License

CC BY-SA Synacor, Inc., 2016-2020

© 2016-2020 by Synacor, Inc. Zimbra Collaboration Multi-Server Installation Guide

This work is licensed under the Creative Commons Attribution-ShareAlike 4.0 International License unless another license agreement between you and Synacor, Inc. provides otherwise. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/4.0 or send a letter to Creative Commons, PO Box 1866, Mountain View, CA 94042, USA.

Synacor, Inc., 2020
40 La Riviere Drive, Suite 300
Buffalo, New York 14202

Introduction

Information in this guide is intended for people responsible for installing Zimbra Collaboration {peoduct-version}. This guide will help you plan and perform all installation procedures necessary to deploy a fully functioning email system based on Zimbra Collaboration’s messaging technology.

Audience

This installation guide assumes you have a thorough understanding of system administration concepts and tasks and are familiar with email communication standards, security concepts, directory services, and database management.

Zimbra Collaboration 9.0.0 License

A Zimbra Collaboration license is required in order to create accounts. When you purchase, renew, or change the Zimbra Collaboration license, you update the Zimbra 9 server with the new license information. For more information about licenses, see Zimbra Collaboration License Requirements

If you do not have a license, go to Zimbra 9’s website https://www.zimbra.com to obtain a license from the Network Downloads area.

For More Information

Zimbra Collaboration documentation, including a readme text file, the administrator guide, and other Zimbra 9 guides are copied to the servers during the installation. The major documentation types are listed below. You can access all the documents on the Zimbra 9 website, https://www.zimbra.com and from the administration console, Help Desk page.

Administrator Guide

This guide describes product architecture, server functionality, administration tasks, configuration options, and backup and restore procedures.

Administrator Help

The administrator Help provides instructions about how to add and maintain your servers, domains, and user accounts from the admin console.

Web Client Help

The Web Client Help provides instructions on how to use the Zimbra 9 Web Client features.

Migration Wizard Guides

These guides describe how to migrate users that are on Microsoft Exchange or Lotus Domino systems to the Zimbra Collaboration 9.0.0.

Support and Contact Information

  • Contact Zimbra 9 Sales to purchase Zimbra Collaboration 9.0.0.

  • Zimbra Collaboration customers can contact support at support@zimbra.com.

  • Explore the Zimbra 9 Forums for answers to installation or configuration problems.

  • Join the Zimbra 9 Community Forum, to participate and learn more about Zimbra Collaboration.

  • Send an email to feedback@zimbra.com to let us know what you like about the product and what you would like to see in the product. If you prefer, post your ideas to the Zimbra 9 Forum.

Zimbra 9 Port Mapping

External access

These are ports typically available to mail clients.

Port

Protocol

Zimbra 9 Service

Description

25

smtp

mta

incoming mail to postfix

80

http

mailbox / proxy

web mail client (disabled by default in 8.0)

110

pop3

mailbox / proxy

POP3

143

imap

mailbox / proxy

IMAP

443

https

mailbox / proxy - web mail client

HTTP over TLS

465

smtps

mta

Incoming mail to postfix over TLS (Legacy Outlook only. If possible, use 587 instead)

587

smtp

mta

Mail submission over TLS

993

imaps

mailbox / proxy

IMAP over TLS

995

pop3s

mailbox / proxy

POP3 over TLS

3443

https

proxy

User Certificate Connection Port (optional)

5222

xmpp

mailbox

Default server port

5223

xmpp

mailbox

Default legacy SSL port

9071

https

proxy admin console

HTTP over TLS (optional)

Internal access

These are ports typically only used by the Zimbra 9 system itself.

Port

Protocol

Zimbra 9 Service

Description

389

ldap

ldap

LC(ldap_bind_url)

636

ldaps

ldaps

if enabled via LC(ldap_bind_url)

3310

-

mta/clamd

zimbraClamAVBindAddress

5269

xmpp

mailbox

Server-to-Server communications between servers on the same cluster.

7025

lmtp

mailbox

local mail delivery; zimbraLmtpBindAddress

7026

milter

mailbox

zimbra-milter; zimbraMilterBindAddress

7047

http

conversion server

Accessed by localhost by default; binds to '*'

7071

https

mailbox

admin console HTTP over TLS; zimbraAdminBindAddress

7072

http

mailbox

Zimbra 9 nginx lookup - backend http service for nginx lookup/authentication

7073

http

mailbox

Zimbra 9 saslauthd lookup - backend http service for SASL lookup/authentication (added in Zimbra Collaboration 8.7)

7110

pop3

mailbox

Backend POP3 (if proxy configured); zimbraPop3BindAddress

7143

imap

mailbox

Backend IMAP (if proxy configured); zimbraImapBindAddress

7171

-

zmconfigd

configuration daemon; localhost

7306

mysql

mailbox

LC(mysql_bind_address); localhost

7307

mysql

logger

logger (removed in Zimbra Collaboration 7)

7780

http

mailbox

spell check

7993

imaps

mailbox

Backend IMAP over TLS (if proxy configured); zimbraImapSSLBindAddress

7995

pop3s

mailbox

Backend POP3 over TLS (if proxy configured); zimbraPop3SSLBindAddress

8080

http

mailbox

Backend HTTP (if proxy configured on same host); zimbraMailBindAddress

8443

https

mailbox

Backend HTTPS (if proxy configured on same host); zimbraMailSSLBindAddress

8465

milter

mta/opendkim

OpenDKIM milter service; localhost

8735

zextras

mailbox

internal mailbox to mailbox communication.

8736

zextras

mailbox

distributed configuration

10024

smtp

mta/amavisd

to amavis from postfix; localhost

10025

smtp

mta/master

opendkim; localhost

10026

smtp

mta/amavisd

"ORIGINATING" policy; localhost

10027

smtp

mta/master

postjournal

10028

smtp

mta/master

content_filter=scan via opendkim; localhost

10029

smtp

mta/master

"postfix/archive"; localhost

10030

smtp

mta/master

10032; localhost

10031

milter

mta/cbpolicyd

cluebringer policyd

10032

smtp

mta/amavisd

(antispam) "ORIGINATING_POST" policy

10663

-

logger

LC(logger_zmrrdfetch_port); localhost

23232

-

mta/amavisd

amavis-services / msg-forwarder (zeromq); localhost

23233

-

mta/amavisd

snmp-responder; localhost

11211

memcached

memcached

nginx route lookups, mbox cache (calendar, folders, sync, tags); zimbraMemcachedBindAddress

System Access and Intra-Node Communication

In a multi-node environment the typical communication between nodes required includes:

Destination

Source(s)

Description

ALL

22

ALL

SSH (system & zmrcd): host management

udp/53

ALL

DNS (system ¦ dnscache): name resolution

Logger

udp/514

ALL

syslog: system and application logging

LDAP

389

ALL

all nodes talk to LDAP server(s)

MTA

25

ldap

sent email (cron jobs)

25

mbox

sent email (web client, cron, etc.)

antivirus

3310

mbox

zimbraAttachmentsScanURL (not set by default)

memcached

11211

mbox

mbox metadata data cache

11211

proxy

backend mailbox route cache

Mailbox (mbox)

80

proxy

backend proxy http

110

proxy

backend proxy pop3

143

proxy

backend proxy imap

443

proxy

backend proxy https

993

proxy

backend proxy imaps

995

proxy

backend proxy pop3s

7025

mta

all mta talk to any mbox (LMTP)

7047

mbox

localhost by default; zimbraConvertdURL

7071

mbox

all mbox talk to any mbox (Admin)

7072

proxy

zmlookup; zimbraReverseProxyLookupTarget

7073

mta

sasl auth; zimbraMtaAuthTarget (since Zimbra Collaboration 8.7)

You cannot have any other web server, database, LDAP, or MTA server running, when you install Zimbra Collaboration. If you have installed any of those applications before you install Zimbra 9 software, disable them. During Zimbra Collaboration installation, Zimbra 9 makes global system changes that may break applications that are on your server.

Planning for the Installation

This chapter describes the components that are installed and reviews the configuration options that you can make when installing Zimbra Collaboration.

Zimbra 9 Application Packages

Zimbra 9 architecture includes open-source integrations using industry-standard protocols. The third-party software has been tested and configured to work with the Zimbra 9 software.

The following describes the Zimbra Collaboration application packages that are installed.

Zimbra 9 Core

This package includes the libraries, utilities, monitoring tools, and basic configuration files. Zimbra 9 Core is automatically installed on each server.

Zimbra 9 LDAP

User authentication is provided through OpenLDAP® software. Each account on the Zimbra server has a unique mailbox ID that is the primary point of reference to identify the account. The OpenLDAP schema has been customized for Zimbra Collaboration.

The Zimbra 9 LDAP server must be configured before any other servers.

You can set up LDAP replication, configuring a master LDAP server and replica LDAP servers.

Zimbra 9 Store

This package includes the components for the mailbox server, including Jetty, which is the servlet container the Zimbra 9 software runs within. The Zimbra 9 mailbox server includes the following components:

Data store

The data store is a MariaDB® database.

Message store

The message store is where all email messages and file attachments reside.

Index store

Index and search technology is provided through Lucene. Index files are maintained for each mailbox.

Web application services

The Jetty web application server runs web applications (webapps) on any store server. It provides one or more web application services.

Zimbra 9 MTA

Postfix is the open source mail transfer agent (MTA) that receives email via SMTP and routes each message to the appropriate Zimbra 9 mailbox server using Local Mail Transfer Protocol (LMTP). The Zimbra 9 MTA also includes anti-virus and anti-spam components.

Zimbra 9 Proxy

Zimbra 9 Proxy is a high-performance reverse proxy service for passing IMAP[S]/POP[S]/HTTP[S] client requests to other internal Zimbra Collaboration services using nginx. This package is normally installed on the MTA server(s) or on its own independent server(s). When the zimbra-proxy package is installed, the proxy feature is enabled by default.

Installing the Zimbra 9 Proxy is required as of Zimbra Collaboration 8.7.
By default Zimbra 9 Proxy is configured to perform strict server name enforcement of the HTTP 'Host' header sent by clients for new installs. Strict server name enforcement may be disabled during the post-install configuration process in the Zimbra 9 Proxy configuration section or using the zimbraReverseProxyStrictServerNameEnabled configuration option. Please see the Zimbra 9 Proxy section of the administration guide for more details.
Zimbra 9 Modern Web App

This package includes the assets of the Zimbra 9 Modern Web App. This package is automatically installed on each server.

Zimbra 9 Memcached

This package is automatically selected when the Zimbra 9-Proxy package is installed and provides access to Memcached.

At least one server must run zimbra-memcached when the Zimbra 9 Proxy service is in use. You can use a single memcached server with one or more Zimbra 9 proxies.
Zimbra 9 SNMP

Installing this package is optional.

If you choose to install Zimbra 9-SNMP for monitoring, this package should be installed on every Zimbra 9 server.
Zimbra 9 Logger

Installing this package is optional. It is installed on one mailbox server. It provides tools for syslog aggregation and reporting.

  • If you do not install Zimbra 9 Logger, the server statistics section of the administration console will not display.

  • The Zimbra 9 Logger package must be installed at the same time as the Zimbra 9 Store package.

Zimbra 9 Spell

This package is optional. It provides the open source spell checker Aspell used by the Zimbra 9’s web app.

Zimbra 9 Apache

This package is installed automatically when Zimbra 9 Spell or Zimbra 9 Convertd is installed.

Zimbra 9 Convertd

This package should be installed on at least one Zimbra 9-Store server. Only one Zimbra 9-Convertd package needs to be present in the Zimbra Collaboration environment. The default is to install one Zimbra 9-Convertd on each Zimbra 9-Store server.

Zimbra 9 Archiving

The Zimbra 9 Archiving and Discovery feature is an optional feature for Zimbra Collaboration. Archiving and Discovery offers the ability to store and search all messages that were delivered to or sent by Zimbra Collaboration. This package includes the cross mailbox search function which can be used for both live and archive mailbox searches.

Using Archiving and Discovery can trigger additional mailbox license usage. To find out more about Zimbra 9 Archiving and Discovery, please refer to Zimbra Collaboration Administration Guide.
Zimbra 9 Drive

Installing this package is optional.This package should be installed on at least one Zimbra 9-Store server. Zimbra 9 Drive is marked as GA and supported starting Zimbra Collaboration 8.8.

The Zimbra 9 server configuration is menu driven. The installation menu shows you the default configuration values. The menu displays the logical host name and email domain name [mailhost.example.com] as configured on the computer. You can change any of the values. For single server installs, you must define the administrator’s password, which you use to log on to the administration console, and you specify the location of the Zimbra 9 license xml file.

Configuration Examples

Zimbra Collaboration can be easily scaled for any size of email environment, from very small businesses with fewer than 25 email accounts to large businesses with thousands of email accounts. Contact Zimbra Sales for more information about setting up your environment.

Downloading the Zimbra Software

For the latest Zimbra Collaboration software download, go to https://www.zimbra.com/downloads/. Save the Zimbra Collaboration download file to the computer from which you will install the software.

When Zimbra Collaboration is installed, the following Zimbra applications are saved to the Zimbra server.

You can access these download files from your Administration Console
Tools and Migration > Download page.

Instruction guides are available from the Help Center page or from https://www.zimbra.com/support/.

Zimbra 9 Licensing

A Zimbra Collaboration license is required in order to create accounts. When you purchase, renew, or change the Zimbra Collaboration license, you update the Zimbra 9 server with the new license information.

License Types

Zimbra Collaboration licensing gives administrators visibility and control of the licensed features they plan to deploy. You can monitor usages and manage the following license types.

License limitations To set maximum number of…​

Accounts limit

Accounts you can create.

MAPI accounts limit

Accounts that can use Zimbra 9 Connector for Microsoft Outlook (ZCO).

Exchange web services (EWS) accounts limit

Accounts that can use EWS for connecting to an Exchange server. EWS is a separately licensed add-on feature.

High-fidelity document preview

Accounts that can use the High-Fidelity document preview facility. LibreOffice installation is required.

Archiving accounts limit

Allowed archive accounts. The archive feature installation is required.

Zimbra 9 License Requirements

You require a Zimbra 9’s license to create accounts in Zimbra Collaboration and to use the Modern Web App.

To try out Zimbra Collaboration, you can obtain trial versions free of charge. Once your system is installed in a production environment, you will need to purchase a subscription or a perpetual license.

License Types Description

Trial

You can obtain a free Trial license from the Zimbra website, at https://www.zimbra.com. The trial license allows you to create up to 50 users. It expires in 60 days.

Trial extended

You can obtain a Trial Extended license from Zimbra Sales by contacting sales@zimbra.com or calling 1-972-407-0688. This license allows you to create up to 50 users and is valid for an extended period of time.

Subscription

A Zimbra 9 Subscription license can only be obtained through purchase. This license is valid for a specific Zimbra Collaboration system, is encrypted with the number of Zimbra 9 accounts (seats) you have purchased, the effective date, and the expiration date of the subscription license.

Perpetual

A Zimbra 9 Perpetual license can only be obtained through purchase. This license is similar to a subscription license. It is valid for a specific Zimbra Collaboration system, is encrypted with the number of Zimbra 9 accounts (seats) you have purchased, the effective date, and an expiration date of 2099-12-31. When you renew your support agreement, you receive no new perpetual license, but your Account record in the system gets updated with your new support end date.

License Usage by Zimbra Collaboration Account Type

An account assigned to a person, including an account created for archiving, requires a mailbox license. Distribution lists, aliases, locations, and resources do not count against the license.

Below is a description of types of Zimbra Collaboration accounts and if they impact your license limit.

License Account Type Description

System account

System accounts are specific accounts used by Zimbra Collaboration. They include the spam filter accounts for junk mail (spam and ham), the virus quarantine account for email messages with viruses, and the GALsync account if you configure GAL for your domain.

Do not delete these accounts! These accounts do not count against your license.

Administrator account

Administrator and delegated administrator accounts count against your license.

User account

User accounts count against your license account limit.

When you delete an account, the license account limit reflects the change.

Alias account

These types do not count against your license.

Distribution list

Resource account

License Activation

All Zimbra Collaboration 9.0.0 installations require license activation. New installations have a 10 day grace period from the license issue date before requiring activation. You can activate your license from the Administration Console.

Admin Console:

Home → Configure → Global Settings → License, from the Gear icon select Activate License

You can also activate your license from the command line interface.

Upgraded Zimbra Collaboration versions require an immediate activation to maintain network feature functionality.

