Results 1 to 7 of 7

Thread: Zimbra NE small deployment questions

Hybrid View

  1. #1
    Join Date
    Aug 2007
    Location
    London, UK
    Posts
    297
    Rep Power
    8

    Default Zimbra NE small deployment questions

    I'm planning a 12 user migration from MS SBS 2003 to Zimbra... I cannot wait to get rid of Exchange. And with the release of v6 we've already decided that Zimbra is "the one".

    I've got some quick questions though:

    1) When I add an additional domain to a Zimbra server (Network Edition Pro) it basically creates a new vhost so the server can be accessed at https://whatever.newdomain.com, correct? Where whatever is a DNS A record. However if someone tries to access that using their browser then they'll get an SSL error as the SSL cert will belong to a different domain eg: mail.originaldomain.com
    Is there a way to install an SSL cert for additional domains to prevent users of the other domain from getting SSL errors?
    Obviously these SSL errors extend to using IMAPS/POP3S/SMTPS with Thunderbird as well.

    2) I know that Zimbra (Yahoo!) Desktop runs using Mozilla Prism. But is it possible to just make a Prism runtime of our regular Zimbra interface? This will give users a recogniseable icon/window in the taskbar to be able to access the AJAX UI. Zimbra Desktop has way too much Yahoo branding for use in a corporate environment IMO, even as small as our business.

    3) In a 12-15 user environment, would it be acceptable to have Zimbra installed on a software RAID 10?
    Or is Zimbra on software RAID a total non-starter?
    We currently don't have a hardware RAID card available for this machine. It's a quad-core Xeon X3360 with 8GB memory so it's got enough grunt to handle software RAID overhead, I think.
    We have a 3Ware 9690SA-8i installed in our NAS box but that's a RAID 6 so it helps to have the parity calculations performed by the hardware card.
    Can we get away with software RAID 10 in our Zimbra box?

    Cheers, Ben

  2. #2
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,322
    Rep Power
    13

    Default

    Quote Originally Posted by batfastad View Post
    1) When I add an additional domain to a Zimbra server (Network Edition Pro) it basically creates a new vhost so the server can be accessed at https://whatever.newdomain.com, correct?
    Not exactly.
    Currently, ZCS "answers" to any URLs used to connect to the server, as long as the URLs exist (ie that there's a DNS record pointing to the server).

    Quote Originally Posted by batfastad View Post
    However if someone tries to access that using their browser then they'll get an SSL error as the SSL cert will belong to a different domain eg: mail.originaldomain.com
    Yes.

    Quote Originally Posted by batfastad View Post
    Is there a way to install an SSL cert for additional domains to prevent users of the other domain from getting SSL errors?
    Currently no 8-(
    You have to go through a SSL reverse proxy to do this today.

    For example run ZCS on port 8443 and apache+mod_ssl on 443.
    You'll need several IP (one per domain/SSL certificate) and to create a vHost par IP/domain/SSL cert in apache.
    And setup all vHosts to reverse proxy to ZCS

    And also to define the ZimbraPublicServiceHostname (and port and protocol) for each domain (in order for ZCS to be able to create the correct URLs).

    Quote Originally Posted by batfastad View Post
    Obviously these SSL errors extend to using IMAPS/POP3S/SMTPS with Thunderbird as well.
    If you want to use the different SSL also for imap/pop, you can do it by using ngnix instead of apache/modssl as reverse proxy (there's a page in the wiki about this).
    But this won't work for smtp AFAIK.

    Quote Originally Posted by batfastad View Post
    2) I know that Zimbra (Yahoo!) Desktop runs using Mozilla Prism. But is it possible to just make a Prism runtime of our regular Zimbra interface? This will give users a recogniseable icon/window in the taskbar to be able to access the AJAX UI. Zimbra Desktop has way too much Yahoo branding for use in a corporate environment IMO, even as small as our business.
    Of course.
    You can do this with Prism or Chrome or Iron.
    I'm running the ZWC in an Iron window and it works just nice !

    Quote Originally Posted by batfastad View Post
    3) In a 12-15 user environment, would it be acceptable to have Zimbra installed on a software RAID 10?
    Or is Zimbra on software RAID a total non-starter?
    Yes, as long as your software RAID tools are "nicely" behaving 8)

    Quote Originally Posted by batfastad View Post
    We currently don't have a hardware RAID card available for this machine. It's a quad-core Xeon X3360 with 8GB memory so it's got enough grunt to handle software RAID overhead, I think.
    With a quad-core for 12 users, you shouldn't have any performance issue with software RAID, even with hundreds of mails per user per day...

  3. #3
    Join Date
    Aug 2007
    Location
    London, UK
    Posts
    297
    Rep Power
    8

    Default

    Hi Klug
    Sorry for the delay in replying... your comments are appreciated

    The SSL thing isn't a big deal really. I'm planning to run a multi-domain set-up but only in so far as people will have aliases for additional domains, not full separate accounts.
    Even just letting people access mail.pri-domain.com isn't a problem unless we were planning to re-sell Zimbra services, which we're not.

    Good news on the software RAID though. I'm planning a migration to VoIP so the £500 saved by not needing hardware RAID and battery backup can go towards some new phones

    What do you mean by Chrome/Iron?
    I've not heard of those products as alternatives to Prism, I'd be interested in giving them a go.

