I can choose between sending or receiving emails

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
kevinds
Posts: 12
Joined: Thu Dec 28, 2017 11:33 pm

I can choose between sending or receiving emails

Post by kevinds »

Alright, I moved my Zimbra server to a new ISP, new external IP, same NAT'd IP (actual 1:1 NAT now though).

The biggest change was I no longer need a relay for outgoing email, can send direct-to-MX now..

After a few hours of messing things up, tried to remove the relay with the GUI only to have the "MTA Trusted Networks" wanting ::1, except services failed to start when I , I'll create a new thread for that.. lol Found the CLI command to remove the relay...

Now have my server mostly recovered but at a situation that Google just isn't helping. Was able to receive email but it wasn't getting to the mailboxes. Logs showing issues with 7025. Followed https://wiki.zimbra.com/wiki/Incoming_Mail_Problems

zmprov ms mtaserver.com zimbraMtaLmtpHostLookup native
zmprov mcf zimbraMtaLmtpHostLookup native
zmmtactl restart

Since then, have not been able send emails. It appears they are being sent to the A record for the domain, not the MX record. If I flip 'native' back to 'dns' sending emails work again but receiving becomes an issue.

I can't be the only one with this issue, but not figuring this one out. Tried IRC but no responses in the past couple hours.

CentOS 6.9 with zcs-8.8.8_GA_2009.RHEL6_64.20180322150747
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: I can choose between sending or receiving emails

Post by phoenix »

If you're behind a NAT device and/or firewall you will need a Split DNS, read the wiki article on the subject and post the output of the command in the 'verify' section of that article.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
kevinds
Posts: 12
Joined: Thu Dec 28, 2017 11:33 pm

Re: I can choose between sending or receiving emails

Post by kevinds »

phoenix wrote:If you're behind a NAT device and/or firewall you will need a Split DNS, read the wiki article on the subject and post the output of the command in the 'verify' section of that article.
Ha Perfect I would edit the 'Incoming Mail Problems' page to include this piece of info when not using a relay, but only Zimbra folks can edit it :)

Actually I was close following another guide for setting up BIND to do answers for the local machine.

Had to tweak the Split-DNS wiki page db file a little, BIND didn't like it as is..

Code: Select all

Error in named configuration:
db.server.example.com:4: no TTL specified; using SOA MINTTL instead
db.server.example.com:11: NS record '192.0.2.28' appears to be an address
db.server.example.com:12: ignoring out-of-zone data (example.com)
zone server.example.com/IN: NS '192.0.2.28.server.example.com' has no address records (A or AAAA)
zone server.example.com/IN: not loaded due to errors.
_default/server.example.com/IN: bad zone
                                                           [FAILED]

Believe it is mostly working now.. Email for some domains is still being sent to the domain A record, not the MX record though

Code: Select all

relay=none, delay=387, delays=357/0.02/30/0, dsn=4.4.1, status=deferred (connect to hotmail.com[204.79.197.212]:25: Connection timed out)
relay=none, delay=386, delays=356/0.02/30/0, dsn=4.4.1, status=deferred (connect to gmail.com[216.58.193.69]:25: Connection timed out)
relay=none, delay=357, delays=357/0.07/0.04/0, dsn=4.4.1, status=deferred (connect to Shaw.ca[204.209.208.8]:25: Connection refused)
kevinds
Posts: 12
Joined: Thu Dec 28, 2017 11:33 pm

Re: I can choose between sending or receiving emails

Post by kevinds »

I made a lot of settings changes, too many to keep track of to try and get emalis not to be sent to domain's A records.. I don't know what actually fixed it. It was still a problem, I went to bed and came back to it the next day, and it was working.

Additionally, I found what I think is a much better (cleaner and easier) way than setting up split-DNS..

I setup a virtual network adapter with the public IP with a /32 subnet mask, it doesn't have a gateway or any other IPs on the subnet, so traffic isn't going to be sent anywhere, just internal for the Zimbra server to use.

Will also avoid the errors during Zimbra install about not having the MX IP address on the server. :)
Post Reply