Automatic License Activation

Licenses are automatically activated if the Zimbra Collaboration server has a connection to the Internet and can communicate with the Zimbra 9 License server. If you are unable to activate your license automatically, see the next section on Manual License Activation.

Manual License Activation

For systems that do not have external access to the Zimbra 9 License server, you can use the Zimbra 9 Support Portal to activate your license manually. Go to the Zimbra website at https://www.zimbra.com and click on Support to display the Zimbra 9 Technical Support page. Click on the Support Portal Login button to display the Zimbra 9 Support Portal page. Enter your email and password to log in.

If you have problems accessing the Support Portal, contact Zimbra Sales at sales@zimbra.com or by calling 1-972-407-0688.

When Licenses are not Installed or Activated

If you fail to install or activate your Zimbra Collaboration server license, the following scenarios describe how your Zimbra Collaboration server will be impacted.

License Condition Description/Impact

Not installed

With no installed license, the Zimbra Collaboration server defaults to single user mode where all license-limited features are limited to one user.

Not valid

If the license file appears forged or fails validation for other reasons, the Zimbra Collaboration server defaults to single-user mode.

Not activated

A license activation grace period is 10 days. If this period passes without activation, the Zimbra Collaboration server defaults to single-user mode.

For future date

If the license starting date is in the future, the Zimbra Collaboration server defaults to single-user mode.

In grace period

If the license ending date has passed and is within the 30 day grace period, all license-limited features are still enabled, but administrators may see license renewal prompts.

Expired

Zimbra 9 does not include a FOSS binary release; therefore, there is no mechanism to fallback to FOSS. If the license ending date has passed, the 30 day grace period has expired, and users decide not to obtain a new license, they can resolve these issues by building the Zimbra 9 binaries and installing them on top of their existing Zimbra 9 system.

Obtaining a License

Go to the Zimbra Website https://www.zimbra.com to obtain a trial license from the Network Downloads area. Contact Zimbra sales regarding a trial extended license, or to purchase a subscription license or perpetual license, by emailing sales@zimbra.com or calling 1-972-407-0688.

The subscription and perpetual license can only install on the Zimbra Collaboration system identified during purchase. Only one Zimbra 9 license is required for your Zimbra Collaboration environment. This license sets the maximum number of accounts on the system.

Current license information, including the number of accounts purchased, the number of accounts used, and the expiration date, can be viewed in the Admin Console.

Admin Console:

Home → Configure → Global Settings → License.

License Reconciliation and Data Collection Notice

By consenting to the End-User License Agreement, you grant Synacor Inc. and its certain licensees, permission to collect licensing and non-personally-identifiable usage data from your Zimbra Collaboration server.

During installation, upgrades, and periodically while in use, the Zimbra Collaboration server transmits information for reconciliation of billing and license data.

Permission for this data collection is granted under sections 11.4 and 11.6 of the End User License Agreement for Zimbra Collaboration. Copies of the license can be found at https://www.zimbra.com/legal/licensing/.

The data that is being collected consists of elements of the current license information and is governed by Synacor’s Privacy Policy, which can be found at https://www.synacor.com/privacy-policy/.

This data is being furnished to Synacor’s licensor, ZeXtras, for the purposes of license reconciliation and is therefore also governed by the ZeXtras Privacy Policy, which can be found at https://www.zextras.com/privacy-legal/.

The default configuration installs Zimbra 9-LDAP, Zimbra 9-MTA with anti-virus and anti-spam protection, the Zimbra 9 mailbox server, SNMP monitoring tools (optional), Zimbra 9-spell (optional), the logger tool (optional), and the Zimbra 9 proxy on one server.

The menu driven installation displays the components and their existing default values. You can modify the information during the installation process. The table below describes the menu options.

Server Configured Menu Item Description

Main Menu

All

Common Configuration

Select the sub-menu for Common Configuration Options

zimbra-ldap

Select the sub-menu for Ldap configuration

zimbra-logger

Toggle whether zimbra-logger is enabled or not.

zimbra-mta

Select the sub-menu for Mta configuration. Postfix is the open source mail transfer agent (MTA) that receives email via SMTP and routes each message to the appropriate Zimbra mailbox server using Local Mail Transfer Protocol (LMTP). The Zimbra MTA also includes the anti-virus and anti-spam components.

zimbra-dnscache

Select the sub-menu for DNS Cache. Intended primarily on MTAs for optimized DNS and RBL lookups. Can also be installed on mailstores and proxy servers.

zimbra-snmp

Select the sub-menu for Snmp configuration. Installing the Zimbra-SNMP package is optional. If you choose to install Zimbra-SNMP for monitoring, the package should be run on every server (Zimbra server, Zimbra LDAP, Zimbra MTA) that is part of the Zimbra configuration. Zimbra uses swatch to watch the syslog output to generate SNMP traps.

zimbra-store

Select the sub-menu for Store configuration

zimbra-spell

Toggle whether zimbra-spell is enabled or not.

zimbra-convertd

Toggle whether zimbra-convertd is enabled or not - defaults to yes
The default is to install one zimbra-convertd on each zimbra-store server. But only one zimbra-convertd needs to be present in a deployment depending on size of Zimbra 9 environment.

zimbra-proxy

Select the sub-menu for Proxy configuration

zimbra-connect

Installing the Zimbra-Connect package is optional. If you choose to install Zimbra-Connect for point-to-point text chat, it should be installed on every Zimbra Store Server that is part of the Zimbra configuration.

zimbra-drive

Installing the Zimbra-Drive package is optional. If you choose to install Zimbra-Drive for file sync-and-share, it should be installed on every Zimbra Store Server that is part of the Zimbra configuration. Please bear in mind you will need a third party server running ownCloud or Nextcloud.

Enable VMware HA

Toggle whether VMware HA is enabled or not - defaults to no
VMware HA Clustering Heartbeat is only available when running within a virtual machine running vmware-tools.

Default Class of Service Configuration

This menu section lists major new features for the Zimbra Collaboration release and whether the feature is enabled or not. When you change the feature setting during Zimbra Collaboration installation, you change the default COS settings. Having this control, lets you decide when to introduce new features to your users.

Enable default backup schedule

Toggle whether VMware HA is enabled or not - defaults to yes
The Zimbra Archiving and Discovery package is an optional feature for Zimbra. Archiving and Discovery offers the ability to store and search all messages that were delivered to or sent by Zimbra. This package includes the cross mailbox search function which can be used for both live and archive mailbox searches.

s) Save config to file

At any time during the installation, you can save the configuration to file.

c) Collapse menu

Allows you to collapse the menu.

x) Expand menu

Expand menus to see the underlying options

q) Quit

Quit can be used at any time to quit the installation.

Common Configuration Options

The packages installed in common configuration include libraries, utilities, monitoring tools, and basic configuration files under Zimbra Core.

Server Configured Menu Item Description

Common Configuration - These are common settings for all servers

All

Hostname

The host name configured in the operating system installation

LDAP master host

The LDAP host name. On a single server installation, this name is the same as the hostname. On a multi server installation, this LDAP host name is configured on every server

LDAP port

The default port is 389

LDAP Admin password

This is the master LDAP password. This is the password for the Zimbra admin user and is configured on every server

All except Zimbra LDAP Server

LDAP Base DN

The base DN describes where to load users and groups. In LDAP form, it is cn=Users. Default is cn=zimbra.

All

Secure interprocess communications

The default is yes. Secure interprocess communications requires that connections between the mail store, and other processes that use Java, use secure communications. It also specifies whether secure communications should be used between the master LDAP server and the replica LDAP servers for replication.

Time Zone

Select the time zone to apply to the default COS. The time zone that should be entered is the time zone that the majority of users in the COS will be located in. The default time zone is PST (Pacific Time).

IP Mode

IPv4 or IPv6.

Default SSL digest

Sets the default message digest to use when generating certificate. Defaults is sha256.

Ldap configuration
Server Configured Menu Item Description

zimbra-ldap - These options are configured on the Zimbra LDAP server.

Zimbra LDAP Server

Status

The default is Enabled. For replica LDAP servers, the status can be changed to Disabled if the database is manually loaded after installation completes.

Create Domain

The default is yes. You can create one domain during installation. Additional domains can be created from the administration console.

Domain to create

The default domain is the fully qualified hostname of the server. If you created a valid mail domain on your DNS server, enter it here.

LDAP Root password

By default, this password is automatically generated and is used for internal LDAP operations.

LDAP Replication password

This is the password used by the LDAP replication user to identify itself to the LDAP master and must be the same as the password on the LDAP master server.

LDAP Postfix password

This is the password used by the postfix user to identify itself to the LDAP server and must be configured on the MTA server to be the same as the password on the LDAP master server.

LDAP Amavis password

This password is automatically generated and is the password used by the amavis user to identify itself to the LDAP server and must be the same password on the LDAP master server and on the MTA server.

LDAP Nginx password

This password is automatically generated and is used by the nginx user to identify itself to the LDAP server and must be the same password on the LDAP master server and on the MTA server. NOTE: This option is displayed only if the zimbra-proxy package is installed.

LDAP Bes Searcher password

This password is automatically generated and is used by the ldap BES user.

Zimbra Logger
Server Configured Menu Item Description

Zimbra mailbox server

zimbra-logger

The Logger package is installed on one mail server. If installed, it is automatically enabled. Logs from all the hosts are sent to the mailbox server where the logger package is installed. This data is used for generating statistics graphs and reporting and for message tracing.

MTA Server Configuration Options

Zimbra MTA server configuration involves installation of the Zimbra-MTA package. This also includes anti-virus and anti-spam components.

Server Configured Menu Item Description

zimbra-mta

Zimbra MTA Server

MTA Auth host

This is configured automatically if the MTA authentication server host is on the same server, but must be configured if the authentication server is not on the MTA. The MTA Auth host must be one of the mailbox servers.

Enable Spamassassin

Default is enabled.

Enable ClamAV

Default is enabled. To configure attachment scanning, see Scanning Attachments in Outgoing Mail

Notification address for AV alerts

Sets the notification address for AV alerts. You can either accept the default or create a new address. If you create a new address, remember to provision this address from the admin console. NOTE: If the virus notification address does not exist and your host name is the same as the domain name on the Zimbra server, the virus notifications remain queued in the Zimbra MTA server cannot be delivered.

Bind password for Postfix LDAP user

Automatically set. This is the password used by the postfix user to identify itself to the LDAP server and must be configured on the MTA server to be the same as the password on the LDAP master server.

Bind password for Amavis LDAP user

Automatically set. This is the password used by the amavis user to identify itself to the LDAP server and must be configured on the MTA server to be the same as the amavis password on the master LDAP server.

New installs of Zimbra 9 limit spam/ham training to the first MTA installed. If you uninstall or move this MTA, you will need to enable spam/ham training on another MTA, as one host should have this enabled to run zmtrainsa --cleanup. To do this on that host, do:
zmlocalconfig -e zmtrainsa_cleanup_host=TRUE
DNS Cache
Server Configured Menu Item Description

zimbra-dnscache (optional)

Zimbra mailbox server

Master DNS IP address(es)

IP addresses of DNS servers

Enable DNS lookups over TCP

yes or no

Enable DNS lookups over UDP

yes or no

Only allow TCP to communicate with Master DNS

yes or no

Snmp configuration
Server Configured Menu Item Description

zimbra-snmp (optional)

All

Enable SNMP notifications

The default is yes.

SNMP Trap hostname

The hostname of the SNMP Trap destination

Enable SMTP notification

The default is yes.

SMTP Source email address

From address to use in email notifications

SMTP Destination email address

To address to use in email notifications

Store configuration
zimbra-store

Zimbra Mailbox Server

Create Admin User

Yes or No. The administrator account is created during installation. This account is the first account provisioned on the Zimbra 9 server and allows you to log on to the administration console.

Admin user to create

The user name assigned to the administrator account. Once the administrator account has been created, it is suggested that you do not rename the account as automatic Zimbra Collaboration notifications might not be received.

Admin Password

You must set the admin account password. The password is case sensitive and must be a minimum of six characters. The administrator name, mail address, and password are required to log in to the administration console.

Anti-virus quarantine user

A virus quarantine account is automatically created during installation. When AmavisD identifies an email message with a virus, the email is automatically sent to this mailbox. The virus quarantine mailbox is configured to delete messages older than 7 days.

Enable automated spam training

Yes or No. By default, the automated spam training filter is enabled and two mail accounts are created - one for the Spam Training User and one for the Non-spam (HAM) Training User. See the next 2 menu items which will be shown if spam training is enabled.
These addresses are automatically configured to work with the spam training filter. The accounts created have randomly selected names. To recognize what the accounts are used for, you may want to change their names.
The spam training filter is automatically added to the cron table and runs daily.

Spam Training User

to receive mail notification about mail that was not marked as junk, but should have been.

Non-spam (HAM) Training User

to receive mail notification about mail that was marked as junk, but should not have been.

The default port configurations are shown

Zimbra Mailbox Server

SMTP host

Defaults to current server name

Web server HTTP port:

default 80

Web server HTTPS port:

default 443

Web server mode

Can be HTTP, HTTPS, Mixed, Both or Redirect.

  • Mixed mode uses HTTPS for logging in and HTTP for normal session traffic

  • Both mode means that an HTTP session stays HTTP, including during the login phase, and an HTTPS session remains HTTPS throughout, including the login phase.

  • Redirect mode redirects any users connecting via HTTP to an HTTPS connection.

  • All modes use SSL encryption for back-end administrative traffic.

IMAP server port

default 143

IMAP server SSL port

default 993

POP server port

default 110

POP server SSL port

default 995

Use spell checker server

default Yes (if installed)

Spell server URL

http://<example.com>:7780/aspell.php

If either or both of these next 2 options are changed to TRUE, the proxy setting on the mailbox store are enabled in preparation for setting up zimbra-proxy.

Zimbra Mailbox Server

*Configure for use with mail proxy.

default FALSE

*Configure for use with web proxy.

default FALSE

Enable version update checks.

Zimbra Collaboration automatically checks to see if a new Zimbra Collaboration update is available. The default is TRUE.

Enable version update notifications.

This enables automatic notification when updates are available when this is set to TRUE.
NOTE: The software update information can be viewed from the Administration Console Tools Overview pane.

Version update notification email.

This is the email address of the account to be notified when updates are available. The default is to send the notification to the admin’s account.

Version update source email.

This is the email address of the account that sends the email notification. The default is the admin’s account.

Proxy configuration

Zimbra Proxy (Nginx-Zimbra) is a high-performance reverse proxy server that passes IMAP[S]/POP[S]/HTTP[S] client requests to other internal Zimbra 9 services.

It requires the separate package Zimbra Memcached which is automatically selected when the zimbra-proxy package is installed. One server must run zimbramemcached when the proxy is in use. All installed zimbra proxies can use a single memcached server.

Server Configured Menu Item Description

zimbra-proxy

mailbox server,
MTA server or
own independent server

Enable POP/IMAP Proxy

default TRUE

IMAP proxy port

default 143

IMAP SSL proxy port

default 993

POP proxy port

default 110

POP SSL proxy port

default 995

Bind password for nginx ldap user

default set

Enable HTTP[S] Proxy

default TRUE

HTTP proxy port

default 80

HTTPS proxy port

default 443

Proxy server mode

default https

Scanning Attachments in Outgoing Mail

You can enable real-time scanning of attachments in outgoing emails sent using the Zimbra 9 Web Client. If enabled, when an attachment is added to an email, it is scanned using ClamAV prior to sending the message. If ClamAV detects a virus, it will block attaching the file to the message. By default, scanning is configured for a single node installation.

To enable in a multi-node environment, one of the MTA nodes needs to be picked for handling ClamAV scanning. Then, the necessary configuration can be done using the following commands:

zmprov ms <mta server> zimbraClamAVBindAddress <mta server>
zmprov mcf zimbraAttachmentsScanURL clam://<mta server>:3310/
zmprov mcf zimbraAttachmentsScanEnabled TRUE

Overview of the Zimbra Proxy Server

Zimbra 9 Proxy (Nginx-Zimbra) is a high-performance reverse proxy server that passes IMAP[S]/POP[S]/HTTP[S] client requests to other internal Zimbra Collaboration services. A reverse proxy server is an Internet-facing server that protects and manages client connections to your internal services. It can also provide functions like: GSSAPI authentication, throttle control, SSL connection with different certificates for different virtual host names, and other features.

