Connection timed out:7025 - Issue

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
hank314
Posts: 8
Joined: Fri Mar 31, 2017 10:44 am

Connection timed out:7025 - Issue

Post by hank314 »

Hi,
in a new installation of Zimbra 8.8.6 sometimes outgoing mails remain in queue:

Feb 16 08:56:10 zimbra postfix/error[5351]: 85994198DF65B: to=<xxx@xxx.xx>, relay=none, delay=119, delays=0.08/118/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to zimbra.xx.xx[Public_IP] 7025: Connection timed out)
Feb 16 08:56:10 zimbra postfix/lmtp[2704]: connect to zimbra.xx.xx[Public_IP]:7025: Connection timed out

If i requeue the mails are correctly sent..

I checked my firewall/dnsServer configurations but i don't see issues (the standard zimbra ports are open and the dns works).

Any help?
User avatar
DualBoot
Elite member
Elite member
Posts: 1326
Joined: Mon Apr 18, 2016 8:18 pm
Location: France - Earth
ZCS/ZD Version: ZCS FLOSS - 8.8.15 Mutli servers
Contact:

Re: Connection timed out:7025 - Issue

Post by DualBoot »

Hello,

this is not an outgoing mail but an ingoing mail.
7025 port is related to mailboxd, so you must investigate into the following logs :
- mailbox.log
- zmmailboxd.out

Regards,
Klug
Ambassador
Ambassador
Posts: 2747
Joined: Mon Dec 16, 2013 11:35 am
Location: France - Drôme
ZCS/ZD Version: All of them
Contact:

Re: Connection timed out:7025 - Issue

Post by Klug »

Double check your DNS too or split-DNS.
hank314
Posts: 8
Joined: Fri Mar 31, 2017 10:44 am

Re: Connection timed out:7025 - Issue

Post by hank314 »

This was my resolv.conf file:

nameserver Ip_internalDNS
nameserver 8.8.8.8
nameserver 127.0.0.1
search xxx.xx

I change with:
nameserver Ip_internalDNS
nameserver 127.0.0.1

It seems like sometimes Zimbra uses the pubblic DNS server to resolve zimbra.xxx.xx
In other installations with these parameters I have no problems
Klug
Ambassador
Ambassador
Posts: 2747
Joined: Mon Dec 16, 2013 11:35 am
Location: France - Drôme
ZCS/ZD Version: All of them
Contact:

Re: Connection timed out:7025 - Issue

Post by Klug »

If your ZCS server is on a LAN that is natted to the internet, you should only (*) use internal resolver(s) and split-DNS.
When natted, you should never define both an internal and external resolver (*).

(*) it might work with using public resolvers if your firewall is able to do hairpining (https://en.wikipedia.org/wiki/Hairpinning).
However, that would need you have port 7025 natted too and that's not a good idea.
hank314
Posts: 8
Joined: Fri Mar 31, 2017 10:44 am

Re: Connection timed out:7025 - Issue

Post by hank314 »

it's work!
Thanks.
hank314
Posts: 8
Joined: Fri Mar 31, 2017 10:44 am

Re: Connection timed out:7025 - Issue

Post by hank314 »

The issue has returned (yesterday..): sometimes the nameserver it is solved with external address.

Dns split is configured with Windows Dns server. (checked)

These are the main configuration files:

/etc/resolv.conf
nameserver 127.0.0.1
nameserver InternalWindowsDNS


/etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
IPZimbra zimbra.xx.xx zimbra

cat /etc/hostname
zimbra.xx.xx


I try some configuration, without results..

Thanks
bikash.jha
Posts: 1
Joined: Mon Jan 20, 2020 6:19 am

Re: Connection timed out:7025 - Issue

Post by bikash.jha »

hi
We have also faced this problem and corrected it using the steps given below.
There is no connection to port 7025 to perform Local Mail Transfer Protocol (LMTP) delivery.

This is nearly always caused by a host that is configured on private IP Space (or using NAT) and that does not have an interface for the public IP address the server resides on. This can be easily fixed by simply using native IP address lookups for lmtp rather than DNS. Alternatively, you could have your internal network's domain name configured to lookup differently internally than it does externally. Using that method is beyond the scope of this document.


Zimbra Collaboration 8.5 or above

ZCS 8.5 or above onwards this attribute is now in ldap - zimbraMtaLmtpHostLookup

zmprov ms yourmailserver.com zimbraMtaLmtpHostLookup native

In case that you are using Single Server, be aware always of the Global Config as well:

zmprov mcf zimbraMtaLmtpHostLookup native

Once this is done, you'll need to restart the mta:

zmmtactl restart

Zimbra Collaboration 8.0 or previous

To lookup lmtp addresses natively instead of by DNS, simply modify the following localconfig values on all mta's:

zmlocalconfig -e postfix_lmtp_host_lookup=native

Once this is done, you'll need to restart the mta:

zmmtactl restart
bnpps
Posts: 4
Joined: Wed Feb 19, 2020 4:07 pm

Re: Connection timed out:7025 - Issue

Post by bnpps »

Hi,

In my case It was just a matter of duplicated entries in /etc/hosts
Some mails were processed by postfix/lmtp without timeout, for others it had been doing.
I've observed in zimbra.log that problematic mails are trying to be processed/send by lmtp to external ip instead of internal.
In /etc/hosts I had two entries to the same dns (external and internal). I've deleted external one and problem has been resolved.
It's worth to start there.
jackarru
Posts: 4
Joined: Fri Aug 11, 2023 11:17 pm

Re: Connection timed out:7025 - Issue

Post by jackarru »

I had this issue after upgrading from v8 to v10. This solution from bikash.jha in his post above worked for me.
Post Reply