Your server might be compromised.

viewtopic.php?f=15&t=65932

Additional threads about the fake zmswatch:
viewtopic.php?t=66031
viewtopic.php?f=15&t=66213

Actually, the forum is full (as of yesterday, sunday) of new threads about this issue.

Are you people running a patched (to the very last patch) version of ZCS? Your servers might be compromised. You should have a look at these : https://forums.zimbra.org/viewtopic.php?t=66031 https://forums.zimbra.org/viewtopic.php?f=15&t=65932 The zmswatch binary you have in /opt/zimbra/log is d...

That is alarming :shock: No more rolling updates then :o Actually you can still do rolling updates, you have to deal with the limits of the current solution. The thing is you can only do rolling updates between servers running the same "subsystem" (either legacy or NG). You can not do a &...

I've always and only set it up per domain (this also alows me to have a different value per domain).
If the wiki page is up-to-date and right, it should work the way you're set it up.

These are domain specific variables, not global.
You should set them for each domain.

zimbraPublicServiceHostname should be a FQDN, something like webmail.mydomain.tld.

Are the zimbraPublicService* variables set for your domain(s)?

It means the DNS resolver the zimbra server is using is not aware of the MX record you've set up.

You might want to check the SplitDNS wiki page.

The MX should be (ie: it has to be) a FQDN.

So you have two mistakes here.
The first is you're using an IP address instead of a FQDN.
The second is you've added a dot at the end of the IP address (this is only to be used with FQDN).

First of all, you should upgrade your server, because you're at risk. https://forums.zimbra.org/viewtopic.php?f=15&t=65932 Then, about the auth and LDAP, the best way (ie: cleanest and most easy to deal with on long term) is to have an external LDAP server used by all your apps to authenticate a...