Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators
Reload this Page imap-proxy and Split DNS problem

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 01-27-2009, 01:12 PM
Intermediate Member
  
Posts: 21
Default imap-proxy and Split DNS problem
Hello,

Seeing an issue with imap-proxy in a Split DNS setup.

Server A: Master LDAP/MTA/mailstore
Server B: LDAP replica/MTA/mailstore/proxy

B is behind firewall, configured with Split DNS. Server A sees B at external IP xx.xx.xx.1 and B seems its IP as 192.168.1.xx. DNS is configured correctly. No, really.

Client connecting to B with mailbox on B (so, to itself) sometimes works and sometimes fails. When it fails, nginx.log on B shows:

[error] 28730#0: *55 recv() failed (110: Connection timed out) while reading response from upstream, client: 192.168.1.xx, server: 0.0.0.0:993, login: "test_user@domain", upstream: xx.xx.xxx.1:7143, [192.168.1.xx:52223-192.168.1.xx:993] <=> [192.168.1.xx:53649-0.0.0.0:0]

Setting client to hit port 7993 (direct to imaps) works correctly.

Why is B trying to proxy to its external IP? I verified via tcpdump that it is trying (and failing).
Reply With Quote
  #2 (permalink)  
Old 02-02-2009, 01:19 PM
Intermediate Member
  
Posts: 21
Default
I believe the problem is DNS resolution is happening at the wrong point, one of the services is doing a lookup on A when the query source is on B.

Setting server A to NOT be a "reverse proxy target" fixes the issue of server B seeing B's external address.

Issue: adding proxy to server A, now that server will try to proxy to B's internal IP.

Any suggestions which piece is doing the wrong thing (resolving hostnames)?
Reply With Quote
  #3 (permalink)  
Old 02-03-2009, 12:15 AM
Active Member
  
Posts: 33
Default
As a temporary solution, try adding the hostnames to /etc/hosts. See if that helps, otherwise (probably off-topic) post your /etc/resolv.conf and perhaps the DNS config.
Reply With Quote
  #4 (permalink)  
Old 02-03-2009, 05:45 AM
Intermediate Member
  
Posts: 21
Default
No, already tried that.

DNS resolution is correct. /etc/hosts is correct.

My guess is whatever is handling "reverse proxy target" lookup is resolving the hostname and returning an IP address instead of returning a hostname.

So, a call for "where is user X mailbox" get's 123.123.123.123:993 instead of serverB:993.
Reply With Quote
  #5 (permalink)  
Old 02-03-2009, 05:50 AM
Active Member
  
Posts: 33
Default
What do you get when you execute:

zimbra:~$ zmlocalconfig | grep 123.123.123.123

?
Reply With Quote
  #6 (permalink)  
Old 02-03-2009, 06:00 AM
Intermediate Member
  
Posts: 21
Default
Nothing, for either the external, internal or server A IP address, on either server.

'zmprov gs' for either server doesn't have any IPs either other than zimbraMtaMyNetworks.
Reply With Quote
  #7 (permalink)  
Old 02-03-2009, 12:14 PM
Active Member
  
Posts: 33
Default
Sorry, I'm a bit out of inspiration... :-(
Reply With Quote
  #8 (permalink)  
Old 02-03-2009, 01:18 PM
Intermediate Member
  
Posts: 21
Default
I understand, was hoping someone with more insight into the internals could address what I'm talking about.

This issue combined with zimbra-proxy not supporting TLS puts me in a bind.
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.