Managing Domains: Difference between revisions
mNo edit summary |
No edit summary |
||
(12 intermediate revisions by 7 users not shown) | |||
Line 1: | Line 1: | ||
{{BC|Community Sandbox}} | |||
__FORCETOC__ | |||
<div class="col-md-12 ibox-content"> | |||
=Managing Domains= | |||
{{KB|{{Unsupported}}|{{ZCS 7.0}}|{{ZCS 6.0}}|}} | |||
{{Archive}}{{WIP}} | |||
=Creating a Domain Alias= | =Creating a Domain Alias= | ||
If you have a domain '''domain.com''' and you want the domain '''example.com''' to be an alias for it, so that sending mail to '''user@example.com''' is the same as sending mail to '''user@domain.com''' (delivered to the same mailbox), you can designate example.com as a domain alias when creating the domain. | If you have a domain '''domain.com''' and you want the domain '''example.com''' to be an alias for it, so that sending mail to '''user@example.com''' is the same as sending mail to '''user@domain.com''' (delivered to the same mailbox), you can designate example.com as a domain alias when creating the domain. Starting with ZCS 5.0.16, it is also possible to authenticate using an alias domain (log in as '''user@example.com'''), and out-of-office replies notifications can occur for messages sent to addresses in an alias domain (mail to '''user@example.com''' will generate an out-of-office reply). The examples assumes domain.com already exists, but example.com does not. | ||
{| border="1" | |||
!Objective | |||
!attributes necessary on alias domain entry in ldap | |||
!version when first available | |||
|- | |||
|mail delivery to alias domain | |||
|zimbraMailCatchAllForwardingAddress | |||
| | |||
|- | |||
|authentication using alias domain | |||
|zimbraDomainAliasTargetId | |||
|5.0.16 | |||
|- | |||
|out-of-office notifications sent | |||
|zimbraMailCatchAllForwardingAddress,zimbraDomainAliasTargetId | |||
|5.0.12 | |||
|} | |||
==Prior to ZCS 5.0.16== | |||
<pre> | |||
zmprov createDomain example.com zimbraDomainType alias zimbraMailCatchAllAddress @example.com zimbraMailCatchAllForwardingAddress @domain.com | |||
</pre> | |||
==ZCS 5.0.16 and later== | |||
A new command is available to create an alias domain. The basic form allows authentication against the alias domain. If you would like to create a functional domain alias, skip to the next step. | |||
<pre> | |||
Usage: | |||
zmprov createAliasDomain {alias-domain-name} {local-domain-name|id} [attr1 value1 [attr2 value2...]] | |||
Example: | |||
zmprov createAliasDomain example.com domain.com | |||
</pre> | |||
The createAliasDomain command does not set the zimbraMailCatchAllForwardingAddress (which was the sole objective in the pre-5.0.16 alias domain). In order to allow message delivery to the alias domain, it is still necessary to explicitly include a forward to the local target domain. | |||
<pre> | <pre> | ||
zmprov | Usage: | ||
zmprov createAliasDomain {alias-domain-name} {local-domain-name|id} zimbraMailCatchAllForwardingAddress @{local-domain-name|id} [attr1 value1 [attr2 value2...]] | |||
Example: | |||
zmprov createAliasDomain example.com domain.com zimbraMailCatchAllForwardingAddress @domain.com | |||
</pre> | </pre> | ||
Line 28: | Line 74: | ||
For non-zimbra domains, this might prove useful as well: [[Transport_Table_for_external_servers]] | For non-zimbra domains, this might prove useful as well: [[Transport_Table_for_external_servers]] | ||
=Removal of Relaying/Domain Forwarding= | |||
If at a later date you wish to remove the domain forwarding/catchall address run the following commands: | |||
<pre> | |||
zmprov md domain.com zimbraMailCatchAllAddress "" | |||
zmprov md domain.com zimbraMailCatchAllForwardingAddress "" | |||
zmprov md domain.com zimbraMailTransport lmtp:server.domain.com:7025 | |||
</pre> | |||
Where domain.com is your domain and server.domain.com is the FQDN (Fully Qualified Domain Name) of your Zimbra server. | |||
=Domain Catchall= | =Domain Catchall= | ||
Line 54: | Line 112: | ||
=Additional= | =Additional= | ||
==out of office notifications== | |||
5.0.12+ allows some additional mapping of real to alias in order to: | 5.0.12+ allows some additional mapping of real to alias in order to: | ||
Line 63: | Line 123: | ||
</pre> | </pre> | ||
==single command== | |||
5.0.16+ added the ability to do this in one command: | 5.0.16+ added the ability to do this (above) in one command: | ||
<pre> | <pre> | ||
zmprov createAliasDomain(cad) {alias-domain-name} {local-domain-name|id} [attr1 value1 [attr2 value2...]] | zmprov createAliasDomain(cad) {alias-domain-name} {local-domain-name|id} [attr1 value1 [attr2 value2...]] | ||
</pre> | </pre> | ||
cad sets zimbraDomainType, zimbraDomainAliasTargetId, & zimbraMailCatchAllAddress | |||
(if you want to forward mails from aliasdomain.com to realdomain.com you need to add zimbraMailCatchAllForwardingAddress) | |||
<pre> | |||
zmprov cad aliasdomain.com realdomain.com zimbraMailCatchAllForwardingAddress @realdomain.com | |||
</pre> | |||
==Email to non-existant accounts== | |||
Currently we automatically accept email for alias domains and then generate a bounce. This has the potential for backscatter abuse and we'd like to close this hole for hosted and still be able to offer alias domains without adding aliases to each account. | |||
/opt/zimbra/conf/zmmta.cf smtpd_reject_unlisted_recipients 'yes' won't work with alias domains, so it's defaulted to no. (Perhaps later we'll flip this.) | |||
However, 5.0.12+ contains a Policyd Daemon that helps those who host alias domains in ZCS. | |||
To enable the policy daemon: | |||
zmlocalconfig -e postfix_enable_smtpd_policyd=yes | |||
zmprov mcf +zimbraMtaRestriction "check_policy_service unix:private/policy" | |||
postfix stop | |||
postfix start | |||
(The + symbol on the zmprov command is important, else you will wipe any other existing values.) | |||
{{Article Footer|Zimbra Collaboration 7.0, 6.0|04/16/2014}} | |||
[[Category:Pending Certification]] | [[Category:Pending Certification]] |
Latest revision as of 10:31, 12 July 2015
Managing Domains
Creating a Domain Alias
If you have a domain domain.com and you want the domain example.com to be an alias for it, so that sending mail to user@example.com is the same as sending mail to user@domain.com (delivered to the same mailbox), you can designate example.com as a domain alias when creating the domain. Starting with ZCS 5.0.16, it is also possible to authenticate using an alias domain (log in as user@example.com), and out-of-office replies notifications can occur for messages sent to addresses in an alias domain (mail to user@example.com will generate an out-of-office reply). The examples assumes domain.com already exists, but example.com does not.
Objective | attributes necessary on alias domain entry in ldap | version when first available |
---|---|---|
mail delivery to alias domain | zimbraMailCatchAllForwardingAddress | |
authentication using alias domain | zimbraDomainAliasTargetId | 5.0.16 |
out-of-office notifications sent | zimbraMailCatchAllForwardingAddress,zimbraDomainAliasTargetId | 5.0.12 |
Prior to ZCS 5.0.16
zmprov createDomain example.com zimbraDomainType alias zimbraMailCatchAllAddress @example.com zimbraMailCatchAllForwardingAddress @domain.com
ZCS 5.0.16 and later
A new command is available to create an alias domain. The basic form allows authentication against the alias domain. If you would like to create a functional domain alias, skip to the next step.
Usage: zmprov createAliasDomain {alias-domain-name} {local-domain-name|id} [attr1 value1 [attr2 value2...]] Example: zmprov createAliasDomain example.com domain.com
The createAliasDomain command does not set the zimbraMailCatchAllForwardingAddress (which was the sole objective in the pre-5.0.16 alias domain). In order to allow message delivery to the alias domain, it is still necessary to explicitly include a forward to the local target domain.
Usage: zmprov createAliasDomain {alias-domain-name} {local-domain-name|id} zimbraMailCatchAllForwardingAddress @{local-domain-name|id} [attr1 value1 [attr2 value2...]] Example: zmprov createAliasDomain example.com domain.com zimbraMailCatchAllForwardingAddress @domain.com
Relaying/Domain Forwarding
If you want the Zimbra server to relay all mail destined for a particular domain (say, example.com) to another mta (say, other-mta.domain.com), you can forward the domain.
zmprov md example.com zimbraMailCatchAllAddress @example.com md example.com zimbraMailCatchAllForwardingAddress @example.com md example.com zimbraMailTransport smtp:other-mta.domain.com
I think you can also do this as another way to make a sort of local domain alias:
zmprov md example.com zimbraMailCatchAllAddress @example.com md example.com zimbraMailCatchAllForwardingAddress @domain.com md example.com zimbraMailTransport lmtp:zimbra.domain.com
For non-zimbra domains, this might prove useful as well: Transport_Table_for_external_servers
Removal of Relaying/Domain Forwarding
If at a later date you wish to remove the domain forwarding/catchall address run the following commands:
zmprov md domain.com zimbraMailCatchAllAddress "" zmprov md domain.com zimbraMailCatchAllForwardingAddress "" zmprov md domain.com zimbraMailTransport lmtp:server.domain.com:7025
Where domain.com is your domain and server.domain.com is the FQDN (Fully Qualified Domain Name) of your Zimbra server.
Domain Catchall
If you want to set up an account "user@domain.com" to catch any mail not delivered to existing users in the domain "domain.com", you can configure the account as a domain catchall.
su - zimbra zmprov modifyAccount user@domain.com zimbraMailCatchAllAddress @domain.com
If the users "john@domain.com", "webmaster@domain.com", and "xyznobody@domain.com" don't exist, and mail arrives for them, it will be delivered to the catchall account "user@domain.com". This will increase the amount of spam delivered, and can lead to being blacklisted. To remove the catchall from an email account, unset the catchall address:
zmprov modifyAccount user@domain.com zimbraMailCatchallAddress ""
Domain Masquerading
If you want mail from user@domain.com or user@zimbra.domain.com to appear to come from user@example.com, you can set the canonical address for the entire domain.
zmprov md domain.com zimbraMailCatchAllAddress @domain.com zimbraMailCatchAllCanonicalAddress @example.com zmprov md zimbra.domain.com zimbraMailCatchAllAddress @zimbra.domain.com zimbraMailCatchAllCanonicalAddress @example.com
Additional
out of office notifications
5.0.12+ allows some additional mapping of real to alias in order to:
A) Allow auth with alias domain addresses.
B) Send out-of-office notifications for alias domains.
zmprov md aliasdomain.com zimbraDomainAliasTargetId {zimbraId-realdomain.com}
single command
5.0.16+ added the ability to do this (above) in one command:
zmprov createAliasDomain(cad) {alias-domain-name} {local-domain-name|id} [attr1 value1 [attr2 value2...]]
cad sets zimbraDomainType, zimbraDomainAliasTargetId, & zimbraMailCatchAllAddress
(if you want to forward mails from aliasdomain.com to realdomain.com you need to add zimbraMailCatchAllForwardingAddress)
zmprov cad aliasdomain.com realdomain.com zimbraMailCatchAllForwardingAddress @realdomain.com
Email to non-existant accounts
Currently we automatically accept email for alias domains and then generate a bounce. This has the potential for backscatter abuse and we'd like to close this hole for hosted and still be able to offer alias domains without adding aliases to each account.
/opt/zimbra/conf/zmmta.cf smtpd_reject_unlisted_recipients 'yes' won't work with alias domains, so it's defaulted to no. (Perhaps later we'll flip this.)
However, 5.0.12+ contains a Policyd Daemon that helps those who host alias domains in ZCS.
To enable the policy daemon:
zmlocalconfig -e postfix_enable_smtpd_policyd=yes zmprov mcf +zimbraMtaRestriction "check_policy_service unix:private/policy" postfix stop postfix start
(The + symbol on the zmprov command is important, else you will wipe any other existing values.)