Needed Ports

Although the Zimbra Installation instructions tell you install Zimbra on a system without a firewall, you can get Zimbra to work on a system as long as all needed ports are opened on the firewall.

Standard Zimbra ports

SMTP	25	tcp
HTTP	80	tcp
POP3	110	tcp
IMAP	143	tcp	should probably be limited by a firewall to your local network only
LDAP	389	tcp
HTTPS	443	tcp
SMTPS	465	tcp
IMAPS	993	tcp
POP3S	995	tcp
(Admin Interface)	7071	tcp	This is the should probably be limited by a firewall to your local network only
LMTP	7025	tcp	should probably be limited by a firewall to your local network only

Source : http://wiki.zimbra.com/index.php?title=Firewall_Configuration

Sumber : http://www.mikrotik.co.id/artikel_lihat.php?id=23

Selama mengelola Mikrotik Indonesia, banyak sekali muncul pertanyaan bagaimana cara melakukan pemisahan queue untuk trafik internet internasional dan trafik ke internet Indonesia (OpenIXP dan IIX). Di internet sebetulnya sudah ada beberapa website yang menampilkan cara pemisahan ini, tapi kami akan coba menampilkan kembali sesederhana mungkin supaya mudah diikuti.

Pada artikel ini, kami mengasumsikan bahwa:

1. Router Mikrotik melakukan Masquerading / src-nat untuk client. Client menggunakan IP privat.
2. Gateway yang digunakan hanya satu, baik untuk trafik internasional maupun IIX.
3. Anda bisa menggunakan web-proxy internal ataupun tanpa web-proxy. Jika Anda menggunakan web-proxy, maka ada beberapa tambahan rule yang perlu dilakukan. Perhatikan bagian NAT dan MANGLE pada contoh di bawah ini.

Jika ada parameter di atas yang berbeda dengan kondisi Anda di lapangan, maka konfigurasi yang ada di artikel ini harus Anda modifikasi sesuai dengan konfigurasi network Anda.

Pengaturan Dasar

Berikut ini adalah diagram network dan asumsi IP Address yang akan digunakan dalam contoh ini.

Untuk mempermudah pemberian contoh, kami mengupdate nama masing-masing interface sesuai dengan tugasnya masing-masing.

[admin@MikroTik] > /interface pr Flags: X - disabled, D - dynamic, R - running # NAME TYPE RX-RATE TX-RATE MTU 0 R ether-public ether 0 0 1500 1 R ether-local ether 0 0 1500

Untuk klien, akan menggunakan blok IP 192.168.0.0/24, dan IP Address 192.168.0.1 difungsikan sebagai gateway dan dipasang pada router, interface ether-local. Klien dapat menggunakan IP Address 192.168.0-2 hingga 192.168.0.254 dengan subnet mask 255.255.255.0.

[admin@MikroTik] > /ip ad pr Flags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK BROADCAST INTERFACE 0 202.0.0.1/24 202.0.0.0 202.0.0.255 ether-public 1 192.168.0.1/24 192.168.0.0 192.168.0.255 ether-local

Jangan lupa melakukan konfigurasi DNS server pada router, dan mengaktifkan fitur “allow remote request”.

Karena klien menggunakan IP private, maka kita harus melakukan fungsi src-nat seperti contoh berikut.

[admin@MikroTik] > /ip fi nat pr Flags: X - disabled, I - invalid, D - dynamic 0 chain=srcnat out-interface=ether-public action=masquerade

Jika Anda menggunakan web-proxy transparan, Anda perlu menambahkan rule nat redirect, seperti terlihat pada contoh di bawah ini (rule tambahan yang tercetak tebal).

[admin@MikroTik] > /ip fi nat pr Flags: X - disabled, I - invalid, D - dynamic 0 chain=srcnat out-interface=ether-public action=masquerade 1 chain=dstnat in-interface=ether-local protocol=tcp dst-port=80 action=redirect to-ports=8080

Jangan lupa mengaktifkan fitur web-proxy, dan men-set port layanan web-proxynya, dan disesuaikan dengan port redirect pada contoh di atas.

CEK: Pastikan semua konfigurasi telah berfungsi baik. Lakukanlah ping (baik dari router maupun dari klien) ke luar network Anda secara bergantian.

Pengaturan IP Address List

Mulai Mikrotik RouterOS versi 2.9, dikenal dengan fitur yang disebut IP Address List. Fitur ini adalah pengelompokan IP Address tertentu dan setiap IP Address tersebut bisa kita namai. Kelompok ini bisa digunakan sebagai parameter dalam mangle, firewall filter, nat, ataupun queue.

Mikrotik Indonesia telah menyediakan daftar IP Address yang diadvertise di OpenIXP dan IIX, yang bisa didownload dengan bebas di URL: http://www.mikrotik.co.id/getfile.php?nf=nice.rsc

File nice.rsc ini dibuat secara otomatis di server Mikrotik Indonesia setiap jam, dan merupakan data yang telah dioptimalkan untuk menghilangkan duplikasi entri dan tumpang tindih subnet. Saat ini jumlah baris pada script tersebut berkisar 7000 baris.

Contoh isi file nice.rsc :

# Script created by: Valens Riyadi @ www.mikrotik.co.id # Generated at 26 April 2007 05:30:02 WIB ... 431 lines /ip firewall address-list add list=nice address="1.2.3.4" rem [find list=nice] add list=nice address="125.162.0.0/16" add list=nice address="125.163.0.0/16" add list=nice address="152.118.0.0/16" add list=nice address="125.160.0.0/16" add list=nice address="125.161.0.0/16" add list=nice address="125.164.0.0/16" . . dst...

Proses pengambilan file nice.rsc bisa dilakukan langsung dari terminal di RouterOS dengan perintah:

/tool fetch address=ixp.mikrotik.co.id src-path=/download/nice.rsc;

Kemudian, import-lah file tersebut.

[admin@MikroTik] > import nice.rsc Opening script file nice.rsc Script file loaded and executed successfully

Pastikan bahwa proses import telah berlangsung dengan sukses, dengan mengecek Address-List pada Menu IP – Firewall

Proses upload ini dapat juga dilakukan secara otomatis jika Anda memiliki pengetahuan scripting. Misalnya Anda membuat shell script pada Linux untuk melakukan download secara otomatis dan mengupload file secara otomatis setiap pk 06.00 pagi. Kemudian Anda tinggal membuat scheduler pada router untuk melakukan import file.

Jika Anda menggunakan RouterOS versi 3.x, proses update juga dapat dilakukan secara otomatis.

Perintah yang perlu dibuat adalah :

/system sched add comment=”update-nice” disabled=no interval=1d name=”update-nice-rsc” on-event=”:if ([:len [/file find name=nice.rsc]] > 0) do={/file remove nice.rsc }; /tool fetch address=ixp.mikrotik.co.id src-path=/download/nice.rsc;/import nice.rsc” start-date=jan/01/1970 start-time=00:06:00

Hati-hati! : Setelah copy paste, pastikan hasil copy paste sama persis. Proses copy paste kadang-kadang menghilangkan beberapa karakter tertentu.

Pengaturan Mangle

Langkah selanjutnya adalah membuat mangle. Kita perlu membuat 1 buah connection mark dan 2 buah packet mark, masing-masing untuk trafik internasional dan lokal.

[admin@MikroTik] > /ip firewall mangle pr Flags: X - disabled, I - invalid, D - dynamic 0 chain=prerouting in-interface=ether-local dst-address-list=nice action=mark-connection new-connection-mark=conn-iix passthrough=yes 1 chain=prerouting connection-mark=conn-iix action=mark-packet new-packet-mark=packet-iix passthrough=no 2 chain=prerouting action=mark-packet new-packet-mark=packet-intl passthrough=no

Untuk rule #0, pastikanlah bahwa Anda memilih interface yang mengarah ke client. Untuk chain, kita menggunakan prerouting, dan untuk kedua packet-mark, kita menggunakan passthrough=no.

Jika Anda menggunakan web-proxy internal dan melakukan redirecting trafic, maka Anda membuat 2 buah rule tambahan seperti contoh di bawah ini (rule tambahan yang tercetak tebal).

[admin@MikroTik] > /ip firewall mangle pr Flags: X - disabled, I - invalid, D - dynamic 0 chain=prerouting in-interface=ether-local dst-address-list=nice action=mark-connection new-connection-mark=conn-iix passthrough=yes 1 chain=prerouting connection-mark=conn-iix action=mark-packet new-packet-mark=packet-iix passthrough=no 2 chain=output connection-mark=conn-iix action=mark-packet new-packet-mark=packet-iix passthrough=no 3 chain=prerouting action=mark-packet new-packet-mark=packet-intl passthrough=no 4 chain=output action=mark-packet new-packet-mark=packet-intl passthrough=no

Pengaturan Simple Queue

Untuk setiap client, kita harus membuat 2 buah rule simple queue. Pada contoh berikut ini, kita akan melakukan limitasi untuk IP client 192.168.0.2/32, dan kita akan memberikan limitasi iix (up/down) sebesar 64k/256k, dan untuk internasional sebesar (up/down) 32k/128k.

