Multi-Server Install - DNS Configuration

Ask questions about your setup or get help installing ZCS server (ZD section below).
Post Reply
User avatar
arkitoure
Posts: 18
Joined: Fri Feb 10, 2017 9:16 am

Multi-Server Install - DNS Configuration

Post by arkitoure »

Hi All....

In a multi-server install does the Zimbra Proxy route all traffic up and down from the other Zimbra services?

More specifically, in external DNS, does the Zimbra MTA/Mail need to be listed with an A and MX record or only the Zimbra Proxy?

My current thinking is that only the Zimbra Proxy(s) need to be listed in external DNS A/MX records as the Proxy routes all traffic intelligently. However, with this configuration no mail is getting out or in.

Any input on this issue would be appreciated.

Cheers! :ugeek:
Top
User avatar
vavai
Advanced member
Advanced member
Posts: 174
Joined: Thu Nov 14, 2013 2:41 pm
Location: Indonesia
ZCS/ZD Version: 0
Contact:
Contact vavai

Re: Multi-Server Install - DNS Configuration

Post by vavai »

Hi,
arkitoure wrote:Hi All....

In a multi-server install does the Zimbra Proxy route all traffic up and down from the other Zimbra services?

More specifically, in external DNS, does the Zimbra MTA/Mail need to be listed with an A and MX record or only the Zimbra Proxy?

My current thinking is that only the Zimbra Proxy(s) need to be listed in external DNS A/MX records as the Proxy routes all traffic intelligently. However, with this configuration no mail is getting out or in.

Any input on this issue would be appreciated.

Cheers! :ugeek:

Zimbra Proxy have to manage Web, IMAP and POP3 port only, so why you have no mail getting out or in because it has no MTA's capability. To have a single DNS A/MX, you must also installing MTA service on your Zimbra Proxy (so it has proxy/mta services).

On the other scenario, you can still using Zimbra proxy only and separating MTA service on other server and then creating a different DNAT with single public IP for each service, something like port 80/110/143/443/993/995 on your Zimbra proxy and port 25/465/587 on your MTA server.
Top
User avatar
arkitoure
Posts: 18
Joined: Fri Feb 10, 2017 9:16 am

Re: Multi-Server Install - DNS Configuration

Post by arkitoure »

vavai wrote:Hi,
arkitoure wrote:Hi All....

In a multi-server install does the Zimbra Proxy route all traffic up and down from the other Zimbra services?

More specifically, in external DNS, does the Zimbra MTA/Mail need to be listed with an A and MX record or only the Zimbra Proxy?

My current thinking is that only the Zimbra Proxy(s) need to be listed in external DNS A/MX records as the Proxy routes all traffic intelligently. However, with this configuration no mail is getting out or in.

Any input on this issue would be appreciated.

Cheers! :ugeek:

Zimbra Proxy have to manage Web, IMAP and POP3 port only, so why you have no mail getting out or in because it has no MTA's capability. To have a single DNS A/MX, you must also installing MTA service on your Zimbra Proxy (so it has proxy/mta services).

On the other scenario, you can still using Zimbra proxy only and separating MTA service on other server and then creating a different DNAT with single public IP for each service, something like port 80/110/143/443/993/995 on your Zimbra proxy and port 25/465/587 on your MTA server.


Thank you for this clarity...

My flawed thinking was that the proxy was routing traffic into the private net intelligently all by itself. Of course the goal is to reduce attack vector by having as little as possible services with public access. That the proxy was a single (or distributed) shielding for all over Zimbra services.

The current setup is only the proxy running in a DMZ and all other services running in a single instance in the private net. So ..... 1>1 or (DMZ (Zimbra Proxy))>(PrivateNet (Full Zimbra/without proxy))

Would it be sensible to simply create a new, separate MTA only instance, bring that into the DMZ and have it communicate with the already installed Full Zimbra/w.o. Proxy instance in the private net? This would create 2 MTA's with one running alone and the other running together with all other non-proxy services. The plan was to expand/separate services of this installation in the near future but to keep it simple initially.

Or would it be a better solution to simply start over and separate the MTA out?

The reason why I ask this is because configuration has already been applied and migration of data has been performed from a previous Zimbra solution. So Im looking to be as efficient with time as possible.

BTW- I have referenced your large scale deployment strategy, very concise and helpful resource.

Cheers
Top
stevegazo
Posts: 3
Joined: Wed Mar 22, 2017 9:01 pm

Re: Multi-Server Install - DNS Configuration

Post by stevegazo »

I am in the exact same boat. I have a complete 8.7.5 Zimbra installation (not including proxy and memcached packages) on one server, and on a separate server I have the proxy and memcached packages. It was only after I attached the proxy to my DMZ that I noticed my incorrect assumption of the Zimbra proxy being able to handle incoming smtp traffic and forward to my main zimbra mailstore server. We would preferably not want to install the MTA package on the proxy unless that's the only way to handle incoming smtp traffic on that machine.

Can someone from Zimbra please confirm whether there's any other way around this?

Thanks!
Top
Post Reply

Return to “Installation and Upgrade”