Hello everyone,
I have a problem with a single Zimbra server configuration:
I have this single server in a DMZ behind a firewall; this firewall has 2 wan connections, and i have configured the MX of my domain with both ips (with different priorities, of course)...
5 mail.example.com.
10 mail2.example.com.
And DNS entries are:
mail.example.com xxx.xxx.xxx.xxx
mail2.example.com yyy.yyy.yyy.yyy
And ReverseDNS are:
xxx.xxx.xxx.xxx mail.example.com
yyy.yyy.yyy.yyy mail2.example.com
So, there are no problems when receiving mails from both wans, because i configured nat of mail ports on both wans pointing to the server.
BUT, problems do arise when i try to send mails:
The name of my server is mail.example.com, so it will present to receiving servers as mail.example.com. The problem is that when packets are sent through the second wan (which corresponds to yyy.yyy.yyy.yyy IP), the reverse dns will not correspond, since mail.example.com is resolved as xxx.xxx.xxx.xxx and not yyy.yyy.yyy.yyy; so most of our sent mails will be discarded as SPAM by receiving servers.
Is there a way to add a myhostname or something like that to solve this issue?
Thanks in advance
Regards
Single Server with multiple WANs
Re: Single Server with multiple WANs
Maybe with 2 MTA servers?
Anyone?
Anyone?
- ccelis5215
- Outstanding Member
- Posts: 632
- Joined: Sat Sep 13, 2014 2:04 am
- Location: Caracas - Venezuela
- ZCS/ZD Version: 8.8.15.GA.3869.UBUNTU18.64 P12
Re: Single Server with multiple WANs
That's the right way.2Pac-79 wrote:Maybe with 2 MTA servers?
If you want to modify some standard Zimbra configuration, take a look viewtopic.php?t=61398
ccelis
Re: Single Server with multiple WANs
You could setup a PTR dns record which lists the servers that mail will come from, or just configure your firewall to only use WANx for outgoing SMTP?
Re: Single Server with multiple WANs
Thanks to all of you...
I was thinking...
With
- 2 MTA servers
- Setting zimbraMtaFallbackRelayHost with the second MTA
- Setting zimbraSmtpHostname with the first MTA
Would it be possible to solve the issue?
Thanks again
I was thinking...
With
- 2 MTA servers
- Setting zimbraMtaFallbackRelayHost with the second MTA
- Setting zimbraSmtpHostname with the first MTA
Would it be possible to solve the issue?
Thanks again
Re: Single Server with multiple WANs
DNS and BIND (Albitz & Liu) shows no prohibition about having two different IPs PTR records to the same name, and actually do just that on the example on page 65 & 66 (4th edition).
So, simply change the PTR from mail2.example.com to mail.example.com
e.g. this would be perfectly fine:
1.249.249.192.in-addr.arpa. IN PTR mail.example.com
1.253.253.192.in-addr.arpa. IN PTR mail.example.com
So, simply change the PTR from mail2.example.com to mail.example.com
e.g. this would be perfectly fine:
1.249.249.192.in-addr.arpa. IN PTR mail.example.com
1.253.253.192.in-addr.arpa. IN PTR mail.example.com
- jorgedlcruz
- Zimbra Alumni
- Posts: 2782
- Joined: Thu May 22, 2014 4:47 pm
Re: Single Server with multiple WANs
+1howanitz wrote:DNS and BIND (Albitz & Liu) shows no prohibition about having two different IPs PTR records to the same name, and actually do just that on the example on page 65 & 66 (4th edition).
So, simply change the PTR from mail2.example.com to mail.example.com
e.g. this would be perfectly fine:
1.249.249.192.in-addr.arpa. IN PTR mail.example.com
1.253.253.192.in-addr.arpa. IN PTR mail.example.com
Re: Single Server with multiple WANs
Thank you Jorge,
Actually we did have had some problems with 2 PTRs records pointing to the same IP. Because some receiving mail servers, make a double check on the ip from which the mail is coming from AND the record A resulting from the PTR check; so we would have the following situation:
An email comes out from the second IP (in our example yyy.yyy.yyy.yyy), which would translate from a PTR search in mail.example.com . BUT mail.example.com does translate in xxx.xxx.xxx.xxx . So some (just a few actually) servers throw an error and stop delivering this email...
Actually we did have had some problems with 2 PTRs records pointing to the same IP. Because some receiving mail servers, make a double check on the ip from which the mail is coming from AND the record A resulting from the PTR check; so we would have the following situation:
An email comes out from the second IP (in our example yyy.yyy.yyy.yyy), which would translate from a PTR search in mail.example.com . BUT mail.example.com does translate in xxx.xxx.xxx.xxx . So some (just a few actually) servers throw an error and stop delivering this email...