[Solved]Webmail for Alternate Domains Not Loading

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
kevinds
Posts: 12
Joined: Thu Dec 28, 2017 11:33 pm

[Solved]Webmail for Alternate Domains Not Loading

Post by kevinds »

Hello,

I installed Zimbra 8.8 on a CentOS 6 minimal box..

After tweaking the initial domain works 100%, lets call it mail.initaldomain.com MX record set as

MX - initialdomain.com 10 mail.initialdomain.com
A - mail.initialdomain.com 1.2.3.4

I have setup port-forwarding, TCP and UDP for all ports forwarded to 192.168.1.10. This is not my local LAN.

mail.initaldomain.com works great.. Webmail, incoming, outgoing, POP, IMAP

I added three more domains..

domain2.com
domain3.com
domain4.com

MX - domain2.com 10 mail.domain2.com
A - mail.domain2.com 1.2.3.4

MX - domain3.com 10 mail.domain2.com
CNAME - mail.domain3.com mail.domain2.com

MX - domain4.com 10 mail.domain2.com
CNAME - mail.domain4.com mail.domain2.com


Public Service Hostname: domain2.com
Virtual Hosts:
mail.domain2.com
domain2.com

Same for domains 3 and 4

I re-created the self-signed SSL certificate, adding mail.domain2.com, mail.domain3.com, and mail.domain4.com.

Using another machine I run
echo | openssl s_client -connect mail.initaldomain.com:443 | openssl x509 -noout -text | grep DNS:

It does confirm four DNS entries. I did ports 993 and 995 as well. It appears to be active to clients.

Now my problem...

When I enter https://mail.domain2.com it doesn't load..

In FireFox

Title: Problem loading page

Secure Connection Failed

The connection to the server was reset while the page was loading.


It does the same for mail.domain3.com and mail.domain4.com

If I load https://mail.initialdomain.com I can successfully login using user@domain2.com Shows the incoming messages. No issues.. Just the mail.domain2.com URL doesn't work.

I've been stuck on this for two days now.. Every search result shows adding the domain with the same Public Service Hostame, adding the Virtual Hosts, and it should be good..

None mention the SSL cert regeneration and/or adding the SANs..

After I get this working, I plan to switch to real certificates from Let's Encrypt.

But please.. What am I missing, I am sure it is something simple but I can not find the answer.. :(

Thank you for your time,

Kevin
Last edited by kevinds on Sat Dec 30, 2017 6:49 am, edited 2 times in total.
Top
User avatar
L. Mark Stone
Ambassador
Ambassador
Posts: 2800
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine, US
ZCS/ZD Version: 10.0.7 Network Edition
Contact:
Contact L. Mark Stone

Re: Webmail for Alternate Domains Not Loading

Post by L. Mark Stone »

If the domain part of the FQDN of your Zimbra server is not a domain actually hosted on your Zimbra server, you'll need to add a Virtual Hostname to the email domain's configuration.

This is due to a change in Nginx's config in 8.8.5. See https://bugzilla.zimbra.com/show_bug.cgi?id=108299 for more info.

Hope that helps,
Mark

P.S. Allegedly 8.8.6 will contain a new globalconfig(?) variable to control whether to revert this behavior to previous versions of Zimbra. If you follow all the links you'll see there are security as well as ease of use implications regarding this.
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
Top
kevinds
Posts: 12
Joined: Thu Dec 28, 2017 11:33 pm

Re: Webmail for Alternate Domains Not Loading

Post by kevinds »

L. Mark Stone wrote:If the domain part of the FQDN of your Zimbra server is not a domain actually hosted on your Zimbra server, you'll need to add a Virtual Hostname to the email domain's configuration.

This is due to a change in Nginx's config in 8.8.5. See https://bugzilla.zimbra.com/show_bug.cgi?id=108299 for more info.

Hope that helps,
Mark

P.S. Allegedly 8.8.6 will contain a new globalconfig(?) variable to control whether to revert this behavior to previous versions of Zimbra. If you follow all the links you'll see there are security as well as ease of use implications regarding this.
If the domain part of the FQDN of your Zimbra server is not a domain actually hosted on your Zimbra server, you'll need to add a Virtual Hostname to the email domain's configuration.

It is..

These are all unique registered domains, that this Zimbra server does mail for.

Also not sure why the guy who submitted the bug report is using NAT to other publicly routed IPs addresses..

initialdomain.com
domain2.com
domain3.com
domain4.com

This Zimbra server handles the mail for, with mail. as the subdomain to reference the server.

Unlike the bug report.. My initialdomain.com works without issue, the three alternate domains do not load the webmail sign-in page.

Side question about the forum.. How did this get marked solved?
Top
kevinds
Posts: 12
Joined: Thu Dec 28, 2017 11:33 pm

Re: Webmail for Alternate Domains Not Loading

Post by kevinds »

L. Mark Stone wrote:If the domain part of the FQDN of your Zimbra server is not a domain actually hosted on your Zimbra server, you'll need to add a Virtual Hostname to the email domain's configurationuse implications regarding this.
Yes, I already did that...
Top
kevinds
Posts: 12
Joined: Thu Dec 28, 2017 11:33 pm

Re: Webmail for Alternate Domains Not Loading

Post by kevinds »

Alright,

I figured it out..

Need to add the server name, in my case mail.initialdomain.com to the virtualHosts of domains domain2.com, domain3.com, and domain4.com.

This is backwards from what the virtualHosts says in the yellow tip-box above it. Also backwards from virtualHosts in general..

"Any user that logs in while using a URL with one of the hostnames below will be assumed to be in this domain, domain2.com."

Someone using mail.initialdomain.com should not be assumed to be a user of domain2.com.. Same for domain3.com and domain4.com

How do I get out of mod-jail? I can't even see my posts to edit them..
Top
Post Reply

Return to “Administrators”