Binding Zimbra to an IP

Zimbra is a fantastic collaboration suite, but it suffers from one major flaw; it really likes to take over your entire server!
If you want to run Zimbra and your web site on the same server without moving Zimbra’s web UI to another port then you’ll have to convince it to bind to one IP address you can use the other one(s) as you please.
This is possible and actually quite easy but completely undocumented.

Before we begin, you will need a working Zimbra install. I’m not aware of a way to pre-configure this process, so you may have to stop your web server etc. whilst running as the installer will likely bail with port conflict errors.

First off, SSH in to your server and find out what Zimbra server(s) you have defined:

su – zimbra
zmprov gas

The su is important as it sets the various environment variables Zimbra needs to point at it’s home in /opt
Now take the server from this and modify the following commands with <server> and <ip> substituted appropriately.

zmprov ms <server> zimbraImapBindAddress <ip>
zmprov ms <server> zimbraImapSSLBindAddress <ip>
zmprov ms <server> zimbraPop3SSLBindAddress <ip>
zmprov ms <server> zimbraPop3BindAddress <ip>

This will bind the POP3 and IMAP Java process appropriately but we need to edit the Jetty config to do the same for the web and admin interfaces.
Throughout this guide I’m assuming that you are running a single server setup with everything on one machine, but it should be quite easy to tweak the IP addresses appropriately in a multi-server environment.

Zimbra uses the Jetty Java application server, so we need to tell Jetty to only bind to one specific IP. Open up /opt/zimbra/mailboxd/etc/jetty.xml.in in your favourite text editor and look for lines starting

You need to add a “<Set name=”Host”><IP></Set> line to the <Arg> list for each of the HTTP and HTTPS connectors as well as the Admin connector. If you want, you can also edit the “Extension Port” connector which is only used for mail routing in multi-server environments.
For example:

<!– HTTPSBEGIN –>
<Call name=”addConnector”>
<Arg>
<New id=”ssl” class=”org.mortbay.jetty.security.SslSelectChannelConnector”>
<Set name=”Port”>%%zimbraMailSSLPort%%</Set>
<Set name=”Host”>10.20.30.40</Set>

Now open up /opt/zimbra/mailboxd/etc/zimbra.web.xml.in and you should see a “param” named “zimbra.soap.url” with the value set to “http://localhost:7070/service/soap”. you need to change this to “http://<IP>/service/soap”. Notice that the :7070 port declaration is removed.
For example:

<context-param>
<param-name>zimbra.soap.url</param-name>
<param-value>http://10.20.30.40/service/soap</param-value>

Now you need to do the same for /opt/zimbra/mailboxd/etc/zimbraAdmin.web.xml.in

Finally, if you want to bind the Zimbra Postfix SMTP service to a particular IP then edit the first few lines of /opt/zimbra/postfix/conf/master.cf.in that start with smtp, 465 and submission to have : prepended. For example:

10.20.30.40:smtp inet n – n – – smtpd
10.20.30.40:465 inet n – n – – smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
10.20.30.40:submission inet n – n – – smtpd

Once all this is done, restart Zimbra using zmcontrol and use netstat to check that everything is bound to the right IP.
The only thing to remember with this is that you will have to edit each of these files every time you do an upgrade.

Share

Leave a Reply