erratic behaviour of our Zimbra 8.8.9

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
User avatar
richCasud
Posts: 12
Joined: Tue Sep 04, 2018 11:01 am

erratic behaviour of our Zimbra 8.8.9

Post by richCasud »

Hello

We are experiencing difficulties with our new Zimbra Server

Most of the emails coming from outside our domain are bouncing
Some of our email from inside to inside just don't pass
...

We just finished a migration that took 4 weeks. We migrated account by batch, using zextras mig and, during this time, we had
the ZimbraOld passing mail to accounts on ZimbraNew using

Code: Select all

zmprov ma usermail@domaine.fr zimbraMailTransport smtp:mta.domaine.fr:25
zmprov ma usermail@domaine.fr zimbraMailTransport lmtp:mta2.domaine.fr:7025
Here is a part of our log
Oct 18 12:17:50 mta2 postfix/smtpd[10305]: warning: unknown smtpd restriction: "OK"
Oct 18 12:17:50 mta2 postfix/smtpd[10305]: NOQUEUE: reject: RCPT from mail-run1.idom.fr[domainNameProviderIP]: 451 4.3.5 Server configuration error; from=<someone@orange.fr> to=<user1@ourdomain.fr> proto=ESMTP helo=<mail-run1.idom.fr>
Oct 18 12:17:54 mta2 postfix/smtpd[10305]: NOQUEUE: reject: RCPT from mail-run1.idom.fr[domainNameProviderIP]: 554 5.7.1 <user2@ourdomain.fr>: Recipient address rejected: Access denied; from=<bounces+2708438-8cec-user2=ourdomain.fr@em8862.villagefse2019.fr> to=<user2@ourdomain.fr> proto=ESMTP helo=<mail-run1.idom.fr>
Oct 18 12:17:54 mta2 postfix/smtpd[10305]: warning: restriction `permit' after `reject' is ignored
Oct 18 12:17:56 mta2 postfix/smtp[11919]: 23C7A2886A0: to=<postmaster@mta2.ourdomain.fr>, orig_to=<postmaster>, relay=smtp.mobius.fr[ouProviderIP]:25, delay=406, delays=385/20/0.07/0.21, dsn=4.1.8, status=deferred (host smtp.mobius.fr[ouProviderIP] said: 450 4.1.8 <double-bounce@mta2.ourdomain.fr>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Oct 18 12:17:56 mta2 postfix/smtp[11933]: 2B06D28863F: to=<postmaster@mta2.ourdomain.fr>, orig_to=<postmaster>, relay=smtp.mobius.fr[ouProviderIP]:25, delay=487, delays=466/20/0.06/0.22, dsn=4.1.8, status=deferred (host smtp.mobius.fr[ouProviderIP] said: 450 4.1.8 <double-bounce@mta2.ourdomain.fr>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Oct 18 12:17:56 mta2 postfix/smtp[9138]: 2036A2886A2: to=<postmaster@mta2.ourdomain.fr>, orig_to=<postmaster>, relay=smtp.mobius.fr[ouProviderIP]:25, delay=441, delays=420/20/0.07/0.22, dsn=4.1.8, status=deferred (host smtp.mobius.fr[ouProviderIP] said: 450 4.1.8 <double-bounce@mta2.ourdomain.fr>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Oct 18 12:17:56 mta2 postfix/smtp[11918]: 2298A28869A: to=<postmaster@mta2.ourdomain.fr>, orig_to=<postmaster>, relay=smtp.mobius.fr[ouProviderIP]:25, delay=461, delays=440/20/0.07/0.22, dsn=4.1.8, status=deferred (host smtp.mobius.fr[ouProviderIP] said: 450 4.1.8 <double-bounce@mta2.ourdomain.fr>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Oct 18 12:17:56 mta2 postfix/smtp[11917]: 27558288698: to=<postmaster@mta2.ourdomain.fr>, orig_to=<postmaster>, relay=smtp.mobius.fr[ouProviderIP]:25, delay=477, delays=456/20/0.06/0.23, dsn=4.1.8, status=deferred (host smtp.mobius.fr[ouProviderIP] said: 450 4.1.8 <double-bounce@mta2.ourdomain.fr>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Oct 18 12:17:57 mta2 postfix/smtp[11935]: 4777D280E4B: to=<postmaster@mta2.ourdomain.fr>, orig_to=<postmaster>, relay=smtp.mobius.fr[ouProviderIP]:25, delay=1012, delays=991/20/1.1/0.01, dsn=4.1.8, status=deferred (host smtp.mobius.fr[ouProviderIP] said: 450 4.1.8 <double-bounce@mta2.ourdomain.fr>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Oct 18 12:17:58 mta2 postfix/postscreen[10304]: CONNECT from [ourZimbraServerIP]:48620 to [ourZimbraServerIP]:25
