New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Zentyal 4 as Hosted Exchange on VPS | confused about Network Settings
Hello everyone,
I posted this on the official forum here but couldn't get a fruitful reposne, so I thought of tunring it here for a discussion.
Anyone trying to get it to work ?
All I want is to run a "hosted Exchange", but can't get the network interfaces to work properly.
Ay pointers how I configure my NICs when there is only one interface on my VPS and only Public IP to access it remotely ?
Comments
Get another IP and setup pptp VPN, with local IP. Forward traffic from the second public IP to the local IP. Then you should be able to put the local IP in zentyal.
Yes I already have a second IPv4 by the VPS provider, how to setup a VPN, will it be from within Zentyal package ? What will be the local IP ?
Sorry still confused
Zentyal has it's own VPN module.
You can connect to it using PPTP. You'll get an local IP
The setup isn't meant for our LEB's, but for dedicated business machines, I had to just skipped the network setup (this prevents the setup from blocking the primary external interface as well).
Since we're on this topic, do you think OpenChange is stable enough (it's almost impossible to compile yourself from source)?
Wow! I am just finding out about this software now! looks really cool but is a PITA to set up on KVM. Trying to do it now and the networking bit is confusing.... :S
We got everything working fine but was unable to actually connect with Outlook. We found their Outlook configuration tutorial but it will would not connect.
Well it is tough but I'm not letting this one go now! Made some progress on the second VPS with 1GB RAM, it works on that. Updating you on the thread:
Well @Silvenga!
its not much resource hungry like MS Exchange, as per the mail component is concerned which is the only module I'm testing right now. I'm pretty sure a "working" install with 100 mailboxes should be very "runnable" under 2GB VPS, though more Diskspace may be needed depending on how much you allocate per mailbox, but corp. Exchange users tend to need a Big mailbox. So we are looking for High storage VPS services, I contacted VPSDime, unfortunately their SPAM policy is not appropriate + they don't offer mail on high storage plans. PLEASE do suggest some good ones, I've got one from Alexander(HostUs.us).
on--Stable enough or not, that's a very "personally" subjective question, depends what experience one had, which is only possible if you give it to a good trial amongst real users, not just a lab setup. Hence it needs a trial for 5-6 months to cure and harden before jumping on to conclusions.
on-- Compiling yourself **? that'd be a nightmare unless you have weeks of time and loads of knowledge. Sogo (the webmail & groupware part) itself is a big pain, and literally hard to get working. If you see **Julien's (CTO of Zentyal) presentations, Setup was what they really worked hard, as it is almost impossible to have such a huge number of packages compiled and working.
@agoldenberg & @TransNOC,
I do have an "almost" running server, and believe me, I've "sort of" mastered the installation part on Ubuntu 14.10 64bit minimal on an openVZ VPS. I have a set of commands thoroughly researched and **tested ** which WORK great on an Amazon EC2, a KVM based VPS and another OVZ VPS. I'm confident _on the installation part, and Will need someone (_inviting actually )to script it for an automated install on Ubuntu 14.04.
I've also put up a request for training from the Zentyal guyz, awaiting their techs for an answer.
I'd like to call on @Jar to watch on this thread, something I discussed with him months before. He looks to be the most experienced, may be he can shed more light on this thing. Would love to share server credentials if someone wants to give a helping hand.
Stay tuned... it is not an easy thing, but yes it will work and will be a good solution to use and to be sold to your customers.
I've set it up on a single public facing IP and secured it. It's been a few months. I'll try to find some time to refresh my memory on it tonight and help out a bit. It's not too bad but what is absolutely key is carefully managing updates and properly securing it.
Clustering in 3.5 for AD purposes is absolutely broke. Will work for a few days and without fail just start failing. I do not believe Zentyal is ready for more than a lab setting.
It's good to see they got the issue with the interface not working in 4.0. That was a huge issue when 4.0 was released.
@MCHPhil, Zentyal v4 is almost a new package from grounds up, and they overcame many installation and "teething issues". So I definitely recommend giving v4 a clean shot.
