Page 1 of 2

Ldap query for get domain name

Posted: Wed May 16, 2018 7:15 am
by pasbag
Hi. I Install two server of ZCS 8.7.11.
server 1 contain: mail.havij.io
proxy server
web UI
MTA
memchaced

server 2 contain: store.havij.io
ldap server
mailbox store

I define several domain. For each domain has one virtual host name.
When user login on virtual host in proxy server, in mailbox server log this error:

Code: Select all

018-05-16 11:16:12,263 DEBUG [qtp1068934215-526:https:https://store.havij.io:7072/service/extension/nginx-lookup] [] nginxlookup - query template attr=zimbraReverseProxyDomainNameQuery, query template=(&(zimbraVirtualIPAddress=${IPADDR})(objectClass=zimbraDomain))
2018-05-16 11:16:12,263 DEBUG [qtp1068934215-526:https:https://store.havij.io:7072/service/extension/nginx-lookup] [] nginxlookup - query=(&(zimbraVirtualIPAddress=192.168.0.58)(objectClass=zimbraDomain))
2018-05-16 11:16:12,263 DEBUG [qtp1068934215-526:https:https://store.havij.io:7072/service/extension/nginx-lookup] [] ldap - SEARCH - millis=[0], resp=[0 (success)], usage=[NGINX_LOOKUP], conn=[1], base=[], filter=[(&(zimbraVirtualIPAddress=192.168.0.58)(objectClass=zimbraDomain))]
2018-05-16 11:16:12,264 DEBUG [qtp1068934215-526:https:https://store.havij.io:7072/service/extension/nginx-lookup] [] nginxlookup - domain not found for user bob.  error: query returned empty result: (&(zimbraVirtualIPAddress=192.168.0.58)(objectClass=zimbraDomain))
2018-05-16 11:16:12,264 DEBUG [qtp1068934215-526:https:https://store.havij.io:7072/service/extension/nginx-lookup] [] nginxlookup - domain not found for user bob, using default domain: havij.io
2018-05-16 11:16:12,264 DEBUG [qtp1068934215-526:https:https://store.havij.io:7072/service/extension/nginx-lookup] [] nginxlookup - Auth-User bob is replaced by bob@havij.io for mailhost lookup
2018-05-16 11:16:12,264 DEBUG [qtp1068934215-526:https:https://store.havij.io:7072/service/extension/nginx-lookup] [] ldap - GET_CONN - millis=[0], usage=[SEARCH], conn=[2], connPool=[ZimbraReplica(1340848245)]
2018-05-16 11:16:12,265 DEBUG [qtp1068934215-526:https:https://store.havij.io:7072/service/extension/nginx-lookup] [] ldap - SEARCH - millis=[1], resp=[0 (success)], usage=[SEARCH], conn=[2], base=[], filter=[(&(|(zimbraMailDeliveryAddress=bob@havij.io)(zimbraMailAlias=bob@havij.io))(objectClass=zimbraAccount))]
2018-05-16 11:16:12,265 DEBUG [qtp1068934215-526:https:https://store.havij.io:7072/service/extension/nginx-lookup] [] ldap - REL_CONN - conn=[2]
2018-05-16 11:16:12,265 DEBUG [qtp1068934215-526:https:https://store.havij.io:7072/service/extension/nginx-lookup] [] nginxlookup - query template attr=zimbraReverseProxyMailHostQuery, query template=(|(zimbraMailDeliveryAddress=${USER})(zimbraMailAlias=${USER})(zimbraId=${USER}))
2018-05-16 11:16:12,265 DEBUG [qtp1068934215-526:https:https://store.havij.io:7072/service/extension/nginx-lookup] [] nginxlookup - query=(|(zimbraMailDeliveryAddress=bob@havij.io)(zimbraMailAlias=bob@havij.io)(zimbraId=bob@havij.io))
2018-05-16 11:16:12,266 DEBUG [qtp1068934215-526:https:https://store.havij.io:7072/service/extension/nginx-lookup] [] ldap - SEARCH - millis=[1], resp=[0 (success)], usage=[NGINX_LOOKUP], conn=[1], base=[], filter=[(|(zimbraMailDeliveryAddress=bob@havij.io)(zimbraMailAlias=bob@havij.io)(zimbraId=bob@havij.io))]
2018-05-16 11:16:12,266 DEBUG [qtp1068934215-526:https:https://store.havij.io:7072/service/extension/nginx-lookup] [] nginxlookup - user bob@havij.io not found
com.zimbra.cs.nginx.NginxLookupExtension$EntryNotFoundException: query returned empty result: (|(zimbraMailDeliveryAddress=bob@havij.io)(zimbraMailAlias=bob@havij.io)(zimbraId=bob@havij.io))
        at com.zimbra.cs.nginx.NginxLookupLdapHelper.searchDirectory(NginxLookupLdapHelper.java:138)
        at com.zimbra.cs.nginx.NginxLookupExtension$NginxLookupHandler.search(NginxLookupExtension.java:964)
        at com.zimbra.cs.nginx.NginxLookupExtension$NginxLookupHandler.doGet(NginxLookupExtension.java:323)
        at com.zimbra.cs.extension.ExtensionDispatcherServlet.service(ExtensionDispatcherServlet.java:111)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
        at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:821)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1685)
        at com.zimbra.cs.servlet.CsrfFilter.doFilter(CsrfFilter.java:169)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