In a typical use case, Zimbra 9 Proxy extracts user login information (such as account id or user name) and then fetches the route to the upstream mail server or web server’s address from the Nginx Lookup Extension, and finally proxies the interactions between clients and upstream Zimbra Collaboration servers. To accelerate the speed of route lookup, memcached is introduced, which caches the lookup result. The subsequent login with the same username is directly proxied without looking up in Nginx Lookup Extension.

You can install the Zimbra 9 Proxy package on a mailbox server, MTA server, or on its own independent server. When the Zimbra 9 Proxy package is installed, the proxy feature is enabled. In most cases, no modification is necessary.

Benefits for using the Zimbra 9 Proxy include:

  • Centralizes access to Mailbox servers

  • Load Balancing

  • Security

  • Authentication

  • SSL Termination

  • Caching

  • Centralized Logging and Auditing

  • URLRewriting

For more information, see the wiki page https://wiki.zimbra.com/wiki/Zimbra_Proxy_Guide

Zimbra 9 Proxy Components and Memcached

Zimbra 9 Proxy is designed to provide a HTTP[S]/POP[S]/IMAP[S] reverse proxy that is quick, reliable, and scalable. Zimbra 9 Proxy includes the following:

  • Nginx. A high performance HTTP[S]/POP[S]/IMAP[S] proxy server which handles all incoming HTTP[S]/POP[S]/IMAP[S] requests.

  • Zimbra 9 Proxy Route Lookup Handler. This is a servlet (also named as Nginx Lookup Extension or NLE) located on the Zimbra Collaboration mailbox server. This servlet handles queries for the user account route information (the server and port number where the user account resides).

Memcached is a high performance, distributed memory object caching system. Route information is cached for further use to increase performance. zimbra-memcached is a separate package that is recommended to be installed along with zimbra-proxy.

Zimbra 9 Proxy Architecture and Flow

The following sequence explains the architecture and the login flow when an end client connects to Zimbra 9 Proxy.

  1. End clients connect to Zimbra 9 Proxy using HTTP[S]/POP[S]/IMAP[S] ports.

  2. Proxy attempts to contact a memcached server (elected from the available memcached servers, using a round-robin algorithm) if available and with caching enabled to query the upstream route information for this particular client.

  3. If the route information is present in memcached, then this will be a cache-hit case and the proxy connects to the corresponding Zimbra Mailbox server right away and initiates a web/mail proxy session for this client. The memcached component stores the route information for the configured period of time (configurable and one hour by default). Zimbra 9 proxy uses this route information instead of querying the Zimbra Proxy Route Lookup Handler/NLE until the default period of time has expired.

  4. If the route information is not present in memcached, then this will be a cache-miss case, so Zimbra 9 Proxy will proceed sending an HTTP request to an available Zimbra 9 Proxy Route Lookup Handler/NLE (elected by round-robin), to look up the upstream mailbox server where this user account resides.

  5. Zimbra 9 Proxy Route Lookup Handler/NLE locates the route information from LDAP for the account being accessed and returns this back to Zimbra 9 Proxy.

  6. Zimbra 9 Proxy uses this route information to connect to the corresponding Zimbra 9 Mailbox server and initiates a web/mail proxy session. It also caches this route information into a memcached server so that the next time this user logs in, the memcached server has the upstream information available in its cache, and Zimbra 9 Proxy will not need to contact NLE.The end client is transparent to this and behaves as if it is connecting directly to the Zimbra 9 Mailbox server.

Zimbra 9 Proxy Position in Zimbra Collaboration Runtime

The following figure displays the positions of Zimbra 9 Proxy and its relationships to other components of Zimbra Collaboration.

Proxy place in network

Deployment Strategy

The deployment strategy and position with respect to non-proxy hosts, Zimbra 9 actively suggests using the Proxy server on the edge (either on an independent server or on the same server running LDAP/MTA) with mailbox servers behind it. In the case of multiple proxies, an external load balancer can be placed in front to distribute the load evenly among the proxy servers.

The Zimbra 9 Proxy package does not act as a firewall and needs to be behind the firewall in customer deployments.

Configuration during installation

zimbra-proxy package needs to be selected during the installation process (it is installed by default). It is highly recommended to install memcached as well along with proxy for better performance.

Install zimbra-proxy [Y]
Install zimbra-memcached [Y]

This would install and enable all IMAP[S]/POP[S]/HTTP[S] proxy components with the following default configuration.

    Proxy configuration

       1) Status:                                  Enabled
       2) Enable POP/IMAP Proxy:                   TRUE
       3) IMAP proxy port:                         143
       4) IMAP SSL proxy port:                     993
       5) POP proxy port:                          110
       6) POP SSL proxy port:                      995
       7) Bind password for nginx ldap user:       set
       8) Enable HTTP[S] Proxy:                    TRUE
       9) HTTP proxy port:                         80
      10) HTTPS proxy port:                        443
      11) Proxy server mode:                       https

Zimbra 9 Proxy Ports

The following ports are used either by Zimbra 9 Proxy or by Zimbra 9 Mailbox (if Proxy is not configured).
If you have any other services running on these ports, turn them off.

End clients connect directly to Zimbra 9 Proxy, using the Zimbra 9 Proxy Ports. Zimbra 9 Proxy connects to the Route Lookup Handler/NLE (which resides on Zimbra 9 Mailbox server) using the Zimbra 9 Mailbox Ports.

Zimbra 9 Proxy Port Mapping

Zimbra 9 Proxy Ports (External to Zimbra Collaboration)

HTTP

80

HTTPS

443

POP3

110

POP3S (Secure POP3)

995

IMAP

143

IMAPS (Secure IMAP)

993

Zimbra 9 Mailbox Ports (Internal to Zimbra Collaboration)

Route Lookup Handler

7072

HTTP Backend (if Proxy configured)

8080

HTTPS Backend (if Proxy configured)

8443

POP3 Backend (if Proxy configured)

7110

POP3S Backend (if Proxy configured)

7995

IMAP Backend (if Proxy configured)

7143

IMAPS Backend (if Proxy configured)

7993

Configuring for Virtual Hosting

You can configure multiple virtual hostnames to host more than one domain name on a server. When you create a virtual host, users can log in without having to specify the domain name as part of their user name.

Virtual hosts are configured from the administration console
Configure>Domains>Virtual Hosts
page. The virtual host requires a valid DNS configuration with an A record.

When users log in, they enter the virtual host name in the browser. For example, https://mail.example.com. When the Zimbra 9 logon screen displays, users enter only their user name and password. The authentication request searches for a domain with that virtual host name. When the virtual host is found, the authentication is completed against that domain.

Preparing Your Server Environment

To successfully install and run Zimbra Collaboration, ensure your system meets the requirements described in this section. System administrators should be familiar with installing and managing email systems.

Do not manually create the user zimbra before running the Zimbra 9 installation. The installation automatically creates this user and sets up its environment.

System Requirements

For the Zimbra Collaboration system requirements see System Requirements for Zimbra Collaboration at the end of this guide.

Modifying Operating System Configurations

Zimbra Collaboration runs on one of several operating systems, including Ubuntu® LTS, Red Hat® Enterprise Linux, CentOS and Oracle Linux.

A full default installation of the Linux distribution that you select is required.

Zimbra recommends that the operating systems you use are updated with the latest patches that have been tested with Zimbra Collaboration. See the latest release notes to see the operating systems patch list that has been tested with Zimbra Collaboration.

Configuring High-Fidelity Document Preview

The high-fidelity document preview feature requires the installation of LibreOffice or the LibreOffice-headless package, depending on the operating system you are running.

If LibreOffice is installed, the system is automatically configured to use high-fidelity document preview. If LibreOffice is not installed, the preview engine from prior Zimbra Collaboration releases is used.

This can be accomplished with the appropriate Linux distribution’s package management systems:

  • For RHEL, install the libreoffice-headless package:

yum install libreoffice
yum install libreoffice-headless
  • For Ubuntu, install libreoffice:

apt-get install libreoffice

Install Language and Font Packages

Confirm you have the appropriate language packs or fonts installed for LibreOffice to properly view documents and attachments. For example:

  • If using Ubuntu 12.04 (deprecated) and viewing East Asian languages, be sure to install:

apt-get install libreoffice-l10n-*
apt-get install ttf-vlgothic
  • If using Ubuntu 14.04 or 16.04 and viewing East Asian languages, be sure to install:

apt-get install libreoffice-l10n-*
apt-get install fonts-vlgothic
  • If using RHEL, be sure to install:

yum install libreoffice-langpack-xx

DNS Configuration Requirement

When you create a domain during the installation process, Zimbra Collaboration checks to see if you have an MX record correctly configured for that domain. If it is not, an error is displayed suggesting that the domain name have an MX record configured in DNS.

To send and receive email, the Zimbra 9 MTA must be configured in DNS with both A and MX records. For sending mail, the MTA uses DNS to resolve hostnames and email-routing information. To receive mail, the MX record must be configured correctly to route the message to the mail server.

You must configure a relay host if you do not enable DNS. After Zimbra Collaboration is installed, go to the administration console's Global Settings → MTA tab and:

  • Uncheck Enable DNS lookups.

  • Enter the relay MTA address to use for external delivery.

Even if a relay host is configured, an MX record is still required if the Zimbra Collaboration server is going to receive email from the Internet.

Multiple-Server Installation

The multiple-server installation is straight-forward and easy to run. You run the same installation script on each server, select the component(s) to install, and use the menu to configure the system.

When the server installation is complete after final set-up and server configuration steps are run, the servers are started and the status is displayed.

Order of Installation

  1. LDAP server(s)

  2. MTA server(s)

  3. Proxy server(s)

  4. Mailbox server(s) options:

    • Zimbra Mailbox Server, which includes the mailstore services and webapp services (mailstore server + UI server)

    • Zimbra Web Application Server Split mode, which includes:

      • a Zimbra mailstore server (mailstore server)

      • a Zimbra webapp server (UI server)

Zimbra-proxy is normally installed on the MTA server or you can install it on its own server.
Do not manually create the user ‘zimbra’ before running the Zimbra 9 installation. The installation automatically creates this user and sets up its environment.
Before you start, verify that the system clocks are synced on all servers.

Starting the Installation Process

[IMPORTANT]:

Before you begin, make sure to:

For the latest Zimbra Collaboration software downloads, go to https://www.zimbra.com. Save the Zimbra Collaboration tar file to the computer from which you are installing the software.

The screen shots are examples of the Zimbra Collaboration installation script. The actual script may be different.

Step 1 through step 4 are performed for each server to be installed.

Open an SSH session to the Zimbra 9 server and follow the steps below:

  1. Log in as root to the Zimbra Collaboration server and cd to the directory where the Zimbra Collaboration archive file is saved (cd /var/<tmp>). Type the following commands.

    • tar xzvf [zcs.tgz] to unpack the file

    • cd [zcs filename] to change to the correct directory. The filename includes the release and build date.

    • ./install.sh to begin the installation.

    As the installation proceeds, press Enter to accept the defaults that are shown in brackets [ ] or enter the appropriate answer (Y/N) for your configuration.
    root@mailhost:/tmp# tar xzvf zcs.tgz
    zcs-NETWORK-9.0.0_GA_3924.UBUNTU18_64.2020033101031/
    zcs-NETWORK-9.0.0_GA_3924.UBUNTU18_64.2020033101031/packages/
    .
    .
    .
    zcs-NETWORK-9.0.0_GA_3924.UBUNTU18_64.2020033101031/install.sh
    zcs-NETWORK-9.0.0_GA_3924.UBUNTU18_64.2020033101031/README.txt
    
    root@zimbraiop:/tmp/# cd zcs-NETWORK-9.0.0_GA_3924.UBUNTU18_64.2020033101031/
    root@zimbraiop:/tmp/zcs-NETWORK-9.0.0_GA_3924.UBUNTU18_64.2020033101031# ./install.sh
    
    Operations logged to /tmp/install.log.y1YeCSI5
    .
    .
    .
  2. The install.sh script reviews the installation software to verify that the Zimbra 9 packages are available. The installation process checks to see whether any of the applications Sendmail, Postfix, MySQL or MariaDB are running. If any of these applications are running, you are asked to disable them. Disabling MySQL and MariaDB is optional but highly recommended. Sendmail and Postfix MUST be disabled for Zimbra Collaboration to start correctly.

    root@zimbraiop:/tmp/zcs-NETWORK-9.0.0_GA_3924.UBUNTU18_64.2020033101031# ./install.sh
    
    
    Operations logged to /tmp/install.log.y1YeCSI5
    Checking for existing installation...
        zimbra-connect...NOT FOUND
        zimbra-drive...NOT FOUND
        zimbra-network-modules-ng...NOT FOUND
        zimbra-ldap...NOT FOUND
        zimbra-logger...NOT FOUND
        zimbra-mta...NOT FOUND
        zimbra-dnscache...NOT FOUND
        zimbra-snmp...NOT FOUND
        zimbra-store...NOT FOUND
        zimbra-apache...NOT FOUND
        zimbra-spell...NOT FOUND
        zimbra-convertd...NOT FOUND
        zimbra-memcached...NOT FOUND
        zimbra-proxy...NOT FOUND
        zimbra-archiving...NOT FOUND
        zimbra-core...NOT FOUND
    
    .
    .
    .
  3. The Zimbra 9 software agreement displays. Press Y to accept and N to decline.

    The license agreement displays in multiple sections, and you must accept each section of the license agreement.
  4. Use Zimbra 9’s package repository [Y] displays, press Enter to continue. Your system will be configured to add the Zimbra 9 packaging repository for yum or apt-get as appropriate so it can install the Zimbra 9 3rd party packages.

    Checking for installable packages
    
    Found zimbra-core (local)
    Found zimbra-ldap (local)
    Found zimbra-logger (local)
    Found zimbra-mta (local)
    Found zimbra-dnscache (local)
    Found zimbra-snmp (local)
    Found zimbra-store (local)
    Found zimbra-apache (local)
    Found zimbra-spell (local)
    Found zimbra-convertd (local)
    Found zimbra-memcached (repo)
    Found zimbra-modern-ui (repo)
    Found zimbra-proxy (local)
    Found zimbra-archiving (local)
    Found zimbra-connect (repo)
    Found zimbra-drive (repo)
    Found zimbra-network-modules-ng (local)
    
    
    Use Zimbra's package repository [Y] y
    Configuring package repository
  5. Next, select the packages to be installed on this server.

    For the cross mailbox search feature, install the Zimbra 9 Archive package. To use the archiving and discovery feature, contact Zimbra sales.

    The installer verifies that there is enough room to install Zimbra 9.

  6. Next, the installer checks to see that the prerequisite packages are installed as listed in the Other Dependencies section of the System Requirements for Zimbra Collaboration

    Before the Main menu is displayed, the installer checks to see if the hostname is resolvable via DNS and if there is an error asks you if would like to change the hostname. The domain name should have an MX record configured in DNS.

Installing Zimbra 9 LDAP Master Server

You must configure the LDAP Master server before you can install other Zimbra 9 servers. You can set up LDAP replication, configuring a master LDAP server and replica LDAP servers, either configuring all LDAP servers now or after you set up the initial Zimbra Collaboration servers. See the section on Configuring LDAP Replication

  1. Follow steps 1 through 4 in Starting the Installation Process to open an SSH session to the LDAP server, log on to the server as root, and unpack the Zimbra Collaboration software.

  2. Type y and press Enter to install the zimbra-ldap package. The zimbra-mta, zimbra-store and zimbra-logger packages should be marked n.

    Install zimbra-ldap [Y] Y
    
    Install zimbra-logger [Y] N
    
    Install zimbra-mta [Y] N
    
    Install zimbra-dnscache [Y] N
    
    Install zimbra-snmp [Y] N
    
    Install zimbra-store [Y] N
    
    Install zimbra-apache [Y] N
    
    Install zimbra-spell [Y] N
    
    Install zimbra-convertd [Y] N
    
    Install zimbra-memcached [Y] N
    
    Install zimbra-proxy [Y] N
    
    Install zimbra-archiving [N] N
    
    Install zimbra-connect [Y] N
    
    Install zimbra-drive [Y] N
    
    Install zimbra-network-modules-ng [Y] N
    
    Checking required space for zimbra-core
    
    Installing:
        zimbra-core
        zimbra-ldap
    
    The system will be modified.  Continue? [N]
  3. Type Y, and press Enter to modify the system. The selected packages are installed on the server. The Main menu displays the default entries for the Zimbra component you are installing. To expand the menu to see the configuration values, type x and press Enter. The main menu expands to display configuration details for the package being installed.

    Values that require further configuration are marked with asterisks (*).

