Receiving Problem - could do with a bit of help

[Tarkin]

Hi Guys

I've installed zimbra M3 on a fedora core 4. system. No firewall on the system. I've got the DNS records hosted externally. (See below for details)
I've got an external IP that my router NATs to an internal IP.

Sending mail works fine.
Receiving mail looks good from the web but never gets there. The zimbra log shows that its getting to postfix.

I assume the line

Jan 13 11:04:59 thanatos postfix/qmgr[1434]: 135511C05EC: to=<monika@mydomain.com>, relay=none, delay=0, status=deferred (delivery temporarily suspended: connect to mydomain.com[202.173.133.45]: Connection refused)

Indicates the problem.

As far as I can see, its trying to connect to the external IP when postfix is receiving the mail rather than using the local IP.
Should it be doing that?

All help appreciated.

Robert


name class type data time to live
mydomain.com IN SOA
server: ns1.addresscreation.com
email: hostmaster.mydomain.com
serial: 2006011212
refresh: 16384
retry: 2048
expire: 1048576
minimum ttl: 2560
86400s (1.00:00:00)
mydomain.com IN NS ns1.addresscreation.com 86400s (1.00:00:00)
mydomain.com IN NS ns2.addresscreation.com 86400s (1.00:00:00)
mydomain.com IN MX
preference: 25
exchange: mydomain.com
2400s (00:40:00)
mydomain.com IN MX
preference: 30
exchange: mydomain.com
2400s (00:40:00)
mydomain.com IN A 202.173.133.45 2400s (00:40:00)
45.133.173.202.in-addr.arpa IN PTR dsl-202-173-133-45.nsw.westnet.com.au 43200s (12:00:00)


[zimbra@thanatos /]$ tail -f /var/log/zimbra.log
Jan 13 11:04:17 thanatos amavis[832]: (00832-01-3) extra modules loaded: Net/LDAP/Bind.pm
Jan 13 11:04:17 thanatos amavis[828]: (00828-01-4) extra modules loaded: Net/LDAP/Bind.pm
Jan 13 11:04:17 thanatos amavis[823]: (00823-02-2) extra modules loaded: Net/LDAP/Bind.pm
Jan 13 11:04:17 thanatos amavis[825]: (00825-02-2) extra modules loaded: Net/LDAP/Bind.pm
Jan 13 11:04:17 thanatos postfix/qmgr[1434]: DF0EE1C05CF: to=<robert@mydomain.com>, relay=none, delay=1, status=deferred (delivery temporarily suspended: connect to mydomain.com[202.173.133.45]: Connection refused)
Jan 13 11:04:17 thanatos postfix/qmgr[1434]: 96CA21C05EC: removed
Jan 13 11:04:17 thanatos postfix/qmgr[1434]: 932061C05F5: removed
Jan 13 11:04:18 thanatos amavis[830]: (00830-01-3) extra modules loaded: Net/LDAP/Bind.pm
Jan 13 11:04:18 thanatos amavis[827]: (00827-02-2) extra modules loaded: Net/LDAP/Bind.pm
Jan 13 11:04:19 thanatos amavis[824]: (00824-02-4) extra modules loaded: Net/LDAP/Bind.pm
Jan 13 11:04:58 thanatos postfix/smtpd[1829]: initializing the server-side TLS engine
Jan 13 11:04:58 thanatos postfix/smtpd[1829]: connect from mail.extdomain.com.au[203.63.111.197]
Jan 13 11:04:58 thanatos postfix/smtpd[1829]: 31FAB1C05D2: client=mail.extdomain.com.au[203.63.111.197]
Jan 13 11:04:58 thanatos postfix/cleanup[1521]: 31FAB1C05D2: message-id=<57D06F1DF6A6F14A8D454AF6298EF0EE1DC888@VRHO.ex tdomain.com.au>
Jan 13 11:04:58 thanatos postfix/qmgr[1434]: 31FAB1C05D2: from=<rtillsley@extdomain.com.au>, size=102030, nrcpt=1 (queue active)
Jan 13 11:04:58 thanatos postfix/smtpd[1829]: disconnect from mail.extdomain.com.au[203.63.111.197]
Jan 13 11:04:58 thanatos amavis[829]: (00829-02) ESMTP::10024 /opt/zimbra/amavisd/tmp/amavis-20060113T110350-00829: <rtillsley@extdomain.com.au> -> <monika@mydomain.com> Received: SIZE=102030 from mydomain.com ([127.0.0.1]) by localhost (mydomain.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 00829-02 for <monika@mydomain.com>; Fri, 13 Jan 2006 11:04:58 +1100 (EST)
Jan 13 11:04:58 thanatos amavis[829]: (00829-02) Checking: n-Ggpea55Yci [203.63.111.197] <rtillsley@extdomain.com.au> -> <monika@mydomain.com>
Jan 13 11:04:59 thanatos amavis[829]: (00829-02) spam_scan: not wasting time on SA, message longer than 32767 bytes: 740+99910
Jan 13 11:04:59 thanatos postfix/smtpd[1484]: connect from localhost.localdomain[127.0.0.1]
Jan 13 11:04:59 thanatos postfix/smtpd[1484]: 135511C05EC: client=localhost.localdomain[127.0.0.1]
Jan 13 11:04:59 thanatos postfix/cleanup[1436]: 135511C05EC: message-id=<57D06F1DF6A6F14A8D454AF6298EF0EE1DC888@VRHO.ex tdomain.com.au>
Jan 13 11:04:59 thanatos postfix/qmgr[1434]: 135511C05EC: from=<rtillsley@extdomain.com.au>, size=102448, nrcpt=1 (queue active)
Jan 13 11:04:59 thanatos postfix/smtpd[1484]: disconnect from localhost.localdomain[127.0.0.1]
Jan 13 11:04:59 thanatos amavis[829]: (00829-02) FWD via SMTP: <rtillsley@extdomain.com.au> -> <monika@mydomain.com>, 250 2.6.0 Ok, id=00829-02, from MTA([127.0.0.1]:10025): 250 Ok: queued as 135511C05EC
Jan 13 11:04:59 thanatos amavis[829]: (00829-02) Passed CLEAN, [203.63.111.197] [203.63.111.197] <rtillsley@extdomain.com.au> -> <monika@mydomain.com>, Message-ID: <57D06F1DF6A6F14A8D454AF6298EF0EE1DC888@VRHO.extdo main.com.au>, mail_id: n-Ggpea55Yci, Hits: -, 195 ms
Jan 13 11:04:59 thanatos postfix/smtp[1483]: 31FAB1C05D2: to=<monika@mydomain.com>, relay=127.0.0.1[127.0.0.1], delay=1, status=sent (250 2.6.0 Ok, id=00829-02, from MTA([127.0.0.1]:10025): 250 Ok: queued as 135511C05EC)
Jan 13 11:04:59 thanatos amavis[829]: (00829-02) extra modules loaded: Net/LDAP/Bind.pm
Jan 13 11:04:59 thanatos postfix/qmgr[1434]: 135511C05EC: to=<monika@mydomain.com>, relay=none, delay=0, status=deferred (delivery temporarily suspended: connect to mydomain.com[202.173.133.45]: Connection refused)
Jan 13 11:04:59 thanatos postfix/qmgr[1434]: 31FAB1C05D2: removed
Jan 13 11:05:04 thanatos zimbramon[1837]: 1837:info: 2006-01-13

