Mail.megazirt.co.uk
Dead server, read on...
This used to be a virtual server used to host emails using Zimbra and Funambol for cloud sync, running on CentOS 5.6. While this setup worked extremely well, it was unfortunately complete overkill in my case as only two users really used it on a regular basis, one of which had no desire to have cloud-syncing. I have since switched emails over to Gmail, but I've left this page up as generally I highly recommend the Zimbra/Funambol setup.
Contents |
Network Settings
- Domain Name : mail.megazirt.co.uk
- Local IP Adddress : 192.168.8.7
- Wide IP Address : 82.133.103.34
Installing CentOS 5.6
Other then the Generic Linux Server Options, I've mainly been following the original guide at the Zimbra Forum, but as the guide is getting outdated here is my method...
Install Centos5.6, Use a custom package selection of
- Editors
- Text Base Internet
- Development Libaries
- Development Tools
- Administration Tools
- Base
- System Tools
Setup the IP address as the external IP first, give the hostname as external forest as the hostname shows up in email code.
After system first boots disable SELinux by editing the /etc/selinux/config file, and edit /etc/hosts to look like
127.0.0.1 localhost.localdomain localhost ::1 localhost6.localdomain6 localhost6 82.133.103.34 mail.megazirt.co.uk mail 192.168.8.7 mail.megazirt.local
Once the external IP is up and running, a local address can be setup on the same interface by using
cd /etc/sysconfig/network-scripts/ cp ifcfg-eth0 ifcfg-eth0:0 vim ifcfg-eth0:0
and then editing the file to match something like...
DEVICE=eth0:0 BOOTPROTO=static BROADCAST=192.168.8.255 HWADDR=08:00:27:74:83:2B IPADDR=192.168.8.7 NETMASK=255.255.255.0 NETWORK=192.168.8.0 ONBOOT=yes
reboot the network using
service network restart
and then check the interface is working with a ping 192.168.8.4 or ifconfig -a
Remove default packages that either conflict with Zimbra or just plan don't need...
yum erase sendmail -ty
Install External Package Repo, and install Fail2Ban from it. To get Zimbra to work correctly there are a few random packages to specificity install. Then make sure everything is updated.
rpm -Uvh http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm yum install fail2ban openssl097a compat-libstdc++-296 compat-libstdc++-33 compat-db fetchmail sysstat -ty yum update -ty
Edit the /etc/sudoers using the command
visudo
and comment out defaults requiretty.
Edit the /etc/sysconfig/i18n and delete the line LANG=”en_US.UTF-8”.
Disable loads of unneeded services that get setup by default
chkconfig restorecond off chkconfig rpcidmapd off chkconfig rpcgssd off chkconfig lvm2-monitor --level 1,2,3,4,5,6 off chkconfig readahead_later off chkconfig readahead_early off chkconfig pcscd off chkconfig portmap off chkconfig nfslock off chkconfig netfs off chkconfig messagebus off chkconfig mcstrans off chkconfig lmcstrans off chkconfig autofs off chkconfig anacron off chkconfig gpm off chkconfig exim off chkconfig iptables off
Notice that at the end I've turned off iptables/firewall, though this probably isn't recommended it will get turned back on as soon as I know everything is working. At this point it's best to reboot and check all the updates and tweaks didn't screw up the system.
Zimbra Installation
As the released binary for Zimbra are becoming 64-bit only I'm currently using Zimbra 7.1 which I previously downloaded and saved locally on my NAS. This will probably get outdated and replaced with 64-bit only versions. There is meant to be a way to [download the source using perforce.] But I can't get it download anything by following the guide. Once you get hold of a suitable binary, unzip it and run...
tar -zxvf zcs-7.0.1_GA_3105.RHEL5.20110304210448.tgz cd zcs-7.0.1_GA_3105.RHEL5.20110304210448 ./install.sh --platform-override
Following the on screen prompts, agree to licence, packages should read as
Install zimbra-ldap [Y] y Install zimbra-logger [Y] y Install zimbra-mta [Y] y Install zimbra-snmp [Y] y Install zimbra-store [Y] y Install zimbra-apache [Y] y Install zimbra-spell [Y] n Install zimbra-memcached [N] n Install zimbra-proxy [N] n
and ok everything after that. Zimbra takes awhile to install so go have a banana or something. The configuration options then pop up, which a fairly extensive and list of options and sub-options to go though. This is the long and detailed list of my options...
Common configuration 1) Hostname: mail.megazirt.co.uk 2) Ldap master host: mail.megazirt.co.uk 3) Ldap port: 389 4) Ldap Admin password: set 5) Secure interprocess communications: yes 6) TimeZone: Europe/London (Option 81)
Ldap configuration 1) Status: Enabled 2) Create Domain: yes 3) Domain to create: megazirt.co.uk (Notice the servername is dropped) 4) Ldap root password: set (no need to change this) 5) Ldap replication password: set (no need to change this) 6) Ldap postfix password: set (no need to change this) 7) Ldap amavis password: set (no need to change this) 8) Ldap nginx password: set (no need to change this)
Store configuration 1) Status: Enabled 2) Create Admin User: yes 3) Admin user to create: admin@megazirt.co.uk 4) Admin Password SET (This needs setting) 5) Anti-virus quarantine user: virus@mail.megazirt.co.uk (Make this shorter) 6) Enable automated spam training: yes 7) Spam training user: spam@mail.megazirt.co.uk (Make this shorter) 8) Non-spam(Ham) training user: ham@mail.megazirt.co.uk (Make this shorter) 9) SMTP host: mail.megazirt.co.uk 10) Web server HTTP port: 80 11) Web server HTTPS port: 443 12) Web server mode: http 13) IMAP server port: 143 14) IMAP server SSL port: 993 15) POP server port: 110 16) POP server SSL port: 995 17) Use spell check server: yes 18) Spell server URL: http://mail.megazirt.co.uk:7780/aspell.php 19) Configure for use with mail proxy: FALSE 20) Configure for use with web proxy: FALSE 21) Enable version update checks: FALSE (Changed, New versions 64-bit only)
Mta configuration (Defaults should be fine) 1) Status: Enabled 2) MTA Auth host: mail.megazirt.co.uk 3) Enable Spamassassin: yes 4) Enable Clam AV: yes 5) Notification address for AV alerts: admin@megazirt.co.uk 6) Bind password for postfix ldap user: set 7) Bind password for amavis ldap user: set
Snmp configuration (Defaults should be fine) 1) Status: Enabled 2) Enable SNMP notifications: yes 3) SNMP Trap hostname: mail.megazirt.co.uk 4) Enable SMTP notifications: yes 5) SMTP Source email address: admin@megazirt.co.uk 6) SMTP Destination email address: admin@megazirt.co.uk
6) zimbra-logger: Enabled (Make sure this doesn't change on the main menu)
7) zimbra-spell: Enabled (Make sure this doesn't change on the main menu)
Default Class of Service configuration (Defaults should be fine) 1) Enable Briefcases Feature: Enabled 2) Enable Tasks Feature: Enabled
Finally, remember to press "a" to apply updates. Save the config file as /opt/zimbra/config, don't worry about config versions. The installation will then takes ages doing even more install stuff and starting services, so go have an apple. With the installation complete, going to http://82.133.103.34 should fire up the web client interface, log in with user Admin and the password setup earlier. First login always takes a long time. That's the main installation part of Zimbra done. Now for some tweaking!
Zimbra Performance Tweaks
Before getting into the proper set-up of Zimbra there are a few tweaks I perform to get the server running on a non-recommend spec virtual server with only 512mb of RAM. I get away with this because I only really have 4/5 email users, but if you are reading this thinking of running Zimbra for anymore then 10 users your will be best using your own settings and getting the full 2GB. What I have found reading on the web is Zimbra can often benefit from tweaking though, whatever your setup. Note that while I call these tweaks, really I'm just trying to make things stable instead of making things fast. The tweaks have been obtained from all over the web.
Start by running as Zimbra user...
su zimbra
Then following general tweaks can be copyied and pasted.
zmlocalconfig -e mailboxd_java_heap_memory_percent=40 zmlocalconfig -e mysql_memory_percent=10 zmprov mcf zimbraLogRawLifetime 7d zmprov mcf zimbraLogSummaryLifetime 30d zmlocalconfig -e zmmtaconfig_interval=6000 zmprov ms mail.megazirt.co.uk zimbraHttpNumThreads 25 zmprov ms mail.megazirt.co.uk zimbraPop3NumThreads 5 zmprov ms mail.megazirt.co.uk zimbraImapNumThreads 5 zmtlsctl redirect zmprov mc default zimbraPrefTimeZoneId '(GMT) Greenwich Mean Time - Dublin / Edinburgh / Lisbon / London' zmcontrol restart
Another big user of memory is the anti-virus. Halomede Blog states 450MB is used by default with 10 anti-virus processes. Having 450MB just for Anti-Virus on a 512MB server is not good for stability! So
- as root edit /opt/zimbra/conf/amavisd.conf.in
- change line 42 from $max_servers = 10; to $max_servers = 2;
Even with the amavisd tweak, the "clamd" process is a big memory hog by default, so edit clam.conf and clam.conf.in..
- on line 110 change #MaxThreads 20 uncommented to MaxThreads 2
- line 269 change #ArchiveLimitMemoryUsage yes uncommented to ArchiveLimitMemoryUsage yes
The HTTPD/Tomcat can be tweaked via /opt/zimbra/conf/httpd.conf
- change line 87 from Timeout 300 to Timeout 20.
From Line 119 setup as
<IfModule prefork.c> StartServers 2 MinSpareServers 2 MaxSpareServers 25 MaxClients 5 MaxRequestsPerChild 5 </IfModule>
<IfModule worker.c> StartServers 2 MaxClients 5 MinSpareThreads 2 MaxSpareThreads 25 ThreadsPerChild 2 MaxRequestsPerChild 5 </IfModule>
<IfModule perchild.c> NumServers 5 StartThreads 2 MinSpareThreads 2 MaxSpareThreads 5 MaxThreadsPerChild 5 MaxRequestsPerChild 5 </IfModule>
- Around line 278, change ServerAdmin you@example.com to ServerAdmin admin@megazirt.co.uk
- From around line 730, comment out all the country codes except AddLanguage en .en
I also tweak the MySql database, edit my.cnf
- Line 23, set thread_cache_size = 10
- Line 24, max_connections = 10
- Line 29, sort_buffer_size = 512k
- Line 30, read_buffer_size = 1M
- Line 33, table_cache = 12
More cron jobs can be removed from /var/spool/cron/zimbra. Ignore the fact the file specificity tells you not to do this.
- line 49, comment out # 18 */2 * * * /opt/zimbra/libexec/zmcheckversion -c >> /dev/null 2>&1
- line 55, comment out #00,10,20,30,40,50 * * * * /opt/zimbra/libexec/zmlogprocess > /tmp/logprocess.out 2>&1
- line 70, change to 0,30 * * * * /opt/zimbra/libexec/zmqueuelog
- line 63, change to 0 04 * * * /opt/zimbra/libexec/zmdailyreport -m
Reboot, and enjoy a bit of extra RAM and less processor crashes.
Zimbra Administration
Once Zimbra is installed and the general tweaks have been done it's time to sort out the serious set-up. Most of the configuration can be done from the command line, so to start with run the following...
su zimbra
Now we are logged in, setup spam filter to block anything with suspect/missing hostnames or with a hostname in a spammer database.
zmprov mcf zimbraMtaRestriction reject_invalid_hostname zimbraMtaRestriction reject_non_fqdn_hostname zimbraMtaRestriction reject_non_fqdn_sender zmprov mcf zimbraMtaRestriction reject_unknown_client zimbraMtaRestriction reject_unknown_hostname zimbraMtaRestriction reject_unknown_sender_domain zmprov mcf zimbraMtaRestriction "reject_rbl_client dnsbl.njabl.org" zimbraMtaRestriction "reject_rbl_client cbl.abuseat.org" zimbraMtaRestriction "reject_rbl_client bl.spamcop.net" zimbraMtaRestriction "reject_rbl_client dnsbl.sorbs.net" zimbraMtaRestriction "reject_rbl_client sbl.spamhaus.org" zimbraMtaRestriction "reject_rbl_client relays.mail-abuse.org"
Change the anti-virus update interval,
zmprov mcf zimbraVirusDefinitionsUpdateFrequency 72h
The final part of the aministration needs to be done from the Admin Web Interface, at least until I can find the proper command lines. This is done either by logging into the normal email site as clicking "Admin Console" at the top right of the screen or going direct to https://82.133.103.34:7071/zimbraAdmin/. The login will be "Admin" and the password is whatever was set earlier.