    To navigate the Main menu, select the menu item to change. You can modify any of the values. See the section Main Menu options for a description of the Main menu.

    Main menu
    
       1) Common Configuration:
       2) zimbra-ldap:                             Enabled
       3) Enable default backup schedule:          yes
       s) Save config to file
       x) Expand menu
       q) Quit
    
    *** CONFIGURATION COMPLETE - press 'a' to apply
    Select from menu, or press 'a' to apply config (? - help)
  4. Type 1 to display the Common Configuration submenu.

    Common configuration
    
       1) Hostname:                                ldap-1.example.com
       2) Ldap master host:                        ldap-1.example.com
       3) Ldap port:                               389
       4) Ldap Admin password:                     set
       5) Store ephemeral attributes outside Ldap: no
       6) Secure interprocess communications:      yes
       7) TimeZone:                                America/Mexico_City
       8) IP Mode:                                 ipv4
       9) Default SSL digest:                      sha256
    
    Select, or 'r' for previous menu [r]
  5. Type 4 to display the automatically generated LDAP admin password.

    Select, or 'r' for previous menu [r] 4
    
    Password for ldap admin user (min 6 characters): [bEyMZxNxq]

    You can change this password.
    Write down the LDAP password, the LDAP host name and the LDAP port.

    LDAP Admin Password _______________________
    LDAP Host name      _______________________
    LDAP Port           _______________________
    You must configure this information when you install the mailbox servers and the MTA servers.
  6. Type 7 to set the correct time zone. A list of timezones appears, choose the relevant timezone by typing its number. In the below snapshot, we have selected Europe/London by typing 94.

    1 Africa/Algiers
    .
    .
    .
    94 Europe/London
    .
    .
    .
    109 Pacific/Tongatapu
    110 UTC
    Enter the number for the local timezone: [110] 94
  7. Type r to return to the Main menu.

  8. From the Main menu, type 2 for zimbra-ldap to view the Ldap configuration settings.

    Ldap configuration
    
       1) Status:                                  Enabled
       2) Create Domain:                           yes
       3) Domain to create:                        ldap-1.example.com
       4) Ldap root password:                      set
       5) Ldap replication password:               set
       6) Ldap postfix password:                   set
       7) Ldap amavis password:                    set
       8) Ldap nginx password:                     set
       9) Ldap Bes Searcher password:              set
    
    Select, or 'r' for previous menu [r]
  9. Type 3 for Domain to create to change the default domain name to the main domain name you want to use for your network, (e.g. example.com).

  10. The passwords listed in the LDAP configuration menu are automatically generated.

    If you want to change the passwords for LDAP root, LDAP replication, LDAP Postfix, LDAP Amavis, and LDAP Nginx, enter the corresponding number 4 through 8 and change the passwords.

    Ldap replication password _____________________
    Ldap postfix password     _____________________
    Ldap amavis password      _____________________
    Ldap nginx password       _____________________
    You need these passwords when configuring the MTA and the LDAP replica servers. Write them down.
  11. When changes to the LDAP configuration menu are complete:

    *** CONFIGURATION COMPLETE - press 'a' to apply
    Select from menu, or press 'a' to apply config (? - help) a
    Save configuration data to a file? [Yes]
    Save config in file: [/opt/zimbra/config.8381]
    Saving config in /opt/zimbra/config.8381...done
    • enter r to return to the main menu.

    • Type a to apply the configuration changes.

    • When Save configuration data to file appears, type Yes and press Enter.

    • The next request asks where to save the files. To accept the default, press Enter. To save the files to another directory, enter the directory and press Enter.

  12. When The system will be modified - continue? [No] appears, type y and press Enter.

    The server is modified. Installing all the components and configuring the server can take a few minutes. This includes but is not limited to setting local config values, creating and installing SSL certificates, setting passwords, timezone preferences, and starting the servers, among other processes.

  13. When Configuration complete - press return to exit displays, press Enter.

    *** CONFIGURATION COMPLETE - press 'a' to apply
    Select from menu, or press 'a' to apply config (? - help) a
    Save configuration data to a file? [Yes]
    Save config in file: [/opt/zimbra/config.8381]
    Saving config in /opt/zimbra/config.8381...done.
    The system will be modified - continue? [No] y
    Operations logged to /tmp/zmsetup.20170302-133132.log
    Setting local config values...done.
    .
    .
    .
    Starting servers...done.
    Skipping creation of default domain GAL sync account - not a service node.
    Setting up zimbra crontab...done.
    
    
    Moving /tmp/zmsetup.20170302-133132.log to /opt/zimbra/log
    
    
    Configuration complete - press return to exit

    The installation of the LDAP server is complete.

Installing the Zimbra 9 Mailbox Server

The zimbra-store package can be installed with the LDAP server, the MTA server, or as a separate mailbox server.

You can have the following configuration options:

  • The Zimbra 9 Mailbox Server containing mailstore services and webapp services (mailstore server + UI server)

or

  • The Zimbra Web Application Server Split, which includes:

    • Mailstore server providing the backend SOAP/REST functionality

    • UI server providing the web UI functionality (static html/js/css content)

You can have more than one of the above configurations. In a web application server split environment, you must have at least one mailstore server and one UI server in your configuration.

The Modern Web App does not currently support Zimbra Web Application Server Split configuration.
A web application server split environment must have proxy and memcached installed.

The Zimbra license file can be installed on one of the mailbox servers during the installation. If you do not have a license file, you can install it from the administration console when the Zimbra Collaboration install is complete. See Zimbra License Requirements

Install Zimbra Mailbox Services

  1. Follow steps 1 through 4 in Starting the Installation Process to open an SSH session to the Mailbox server, log on to the server as root, and unpack the Zimbra 9 software.

  2. Type Y and press Enter to install the zimbra-logger package (optional and only on one mail server) and zimbra-store. In the following screen shot example, the packages to be installed are emphasized.

    If SNMP is being used, the SNMP package is installed on every Zimbra 9 server. Mark Y.
    Install zimbra-ldap [Y] N
    
    Install zimbra-logger [Y] Y
    
    Install zimbra-mta [Y] N
    
    Install zimbra-dnscache [Y] N
    
    Install zimbra-snmp [Y] Y
    
    Install zimbra-store [Y] Y
    
    Install zimbra-apache [Y] Y
    
    Install zimbra-spell [Y] Y
    
    Install zimbra-convertd [Y] Y
    
    Install zimbra-memcached [Y] N
    
    Install zimbra-proxy [Y] N
    
    Install zimbra-archiving [N] Y
    
    Install zimbra-connect [Y] Y
    
    Install zimbra-drive [Y] Y
    
    Install zimbra-network-modules-ng [Y] y
    
    ###WARNING###
    
    Network Modules NG needs to bind on TCP ports 8735 and 8736 in order
    to operate, for inter-instance communication.
    Please verify no other service listens on these ports and that
    ports 8735 and 8736 are properly filtered from public access
    by your firewall.
    
    Please remember that the Backup NG module needs to be initialized in order
    to be functional. This is a one-time operation only that can be performed
    by clicking the 'Initialize' button within the Backup section of the
    Network NG Modules in the Administration Console or by running
    `zxsuite backup doSmartScan` as the zimbra user.
    
    Checking required space for zimbra-core
    Checking space for zimbra-store
    Checking required packages for zimbra-store
         FOUND: libreoffice-1:4.2.8-0ubuntu4
    zimbra-store package check complete.
    
    Installing:
        zimbra-core
        zimbra-logger
        zimbra-snmp
        zimbra-store
        zimbra-apache
        zimbra-spell
        zimbra-modern-ui
        zimbra-convertd
        zimbra-archiving
        zimbra-connect
        zimbra-drive
        zimbra-network-modules-ng
    
    The system will be modified.  Continue? [N]
  3. Type Y, and press Enter to modify the system. The selected packages are installed on the server. The Main menu displays the default entries for the Zimbra component you are installing. To expand the menu to see the configuration values, type x and press Enter. The main menu expands to display configuration details for the package being installed.

    Values that require further configuration are marked with asterisks (*).

    To navigate the Main menu, select the menu item to change. You can modify any of the values. See the section Main Menu options for a description of the Main menu.

    Main menu
    
       1) Common Configuration:
            +Hostname:                             mailstore-1.example.com
    ******* +Ldap master host:                     UNSET
            +Ldap port:                            389
    ******* +Ldap Admin password:                  UNSET
            +LDAP Base DN:                         cn=zimbra
            +Store ephemeral attributes outside Ldap: no
            +Secure interprocess communications:   yes
            +TimeZone:                             UTC
            +IP Mode:                              ipv4
            +Default SSL digest:                   sha256
    
       2) zimbra-logger:                           Enabled
       3) zimbra-snmp:                             Enabled
       4) zimbra-store:                            Enabled
            +Create Admin User:                    yes
            +Admin user to create:                 admin@mailstore-1.example.com
    ******* +Admin Password                        UNSET
            +Anti-virus quarantine user:           virus-quarantine.mgpgruxx@mailstore-1.example.com
            +Enable automated spam training:       yes
            +Spam training user:                   spam.qgku2xsq@mailstore-1.example.com
            +Non-spam(Ham) training user:          ham.y49bbzuis@mailstore-1.example.com
    ******* +SMTP host:                            UNSET
            +Web server HTTP port:                 8080
            +Web server HTTPS port:                8443
            +Web server mode:                      https
            +IMAP server port:                     7143
            +IMAP server SSL port:                 7993
            +POP server port:                      7110
            +POP server SSL port:                  7995
            +Use spell check server:               yes
            +Spell server URL:                     http://mailstore-1.example.com:7780/aspell.php
            +Enable version update checks:         TRUE
            +Enable version update notifications:  TRUE
            +Version update notification email:    admin@mailstore-1.example.com
            +Version update source email:          admin@mailstore-1.example.com
            +Install mailstore (service webapp):   yes
            +Install UI (zimbra,zimbraAdmin webapps): yes
    ******* +License filename:                     UNSET
    
       5) zimbra-spell:                            Enabled
       6) zimbra-convertd:                         Enabled
       7) Default Class of Service Configuration:
       8) Enable default backup schedule:          yes
       s) Save config to file
       x) Expand menu
       q) Quit
    
    Address unconfigured (**) items  (? - help)
  4. Type 1 to display the Common Configuration submenu.

    Common configuration
    
       1) Hostname:                                mailstore-1.example.com
    ** 2) Ldap master host:                        UNSET
       3) Ldap port:                               389
    ** 4) Ldap Admin password:                     UNSET
       5) LDAP Base DN:                            cn=zimbra
       6) Store ephemeral attributes outside Ldap: no
       7) Secure interprocess communications:      yes
       8) TimeZone:                                UTC
       9) IP Mode:                                 ipv4
      10) Default SSL digest:                      sha256

    The mailbox server hostname is displayed.

    You must change the LDAP master host name and password to be the values configured on the LDAP server.
    • Type 2, press Enter, and type the LDAP host name. (ldap-1.example.com in this example.)

    • Type 4, press Enter, and type the LDAP password. To obtain the LDAP password, you will need to log on to the LDAP server as the zimbra user, and run the following command:

    zmlocalconfig -s zimbra_ldap_password

    After you set these values, the server immediately contacts the LDAP server. If it cannot contact the server, you cannot proceed.

  5. Type 8 to set the correct time zone. A list of timezones appears, choose the relevant timezone by typing its number. In the below snapshot, we have selected Europe/London by typing 94.

    1 Africa/Algiers
    .
    .
    .
    94 Europe/London
    .
    .
    .
    109 Pacific/Tongatapu
    110 UTC
    Enter the number for the local timezone: [110] 94
  6. Type r to return to the Main menu.

  7. From the Main menu, type 4 for zimbra-store to view the Store configuration settings.

    Store configuration
    
       1) Status:                                  Enabled
       2) Create Admin User:                       yes
       3) Admin user to create:                    admin@mailstore-1.example.com
    ** 4) Admin Password                           UNSET
       5) Anti-virus quarantine user:              virus-quarantine.orulkdewtz@mailstore-1.example.com
       6) Enable automated spam training:          yes
       7) Spam training user:                      spam.udbnonsavi@mailstore-1.example.com
       8) Non-spam(Ham) training user:             ham.3ptgqja0f@mailstore-1.example.com
    ** 9) SMTP host:                               UNSET
      10) Web server HTTP port:                    8080
      11) Web server HTTPS port:                   8443
      12) HTTP proxy port:                         80
      13) HTTPS proxy port:                        443
      14) Web server mode:                         https
      15) IMAP server port:                        7143
      16) IMAP server SSL port:                    7993
      17) IMAP proxy port:                         143
      18) IMAP SSL proxy port:                     993
      19) POP server port:                         7110
      20) POP server SSL port:                     7995
      21) POP proxy port:                          110
      22) POP SSL proxy port:                      995
      23) Use spell check server:                  yes
      24) Spell server URL:                        http://mailstore-1.example.com:7780/aspell.php
      25) Configure for use with mail proxy:       TRUE
      26) Configure for use with web proxy:        TRUE
      27) Enable version update checks:            TRUE
      28) Enable version update notifications:     TRUE
      29) Version update notification email:       admin@mailstore-1.example.com
      30) Version update source email:             admin@mailstore-1.example.com
      31) Install mailstore (service webapp):      yes
      32) Install UI (zimbra,zimbraAdmin webapps): yes
    **33) License filename:                        UNSET
    
    Select, or 'r' for previous menu [r]
  8. Type 4 and set the password for the administrator account. The password is case sensitive and must be a minimum of six characters. The install process provisions the admin account on the mailbox store server. You log on to the administration console with this password.

    By default, the domain name portions of the email addresses for the Admin user, Anti-virus quarantine user, Spam training user and Non-spam(Ham) training user, are set to be the zimbra mailstore server address. You may want to change these to be the Zimbra Collaboration primary domain address instead. (example.com in this example)
  9. Type the corresponding number to set the SMTP host. This is the mta-server host name.

  10. Type the corresponding number if you want to change the default Web server mode. The communication protocol options are HTTP, HTTPS, mixed, both or redirect.

    Mixed

    Uses HTTPS for logging in and HTTP for normal session traffic.

    Both

    An HTTP session stays HTTP, including during the login phase, and an HTTPS session remains HTTPS throughout, including the login phase.

    Redirect

    Redirects any users connecting via HTTP to an HTTPS connection.

    All modes use SSL encryption for back-end administrative traffic.

  11. If you are configuring proxy servers, type the corresponding number to enable the servers. When you enable these, the mail server port and proxy port numbers are automatically changed. See Configuration during installation.

  12. If you install the Zimbra 9-spell package, it should be installed on every mailstore. The hostname portion of the http address for each should be the hostname of the mailstore server it is installed on.

  13. Enable version update checks and Enable version update notifications are set to TRUE. Zimbra Collaboration automatically checks for the latest Zimbra Collaboration software updates and notifies the account that is configured in Version update notification email. You can modify this later from the administration console.

  14. If the Zimbra 9-proxy package is not installed on the mailbox server, two menu options are displayed so you can preconfigure the mailbox server for use with the zimbra proxy server:

    • Configure for use with mail proxy

    • Configure for use with web proxy

    Set either or both of these to TRUE if you are going to set up Zimbra 9-proxy. The Zimbra 9-proxy ports display in the menu when these are set to TRUE.

  15. Type the corresponding menu number to install the Zimbra license file. Enter the location of the Zimbra license file. For example, if you saved the license file to the tmp directory, you would type /tmp/ZCSLicense.xml. You cannot proceed without a license.

  16. Configure the mailstore and webapp services either on a single server or in a split server configuration.

    • To install mailstore server only, set Install UI (zimbra,zimbraAdmin webapps) value to no, which excludes the web services.

    • To install UI server only, set the Install mailstore (service webapp) value to no, which excludes mailstore services.

    • To install both the mailstore and UI services on the same server, confirm the values for Install mailstore (service webapp) and Install UI (zimbra,zimbraAdmin webapps) are both set to yes. The default is yes.

    See the release notes for additional configuration information for installing a split node environment.
  17. Type r to return to the Main menu.

  18. Review the Default Class of Service Configuration settings. If you want to change the COS default configuration of these features,

    1. Type the number for the Default Class of Service Configuration

    2. Type the corresponding number for the feature to be enabled or disabled.
      The default COS settings are adjusted to match.

  19. When the mailbox server is configured, return to the Main menu and type a to apply the configuration changes.
    Press Enter to save the configuration data.

  20. When Save Configuration data to file appears, type Yes and press Enter.

    Save configuration data to a file? [Yes]
  21. The next request asks where to save the files. To accept the default, press Enter. To save the files to another directory, enter the directory and then press Enter

    Save config in file: [/opt/zimbra/config.16039]
    Saving config in /opt/zimbra/config.16039...done.
  22. When The system will be modified - continue? appears, type Yes and press Enter. The server is now modified. Installing all the components and configuring the server can take several minutes. This includes installing SSL certificates, setting passwords, setting ports, installing skins and common zimlets, setting time zone preferences, backup schedules and starting the servers, among other processes.

    The system will be modified - continue? [No] y
    Operations logged to /tmp/zmsetup.20160711-234517.log
    Setting local config values...done.
    .
    .
    .
    Configuration complete - press return to exit
  23. When Configuration complete - press return to exit displays, press Enter

The installation of the mailbox server is complete.

Installing Zimbra 9 MTA on a Server

When Zimbra 9-mta is installed, the LDAP host name and the Zimbra 9 LDAP password must be known to the MTA server. If not, the MTA cannot contact the LDAP server and is not able to complete the installation.

  1. Follow steps 1 through 4 in Starting the Installation Process to open an SSH session to the MTA server, log on to the server as root, and unpack the Zimbra Collaboration software.

  2. Type y and press Enter to install the zimbra-mta and zimbra-dnscache packages. The other packages should be marked n. In the following screen shot example, the packages to be installed are emphasized.

    If SNMP is being used, the SNMP package is installed on every Zimbra 9 server. Mark y.
    Select the packages to install
    
    Install zimbra-ldap [Y] n
    
    Install zimbra-logger [Y] n
    
    Install zimbra-mta [Y] y
    
    Install zimbra-dnscache [Y] y
    
    Install zimbra-snmp [Y] n
    
    Install zimbra-store [Y] n
    
    Install zimbra-apache [Y] n
    
    Install zimbra-spell [Y] n
    
    Install zimbra-memcached [Y] n
    
    Install zimbra-proxy [Y] n
    Checking required space for zimbra-core
    
    Installing:
        zimbra-core
        zimbra-mta
        zimbra-dnscache
    
    The system will be modified.  Continue? [N] y
    Installing packages
  3. Type Y, and press Enter to modify the system. The selected packages are installed on the server. The Main menu displays the default entries for the Zimbra component you are installing. To expand the menu to see the configuration values, type x and press Enter. The main menu expands to display configuration details for the package being installed.

    Values that require further configuration are marked with asterisks (*).

    To navigate the Main menu, select the menu item to change. You can modify any of the values. See the section Main Menu options for a description of the Main menu.

    Main menu
    
       1) Common Configuration:
            +Hostname:                             mta-1.example.com
    ******* +Ldap master host:                     UNSET
            +Ldap port:                            389
    ******* +Ldap Admin password:                  UNSET
            +LDAP Base DN:                         cn=zimbra
            +Store ephemeral attributes outside Ldap: no
            +Secure interprocess communications:   yes
            +TimeZone:                             Africa/Monrovia
            +IP Mode:                              ipv4
            +Default SSL digest:                   sha256
    
       2) zimbra-mta:                              Enabled
            +Enable Spamassassin:                  yes
            +Enable Clam AV:                       yes
            +Enable OpenDKIM:                      yes
            +Notification address for AV alerts:   admin@mta-1.example.com
    ******* +Bind password for postfix ldap user:  UNSET
    ******* +Bind password for amavis ldap user:   UNSET
    
       3) zimbra-dnscache:                         Enabled
       s) Save config to file
       x) Expand menu
       q) Quit
    
    Address unconfigured (**) items  (? - help)
  4. Type 1 to display the Common Configuration submenu.

    Common configuration
    
       1) Hostname:                                mta-1.example.com
    ** 2) Ldap master host:                        UNSET
       3) Ldap port:                               389
    ** 4) Ldap Admin password:                     UNSET
       5) LDAP Base DN:                            cn=zimbra
       6) Store ephemeral attributes outside Ldap: no
       7) Secure interprocess communications:      yes
       8) TimeZone:                                Africa/Monrovia
       9) IP Mode:                                 ipv4
      10) Default SSL digest:                      sha256

    The mta server hostname is displayed.

    You must change the LDAP master host name and password to be the values configured on the LDAP server.
    • Type 2, press Enter, and type the LDAP host name. (ldap-1.example.com in this example.)

    • Type 4, press Enter, and type the LDAP password.
      To obtain the LDAP password, you will need to log on to the LDAP server as the zimbra user, and run the following command:

    zmlocalconfig -s zimbra_ldap_password

    After you set these values, the server immediately contacts the LDAP server. If it cannot contact the server, you cannot proceed.

  5. Type 8 to set the correct time zone. A list of timezones appears, choose the relevant timezone by typing its number. In the below snapshot, we have selected Europe/London by typing 94.

    1 Africa/Algiers
    .
    .
    .
    94 Europe/London
    .
    .
    .
    109 Pacific/Tongatapu
    110 UTC
    Enter the number for the local timezone: [110] 94
  6. Type r to return to the Main menu.

  7. Type 2 to got to the Mta configuration menu.

    Mta configuration
    
       1) Status:                                  Enabled
       2) Enable Spamassassin:                     yes
       3) Enable Clam AV:                          yes
       4) Enable OpenDKIM:                         yes
       5) Notification address for AV alerts:      admin@mta-1.example.com
    ** 6) Bind password for postfix ldap user:     UNSET
    ** 7) Bind password for amavis ldap user:      UNSET
    
    Select, or 'r' for previous menu [r]
  8. You can change the Notification address for AV alerts. This should be an address on the domain, such as the admin address. (admin@example.com)

    If you enter an address other than the admin address, you must provision an account with that address after the installation is complete.
  9. Select the menu number for Bind password for postfix ldap user. You must use the same value for this as is configured on the LDAP master server.

  10. Select the menu number for Bind password for amavis ldap user. You must use the same value for this as is configured on the LDAP master server.

  11. Type r to return to the Main menu.

    If you are installing the Zimbra 9-proxy package, see Installing Zimbra Proxy before continuing.
  12. When the MTA server is configured, return to the Main menu and type a to apply the configuration changes. Press Enter to save the configuration data.

  13. When Save configuration data to file appears, type Yes and press Enter.

  14. The next request asks where to save the file. To accept the default, press Enter. To save the files to another directory, enter the directory and then press Enter.

  15. When The system will be modified - continue? appears,
    type Yes and press Enter.

    The server is now modified. Installing all the components and configuring the MTA server can take a few minutes. This can include setting passwords, setting ports, setting time zone preferences, and starting the server, among other processes.

  16. When Installation complete - press return to exit displays, press Enter.

The installation of the MTA server is complete.

Installing Zimbra Proxy

Installing the zimbra-proxy package is optional, but recommended for scalable multi-server deployment. Zimbra 9 proxy is normally installed on the MTA server or can be configured on a separate server. Zimbra 9 proxy can be installed on more than one server. At least one instance of zimbra-memcached must be installed to cache the route information (upstream mailbox server for each endclient).

If you are moving from a non-proxy environment (for example, single server to multi-server environment), additional steps are necessary for the mailbox server and proxy configuration. After you complete the proxy installation, reconfigure the mailbox server as described in the Zimbra Collaboration Administration Guide, Zimbra Proxy chapter.
Memcached is shipped as the caching layer to cache LDAP lookups. Memcache does not have authentication and security features so the servers should have a firewall set up appropriately. The default port is 11211 and is controlled by the zimbraMemcacheBindPort conf setting.

Installing on the MTA Server

If you are installing zimbra-proxy on the MTA server, select the zimbra-proxy package and the zimbra-memcached package. Follow the installation process for [_installing_zimbra_mta_on_a_server]. After Step 11, configure the Zimbra-proxy.

  1. On the MTA server, select to install the zimbra-proxy and zimbra-memcached packages, type y and press Enter to install the selected package.

  2. The Main menu displays the default entries for the Zimbra 9 component you are installing. Select Proxy Configuration menu. You can modify any of the values.

The Bind password for Nginx ldap user was configured when the LDAP server was installed. This is set when the MTA connected to the LDAP server. This is not used unless the Kerberos5 authenticating mechanism is enabled.

Setting the password even though GSSAPI auth/proxy is not set up does not cause any issues.
Proxy configuration

      1) Status:                                Enabled
      2) Enable POP/IMAP Proxy:                 TRUE
      3) IMAP proxy port:                       143
      4) IMAP SSL proxy port:                   993
      5) POP proxy port:                        110
      6) POP SSL proxy port:                    995
      7) Bind password for nginx ldap user:     set
      8) Enable HTTP[S] Proxy:                  TRUE
      9) HTTP proxy port:                       80
      10) HTTPS proxy port:                     443
      11) Proxy server mode:                    https

Return to [_installing_zimbra_mta_on_a_server], step 12, to continue the MTA server installation.

Installing on a separate server

The LDAP host name and the Zimbra 9 LDAP password must be known to the proxy server. If not, the proxy server cannot contact the LDAP server and the installation fails.

  1. Follow steps 1 through 4 in Starting the Installation Process to open a SSH session to the server, log on to the server as root, and unpack the Zimbra 9 software.

  2. Select to install the zimbra-proxy package and the zimbra-memcached package. The other packages should be marked N. If you have not installed zimbra-proxy on another server, you must have at least one instance of zimbra-memcached installed to cache the data for NGINX, as shown in the following screen shot example.

    If SNMP is used, the zimbra-snmp package must also be installed.
    Select the packages to install
    
    Install zimbra-ldap [Y] N
    Install zimbra-logger [Y] N
    Install zimbra-mta [Y] N
    Install zimbra-dnscache [N] N
    Install zimbra-snmp [Y] N
    Install zimbra-store [Y] N
    Install zimbra-apache [Y] N
    Install zimbra-spell [Y] N
    Install zimbra-convertd [N] N
    Install zimbra-memcached [N] Y
    Install zimbra-proxy [N] Y
    Install zimbra-archiving [N] N
    Installing:
        zimbra-memcached
        zimbra-proxy
    
    This system will be modified. Continue [N] Y
    Configuration section
  3. Type Y, and press Enter to install the selected package.

  4. The Main menu displays. Type 1 and press Enter to go to the Common Configuration menu.

    The mailbox server hostname is displayed. You must change the LDAP master host name and password to be the values configured on the LDAP server.

    • Type 2, press Enter, and type the LDAP host name. (ldap-1.example.com, in this example.)

    • Type 4, press Enter, and type the LDAP password.

    After you set these values, the server immediately contacts the LDAP server. If it cannot contact the server, you cannot proceed.

    • Type 7 to set the correct time zone

  5. Type r to return to the Main menu.

  6. Type 2 to select zimbra-proxy.

    Main menu
    
    1) Common Configuration:
            +Hostname:                              localhost
            +Ldap master host:                      ldap-1.example.com
            +Ldap port:                             389
            +Ldap Admin password:                   set
            +LDAP Base DN:                          cn=zimbra
            +Store ephemeral attributes outside Ldap: no
            +Secure interprocess communications:    yes
            +TimeZone:                              (GMT-08.00) Pacific Time (US & Canada)
            +IP Mode:                               ipv4
            +Default SSL digest:                    sha256
    
    2) zimbra-proxy:                              Enabled
            +Enable POP/IMAP Proxy:                 TRUE
            +IMAP server port:                      7143
            +IMAP server SSL port:                  7993
            +IMAP proxy port:                       143
            +IMAP SSL proxy port:                   993
            +POP server port:                       7110
            +POP server SSL port:                   7995
            +POP proxy port:                        110
            +POP SSL proxy port:                    995
    ******* +Bind password for nginx ldap user:     Not Verified
            +Enable HTTP[S] Proxy:                  TRUE
          	+Web server HTTP port:				  	8080
    		+Web server HTTPS port:				  	8443
    		+HTTP proxy port: 					  	80
    		+HTTPS proxy port:					  	443
    		+Proxy server mode:					  	https
    
    3) Enable default backup schedule:			  	yes
    s) Save config to file
    x) Expand menu
    q) Quit
    
    Select, or 'r' for previous menu [r] 2
  7. The Proxy Configuration menu displays. You can modify any of the values.

    The Bind password for Nginx ldap user is configured when the LDAP server was installed. This is set when the MTA connected to the LDAP server. This is not used unless the Kerberos5 authenticating mechanism is enabled.

    Setting the password even though GSSAPI auth/proxy is not set up does not cause any issues.
    Proxy configuration
    
       1) Status:                                  Enabled
       2) Enable POP/IMAP Proxy:                   TRUE
       3) IMAP server port:                        7143
       4) IMAP server SSL port:                    7993
       5) IMAP proxy port:                         143
       6) IMAP SSL proxy port:                     993
       7) POP server port:                         7110
       8) POP server SSL port:                     7995
       9) POP proxy port:                          110
      10) POP SSL proxy port:                      995
      11) Bind password for nginx ldap user:       set
      12) Enable HTTP[S] Proxy:                    TRUE
      13) Web server HTTP port:                    8080
      14) Web server HTTPS port:                   8443
      15) HTTP proxy port:                         80
      16) HTTPS proxy port:                        443
      17) Proxy server mode:                       https
  8. Type r to return to the Main menu.

  9. When the proxy server is configured, return to the Main menu and type a to apply the configuration changes. Press Enter to save the configuration data.

  10. When Save Configuration data to a file appears, press Enter.

  11. The next request asks where to save the files. To accept the default, press Enter. To save the files to another directory, enter the directory and then press Enter.

  12. When The system will be modified - continue? appears, type y and press Enter.

  13. When Installation complete - press return to exit displays, press Enter.

The installation of the proxy server is complete.

Installing zimbra-archiving Package

Installing the zimbra-archiving package is optional. This package enables Zimbra Collaboration Archiving and Discovery, which offers:

  • Archiving, the ability to archive messages that were delivered to or sent by Zimbra 9.

  • Discovery, the ability to search across mailboxes.

The prerequisite to enabling archiving and discovery is the installation and configuration of the zimbra-archiving package on at least one mailbox server. The installation of this package provides discovery (also known as cross mailbox) search tool and sets the attributes that allow archiving to be enabled on the Zimbra 9 MTAs.

To enable archiving and discovery, select the zimbra-store and zimbra-archiving packages during your installation process. The zimbra-core package is installed by default.

Select the packages to install
Install zimbra-ldap [Y] N
Install zimbra-logger [Y] N
Install zimbra-mta [Y] N
Install zimbra-dnscache [N] N
Install zimbra-snmp [Y] N
Install zimbra-store [Y] Y
Install zimbra-apache [Y] N
Install zimbra-spell [Y] N
Install zimbra-convertd [N] N
Install zimbra-memcached [N] N
Install zimbra-proxy [N] N
Install zimbra-archiving [N] Y
Install zimbra-connect [Y] N
Install zimbra-drive [Y] N

Installing:
    zimbra-core
    zimbra-store
    zimbra-archiving
This system will be modified. Continue [N] Y

See the Zimbra Archiving and Discovery chapter in the Zimbra Collaboration Administration Guide for more information about configuring and archiving.

Installing the zimbra-SNMP Package

Installing the zimbra-snmp package is optional, but if you use SNMP monitoring, this package should be installed on each Zimbra 9 server.

In the Main menu, select zimbra-snmp to make changes to the default values. The following question is asked for SNMP configuration.

Configure whether to be notified by SNMP or SMTP. The default is No. If you enter yes, you must enter additional information.

  • For SNMP type the SNMP Trap host name.

  • For SMTP type the SMTP source email address and destination email address.

8) zimbra-snmp:                             Enabled
   +Enable SNMP notifications:              yes
   +SNMP Trap hostname:                     example.com
   +Enable SMTP notifications:              yes
   +SMTP Source email address:              admin@example.com
   +SMTP Destination email address:         admin@example.com

Final Set-Up

After the Zimbra 9 servers are configured in a multi-node configuration, the following functions must be configured:

  • In order for remote management and postfix queue management, the ssh keys must be manually populated on each server. See Set Up the SSH Keys.

  • If logger is installed, set up the syslog configuration files on each server to enable server statistics to display on the administration console, and then enable the logger monitor host. The server statistics includes information about the message count, message volume, and anti-spam and anti-virus activity. See Enabling Server Statistics Display.

  • Zimbra Collaboration ships a default zimbra user with a disabled password. It requires access to this account via ssh public key authentication. On most operating systems this combination is okay, but if you have modified spam rules to disallow any ssh access to disabled accounts then you must define a password for the zimbra UNIX account. This will allow ssh key authentication for checking remote queues. See Mail queue monitoring.

Set Up the SSH Keys

To populate the SSH keys, perform the following as the zimbra user (sudo su - zimbra) on each server:

zmupdateauthkeys

The key is updated in /opt/zimbra/.ssh/authorized_keys.

Enabling Server Statistics Display

In order for the server statistics to display on the administration console, the syslog configuration files must be modified.

Zimbra Collaboration supports the default syslog of a supported operating system. Depending on your operating system, the steps contained in this section might not be correct. See your operating system documentation for specific information about how to enable syslog.
  1. On each server, as root, type /opt/zimbra/libexec/zmsyslogsetup. This enables the server to display statistics.

  2. On the logger monitor host, you must enable either syslog or rsyslog to log statistics from remote machines:

syslog
  1. Edit the /etc/sysconfig/syslog file, add -r to the SYSLOGD_OPTIONS setting, SYSLOGD_options="-r -m 0".

  2. Stop the syslog daemon. Type /etc/init.d/syslog stop.

  3. Start the syslog daemon. Type /etc/init.d/syslog start.

syslog on Debian or Ubuntu
  1. Edit the /etc/default/syslogd file, add -r to the SYSLOGD_OPTIONS setting, SYSLOGD_options="-r -m 0"

  2. Stop the syslog daemon. Type /etc/init.d/sysklogd stop.

  3. Start the syslog daemon. Type /etc/init.d/sysklogd start.

rsyslog
  1. Uncomment the following lines in /etc/rsyslog.conf

    $modload imudp
    $UDPServerRun 514
  2. Restart rsyslog

rsyslog RHEL or CentOS

Uncomment the following lines in /etc/rsyslog.conf.

# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514

# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514

Spam/Ham Training on MTA servers

New installs of Zimbra 9 limit spam/ham training to the first MTA installed. If you uninstall or move this MTA, you will need to enable spam/ham training on another MTA, as one host should have this enabled to run zmtrainsa --cleanup. To do this, set zmlocalconfig -e zmtrainsa_cleanup_host=TRUE.

Verifying Server Configuration

When Configuration complete - press return to exit is displayed, the installation is finished and the server has been started. Before going to the next server, you should verify that the server is running.

Use the CLI command, zmcontrol status, to verify that each server is running. Perform the following on each server in your Zimbra Collaboration environment.

  1. Log on as root.

  2. Type su - zimbra.

  3. Type zmcontrol status. The services status information is displayed. All services should be running.

    If services are not started, you can type zmcontrol start. See the CLI command appendix in the Zimbra Collaboration Administration Guide for more zmcontrol commands.

Logging on to the Administration Console

  1. To log on to the administration console, open your browser, type the administration console URL and log on to the console. The administration console URL is entered as:

    • In case of Mailbox servers containing backend mailstore and UI services together (mailstore server + UI server), you can access the admin console directly using the link in the format https://<mailstore-hostname>:<zimbraAdminPort>. The default value of zimbraAdminPort is 7071.

    • In case of a deployment having even a single mailbox server running in Web Application server split mode, the admin console needs to be accessed strictly through the proxy using the link in the format https://<proxy-hostname>:<zimbraAdminProxyPort> after switching zimbraReverseProxyAdminEnabled to TRUE and restarting the proxy. The default value of zimbraAdminProxyPort is 9071.

    • The administration console address must be typed with https, even if you configured only http.

    • The first time you log on, a certificate authority (CA) alert may be displayed. Click Accept this certificate permanently to accept the certificate and be able connect to the Zimbra administration console. Then click OK.

  2. Enter the admin user name and password configured during the installation process. Enter the user name as admin@example.com.

Post Installation Tasks

Once Zimbra Collaboration is installed, if you installed the Zimbra 9 license, you can log on to the administration console and configure additional domains, create Classes of Service, and provision accounts. See the Zimbra Collaboration Administration Guide.

Defining Classes of Service

A default Class of Service (COS) is automatically created during the installation of Zimbra 9 software. The COS controls mailbox quotas, message lifetime, password restrictions, attachment blocking and server pools. You can modify the default COS and create new COSs to assign to accounts according to your group management policies.

In an environment with multiple mailbox servers, COS is used to assign the new accounts to a mailbox server. The COS server pool page lists the mailbox servers in your Zimbra 9 environment. When you configure the COS, select which servers to add to the server pool. Within each pool of servers, a random algorithm assigns new mailboxes to any available server.

To create or modify a COS, from the administration console, click COS. If you have questions, refer to the Help section.

Provisioning Accounts

You can configure one account at a time with the New Account Wizard or you can create many accounts at once using the Account Migration Wizard.

Configuring One Account

The administration console New Account Wizard steps you through the account information to be completed.

  1. From the administration console Navigation pane, click Accounts.

    Four accounts are listed: admin account, two spam training accounts, and a global Documents account. These accounts do not need any additional configuration.
  2. Click New. The first page of the New Account Wizard opens.

  3. Enter the account name to be used as the email address and the last name. This the only required information to create an account.

  4. You can click Finish at this point, and the account is configured with the default COS and global features.

    To configure aliases, forwarding addresses, and specific features for this account, proceed through the dialog before you click Finish.

    When the accounts are provisioned, these accounts can immediately start to send and receive emails.

Configuring Many Accounts at Once

You can provision multiple accounts at once using the Account Migration tool from the administration console. The wizard guides you through the steps to import accounts from an external directory server, either Active Directory or an LDAP server. The wizard downloads account information from your directory and creates the accounts in Zimbra 9.

Refer to the Zimbra Collaboration Administration Guide to learn more about provisioning accounts.

Import the Content of Users’ Mailboxes

Zimbra 9’s migration and import tools can be used to move users’ email messages, calendars, and contacts from their old email servers to their accounts on the Zimbra server. When the user’s files are imported, the folder hierarchy is maintained. These tools can be accessed from the administration console Download page and instruction guides are available from the Administration Console Help Desk.

Install/Upgrade Zimbra Drive NG

Performing these step installs/updates zimbra-docs as well.

  • As root run the below command:

    RHEL

    yum install zimbra-drive-ng

    Ubuntu

    apt-get install zimbra-drive-ng

  • Restart mailbox service as a zimbra user:

su - zimbra
zmmailboxdctl restart

Installing Zimlets for Modern Web App

These five zimlets are available.

  • Slack

  • Zoom

  • Dropbox

  • Google Drive

  • Onedrive

You have to install and configure them for users to integrate and use these zimlets. Once you are done installing the zimlet(s), you need to restart the mailbox service before configuring them.

Slack

  • As root run the below command:

    RHEL

    yum install zimbra-zimlet-slack

    Ubuntu

    apt-get install zimbra-zimlet-slack

  • Restart mailbox service as a zimbra user:

su - zimbra
zmmailboxdctl restart

Zoom

  • As root run the below command:

    RHEL

    yum install zimbra-zimlet-zoom

    Ubuntu

    apt-get install zimbra-zimlet-zoom

  • Restart mailbox service as a zimbra user:

su - zimbra
zmmailboxdctl restart

Dropbox

  • As root run the below command:

    RHEL

    yum install zimbra-zimlet-dropbox

    Ubuntu

    apt-get install zimbra-zimlet-dropbox

  • Restart mailbox service as a zimbra user:

su - zimbra
zmmailboxdctl restart

Google Drive

  • As root run the below command:

    RHEL

    yum install zimbra-zimlet-google-drive

    Ubuntu

    apt-get install zimbra-zimlet-google-drive

  • Restart mailbox service as a zimbra user:

su - zimbra
zmmailboxdctl restart

Onedrive

  • As root run the below command:

    RHEL

    yum install zimbra-zimlet-onedrive

    Ubuntu

    apt-get install zimbra-zimlet-onedrive

  • Restart mailbox service as a zimbra user:

su - zimbra
zmmailboxdctl restart

Please visit Configuring Zimlets for Modern Web App for instructions for on how to configure zimlets for Modern Web App users.

Ephemeral Data Migration

Versions of Zimbra 9 prior to 9.0.0 stored ephemeral data in LDAP. Examples of ephemeral data include:

  • zimbraAuthTokens

  • zimbraCsrfTokenData

  • zimbraLastLogonTimestamp

Zimbra Collaboration version 9.0.0 introduced the ability to store ephemeral data in an external service such as SSDB. This is an optional feature; however, it can improve LDAP performance and stability.

Please refer to the Zimbra Collaboration Administration Guide for more information. Migration of ephemeral data out of LDAP and into SSDB must be performed after an install or upgrade has been completed.

Uninstalling Zimbra Collaboration

To uninstall servers, run the install script with the -u option. Then delete the /opt/zimbra directory and remove the Zimbra 9 tgz file on the servers.

  1. Change directories to the original install directory for the zcs files.

  2. Type ./install.sh -u.

  3. When Completely remove existing installation? is displayed, type Yes.

    The Zimbra 9 servers are stopped, the existing packages, the webapp directories, and the /opt/zimbra directory are removed.

  4. Delete the zcs directory, type rm -rf [zcsfilename].

  5. Delete the zcs.tgz file, type rm -rf zcs.tgz.

  6. Additional files may need to be deleted. See Uninstall Zimbra on Linux.

Adding a Mailbox Server to a Single Server Configuration

In the Zimbra Collaboration single server environment, the LDAP, MTA, and mailbox services are on one machine. This chapter explains how to add a new machine that is configured as a mailbox server to a single server configuration and how to remove the mailbox server from the single server node.

Setup Requirements For Adding a Mailbox Server

  • The new machine you are adding must have the same operating system, including the latest version and patch levels, as installed on the single server.

  • The system clock must be configured with the same time on both machines.

  • You must install the same version of the Zimbra Collaboration software that is installed on the single server node.

  • A copy of the Zimbra Collaboration license needs to be added to a directory on the new machine.

  • You are adding a proxy to Zimbra Collaboration, this should be installed on the existing single-server before you set up the new mailbox server. See Installing Zimbra Proxy.

Overview of Process

  • Zimbra 9 Mailbox Server is installed on the prepared machine.

  • Customized configuration for the single-server, such as custom themes and Zimlets are added to the new mailbox server.

  • Commercial SSL certificates are added to the new mailbox server.

  • User accounts are moved from the single server to the new mailbox server.

  • If you are moving all accounts from the single server, the mailbox server is stopped on the single server machine.

Configuring the Mailbox Server

The host name and zmhostname configured on the mailbox server are the same as on the single server.

Make sure you know the LDAP master password as you configure it on the sever that is being added. To find the master LDAP password on the single server node, type:

zmlocalconfig -s zimbra_ldap_password
If you are installing the Zimbra 9 proxy or MTA on the new node, you will also need to record the following:
  • Bind password for postfix ldap user

  • Bind password for amavis ldap user

  • Bind password for nginx ldap user

    zmlocalconfig -s | grep -E '(amavis|nginx|postfix)_password'
Before you begin make sure you have an up-to-date backup!
  1. Follow steps 1 through 4 in Starting the Installation Process to log on to the server as root and unpack the Zimbra 9 software.

  2. Type Y for each package you are installing.

    • Install zimbra-store, and zimbra-spell (optional) packages. When zimbra-spell is installed, the zimbra-apache package also is installed.

    • If zimbra-proxy is configured, install memcached.

    • The zimbra-logger package is installed only on one mailbox server. If you are moving all mailboxes to this server from the original single server, install the zimbra-logger package.

    • If Archive and Discovery is installed on the single-server node, install zimbra-archiving on the new mailbox server.

      If SNMP is being used, type Y for zimbra-snmp. If SNMP is used, it is installed on every Zimbra 9 server.
  3. Type Y, and press Enter to modify the system. The selected packages are installed on the server.

    The Main menu displays the default entries for the Zimbra 9 component you are installing.
  4. Type 1 and press Enter to go to the Common Configuration menu.

    The mailbox server hostname is displayed. You must change the LDAP master host name and password to be the values configured on the single- server node.
    • Type 2, press Enter, and type the LDAP host name.

    • Type 4, press Enter, and type the LDAP password.

      After you set these values, the server immediately contacts the LDAP server. If it cannot contact the server, you cannot proceed.
    • Type 6 to set the correct time zone.

  5. Type r to return to the Main menu.

  6. From the Main menu, type 2 to go to the Store configuration menu.

    • Type 2 to set Create Admin User to No.

    • Type the corresponding number to set the SMTP host. This is the mta-server host name.

    • Type the corresponding number if you want to change the default web server mode.

    • If you are setting up IMAP/POP proxy servers, type the corresponding number to enable the servers.

    • If the zimbra-proxy is used and is installed on another server, configure the following menu options

      • Configure for use with mail proxy

      • Configure to use with web proxy

        Set either or both of these to TRUE if you are going to set up zimbra-proxy.
    • Type the corresponding menu number to install the Zimbra Collaboration license file. Enter the location of the license file. For example, if you saved the license file to the tmp directory, you would type /tmp/ZCSLicense.xml. You cannot proceed without a license file.

    • If you are setting up proxy servers, type the corresponding number to enable the servers. When you enable these, IMAP/POP/HTTP server port numbers and proxy port numbers are automatically changed. See Configuration during installation.

  7. When the mailbox server is configured, return to the Main menu and type a to apply the configuration changes. Press Enter to save the configuration data.

  8. When Save Configuration data to a file appears, press Enter.

  9. The next request asks where to save the files. To accept the default, press Enter. To save the files to another directory, enter the directory and then press Enter.

  10. When The system will be modified - continue? appears, type y and press Enter.

    The server is modified. Installing all the components and configuring the mailbox server can take a few minutes. This includes installing SSL certificates, setting passwords, setting ports, installing skins and Zimlets, setting time zone preferences, and starting the servers, among other processes.
  11. When Configuration complete - press return to exit displays, press Enter.

The installation of the mailbox server is complete.

Adding Customized Features

Any customizing of themes, or Zimlets, and any signed certificates stored on the single-server must be added to the new mailbox server. See the Zimbra Collaboration Administration Guide for information about adding the customized features.

Testing the Configuration

To make sure that the new mail store server is correctly configured, create a new user on the new mailbox server and log into the account to verify that your configuration is correct. See Provisioning Accounts.

Move Mailboxes

The command, zmmboxmove, is run to move user accounts from the mailbox server on the single-sever node to the new mailbox server.

You can set global options to exclude items from the mailbox move. See the Zimbra Collaboration Administration Guide User Accounts chapter for more information about the mailbox move feature.

Move the following types of mailboxes:

  • User accounts.

  • Admin mailboxes. If you do not move the admin mailbox, you cannot log into the Zimbra Collaboration Web Client.

  • Spam and ham mailboxes.

If you were using Archive and Discovery on the single server mailbox, move the archival mailboxes as well.

Move Mailboxes Using CLI zmmboxmove

  1. To move a mailbox to a new server

    zmmboxmove -a <email@address> --from <servername> --to <servername>
  2. To verify that the content of the mailbox was moved successfully, go to the administration console, select the account that was moved. Click View Mail on the toolbar. When the account opens, verify that the account’s content is displayed and can be opened.

  3. Purge the mailbox from the old server:

    zmpurgeoldmbox -a <email@address> -s <oldservername>

Turn Off Mailbox Server on Single-Server Node

When all mailboxes have moved from the single-server node to the new mailbox server node, disable the Mailbox services on the original single-server machine.

  1. On the original single-server node, disable the following mailbox server components:

    mailbox

    zmprov -l ms <singleserver.com> -- -zimbraServiceEnabled mailbox

    logger

    zmprov -l ms <singleserver.com> -- -zimbraServiceEnabled logger

    stats

    zmprov -l ms <singleserver.com> -- -zimbraServiceEnabled stats

    spell

    zmprov -l ms <singleserver.com> -- -zimbraServiceEnabled spell

    convertd

    zmprov -l ms <singleserver.com> -- -zimbraServiceEnabled convertd

    • If archiving was installed, disable it as well:

      zmprov -l ms <singleserver.com> -- -zimbraServiceEnabled archiving
  1. After the mailbox services are disabled, verify that antispam, antivirus, ldap, mta, snmp, proxy, and memcached are the only services on the original single-server node.

    zmprov -l gs <singleserver.com> | grep -i serviceenabled

Configuring Multi-Master Replication

Set up multi-master LDAP replication to have a copy of the LDAP database saved on each server in a group of LDAP servers identified for multi-master replication (MMR). The database can be updated by any member of the group. If one master fails, the other masters continue to update the database.

