[SOLVED] raj, Phoenix, Uxbod, and the rest. Help with Split Domain :)

[borngunners]

I have followed the split domain wiki, but does not seem to have helped.
I believe one of you might have an answer to my headache. I want to enjoy the wonders of zimbra, but I am currently not seeing it happening. I want to migrate from my old server(secondary) to zimbra(primary). It has not been like that for me. Below are the information that I have so far and questions.

This is my configuration for my primary MX:

Quote:

alias_maps = hash:/etc/aliases
bounce_queue_lifetime = 5d
broken_sasl_auth_clients = yes
command_directory = /opt/zimbra/postfix/sbin
config_directory = /opt/zimbra/postfix-2.6.2.2z/conf
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /opt/zimbra/postfix/libexec
disable_dns_lookups = no
header_checks =
in_flow_delay = 1s
lmtp_connection_cache_destinations =
lmtp_connection_cache_time_limit = 4s
lmtp_host_lookup = dns
local_header_rewrite_clients = permit_mynetworks,permit_sasl_authenticated
mail_owner = postfix
mailbox_size_limit = 0
mailq_path = /opt/zimbra/postfix/sbin/mailq
manpage_directory = /opt/zimbra/postfix/man
maximal_backoff_time = 4000s
message_size_limit = 50000000
minimal_backoff_time = 300s
mydestination = localhost
myhostname = zimbra.my.aacount.com
mynetworks = 127.0.0.0/8 192.168.1.0/24
newaliases_path = /opt/zimbra/postfix/sbin/newaliases
propagate_unmatched_extensions = canonical
queue_directory = /opt/zimbra/data/postfix/spool
queue_run_delay = 300s
recipient_delimiter =
relayhost = my.aacount.com:25
sender_canonical_maps = proxy:ldap:/opt/zimbra/conf/ldap-scm.cf
sendmail_path = /opt/zimbra/postfix/sbin/sendmail
setgid_group = postdrop
smtp_sasl_mechanism_filter = plain,login
smtp_sasl_security_options = noanonymous
smtp_tls_security_level = may
smtp_use_tls = yes
smtpd_client_restrictions = reject_unauth_pipelining
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_helo_required = yes
smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination,
reject_unlisted_recipient, reject_unknown_recipient_domain, reject_unverified_recipient, reject_rbl_client zen.spamhaus.org, reject_rbl_client
bl.spamcop.net, reject_rbl_client dnsbl-1.uceprotect.net, reject_rbl_client ix.dnsbl.manitu.net, reject_rbl_client dyna.spamrats.com,
reject_rbl_client noptr.spamrats.com, reject_rbl_client all.rbl.jp, reject_rbl_client safe.dnsbl.sorbs.net, reject_rbl_client
b.barracudacentral.org, reject_rbl_client psb.surriel.com, reject_rbl_client dnsbl.ahbl.org, reject_rbl_client dnsbl.njabl.org,
reject_rbl_client bhnc.njabl.org, reject_rbl_client dnsbl.dronebl.org, reject_rbl_client rabl.nuclearelephant.com, reject_rbl_client
multi.uribl.com, reject_rbl_client 0spam.fusionzero.com, reject_rbl_client 0spam-killlist.fusionzero.com, permit
smtpd_reject_unlisted_recipient = no
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /opt/zimbra/conf/smtpd.crt
smtpd_tls_key_file = /opt/zimbra/conf/smtpd.key
smtpd_tls_loglevel = 1
smtpd_tls_security_level = may
transport_maps = proxy:ldap:/opt/zimbra/conf/ldap-transport.cf
virtual_alias_domains = proxy:ldap:/opt/zimbra/conf/ldap-vad.cf
virtual_alias_maps = proxy:ldap:/opt/zimbra/conf/ldap-vam.cf
virtual_mailbox_domains = proxy:ldap:/opt/zimbra/conf/ldap-vmd.cf
virtual_mailbox_maps = proxy:ldap:/opt/zimbra/conf/ldap-vmm.cf
virtual_transport = error

Also, this is my current configuration for the server that I want to make the secondary MX:

