Can't send any emails
Can't send any emails
I started a zimbra mailserver earlier this month. We had our first test this week. Before that, all the test emails came fine. There were about a dozen of them spread across a couple of weeks.
However, yesterday, we began to send consistent volume of 1k emails/hr. After just an hour, we decided to pause and test if the emails were sending properly. We mad ea few email tests but none came through. We took a break and tried again today to no avail. We tried sending to gmail, hotmail, and even to one of our own zimbra-based addresses. But, emails are just simply not sending. We get no error or bounce.
We see the email in the Sent folder. But, when we check in our seed account, even the one hosted on the same server, we find nothing. Not even in Junk. And, no error messages either.
Has anyone had this before?
However, yesterday, we began to send consistent volume of 1k emails/hr. After just an hour, we decided to pause and test if the emails were sending properly. We mad ea few email tests but none came through. We took a break and tried again today to no avail. We tried sending to gmail, hotmail, and even to one of our own zimbra-based addresses. But, emails are just simply not sending. We get no error or bounce.
We see the email in the Sent folder. But, when we check in our seed account, even the one hosted on the same server, we find nothing. Not even in Junk. And, no error messages either.
Has anyone had this before?
Re: Can't send any emails
I wouldn't have thought so or the forums would be full of comments like this and in my thirteen years here I can assure you there hasn't been a situation you describe.Safesend wrote:Has anyone had this before?
You mentioned that your 'test' worked fine and now it doesn't, my question would be what happened between those two periods? Have you looked in the mail queues to see if anything is 'stuck' there? If there is a problem with the server (or even if there isn't) there should be some information in the log files, in which log files are you looking? You also haven't given much information about your configuration: bare metal or VM; firewall disabled; how much ram; any modifications made to zimbra; if you're behind a firewall or NAT router, is your DNS configured correctly (show us the details); any 'tuning' for your environment made to zimbra; anything else you can think of that may be useful or informative?
Re: Can't send any emails
Hi phoenix! Thanks for the reply. Here's some background info:phoenix wrote:I wouldn't have thought so or the forums would be full of comments like this and in my thirteen years here I can assure you there hasn't been a situation you describe.Safesend wrote:Has anyone had this before?
You mentioned that your 'test' worked fine and now it doesn't, my question would be what happened between those two periods? Have you looked in the mail queues to see if anything is 'stuck' there? If there is a problem with the server (or even if there isn't) there should be some information in the log files, in which log files are you looking? You also haven't given much information about your configuration: bare metal or VM; firewall disabled; how much ram; any modifications made to zimbra; if you're behind a firewall or NAT router, is your DNS configured correctly (show us the details); any 'tuning' for your environment made to zimbra; anything else you can think of that may be useful or informative?
1. I installed Zimbra on an Ubuntu 16 VPS from DigitalOcean (2 vCPUs, 4GB, 80GB Disk)
2. I installed ufw and allowed zimbra
3. no modifications made to zimbra, just followe dteh instructions for ubuntu
4. the dns are fine, made sure about that prior to the install, no errors reported
All that happened in the period between when the emails were sending fine and when they stopped sending properly was when i scheduled a sendout of 1k+ emails within one hour.
I also checked the logs for the send emails with the following command:
/opt/zimbra/libexec/zmmsgtrace -r '@gmail.com' /var/log/zimbra*
It did not provide any logs for the emails sent after the episode with 1k+/hr. In fact, nothing is logged after 2 days ago, even another test email that I just sent.
This seems to me like it could be between the interface and the backend of zimbra. What you think? Let me know if you need more details
Re: Can't send any emails
Can you tail the log file and send another single message, see if that provides any clues.
Re: Can't send any emails
phoenix wrote:Can you tail the log file and send another single message, see if that provides any clues.
Hmm, nothing. No log since now >3 days ago. But the appp keeps saying it was sent. I then ran tail -f /var/log/zimbra.log and sent 2 more emails and the following popped out in the logs:
Jul 1 19:25:27 zm2 postfix/qmgr[4723]: 33AE4C12A9: from=<contact@sub.domain.com>, size=1233, nrcpt=1 (queue active)
Jul 1 19:25:27 zm2 postfix/qmgr[4723]: 2B079C12AB: from=<bounce@sub.domain.com>, size=15301, nrcpt=1 (queue active)
Jul 1 19:25:27 zm2 postfix/qmgr[4723]: 7BC1BC1211: from=<admin@sub.domain.com>, size=9441, nrcpt=1 (queue active)
Jul 1 19:25:27 zm2 postfix/qmgr[4723]: D8B82BDEC7: from=<root@sub.domain.com>, size=739, nrcpt=1 (queue active)
Jul 1 19:25:27 zm2 postfix/qmgr[4723]: 5315EC12AF: from=<010201644a835f0f-4bb8cc31-61b4-4105-bbf9-06e31d0a6a22-000000@eu-west-1.amazonses.com>, size=2913, nrcpt=1 (queue active)
Jul 1 19:25:27 zm2 postfix/smtp[27378]: connect to 127.0.0.1[127.0.0.1] Connection refused
Jul 1 19:25:27 zm2 postfix/smtp[27379]: connect to 127.0.0.1[127.0.0.1] Connection refused
Jul 1 19:25:27 zm2 postfix/smtp[27378]: 33AE4C12A9: to=<testaddress1@gmail.com>, relay=none, delay=424, delays=424/0.01/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1] Connection refused)
Jul 1 19:25:27 zm2 postfix/smtp[27379]: 2B079C12AB: to=<testaddress2@gmail.com>, relay=none, delay=256760, delays=256760/0.02/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1] Connection refused)
Jul 1 19:25:27 zm2 postfix/smtp[27379]: connect to 127.0.0.1[127.0.0.1] Connection refused
Jul 1 19:25:27 zm2 postfix/smtp[27379]: D8B82BDEC7: to=<admin@sub.domain.com>, orig_to=<root>, relay=none, delay=46751, delays=46751/0.01/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1] Connection refused)
Jul 1 19:25:27 zm2 postfix/smtp[27379]: connect to 127.0.0.1[127.0.0.1] Connection refused
Jul 1 19:25:27 zm2 postfix/smtp[27378]: connect to 127.0.0.1[127.0.0.1] Connection refused
Jul 1 19:25:27 zm2 postfix/smtp[27378]: 7BC1BC1211: to=<admin@sub.domain.com>, relay=none, delay=71706, delays=71706/0.01/0.01/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1] Connection refused)
Jul 1 19:25:27 zm2 postfix/smtp[27379]: 5315EC12AF: to=<feedback@sub.domain.com>, relay=none, delay=214639, delays=214639/0.02/0.01/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1] Connection refused)
Jul 1 19:25:40 zm2 postfix/postscreen[27394]: CONNECT from [127.0.0.1]:60496 to [127.0.1.1]:25
Jul 1 19:25:40 zm2 postfix/postscreen[27394]: WHITELISTED [127.0.0.1]:60496
Jul 1 19:25:40 zm2 postfix/smtpd[27395]: connect from localhost[127.0.0.1]
Jul 1 19:25:40 zm2 postfix/smtpd[27395]: NOQUEUE: filter: RCPT from localhost[127.0.0.1]: <contact@sub.domain.com>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<contact@sub.domain.com> to=<testaddress3@gmail.com> proto=ESMTP helo=<sub.domain.com>
Jul 1 19:25:40 zm2 postfix/smtpd[27395]: D5A38C12EE: client=localhost[127.0.0.1]
Jul 1 19:25:40 zm2 postfix/cleanup[27398]: D5A38C12EE: message-id=<830246596.126.1530473140721.JavaMail.zimbra@sub.domain.com>
Jul 1 19:25:40 zm2 postfix/qmgr[4723]: D5A38C12EE: from=<contact@sub.domain.com>, size=2763, nrcpt=1 (queue active)
Jul 1 19:25:40 zm2 postfix/smtpd[27395]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Jul 1 19:25:40 zm2 postfix/error[27399]: D5A38C12EE: to=<testaddress3@gmail.com>, relay=none, delay=0.04, delays=0.02/0.01/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to 127.0.0.1[127.0.0.1] Connection refused)
Jul 1 19:25:46 zm2 zmconfigd[3833]: Fetching All configs
Jul 1 19:25:46 zm2 zmconfigd[3833]: All configs fetched in 0.07 seconds
Jul 1 19:25:46 zm2 zmconfigd[3833]: Tracking service amavis
Jul 1 19:25:50 zm2 zmconfigd[3833]: Tracking service antispam
Jul 1 19:25:51 zm2 sshd[27543]: Invalid user jira from 117.239.178.22
Jul 1 19:25:51 zm2 sshd[27543]: input_userauth_request: invalid user jira [preauth]
Jul 1 19:25:51 zm2 sshd[27543]: Received disconnect from 117.239.178.22 port 24974:11: Normal Shutdown, Thank you for playing [preauth]
Jul 1 19:25:51 zm2 sshd[27543]: Disconnected from 117.239.178.22 port 24974 [preauth]
Jul 1 19:25:52 zm2 zmconfigd[3833]: Watchdog: service antivirus status is OK.
