Not receiving from given domain

[jrefl5]

Trying to understan what is going inorder to clean up.

When we have zimbraMtaRestrictions set to:
reject_invalid_hostname
reject_non_fqdn_hostname
reject_non_fqdn_sender
reject_unknown_client
reject_unknown_hostname
reject_unknown_sender

e-mail from "anyone@somedepartment.tldomain" gets rejected.

when zimbraMtaRestrictions is set to:
reject_non_fqdn_hostname
reject_non_fqdn_sender

The e-mail is accepted and passed on to recievers mailbox.

I'm trying to understan why gmail, yahoo, cox and other e-mail addresses work fine, but this one fails to pass through the filters

Attached is the somewhat edited host, and dig request for the servers in question.

Any help appearcited

[bonadio]

This is probably because the machine (client) where you are sending
the message dont have a DNS host name correctly configured.

so postfix may be rejecting because the
reject_unknown_client
reject_unknown_hostname

[]s

[jrefl5]

bonadio,
I have looked through the dig responses that I attached and I don't see where the problem is. If it is the sending servers dns entries are the problem then if I can explain the error to their personnel I can get it fixed.
I don't wish to cause any bad feelings on the other end as I may be working for them soon and its an MS shop.

[Bill Brock]

try doing a reverse DNS lookup on the mail server.

I use a tool called netscan tools to query DNS for domains.

The rejected server probably has a problem with their DNS entries. Either MX is wrong or A record is wrong. I see this ever so often. A lot of folks think setting up a mail server is a walk in the park and don't learn the proper way to do it.

If this is the case and the mail admin is reasonable, he should appreciate your input.

[jrefl5]

Quote:

Originally Posted by Bill Brock

try doing a reverse DNS lookup on the mail server.

I use a tool called netscan tools to query DNS for domains.

The rejected server probably has a problem with their DNS entries. Either MX is wrong or A record is wrong. I see this ever so often. A lot of folks think setting up a mail server is a walk in the park and don't learn the proper way to do it.

If this is the case and the mail admin is reasonable, he should appreciate your input.

I have run reverse DNS using for both the sending server, and receiving server's IP both look very much the same, not surprising as both are in the same subnets of the same organization. Both resolve to the owning orgs NameServers.

What DNS records does zimbra use when validating sender address?
Can I whitelist a domain to allow it through but still have it processed by spamassin and clamav?

[Bill Brock]

How about MX records? Are they setup properly in the DNS server?

If both servers are on the same subnet their shouldn't be a problem. By default, Zimbra puts the subnet of the server in the trusted networks which you can check in the Admin GUI.

[Bill Brock]

Is "somedepartment.tldomain" a valid domain. ie. is there a zone file setup on the DNS server you are using for this domain?

[jrefl5]

Bill, thanks I just got back into the office this AM.

Quote:

How about MX records? Are they setup properly in the DNS server?

If both servers are on the same subnet their shouldn't be a problem. By default, Zimbra puts the subnet of the server in the trusted networks which you can check in the Admin GUI.

They are both on the same class b network. The zimbra server is behind a firewall that is doing nat to a 10.x.y.z address on our DMZ.
I think that the sender has something "not quite right" in their DNS setup I just don't know DNS and zimbra well enough to figure out why the rejects occure.

Quote:

Originally Posted by Bill Brock

Is "somedepartment.tldomain" a valid domain. ie. is there a zone file setup on the DNS server you are using for this domain?

Yes, I have change both xxx.yyy form there actual values to somedepartment and tldomain. they both have MX records in DNS.

James

[Bill Brock]

I know when behind a NAT firewall there is something called split-DNS that has to be enabled. I haven't had to use it because my servers have public IP's. Do a search for split DNS and see if that returns anything.

[phoenix]

Split DNS - Zimbra :: Wiki