If you happen to have a virtualised Zimbra running on Xen on a CentOS machine, you may want to make some ports
externally available so the users are not restricted to the web client.
For this example, the external interface is 10.1.1.1 and the IP address for the virtualised Zimbra is 192.168.122.210
iptables -A PREROUTING -t nat -d 10.1.1.1 -p tcp --dport 25 -j DNAT --to 192.168.122.210:25 iptables -I FORWARD 1 -p tcp -m state --state NEW --dport 25 -d 192.168.122.210 -j ACCEPT iptables -A PREROUTING -t nat -d 10.1.1.1 -p tcp --dport 110 -j DNAT --to 192.168.122.210:110 iptables -I FORWARD 1 -p tcp -m state --state NEW --dport 110 -d 192.168.122.210 -j ACCEPT iptables -A PREROUTING -t nat -d 10.1.1.1 -p tcp --dport 143 -j DNAT --to 192.168.122.210:143 iptables -I FORWARD 1 -p tcp -m state --state NEW --dport 143 -d 192.168.122.210 -j ACCEPT iptables -A PREROUTING -t nat -d 10.1.1.1 -p tcp --dport 993 -j DNAT --to 192.168.122.210:993 iptables -I FORWARD 1 -p tcp -m state --state NEW --dport 993 -d 192.168.122.210 -j ACCEPT iptables -A PREROUTING -t nat -d 10.1.1.1 -p tcp --dport 995 -j DNAT --to 192.168.122.210:995 iptables -I FORWARD 1 -p tcp -m state --state NEW --dport 995 -d 192.168.122.210 -j ACCEPT
This way, you can have your MX record point to the external IP address.
There is a catch though, you need to set up a DNS Server within the virtualised Xen to have it
resolve your MX record name to point to the internal IP address as Zimbra does DNS lookups
Example for the DNS records for your domain:
mystartup.net MX mail.mystartup.net. mail.mystartup.net IN A 10.1.1.1
Example for the zone file on the virtualised Zimbra (named.conf):
zone "mail.mystartup.net" {
type master;
file "/etc/bind/mail.mystartup.net";
};
The actual zone file:
$TTL 604800 @ IN SOA localhost. root.localhost. ( 2 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS localhost. @ IN A 192.168.122.210 @ IN MX 10 mail.mystartup.net
That should make Zimbra happy if you have configured it to be mail.mystartup.net when installing.
Also, you can set up an apache to proxy accesses to the Zimbra web interface.ÊSimply set up a virtual host:
<VirtualHost 10.1.1.1:80>
ServerName mail.mystartup.net:80
ServerAdmin webmaster@mystartup.net
DocumentRoot /serv/mail.mystartup.net/htdocs/
ErrorLog /serv/mail.mystartup.net/logs/error.log
CustomLog /serv/mail.mystartup.net/logs/access.log combined
RedirectPermanent / https://mail.mystartup.net/
</VirtualHost>
Listen 10.1.1.1:443
<VirtualHost 10.1.1.1:443>
ServerName mail.mystartup.net:443
ServerAdmin webmaster@mystartup.net
DocumentRoot /serv/mail.mystartup.net/htdocs/
LogLevel warn
SSLEngine on
SSLProtocol All -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:+MD5
SSLCertificateFile /serv/mail.mystartup.net/ssl/mail.mystartup.net.crt
SSLCertificatekeyFile /serv/mail.mystartup.net/ssl/mail.mystartup.net.key.decrypted
<Location />
ProxyPass http://192.168.122.210/
ProxyPassReverse http://192.168.122.210/
</Location>
ErrorLog /serv/mail.mystartup.net/logs/error.log
CustomLog /serv/mail.mystartup.net/logs/access.log combined
CustomLog /serv/mail.mystartup.net/logs/ssl.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
So far, this should get you going. There is one catch though:
If you try to mail to mystartup.net from your host, this will fail.
Instead of really finding out if there was simply a routing problem I decided to fix it within the exim mailer.
Insert this as the first router in the router section of exim:
custom_router: driver = manualroute domains = mystartup.net transport = remote_smtp route_data = 192.168.122.210 same_domain_copy_routing no_more
And that should be it.
Simple Things 
Normally I do not learn post on blogs, however I would like to say that this write-up very pressured me to try and do it! Your writing style has been amazed me. Thanks, very nice article.
Thank you very much! I am glad you like my writing style and the article!
Thanks for sharing such a fastidious thinking, piece of writing is nice, thats why i have read it fully