Unix

Zimbra: Postfix sender/from address rewriting

SiliconBrian Unix ,

Recently I had to add some sender address re-writing to an “ancient” (8.0.x) lab Zimbra server. After determining that I should use the “sender_canonical_maps” setting to re-write only the “From” address – the smtp_generic_maps setting will rewrite both From and To headers but I only needed sender/From re-written – and creating a PCRE file to do so, I ran into some confusing information about how to actually have Zimbra use it. The file to tell postfix to use it is: /opt/zimbra/postfix/conf/main.cf, but this file is periodically/automatically (re-)generated by Zimbra (specifically zmconfigd). I found a handy chart that describes what Zimbra keys to configure to modify/configure a specific Postfix configuration entry for each Zimbra version, though not specifically how to configure them: https://wiki.zimbra.com/wiki/Postconf_keys

TLDR: There are 2 commands for showing/configuring Zimbra config entries (depending which config option and what version of Zimbra)

  1. zmprov
  2. zmlocalconfig

For my version (8.0) it said I should be using “postfix_sender_canonical_maps” (Zimbra 8.5 and above use “zimbraMtaSenderCanonicalMaps”).

Trying to configure either of these with zmprov failed.

[zimbra@mail ~]$ zmprov gacf | grep -i sender
zimbraMailRedirectSetEnvelopeSender: TRUE
zimbraMtaRestriction: reject_non_fqdn_sender
zimbraSpamReportSenderHeader: X-Zimbra-Spam-Report-Sender

[zimbra@mail ~]$ zmprov mcf zimbraMtaSenderCanonicalMaps 'pcre:/opt/zimbra/postfix/conf/sender_canonical_maps.pcre proxy:ldap:/opt/zimbra/conf/ldap-scm.cf'
ERROR: account.INVALID_ATTR_NAME (invalid attr name: invalid attr name - unable to modify attributes: zimbraMtaSenderCanonicalMaps: attribute type undefined)

[zimbra@mail ~]$ zmprov mcf postfix_sender_canonical_maps 'pcre:/opt/zimbra/postfix/conf/sender_canonical_maps.pcre proxy:ldap:/opt/zimbra/conf/ldap-scm.cf'
ERROR: account.INVALID_ATTR_NAME (invalid attr name: invalid attr name - unable to modify attributes: postfix_sender_canonical_maps: AttributeDescription contains inappropriate characters)

I tried changing the postfix config files directly (/opt/zimbra/postfix/conf/main.cf) and it worked… for a while.. then changes were reverted. I tried changing ownership and permissions to try to make it readonly with the same eventual re-writing. I tried getting “creative” by changing /opt/zimbra/conf/zmconfigd.cf to force my config line to be used:

Method 1:
/opt/zimbra/conf/zmconfigd.cf:  POSTCONF sender_canonical_maps                  pcre:/opt/zimbra/postfix/conf/sender_canonical_maps.pcre LOCAL postfix_sender_canonical_maps

Method 2 (more dynamic?):
/opt/zimbra/conf/zmconfigd.cf:  POSTCONF sender_canonical_maps                  FILE zmconfigd/postfix_sender_canonical_maps.cf

This worked! 🙂 But realized both of these would eventually break things… (when I or someone else eventually upgraded or rebuilt the system), but could be “temporarily” used for some setting not configurable by Zimbra?

Eventually I discovered mention of zmlocalconfig and noticed it also has an edit option:

[zimbra@mail ~]$ zmlocalconfig | grep sender_can
postfix_sender_canonical_maps = proxy:ldap:${zimbra_home}/conf/ldap-scm.cf

[zimbra@mail ~]$ zmlocalconfig -e postfix_sender_canonical_maps="pcre:${zimbra_home}/postfix/conf/sender_canonical_maps.pcre proxy:ldap:${zimbra_home}/conf/ldap-scm.cf"

[zimbra@mail ~]$ zmlocalconfig | grep sender_can
postfix_sender_canonical_maps = pcre:/postfix/conf/sender_canonical_maps.pcre proxy:ldap:/conf/ldap-scm.cf

## OOPS! Better use single quotes instead:
[zimbra@mail ~]$ zmlocalconfig -e postfix_sender_canonical_maps='pcre:${zimbra_home}/postfix/conf/sender_canonical_maps.pcre proxy:ldap:${zimbra_home}/conf/ldap-scm.cf'
[zimbra@mail ~]$ zmlocalconfig | grep sender_can
postfix_sender_canonical_maps = pcre:${zimbra_home}/postfix/conf/sender_canonical_maps.pcre proxy:ldap:${zimbra_home}/conf/ldap-scm.cf

(Then I reverted my other attempts to bypass the “correct” method)

For the actual /opt/zimbra/postfix/conf/sender_canonical_maps.pcre file, I used this:

/^(.*@)(.*)domain.local$/  My.Name+${1}company.com

This will rewrite emails from USER@foo.domain.local to be My.Name+USER@company.com – everything in original From up to the ‘@’ is used to replace ${1} in re-written address –  to make the mail servers less unhappy but still allow me to filter/distinguish them and my Inbox.

Hopefully this helps someone (or at least me when I run across this issue next time :))

Brian

P.S. As of writing this, I only found one old (2008) Zimbra forum post that mentioned “zmlocalconfig” and “postfix_sender_canonical_maps”, and that appeared to be from an upgrade log file copy/paste dump! 😦 (https://forums.zimbra.org/viewtopic.php?t=35951) so hopefully this post will help someone searching… (like DenverCoder9 ?)