    Now Yahoo's out of the picture I'd love to see the Yahoo branding disappear from Zimbra Desktop.
    If there was an enterprise version of Zimbra Desktop which can take your regular Zimbra mailbox and make it work offline, looking as identical as possible to the corporate AJAX UI, then that would be absolutely killer!

    Cheers, B

  4. #4
    Join Date
    Aug 2007
    Location
    London, UK
    Posts
    297
    Rep Power
    8

    Default

    Quote Originally Posted by batfastad View Post
    What do you mean by Chrome/Iron?
    I've not heard of those products as alternatives to Prism, I'd be interested in giving them a go.
    Another quick question about Prism et al.
    I guess if you get an e-mail with a web link, clicking the web link doesn't open up another Prism window/tab but opens up your default browser. Is that correct?

    Cheers, B

  5. #5
    Join Date
    Feb 2007
    Location
    Portland, OR
    Posts
    1,147
    Rep Power
    10

    Default

    Iron is a stripped down version of Chrome that is made to not send any information to the Google servers.

    Both Chrome and Iron have a "Create application shortcuts..." menu option that lets you create shortcuts to any website that you want. And clicking on a link in the "application" appears to open in the "real" browser's window.

    The latest version of ZD (1.0.5) available is the exact same as 1.0.4, but without the yahoo branding

  6. #6
    Join Date
    Aug 2007
    Location
    London, UK
    Posts
    297
    Rep Power
    8

    Default

    Ok that's pretty cool actually. Zimbra in Iron seems to perform better than Firefox on my old grunter laptop, so could be an option.
    A bit annoying that when using Zimbra in an Iron window, any links default to opening in an Iron tab and not your default browser. Be really cool if you could get rid of the Iron tab bar, address bar, buttons and replace the application icon to have a completely customised Zimbra client.
    A Prism "bundle" seems slightly easier to deploy and customise though but with only 12 users that's not too much of a problem.

    I've got a test installation up and running with the NE trial. Did a test import of my mailbox with the Exchange Migration Wizard and it worked great!

    But I have some questions about a few Zimbra settings:

    1) Display external images in HTML mail
    Is it possible to only block images in HTML mail if the mail is tagged as junk?

    2) Distribution list
    Is it possible to set up a distribution list which accepts mail, but only from local recipients and not external addresses?

    3) Calendar
    When clicking a day in the month view of the calendar, is it possible to
    have this default to the "QuickAdd Appointment" box rather than the fish-eye hourly view?

    4) Clicking contact names in the AJAX UI under the top e-mail headers section usually brings up the "Add Contact" screen, even though there's an "Add Contact" button next to it. Would be good if clicking the name/e-mail could be set to open a new e-mail to that address

    5) Is it possible to set the AJAX UI to remember which folders/sub-folders were expanded/contracted between sessions?

    6) Are there any services out there which can e-mail me a virus?
    Sounds pretty brutal... but I just want to test the AV behaviour and to make sure the ClamAV definition is up to date.

    7) Limited COS settings
    I've been messing about in the Admin UI to get the settings set as we would want but there appears to be many more settings available in the Admin UI than are available through the COS Editing screens. Is that just because they're not available through the Admin UI and I would have to use the Zimbra command line commands to add particular settings for a COS?
    Or is what's listed on the COS edit screen literally all that's available to set for a COS?

    Just some general questions really, I'll be starting to use the AJAX UI in anger over the next days/weeks whilst everyone else is still wallowing in Outlook.
    Really looking forward to getting some Zimlets built to integrate the AJAX UI with our mysql/php intranet database!

    Cheers, B
    Last edited by batfastad; 02-18-2010 at 04:23 AM.

  7. #7
    Join Date
    Feb 2007
    Location
    Portland, OR
    Posts
    1,147
    Rep Power
    10

    Default

    1.) This can be changed with "Download pictures automatically in HTML Email" in the client's preferences under Preferences -> Mail.

    In the admin interface it's pretty much the exact same place.

    2.) Unfortunately not yet, work on this is being tracked here: https://bugzilla.zimbra.com/show_bug.cgi?id=9620
    In the meantime there are some postfix hacks you can do to restrict who can send to it, search the forums and you should be able to find it.

    5.) As far as I know that isn't possible.

    6.) For testing anti-spam: SpamAssassin: The GTUBE
    For testing anti-virus: eicar | THE ANTI-VIRUS OR ANTI-MALWARE TEST FILE
    Those are pretty much the standard files that anything should react to (and that are completely harmless)

    7.) Not sure what you mean by "settings available in the admin UI but not the COS", but for sure there are hundreds of settings available using the CLI that are not shown in the admin UI, mainly due to the fact that most of them are perfectly fine at the default setting, so most people will never need to see them.

Similar Threads

  1. [SOLVED] Postfix unavailable - queue down
    By pmona in forum Administrators
    Replies: 20
    Last Post: 01-21-2010, 09:03 PM
  2. Replies: 15
    Last Post: 11-24-2009, 07:46 AM
  3. [SOLVED] Zimbra logwatch.
    By nishith in forum Administrators
    Replies: 5
    Last Post: 06-10-2009, 04:42 PM
  4. /tmp filling
    By Nutz in forum Administrators
    Replies: 8
    Last Post: 02-22-2008, 01:00 AM
  5. Major Issue - 5.0RC2 NE to 5.0GA NE failed
    By DougWare in forum Installation
    Replies: 7
    Last Post: 01-06-2008, 08:56 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •