Split domain with Exchange 2007 as Primary

From Zimbra :: Wiki

Jump to: navigation, search
Admin Article

Article Information

This article applies to the following ZCS versions.
  ZCS 7.0 Article  ZCS 7.0
  ZCS 6.0 Article  ZCS 6.0

Contents

Introduction

This document describes methods and procedures for setting up a split-domain configuration for a Microsoft Exchange 2007 server and a Zimbra Collaboration Suite (ZCS) server running 7.1.1 or higher. While multiple configurations work, this document will describe the split domain configuration with Exchange as the primary and ZCS as the secondary mail servers.

Split Domain Explanation and Overview

This information has been extracted from the Microsoft KB Article 321721 and wiki articles posted on www.zimbra.com.

The Split Domain configuration for email delivery provides for email users in a single domain to reside on different email providers and allows for incremental migrations from a legacy provider to a new platform. During the migration process, one system is designated as the “primary” mail store and is responsible for receiving and routing mail for the domain (mydomain.com). The other system is considered the “secondary” mail store. The following use cases must be handled to ensure email is properly delivered, presuming an Exchange to Zimbra migration.

Use Cases

  • Internet to User on Exchange Server
  • Internet to User on Zimbra Server
  • Exchange User to Exchange User
  • Exchange User to Zimbra
  • Exchange to Internet
  • Zimbra User to Zimbra User
  • Zimbra User to Exchange User
  • Zimbra User to Internet


The Split Domain configuration requires that you share the same SMTP address space between two or more different e-mail systems. In this situation, users in each e-mail system have the same domain suffix as part of their e-mail addresses (mydomain.com).

For the purposes of this document, the terms "address space" and "domain" are used interchangeably. This article is written from the perspective that the Exchange server is the incoming SMTP gateway from the Internet. When Exchange receives an incoming SMTP message from the Internet, Exchange first tries to resolve the e-mail addresses that are displayed in the recipient fields to objects in Active Directory. If the e-mail address resolves to an Exchange mailbox, Exchange routes the message to the mailbox. If the e-mail address does not resolve to an Exchange mailbox, Exchange routes the message to the e-mail system with which the SMTP address space is shared. The receiving e-mail system (Zimbra) then delivers the message to a local mailbox. The e-mail system with which the SMTP address space is shared cannot forward the unresolved recipients back to the Exchange incoming SMTP gateway. If you configure the last e-mail system that is in an e-mail system chain to forward unresolved recipients to the incoming e-mail gateway, you will have a messaging loop in which e-mail messages may continuously loop between e-mail servers.

Only one e-mail system can be authoritative for a particular SMTP address space. When an e-mail system is non-authoritative for an SMTP address space, the e-mail must eventually be routed to an e-mail system that is authoritative for the SMTP address space. This behavior occurs to make sure that a non-delivery report is generated if an e-mail message cannot be delivered to a recipient. An SMTP address space can be shared with any number of different e-mail systems. In this configuration, each e-mail system is a link in a chain of e-mail systems. The first e-mail system in the chain sends messages to the second e-mail system, and so on. This behavior continues until the message is delivered to a recipient or until the last e-mail system in the chain generates a non-delivery report for the message.

Configuration

Exchange 2007 as Primary

The Exchange Server will route all outbound email directly to the Internet for the Zimbra Server and Exchange Users.

Step 1: Create A Send Connector for the Zimbra Server.

  1. In the Exchange Management Console, navigate to “Organization Configuration/Hub Transport/Send Connectors”.
  2. Add a Send Connector.
  3. On the Address Space tab, click “Add” and enter your subdomain (e.g., zimbra-server.mydomain.com) for the Address with a cost of 1. Click OK .
  4. On the Network tab, select “Route mail through the following smart hosts”. Click Add and enter the IP address of the Zimbra server in brackets such as [192.168.11.55]. Click OK.
  5. On the Source Server tab, be sure all your Hub Transport servers are selected. Click OK.

Step 2: Modify the existing Send Connector to have a higher cost(10).

  1. In the Exchange Management Console, navigate to “Organization Configuration/Hub Transport/Send Connectors”.
  2. Select the existing Send Connector used for External Email and click Properties.
  3. Select the Address Space tab, highlight the SMTP entry and click “Edit”. Modify the Cost value to 10 (as long as it is higher than the previous connector, the values are not that important) and click OK twice.

Step 3: Add a new Receive Connector.

This receive connector may not be necessary if you already have a Receive Connector configured for devices that send directly through Exchange. If that is the case, just add the IP address of the Zimbra MTA servers to the “Remote Network Settings” tab.

  1. In the Exchange Management Console, navigate to “Server Configuration/Hub Transport/Receive Connectors”.
  2. Click “New Receive Connector”. Enter a name for this connector (“Zimbra”) and click next twice.
  3. Under “Remote Network Settings”, click Add. Enter the IP address of your Zimbra MTA Server(s).
  4. Highlight the default Remote Network Setting (0.0.0.0-255.255.255.255) and click the red X to delete it. Click Next.
  5. Click New and Finish.
  6. Highlight the new Receive Connector and click Properties.
  7. Select the Authentication Tab and click “Externally Secured”.
  8. Select the “Permissions Group” tab. Check the “Anonymous Users” check box and the “Exchange Servers” check box and click OK.

Exchange Users

For each user hosted on the Zimbra server, a mail user will need to be associated with the Active Directory account. While the command can be performed from the Exchange Management Console, the Exchange Management Shell command is shown below (test-zimbra is the name of the Active Directory Account):

[PS] C:\>Enable-MailUser -Identity 'test-zimbra@mydomain.com' -Alias 'test-zimbra' -ExternalEmailAddress 'SMTP:test-zimbra@zimbra-server.mydomain.com' -PrimarySMTPAddress 'test-zimbra@mydomain.com'


Zimbra Server As Secondary

The configuration elements documented here have been completed for mydomain.com and are shown here for documentation purposes.

Zimbra Server

Hostname is zimbra-server.mydomain.com

mail domain = mydomain.com

The secondary MTA must accept mail for accounts that are hosted on the secondary. The first two commands (in combination) tell the Zimbra postfix to accept all addresses in the @mydomain.com domain as valid addresses.

$ zmprov md mydomain.com zimbraMailCatchAllAddress @mydomain.com
$ zmprov md mydomain.com zimbraMailCatchAllForwardingAddress @mydomain.com

But must forward all other mail for accounts on this domain to the primary system

This third command establishes default mail routing for the domain. Any users that do not exist on the Zimbra system will have their mail routed according to this rule.

$ zmprov md mydomain.com zimbraMailTransport smtp:exch-server.mydomain.com:25

On the Zimbra server, we will turn off DNS lookups and internet wide message routing from the secondary host and route all mail through the primary. In the case of

Relay mail to Primary with:

$ zmprov mcf zimbraMtaRelayHost exch-server.mydomain.com:25

Turn off DNS lookups with:

$ zmprov mcf zimbraMtaDnsLookupsEnabled FALSE

After configuration changes, restart services/server if needed.

$ postfix stop
$ postfix start

For each user on Zimbra, create an alias to accept email from Exchange and deliver to users on Zimbra.

zmprov aaa account@mydomain.com account@zimbra-server.mydomain.com 


Outbound email:

Either of the mail servers will be able to send email out independent of the other by allowing outbound smtp traffic from their respective ip addresses through the firewall.

Testing

Be sure to exercise each of the Use cases described earlier to verify mail routing is occurring as expected.

Migration Notes

To prevent the possibility that mail will be delivered to the Exchange mailbox during the migration, you should consider stopping the SMTP service on the Exchange Server during migration.

Manage user expectations. Rules created in Outlook and Notes will not get migrated with the current version of the Exchange Migration Wizard (7.1.1). Personal distribution lists should get migrated but don't always due to how they may have been stored on the Exchange server. If your Exchange server has database corruption, the Migration wizard will migrate as much as possible. In some cases with bad corruption of the Exchange database, it may be necessary to export messages to a pst file in Outlook and use the PST import wizard to migrate data.

Migration Completion

After each user is migrated from Exchange to Zimbra, the following steps will need to be taken for mail to be routed properly for that user.

Remove the user’s mailbox from Exchange using the following steps. Do not delete their user account.

On the Zimbra Server, logon as the zimbra user and from the command line:

zmprov ma user@mydomain.com zimbraMailTransport lmtp:zimbra-server.mydomain.com:7025


Verified Against: ZCS 7.1.1 Date Created: 8/31/2011
Article ID: http://wiki.zimbra.com/index.php?title=Split_domain_with_Exchange_2007_as_Primary Date Modified: 11/6/2012
Personal tools