Canonical address configuration in multi-server Zimbra

Leave a reply

The Zimbra environment we’ve put together looks like this:
1 LDAP master
3 MTAs
6 stores

We initially installed with only mta instances on the mtas and all hosts pointing to the LDAP master.
This was of course lacking ldap consumers on the MTAs.

So a few weeks ago we upgraded to Zimbra 4.5.6 and added LDAP consumers to the MTAs. This was messy but reliable once you take your lumps and jump through the hoops in the right order. I owe a post on this topic.

Our Zimbra environment is not in production yet, it’s officially pre-production, so we use canonical addresses to make our pre-production users’ mail look to come from productiondomain.com instead of pre-productiondomain.com.

Immediately after adding LDAP consumers to the MTAs our pre-prod users began to complain that their mail was coming from pre-productiondomain.com. This was prematurely releasing our fancy new pre-productiondomain.com which is supposed to be a surprise for some time in the fall.

So.. Zimbra uses canonical maps for the canonical address setting:

$ grep canonical /opt/zimbra/postfix/conf/main.cf
sender_canonical_maps = ldap:/opt/zimbra/conf/ldap-scm.cf
$ cat /opt/zimbra/conf/ldap-scm.cf
server_host = ldap://master_ldap.pre-productiondomain.com:389
server_port = 389
search_base = 
query_filter = (&(|(zimbraMailDeliveryAddress=%s)(zimbraMailAlias=%s)
(zimbraMailCatchAllAddress=%s))(zimbraMailStatus=enabled))
result_attribute = zimbraMailCanonicalAddress,
zimbraMailCatchAllCanonicalAddress
version = 3
bind = no
timeout = 30
$

You should immediately notice that postfix is looking to the master for Canonical address rewriting. This may be a side effect of adding an LDAP consumer after the MTA was installed. Either way it’s wrong. It easily tested:


$ ldapsearch -x -h master_ldap.pre-productiondomain.com -b '' 
'(&(|(zimbraMailDeliveryAddress=morgan@pre-productiondomain.com)
(zimbraMailAlias=morgan@pre-productiondomain.com)
(zimbraMailCatchAllAddress=morgan@pre-productiondomain.com))
(zimbraMailStatus=enabled))' zimbraMailCanonicalAddress 
zimbraMailCatchAllCanonicalAddress

You should get nothing. Repeat the command with -h mta_hostname.pre-productiondomain.com and you should get the canonical address you set in the admin gui.

The solution is to edit /opt/zimbra/conf/ldap-scm.cf and change
server_host to ldap://mta_hostname.pre-productiondomain.com:389

If you tried it and it still doesn’t seem to be working, you might have zimbraPrefFromAddress set. On one of the stores:


$  zmprov ga morgan@pre-proddomain.com|grep -i zimbraPrefFromAddress
zimbraPrefFromAddress: morgan@pre-proddomain.com
$

Fix it by unsetting the attribute:


zmprov ma morgan@pre-proddomain.com zimbraPrefFromAddress ''

It seems to take a few minutes to take effect.

This entry was posted in Messaging, Zimbra on by .

About morgan

Morgan is a freelance IT consultant living in Philadelphia. He lives with his girlfriend in an old house in Fishtown that they may never finish renovating. His focus is enterprise Messaging (think email) and Directory. Many of his customers are education, school districts and Universities. He also gets involved with most aspects of enterprise Linux and UNIX (mostly Solaris) administration, Perl, hopefully Ruby, PHP, some Java and C programming. He holds a romantic attachment to software development though he spends most of his time making software work rather than making software. He rides motorcycles both on and off the track, reads literature with vague thoughts of giving up IT to teach English literature.

Leave a Reply

Your email address will not be published. Required fields are marked *