[SOLVED] SECURITY information email

[Cocophone]

I'm getting emails from my zimbra server with the subject SECURITY information

the body of the email says zimbra : unable to resolve host

I'm getting flooded with these emails.

The emails started after a power outage

[phoenix]

I suggest you look in the log files and see what errors there are. Do all the serveices show as running when you do:

Code:

zmcontrol status

[Cocophone]

when I do zmcontrol status

antispam Running
antivirus Running
ldap Running
logger Running
mailbox Running
mta Running
snmp Running
spell Running
stats Running


However, when I use the Browser Administration Console it shows that logger is not running and says,
Server status data is not available. To see server status, logger status must be available.


I have shutdown the server and restarted and I get the same error message.

Which log files would you suggest I look at?

My zimbra server is behind a dsl modem and relays the outgoing email to a mail server run by the DynDNS.com mailhop service. Users can only access it from the internal network. I use getmail to pull incoming mail from yahoo mailboxes.

my resolv.conf file is below...... 10.0.0.2 is a server running windows server 2003 on my local network.

search heckandbarry.local
nameserver 10.0.0.2
nameserver 205.171.2.65

[phoenix]

You need to be able to resolve your internal Zimbra server using DNS with valid A & MX records, check the DNS section of this article. Set your DNS correctly and see ow you get on with that.

You will also need a correct /etc/hosts file, that's also described in the article in the link above.

Sorry, I forgot to give you the link for log file locations earlier: Log Files - Zimbra :: Wiki

[Cocophone]

Thanks.... I read the dns article. On my network the zimbra server is not running bind. I'm using another server running windows server 2003 for the dns server. Is that ok? The windows dns server ip = 10.0.0.2

The zimbra server is mail.heckandbarry.local with ip = 10.0.0.208


When I do nslookup mail.heckandbarry.local

Server: 10.0.0.208
Address: 10.0.0.208#53

Non-authoritative answer:
Name: mail.heckandbarry.local
Address: 10.0.0.208



Is this ok?

[Cocophone]

I believe I got it fixed.

The main error was my /etc/hostname file did not match my /etc/hosts file
I feel like an idiot sometimes.




I'm still getting flood with email sent from zimbra@mail.heckandbarry.local to root@heckandbarry.local

the body of the email says "mail.heckandbarry.local mail : Feb 15 16:04:12 : zimbra : unable to resolve host mail.heckandbarry.local mail"

I read the documents you recommended and I installed bind for the split-dns

Since I already had a server running as a DNS server I set up everything this way.

zimbra ip 10.0.0.208
windows DNS server 10.0.0.2


cat /etc/hosts

Code:

127.0.0.1	localhost.localdomain  localhost
10.0.0.208	mail.heckandbarry.local mail

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

cat /etc/resolv.conf

Code:

nameserver 10.0.0.208

cat /etc/bind/named.conf.options

Code:

options {
	directory "/var/cache/bind";

	// If there is a firewall between you and nameservers you want
	// to talk to, you might need to uncomment the query-source
	// directive below.  Previous versions of BIND always asked
	// questions using port 53, but BIND 8.1 and later use an unprivileged
	// port by default.

	// query-source address * port 53;

	// If your ISP provided one or more IP addresses for stable 
	// nameservers, you probably want to use them as forwarders.  
	// Uncomment the following block, and insert the addresses replacing 
	// the all-0's placeholder.

 forwarders {
 	 10.0.0.2;
	 };

	auth-nxdomain no;    # conform to RFC1035
	listen-on-v6 { any; };
};

cat /etc/bind/named.conf.local

Code:

//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

dig mail.heckandbarry.local

Code:

;<<>> DiG 9.4.2-P2 <<>> mail.heckandbarry.local
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18953
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 13

;; QUESTION SECTION:
;mail.heckandbarry.local.	IN	A

;; ANSWER SECTION:
mail.heckandbarry.local. 1624	IN	A	10.0.0.208

;; AUTHORITY SECTION:
.			69517	IN	NS	b.root-servers.net.
.			69517	IN	NS	j.root-servers.net.
.			69517	IN	NS	i.root-servers.net.
.			69517	IN	NS	f.root-servers.net.
.			69517	IN	NS	c.root-servers.net.
.			69517	IN	NS	a.root-servers.net.
.			69517	IN	NS	h.root-servers.net.
.			69517	IN	NS	k.root-servers.net.
.			69517	IN	NS	m.root-servers.net.
.			69517	IN	NS	l.root-servers.net.
.			69517	IN	NS	d.root-servers.net.
.			69517	IN	NS	e.root-servers.net.
.			69517	IN	NS	g.root-servers.net.

