Zimbra Collaboration Suite is an open source email and collaboration platform that includes email, contacts, calendar, documents and more. It is a Web-based application suite that can be deployed as an on-premise private cloud or outsourced public cloud service. I’ve been using Zimbra since 2007 (version 4.x) for variety scale of implementation : from hundreds to fifty thousand account. How this can be handled by Zimbra? The key is to use Zimbra cluster with multi-server scheme.
Below are simple Zimbra design with 1 main goal : be able handle up to 25 thousand accounts.
Description:
- All servers are using private network/IP. Only 1 public IP required for public access
- All servers are preferable to be installed as VM on top of VMware (or others Virtualization Technology). All servers can also be installed on physical server but it will require a lot of physical servers
- On the above design, I distinguish routing for HTTP/S (web), Local traffic (LMTP) and External SMTP. POP3 and IMAP access will refer to the same access as HTTP/S. We can also provide load balancer in front of each traffic to reduce the overload
- Routing for HTTP port 80 or port 443 (HTTPS), POP3 and IMAP provided by Zimbra Reverse Proxy. This server will provide all port to be NAT-ed to IP Public except for Zimbra Admin 7071 and SMTP port, such as port 80, 110, 143, 443, 993 and 995. Zimbra Proxy usually installed along with memcached used for route lookup handler which will forward traffic and account to the appropriate mailbox server
- In total there are 5 mailbox servers to share access load with about 3000 to 5000 account on each mailbox server. Even if using 5 different mailbox server, all users accessing Zimbra with same address, such as webmail.vavai.com. All access will be forwarded by Zimbra proxy to the corresponding mailbox server where the account resides
- Incoming SMTP server with NAT port 25 serves as a front-end server and MX records on public DNS. This server contains anti-spam and anti-virus services. According to its function, this server can also be replaced with security (anti spam & anti virus) appliance
- Local SMTP server divide into three separate functions : to the normal connection (Local MTA), SMTP App for email delivery from application and the last is SMTP for mass email delivery/mailing list
- Port 465 SMTP SSL and port 587 SMTP TLS can also be NAT-ed on outgoing SMTP or on the local MTA, used for mail sending port from Mail User Agent (MUA, ie : Outlook, Thunderbird etc)
- On the above design, I forgot (?? 🙂 ) to add LDAP server as cluster component. Actually, I have 2 LDAP server. The first one act as LDAP master and the other as LDAP Replica. All servers connected to LDAP replica; only LDAP replica connected to LDAP master
BENEFIT
There are several advantages of using the above design:
- Load balancing server on mailbox. Access to HTTP, IMAP and POP3 can be divided into multiple mailbox server. We can applying horizontal scaling : add more account will require additional mailbox server only, without changing existing configuration
- We can also create multiple Zimbra proxy for scaling front end access
- Allows us to create a different rule for incoming and outgoing email, ie : rate limit outgoing email to prevent blacklist IP when compromised account send massive spam email. Applying such rule will not affecting local mail delivery.
- Easier to scaling SMTP function for email delivery
I know that the above design are very modest and based on my experience only, so if you have any suggestion regarding Zimbra large scale deployment, do not hesitate to drop a comment.
8 Comments
Hi vavai,
I will use always a MMR to protect the critical part of the Zimbra environment, LDAP, maybe just 2.
I always want to add Proxy, 2 or more depending of the Users.
Have an interna DNS is important, with a NTP server as well, then all servers with NTP client.
If you are using NE, have a dedicated convertd server, not required in all and each server, depends of the use of the High Fidelity Preview.
the dnscache service in the MTA is always welcome as well.
All of the rest is amazing!
Carefully install for productive Zimbra server MMR server, according to the official description of MMR installation from Zimbra, because it only works in with one, default domain Zimbra installation. If you have multiple domains, all domain users and domain erase the MMR and also from the productive server too!
Hi vavai,
for use with fifty thousand accounts, what is system configuration?
Processing capacity of each server if I use the physical server?
Hi
For use of 1500 mailbox what should be the best configuration along with hardware in VMware enviroment.
Hi vavai,
If you kindly share hardware specification Concerning RAM for each virtual mailbox server covering 3000 users as you have mentioned.
Secondly, can it be possible on Zimbra Open Source Edition?
Can we add 5x More virtual mailbox servers for Redundancy and keep them in Cluster in Zimbra Open Source Edition
Hi,
It is said that only one public IP is required that is assigned to webmail.vavai.com that is NATted to mailbox servers I think so. How about the Incoming MX record which also requires a public IP. Can you please clarify me..
Hi,
It is said that only one public IP is necessary that is assigned to MTA host. How the external users access their mboxes reside on mailbox hosts which also require public hostname. Can you please clarify me how external users connect to mailboxes.
Hi Vavai: I enjoyed your blog. Questions about multiple domain hosting. Is it possible to have virtual domain A route to vda.vavai.com and virtual domain B route to vdb.vavai.com and virtual domain C route to vdc.vavai.com etc. etc. etc.?