Quote:

body_checks = regexp:/usr/local/etc/postfix/body_checks
bounce_queue_lifetime = 2d
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix
debug_peer_level = 2
header_checks = regexp:/usr/local/etc/postfix/header_checks
home_mailbox = Maildir/
html_directory = no
mail_owner = postfix
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
maximal_queue_lifetime = 2d
message_size_limit = 15360000
mydestination = $myhostname
mydomain = account.com
myhostname = my.account.com
mynetworks = 192.168.1.0/24, 192.168.134.0/24
myorigin = $myhostname
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, check_helo_access hash:/usr/local/etc/postfix/helo_access, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname
smtpd_recipient_restrictions = permit_mynetworks, check_sender_access hash:/usr/local/etc/postfix/sender_access, check_recipient_access
hash:/usr/local/etc/postfix/recipient_access, reject_unauth_destination, reject_non_fqdn_recipient, reject_unknown_recipient_domain,
reject_unlisted_sender, reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org, reject_rbl_client combined.njabl.org,
reject_rbl_client l2.spews.dnsbl.sorbs.net, reject_rbl_client list.dsbl.org, reject_rbl_client sbl-xbl.spamhaus.org,
check_policy_service inet:127.0.0.1:10023
smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain
unknown_local_recipient_reject_code = 550

Now:
what extra changes do I have to make on the last configuration to make it the secondary MX?

How do I make it known to the secondary MX that some accounts now resides on the primary MX and those accounts should receive emails from accounts in the secondary MX?

How to let all valid domain emails coming from the outside are being accepted instead of being rejected when I make the MX records changes?

Note*
I want to be able to migrate users one at a time from accounts currently on my email server to the primary email server that I just created. The domain that will be the primary email server is zimbra.my.account.com and in it, I will have the my.account.com domain.

Also, the domain for my current email server is my.account.com, which I am trying to make the secondary email server after configuring the MX records.

Remember, I still want to be able to use my same domain name (my.account.com) in both servers.

I did a relayhost on the primary MX zimbra.my.account.com that seems to be relaying some emails and rejecting most valid emails.

When I try to send emails from account on the primary server to accounts on the secondary server, it loops back to itself even though i did not tell the primary server that those accounts now resides on it. And the command for that will be:

Quote:

$ zmprov ma bar@my.account.com zimbraMailTransport lmtp:zimbra.my.account.com:7025

The above command tells the primary MX that mails for the bar account now receive emails on the primary MX

The command below adds that account to the primary MX zimbra.my.account.com but transport emails to my.account.com

Quote:

$ zmprov ma bar@my.account.com zimbraMailTransport smtp:my.account.com:25

[soxfan]

Have you considered doing things the other way around; keep your existing server as primary and making Zimbra the secondary? I only ask because this is the way I did my migration from an existing Postfix email server and it was pretty easy to setup.

[borngunners]

If I make zimbra the secondary, will the user still use zimbra as there default email. The features and functionalities in zimbra is more appealing than what I currently have. That will be good as well, but I am looking for zimbra to be the server that users get there mail directly from instead of the current one.
Any more suggestions will be accepted. Can you email me the steps that you use to make your current postfix the primary and zimbra the secondary. I am not sure what difference there will be if I do it the other way round. OR are you suggesting doing that then after all the migration of accounts, I switch the zimbra as the primary and the postfix as the secondary?
Thanks for your concern

[soxfan]

Quote:

If I make zimbra the secondary, will the user still use zimbra as there default email. The features and functionalities in zimbra is more appealing than what I currently have. That will be good as well, but I am looking for zimbra to be the server that users get there mail directly from instead of the current one.

Yes, if you make Zimbra the secondary the users (as you migrate them) will have all the features and functionality of Zimbra. It is just that your current email server will still handle incoming messages first and then pass them off to the Zimbra server.

Quote:

Can you email me the steps that you use to make your current postfix the primary and zimbra the secondary.

You need to follow the steps in the Split Domain wiki page to configure Zimbra as the secondary server. Just go right down the line and execute the given commands, replacing "@examle.com" with your email domain and mail.example.com with the FQDN of your current email server.

Then on your existing Postfix email server as you migrate users over to Zimbra add a line to the transport table that looks something like this:

Code:

jdoe@example.com   smtp:[zimbraserver.example.com]

Be sure to rebuild the transport table using 'postmap transport' after you make any changes. Now email that hits your existing server for user jdoe@example.com, in this case, will be forwarded to your Zimbra server.

Once you've migrated all your users over to the Zimbra server you will need to update the MX records in your DNS to point to the Zimbra server. You will also need to back out the 'zmprov' changes that you made based on the wiki page.