However, the forums are aggressive about removing a lot of side-by packages like webserver and such, but I guess if you can bring upon a "focused" concrete Package, its better!
@Jar...looking forward for your tips...
Zentyal v3.5 to v4 mainly changed the open exchange stuff. I do not use it for open exchange but for the AD side of things. As exchange is tightly integrated with AD I'd be wary of setting up a system that has/had issues with basic replication of AD. I'm not talking about sysvol, that is a known issue and rsync fixes that easily. But user / password synchronization was broke in v3.5. That's a hairy situation. Constantly demoting and re-adding a domain controller was a horrible fix.
Just my opinion though.
I was talking about the setup (not many people have non-virtualized interfaces to work with) - although Zentyal takes 3 times the resources of Zarafa (another exchange replacement). I personally tried for several hours to get Zentyal working on a 1GB box but kept on hitting memory faults. I believe 2GB is the bare minimum to install Zentyal (not for our LEB's).
I hate having to use Zentyal, but they have several patches that I haven't been able to find that allows Openchange to compile fully (old documentation doesn't help). I would prefer to use only Openchange without the "crap" provided in Zentyal (I don't need a WebUI).
Openchange standalone requires something like 3 packages. Zentyal is where the bloat comes from.
Thanks for the insight @Silvenga.
I think that's where Zentyal is loosing on, its trying to microsoft-ize an open source project, where the admins want "open" freedom. Can't deny. However, I'd look over it if it can provide me a stable OpenExchange solution.
I will take a look at Zarafa too, a lot praise it.
@MCHPhil... I'm on the otherside only testing the Mail Exchange module with outlook anywhere component. If that works, coupled witha good spam control down the line for 6 months, it'll be a good package to mature up with. I do however agree the substantial "claims" Zentyal makes should be dealt with proper patches, improvements and Documentation_ which is really a PITA_.
Learning alot from the discussion... that's the beauty of forums!
I think I got network working on an OpenVZ container @mehargags (some hacks). Are you still having issues?
Yes @Silvenga, the issue is still pending as I didn't have time to work on it. would really help if you can share your "hack" and get things going.
So I gather that Samba (therefore Zentyal) needs to know about the external IP address(es). This is normally done during A) detecting the network interfaces, or configuration by the user. Unfortunately Zentyal was not designed to work with our LEB's (OpenVZ containers), hence has no idea what to do with the
venet
interfaces, therefore cannot perform A). The UI was not designed to configurevenet
interfaces therefore we cannot perform .This will cause Zentyal from doing C) failing to configure, or D) configuring the network interfaces incorrectly.
First I fixed issue D). This is done by forcing our network configurations using the post network setup hook in Zentyal. This script will just copy the correct setup to
interfaces
.Now to fix C). Setup the
venet
interface (or what Zentyal knows about it) to your main external IP address. No other settings are required since we don't care about how Zentyal configures the network.This in turn fixes and prevents the need to fix A) - which in turn allows you to setup Samba, therefore Openchange.
Notes:
The firewall module is not require (needs to be installed, but not enabled). I just disabled it (I prefer to configure the firewall myself).
During the first setup wizard I skipped network setup.
Not sure what to do with multiple IP's (not a use case for my setup).
@Silvenga
Thanks... your insight was helpful.
I've managed to get past and ENABLE the Network Services.
But as soon as I enable DNS, Webadmin gui gives "504 Gateway Times-out" while I CAN STILL SSH
What can be the problem ?
Try clearing all not essential pre-installed packages before installing Zentyal 4. I remember having issues with an older version of Samba installed, for example.
I personally never had issues with the DNS module, so I can't really help. I'm going to wait until I can compile OpenChange from source myself, Zentyal is honestly a huge mess in more than one way (sticking with Zarafa for now).
@Silvenga I'm installing this on a clean ubuntu 14.04 min. fresh out of the box! Not even apache is installed.
Teh behaviour differes on VPS providers... on 2 of my VPS's I'm facing DNS issues, while on one with DaringHost its configuring fine.
Samba is what I feel creating the problem.
