Hi guys,
I've read a lot of questions how to bind zimbra to only one specific IP address, even if you have more than one IP on your linux host.
In this post I want to give you a small howto and tell you a little bit about my experiences with binding zimbra to only one IP.
I've tested these options with Zimbra 4.5 Open-Source Edition.
Attention: As Zimbra 5 uses jetty instead of tomcat this howto is not completely compatible with Zimbra 5!
First of all, what services do we have and how do they bind by default:
- postfix (smtp): binds to any IP and to localhost
- amavisd-new: binds to localhost
- mysql: binds to localhost
- ldap: binds one IP (that hostname) given at setup
- clamd: binds to any IP
- Tomcat (http, https, ..): binds to any IP
- Zimbra java (imap(s), pop3(s)): binds to any IP
- Apache (ispell, Port 7780): binds to any IP
So the services amavisd-new, mysql and ldap behave already very cooperative.
postfix:
Postfix binds to any IP by default. You can change its behaviour by modifying
postfix-2.2.9/conf/master.cf to (replace
vvv.xxx.yyy.zzz with yourIP):
Code:
#=========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
vvv.xxx.yyy.zzz:smtp inet n - n - - smtpd
(Hint for those who could ask: It is not a good idea to use
smtp_bind_address, because with this option postfix binds even for outgoing connections to the IP set and can't connect then to amavisd-new which is listening on the localhost interface)
Tomcat:
Tomcat binds to any IP by default. You can change its behaviour by adding address="..." to your apache-tomcat-5.5.15/conf/server.xml.in (replace
vvv.xxx.yyy.zzz with your IP):
Code:
...
<!-- HTTPBEGIN -->
<Connector port="%%zimbraMailPort%%"
address="vvv.xxx.yyy.zzz"
acceptCount="1024" URIEncoding="UTF-8"
...
<!-- HTTPSBEGIN
<Connector port="%%zimbraMailSSLPort%%"
address="vvv.xxx.yyy.zzz"
acceptCount="1024" URIEncoding="UTF-8"
...
<!-- admin services connector; requires SSL -->
<Connector port="7071"
address="vvv.xxx.yyy.zzz"
acceptCount="1024" URIEncoding="UTF-8"
... Zimbra java
The Zimbra services listen to any IP address by default.
The Zimbra java application reads its configuration values for imap, pop3, imaps, pop3s from the ldap directory. Although there is no possibility to change its listening ip address by the webinterface (ok, there is one, but only for pop3) it is possible by directly adding the config params into ldap.
So you first have to connect to the ldap server (i.e. with the ldap browser at
http://www.iit.edu/~gawojar/ldap). Read Ldap hints* for more information how to connect.
Now you can add the following attributes (as String) under the directory
cn=servers,cn=<your zimbra servers hostname> and give them your IP
vvv.xxx.yyy.zzz as value:
- zimbraPop3BindAddress
- zimbraPop3SSLBindAddress
- zimbraImapBindAddress
- zimbraImapSSLBindAddress
- zimbraLmtpSSLBindAddress
Apache:
Apache binds to any IP by default. Edit conf/apache.conf and modify the following lines (replace
vvv.xxx.yyy.zzz with your IP):
Code:
...
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
#Listen 12.34.56.78:80
Listen vvv.xxx.yyy.zzz:7780
#
# Dynamic Shared Object (DSO) Support
#
...
clamd: Attention: not tested yet, it is better to leave these settings untouched!
clamd binds to any IP address by default. Edit conf/clamd.conf.in and remove the # from the following line:
Code:
# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world.
# Default: disabled
TCPAddr 127.0.0.1
Problems:
- 02-04-2007: Don't know if its really because of the settings above, but the simple Client refuses to work: (A network service error has occurred (zclient/io).
- 02-05-2007: All of this will be overwritten on upgrade, so save your changes, and when you do upgrade, re-apply them (but DO NOT simply replace the new configs with the old, since that will probably break your install).
Thats it:
Ok, thats it. It is a good idea to stop all services except of ldap before doing these modification. After a restart of zimbra all services either bind to localhost or to your specified IP. As you see, most of the config params can only be set AFTER installation!
I hope it helps somebody. Please post your questions/comments/...
I'll try to keep this thread up-to-date and extend it with the comments/tips others have written in this thread.
Greets
MrDigi
-----
*Ldap hints:- Host: your zimbra server
- Port: 389
- Version: 3
- Base dn: zimbra
- don't bind anonymous, but:
- User DN: uid=zimbra, cn=admins, cn=zimbra
- Password: your ldap password (you get it by executing: su - zimbra -c "/opt/zimbra/bin/zmlocalconfig -s |grep ldap_root_password"
Bugzilla
Wiki
Source
[SOLVED] Howto: Bind to one specific IP / Listen to one IP 
Vote for this 
Linear Mode
