I've read a lot of questions how to bind zimbra to only one specific IP address, even if you have more than one IP on your linux host.
In this post I want to give you a small howto and tell you a little bit about my experiences with binding zimbra to only one IP.
I've tested these options with Zimbra 4.5 Open-Source Edition.
Attention: As Zimbra 5 uses jetty instead of tomcat this howto is not completely compatible with Zimbra 5!
First of all, what services do we have and how do they bind by default:
- postfix (smtp): binds to any IP and to localhost
- amavisd-new: binds to localhost
- mysql: binds to localhost
- ldap: binds one IP (that hostname) given at setup
- clamd: binds to any IP
- Tomcat (http, https, ..): binds to any IP
- Zimbra java (imap(s), pop3(s)): binds to any IP
- Apache (ispell, Port 7780): binds to any IP
So the services amavisd-new, mysql and ldap behave already very cooperative.
Postfix binds to any IP by default. You can change its behaviour by modifying postfix-2.2.9/conf/master.cf to (replace vvv.xxx.yyy.zzz with yourIP):
(Hint for those who could ask: It is not a good idea to use smtp_bind_address, because with this option postfix binds even for outgoing connections to the IP set and can't connect then to amavisd-new which is listening on the localhost interface)
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
vvv.xxx.yyy.zzz:smtp inet n - n - - smtpd
Tomcat binds to any IP by default. You can change its behaviour by adding address="..." to your apache-tomcat-5.5.15/conf/server.xml.in (replace vvv.xxx.yyy.zzz with your IP):
<!-- HTTPBEGIN -->
<!-- admin services connector; requires SSL -->
The Zimbra services listen to any IP address by default.
The Zimbra java application reads its configuration values for imap, pop3, imaps, pop3s from the ldap directory. Although there is no possibility to change its listening ip address by the webinterface (ok, there is one, but only for pop3) it is possible by directly adding the config params into ldap.
So you first have to connect to the ldap server (i.e. with the ldap browser at http://www.iit.edu/~gawojar/ldap). Read Ldap hints* for more information how to connect.
Now you can add the following attributes (as String) under the directory cn=servers,cn=<your zimbra servers hostname> and give them your IP vvv.xxx.yyy.zzz as value:
Apache binds to any IP by default. Edit conf/apache.conf and modify the following lines (replace vvv.xxx.yyy.zzz with your IP):
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
# Dynamic Shared Object (DSO) Support
Attention: not tested yet, it is better to leave these settings untouched!
clamd binds to any IP address by default. Edit conf/clamd.conf.in and remove the # from the following line:
# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world.
# Default: disabled
- 02-04-2007: Don't know if its really because of the settings above, but the simple Client refuses to work: (A network service error has occurred (zclient/io).
- 02-05-2007: All of this will be overwritten on upgrade, so save your changes, and when you do upgrade, re-apply them (but DO NOT simply replace the new configs with the old, since that will probably break your install).
Ok, thats it. It is a good idea to stop all services except of ldap before doing these modification. After a restart of zimbra all services either bind to localhost or to your specified IP. As you see, most of the config params can only be set AFTER installation!
I hope it helps somebody. Please post your questions/comments/...
I'll try to keep this thread up-to-date and extend it with the comments/tips others have written in this thread.
- Host: your zimbra server
- Port: 389
- Version: 3
- Base dn: zimbra
- don't bind anonymous, but:
- User DN: uid=zimbra, cn=admins, cn=zimbra
- Password: your ldap password (you get it by executing: su - zimbra -c "/opt/zimbra/bin/zmlocalconfig -s |grep ldap_root_password"