Managing Domains

From Zimbra :: Wiki

Jump to: navigation, search

Contents

Creating a Domain Alias

If you have a domain domain.com and you want the domain example.com to be an alias for it, so that sending mail to user@example.com is the same as sending mail to user@domain.com (delivered to the same mailbox), you can designate example.com as a domain alias when creating the domain. Starting with ZCS 5.0.16, it is also possible to authenticate using an alias domain (log in as user@example.com), and out-of-office replies notifications can occur for messages sent to addresses in an alias domain (mail to user@example.com will generate an out-of-office reply). The examples assumes domain.com already exists, but example.com does not.

Objective attributes necessary on alias domain entry in ldap version when first available
mail delivery to alias domain zimbraMailCatchAllForwardingAddress
authentication using alias domain zimbraDomainAliasTargetId 5.0.16
out-of-office notifications sent zimbraMailCatchAllForwardingAddress,zimbraDomainAliasTargetId 5.0.12

Prior to ZCS 5.0.16

zmprov createDomain example.com zimbraDomainType alias zimbraMailCatchAllAddress @example.com zimbraMailCatchAllForwardingAddress @domain.com

ZCS 5.0.16 and later

A new command is available to create an alias domain. The basic form allows authentication against the alias domain. If you would like to create a functional domain alias, skip to the next step.

Usage:
zmprov createAliasDomain {alias-domain-name} {local-domain-name|id}  [attr1 value1 [attr2 value2...]]

Example:
zmprov createAliasDomain example.com domain.com

The createAliasDomain command does not set the zimbraMailCatchAllForwardingAddress (which was the sole objective in the pre-5.0.16 alias domain). In order to allow message delivery to the alias domain, it is still necessary to explicitly include a forward to the local target domain.

Usage:
zmprov createAliasDomain {alias-domain-name} {local-domain-name|id} zimbraMailCatchAllForwardingAddress @{local-domain-name|id}  [attr1 value1 [attr2 value2...]]

Example:
zmprov createAliasDomain example.com domain.com zimbraMailCatchAllForwardingAddress @domain.com

Relaying/Domain Forwarding

If you want the Zimbra server to relay all mail destined for a particular domain (say, example.com) to another mta (say, other-mta.domain.com), you can forward the domain.

zmprov
md example.com zimbraMailCatchAllAddress @example.com
md example.com zimbraMailCatchAllForwardingAddress @example.com 
md example.com zimbraMailTransport smtp:other-mta.domain.com

I think you can also do this as another way to make a sort of local domain alias:

zmprov
md example.com zimbraMailCatchAllAddress @example.com
md example.com zimbraMailCatchAllForwardingAddress @domain.com 
md example.com zimbraMailTransport lmtp:zimbra.domain.com

For non-zimbra domains, this might prove useful as well: Transport_Table_for_external_servers

Removal of Relaying/Domain Forwarding

If at a later date you wish to remove the domain forwarding/catchall address run the following commands:

zmprov md domain.com zimbraMailCatchAllAddress ""
zmprov md domain.com zimbraMailCatchAllForwardingAddress ""
zmprov md domain.com zimbraMailTransport lmtp:server.domain.com:7025

Where domain.com is your domain and server.domain.com is the FQDN (Fully Qualified Domain Name) of your Zimbra server.

Domain Catchall

If you want to set up an account "user@domain.com" to catch any mail not delivered to existing users in the domain "domain.com", you can configure the account as a domain catchall.

su - zimbra
zmprov modifyAccount user@domain.com zimbraMailCatchAllAddress @domain.com

If the users "john@domain.com", "webmaster@domain.com", and "xyznobody@domain.com" don't exist, and mail arrives for them, it will be delivered to the catchall account "user@domain.com". This will increase the amount of spam delivered, and can lead to being blacklisted. To remove the catchall from an email account, unset the catchall address:

zmprov modifyAccount user@domain.com zimbraMailCatchallAddress ""

Domain Masquerading

If you want mail from user@domain.com or user@zimbra.domain.com to appear to come from user@example.com, you can set the canonical address for the entire domain.

zmprov md domain.com zimbraMailCatchAllAddress @domain.com zimbraMailCatchAllCanonicalAddress @example.com
zmprov md zimbra.domain.com zimbraMailCatchAllAddress @zimbra.domain.com zimbraMailCatchAllCanonicalAddress @example.com

Additional

out of office notifications

5.0.12+ allows some additional mapping of real to alias in order to:

A) Allow auth with alias domain addresses.

B) Send out-of-office notifications for alias domains.

zmprov md aliasdomain.com zimbraDomainAliasTargetId {zimbraId-realdomain.com}

single command

5.0.16+ added the ability to do this (above) in one command:

zmprov createAliasDomain(cad) {alias-domain-name} {local-domain-name|id} [attr1 value1 [attr2 value2...]]

cad sets zimbraDomainType, zimbraDomainAliasTargetId, & zimbraMailCatchAllAddress

(if you want to forward mails from aliasdomain.com to realdomain.com you need to add zimbraMailCatchAllForwardingAddress)

zmprov cad aliasdomain.com realdomain.com zimbraMailCatchAllForwardingAddress @realdomain.com


Email to non-existant accounts

Currently we automatically accept email for alias domains and then generate a bounce. This has the potential for backscatter abuse and we'd like to close this hole for hosted and still be able to offer alias domains without adding aliases to each account.

/opt/zimbra/conf/zmmta.cf smtpd_reject_unlisted_recipients 'yes' won't work with alias domains, so it's defaulted to no. (Perhaps later we'll flip this.)


However, 5.0.12+ contains a Policyd Daemon that helps those who host alias domains in ZCS. To enable the policy daemon:

zmlocalconfig -e postfix_enable_smtpd_policyd=yes
zmprov mcf +zimbraMtaRestriction "check_policy_service unix:private/policy"
postfix stop
postfix start

(The + symbol on the zmprov command is important, else you will wipe any other existing values.)

Personal tools