Jul 1 19:25:52 zm2 zmconfigd[3833]: All rewrite threads completed in 0.00 sec
Jul 1 19:25:52 zm2 zmconfigd[3833]: All restarts completed in 0.00 sec
I found the following type of logs interesting:
Jul 1 19:25:27 zm2 postfix/smtp[27378]: 33AE4C12A9: to=<testaddress1@gmail.com>, relay=none, delay=424, delays=424/0.01/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1] Connection refused)
Jul 1 19:25:27 zm2 postfix/smtp[27379]: 2B079C12AB: to=<testaddress2@gmail.com>, relay=none, delay=256760, delays=256760/0.02/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1] Connection refused)
Could it be due to the firewall? But I don't recall any changes to teh firewall configuration since starting this server. As I mentioned, earlier this week all the test emails came fine.
What you think?
Re: Can't send any emails
Are the correct ports open in the firewall? You mentioned that your DNS is 'correct' when I asked you earlier, did you configure a Split DNS? If you did then run the commands in the Verify section of this article: https://wiki.zimbra.com/wiki/Split_DNS If you don't have that configured then you will need it behind a firewall and/or NAT router.
Re: Can't send any emails
Thanks Phoenix. I finally found how to resolve it. the issue was with the ufw permissions. After updating those, I was able to start emailing again. Here are the updated ufw permissions:phoenix wrote:Are the correct ports open in the firewall? You mentioned that your DNS is 'correct' when I asked you earlier, did you configure a Split DNS? If you did then run the commands in the Verify section of this article: https://wiki.zimbra.com/wiki/Split_DNS If you don't have that configured then you will need it behind a firewall and/or NAT router.
Code: Select all
Zimbra ALLOW Anywhere
22 ALLOW Anywhere
Anywhere ALLOW My.Home.Ip
Anywhere ALLOW 127.0.1.1
Anywhere ALLOW 127.0.0.1
Anywhere ALLOW My.Sending.Ip
Zimbra (v6) ALLOW Anywhere (v6)
22 (v6) ALLOW Anywhere (v6)
Re: Can't send any emails
A Split DNS is required if you're behind a NAT router (on a private LAN IP) and it's advisable if you're behind a firewall as Zimbra needs to be able to resolve the IP address of the ZCS server.
Re: Can't send any emails
Ok, I will look into it. But, for now, I reckon my dns is properly verified. The output does not seem to deviate much from the one in the article's example. Here's what I got:phoenix wrote:A Split DNS is required if you're behind a NAT router (on a private LAN IP) and it's advisable if you're behind a firewall as Zimbra needs to be able to resolve the IP address of the ZCS server.
Code: Select all
root@vps:~# dig sub.domain.com mx
; <<>> DiG 9.10.3-P4-Ubuntu <<>> sub.domain.com mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60934
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;sub.domain.com. IN MX
;; ANSWER SECTION:
sub.domain.com. 1799 IN MX 10 sub.domain.com.
;; Query time: 201 msec
;; SERVER: 192.168.1.10#53(192.168.1.10)
;; WHEN: Tue Jul 10 16:14:06 UTC 2018
;; MSG SIZE rcvd: 66
root@vps:~# dig sub.domain.com any
; <<>> DiG 9.10.3-P4-Ubuntu <<>> sub.domain.com any
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62585
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;sub.domain.com. IN ANY
;; ANSWER SECTION:
sub.domain.com. 1799 IN TXT "v=spf1 a mx ip4:Vps.Ip.Address ~all"
sub.domain.com. 1799 IN MX 10 sub.domain.com.
sub.domain.com. 1799 IN A Vps.Ip.Address
;; Query time: 76 msec
;; SERVER: 192.168.1.10#53(192.168.1.10)
;; WHEN: Tue Jul 10 16:15:05 UTC 2018
;; MSG SIZE rcvd: 130
root@vps:~# dig domain.com any
; <<>> DiG 9.10.3-P4-Ubuntu <<>> domain.com any
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51510
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;domain.com. IN ANY
;; ANSWER SECTION:
domain.com. 3601 IN SOA dns1.registrar-servers.com. hostmaster.registrar-servers.com. 2018070907 43200 3600 604800 3601
domain.com. 1799 IN TXT "v=spf1 a mx ip4:Vps.Ip.Address ip4:Vps.Ip.Address ip4:Vps.Ip.Address ~all"
domain.com. 1800 IN NS dns1.registrar-servers.com.
domain.com. 1799 IN TXT "google-site-verification=h4$H"
domain.com. 1800 IN A Vps.Ip.Address
domain.com. 1800 IN NS dns2.registrar-servers.com.
;; Query time: 77 msec
;; SERVER: 192.168.1.10#53(192.168.1.10)
;; WHEN: Tue Jul 10 16:15:59 UTC 2018
;; MSG SIZE rcvd: 330
Re: Can't send any emails
Even after trying to set up split dns via bind, here's how named.conf.options looks like on my ubuntu:
Its' nothing liek the one in the article which makes it only more confusing.
Code: Select all
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};