Zimbra - Clustering large deployment Mail Servers
Topology
secara garis besar seperti berikut:
- zimbra ldap
- zimbra mailbox
- zimbra mta (smtp out)
- zimbra smtp in
- zimbra proxy
pastikan disable firewalld, selinux, dan port 25 yg aktif
zimbra ldap
install zimbra ldap seperti berikut:
Select the packages to install
Install zimbra-ldap [Y] Y
Install zimbra-logger [Y] N
Install zimbra-mta [Y] N
Install zimbra-dnscache [N] N
Install zimbra-snmp [Y] Y
Install zimbra-store [Y] N
Install zimbra-apache [Y] N
Install zimbra-spell [Y] N
Install zimbra-memcached [Y] N
Install zimbra-proxy [Y] N
Checking required space for zimbra-core
Installing:
zimbra-core
zimbra-ldap
zimbra-snmp
The system will be modified. Continue? [N] Y
Beginning Installation - see /tmp/install.log.eDMCjVt8 for details...
langkah selanjutnya konfigurasi sesuai kebutuhan (host ldap, dll)
lalu setup logger:
# systemctl restart crond;systemctl enable crond;vim /etc/rsyslog.conf;systemctl restart rsyslog;systemctl enable rsyslog;/opt/zimbra/libexec/zmsyslogsetup
aktifkan di rsyslog.conf:
$ModLoad imudp
$UDPServerRun 514
masuk ke user zimbra. su - zimbra
su - zimbra
/opt/zimbra/libexec/zmsyslogsetup;systemctl restart rsyslog
zmupdateauthkeys
zimbra mailbox
Select the packages to install
Install zimbra-ldap [Y] N
Install zimbra-logger [Y] Y
Install zimbra-mta [Y] N
Install zimbra-dnscache [N] N
Install zimbra-snmp [Y] Y
Install zimbra-store [Y] Y
Install zimbra-apache [Y] Y
Install zimbra-spell [Y] Y
Install zimbra-memcached [Y] Y
Install zimbra-proxy [Y] N
Install zimbra-drive [Y] N
Install zimbra-imapd (BETA - for evaluation only) [N] N
Install zimbra-chat [Y] N
Checking required space for zimbra-core
Checking space for zimbra-store
Checking required packages for zimbra-store
zimbra-store package check complete.
Installing:
zimbra-core
zimbra-logger
zimbra-snmp
zimbra-store
zimbra-apache
zimbra-spell
zimbra-memcached
zimbra-patch
The system will be modified. Continue? [N] Y
Beginning Installation - see /tmp/install.log.GjIl8GY0 for details...
langkah selanjutnya konfigurasi sesuai kebutuhan (host ldap, dll). untuk mailbox2 bisa dilakukan dg cara yg sama, namun untuk create user admin ditiadakan.
lalu setup logger:
# systemctl restart crond;systemctl enable crond;vim /etc/rsyslog.conf;systemctl restart rsyslog;systemctl enable rsyslog;/opt/zimbra/libexec/zmsyslogsetup
aktifkan di rsyslog.conf:
$ModLoad imudp
$UDPServerRun 514
masuk ke user zimbra. su - zimbra
su - zimbra
/opt/zimbra/libexec/zmsyslogsetup;systemctl restart rsyslog
zmupdateauthkeys
zimbra mta
Select the packages to install
Install zimbra-ldap [Y] N
Install zimbra-logger [Y] N
Install zimbra-mta [Y] Y
Install zimbra-dnscache [Y] N
Install zimbra-snmp [Y] N
Install zimbra-store [Y] N
Install zimbra-apache [Y] N
Install zimbra-spell [Y] N
Install zimbra-memcached [Y] N
Install zimbra-proxy [Y] N
Checking required space for zimbra-core
Installing:
zimbra-core
zimbra-mta
zimbra-mta-patch
The system will be modified. Continue? [N] Y
Beginning Installation - see /tmp/install.log.r7icFuqX for details...
langkah selanjutnya konfigurasi sesuai kebutuhan (host ldap, dll)
lalu setup logger:
# systemctl restart crond;systemctl enable crond;vim /etc/rsyslog.conf;systemctl restart rsyslog;systemctl enable rsyslog;/opt/zimbra/libexec/zmsyslogsetup
aktifkan di rsyslog.conf:
$ModLoad imudp
$UDPServerRun 514
masuk ke user zimbra. su - zimbra
su - zimbra
/opt/zimbra/libexec/zmsyslogsetup;systemctl restart rsyslog
zmupdateauthkeys
zimbra smtp in
untuk ingoing smtp, lakukan hal sama seperti installasi zimbra mta. untuk service port selain 25 bisa dinonaktifkan.
