Installing Zimbra 5.0.9 NE on RHEL5/Centos
|This article applies to the following ZCS versions.|
This is an installation walkthrough for NE 5.0.9 on RHEL5.
(I'm actually doing it on CentOS 5.2, but that's supposed to be bug-for-bug compatible, and I'm told it will still be supported, as long as that specific point isn't what's breaking any given thing... I won't tell if you don't.)
I've stolen the excellent Ubuntu 6 walkthough, and I'll be modifying and expanding it as I go for the difference in OS -- which will be substantial, since Ubuntu is Debian based, instead of Red Hat based.
[ I think I'm done with this, but see also this forum posting, which goes into much more detail on the CentOS side (which I'd already completed when I started editing this. --baylink ]
The following guide is for installing ZCS 5.0 on RHEL/CentOS 5.2, where the server resides inside a DNAT firewall and so needs to be able to resolve DNS names to its own internal (private subnet) IP address rather than the public IP address that is published to the world. This is a setting where a firewall/router supplies the translation from the public IP to the DMZ IP (DNAT--Destination Network Address Translation) so that translation is not known to the server itself. This configuration is desirable for security, but it makes bits of the Zimbra configuration more complex than they might otherwise be.
For simplicity's sake, I'm referring to Zimbra's IP address as the "private IP address" from here on. By that I mean that the Zimbra box has only one IP address, it's on the private network, and can be seen by my all the machines on my LAN -- including the back side of the firewall/NAT router -- but not the public. When I say "public IP address" I'm not talking about another address on the Zimbra box, but rather the address that gets DNATed to my box and which is resolved by machines on the Internet at large.
The DNS issue discussed throughout this thread is PARAMOUNT! If you don't have your DNS working properly, don't even bother trying to install Zimbra, because trying to fix DNS after the fact may result in an install that can do everything except send mail--even from a Zimbra user to himself! So I'll say it again:
If you can't resolve your mailserver's own private IP address (NOT the public IP) using dig, fix it BEFORE you install Zimbra!
$ dig -t mx domain.com
should return an ANSWER section that has a line ending in the internal DNS name of your mailserver, and if you
$ dig thatfqdn.com
you should in turn get back an ANSWER section which has the private IP address of that machine... all these commands being executed on that machine -- the Zimbra server (the mta server, if you're building a cluster).
I installed from the CentOS 5.2 DVD installation.
1) The installation defaults to configuring your LAN via DHCP. When asked, manually configure it with a static IP address, netmask, and gateway.
You will need to make sure that the mta server can resolve those two addresses mentioned above properly. Since one is an MX record, you can't do this using /etc/hosts; you will need to do one of:
- set up an internal DNS server for the zone, that forwards to your external resolvers
- set up your edge zone/resolver servers to do split-horizon DNS
- set up a DNS zone server on the mta server itself
In my case, I was already running split-horizon DNS, so that's the approach I will describe here; for the "DNS server on the mta server" approach, see the original Ubuntu writeup. (It is unreasonably difficult to find information on how to run split-horizon DNS; there's some good material on that and many other DNS issues here.)
2) Check /etc/resolv.conf and make sure it looks like this:
The IP address here should be the private ip address of your split-horizon DNS server.
3) Now reboot the machine (restarting bind wasn't enough to work for me) and try to resolve your mail server.
If it returns your public IP address, your internal DNS is not working. If things are configured correctly it'll return the internal address.
Before you get to the install you also need to modify your /etc/hosts file. There are two possible structures. If you are using 4.5.7 or later (and we are), do it right:
127.0.0.1 localhost.localdomain localhost 10.3.2.244 mail.tractor-equip.net mail
There is a bug in 4.5.6 that required a nonstandard hosts setup to get the install to work. Most users will (obviously) be installing the latest release, but if for any reason you're installing 4.5.6 use the following format:
127.0.0.1 localhost xxx.xxx.xxx.xxx hostname.mydomain.com mydomain.com mail
ONLY IF this is working, it's now time to update your packages and install Zimbra.