- Once logged in start by clicking on Global Settings on the left hand side.
- Under General Information change Sleep time between subsequent mailbox purges: 7 Days
- Change the tab to Attachments and click on Add All
- Change tab to Briefcase and change "Company identifier in public share prompts" field to Megazirt
- Click on Admin Extensions on the left hand side
- Click the Version Check Admin Extension line and then click the Undeploy button.
- Click on Zimlets on the left hand side
- Click the LikedIn line and then click the Toggle Status button.
- Click the Phone line and then click the Toggle Status button.
- Click the ZimbraSocial line and then click the Toggle Status button.
- Click the WebEx line and then click the Toggle Status button.
- Click on Server Settings on the left hand side
- Click the MTA tab first, and add 192.168.8.0/24 to MTA Trusted Networks info for why is Zimbra Wiki - MyaMyNetworks
- Click the General tab and change Description to Megazirt Mail Server ; change Maximum number of scheduled tasks that can run simultaneously to 2.
- Click on Volumes tab, and click on index1 line and then edit. Change Volume Root Path to the VBox shared folder address - /email/index
- Click on Volumes tab, and click on message1 line and then edit. Change Volume Root Path to the VBox shared folder address - /email/message
Note that if you get permission problems with the new shared folders, make sure the email folder is made and mounted as Zimbra as user+group owner. fstab should have something like...
zimbra /email vboxsf owner 0 0
Funambol
For sync to my mobile phone, I use the excellent Funambol open source package. If you don't know what funambol does, you can try it on there server using MyFunambol. The setup is being heavily based (almost copy and pasted, sorry) on [a guide from the zimbra wiki.] I'll try and update the Zimbra Wiki as much as I do my own wiki for now, until the Zimbra wiki will hopefully advanced beyond my knowledge, while this wiki will stay try and stay a simple guide for my personal setup.
Start by downloading the latest version.
wget http://downloads.sourceforge.net/project/funambol/bundle/v10/funambol-10.0.2.bin?r=http%3A%2F%2Ffunambol.com%2Fopensource%2Fdownload.php%3Ffile_id%3Dfunambol-10.0.2.bin%26path%3Dbundle%2Fv10%26_%3Dd&ts=1312592448&use_mirror=netcologne
Then simply run it.
sh funambol-10.0.2.bin
The binary script will start to install and asks a few questions, agree to the license terms (or not), install to default directory (/opt), and do not start the server (just yet.)
Now download the latest Funambol - Zimbra Connector version.
wget http://downloads.sourceforge.net/project/zimbrafunambol/zimbrafunambol/ZimbraConnector_0.6.02/ZimbraConnector_0.6.02.zip?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fzimbrafunambol%2F&ts=1312593991&use_mirror=puzzle unzip ZimbraConnector_0.6.02.zip
The Zip file contains the source code and the binary, all we really need is one folder in binary copied over to the Funambol server folders.
cp -rv ./ZimbraConnector_0.6.02/output/* /opt/Funambol/ds-server/modules
Now we need to create a setup file
mkdir /opt/Funambol/config/connector/ vim /opt/Funambol/config/connector/ZimbraConnector.xml
and into that file copy and save the following
<java version="1.5.0" class="java.beans.XMLDecoder">
<object class="ru.korusconsulting.connector.config.ConnectorConfig">
<void property="dataSource">
<string>jdbc/fnblds</string>
</void>
</object>
</java>
Now edit the Funambol install script to include the newly installed connector
vim /opt/Funambol/ds-server/install.properties
and on last line append ZimbraConnector so that it reads
modules-to-install=content-provider-10.0.0,email-connector-10.0.0,foundation-10.0.0,phones-support-10.0.0,webdemo-10.0.0,ZimbraConnector
With the connector installed and setup, we can now run Funambol for the first time!
cd /opt/Funambol/bin ./funambol start && ./funambol-server start && ./install-modules
Say yes to any questions about creating a database.
