Ubuntu 8.04 LTS Server (Hardy Heron) Install Guide

From Zimbra :: Wiki

Jump to: navigation, search

The following guide is for installing ZCS on Ubuntu Server 8.04 LTS, and is a revision of my previous Ubuntu Server 6.06 installation guide here. Please verify which version you are using and follow the appropriate guide, as there are material differences between the two. I have tested this guide with the 32-bit version of Ubuntu only; others will need to verify if any tweaks are necessary for a 64-bit installation.

This installation is for a split-DNS setup, where the server resides on a DMZ and so needs to resolve to its own internal (DMZ subnet) IP address rather than the public IP address that is published to the world. This is a setting where a firewall/router supplies the translation from the public IP to the DMZ IP (DNAT--Destination Network Address Translation) so that translation is not known to the server itself. This configuration is desirable for security, but it makes bits of the Zimbra configuration more complex than they might otherwise be.

For simplicity's sake I'm referring to Zimbra's DMZ address as the "private ip address" from here on. By that I mean that the Zimbra box has only one IP address, it's on the DMZ, and can be seen by my LAN but not the public. When I say "public IP address" I'm not talking about another address on the Zimbra box, but rather the address that gets DNATed to my box and which is resolved in the world.

Contents

Installing Ubuntu 8.04 LTS

Obtain your installation binary from Ubuntu at http://www.ubuntu.com/getubuntu/download. Be sure you download the LTS (Longterm Support) Server Edition, NOT the Desktop Edition. Burn the iso file to a CD and boot it in your server. There is an excellent, highly-detailed installation guide for this version at http://www.howtoforge.com/perfect-server-ubuntu8.04-lts. I highly recommend this guide, particularly if you are new to Linux or Ubuntu specifically. The following points need to be kept in mind as you install:

1) The installation (and the guide) want to configure your LAN via DHCP. Cancel it before it gets that far, and manually configure it with a static IP address, netmask, and gateway. Don't put in a public DNS for your nameserver configuration; instead put in the same IP address that you just gave the machine for its own static IP (this won't let you resolve names on the internet until we do some more configuration below, but it saves headaches later).

2) When the installation asks for a hostname, give it only a one-word hostname (e.g. "mail" or "myserver") NOT the fully-qualified domain name (mail.mydomain.com). In the next screen where it asks for the domain name, give the "mydomain.com" part without the hostname.

3) Hard disk configuration is easy if you are using a single drive, but for a server, that's not the most secure way to do things. Ideally you should have either a RAID-1 or a RAID 1+0 configuration for your disks to provide redundancy. Most ideally that would be hardware-RAID, but configuring it in Ubuntu is a challenge. Software RAID (native to Linux) on the other hand, is easy IF you set it up AT THE TIME YOU ARE PARTITIONING YOUR DISKS. See this howto http://www.howtoforge.com/how-to-install-ubuntu8.04-with-software-raid1 for setup instructions if you want to use software RAID. As to partitioning your drives, you can find a variety of opinions. I just make a small partition for swap (1.5-2x RAM) and the rest for the whole system. Others will recommend separate partitions for mailstore, system, etc. Use your own judgement here.

4) Once the base system has been installed, the installer will ask you for a username, and then a password for that user. This needs to be a non-root user, and unlike previous Ubuntu versions, the user "admin" is no longer accepted. Whatever you choose, that username and password will be what you use to log in at the command line later, and the same password will be the password for sudo commands. Be sure you remember what you put in here!

5) At the "Software Selection" screen, select the DNS Server and OpenSSH Server options for installation, but nothing else. This will allow remote administration (SSH), and will install bind9 which you will need for split DNS.

6) Run the following command to make sure you have all the necessary packages: sudo apt-get install bind9 dnsutils file libgmp3c2 libexpat1 libstdc++5 libltdl3 libperl5.8 perl curl libpcre3 libc6 sysstat

With these items, your installation will complete and the system will reboot.

DNS

On Ubuntu, check /etc/default/bind9 to see the root directory path for your bind installation. If not other path is specified, then it's most likely /etc/bind/

Proper DNS configuration is PARAMOUNT! If you don't have your DNS working properly, don't even bother trying to install Zimbra, because trying to fix DNS after the fact may result in an install that can do everything except send mail--even from a Zimbra user to himself! So I'll say it again:

If you can't resolve your mailserver's own private IP address (NOT the public IP) using nslookup, fix it BEFORE you install Zimbra!

If your installation above was successful, when you sign on at the command line you'll be able to ping public IP addresses if you know them, but you may not be able to resolve any names to ping them.

Now you have to configure the following files, which are in the directory /etc/bind (for brevity I've deleted the generic comment lines included by the distro). Note that the query-source address and forwarders lines are already there, they just need to be uncommented, and in the case of the forwarders, the ip addresses of your ISP's DNS servers need to be added. Note also that the syntax needs to be EXACTLY as shown below--leave out one semicolon or bracket and the whole thing blows up:

/etc/bind/named.conf.options

options {
        directory "/var/cache/bind";

        query-source address * port 53;

        forwarders {
                xxx.xxx.xxx.xxx; xxx.xxx.xxx.xxx;
        };

        auth-nxdomain no;    # conform to RFC1035

};

the ip addresses on this file are public ip addresses of the DNS you use in the outside world. The line "query-source address * port 53" is to allow your machine to hit the DNS if oddball DNS ports are blocked. You can leave it commented if you don't need it.

Check /etc/resolv.conf and make sure it looks like this:

nameserver xxx.xxx.xxx.xxx

The IP address here should be the Zimbra box's private ip address.

Once you've fixed these two files and restarted bind

/etc/init.d/bind9 restart

you should be able to resolve names in the outside world. Try something like "ping google.com" and if you get an answer, you're on the way.

Now it's time to get the internal zone working. Append the following lines to /etc/bind/named.conf.local

        zone "mydomain.com"  {
                type master;
                file "/etc/bind/db.mydomain.com";
        };
        zone "xxx.xxx.xxx.in-addr.arpa" {
                type master;
                file "/etc/bind/db.xxx.xxx.xxx";
        };


Note that you need to type the full pathname to your db.* file. Also, be sure you don't miss a semicolon ";" in any of these lines that have them because a missing semicolon breaks the file.

The zone xxx.xxx.xxx.in-addr.arpa rappresents the reverse zone. You must insert the net address in the inverse order. Es.(192.168.1.x -> zone "1.168.192.in-addr.arpa")

Now create your file /etc/bind/db.mydomain.com

;
; BIND data file for mydomain.com
;
$TTL    604800
@       IN      SOA     mail.mydomain.com. admin.mydomain.com. (
                         070725         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      mail
        IN      MX      10 mail
        IN      A       xxx.xxx.xxx.xxx
mail    IN      A       xxx.xxx.xxx.xxx

The ip address here is again your Zimbra internal ip address; the string "admin.mydomain.com" is replaced with the email address you are using for administration, only with a "." instead of the "@" in the address. Be careful to increment the serial number one higher every time you modify this file or the changes won't stick. Many users use the date they edit the file for the serial number, but as long as you start low and only get higher it really doesn't matter.

Now create your file /etc/bind/db.xxx.xxx.xxx

$TTL 3D
@               IN      SOA     mail.mydomanin.com. admin.mydomain.com. (
                               1       ; Serial
                               8H      ; Refresh
                               2H      ; Retry
                               4W      ; Expire
                               1D)     ; Minimum TTL
                        NS      mail.mydomain.com.
x                       PTR     localhost.

Where "x" indicates the host id.

Now you may need to reboot the machine (restarting bind9 alone doesn't always work) and try to resolve your mail server.

nslookup mydomain.com

If it returns your public IP address, your internal DNS is not working. If things are configured correctly it'll return the internal address.

Hosts Table

Before you get to the install you also need to modify your /etc/hosts file:

127.0.0.1            localhost.localdomain   localhost
xxx.xxx.xxx.xxx      mail.mydomain.com       mail

ONLY IF this is working, it's now time to update your packages:

sudo bash (this will ask for your password, enter your administrator's pw, then you'll be at a root prompt)
apt-get update
apt-get upgrade

Now you're ready to install Zimbra.

Installing ZCS

Several discussion groups have listed the dependencies not installed by the standard Linux install, but the easy thing to do is try to run the install and let Zimbra give you a list of what's missing. Download the appropriate package for your Ubuntu installation (32 or 64 bit Ubuntu 8.04 LTS), copy it into your choice directory (I prefer /temp because /tmp is volatile and clears out every reboot), change to that directory, and type

tar -xzf zc*

and it'll create a whole directory /temp/zcs with lots of files inside it. Then:

cd /temp/zcs
./install.sh

It's not going to work the first time, but it'll give you a list of missing dependencies. Write down all the package names it says are missing. Your list may be slightly different than mine, but whatever it is, load them. Just separate each package name with a space like this:

apt-get install libpcre3 libgmp3c2 libstdc++5

Now re-run your Zimbra install and accept all the defaults except:

When it asks you for your domain, it's going to have your fully-qualified domain name (hostname.mydomain.com) rather than just the domain, and probably complain about not having an MX record. Change the hostname to just mydomain.com and it'll find the names through nslookup, and it'll be happy. The rest of the install should proceed without errors, except that toward the end it's going to ask you to "Adress unconfigured items" but, if you're doing this from the console and not from an SSH connection with a buffer, the actual item that's unconfigured is off the screen and invisible. It's the admin password, which is in menu item 3.

Finally, when the install is done and it has given you the last "press Enter to finish" you are almost done. I recommend at this point that you convert your webmail to use https rather than http. This is a security question, but it is also discretionary. If you choose to do this, then at the command prompt, type:

su - zimbra
zmtlsctl https

Now reboot the system, and when it comes back up,give it a couple minutes to start the rest of the Zimbra processes. If your installation is successful, you can go to https://xxx.xxx.xxx.xxx:7071 (your internal ip address again) to get the administrative console, or

https://xxx.xxx.xxx.xxx to log in as a user.

Congratulations--one shiny new Zimbra installation on Ubuntu!

Directory Permissions on /tmp

It is possible if the /tmp directory does not have the correct permissions it could hinder your efforts to install ZCS.

Make sure the /tmp directory has the following permissions.

drwxrwxrwt root root  /tmp

If your /tmp permissions do not match the above, run the following commands as root:

# chown root:root /tmp **Optional, good chance /tmp is already owned by root**
# chmod 777 /tmp
# chmod +t /tmp


The t in the end of the permissions is called the sticky bit. It replaces the x and indicates that in this directory files can only be deleted by their owners, the owner of the directory, or the root superuser. This way it is not enough for a user to have write permission on /tmp -- he also needs to be the owner of the file to be able to delete it.

Sending Mail from Terminal (optional)

In some situations, it is necessary for monitoring scripts or cron jobs to send mail to users on the system. On any Unix installations, this is done with the 'mail' command. The default Ubuntu installation described here will not include this command. Installing the mailx package to add mail will also cause Ubuntu to add a Mail Transport Agent application to handle mail delivery. This is not a problem if there is no Zimbra Postfix MTA running on your system, but if one is present then the new MTA could interfere with the Zimbra MTA and will disrupt mail routing. To safely add 'mail' and the associated package, you will need to do the following:

wget http://ubuntu.lnix.net/misc/mta-dummy/mta-dummy_1.0_all.deb 
dpkg -i mta-dummy_1.0_all.deb
apt-get install mailx
Add the following to /etc/mail.rc:
 set sendmail=/opt/zimbra/postfix/sbin/sendmail

When this is done, test it by running:

mail <user>@<yourdomain>

Enter a subject and body, using '.' on a blank line to end the message. When you have sent it, check /var/log/zimbra.log to confirm that the

message has been processed correctly.

If you have a multi-node Zimbra system and the server you are installing mailx on does not run an MTA, you can let it install Postfix, and during

configuration specify a dedicated relay server, which you should set to one of your existing Zimbra MTA hosts.

Verified Against: unknown Date Created: 8/9/2007
Article ID: http://wiki.zimbra.com/index.php?title=Ubuntu_8.04_LTS_Server_(Hardy_Heron)_Install_Guide Date Modified: 11/24/2011
Personal tools