The install has several dependencies, and the easiest way to make sure you've fulfilled all of them is just to run the install and watch.
Get a trial license, if you haven't already, and either way, download the proper installer file. Pay attention to which processor type you need, and note that since you're installing NE, you expect support -- you need to make sure you're on a supported OS. In particular (I'm a SuSE guy), OpenSUSE is not supported at all; you have to use SLES. CentOS is supported as an RHEL derivative on a best effort basis, I'm told, since it's supposed to be identical except for the pictures.
So grab the tarball -- it's big, close to 300MB, and will take some time to get -- and unpack it:
tar xvfz $TARBALL
It will create a directory named similarly to the tarfile itself, with the install inside it; we'll call this the unpack directory.
cd to that directory, and
It's not going to work the first time, but it'll give you a list of missing dependencies. Write down all the package names it says are missing. Your list may be slightly different than mine, but whatever it is, Zimbra won't tell you that you also need perl, so be sure and load it too. (And be careful; there are some recently discovered problems with some builds of perl 5.8, notably from RedHat). Just separate each package name with a space like this:
yum install libidn11 curl fetchmail libpcre3 libgmp3c2 libxml2 libstdc++6 openssl perl sysstat
Now re-run your Zimbra install and accept all the defaults except:
When it asks you for your domain, it's going to have the fully-qualified domain name of the mail machine you're installing on (hostname.mydomain.com) rather than just the domain, and probably complain about not finding an MX record. Change the hostname to just mydomain.com and it'll find the names through nslookup, and it'll be happy. The rest of the install should proceed without errors, except for asking you to set your administrative user's password (option 6 and then 4).
Finally, when the install is done and it has given you the last "Press Enter to finish" you need to turn on crontab for the user zimbra or your logs won't work.
crontab -u zimbra -l
Now reboot the system, and when it comes back up,give it a couple minutes to start the rest of the Zimbra processes. If your installation is successful, you can go to https://xxx.xxx.xxx.xxx:7071 (your internal ip address again) to get the administrative console, or http://xxx.xxx.xxx.xxx to log in as a user.
Congratulations--one shiny new Zimbra installation on RHEL/CentOS!
Directory Permissions on /tmp
It is possible if the /tmp directory does not have the correct permissions it could hinder your efforts to install ZCS.
Make sure the /tmp directory has the following permissions.
drwxrwxrwt root root /tmp
If your /tmp permissions do not match the above, run the following commands as root:
# chown root:root /tmp **Optional, good chance /tmp is already owned by root** # chmod 777 /tmp # chmod +t /tmp
The t in the end of the permissions is called the sticky bit. It replaces the x and indicates that in this directory files can only be deleted by their owners, the owner of the directory, or the root superuser. This way it is not enough for a user to have write permission on /tmp -- he also needs to be the owner of the file to be able to delete it.
Sending Mail from Terminal
In some situations, it is necessary for monitoring scripts or cron jobs to send mail to users on the system. On any Unix installations, this is done with the 'mail' command. The default Ubuntu installation described here will not include this command. Installing the mailx package to add mail will also cause Ubuntu to add a Mail Transport Agent application to handle mail delivery. This is not a problem if there is no Zimbra Postfix MTA running on your system, but if one is present then the new MTA could interfere with the Zimbra MTA and will disrupt mail routing. To safely add 'mail' and the associated package, you will need to do the following:
wget http://ubuntu.lnix.net/misc/mta-dummy/mta-dummy_1.0_all.deb dpkg -i mta-dummy_1.0_all.deb apt-get install mailx Add the following to /etc/mail.rc: set sendmail=/opt/zimbra/postfix/sbin/sendmail
When this is done, test it by running:
Enter a subject and body, using '.' on a blank line to end the message. When you have sent it, check /var/log/zimbra.log to confirm that the message has been processed correctly.
If you have a multi-node Zimbra system and the server you are installing mailx on does not run an MTA, you can let it install Postfix, and during configuration specify a dedicated relay server, which you should set to one of your existing Zimbra MTA hosts.