Oct 18 12:17:58 mta2 postfix/postscreen[10304]: WHITELISTED [ourZimbraServerIP]:48620
Oct 18 12:17:58 mta2 postfix/smtpd[11931]: connect from mta2.ourdomain.fr[ourZimbraServerIP]
Oct 18 12:17:58 mta2 postfix/smtpd[11931]: 29DAA288696: client=mta2.ourdomain.fr[ourZimbraServerIP]
Oct 18 12:17:58 mta2 postfix/cleanup[10357]: 29DAA288696: message-id=<1294940953.79.1539850677996.JavaMail.zimbra@ourdomain.fr>
Oct 18 12:17:58 mta2 postfix/qmgr[4944]: 29DAA288696: from=<user3@ourdomain.fr>, size=2168, nrcpt=5 (queue active)
Oct 18 12:17:58 mta2 postfix/smtpd[11931]: disconnect from mta2.ourdomain.fr[ourZimbraServerIP] ehlo=1 mail=1 rcpt=2 data=1 quit=1 commands=6
Oct 18 12:17:58 mta2 postfix/dkimmilter/smtpd[11913]: connect from localhost.ourdomain.fr[127.0.0.1]
Oct 18 12:17:58 mta2 postfix/dkimmilter/smtpd[11913]: Anonymous TLS connection established from localhost.ourdomain.fr[127.0.0.1]: TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)
Oct 18 12:17:58 mta2 postfix/dkimmilter/smtpd[11913]: 2F70D288699: client=localhost.ourdomain.fr[127.0.0.1]
Oct 18 12:17:58 mta2 postfix/cleanup[10340]: 2F70D288699: message-id=<1294940953.79.1539850677996.JavaMail.zimbra@ourdomain.fr>
Oct 18 12:17:58 mta2 opendkim[4716]: 2F70D288699: no signing table match for 'user3@ourdomain.fr'
Oct 18 12:17:58 mta2 postfix/smtp[11912]: 29DAA288696: to=<user4@ourdomain.fr>, orig_to=<dsi@ourdomain.fr>, relay=127.0.0.1[127.0.0.1]:10030, delay=0.08, delays=0.02/0/0/0.06, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 2F70D288699)
Oct 18 12:17:58 mta2 postfix/smtp[11912]: 29DAA288696: to=<user5@ourdomain.fr>, orig_to=<dsi@ourdomain.fr>, relay=127.0.0.1[127.0.0.1]:10030, delay=0.08, delays=0.02/0/0/0.06, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 2F70D288699)
Oct 18 12:17:58 mta2 postfix/qmgr[4944]: 2F70D288699: from=<user4@ourdomain.fr>, size=2362, nrcpt=5 (queue active)
Oct 18 12:17:58 mta2 postfix/smtp[11912]: 29DAA288696: to=<user5@ourdomain.fr>, orig_to=<dsi@ourdomain.fr>, relay=127.0.0.1[127.0.0.1]:10030, delay=0.08, delays=0.02/0/0/0.06, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 2F70D288699)
Oct 18 12:17:58 mta2 postfix/smtp[11912]: 29DAA288696: to=<user6@ourdomain.fr>, orig_to=<dsi@ourdomain.fr>, relay=127.0.0.1[127.0.0.1]:10030, delay=0.08, delays=0.02/0/0/0.06, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 2F70D288699)
Oct 18 12:17:58 mta2 postfix/smtp[11912]: 29DAA288696: to=<user6@ourdomain.fr>, relay=127.0.0.1[127.0.0.1]:10030, delay=0.08, delays=0.02/0/0/0.06, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 2F70D288699)
Oct 18 12:17:58 mta2 postfix/qmgr[4944]: 29DAA288696: removed
Can someone help us ?
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: erratic behaviour of our Zimbra 8.8.9

Post by phoenix »

There's no mention in this post of your Split Domain configuration, it's mentioned in a different thread and this is probably a side effect of that. Have you reversed all the changes from the Split Domain configuration and if you have post the output after those changes. Do you also have a Split DNS configuration for this server? If you have post all the output from the commands in the 'Verify...' section of the Split DNS article.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
User avatar
richCasud
Posts: 12
Joined: Tue Sep 04, 2018 11:01 am

