Zimbra Open Source - Questions

[geek876]

Hi All,

I have installed Zimbra Community Edition to support multiple domains. It is a single server setup. I had few question so would appreciate if someone would guide me/assist me. Thanks in advance.

(1) DNS
We have a typical Firewall/NAT Environment so the zimbra server has an internal IP and an external IP. We have configured the server so that when it tries to resolve its own name, it always gets the internal IP. I think this is what is required anyway.
(2) MX Pointers for domains
For Each domain (ex: domain1.com), within the domain’s DNS, we setup an MX entry with priority 0, host ‘@’ pointing to mail.domain1.com. Then setup an A entry of mail.domian1.com to point to zimbra server’s external IP address. Is this ok? Also, we setup a reverse DNS pointer within the domain1.com’s DNS so that the external IP address of zimbra server points to mail.domain1.com.

Questions:
(1) Currently, our users type the external ip address of the zimbra server to pick up their emails via the zimbra web client. We want that they should be able to type mail.domain1.com (mail.domain2.com ...) and get the zimbra client login page but this is not happening...any idea if this is possible? Just to add, mail.domain1.com, mail.domain2.com etc all point to the Zimbra Server’s External IP Address
(2) Is there a way to force client’s web access over SSL?
(3) Finally, reverse DNS lookup... As explained above, for each domain, we have a reverse pointer of zimbra’s external IP address pointing at mail.domainx.com, so if we have 3 domains, we would have 3 entries

External IP -> mail.domain1.com (within domain1’s DNS)
External IP -> mail.domain2.com (within domain2’s DNS)
External IP -> mail.domain3.com (within domain3’s DNS)

I believe the reverse DNS entries are sometime required by some email servers as a security check to establish the IP/DNS of the sending server, would the above setup work as a reverse lookup for Zimbra Server’s external IP is going to give 3 values back..

Once again thanks a lot for taking time to read this post

[phoenix]

Quote:

Originally Posted by geek876

Questions:
(1) Currently, our users type the external ip address of the zimbra server to pick up their emails via the zimbra web client. We want that they should be able to type mail.domain1.com (mail.domain2.com ...) and get the zimbra client login page but this is not happening...any idea if this is possible? Just to add, mail.domain1.com, mail.domain2.com etc all point to the Zimbra Server’s External IP Address

That would work if you had valid DNS record for the server.

Quote:

Originally Posted by geek876

(2) Is there a way to force client’s web access over SSL?

Why not set ZCS to https mode (covered in the forums and the documentation).

Quote:

Originally Posted by geek876

(3) Finally, reverse DNS lookup... As explained above, for each domain, we have a reverse pointer of zimbra’s external IP address pointing at mail.domainx.com, so if we have 3 domains, we would have 3 entries

No you wouldn't, you only have a reverse IP address for the primary domain on the server and that can only be configured by your ISP.

[geek876]

Bill,

First of all thanks a lot for your replies...Much appreciated...

I am not entirely clear on the Reverse DNS bit though...

Our Zimbra Server is on a domain of its own ex: zimbra.mydomain.com with an external and an internal IP.

There are 2 domains on zimbra, domain1.com and domain2.com

So are you saying that as long as I have a reverse pointer of external IP -> zimbra.mydomin.com it should work FOR ALL DOMAINS? I don’t need external IP -> mail.domain1.com and external IP -> mail.domain2.com ?

[Eclipse]

This command forces Zimbra to use https for the weblogin

Code:

zmtlsctl https

Run as the zimbra user

[geek876]

Quote:

Originally Posted by Eclipse

This command forces Zimbra to use https for the weblogin

Code:

zmtlsctl https

Run as the zimbra user

Thanks your reply.

[blason]

mail.domain.com mail1.domain1.com shoudl be able to resolve by DNS A entires of add CNAME entries.

[bofh]

BTW
using cnames as mx records isnt rfc complaint and i know some mailserver will reject sending mails to you or rejeckt mails from you - this just for the record

anyway there only few mailserver beeing that strict and for an hosting company its a commong thing using cname for mx records

i personally would not use mx entry like you do like
example.net = customer domain
zimbra.example.com = your zimbra host

(sorry i use example in both but those are the rfc complaint domainname for documentation



example.net - domain - currently as i understand your post

Code:

@                        IN MX 10   zimbra.example.com.

Because if your customers want to use their own domain to login like
whatever.example.net - you have to set an additional host entry for that ip



instead i would use
example.net - domain

Code:

@                        IN MX 10 whatever.example.net.
whatever IN CNAME  zimbra.example.com.

example.com - your primary domain outside DNS

Code:

zimbra IN A  external.ip.adress.

example.com - your primary domain INTERNAL DNS

Code:

zimbra IN A  192.168.0.222

In zimbra config you can simply add domains with
example.net


That way customers can use whatevertheywant.example.net as their own login without any additional dns config and you can still switch the external ip adresse pretty quickly
(make shure your primary external DNS entry has a very ultra low ttl that way you can switch within one minute or so)

i know its almost the same as your config but its a bit cleaner


REverse entry:
you set only zimbra.example.com = external ip as reverse entry
thats it

No you dont need an external ip each domain - that would be supernonsense - even better its possible but pretty hard to let zimbra use multiple ips for multiple domains

and it doenst matter - in fact all you domains use your primary domain as mailserver / sender / reciever so to the outside you additional domains dont have their real own mail server they just use the primary

if a mail comes in it gets delivered to the primary domain - zimbra sort it out and delivers to the approbiate account -
when you send mails - sending domain is the additional but sending by is always primary

so its not nessesary having each additional domain an additional ip or ssl cert


however if you want to login by whatever.example.net without an security warning you need an ssl cert

[blason]

Nah..I didnt mean to add CNAME for your MX record. CNAME record can be added for your webmail record.

Like

mail.example.com is my MX Record and A record as well and if I dont people to use mail.example.com as URL then I would use webmail.example.com as a CNAME to mail.example.com

[bofh]

shure it can
but point is by cnaming the mx records you can switch all domains to a new ip in no time

of course if you got only 4 domains it doenst really matter
if you got a couple hundred it does - you may can script a dns change across hundreds of dns records but that may not relyable

thats why its common practise to cname the mx a record