@Jar ... pls give some insight if you are watching this thread...! I can recall you were testing Zentyal 4 yourself, any reports ??
@mpkossen, you have the most popular mail server tutorial, may I request you to offer some help here?
I have 3 different VPSs from distinct providers, I can give you access to any VPS if you want...pm me if interested. I'll be thankful!
Thanks everyone... I have a march deadline to shift a big mail server, so preparing in that lieu.
This 100%. I'm still only commenting on the AD side, but wow. It is bad. I'd be wary of doing much with this until a lot of the kinks are worked out. Otherwise you may be in a situation like I, trying to move back to windows as the headache is not worth it. Good luck getting AD back over to windows from Zentyal.
If it's from a template, I've found some odd things before using the "standard" Ubuntu 14.04 template. For example, cron was missing (didn't know that was possible), rsyslog was replaced with a non-binary compatible alternative, bind9 installed (not default anymore), exim4 install rather than the default postfix, mailutils missing, etc.
I'm to closing to believe this... a package such broken coupled with such lacking support is surely not a production ready software. Add to it the severnity of the service, a mail service is much more "uptime" demanding than a website. Business rely greatly on messaging!
That said... I'm trying to have a "tried and Tested" setup with either webmin or ispconfig to setup a mail server, any recommendation which one would best suite?
There are few reasons to have a hosted mail server today. Are you absolutely sure you need to host it yourself? There is a lot that goes into having a reliable mail server. Not only redundancy but you have to think about block lists also. What about the fun whitelist only guys?
I really do recommend Zarafa. I've installed, upgraded, migrated, restored, and gone non-standard without it breaking. There is no auto-magic and everything is documented.
My feeling is if you can perform a migration of Zarafa from one system (with a different operating system) to another with nothing more than scp and mysqldump it is ready for anything.
@MCHPhil... Yes hosted is great for small companies which need 5-10 mailboxes. But with SMB/SME level companies with 100-500 mailboxes, the recurring expense is not sustainable.
I do agree... SPAM is the biggest problem to mitigate but then, someone has to do it...right! Sysadmin these days isn't less than being a warrior!
Ok... I will just give it a serious look now... is it free ? As I don't want (a challenge) to spend anything on software licenses.
How good is Zarafa fighting SPAM, managing whitelist and how Secure is it service wise?
Edit... Also how good/reliable/free is outlook + mobile connectivity...groupware aspect?
I have a lot in hosted exchange at $4/user/month. Also have a bit with office 365 for SMB/SME level businesses. It just works. Saves us a big headache and if your audited ever, saves a ton of work.
BTW I'm not talking about whitelists as you may be thinking, I'm talking about say MSN?? IIRC uses a whitelist? I haven't fussed with it in a while...
There are three categories: open source, free, paid. With free and paid you get things like Outlook compatibility (not open source). Free is limited to smaller setups. Paid has three categories (http://www.zarafa.com/zarafa-calculator). You could get away with Zarafa with Activesync (open source) or Zarafa with IMAP/CalDav/CardDav/etc. (also open source).
Ironically, Zentyal uses z-push (created by Zarafa) for Activesync compatibility.
Zarafa does not do anti-spam (personally use ASSP for that). It just integrates into postfix (or any other MTA) so just pick a standard anti-spam and roll with it. Whitelists would be handled by the MTA again, not Zarafa. Zarafa is not meant to be a fix all solution, rather it should do one thing (messaging and collaboration) and do it well.
Security wise is hard to determine. Each "part" of Zarafa can be sandboxed pretty easily. I would say the attack surface is a fraction of the size as Zentyal, but I'm no expert.
a friend of mine suggested Horde is good... I'm currently giving it a spin over an Ispconfig install. After which I will be giving a try to Zarafa.
@Silvenga, can you recommend some good install guides, in particular to LEB OVZ boxes ? Will help reduce hunting good resources!
Thanks
Zarafa's offical installation manual is what I used: http://doc.zarafa.com/7.1/Administrator_Manual/en-US/html/_installing.html
And the official community Wiki: http://www.zarafa.com/wiki/index.php/Main_Page was very helpful.