zimbra Proxy
install zimbra proxy seperti berikut:
Select the packages to install
Install zimbra-ldap [Y] N
Install zimbra-logger [Y] N
Install zimbra-mta [Y] N
Install zimbra-dnscache [N] N
Install zimbra-snmp [Y] N
Install zimbra-store [Y] N
Install zimbra-apache [Y] N
Install zimbra-spell [Y] N
Install zimbra-memcached [Y] N
Install zimbra-proxy [Y] Y
Checking required space for zimbra-core
Installing:
zimbra-core
zimbra-proxy
zimbra-proxy-patch
The system will be modified. Continue? [N] Y
lalu setup logger:
# systemctl restart crond;systemctl enable crond;vim /etc/rsyslog.conf;systemctl restart rsyslog;systemctl enable rsyslog;/opt/zimbra/libexec/zmsyslogsetup
aktifkan di rsyslog.conf:
$ModLoad imudp
$UDPServerRun 514
masuk ke user zimbra. su - zimbra
su - zimbra
/opt/zimbra/libexec/zmsyslogsetup;systemctl restart rsyslog
zmupdateauthkeys
setup/enable zimbra proxy:
[zimbra@aptikalb1 ~]$ zmcontrol stop
[zimbra@aptikalb1 ~]$ /opt/zimbra/libexec/zmproxyconfig -e -w -C -H `zmhostname`
[zimbra@aptikalb1 ~]$ zmcontrol start
setelah semua vm terinstall (ldap,proxy, 2 mailbox, dan 1 mta), lakukan restart logger di semua vm:
# /opt/zimbra/libexec/zmsyslogsetup;systemctl restart rsyslog
# zmupdateauthkeys
Haproxy
Haproxy dalam kali ini digunakan untuk menerima dan menyeimbangkan traffic port 587 dan 465.
install haproxy:
# yum install haproxy
haproxy.cfg
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
defaults
timeout client 1m
log global
mode tcp
timeout server 1m
timeout connect 5s
## port 25
frontend smtp-25
bind *:25
default_backend backend-smtp-25
backend backend-smtp-25
server mail1 10.10.22.53:26 send-proxy
server mail2 10.10.22.55:26 send-proxy
## port 465
frontend smtp-465
bind *:467
default_backend backend-smtp-465
backend backend-smtp-465
server mail1 10.10.22.53:466 send-proxy
server mail2 10.10.22.55:466 send-proxy
## port 587
frontend smtp-587
bind *:589
default_backend backend-smtp-587
backend backend-smtp-587
server mail1 10.10.22.53:588 send-proxy
server mail2 10.10.22.54:588 send-proxy
restart haproxy:
service haproxy restart
edit zimbra conf postfix:
vi /opt/zimbra/common/conf/master.cf.in
26 inet n - n - 1 postscreen
-o postscreen_upstream_proxy_protocol=haproxy
466 inet n - n - - smtpd
%%uncomment SERVICE:opendkim%% -o content_filter=scan:[%%zimbraLocalBindAddress%%]:10030
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=
-o smtpd_data_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o syslog_name=postfix/smtps
-o milter_macro_daemon_name=ORIGINATING
-o smtpd_upstream_proxy_protocol=haproxy
%%uncomment LOCAL:postjournal_enabled%% -o smtpd_proxy_filter=[%%zimbraLocalBindAddress%%]:10027
%%uncomment LOCAL:postjournal_enabled%% -o smtpd_proxy_options=speed_adjust
588 inet n - n - - smtpd
%%uncomment SERVICE:opendkim%% -o content_filter=scan:[%%zimbraLocalBindAddress%%]:10030
-o smtpd_etrn_restrictions=reject
-o smtpd_sasl_auth_enable=%%zimbraMtaSaslAuthEnable%%
-o smtpd_tls_security_level=%%zimbraMtaTlsSecurityLevel%%
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_data_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o syslog_name=postfix/submission
-o milter_macro_daemon_name=ORIGINATING
-o smtpd_upstream_proxy_protocol=haproxy
%%uncomment LOCAL:postjournal_enabled%% -o smtpd_proxy_filter=[%%zimbraLocalBindAddress%%]:10027
%%uncomment LOCAL:postjournal_enabled%% -o smtpd_proxy_options=speed_adjust
restart zmmta:
zmmtactl restart
contoh konfigurasi hasil cluster/multi server zimbra:
10.10.22.51 zmproxy.local zmproxy
10.10.22.52 zmldap.local zmldap
10.10.22.53 zmmta.local zmmta smtp.out
10.10.22.54 lb.local (mta)
10.10.22.55 zmmta4.local zmmta4 smtp.out
10.10.22.56 zmmailbox2.local zmmailbox2
10.10.22.57 zmmailbox1.local zmmailbox1
10.10.22.62 zmmtain1.local zmmtain1
10.10.22.63 zmmtain2.local zmmtain2
untuk keperluan dns spoofing via /etc/nameservers, bisa menggunakan dnsmasq.
referensi:
http://linoxide.com/linux-how-to/howto-install-configure-zimbra-8-6-multi-server-centos-7/ https://computingforgeeks.com/zimbra-multi-server-installation-on-centos-7/