properly when a zimbra user`sends an email out to someone that is not part of the local Zimbra configuration.

Similar Threads

  1. Zimbra shutdowns every n hours.
    By Andrewb in forum Administrators
    Replies: 13
    Last Post: 08-14-2007, 09:55 AM
  2. Replies: 8
    Last Post: 02-27-2007, 04:10 AM
  3. port 7071 not listening OS X install
    By leeimber in forum Installation
    Replies: 7
    Last Post: 03-21-2006, 10:47 AM
  4. Zimbra Processor Output
    By UltraFlux in forum Installation
    Replies: 3
    Last Post: 02-01-2006, 08:23 AM
  5. Network edition - strange behavior
    By goetzi in forum Installation
    Replies: 6
    Last Post: 11-16-2005, 03:08 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •