Zimbra EMail Server on FreeBSD as Bhyve VM using IPFW


Many server operating systems, including FreeBSD, come with sendmail but sendmail by itself lacks imap and a web interface. Various mail systems include sendmail with pine, qmail, and Maia. Maia has many nice features but installation is complex and time consuming. After trying a few newer email solutions I settled on Zimbra which does not run on FreeBSD. I first ran this as a separate cloud hosted VM but when I needed to change IP I decided to reinstall as a VM on an existing FreeBSD bare metal server and save the cloud hosting fees. The bare metal server uses ipfw so we will used ipfw to forward ports for this project.

Set Phases
  1. Setting up the VM
  2. Network Configuration
  3. Installing Zimbra
  4. Checking DNS Configuration
VM & Firewall Setup

To setup bhyve to work with ipfw follow any instructions online for how to install bhyve which roughly goes like this ...

Firewall Rules


Reboot

Before reboot go back and comment the line that says firewall_script … #firewall_script=”/etc/ipfw.rules”

When the server restarts it won’t enable the rules but will be open. Then run sh /etc/ipfw.rules. If everything works as expected good, but if not you can reboot and the rules won’t be run on startup and you can get back in. For the same reason we have set default to open in /boot/loader.conf.

Intialize vm-bhyve


Setup the VM Network and VM


Installing Zimbra (the easy part)

I initially thought installing Zimbra would be the easy part and it is but after migration I made a mistake with the dnsmasq.conf which allowed operation but as I got more domains and aliases added zmconfigd and proxy failed to restart. The error caused me to reinstall more than 10 times till I figured out what was causing it. So remember server= in /etc/dnsmasq.conf is your upstream DNS server not the hypervisor host IP.

This is a good resource https://inguide.in/install-zimbra-on-ubuntu-20-04-step-by-step/



DMARC is a record that specifies what to do in case spf or dkim fails and who to email with the reports.

Please check online for specific references for setting these up with DNS and setting up letsencrypt.

Additional DNS Settings

Setting up dnsmasq is highly advised and there is one more caviat. Some mail programs on the host itself may need to send mail to the VM but won't work correctly unless the mx host is added with the VM's LOCAL IP. I discovered this when I couldn't get a wordpress site to send emails to the mail server.