;; ADDITIONAL SECTION:
a.root-servers.net.	69517	IN	A	198.41.0.4
b.root-servers.net.	69517	IN	A	192.228.79.201
c.root-servers.net.	69517	IN	A	192.33.4.12
d.root-servers.net.	69517	IN	A	128.8.10.90
e.root-servers.net.	69517	IN	A	192.203.230.10
f.root-servers.net.	69517	IN	A	192.5.5.241
g.root-servers.net.	69517	IN	A	192.112.36.4
h.root-servers.net.	69517	IN	A	128.63.2.53
i.root-servers.net.	69517	IN	A	192.36.148.17
j.root-servers.net.	69517	IN	A	192.58.128.30
k.root-servers.net.	69517	IN	A	193.0.14.129
l.root-servers.net.	69517	IN	A	199.7.83.42
m.root-servers.net.	69517	IN	A	202.12.27.33

;; Query time: 0 msec
;; SERVER: 10.0.0.208#53(10.0.0.208)
;; WHEN: Sun Feb 15 15:52:16 2009
;; MSG SIZE  rcvd: 476

dig mail.heckandbarry.local mx

Code:

; <<>> DiG 9.4.2-P2 <<>> mail.heckandbarry.local mx
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45898
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 14

;; QUESTION SECTION:
;mail.heckandbarry.local.	IN	MX

;; ANSWER SECTION:
mail.heckandbarry.local. 1449	IN	MX	10 mail.heckandbarry.local.

;; AUTHORITY SECTION:
.			69342	IN	NS	d.root-servers.net.
.			69342	IN	NS	b.root-servers.net.
.			69342	IN	NS	f.root-servers.net.
.			69342	IN	NS	l.root-servers.net.
.			69342	IN	NS	j.root-servers.net.
.			69342	IN	NS	e.root-servers.net.
.			69342	IN	NS	h.root-servers.net.
.			69342	IN	NS	a.root-servers.net.
.			69342	IN	NS	g.root-servers.net.
.			69342	IN	NS	i.root-servers.net.
.			69342	IN	NS	c.root-servers.net.
.			69342	IN	NS	m.root-servers.net.
.			69342	IN	NS	k.root-servers.net.

;; ADDITIONAL SECTION:
mail.heckandbarry.local. 1449	IN	A	10.0.0.208
a.root-servers.net.	69342	IN	A	198.41.0.4
b.root-servers.net.	69342	IN	A	192.228.79.201
c.root-servers.net.	69342	IN	A	192.33.4.12
d.root-servers.net.	69342	IN	A	128.8.10.90
e.root-servers.net.	69342	IN	A	192.203.230.10
f.root-servers.net.	69342	IN	A	192.5.5.241
g.root-servers.net.	69342	IN	A	192.112.36.4
h.root-servers.net.	69342	IN	A	128.63.2.53
i.root-servers.net.	69342	IN	A	192.36.148.17
j.root-servers.net.	69342	IN	A	192.58.128.30
k.root-servers.net.	69342	IN	A	193.0.14.129
l.root-servers.net.	69342	IN	A	199.7.83.42
m.root-servers.net.	69342	IN	A	202.12.27.33

;; Query time: 0 msec
;; SERVER: 10.0.0.208#53(10.0.0.208)
;; WHEN: Sun Feb 15 15:55:11 2009
;; MSG SIZE  rcvd: 492

host `hostname`

Code:

Using domain server:
Name: mail
Address: 10.0.0.208#53
Aliases: 

mail.heckandbarry.local has address 10.0.0.208
mail.heckandbarry.local mail is handled by 10 mail.heckandbarry.local.

[phoenix]

You should add the following to your /etc/resolv.conf file:

Code:

search heckandbarry.local

You have created DNS records for the FQDN of your server when they should be for the your domain name i.e.

Code:

dig mail.heckandbarry.local mx

should be 

dig heckandbarry.local mx

fix the DNS and your errors should go away.

[Cocophone]

Thanks for the help...

I fixed the DNS as you suggested. At first it still wasn't working because of a permission error on my db.heckandbarry.local file. Once I fixed that it all started working.