I am adding a second interface to my Zimbra server to act as a new Primary DNS Server. I thought I read somewhere that Zimbra will automagically listen to all interfaces. What grief might this cause me?
Can this create an asymmetric route? Traffic comes in one interface, and gets sent out the other? Or can this all be controlled with routing?
Just looking for anyone who has been through the gotchyas with this ...
Adding second NIC interface for DNS - How will this affect Zimbra?
-
blueflametuna
- Advanced member
- Posts: 63
- Joined: Sat Sep 13, 2014 12:57 am
-
blueflametuna
- Advanced member
- Posts: 63
- Joined: Sat Sep 13, 2014 12:57 am
Adding second NIC interface for DNS - How will this affect Zimbra?
One way is to try it...
I added the IP alias (sub-interface) eth0:0 and enabled it.
Within seconds, I was seeing error messages like these:
Dec 7 15:38:49 mymail postfix/smtp[13912]: 14CB1CD00109: host f.mx.mail.yahoo.com[98.137.54.237] refused to talk to me: 421 4.7.0 [GL01] Message from (http://www.xxx.yyy.zzz) temporarily deferred - 4.16.50. Please refer to 421 Message from (x.x.x.x) temporarily deferred - 4.16.50 | Yahoo! Postmaster Help
The real ip address is the new sub-interface eth0:0 just added.
Zimbra should not be sending anything out from there.
yahoo, aol, and several others were blocking email messages due to improper whitelisting, or poor ip reputation, or some other such nonsense.
Can anyone tell me how to tell Zimbra to only use the IP address on the interface that matches the appropriate MX record and reverse PTR lookup?
Surely there must be a way to run a multihomed Zimbra server.
I added the IP alias (sub-interface) eth0:0 and enabled it.
Within seconds, I was seeing error messages like these:
Dec 7 15:38:49 mymail postfix/smtp[13912]: 14CB1CD00109: host f.mx.mail.yahoo.com[98.137.54.237] refused to talk to me: 421 4.7.0 [GL01] Message from (http://www.xxx.yyy.zzz) temporarily deferred - 4.16.50. Please refer to 421 Message from (x.x.x.x) temporarily deferred - 4.16.50 | Yahoo! Postmaster Help
The real ip address is the new sub-interface eth0:0 just added.
Zimbra should not be sending anything out from there.
yahoo, aol, and several others were blocking email messages due to improper whitelisting, or poor ip reputation, or some other such nonsense.
Can anyone tell me how to tell Zimbra to only use the IP address on the interface that matches the appropriate MX record and reverse PTR lookup?
Surely there must be a way to run a multihomed Zimbra server.
-
blueflametuna
- Advanced member
- Posts: 63
- Joined: Sat Sep 13, 2014 12:57 am
Adding second NIC interface for DNS - How will this affect Zimbra?
Or is this a known bug?
Bug 6111 – allow user to specify interface to bind to, instead of taking them all.
Bug 6111 – allow user to specify interface to bind to, instead of taking them all.
Adding second NIC interface for DNS - How will this affect Zimbra?
IIRC, Zimbra will bind to all of the IP addresses on your box after the first start of Zimbra after adding said IP address. However, it will only route traffic out the default gateway for traffic that's outside of the second interface's subnet unless you've got some really fancy routing happening.
-
blueflametuna
- Advanced member
- Posts: 63
- Joined: Sat Sep 13, 2014 12:57 am
Adding second NIC interface for DNS - How will this affect Zimbra?
Outbound email connections are being made from the wrong IP address.
It does not match the MX record for the FQDN. I doubt if routing is the issue.
I had to shutdown the sub-interface to get Zimbra to behave properly again.
It does not match the MX record for the FQDN. I doubt if routing is the issue.
I had to shutdown the sub-interface to get Zimbra to behave properly again.
-
blueflametuna
- Advanced member
- Posts: 63
- Joined: Sat Sep 13, 2014 12:57 am
Adding second NIC interface for DNS - How will this affect Zimbra?
OK, I'm giving up on the second interface idea.
I am going to simplify my life, and just enable DNS on the existing interface.
One IP, no routing issues, no conflicts that I know of.
Thoughts anyone?
I am going to simplify my life, and just enable DNS on the existing interface.
One IP, no routing issues, no conflicts that I know of.
Thoughts anyone?