Split Domain

The Split Domain tecnique allows to share an email domain between two distinct email systems.

When is worth using Split Domain ?

The Split Domain tecnique is particularly useful in cases where you plan to migrate users to a Zimbra Environment over a period of time, instead of all at once, so you will migrate partial number of users to the new environment, leaving the others on the old one.
Another possibility is when you merge two businesses, but at least initially, you need to maintain two separate mail systems. This technique is typically used for smpt flow. For imap and pop webmail, on the other hand, specific arrangements must be made. With Zimbra as primary, for example, for pop and imap you can use Zimbra proxies as an access point.

In the following article we’ll see how to configure the Zimbra environment both as primary or as secondary and how in both cases the mail flow is managed.

Please note that mail should be sent from a single server with SPF and reverse correctly configured

A Split Domain Example

We would like to show you how to configure Zimbra, as a Primary or Secondary system, working on the following sample scenario:

  • Your domain: example.com
  • You have an existing mail infrastructure on mail.example.com
  • The domain has MX records that point to mail.example.com
  • You have users “usr@example.com” and “smpl@example.com” that exist on the old system
  • On host zimbra.example.com you installed Zimbra, creating also the domain example.com on it
  • The mailbox of user “usr@example.com” has been migrated to the Zimbra system

Setting up Zimbra as the Primary System

In this case, the MX record will be set so that the mail flow is routed to Zimbra, it will be authoritative for the domain so we need to create all the domain addresses, for all the ones that live on the secondary system we must configure mail routing directing mail flow to the secondary system for that account:

$ zmprov ModifyAccount smpl@example.com zimbraMailTransport smtp:mail.example.com:25

As a last step, it’s time to change your MX record so mail from the internet flows into the Zimbra MTA first. When you have finished and are ready to move the user from the old system to the new one, you have to run the following command:

$ zmprov ModifyAccount smpl@example.com zimbraMailTransport lmtp:zimbra.example.com:7025

Setting up Zimbra as the Secondary System

This second scenario, sees Zimbra as a secondary system. In this case, the secondary system must accept mail for accounts that are hosted by it, but must also forward the rest of the mail for accounts on this domain to the primary system. To perform this process, you need to run the following commands:

$ zmprov modifyDomain example.com zimbraMailCatchAllAddress @example.com
$ zmprov modifyDomain example.com zimbraMailCatchAllForwardingAddress @example.com
$ zmprov modifyDomain example.com zimbraMailTransport smtp:mail.example.com

The first two commands (in combination) tell the Zimbra postfix to accept all addresses in the @example.com domain as valid addresses. The third one, instead, is going to establish default mail routing for the domain. Any address that do not exist on the Zimbra system will have their mail routed according to this rule.

Another suggestion, is to turn off DNS lookups and internet wide message routing from the secondary host in case of a secondary Zimbra System, routing all mail through the primary. To do that you can use the following commands:

$ zmprov modifyConfig zimbraMtaRelayHost mail.example.com
$ zmprov modifyConfig zimbraMtaDnsLookupsEnabled FALSE

Be sure, then, to configure “mail.example.com” to accept mail forwarded by “zimbra.example.com” and to forward mail to “zimbra.example.com” for accounts hosted on Zimbra.

When you finish, restart MTA:

$ zmmtactl restart

Please note that Global Address List will contain only Zimbra users. To have all addresses, configure, if possible, GAL to use an external LDAP.

SPLIT DNS

In the case of Zimbra installations behind a firewall or NAT router, you often find yourself needing to create a Split DNS.
This is a DNS installation where machines receive different IP address responses to queries depending on whether they are inside or outside a firewall, and an IP address response from the DNS server gives a private network IP address that is different from the public IP of your internet connection.

This occurs because of the Postfix mail system used by Zimbra, which performs a DNS MX lookup for the Zimbra server followed by a DNS A lookup when attempting to route email to the back-end message store. Here, the scenarios are varied. For example, the DNS server may return the external address of the mail host instead of the internal address. Another possibility, depending on how your firewall and network are configured, is that the external address may not even be reachable by the mail host, and so this will not be delivered.
Split DNS is used to overcome this type of problem. It provides an internal DNS server that can be used to resolve the internal address of the server.

Post your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

SpamAssassin
Zextras Suite 3.3.0