        at com.zimbra.cs.servlet.RequestStringFilter.doFilter(RequestStringFilter.java:54)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
        at com.zimbra.cs.servlet.SetHeaderFilter.doFilter(SetHeaderFilter.java:59)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
        at com.zimbra.cs.servlet.ETagHeaderFilter.doFilter(ETagHeaderFilter.java:47)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
        at com.zimbra.cs.servlet.ContextPathBasedThreadPoolBalancerFilter.doFilter(ContextPathBasedThreadPoolBalancerFilter.java:107)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
        at com.zimbra.cs.servlet.ZimbraQoSFilter.doFilter(ZimbraQoSFilter.java:107)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
        at com.zimbra.cs.servlet.ZimbraInvalidLoginFilter.doFilter(ZimbraInvalidLoginFilter.java:117)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
        at org.eclipse.jetty.servlets.DoSFilter.doFilterChain(DoSFilter.java:473)
        at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:318)
        at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:288)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
        at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:581)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
        at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524)
        at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226)
        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1158)
        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:511)
        at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1090)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
        at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:213)
        at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:109)
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:119)
        at org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:318)
        at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:437)
        at org.eclipse.jetty.server.handler.DebugHandler.handle(DebugHandler.java:84)
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:119)
        at org.eclipse.jetty.server.Server.handle(Server.java:517)
        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:306)
        at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:242)
        at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:261)
        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
        at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:192)
        at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:261)
        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
        at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:75)
        at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceAndRun(ExecuteProduceConsume.java:213)
        at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:147)
        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:654)
        at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:572)
        at java.lang.Thread.run(Thread.java:748)
2018-05-16 11:16:12,267 DEBUG [qtp1068934215-526:https:https://store.havij.io:7072/service/extension/nginx-lookup] [] ldap - SEARCH - millis=[0], resp=[0 (success)], usage=[NGINX_LOOKUP], conn=[1], base=[], filter=[(&(zimbraDomainName=havij.io)(objectClass=zimbraDomain))]
2018-05-16 11:16:12,267 DEBUG [qtp1068934215-526:https:https://store.havij.io:7072/service/extension/nginx-lookup] [] ldap - REL_CONN - conn=[1]
2018-05-16 11:16:12,267 INFO  [qtp1068934215-526:https:https://store.havij.io:7072/service/extension/nginx-lookup] [] nginxlookup - user not found:bob@havij.io
2018-05-16 11:16:12,293 DEBUG [qtp1068934215-859:https:https://store.havij.io:7071/service/admin/soap/GetDomainInfoRequest] [] misc - Servlet (contextPath=/service active=0), Jetty pool (threads=18, idle=2, busy=16, room=234)


I want change query template "zimbraReverseProxyDomainNameQuery, query template=(&(zimbraVirtualIPAddress=${IPADDR})(objectClass=zimbraDomain))" to
this like "zimbraReverseProxyDomainNameQuery, query template=(&(zimbraVirtualHostname=${HOST})(objectClass=zimbraDomain))"

I no know what is {IPADDR} and i want variable that has host name(virtualhostname).

Do you have another solution for this problem that user virtual host login without enter domain name. I do not set IP address for each of virtual host name. one IP for all domain.
Please help me.
Thanks

Re: Ldap query for get domain name

Posted: Wed May 16, 2018 4:43 pm
by L. Mark Stone
Zimbra's Virtual Host functionality works fine for multiple domains with just one IP address for all domains.

The log snippet you posted seems to confirm that it is working correctly.

The user tries to login as "bob" and Zimbra figures out from the Virtual Host information this is really "bob@havij.io". But, that mailbox doesn't exist so the login stops right there.

You shouldn't have to change any templates from their defaults to make this work, so unless I am missing something I'd say remove all your template customizations and you should be OK.

Hope that helps,
Mark

Re: Ldap query for get domain name

Posted: Sat May 19, 2018 4:31 am
by pasbag
L. Mark Stone wrote:Zimbra's Virtual Host functionality works fine for multiple domains with just one IP address for all domains.

The log snippet you posted seems to confirm that it is working correctly.

The user tries to login as "bob" and Zimbra figures out from the Virtual Host information this is really "bob@havij.io". But, that mailbox doesn't exist so the login stops right there.

You shouldn't have to change any templates from their defaults to make this work, so unless I am missing something I'd say remove all your template customizations and you should be OK.

Hope that helps,
Mark
Thanks for your answer.
Please consider this part of logs:

Code: Select all

nginxlookup - domain not found for user bob.  error: query returned empty result: (&(zimbraVirtualIPAddress=192.168.0.58)(objectClass=zimbraDomain))
2018-05-16 11:16:12,264 DEBUG [qtp1068934215-526:https:https://store.havij.io:7072/service/extension/nginx-lookup] [] nginxlookup - domain not found for user bob, using default domain: havij.io
2018-05-16 11:16:12,264 DEBUG [qtp1068934215-526:https:https://store.havij.io:7072/service/extension/nginx-lookup] [] nginxlookup - Auth-User bob is replaced by bob@havij.io for mailhost lookup
I enter mail.zardak.io on browser and Zimbra show me login screen. I want say to Zimbra use virtualHostname instead virtualIPAddress in authentication phase. Default domain is havij.io. I setup separate server for web UI and Mailbox.

Re: Ldap query for get domain name

Posted: Sat May 19, 2018 3:45 pm
by L. Mark Stone
pasbag wrote:
L. Mark Stone wrote:Zimbra's Virtual Host functionality works fine for multiple domains with just one IP address for all domains.

The log snippet you posted seems to confirm that it is working correctly.

The user tries to login as "bob" and Zimbra figures out from the Virtual Host information this is really "bob@havij.io". But, that mailbox doesn't exist so the login stops right there.

You shouldn't have to change any templates from their defaults to make this work, so unless I am missing something I'd say remove all your template customizations and you should be OK.

Hope that helps,
Mark
Thanks for your answer.
Please consider this part of logs:

Code: Select all

nginxlookup - domain not found for user bob.  error: query returned empty result: (&(zimbraVirtualIPAddress=192.168.0.58)(objectClass=zimbraDomain))
2018-05-16 11:16:12,264 DEBUG [qtp1068934215-526:https:https://store.havij.io:7072/service/extension/nginx-lookup] [] nginxlookup - domain not found for user bob, using default domain: havij.io
2018-05-16 11:16:12,264 DEBUG [qtp1068934215-526:https:https://store.havij.io:7072/service/extension/nginx-lookup] [] nginxlookup - Auth-User bob is replaced by bob@havij.io for mailhost lookup
I enter mail.zardak.io on browser and Zimbra show me login screen. I want say to Zimbra use virtualHostname instead virtualIPAddress in authentication phase. Default domain is havij.io. I setup separate server for web UI and Mailbox.
Ah OK, I see what you are saying now; the system seems to be using the default domain and bob is on a different domain.

So let's break this down...

Again, you don't need to customize or change any nginx templates anywhere; you just add the virtual host to the domain config using the Admin Console and make sure there's an A record for it in public DNS.

Let's say Bob's mailbox address is "bob@mydomain.net"; you configure in the Zimbra Admin Console the virtual host "zimbra.mydomain.net" (or whatever you want) and an A record in public DNS that resolves "zimbra.mydomain.net" to the public IP address of your proxy server. I notice that there is no A record for mail.havij.io in public DNS so either you've changed the name of your proxy server or you need to configure that; you'll have other issues if you don't.

Just for example's sake let's assume the actual IP address of mail.havij.io is something like 35.173.158.175 (that's actually one of my IP addresses, so of course don't use it!), then you would need to set an A record in public DNS for Bob's domain mydomain.net that resolves 35.173.158.175 for a "zimbra.mydomain.net" query.

If you are not using real domain names above, it's hard to help you troubleshoot further.

Hope that helps,
Mark

Re: Ldap query for get domain name

Posted: Sun May 20, 2018 4:34 am
by pasbag
L. Mark Stone wrote:
pasbag wrote:
L. Mark Stone wrote:Zimbra's Virtual Host functionality works fine for multiple domains with just one IP address for all domains.

The log snippet you posted seems to confirm that it is working correctly.

The user tries to login as "bob" and Zimbra figures out from the Virtual Host information this is really "bob@havij.io". But, that mailbox doesn't exist so the login stops right there.

You shouldn't have to change any templates from their defaults to make this work, so unless I am missing something I'd say remove all your template customizations and you should be OK.

Hope that helps,
Mark
Thanks for your answer.
Please consider this part of logs:

Code: Select all

nginxlookup - domain not found for user bob.  error: query returned empty result: (&(zimbraVirtualIPAddress=192.168.0.58)(objectClass=zimbraDomain))
2018-05-16 11:16:12,264 DEBUG [qtp1068934215-526:https:https://store.havij.io:7072/service/extension/nginx-lookup] [] nginxlookup - domain not found for user bob, using default domain: havij.io
2018-05-16 11:16:12,264 DEBUG [qtp1068934215-526:https:https://store.havij.io:7072/service/extension/nginx-lookup] [] nginxlookup - Auth-User bob is replaced by bob@havij.io for mailhost lookup
I enter mail.zardak.io on browser and Zimbra show me login screen. I want say to Zimbra use virtualHostname instead virtualIPAddress in authentication phase. Default domain is havij.io. I setup separate server for web UI and Mailbox.
Ah OK, I see what you are saying now; the system seems to be using the default domain and bob is on a different domain.

So let's break this down...

Again, you don't need to customize or change any nginx templates anywhere; you just add the virtual host to the domain config using the Admin Console and make sure there's an A record for it in public DNS.

Let's say Bob's mailbox address is "bob@mydomain.net"; you configure in the Zimbra Admin Console the virtual host "zimbra.mydomain.net" (or whatever you want) and an A record in public DNS that resolves "zimbra.mydomain.net" to the public IP address of your proxy server. I notice that there is no A record for mail.havij.io in public DNS so either you've changed the name of your proxy server or you need to configure that; you'll have other issues if you don't.

Just for example's sake let's assume the actual IP address of mail.havij.io is something like 35.173.158.175 (that's actually one of my IP addresses, so of course don't use it!), then you would need to set an A record in public DNS for Bob's domain mydomain.net that resolves 35.173.158.175 for a "zimbra.mydomain.net" query.

If you are not using real domain names above, it's hard to help you troubleshoot further.

Hope that helps,
Mark

OK. I setup these server on my lab and you can not access them on the public network. So my operation system is Ubuntu 17.10 and my /etc/hosts like :

Code: Select all

127.0.0.1 localhost       
192.168.0.58  mail.zardak.io                                                                                                                                                                              
192.168.0.58  mail.havij.io
I add my virtual host name to /etc/hosts in Proxy server and Mailbox server like above.

Code: Select all

root@mail:~# cat /etc/hosts                                                                                                                                                                               
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1               localhost.localdomain localhost 
192.168.0.58          mail.havij.io        mail      
192.168.0.63          store.havij.io        store      
192.168.0.58	       mail.zardak.io

Code: Select all

root@store:~# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1               localhost.localdomain localhost
192.168.0.63          store.havij.io        store
192.168.0.58         mail.havij.io        mail
192.168.0.58 mail.zardak.io
I setup each server Bind9 (DNS server) and config bind for proxy server( that contain UI web and MTA):

Code: Select all

root@mail:~# cat /etc/bind/db.domain
@       IN      SOA     havij.io. hostmaster.havij.io. (
                                          10118      ; Serial
                                          43200      ; Refresh
                                          3600       ; Retry
                                          3600000    ; Expire
                                         2592000 )  ; Minimum
;       Define the nameservers and the mail servers
        IN      NS      havij.io.
        IN      A       192.168.0.58
        IN      MX      10 mail.havij.io.
        mail    IN      A       192.168.0.58 

and for Mailbox server ( that contain store and LDAP server):

Code: Select all

root@store:~# cat /etc/bind/db.domain 
@       IN      SOA     havij.io. hostmaster.havij.io. (
                                          10118      ; Serial
                                          43200      ; Refresh
                                          3600       ; Retry
                                          3600000    ; Expire
                                         2592000 )  ; Minimum
;       Define the nameservers and the mail servers
        IN      NS      havij.io.
        IN      A       192.168.0.63
        IN      MX      10 store.havij.io.
store   IN      A       192.168.0.63
I check that define zimbraVirtualHostname for zardak.io domain

Code: Select all

zimbra@mail:[~]$ zmprov gd zardak.io |grep zimbraVirtualHostname
zimbraVirtualHostname: mail.zardak.io

zimbra@mail:[~]$ zmprov gaa|grep -i zardak.io
galsync@zardak.io
bob@zardak.io

zimbra@mail:[~]$ zmprov gaa|grep -i havij.io
admin@havij.io
spam.ixfevync@havij.io
ham.r7ad03bqz@havij.io
virus-quarantine.ohycirvrix@havij.io
galsync.bhuglkel@havij.io


So are you see any problem in my configs?
Thanks

Re: Ldap query for get domain name

Posted: Sun May 20, 2018 5:36 pm
by L. Mark Stone
If mail.zardak.io is the virtualhostname, there is no need to add this to /etc/hosts. So long as Zimbra's DNS can resolve it, you should be fine.

Please post the following outputs from both Zimbra servers:

Code: Select all

host mail.zardak.io
host mail.havij.io
host store.havij.io
host 192.168.0.58
host 192.168.0.63
host www.yahoo.com
dig havij.io mx
dig zardak.io mx
cat /etc/resolv.conf
Then we'll see if this is a DNS problem or not.

Mark

Re: Ldap query for get domain name

Posted: Mon May 21, 2018 5:52 am
by pasbag
L. Mark Stone wrote:If mail.zardak.io is the virtualhostname, there is no need to add this to /etc/hosts. So long as Zimbra's DNS can resolve it, you should be fine.

Please post the following outputs from both Zimbra servers:

Code: Select all

host mail.zardak.io
host mail.havij.io
host store.havij.io
host 192.168.0.58
host 192.168.0.63
host www.yahoo.com
dig havij.io mx
dig zardak.io mx
cat /etc/resolv.conf
Then we'll see if this is a DNS problem or not.

Mark


In mailbox server:

Code: Select all

root@store:~# host mail.zardak.io
mail.zardak.io has address 192.168.0.58

root@store:~# host mail.havij.io
mail.havij.io has address 192.168.0.58

root@store:~# host store.havij.io
store.havij.io has address 192.168.0.63
store.havij.io mail is handled by 10 store.havij.io.

root@store:~# host 192.168.0.58
58.0.168.192.in-addr.arpa domain name pointer mail.havij.io.

root@store:~# host 192.168.0.63
63.0.168.192.in-addr.arpa domain name pointer store.havij.io.

root@store:~# host www.yahoo.com
www.yahoo.com is an alias for atsv2-fp.wg1.b.yahoo.com.
atsv2-fp.wg1.b.yahoo.com has address 87.248.98.7
atsv2-fp.wg1.b.yahoo.com has address 87.248.98.8
atsv2-fp.wg1.b.yahoo.com has IPv6 address 2a00:1288:110:1c::4
atsv2-fp.wg1.b.yahoo.com has IPv6 address 2a00:1288:110:1c::3

root@store:~# dig havij.io mx

; <<>> DiG 9.10.3-P4-Ubuntu <<>> havij.io mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29575
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;havij.io.                      IN      MX

;; ANSWER SECTION:
havij.io.               2592000 IN      MX      10 mail.havij.io.

;; AUTHORITY SECTION:
havij.io.               2592000 IN      NS      havij.io.

;; ADDITIONAL SECTION:
mail.havij.io.          2592000 IN      A       192.168.0.58
havij.io.               2592000 IN      A       192.168.0.58

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon May 21 10:20:56 IRDT 2018
;; MSG SIZE  rcvd: 104

root@store:~# dig zardak.io mx

; <<>> DiG 9.10.3-P4-Ubuntu <<>> zardak.io mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13981
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;zardak.io.                     IN      MX

;; ANSWER SECTION:
zardak.io.              2592000 IN      MX      10 mail.zardak.io.

;; AUTHORITY SECTION:
zardak.io.              2592000 IN      NS      zardak.io.

;; ADDITIONAL SECTION:
mail.zardak.io.         2592000 IN      A       192.168.0.58
zardak.io.              2592000 IN      A       192.168.0.58

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon May 21 10:20:56 IRDT 2018
;; MSG SIZE  rcvd: 105

root@store:~# cat /etc/resolv.conf
nameserver 127.0.0.1
root@store:~# 


In proxy server:

Code: Select all

root@store:~# host mail.zardak.io
mail.zardak.io has address 192.168.0.58

root@store:~# host mail.havij.io
mail.havij.io has address 192.168.0.58

root@store:~# host store.havij.io
store.havij.io has address 192.168.0.63
store.havij.io mail is handled by 10 store.havij.io.

root@store:~# host 192.168.0.58
58.0.168.192.in-addr.arpa domain name pointer mail.havij.io.
root@store:~# host 192.168.0.63
63.0.168.192.in-addr.arpa domain name pointer store.havij.io.

root@store:~# host www.yahoo.com
www.yahoo.com is an alias for atsv2-fp.wg1.b.yahoo.com.
atsv2-fp.wg1.b.yahoo.com has address 87.248.98.7
atsv2-fp.wg1.b.yahoo.com has address 87.248.98.8
atsv2-fp.wg1.b.yahoo.com has IPv6 address 2a00:1288:110:1c::4
atsv2-fp.wg1.b.yahoo.com has IPv6 address 2a00:1288:110:1c::3
root@store:~# dig havij.io mx

; <<>> DiG 9.10.3-P4-Ubuntu <<>> havij.io mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29575
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;havij.io.                      IN      MX

;; ANSWER SECTION:
havij.io.               2592000 IN      MX      10 mail.havij.io.

;; AUTHORITY SECTION:
havij.io.               2592000 IN      NS      havij.io.

;; ADDITIONAL SECTION:
mail.havij.io.          2592000 IN      A       192.168.0.58
havij.io.               2592000 IN      A       192.168.0.58

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon May 21 10:20:56 IRDT 2018
;; MSG SIZE  rcvd: 104

root@store:~# dig zardak.io mx

; <<>> DiG 9.10.3-P4-Ubuntu <<>> zardak.io mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13981
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;zardak.io.                     IN      MX

;; ANSWER SECTION:
zardak.io.              2592000 IN      MX      10 mail.zardak.io.

;; AUTHORITY SECTION:
zardak.io.              2592000 IN      NS      zardak.io.

;; ADDITIONAL SECTION:
mail.zardak.io.         2592000 IN      A       192.168.0.58
zardak.io.              2592000 IN      A       192.168.0.58

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon May 21 10:20:56 IRDT 2018
;; MSG SIZE  rcvd: 105

root@store:~# cat /etc/resolv.conf
nameserver 127.0.0.1



Re: Ldap query for get domain name

Posted: Mon May 21, 2018 2:37 pm
by L. Mark Stone
Here's what I see...

First, there is no need to have mail.zardak.io in /etc/hosts for Zimbra's virtual host functionality to work. I would remove those entries.

Second, I would set the MX record for zardak.io to point to mail.havij.io. Otherwise you'll see email rejections because the Zimbra server, mail.havij.io, will not announce itself as mail.zardak.io when contacted on Port 25 or 587 so you'll have a name mismatch.

Third, Ubuntu 17 is not a supported distribution so likely you will have some issues.

None of those, except maybe the Ubuntu 17 installation, necessarily go to your issue with Bob's actual domain account not being looked up correctly. I would ask therefore if you changed anything else?

I ask because, just to satisfy myself, I did the following on my hosting farm:
- Added to Zimbra a new test domain "missioncriticalemail.info" I own that exists in public DNS, and created a test mailbox named "bob@missioncriticalemail.info".
- In public DNS for the new test domain, I added an MX record to point to the hosting farm's MTA servers (which are on a different domain)
- In public DNS for the new test domain, I added an A record for the Zimbra Virtual Hostname "my.missioncriticalemail.info" to point to the public IP address of one of my proxy servers (which again are on a different domain).
- In the Zimbra Admin Console, I added the virtual host "my.missioncriticalemail.info" to the domain "missioncriticalemail.info".
- I opened a web browser, pointed it to "my.missioncriticalemail.info", clicked through the certificate mismatch error, and then logged in with the username equal to just "bob" and was logged in successfully.

That process (and adding the SSL certificates) is all you need to do to have the virtual host name functionality work.

What's different on your end from the above?

Hope that helps,
Mark

Re: Ldap query for get domain name

Posted: Tue May 22, 2018 4:37 am
by pasbag
L. Mark Stone wrote:Here's what I see...

First, there is no need to have mail.zardak.io in /etc/hosts for Zimbra's virtual host functionality to work. I would remove those entries.

Second, I would set the MX record for zardak.io to point to mail.havij.io. Otherwise you'll see email rejections because the Zimbra server, mail.havij.io, will not announce itself as mail.zardak.io when contacted on Port 25 or 587 so you'll have a name mismatch.

Third, Ubuntu 17 is not a supported distribution so likely you will have some issues.

None of those, except maybe the Ubuntu 17 installation, necessarily go to your issue with Bob's actual domain account not being looked up correctly. I would ask therefore if you changed anything else?

I ask because, just to satisfy myself, I did the following on my hosting farm:
- Added to Zimbra a new test domain "missioncriticalemail.info" I own that exists in public DNS, and created a test mailbox named "bob@missioncriticalemail.info".
- In public DNS for the new test domain, I added an MX record to point to the hosting farm's MTA servers (which are on a different domain)
- In public DNS for the new test domain, I added an A record for the Zimbra Virtual Hostname "my.missioncriticalemail.info" to point to the public IP address of one of my proxy servers (which again are on a different domain).
- In the Zimbra Admin Console, I added the virtual host "my.missioncriticalemail.info" to the domain "missioncriticalemail.info".
- I opened a web browser, pointed it to "my.missioncriticalemail.info", clicked through the certificate mismatch error, and then logged in with the username equal to just "bob" and was logged in successfully.

That process (and adding the SSL certificates) is all you need to do to have the virtual host name functionality work.

What's different on your end from the above?

Hope that helps,
Mark

I tested my issue on single server and no any problem exist.
My environment is custom. Web UI server and mailbox server is separate and LDAP is on mailbox server and MTA and Proxy servers on Web UI.
I checked the user bob and exist on zardak.io domain.
The mail.zardak.io point to mail.havij.io and domain of mail.zardak.io can send and receive email on SMTP ports.
I just fix DNS resolve and remove /etc/hosts entries but my problem is not resolved.
Please set log level in /opt/zimbra/conf/log4j.properties.in to debug in your mailbox server and when you want login on virtual host, send your log ( /opt/zimbra/log/mailbox.log ) here. Please test for two user: user1 not exists on your new domain and user2 exists.
Thanks

Re: Ldap query for get domain name

Posted: Tue May 22, 2018 10:44 am
by L. Mark Stone
I’ve never been able to place the jetty web ui components on server separate from mailboxd and have it work properly.

Plus, you are running Ubuntu 17, which is unsupported.

Since this is a lab environment, I would abandon it and then go with a more traditional and fully supported environment.

You may be trying to solve a problem that cannot be solved.

Regardless, you are spending a lot of time on a custom configuration that I don’t see has any benefits over a more standard configuration.

All the best,
Mark