[SOLVED] Howto: Bind to one specific IP / Listen to one IP

[Rubão]

Wouldn't be any security concern about to change something listening in localhost to a public interface?

[carnold]

Hate to drag out this thread again but we are having problems since the upgrade to 6.0.5. Since then, we can not get our (edirectory)ldap to start unless we stop zimbra start the (edirectory)ldap and then start zimbra. I have gone over both zimbra and (edirectory)ldap to re-bind both to a separate ip address. In our testing to see which one is the problem, it seems something might have changed in zimbra since 6.0.3? I know that in one zimbra release, the upgrades now keep the ldap config in tact. Here are some things i noticed in this thread that i was not able to find in our install:
In the zimbra java heading of the first post, we do not have:
zimbraImapSSLBindAddress
zimbraLmtpSSLBindAddress

Anyone else experiencing issues since an upgrade?

[EDIT]Well, i don't know if this is the problem or not but i found my postfix master.cf will not keep the edit. I shut down zimbra and make the edit to master.cf then start zimbra and the edit to master.cf is gone? Anyone else experiencing this?
The master.cf file i am editing is located in /opt/zimbra/postfix/conf/master.cf. There is also another master.cf located in /opt/zimbra/postfix.2.6.5.2z/conf/master.cf and this appears to be the file that gets rewritten upon startup. The permissions on that file are 440, should i even mess with these?[/EDIT]
[EDIT]Found the /opt/zimbra/postfix2.6.5.2z/conf/master.cf.in file is in fact the one to edit. This file has the info that gets written to the other master.cf files. Now, the master.cf files have the correct edit and hold the edit during a restart. And that was in fact the problem as to why our other (edirectory)ldap was not starting. Tested and verified.[/EDIT]

[sdetheridge]

I can't get this to work with Zimbra 7. It appears that it's not respecting the zimbraIMBindAddress option.

I've reconfigured postfix (master.cf.in), jetty (jetty.xml.in and friends) as well as setting zimbraPopBindAddress, zimbraPopSSLBindAddress, zimbraIMBindAddress, zimbraImapBindAddress, zimbraImapSSLBindAddress, and zimbraLmtpBindAddress. The suggestion is that this should be enough to get Zimbra listening on a single IP address.

What actually happens is that six ports remain open on my second IP. This page suggests that the open ports on my second IP are all to do with xmpp. Changing zimbraIMBindAddress has no effect. For ref, I have definitely set zimbraIMBindAddress correctly. I've tried unsetting it and setting it again, and I have restarted zimbra between changes.:

Code:

sudo -u zimbra /opt/zimbra/bin/zmprov -l gs my.server.name zimbraIMBindAddress xxx.xxx.xxx.33
# name my.server.name
zimbraIMBindAddress: xxx.xxx.xxx.33

Below is what nmap says about the open ports on both my IPs. If I stop Zimbra, all but port 22 are closed.

Code:

Starting Nmap 4.53 ( Insecure.Org - Nmap Free Security Scanner, Tools & Hacking resources ) at 2011-03-18 17:02 GMT
Interesting ports on x.x.x.33:
Not shown: 65515 closed ports
PORT      STATE SERVICE
22/tcp    open  ssh
25/tcp    open  smtp
80/tcp    open  http
110/tcp   open  pop3
143/tcp   open  imap
389/tcp   open  ldap
465/tcp   open  smtps
587/tcp   open  submission
993/tcp   open  imaps
995/tcp   open  pop3s
5222/tcp  open  unknown
5223/tcp  open  unknown
5269/tcp  open  unknown
7025/tcp  open  unknown
7071/tcp  open  unknown
7072/tcp  open  unknown
7335/tcp  open  unknown
7777/tcp  open  unknown
7780/tcp  open  unknown
10015/tcp open  unknown

Interesting ports on x.x.x.34:
Not shown: 65529 closed ports
PORT      STATE SERVICE
5222/tcp  open  unknown
5223/tcp  open  unknown
5269/tcp  open  unknown
7335/tcp  open  unknown
7777/tcp  open  unknown
10015/tcp open  unknown

Nmap done: 2 IP addresses (2 hosts up) scanned in 32.479 seconds