Installing Zimbra on VServer

Revision as of 17:16, 1 November 2007 by Mathx (talk | contribs) (moved suse notes down into seperate distro section)

Installation on VServer

These instructions are specifically for Debian VServers, but should be able to be applied to just about any system

WARNING - Upgrading Zimbra will overwrite all of these files - you must patch them after installing and each upgrade.

Debian and VServers

Prerequisites

Remember when running a linux-vserver.org Vserver that the host machine will be arping for all the IPs in the Vservers. It will also accept any connections in its tcp stack for any IP in a vserver if the TCP stack has a deamon bound to *:port - ie postfix listening on *:25 on the vserver host will interfere with postfix on 1.2.3.4:25 on the vserver. Make sure you have bound ALL daemon ports (smtp, ssmpt, imap2, imap3, imaps, etc etc) to specific Ips on the host. How to do this is beyond the scope of this page, but generally check config files (/etc/postfix/conf/main.cf, /etc/dovecot.conf, /etc/apache/httpd.conf, etc) for Listen or Interface or other equivalent statements. When in doubt, RTFM.


Missing Packages

A base Debian vserver doesn't have a "file" utility installed by default. This is needed by amavis. The installer will fail, if getopt isn't installed, for this you need "libgetopt-mixed-perl". Apache and Tomcat will fail, as the base vserver doesn't have "libexpat1" installed. Install it by typing:

apt-get install file libexpat1 libgetopt-mixed-perl

Matter of fact, all packages required for installing Zimbra are:

apt-get install libgetopt-mixed-perl file libc6-i686 sudo libidn11 curl fetchmail libgmp3 \
    libxml2 libstdc++6 openssl libexpat1 libpcre3

Note: As of etch, libgmp3 isnt available anymore, libgmp3c2 or 4xx is required instead. Not finished testing install with 3c2 to see if it works. --mathx

/etc/hosts

Make sure you have a localhost entry and also an entry with your primary IP. For example:

127.0.0.1   localhost.localdomain localhost
1.2.3.4     mail.somehost.zimbra mail

localhost

The Zimbra logger process doesn't seem to startup. "zmcontrol status" on my system shows:

vserver:~# /opt/zimbra/bin/zmcontrol status
Host vserver.somedomain
        antispam                Stopped
        antivirus               Stopped
        ldap                    Running
        logger                  Stopped
        mailbox                 Stopped
        mta                     Stopped
        snmp                    Stopped
        spell                   Running
vserver:~#


The logger uses MySQL. I'm guessing there is some problem with privileges and/or connecting to localhost in the "mysql" database. Just a hunch though.

I installed Zimbra on a new VServer and the logger seemd to startup properly. "zmcontrol status" shows it running after several stops/starts. However, I'm still not getting any log data. All statistics windows say "Data not available yet.". Oh well.


Postfix

The postfix main.cf config file is auto generated by zmmtaconfig internally before postfix is run, so any changes you make to postfix/conf/main.cf will be overwritten. So you must edit /opt/zimbra/conf/zmmta.cf - in fact, any file in /opt/zimbra/conf that has 127.0.0.1 in it should be changed. For eg if you have chosen 10.5.6.7 as your RFC 1918 internal IP address in the vserver to act as localhost, then you could well do this:

cd /opt/zimbra/conf && mkdir bak new && cp * bak && for i in *; do sed 's/127\.0\.0\.1/10.5.6.7/g'  $i > new/$i; done && mv new/* . && rmdir new

to replace all 127.0.0.1's with 10.5.6.7 en masse (and keep a backup of the originals in bak/)


If you want to modify your mynetworks line in postfix in zimbra, the config is stored in LDAP and must be modified there:

 zmprov modifyServer your.server.domain.com zimbraMtaMyNetworks '10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12,  10.5.6.7'

for eg if you are using 10.5.6.7 as the internal localhost IP. It may not hurt to add your real external IP here as well (as it would only allow email from that IP through the mail system, which shouldnt hurt). If you do not do this, you may get "mail relaying denied" when you try to send mail out of the zimbra system as a user. Please see ZimbraMtaMyNetworks for more information on this setting.


postfix/conf/master.cf however is NOT autogenerated, and so needs editing in the postfix/conf dir:

10.5.6.7:10025 inet n  -       n       -       -  smtpd
 -o mynetworks=127.0.0.1/8,10.5.6.7

Where, again, 10.5.6.7 is your RFC1918 internal IP address chosen to replace your localhost ip (127.0.0.1). Do not forget to change the mynetworks line as well, or your AV will not be able to connect back to postfix on 10025 for final delivery.

Note: Avoid using your external internet IP address here, picking an RFC1918 replacement IP for 127.0.0.1 is a better idea in terms of security. You do not want this port open to the internet, as it may be DOSsable or other security issues (buffer overflows, etc) may arise. If you don't absolutely need a port open to the internets, don't open it.


Amavis & FreshClam

Edit /opt/zimbra/amavisd/sbin/amavisd (main Perl script) and explicitly add the IP address of the Zimbra VServer to the "inet_acl" line. I.e:

@inet_acl   = qw( 127.0.0.1 123.123.123.123 [::1] );  # allow SMTP access only from localhost

Postfix should then be able to talk to Amavis...

You may also need to change BIND address and the two services back to postfix (10025 port). Basically look for 127.0.0.1. (?? This line is overly vague, refine please --mathx)

Additional changes likely required in /opt/zimbra/amavisd/sbin/amavisd (perl script):

change
$inet_socket_bind = '127.0.0.1';  # limit socket bind to loopback interface
to
$inet_socket_bind = '10.11.12.5';  # no loopback in vserver, use rfc1918 internal ip bound to your vserver

also few lines down:

$notify_method  = 'smtp:[127.0.0.1]:10025';   # change these to also match your internal
$forward_method = 'smtp:[127.0.0.1]:10025';   # rfc 1918 ip addr (can use inet ip, but not recommended)

A bunch of filters in /opt/zimbra/conf/amavisd.conf also need updating from 127.0.0.1:(port) to whatever IP you are using (though many in the default file are commented out, I think I found 3 in the default zimbra amavisd install that needed changing.)

Additionally the local MX for /opt/zimbra/conf/dspam.conf needs changing as well.

Note: there are extra configs that autogenerate more configs for Amavis and FreshClam in /opt/zimbra/conf - be sure to change all the 127.0.0.1 IP addresses in those files to your chosen RFC 1918 address (see postfix above).

Vserver /tmp size

My install of Zimbra wouldn't start clamd with my default debian 16m of /tmp ramdisk space in my vserver. I had to edit /etc/vservers/(name)/fstab and increase it to 128m (though smaller may work, I didnt test), and restart the vserver. 128m lets it start anyway, not sure if I'll run out during operations. --mathx

Tomcat/Java

Memory Usage

While trying to get tomcat to start on our Vserver, we kept getting this error in catalina.out:

Invalid initial heap size: -Xms8001m
The specified size exceeds the maximum representable size.
Could not create the Java virtual machine.

By default, tomcat will use 50% of the system memory available (as defined in tomcat_java_heap_memory_percent). On our 16Gb machine, Tomcat tried to use 8Gb and failed. You can override this default by issuing:

zmlocalconfig -e tomcat_java_heap_memory_percent="6"

Where the 6 means 6% (983.04Mb in our case).

Tomcat/Java startup

If Tomcat doesn't start for you (ie running 'ps auxwf' doesnt show java running anything, and 'lsof -i' doesn't show anything listening on the :7071 port - the Zimbra admin interface port), then zmmta has failed to start. Check /opt/zimbra/apache-tomcat*/logs/catalina.out for errors. My most common one was finding that the IMAP and SMTP ports were already bound - by IMAP and SMTP running on the host of the vserver. (See notes at top of this section on binding daemons to single IPs). I am not quite sure why Tomcat is responsible for running the IMAP daemons, but it is.

Distro Specific Settings

Security limits (SuSE OSS 10.0 vserver)

Edit /etc/security/limits.conf and comment the last two lines - otherwise the su command won't work and the installation will fail.

# End of file
#zimbra soft nofile 10000
#zimbra hard nofile 10000

Rerun /opt/zimbra/libexec/zmsetup.pl to complete the setup.

Jump to: navigation, search