Firstly, can I just say that Zimbra is excellent, and I've got it up and running and sending and receiving mail... so why am I posting this thread? Well, I suspect the way I've set it up is a bit of a kludge... it doesn't seem particularly ellegant to me anyway. I've looked at other threads and some are similar, but not exactly this scenario.
I, like most people, have set up the Zimbra server behind a firewall in a DMZ. The server has got an internal address of 10.0.1.192 and the zone file looks like:
127.0.0.1 localhost.localdomain localhost
10.0.1.192 zimbra.ourdomain.net zimbra
Now, we have only one set of DNS servers, which are used for resolution by the outside world (we have delegation for a number of domains) and also the servers in the DMZ. I added the entry for zimbra.ourdomain.net in our zone file and pointed the MX and above A record to the external IP address, which is in turn NAT'ed by our firewall to point to 10.0.1.192.
Using this method, I can only receive mails when DNS lookups are switched off, but can only send when DNS lookups are switched on.
So, I added another A record and MX record in the zone file for zimbra-ext.ourdomain.net pointing to the external IP address and changed zimbra.ourdomain.net record in the zone file to point to the internal address (10.0.1.192). This all works, but it doesn't seem great.
So my question is, other than having internal and external DNS servers and/or using a relay MTA, is there any other way of solving this problem?