The Zimbra 9 install program is used to configure the multi-master LDAP servers. Each master LDAP server is given an unique identifier when they are configured and zmlocalconfig is used to add the ldap server to the multi- master group.

You can also promote an existing replica to be part of the multi-master group.

Managing Multiple Master LDAP Servers

When you enable multi-master replication, you assign a server ID to each master server to identify them in the group. This is used to distinguish the servers in the group and to help resolve conflicts that might occur.

In addition, each server is configured to assign internal replication ID’s that are unique to that specific server. Other LDAP master server can use the same replication ID, but within the server, these replication IDs must be unique.

You can run the Zimbra 9 multiple master CLI, zmldapquery-mmr from a specific master to see the server ID for that master and all multi-master servers that are in the group and to see the replication ID values for those masters.

On the server, enter the command as:

/opt/zimbra/libexec/zmldapquery-mmr

Before you can enable the multi-master replication feature, you must know the hostname of the first secondary master that is being added to the group. The hostname is entered when you enable the feature. Once you enable the multi- master replication feature, you do not need to run the command again.

When zmlocalconfig is run the first time, the master LDAP servers are configured as follows:

  • The first master LDAP server ID is set to 1.

  • The master LDAP server is put in a group with a secondary master that is listening to LDAP on port 389.

  • The replication ID is set to 100 by default on the secondary master.

  • Writes initiated from the server go to the LDAP master-1 by default. If LDAP master-1 is down, writes move to ldap master-2.

    1. To enable the feature run:

      ./libexec/zmldapenable-mmr -s 1 -m ldap://<<master-2.example.com>>:389/
    2. Once the feature is enabled use the zmlocalconfig command to add the LDAP servers to a group.

      zmlocalconfig -e ldap_master_url="ldap://<<master-1.example.com>>:389 ldap://<<master-2.example.com>>:389"

Installing a Secondary Master LDAP Server

The master LDAP server must be running when you install the secondary LDAP servers. You run the Zimbra 9 install program on the secondary master LDAP servers to install the LDAP package.

Passwords Required to Install the Secondary Master

Before you install a secondary master, you must know the following passwords:

  • Zimbra 9 admin LDAP password

  • LDAP replication password

  • NGINX LDAP password

  • Amavis LDAP password

  • Postfix LDAP password

To find these passwords, on the Zimbra 9 server run:

zmlocalconfig -s | grep passw | grep ldap

Setting Up a Secondary Master LDAP Server

  1. Follow steps 1 through 4 in Starting the Installation Process to open a SSH session to the LDAP server, log on to the server as root, and unpack the Zimbra 9 software.

  2. Type Y and press Enter to install the zimbra-ldap package.

  3. Type Y, and press Enter to modify the system. The selected packages are installed. The Main menu shows the default entries for the LDAP server.

  4. Type 1 to display the Common Configuration submenu.

    1. Type 2 to change the LDAP Master host name to the name of the primary master’s hostname; e.g., master-1.example.com.

    2. Type 4 to change the LDAP admin password to the Zimbra 9 admin password of the primary master.

    3. Type r to return to the main menu.

  5. Type 2 to display the LDAP configuration submenu.

    1. Type 4 to change the type to mmr.

      Item 5, LDAP Server ID, is set to 2. If this is the second master, leave it unchanged. If it the third or later master, select 5 and update the server ID accordingly.

      The next four steps are to change the default passwords on this server to match the passwords on the master-1 LDAP server.

    2. Type 7 to change the LDAP replication password.

    3. Type 8 to change the LDAP postfix password.

    4. Type 9 to change the LDAP amavis password.

    5. Type 10 to change the LDAP NGINX password.

    6. Type r to return to the main menu.

  6. Type a to apply the configuration changes. Press Enter to save the configuration data.

  7. When Save Configuration data to a file appears, press Enter.

  8. When The system will be modified - continue? appears, type y and press Enter.

    The server is modified. Installing all the components and configuring the server can take a few minutes.
  9. When Installation complete - press return to exit displays, press Enter. The installation is complete.

  10. Update the ldap_master_url attribute to contain both masters, enter this new master as the first master in the list.

    zmlocalconfig -e ldap_master_url="ldap://<<master-2.example.com>>:389 ldap://<<master-1.example.com>>:389"

Promote Existing Replicas to Multi-Master LDAP Servers

In an existing Zimbra 9 setup where there is already a single master and multiple replicas, you can promote an existing replica to become a secondary master.

  1. On the master LDAP server find the LDAP replication, Postfix, Amavis, and NGINX passwords.

    zmlocalconfig -s | grep passw | grep ldap
  2. Change the LDAP passwords on the server you are promoting to be the same as the first master LDAP server.

    • LDAP replication password = zmldappasswd -l <password>

    • LDAP postfix password = zmldappasswd -p <password>

    • LDAP amavis password = zmldappasswd -a <password>

    • LDAP NGINX password = zmldappasswd -n <password>

  3. Assign the next Server ID to this master. This example is 3

    /opt/zimbra/libexec/zmldappromote-replica-mmr -s 3
  4. Update the ldap_master_url attribute to add the master to the list.

    zmlocalconfig -e ldap_master_url="ldap://<<master-1.example.com>>:389 \
      ldap://<<master-2.example.com>>:389 ldap://<<master-3.example.com>>:389"

This updates the replica to be a multi-master replica, enabled with a server ID. It is automatically configured to be a paired master with the master it was previously replicating from.

Deleting a Multi-Master Replication Node

To delete a multi-master replication (MMR) node, use the following steps.

Deleting an MMR node can only be performed in Zimbra Collaboration 8.0.7 and later.
  1. Update the ldap_master_url and ldap_url on every node, removing the LDAP MMR node that will be shut down.

  2. Wait 5-10 minutes to ensure the modification is in place.

  3. Monitor /var/log/zimbra.log on the MMR node that will be shut down and confirm it is no longer receiving modification traffic.

  4. Run ldap stop on the MMR node that is being shut down.

  5. Log into the remaining MMR nodes and perform the following:

    1. /opt/zimbra/libexec/zmldapmmrtool -q

    2. Find the matching RID for the MMR node you shut down.

    3. /opt/zimbra/libexec/zmldapmmrtool -d -o RID

Example of Deleting an MMR Node

The following is an example of using zmldapmmrtool.

  1. There are three MMR servers, ldap-1.example.com, ldap-2.example.com, ldap-3.example.com, with ldap-3.example.com being shut down.

    zimbra@ldap-1:/tmp/mmr$ ./zmldapmmrtool -q
    Master replication information
    Master replica 1
    rid: 100 URI: ldap://ldap-2.example.com:389/ TLS: critical Master replica 2
    rid: 101 URI: ldap://ldap-3.example.com:389/ TLS: critical
  2. The RID being used by ldap-3.example.com is 101. This agreement can be deleted with:

    zimbra@ldap-1:/tmp/mmr$ ./zmldapmmrtool -d -o 101
  3. Confirm the deletion.

    zimbra@ldap-1:/tmp/mmr$ ./zmldapmmrtool -q
    Master replication information
    Master replica 1
    rid: 100 URI: ldap://ldap-2.example.com:389/ TLS: critical zimbra@ldap-1:/tmp/mmr
  4. Repeat on the remaining node(s).

Monitoring Multiple LDAP Master Status

The Monitoring LDAP Replication Status feature monitors the change sequence number (CSN) values between an LDAP master server and an LDAP replica server. The replica server is considered a shadow copy of the master server. If the servers become out of sync, the monitoring feature indicates the problem. The out of sync time period is typically five minutes, although this value is configurable.

Feature Requirement

Run the script zmreplchk located in /opt/zimbra/libexec.

This script must be run on a Zimbra 9 server that has a localconfig value set for ldap_url that includes all of the master servers.

Error Codes and Status Explanations

The following monitoring error codes and status explanations are given with this feature:

Error Code Status Description

0

In Sync

The servers are currently in sync.

1

No contact

No connection to the master server and the system exits.

2

Stand-alone

The master server has no replica servers and is considered a standalone master server.

3

Could not execute StartTLS

The replica server requires StartTLS and fails.

4

Server down

The replica server is currently down.

5

Unable to search

Searching the replica server for the context CSN fails.

6

Xw Xd Xh Xm Xs behind

The replica server becomes out of sync. Status indicates amount of time the replica server is behind the master server in w=weeks, d=days, h=hours, m=minutes, and s=seconds.

For example, ldap-2.example.com is the master server, and ldap-3.example.com and ldap-4.example.com are additional servers. The following screen-shot shows the additional master servers are in sync with the master server, as indicated by the Code:0 and Status: In Sync, and master server ldap005 is currently down, as indicated by Code: 4 and Status: Server down.

zimbra@ldap-2.example.com
Master: ldap://ldap-3.example.com:389 Code: 0 Status: In Sync CSN: 20120528123456.123456Z#000000#001#000000
Master: ldap://ldap-4.example.com:389 Code: 0 Status: In Sync CSN: 20120528123456.123456Z#000000#001#000000
Master: ldap://ldap-5.example.com:389 Code: 4 Status: Server down

Configuring LDAP Replication

Configuring LDAP Replication Overview

Setting up LDAP replication lets you distribute Zimbra 9 server queries to specific replica LDAP servers. Only one master LDAP server can be set up. This server is authoritative for user information, server configuration, etc. Replica LDAP servers can be defined to improve performance and to reduce the load on the master server. All updates are made to the master server and these updates are copied to the replica servers.

The Zimbra 9 install program is used to configure a master LDAP server and additional read-only replica LDAP servers. The master LDAP server is installed and configured first, following the normal Zimbra 9 installation options. The LDAP replica server installation is modified to point the replica server to the LDAP master host.

When the master LDAP server and the replica LDAP servers are correctly installed, the following is automatically configured:

  • SSH keys are set up on each LDAP server.

  • Trusted authentication between the master LDAP and the LDAP replica servers is set up.

  • The content of the master LDAP directory is copied to the replica LDAP server. Replica LDAP servers are read-only.

  • Zimbra 9 servers are configured to query the replica LDAP server instead of the master LDAP server.

Installing Zimbra Master LDAP Server

You must install the master LDAP server before you can install replica LDAP servers. Refer to Installing Zimbra 9 LDAP Master Server for master LDAP server installation instructions. After the installation of the master LDAP server has completed, continue to Enable Replication on the LDAP Master.

Enable Replication on the LDAP Master

On the master LDAP server, as the zimbra user, type: /opt/zimbra/libexec/ zmldapenablereplica and press Enter. This enables replication on the LDAP Master.

Installing a Replica LDAP Server

The master LDAP server must be running when you install the replica server. You run the Zimbra 9 install program on the replica server to install the LDAP package.

Follow steps 1 through 4 in Starting the Installation Process to open a SSH session to the LDAP server, log on to the server as root, and unpack the Zimbra 9 software.

  1. Type Y and press Enter to install the zimbra-ldap package. In the screen shot below, the package to be installed is emphasized.

    Select the packages to install
    Install zimbra-ldap [Y] y
    Install zimbra-logger [Y] n
    Install zimbra-mta [Y] n
    Install zimbra-dnscache [N] n
    Install zimbra-snmp [Y] n
    Install zimbra-store [Y] n
    Install zimbra-apache [Y] n
    Install zimbra-spell [Y] n
    Install zimbra-convertd [N] n
    Install zimbra-memcached [Y] n
    Install zimbra-proxy [Y] n
    Installing:
        zimbra-core
    zimbra-ldap
    This system will be modified. Continue [N] Y
  2. Type Y, and press Enter to modify the system. The selected packages are installed. The Main menu shows the default entries for the LDAP replica server. To expand the menu type X and press Enter.

    Main menu
    
      1) Common Configuration:
      2) zimbra-ldap:                               Enabled
      .
      .
      .
      .
      r) Start servers after configuration          yes
      s) Save config to file
      x) Expand menu
      q) Quit
    
    *** CONFIGURATION COMPLETE - press 'a' to apply
    Select from menu, or press 'a' to apply config (? - help)
  3. Type 1 to display the Common Configuration submenus.

    Common Configuration:
    
      1) Hostname:                                  ldap-1.example.com
      2) Ldap master host:                          ldap-1.example.com
      3) Ldap port:                                 389
      4) Ldap Admin password:                       set
      5) Store ephemeral attributes outside Ldap: no
      6) Secure interprocess communications:        Yes
      7) TimeZone:                                  (GMT-08.00) Pacific Time (US & Canada)
  4. Type 2 to change the Ldap Master host name to the name of the Master LDAP host.

  5. Type 3, to change the Ldap port to the same port as configured for the Master LDAP server.

  6. Type 4 and change the Ldap Admin password to the Master LDAP admin password, then type r to return to the main menu.

  7. Type 2 to display the LDAP configuration submenu.

    Ldap configuration
    
      1) Status:                                    Enabled
      2) Create Domain:                             no
      3) Ldap Root password:                        set
      4) Ldap Replication password:                 set
      5) Ldap Postfix password:                     set
      6) Ldap Amavis password:                      set
      7) Ldap Nginx password:                       set
    1. Type 2 and change Create Domain to no.

    2. Type 4 for LDAP replication password and enter the same password to match the value on the Master LDAP Admin user password for this local config variable.

      All passwords must be set to match the master ldap admin user password. To determine this value on the master LDAP server, run zmlocalconfig -s ldap_replication_password

      If you have installed Zimbra 9 MTA on the LDAP server, configure the Amavis and the Postfix passwords. To find these values, issue the following commands:

      zmlocalconfig -s ldap_amavis_password
      zmlocalconfig -s ldap_postfix_password
  8. When the LDAP server is configured, type a to apply the configuration changes. Press Enter to save the configuration data.

    Select, or press 'a' to apply config (? - help) a
    Save configuration data? [Yes]
    Save config in file: [/opt/zimbra/config.2843]
    Saving config in /opt/zimbra/config.2843...Done
    The system will be modified - continue? [No] y
    Operations logged to /tmp/zmsetup.log.2843
    Setting local config zimbra_server_hostname to [ldap.example.com]
    .
    Operations logged to /tmp/zmsetup.log.2843
    Installation complete - press return to exit
  9. When Save Configuration data to a file appears, press Enter.

  10. When The system will be modified - continue? appears, type y and press Enter.

    The server is modified. Installing all the components and configuring the
    server can take a few minutes.
  11. When Installation complete - press return to exit displays, press Enter.

    The installation on the replica LDAP server is complete. The content of the master LDAP directory is copied to the replica LDAP server.

Test the Replica

  1. Create several user accounts, either from the admin console or on the master LDAP server. The CLI command to create these accounts is

    zmprov ca <name@domain.com> <password>

    If you do not have a mailbox server setup, you can create domains instead. Use this CLI command to create a domain

    zmprov cd <domain name>
  2. To see if the accounts were correctly copied to the replica LDAP server, on the replica LDAP server, type zmprov -l gaa. Type zmprov gad to check all domains. The accounts/domains created on the master LDAP server should display on the replica LDAP server.

In cases where the mailbox server is not setup, you can also use the following command for account creation.

zmprov ca <name@domain> <password> zimbraMailTransport <where_to_deliver>

Configuring Zimbra 9 Servers to Use LDAP Replica

To use the replica LDAP server instead of the master LDAP server, you must update the ldap_url value on the Zimbra 9 servers that will query the replica instead of the master. For each server that you want to change:

  1. Stop the Zimbra 9 services on the server. Type zmcontrol stop.

  2. Update the ldap_url value. Enter the replica LDAP server URL

    zmlocalconfig -e ldap_url="ldap://<replicahost> ldap://<masterhost>"

    Enter more than one replica hostnames in the list typed as

    "ldap://<replicahost1> ldap://<replicahost2> ldap://<masterhost>"

    The hosts are tried in the order listed. The master URL must always be included and is listed last.

  3. Update the ldap_master_url value. Enter the master LDAP server URL, if not already set.

    zmlocalconfig -e ldap_master_url=ldap://<masterhost>:port

IMPORTANT:

Additional Steps for MTA hosts. After updating the ldap_url, rerun /opt/zimbra/ libexec/zmmtainit. This rewrites the Postfix configuration with the updated ldap_url.

Uninstalling an LDAP Replica Server

If you do not want to use an LDAP replica server, follow these steps to disable it.

Uninstalling an LDAP server is the same as disabling it on the master LDAP server.

Remove LDAP Replica from All Active Servers

  1. On each member server, including the replica, verify the ldap_url value. Type zmlocalconfig [ldap_url].

  2. Remove the disabled LDAP replica server URL from zmlocalconfig. Do this by modifying the ldap_url to only include enabled Zimbra 9 LDAP servers.

    The master LDAP server should always be at the end of the ldap_url string value.
    zmlocalconfig -e ldap_url="ldap://<replica-server-host> ldap://<master-server-host>"

Disable LDAP on the Replica

To disable LDAP on the replica server:

  1. Type zmcontrol stop to stop the Zimbra 9 services on the server.

  2. To disable LDAP service, type

    zmprov -l ms <zmhostname> -zimbraServiceEnabled ldap
  3. Type zmcontrol start to start other current Zimbra 9 services on the server.

IMPORTANT:

Additional steps for MTA host. After updating the ldap_url with zmlocalconfig, rerun /opt/zimbra/libexec/zmmtainit. This rewrites the Postfix configuration with the updated ldap_url.

Monitoring LDAP Replication Status

The Monitoring LDAP Replication Status feature monitors the change sequence number (CSN) values between an LDAP master server and an LDAP replica server. The replica server is considered a shadow copy of the master server. If the servers become out of sync, the monitoring feature indicates the problem. The out of sync time period is typically five minutes, although this value is configurable.

Feature Requirement

Run the script zmreplchk located in /opt/zimbra/libexec.

This script must be run on a Zimbra 9 server that has a localconfig value set for ldap_url that includes all of the replica servers and ends with the master server.

Error Codes and Status Explanations

The following monitoring error codes and status explanations are given with this feature:

Error Code Status Description

0

In Sync

The servers are currently in sync.

1

No contact

No connection to the master server and the system exits.

2

Stand-alone

The master server has no replica servers and is considered a standalone master server.

3

Could not execute StartTLS

The replica server requires StartTLS and fails.

4

Server down

The replica server is currently down.

5

Unable to search

Searching the replica server for the context CSN fails.

6

Xw Xd Xh Xm Xs behind

The replica server becomes out of sync. Status indicates amount of time the replica server is behind the master server in w=weeks, d=days, h=hours, m=minutes, and s=seconds.

For example, ldap-2.example.com is the master server, and ldap-3.example.com and ldap-4.example.com are replicas servers. The following screen-shot shows that replica server ldap-3 is in sync with the master server, as indicated by the Code:0 and Status: In Sync, and replica server ldap-4 is currently down, as indicated by Code: 4 and Status: Server down.

zimbra@ldap-2.example.com
Replica: ldap://ldap-3.example.com:389 Code: 0 Status: In Sync
Replica: ldap://ldap-4.example.com:389 Code: 4 Status: Server down

If the replica server becomes out of sync with the master server, the status given indicates in a time format how far behind the master server it has become:

Replica: ldap://ldap-3.example.com:389 Code: 0 Status: In Sync
Replica: ldap://ldap-4.example.com:389 Code: 6 Status: 0w 0d 0h 14m 42s behind

System Requirements for Zimbra Collaboration

Servers

Evaluation and Testing

  • Intel/AMD w/ PassMark CPU Mark > 7,500 (e.g., Intel Xeon E-224G @ 3.5GHz = 9,913)

  • RAM requirements:

    • For single server installations, Zimbra 9 requires a minimum of 8GB of RAM.

    • For multi-server installations, contact Zimbra sales for recommendations.

  • 50 GB free disk space for software and logs

  • Temp file space for installs and upgrades*

  • Additional disk space for mail storage

Production environments

  • Intel/AMD w/ PassMark CPU Mark > 15,000 (e.g., AMD EPYC 7401P @ 2.0GHz = 18,199)

  • RAM requirements:

    • For single server installations, Zimbra 9 requires a minimum of 8GB of RAM.

    • For multi-server installations, contact Zimbra sales for recommendations.

  • Temp file space for installs and upgrades*

  • 100 GB free disk space for software and logs (SATA or SCSI for performance, and RAID/Mirroring for redundancy)

  • Additional disk space for mail storage

  • Temp files space: The zimbra-store requires 5GB for /opt/zimbra, plus additional space for mail storage. The other nodes require 100MB.

General Requirements

  • Set the firewall configuration to No firewall.

  • We do not recommend RAID-5 for installations with more than 100 accounts.

Cloud platforms

The following Cloud Platforms are supported:

  • Oracle Cloud

  • VMware vCloud Director

  • VMware vCloud Air

Operating System

The following operating systems are supported:

  • Red Hat® Enterprise Linux® 7 (64-bit)

  • CentOS Linux® 7 (64-bit)

  • Red Hat Enterprise Linux 6 (64-bit), patch level 4 or later is required

  • CentOS Linux 6 (64-bit), patch level 4 or later is required

  • Oracle Linux 7.2

  • Oracle Linux 6.6

  • Ubuntu 16.04 LTS Server Edition (64-bit)

  • Ubuntu 18.04 LTS Server Edition (64-bit), starting from Zimbra Collaboration 8.8.12 and above

Virtualization

The following hypervisors are supported:

  • VMware vSphere 6.5 or 6.7 (to March 2020)

  • Citrix Hypervisor (XenServer) 7.1 LTSR, 8.0

  • KVM

File Systems

The following file systems are supported:

  • XFS

  • ext3 or ext4 file systems for Linux deployments

  • NFS for backup only

Other Dependencies

Netcat (nc) is required on all operating systems using Zimbra Collaboration. Install the nc utility before installation or upgrading.

For SUSE and Ubuntu systems, disable AppArmor and verify that the AppArmor service is not running before installing Zimbra Collaboration.

For Red Hat Enterprise, Fedora Core and SUSE operating systems, the server must also have the following installed:

  • NPTL. Native POSIX Thread Library

  • Sudo. Superuser, required to delegate admins.

  • libidn. For internationalizing domain names in applications (IDNA)

  • GMP. GNU Multiple-Precision Library.

For Ubuntu 16 and 18:

  • Sudo

  • libidn11

  • libpcre3

  • libexpat1

  • libgmp3c2

Miscellaneous

  • SSH client software to transfer and install the Zimbra Collaboration software.

  • Valid DNS configured with an A record and MX record.

  • Servers should be configured to run Network Time Protocol (NTP) on a scheduled basis.

Administrator Computers

NOTE: Other configurations may work.

The following operating system/browser combinations are supported:

Windows 8.1 or Windows 10 with one of the following:

  • Microsoft support is only available for Internet Explorer 11 or Microsoft Edge

    • IE11 and higher for Windows 8.1

    • IE11 or Microsoft Edge for Windows 10

  • The latest stable release of:

    • Firefox

    • Safari

    • Google Chrome

IE11 is not supported when using Zimbra 9 Connect. Zimbra 9 Connect requires webRTC support which IE doesn’t provide yet.

MacOS 10.12 or later with one of the following:

  • The latest stable release of:

    • Firefox

    • Safari

    • Google Chrome

Linux (Red Hat, Ubuntu, Fedora, or SUSE) with one of the following:

  • The latest stable release of:

    • Firefox

    • Google Chrome

Administrator Console Monitor

Display minimum resolution 1024 x 768

End User Computers using Zimbra 9 Web Client

NOTE: Other configurations may work.

For Zimbra 9 Web Client - Classic & Modern version

Minimum

  • Intel/AMD w/ PassMark CPU Mark > 2,000 (e.g., Intel Core i3-7020U @ 2.30GHz = 2,434)

  • 2GB RAM

Recommended

  • Intel/AMD w/ PassMark CPU Mark > 4,000

  • 4GB RAM

The following operating system/browser combinations are supported:

Windows 8.1 or Windows 10 with the latest stable release of one of the following:

  • Google Chrome

  • Firefox

  • Microsoft Edge

MacOS 10.13 or newer with the latest stable release of one of the following:

  • Google Chrome

  • Firefox

  • Safari

Linux (Red Hat, Ubuntu, Fedora, or SUSE) with the latest stable release of one of the following:

  • Google Chrome

  • Firefox

Mobile Devices using Zimbra 9 Web Client

Zimbra 9 9.0.0 supports mobile web browsers using the Modern Web App only.

The following operating system/browser combinations are supported:

Apple-supported iPhone and iPad models with their latest iOS version and with the latest stable release of one of the following:

  • Safari

  • Chrome

  • Firefox

Phones or tablets running an up-to-date version of Android still supported by Google with the latest stable release of one of the following:

  • Android Browser

  • Chrome

  • Firefox

End User Computers Using Other Clients

Minimum

  • Intel/AMD w/ PassMark CPU Mark > 2,000

  • 2G RAM

Recommended

  • Intel/AMD w/ PassMark CPU Mark > 4,000

  • 4GB RAM

Operating system POP/IMAP combinations

  • Windows 10 with Windows Mail, Outlook 2016 and above (MAPI), or the latest stable Thunderbird

  • Fedora 31 or later with the latest stable Thunderbird

  • MacOS 10.12 or later with Apple Mail

Exchange Web Services

EWS Clients

  • Outlook 2016/2019 (MAC only)

  • Apple Desktop Clients (macOS 10.12+)

EWS Interoperability

  • Exchange 2010+

Monitor

Display minimum resolution: 1024 x 768

Internet Connection Speed

1 mbps or higher

Zimbra 9 Connector for Outlook

Operating System

  • Windows 10

Microsoft Outlook

  • Outlook 2019: 32-bit and 64-bit editions of Microsoft Office, including Click to run.

  • Outlook 2016: 32-bit and 64-bit editions of Microsoft Office, including Office365 and Click to run versions.

Zimbra 9 Mobile

Mobile (MobileSync) provides mobile data access to email, calendar, and contacts for users of selected mobile operating systems, including:

Smartphone Operating Systems:

  • iOS versions currently supported by Apple; as of March 2020 those are iOS12 & iOS13

  • Android versions currently supported by Google; as of March 2020 those are 8.0 and above

  • Windows Mobile no longer supported (EOL 10 December 2019)

Available Languages

This section includes information about available languages, including End User Translations and Administrator Translations.

End User Translations

Component Category Languages

Zimbra 9 Classic Web App

Application/UI

Arabic, Basque (EU), Chinese (Simplified PRC and Traditional HK), Danish, Dutch, English (AU, UK, US), French, French Canadian, German, Hindi, Hungarian, Italian, Japanese, Korean, Malay, Polish, Portuguese (Brazil), Portuguese (Portugal), Romanian, Russian, Spanish, Swedish, Thai, Turkish, Ukrainian

Zimbra 9 Modern Web App

Application/UI

Chinese (China), English (US), French (France), German, Hindi, Indonesian, Italian, Japanese, Portuguese (Portugal), Spanish, Thai

Zimbra 9 Classic Web App - Online Help (HTML)

Feature Documentation

Dutch, English, Spanish, French, Italian, Japanese, German, Portuguese (Brazil), Chinese (Simplified PRC and Traditional HK), Russian

Zimbra 9 Modern Web App - Online End User Guide (HTML)

Feature Documentation

English

Zimbra 9 Classic Web App - End User Guide (PDF)

Feature Documentation

English

Zimbra 9 Connector for Microsoft Outlook

Installer + Application/UI

Arabic, Basque (EU), Chinese (Simplified PRC and Traditional HK), Danish, Dutch, English (AU, UK, US), French, French Canadian, German, Hindi, Hungarian, Italian, Japanese, Korean, Malay, Polish, Portuguese (Brazil), Portuguese (Portugal), Romanian, Russian, Spanish, Swedish, Thai, Turkish, Ukrainian

Zimbra 9 Connector for Microsoft Outlook - End User Guide (PDF)

Feature Documentation

English

Administrator Translations

Component

Category

Languages

Zimbra 9 Admin Console

Application

Arabic, Basque (EU), Chinese (Simplified PRC and Traditional HK), Danish, Dutch, English (AU, UK, US), French, French Canadian, German, Hindi, Hungarian, Italian, Japanese, Korean, Malay, Polish, Portuguese (Brazil), Portuguese (Portugal), Romanian, Russian, Spanish, Swedish, Turkish, Ukrainian

Zimbra 9 Admin Console Online Help (HTML)

Feature Documentation

English

"Documentation" Install + Upgrade / Admin Manual / Migration / Import / Release Notes / System Requirements

Guides

English

Zimbra 9 Connector for Microsoft Outlook - Admin Guide (PDF)

Install + Configuration Guide

English

Note: To find SSH client software, go to Download.com at http://www.download.com/, and search for SSH. The list displays software that can be purchased or downloaded for free. An example of a free SSH client software is PuTTY, a software implementation of SSH for Win32 and Unix platforms. To download a copy go to http://putty.nl

Zimbra Network NG Modules: First Steps

This Guide contains all information needed to switch to the new Zimbra Network NG modules from their legacy counterparts after upgrading to Zimbra 8.8 and beyond.

Switching to Backup NG

Switching to the new Backup NG is a simple process that will initialize the new backup system on a dedicated path. Until the initialization is completed, the old backup engine will be active. Old backup files will not be removed and the old backup and restore tools are still available via the usual CLI commands.

Backup Path Limitations

To hold Backup NG data, a storage must comply to the following:

  • The storage must have a mountpoint on the system.

    • The "zimbra" user must of course have r/w permission on the path.

  • The data must be stored on a case-sensitive filesystem.

Backup NG features a built-in scheduling system and does not rely on the system’s cron service. At the end of the initialisation process, old backup-related crontab lines will be automatically removed.

Backup NG Initialization

Before initializing the Backup NG module, make sure you have enough space on the storage where you will store the backup. The average size of the backup is 50-70% of the nominal total quota of all mailboxes.

To initialize the Backup NG module:

  • Access the Zimbra Administration Console.

  • Enter the "Network Modules NG" section on the left menu.

  • Enter the "Backup" section.

  • Set the "Backup Path" to the directory where you will store your backup.

  • Click the "Initialize" button - this will trigger a SmartScan to initialize the Backup Path

Switching to Mobile NG

Switching to the new Mobile NG is a simple process that will activate the new mobile handlers and deactivate the old ones. This will also switch the synchronization control over to Mobile NG from the legacy Zimbra Mobile. Until the initialization is complete, the old mobile engine will be active.

What Happens after the Switch

After switching to Mobile NG, all existing syncstates will be invalidated, and all connected devices will automatically re-synchronise all of their data through the new engine.

Since the switch will force all connected devices to re-synchonise all of their data, make sure to alert your users beforehand to make sure that they have wifi coverage or enough traffic on their mobile data plans.

Furthermore, the switch might lead to an abrupt increase in the number of connections to the server, and consequently its load, due to the resynchronisation of all devices.

The switch is completely transparent to end users, and no user interaction should be prompted or required, but being the Exchange ActiveSync protocol mostly client-driven different behaviours might be experienced, such as:

  • Device not synchronising until user’s action (e.g. opening the email client).

  • Device requiring a restart.

  • Device not synchronising until the user re-enters their username and password in the account’s settings.

Albeit sporadic, such behaviours and the load impact on the system should be taken into account when planning to switch to Mobile NG.

Mobile NG Initialization

To initialize Mobile NG:

  • Access the Zimbra Administration Console.

  • Enter the "Network Modules NG" section on the left menu.

  • Enter the "Mobile" section.

  • Click the "Activate" button.

Switching to HSM NG

The HSM NG module will become active as soon as the upgrade to Zimbra 8.8 is complete, and does not require any interaction.

Any old HSM policy, volume and volume configuration will be maintained.

HSM NG features a built-in scheduling system and does not rely on the system’s cron service. At the first start after the upgrade, old HSM-related crontab lines will be automatically removed.

Switching to Admin NG

Switching to the new Admin NG is a simple process that will migrate any relevant ACL information to the module’s own configuration manager, clearing existing ACLs and ACEs from the system.

Admin NG is significantly different than the old Delegated Administration engine. Please read the product’s documentation and only migrate to Admin NG if its feature set meets your needs.

Switching to Admin NG will remove all existing ACLs and ACEs from the server. This new module is extremely different from its legacy counterpart, so after the migration will not be able to recreate the very same admin roles and settings.

This is a one way only process.

Once Admin NG is initialized it’s not possible to go back to the old engine, so if you have customized or complex ACLs/ACEs carefully consider whether or not to switch.

Admin NG Initialization

Admin NG is not enabled by default during upgrades from a version earlier than 8.8, so it must be enabled manually before migrating to it.

To enable Admin NG:

  • Run the following command as the "zimbra" user on any mailbox server:

    zmprov mcf zimbraNetworkAdminNGEnabled TRUE

To initialize Admin NG:

  • Access the Zimbra Administration Console.

  • Enter the "Network Modules NG" section on the left menu.

  • Enter the "Admin" section.

  • Click on the "Migrate" button.