HTH,
John

[borngunners]

I followed the instruction in the wiki for zimbra as a secondary server. This is the command and the output that I have:

Quote:

zimbra@zimbra:/root$ zmprov md my.account.com zimbraMailCatchAllAddress @my.account.com
zimbra@zimbra:/root$ zmprov md my.account.com zimbraMailCatchAllForwardingAddress @my.account.com
zimbra@zimbra:/root$ zmprov md my.account.com zimbraMailTransport smtp:my.account.com
zimbra@zimbra:/root$ zmprov mcf zimbraMtaRelayHost my.account.com
zimbra@zimbra:/root$ zmprov mcf zimbraMtaDnsLookupsEnabled FALSE
zimbra@zimbra:/root$ clear
zimbra@zimbra:/root$ postfix stop
postfix/postfix-script: stopping the Postfix mail system
zimbra@zimbra:/root$ postfix start
postfix/postfix-script: warning: not owned by root: /opt/zimbra/data/postfix/spool
postfix/postfix-script: warning: not owned by root: /opt/zimbra/postfix-2.6.2.2z/conf/main.cf
postfix/postfix-script: warning: not owned by root: /opt/zimbra/postfix-2.6.2.2z/conf/master.cf
postfix/postfix-script: warning: not owned by root: /opt/zimbra/postfix-2.6.2.2z/conf/master.cf.in
postfix/postfix-script: warning: not owned by postfix: /opt/zimbra/data/postfix/./spool/pid/unix.smtp
postfix/postfix-script: warning: not owned by postfix: /opt/zimbra/data/postfix/./spool/pid/inet.127.0.0.1:10025
postfix/postfix-script: warning: not owned by postfix: /opt/zimbra/data/postfix/./spool/pid/unix.smtp-amavis
postfix/postfix-script: warning: not owned by postfix: /opt/zimbra/data/postfix/./spool/pid/unix.showq
postfix/postfix-script: warning: not owned by postfix: /opt/zimbra/data/postfix/./spool/pid/unix.cleanup
postfix/postfix-script: warning: not owned by postfix: /opt/zimbra/data/postfix/./spool/pid/unix.bounce
postfix/postfix-script: warning: not owned by postfix: /opt/zimbra/data/postfix/./spool/pid/master.pid
postfix/postfix-script: warning: not owned by postfix: /opt/zimbra/data/postfix/./spool/pid/unix.error
postfix/postfix-script: warning: not owned by postfix: /opt/zimbra/data/postfix/./spool/pid/unix.lmtp
postfix/postfix-script: warning: not owned by postfix: /opt/zimbra/data/postfix/./spool/pid/inet.smtp
postfix/postfix-script: starting the Postfix mail system
zimbra@zimbra:/root$

Also, you stated that I should enter the following command in the transport table:

Quote:

jdoe@example.com smtp:[zimbraserver.example.com]

and also do the following postmap command:

Quote:

transport_maps = hash:/usr/local/etc/postfix/transport

after removing the "#" sign from the front of it in main.cf, is that right?

Quote:

Once you've migrated all your users over to the Zimbra server you will need to update the MX records in your DNS to point to the Zimbra server. You will also need to back out the 'zmprov' changes that you made based on the wiki page.

What command do you use to back out all zmprov command that i use to setup zimbra as a secondary mail server

[soxfan]

The transport table stuff is to be done on your existing (primary) email server. Yes, you would need to remove the "#" in the main.cf file in front of the transport_table line. Just make sure that when you create/edit the transport file you are working in the same location specified in main.cf (in your case /usr/local/etc/postfix/transport).

Just to be clear, when you setup your Zimbra server you set the email domain to match your existing email server, right? You may have changed things in the info you posted so that you weren't posting your real info, but your 'zmprov' commands look a little off to me. According to your original post your email domain is 'account.com'. In this case (example) your first 'zmprov' command should be:

Code:

zmprov md account.com zimbraMailCatchAllAddress @account.com

[uxbod]

Remember main.cf will be over-written on each ZCS restart; so you have to make any changes via zmlocalconfig and zmprov for them to be persistent.

[soxfan]

Quote:

Remember main.cf will be over-written on each ZCS restart; so you have to make any changes via zmlocalconfig and zmprov for them to be persistent.

In this case the only changes to main.cf should be made on the existing, primary (non-Zimbra) server.

[borngunners]

Soxfan:
you are right. my original domain is the same like the one created in the ximbra server. it should actually be my.account.com instead of account.com.
account.com is where my DNS is being configured.
Now, if I do a catchall, wouldn't I invite spam or specidying the @domain will make it clear that only emails coming to the @domain will accept email and the rest will become spam, right?

[uxbod]

catchall = big spam bucket (unless you are harvesting them)