Single Server with multiple WANs

[2Pac-79]

Hello everyone,

I have a problem with a single Zimbra server configuration:

I have this single server in a DMZ behind a firewall; this firewall has 2 wan connections, and i have configured the MX of my domain with both ips (with different priorities, of course)...

5 mail.example.com.
10 mail2.example.com.

And DNS entries are:

mail.example.com xxx.xxx.xxx.xxx
mail2.example.com yyy.yyy.yyy.yyy

And ReverseDNS are:

xxx.xxx.xxx.xxx mail.example.com
yyy.yyy.yyy.yyy mail2.example.com

So, there are no problems when receiving mails from both wans, because i configured nat of mail ports on both wans pointing to the server.

BUT, problems do arise when i try to send mails:

The name of my server is mail.example.com, so it will present to receiving servers as mail.example.com. The problem is that when packets are sent through the second wan (which corresponds to yyy.yyy.yyy.yyy IP), the reverse dns will not correspond, since mail.example.com is resolved as xxx.xxx.xxx.xxx and not yyy.yyy.yyy.yyy; so most of our sent mails will be discarded as SPAM by receiving servers.

Is there a way to add a myhostname or something like that to solve this issue?

Thanks in advance
Regards

[2Pac-79]

Maybe with 2 MTA servers?

Anyone?

[ccelis5215]

Maybe with 2 MTA servers?

That's the right way.

If you want to modify some standard Zimbra configuration, take a look viewtopic.php?t=61398

ccelis

[zanthius]

You could setup a PTR dns record which lists the servers that mail will come from, or just configure your firewall to only use WANx for outgoing SMTP?

[2Pac-79]

Thanks to all of you...

I was thinking...

With
- 2 MTA servers
- Setting zimbraMtaFallbackRelayHost with the second MTA
- Setting zimbraSmtpHostname with the first MTA

Would it be possible to solve the issue?

Thanks again

[howanitz]

DNS and BIND (Albitz & Liu) shows no prohibition about having two different IPs PTR records to the same name, and actually do just that on the example on page 65 & 66 (4th edition).

So, simply change the PTR from mail2.example.com to mail.example.com

e.g. this would be perfectly fine:

1.249.249.192.in-addr.arpa. IN PTR mail.example.com
1.253.253.192.in-addr.arpa. IN PTR mail.example.com

[jorgedlcruz]

DNS and BIND (Albitz & Liu) shows no prohibition about having two different IPs PTR records to the same name, and actually do just that on the example on page 65 & 66 (4th edition).

So, simply change the PTR from mail2.example.com to mail.example.com

e.g. this would be perfectly fine:

1.249.249.192.in-addr.arpa. IN PTR mail.example.com
1.253.253.192.in-addr.arpa. IN PTR mail.example.com

+1

[2Pac-79]

Thank you Jorge,

Actually we did have had some problems with 2 PTRs records pointing to the same IP. Because some receiving mail servers, make a double check on the ip from which the mail is coming from AND the record A resulting from the PTR check; so we would have the following situation:

An email comes out from the second IP (in our example yyy.yyy.yyy.yyy), which would translate from a PTR search in mail.example.com . BUT mail.example.com does translate in xxx.xxx.xxx.xxx . So some (just a few actually) servers throw an error and stop delivering this email...

[howanitz]

You can have the A records the same also:

https://community.spiceworks.com/topic/ ... -addresses