[marcmac]

can you telnet from this box to the public IP on both ports 25 and 7025?

[Tarkin]

Do you mean telnet from an external site to this address?

I didn't put an entry into the the router to nat on port 7025.

I noticed when I was looking in the forum before I started a thread.

from the localhost I can telnet to itself

ie
$telnet mydomain.com 7025
Trying 127.0.0.1
Connected to mydomain.com (127.0.0.1).

220 mydomain.com Zimbra LMTP ready

I can't from the outsite world because I have put a router entry, but if postfix has already received this I assume that it shouldn't need an outside reference, right?

So is the problem that when telnetting its able to see that it should be going to the localhost IP, but when postfix is doing it, its not seeing the hosts file, its working off of what the external dns server gives for the IP? (clutching at straws)

[marcmac]

Don't telnet to the loopback interface.

Look at the error:

Jan 13 11:04:59 thanatos postfix/qmgr[1434]: 135511C05EC: to=<monika@mydomain.com>, relay=none, delay=0, status=deferred (delivery temporarily suspended: connect to mydomain.com[202.173.133.45]: Connection refused)


What is 202.173.133.45? Is that your server? If so, can you telnet to that IP on 7025 and 25?

If it's not your server, why are you tring to send your mail to it?

[Tarkin]

The IP is the public IP of my router. I only have 1 Public IP. So the router NATs port 443, 25 and 80 from external requests (to the public IP) and forwards them to the mail server which has a private IP.

[marcmac]

Add port 7025, so that it can speak to itself via lmtp

[Tarkin]

Ok will do thanks. I was sort of thinking that might be the case, but I couldn't see why it would need to get the external address and I didn't want to open a port unecessarily.

[bobby]

you could set up local dns just for your network and then the server would only talk to itself

and you would only have to open ports on the firewall for whatever access you need, like

25 incoming smtp
443 secure web connection

[Tarkin]

Not a bad thought. I'm actually going to be putting in a dns server as I have another domain that I'm going to host the DNS for. That's a problem though, because I'll need it to give out the public IP. It occurs to me that other people in smaller places may be facing the same problem. Especially in places like Australia where the company that gives out .com.au addresses doesn't also provide DNS services without cost.

Is there a way to tell postfix to use a specific ip in its config files?

Cheers

[marcmac]

disable dns lookups in the mta tab, add the IP to /etc/hosts, and set a relay_host for all outgoing mail.