Re: erratic behaviour of our Zimbra 8.8.9

Post by richCasud »

Thing is , we are not sur we used split domain

What we did:
On ZimbraOld
we created a transition domain (transitdomain.fr) and moved batches of user account to that domain, to export them using ZX MigrationTool
On ZimbraNew
We imported those account and moved them to ourdomain.fr
Then, run that command
zmprov ma usermail@domaine.fr zimbraMailTransport smtp:mta.domaine.fr:25
zmprov ma usermail@domaine.fr zimbraMailTransport lmtp:mta2.domaine.fr:7025

Does that means we used split domain ?
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: erratic behaviour of our Zimbra 8.8.9

Post by phoenix »

richCasud wrote:Does that means we used split domain ?
No, that's not a Split Domain and I'm only quoting the fact you said that's what you had. The only entry you need on any account is for the lmtp setting, you can remove the smtp one.

You didn't answer my question about a Split DNS.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
User avatar
richCasud
Posts: 12
Joined: Tue Sep 04, 2018 11:01 am

Re: erratic behaviour of our Zimbra 8.8.9

Post by richCasud »

question about a Split DNS
I don't know, how do I check for it ?
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: erratic behaviour of our Zimbra 8.8.9

Post by phoenix »

Take a look at the Split DNS wiki article I mentioned earlier.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
User avatar
richCasud
Posts: 12
Joined: Tue Sep 04, 2018 11:01 am

Re: erratic behaviour of our Zimbra 8.8.9

Post by richCasud »

does that helps ?

considering this page, https://wiki.zimbra.com/wiki/Split_DNS# ... is_working
this is what we get when we do.
(we didn't use dnsmasq but bind instead)

dig ourdomain.fr mx
; <<>> DiG 9.10.3-P4-Ubuntu <<>> ourdomain.fr mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44629
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ourdomain.fr. IN MX

;; AUTHORITY SECTION:
ourdomain.fr. 2313 IN SOA srv-dc01.ccsud.local. hostmaster.ccsud.local. 52 900 600 86400 3600

;; Query time: 3 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Oct 18 15:23:47 +04 2018
;; MSG SIZE rcvd: 104

zimbra@mta2:~/common/conf$ clear
zimbra@mta2:~/common/conf$ dig ourdomain.fr any

; <<>> DiG 9.10.3-P4-Ubuntu <<>> ourdomain.fr any
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23735
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ourdomain.fr. IN ANY

;; ANSWER SECTION:
ourdomain.fr. 2264 IN NS srv-dc02.ccsud.local.
ourdomain.fr. 2264 IN NS srv-dc01.ccsud.local.
ourdomain.fr. 2264 IN NS srv-dc03.ccsud.local.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Oct 18 15:24:36 +04 2018
;; MSG SIZE rcvd: 117

zimbra@mta2:~/common/conf$ host $(hostname)
mta2.ourdomain.fr has address 10.10.1.22
mta2.ourdomain.fr mail is handled by 10 mta2.ourdomain.fr.
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: erratic behaviour of our Zimbra 8.8.9

Post by phoenix »

That output indicates that you don't have a Split DNS but the output suggests you are behind a NAT router and in that case you need a Split DNS configured (that includes configuring the hosts file correctly as per the wiki article).
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
User avatar
richExt
Posts: 7
Joined: Thu Oct 18, 2018 8:22 am

Re: erratic behaviour of our Zimbra 8.8.9

Post by richExt »

thank you a 1000 times phoenix

We've been working at it until today and without your help we wouldn't be in good shape now.
But, here we are, with a zimbra server that sends and receives emails :)

We still have some bug, like the Distribution lists not receiving from outside our domain and
some double-bounce that keep coming at us, but at least people have mail.

//***********To give an ANSWER to the post's question:

It was all about the BIND
Being behind a NAT we should have known that we needed a split Domain settup
We choosed Bind
It took us a lot of time to get the Bind setting right
The zimbra server was really behaving crazy and we didn't know what to tackle first
so many things going wrong
but once the bind status showed everthing in green, the server became a good boy again

//**************

Don't know where we would be without this forum

THANK YOU
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: erratic behaviour of our Zimbra 8.8.9

Post by phoenix »

Well done, I'm glad you've fixed it. :)

I'd suggest you open a new thread on your D/L problem if you don't find a solution, I don't use them but there should be no reason why they wouldn't work in your environment.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
Post Reply