[admin@MikroTik]> /queue simple pr Flags: X - disabled, I - invalid, D - dynamic 0 name="client02-iix" target-addresses=192.168.0.2/32 dst-address=0.0.0.0/0 interface=all parent=none packet-marks=packet-iix direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=64000/256000 total-queue=default-small 1 name="client02-intl" target-addresses=192.168.0.2/32 dst-address=0.0.0.0/0 interface=all parent=none packet-marks=packet-intl direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=32000/128000 total-queue=default-small

Pengecekan Akhir

Setelah selesai, lakukanlah pengecekan dengan melakukan akses ke situs lokal maupun ke situs internasional, dan perhatikanlah counter baik pada firewall mangle maupun pada simple queue.

Anda juga dapat mengembangkan queue type menggunakan pcq sehingga trafik pada setiap client dapat tersebar secara merata.

Menggunakan NOD32 Update Generator untuk update offline:
NOD32 Update Generator berguna untuk NOD32 yang tidak punya akses ke internet. Syaratnya 1 dari sekian komputer harus bisa update ke internet. Nanti dari komputer yang online tersebut, baru digunakan NOD32 Update Generator untuk menghasilkan file update untuk NOD32 yang tidak online.

Terdapat dua cara untuk menggunakan NOD32 Update Generator ini:
1. Untuk modus manual, Anda tinggal masukkan nama folder yang diinginkan kemudian klik tombol generate.

2. Untuk menggunakan NOD32 Update Generator secara otomatis, masukkan dengan parameter nama folder. Jadi syntax-nya: N32UpGen <<Nama_Folder>>,
contohnya: N32UpGen C:\nod_upd.

Paling sip kalau NOD32 Update generator ini dijalankan otomatis setelah NOD32 sukses mengupdate virus definition. Caranya tinggal masukkan pada bagian scheduler NOD32, pilih event trigger On Successfull update virdef dan On Successfull update program component, jadi semuanya ada 2 task. Jangan lupa, bagian command line diisi dengan nama folder NOD32.

Nanti komputer yang tidak online tinggal mengarahkan update servernya ke folder yang berisi virus definition yang dihasilkan oleh NOD32 Update Generator ini. Misalnya, bila virus definition disimpan dalam flash disc (contoh: f:\nod_upd), maka untuk komputer offline, pilih update -> Setup -> Pilih nama servernya f:\nod_upd, klik OK dan klik update now. NOD32 Anda langsung mengupdate virus definition yang ada di flash disk.

Berikut untuk membuat update generator secara otomatis.

Membuat NOD32 biasa serasa NOD32 Administrator

Keunggulan NOD32 Administrator karena dia dapat membuat update lokal virus definition, sehingga NOD32 yang lain juga dapat mengupdate dari hasil update NOD32 Administrator.

Sebenarnya hal ini juga bisa kita lakukan dengan NOD32 Non Administrator. Semuanya menjadi mungkin berkat program NOD32 Update Generator. Berikut langkah-langkahnya:

1. Masuk ke NOD32 System Tools -> Scheduler/Planner -> Add
2. Kemudian ikuti langkah-langkah seperti di gambar ini:

Untuk file dan working directory, silakan disesuaikan dengan lokasi penyimpanan NOD32 Update Generator.

Selanjutnya komputer lainnya bisa langsung update di komputer yang menghasilkan virdef tersebut dengan catatan folder untuk update harus dishare. Contoh, misalkan komputer yang digunakan untuk update bernama Server, maka pada komputer klien harus memilih servernya sebagai berikut:
\\Server\NOD_Upd. Jangan lupa untuk memasukan username dan password yang valid (username dan password yang ada di komputer server) agar klien bisa mendownload virdef.

Untuk melihat source lebih lengkap kunjungi link berikut:
Forum CHIP Indonesia – Update Generator
Forum CHIP Indonesia – Automatic Generation

Selesai. Semoga membantu 😉

This is it that i’m looking and searching for a couple of days. Thanks to ubuntugeek.
Ok, here brief story, i have ftp server(ProFTPd) on Ubuntu 8.04 LTS behind NAT router.
First, my ftp server could accessed from local machine and local network but could not accessed from Internet even i access my ftp server from my local network with my public IP address. I mean here, it can established the connection but cannot listing the directory. The point here is could not list the directory.
Second, i’ve used vsftpd but i couldn’t find the solution so i use ProFTPd because i could solve this issue.

Here is the solution from ubuntugeek.

If you want to work with FTP server behind NAT use the following procedure.Assume that we have already discussed how to install proftpd server on ubuntu.

Now you need to edit the proftpd configuration file using the following command

sudo vi /etc/proftpd.conf

at the end of the file add the following lines

PassivePorts 60000 60100

MasqueradeAddress SiteName.com
MasqueradeAddress xxx.xxx.xxx.xxx

The PassivePorts command we entered there allows 100 concurrent connection which should be enough for most home users. Those are the ports we are going to have to forward to the FTP server on the router. Replace the xxx.xxx.xxx.xxx with the routers public IP address

Restart the proftpd server using the following command

sudo /etc/init.d/proftpd restart

Now we have to forward the PassivePorts on the router. Login to your router click on the advanced tab then the forwarding tab. Enter in the port range we specified in the configuration file then check the TCP box UDP does not need to be enabled then enter the IP address of the FTP server and click enable. Click the “Apply button and your done on the router. Note if you are using a different brand router the process should be similar this is the setup on a Linksys router.

This should work your FTP server should work behind your NAT router. There is one drawback to this if you have a dynamic IP address from your ISP you will need to update the address in your configuration file whenever it changes.

That’s all. Thanks.

Maybe this can help you.
Source:
ubuntugeek solved
FTP Network Configuration

Ubuntu 8.04 LTS Server (Hardy Heron) Install Guide

From Zimbra :: Wiki

The following guide is for installing ZCS on Ubuntu Server 8.04 LTS, and is a revision of my previous Ubuntu Server 6.06 installation guide here. Please verify which version you are using and follow the appropriate guide, as there are material differences between the two. I have tested this guide with the 32-bit version of Ubuntu only; others will need to verify if any tweaks are necessary for a 64-bit installation.

This installation is for a split-DNS setup, where the server resides on a DMZ and so needs to resolve to its own internal (DMZ subnet) IP address rather than the public IP address that is published to the world. This is a setting where a firewall/router supplies the translation from the public IP to the DMZ IP (DNAT–Destination Network Address Translation) so that translation is not known to the server itself. This configuration is desirable for security, but it makes bits of the Zimbra configuration more complex than they might otherwise be.

For simplicity’s sake I’m referring to Zimbra’s DMZ address as the “private ip address” from here on. By that I mean that the Zimbra box has only one IP address, it’s on the DMZ, and can be seen by my LAN but not the public. When I say “public IP address” I’m not talking about another address on the Zimbra box, but rather the address that gets DNATed to my box and which is resolved in the world.

Installing Ubuntu 8.04 LTS

Obtain your installation binary from Ubuntu at http://www.ubuntu.com/getubuntu/download. Be sure you download the LTS (Longterm Support) Server Edition, NOT the Desktop Edition. Burn the iso file to a CD and boot it in your server. There is an excellent, highly-detailed installation guide for this version at http://www.howtoforge.com/perfect-server-ubuntu8.04-lts. I highly recommend this guide, particularly if you are new to Linux or Ubuntu specifically. The following points need to be kept in mind as you install:

1) The installation (and the guide) want to configure your LAN via DHCP. Cancel it before it gets that far, and manually configure it with a static IP address, netmask, and gateway. Don’t put in a public DNS for your nameserver configuration; instead put in the same IP address that you just gave the machine for its own static IP (this won’t let you resolve names on the internet until we do some more configuration below, but it saves headaches later).

2) When the installation asks for a hostname, give it only a one-word hostname (e.g. “mail” or “myserver”) NOT the fully-qualified domain name (mail.mydomain.com). In the next screen where it asks for the domain name, give the “mydomain.com” part without the hostname.

3) Hard disk configuration is easy if you are using a single drive, but for a server, that’s not the most secure way to do things. Ideally you should have either a RAID-1 or a RAID 1+0 configuration for your disks to provide redundancy. Most ideally that would be hardware-RAID, but configuring it in Ubuntu is a challenge. Software RAID (native to Linux) on the other hand, is easy IF you set it up AT THE TIME YOU ARE PARTITIONING YOUR DISKS. See this howto http://www.howtoforge.com/how-to-install-ubuntu8.04-with-software-raid1 for setup instructions if you want to use software RAID. As to partitioning your drives, you can find a variety of opinions. I just make a small partition for swap (1.5-2x RAM) and the rest for the whole system. Others will recommend separate partitions for mailstore, system, etc. Use your own judgement here.

4) Once the base system has been installed, the installer will ask you for a username, and then a password for that user. This needs to be a non-root user, and unlike previous Ubuntu versions, the user “admin” is no longer accepted. Whatever you choose, that username and password will be what you use to log in at the command line later, and the same password will be the password for sudo commands. Be sure you remember what you put in here!

5) At the “Software Selection” screen, select the DNS Server and OpenSSH Server options for installation, but nothing else. This will allow remote administration (SSH), and will install bind9 which you will need for split DNS.

6) Run the following command to make sure you have all the necessary packages: sudo apt-get install bind9 dnsutils file libgmp3c2 libexpat1 libstdc++5 libltdl3 libperl5.8 perl curl libpcre3 libc6

With these items, your installation will complete and the system will reboot.

DNS

On Ubuntu, check /etc/default/bind9 to see the root directory path for your bind installation. If not other path is specified, then it’s most likely /etc/bind/

Proper DNS configuration is PARAMOUNT! If you don’t have your DNS working properly, don’t even bother trying to install Zimbra, because trying to fix DNS after the fact may result in an install that can do everything except send mail–even from a Zimbra user to himself! So I’ll say it again:

If you can’t resolve your mailserver’s own private IP address (NOT the public IP) using nslookup, fix it BEFORE you install Zimbra!

If your installation above was successful, when you sign on at the command line you’ll be able to ping public IP addresses if you know them, but you may not be able to resolve any names to ping them.

Now you have to configure the following files, which are in the directory /etc/bind (for brevity I’ve deleted the generic comment lines included by the distro). Note that the query-source address and forwarders lines are already there, they just need to be uncommented, and in the case of the forwarders, the ip addresses of your ISP’s DNS servers need to be added. Note also that the syntax needs to be EXACTLY as shown below–leave out one semicolon or bracket and the whole thing blows up:

/etc/bind/named.conf.options

options {
        directory "/var/cache/bind";

        query-source address * port 53;

        forwarders {
                xxx.xxx.xxx.xxx; xxx.xxx.xxx.xxx;
        };

        auth-nxdomain no;    # conform to RFC1035

};

the ip addresses on this file are public ip addresses of the DNS you use in the outside world. The line “query-source address * port 53” is to allow your machine to hit the DNS if oddball DNS ports are blocked. You can leave it commented if you don’t need it.

Check /etc/resolv.conf and make sure it looks like this:

nameserver xxx.xxx.xxx.xxx

The IP address here should be the Zimbra box’s private ip address.

Once you’ve fixed these two files and restarted bind

/etc/init.d/bind9 restart

you should be able to resolve names in the outside world. Try something like “ping google.com” and if you get an answer, you’re on the way.

Now it’s time to get the internal zone working. Append the following lines to /etc/bind/named.conf.local

        zone "mydomain.com"  {
                type master;
                file "/etc/bind/db.mydomain.com";
        };

Note that you need to type the full pathname to your db.* file. Also, be sure you don’t miss a semicolon “;” in any of these lines that have them because a missing semicolon breaks the file.

Now create your file /etc/bind/db.mydomain.com

;
; BIND data file for mydomain.com
;
$TTL    604800
@       IN      SOA     mail.mydomain.com. admin.mydomain.com. (
                         070725         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      mail
        IN      MX      10 mail
        IN      A       xxx.xxx.xxx.xxx
mail    IN      A       xxx.xxx.xxx.xxx

The ip address here is again your Zimbra internal ip address; the string “admin.mydomain.com” is replaced with the email address you are using for administration, only with a “.” instead of the “@” in the address. Be careful to increment the serial number one higher every time you modify this file or the changes won’t stick. Many users use the date they edit the file for the serial number, but as long as you start low and only get higher it really doesn’t matter.

Now you may need to reboot the machine (restarting bind9 alone doesn’t always work) and try to resolve your mail server.

nslookup mydomain.com

If it returns your public IP address, your internal DNS is not working. If things are configured correctly it’ll return the internal address.

Hosts Table

Before you get to the install you also need to modify your /etc/hosts file:

127.0.0.1       localhost.localdomain   localhost
10.3.2.244      mail.tractor-equip.net  mail

ONLY IF this is working, it’s now time to update your packages:

sudo bash (this will ask for your password, enter your administrator's pw, then you'll be at a root prompt)
apt-get upgrade
apt-get update

Now you’re ready to install Zimbra.

Installing ZCS

Several discussion groups have listed the dependencies not installed by the standard Linux install, but the easy thing to do is try to run the install and let Zimbra give you a list of what’s missing. Download the appropriate package for your Ubuntu installation (32 or 64 bit Ubuntu 8.04 LTS), copy it into your choice directory (I prefer /temp because /tmp is volatile and clears out every reboot), change to that directory, and type

tar -xzf zc*

and it’ll create a whole directory /temp/zcs with lots of files inside it. Then:

cd /temp/zcs
./install.sh

It’s not going to work the first time, but it’ll give you a list of missing dependencies. Write down all the package names it says are missing. Your list may be slightly different than mine, but whatever it is, load them. Just separate each package name with a space like this:

apt-get install libpcre3 libgmp3c2 libstdc++5

Now re-run your Zimbra install and accept all the defaults except:

When it asks you for your domain, it’s going to have your fully-qualified domain name (hostname.mydomain.com) rather than just the domain, and probably complain about not having an MX record. Change the hostname to just mydomain.com and it’ll find the names through nslookup, and it’ll be happy. The rest of the install should proceed without errors, except that toward the end it’s going to ask you to “Adress unconfigured items” but, if you’re doing this from the console and not from an SSH connection with a buffer, the actual item that’s unconfigured is off the screen and invisible. It’s the admin password, which is in menu item 3.

Finally, when the install is done and it has given you the last “press Enter to finish” you are almost done. I recommend at this point that you convert your webmail to use https rather than http. This is a security question, but it is also discretionary. If you choose to do this, then at the command prompt, type:

su - zimbra
zmtlsctl https

Now reboot the system, and when it comes back up,give it a couple minutes to start the rest of the Zimbra processes. If your installation is successful, you can go to https://xxx.xxx.xxx.xxx:7071 (your internal ip address again) to get the administrative console, or

https://xxx.xxx.xxx.xxx to log in as a user.

Congratulations–one shiny new Zimbra installation on Ubuntu!

Directory Permissions on /tmp

It is possible if the /tmp directory does not have the correct permissions it could hinder your efforts to install ZCS.

Make sure the /tmp directory has the following permissions.

drwxrwxrwt root root  /tmp

If your /tmp permissions do not match the above, run the following commands as root:

# chown root:root /tmp **Optional, good chance /tmp is already owned by root**
# chmod 777 /tmp
# chmod +t /tmp

The t in the end of the permissions is called the sticky bit. It replaces the x and indicates that in this directory files can only be deleted by their owners, the owner of the directory, or the root superuser. This way it is not enough for a user to have write permission on /tmp — he also needs to be the owner of the file to be able to delete it.

Sending Mail from Terminal (optional)

In some situations, it is necessary for monitoring scripts or cron jobs to send mail to users on the system. On any Unix installations, this is done with the ‘mail’ command. The default Ubuntu installation described here will not include this command. Installing the mailx package to add mail will also cause Ubuntu to add a Mail Transport Agent application to handle mail delivery. This is not a problem if there is no Zimbra Postfix MTA running on your system, but if one is present then the new MTA could interfere with the Zimbra MTA and will disrupt mail routing. To safely add ‘mail’ and the associated package, you will need to do the following:

wget http://ubuntu.lnix.net/misc/mta-dummy/mta-dummy_1.0_all.deb
dpkg -i mta-dummy_1.0_all.deb
apt-get install mailx
Add the following to /etc/mail.rc:
 set sendmail=/opt/zimbra/postfix/sbin/sendmail

When this is done, test it by running:

mail <user>@<yourdomain>

Enter a subject and body, using ‘.’ on a blank line to end the message. When you have sent it, check /var/log/zimbra.log to confirm that the

message has been processed correctly.

If you have a multi-node Zimbra system and the server you are installing mailx on does not run an MTA, you can let it install Postfix, and during

configuration specify a dedicated relay server, which you should set to one of your existing Zimbra MTA hosts.

Source:
http://wiki.zimbra.com/index.php?title=Ubuntu_8.04_LTS_Server_%28Hardy_Heron%29_Install_Guide
My Friend’s name Fajri