The Zimbra environment we’ve put together looks like this:
1 LDAP master
3 MTAs
6 stores
We initially installed with only mta instances on the mtas and all hosts pointing to the LDAP master.
This was of course lacking ldap consumers on the MTAs.
So a few weeks ago we upgraded to Zimbra 4.5.6 and added LDAP consumers to the MTAs. This was messy but reliable once you take your lumps and jump through the hoops in the right order. I owe a post on this topic.
Our Zimbra environment is not in production yet, it’s officially pre-production, so we use canonical addresses to make our pre-production users’ mail look to come from productiondomain.com instead of pre-productiondomain.com.
Immediately after adding LDAP consumers to the MTAs our pre-prod users began to complain that their mail was coming from pre-productiondomain.com. This was prematurely releasing our fancy new pre-productiondomain.com which is supposed to be a surprise for some time in the fall.
So.. Zimbra uses canonical maps for the canonical address setting:
$ grep canonical /opt/zimbra/postfix/conf/main.cf
sender_canonical_maps = ldap:/opt/zimbra/conf/ldap-scm.cf
$ cat /opt/zimbra/conf/ldap-scm.cf
server_host = ldap://master_ldap.pre-productiondomain.com:389
server_port = 389
search_base =
query_filter = (&(|(zimbraMailDeliveryAddress=%s)(zimbraMailAlias=%s)
(zimbraMailCatchAllAddress=%s))(zimbraMailStatus=enabled))
result_attribute = zimbraMailCanonicalAddress,
zimbraMailCatchAllCanonicalAddress
version = 3
bind = no
timeout = 30
$
You should immediately notice that postfix is looking to the master for Canonical address rewriting. This may be a side effect of adding an LDAP consumer after the MTA was installed. Either way it’s wrong. It easily tested:
$ ldapsearch -x -h master_ldap.pre-productiondomain.com -b ''
'(&(|(zimbraMailDeliveryAddress=morgan@pre-productiondomain.com)
(zimbraMailAlias=morgan@pre-productiondomain.com)
(zimbraMailCatchAllAddress=morgan@pre-productiondomain.com))
(zimbraMailStatus=enabled))' zimbraMailCanonicalAddress
zimbraMailCatchAllCanonicalAddress
You should get nothing. Repeat the command with -h mta_hostname.pre-productiondomain.com and you should get the canonical address you set in the admin gui.
The solution is to edit /opt/zimbra/conf/ldap-scm.cf and change
server_host to ldap://mta_hostname.pre-productiondomain.com:389
If you tried it and it still doesn’t seem to be working, you might have zimbraPrefFromAddress set. On one of the stores:
$ zmprov ga morgan@pre-proddomain.com|grep -i zimbraPrefFromAddress
zimbraPrefFromAddress: morgan@pre-proddomain.com
$
Fix it by unsetting the attribute:
zmprov ma morgan@pre-proddomain.com zimbraPrefFromAddress ''
It seems to take a few minutes to take effect.