Now that everything is installed, setup and running, setup the init script to start on reboots. Ignore the funambol documents suggesting copying the funambol script from the binary folder into init.d, and copy this nice little script found on the CentOS 5 forum
vim /etc/init.d/funambol
and put in
#!/bin/bash
#
# /etc/rc.d/init.d/funambol
#
# Sync Daemon for Contacts, Calendars and Tasks
# Made by me!
# And modified by burakkucat. ;-)
#
# chkconfig: 345 45 55
# description: Funambol Sync Service
# processname: funambol
# Source function library.
. /etc/init.d/functions
RETVAL=
start() {
echo -n "Starting funambol: "
/opt/Funambol/bin/funambol start
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
touch /var/lock/subsys/funambol
fi
}
stop() {
echo -n "Shutting down funambol: "
/opt/Funambol/bin/funambol stop
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
rm -f /var/lock/subsys/funambol
fi
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart|reload)
stop
start
;;
*)
echo "Usage: funambol {start|stop|reload|restart}"
exit 1
;;
esac
exit $RETVAL
Like it also says on the forum, setup it up and test using
chmod 755 /etc/rc.d/init.d/funambol chown root:root /etc/rc.d/init.d/funambol chkconfig --add funambol service funambol start
I keep the email server GUI free, so now on my Laptop I download, run, install the admin software
cd ~\Downloads wget http://downloads.sourceforge.net/project/funambol/admin-tool/v10/funambol-admin-10.0.0.tgz?r=http%3A%2F%2Ffunambol.com%2Fopensource%2Fdownload.php%3Ffile_id%3Dfunambol-admin-10.0.0.tgz%26path%3Dadmin-tool%2Fv10%26_%3Dd&ts=1312761798&use_mirror=garr tar -zxvf funambol-admin-10.0.0.tgz cd Funambol/admin/bin/ ./funamboladmin
Just as a small note, I had some trouble getting the funamboladmin to load, and it turned out to be a simple case of not having my laptops hostname in the /etc/resolv.conf file.
When the admin tool is open, double click "Funambol Administration Tool" line on the left column, and fill in the details for hostname, etc. The user and password are just the default, don't worry about that for now.
Remove follow items from the FunambolFoundationConnector , under mail.megazirt.local , Modules , foundation
- PIM Calendar SyncSource -- cal; event; scal; stask; task
- PIM Contact SyncSource -- card; scard
Now you should add new SyncSources, under mail.megazirt.local , Modules , zimbra , FunambolZimbraConnector, then right click on the CalendarSyncSource" and select "Add SyncSource. Enter the following details - Adding new SyncSource, for each item - cal, event, scal, stask and task.
- Source URI = cal | event | scal | stask | task
- Name = cal | event | scal | stask | task
- Zimbra URL = https://localhost/service/soap/
Now right ContactSyncSource, and select "Add SyncSource". Enter the following details - Adding new SyncSource items for both card and scard.
- Source URI = card | scard
- Name = card | scard
- Zimbra URL = https://localhost/service/soap/
Then right click on the "GALSyncSource" and select "Add SyncSource". Enter the following details - Adding a new SyncSource item for zimbraGALContacts.
- Source URI = zimbraGalContacts
- Name = zimbraGalContacts
- Zimbra URL = https://localhost/service/soap/
One final thing to do before closing funamboladmin is to remove the default users, and change the admin password. Under mail.megazirt.local , Users click search and then double click Admin. Change the password, ok it, and then click search again, single click Guest and remove. New users get added automatic, don't try and add them here.
Android Client
I'll probably add to this later - Alan 08/08/11
On the phone side simply add a new synchronization profile if you phone supports SyncML by default. The server setting should be the funambol URI which should be in the format http://mail.megazirt.co.uk:8080/funambol/ds
