[SOLVED] Unable to send after mode change

[dkbk]

Hi

I just changed my setup from http to https mode but I'm now unable to send e-mails.

I've tried the steps in the wiki there : SMTP Auth Problems - Zimbra :: Wiki without it solving my issues.

The zmprov getServer XXX | grep Auth command yields this output :
zimbraMtaAuthEnabled: TRUE
zimbraMtaAuthHost: mailserver.DOMAIN.TLS
zimbraMtaAuthTarget: TRUE
zimbraMtaAuthURL: https://mailserver.DOMAIN.TLS:443/service/soap/
zimbraMtaTlsAuthOnly: TRUE

Here is the error message when I attempt to send an e-mail to myself for testing purposes using the webmail interface (the zdesktop client is not working either) :

msg: system failure: MessagingException
code: service.FAILURE
method: SendMsgRequest
detail: soap:Receiver
trace: btpool0-12:1247426662423:d8890f854c695767
request: Body: { SendMsgRequest: { _jsns: "urn:zimbraMail", m: { e: { 0: { a: "USER@DOMAIN.TLS", p: "NAME", t: "t" }, 1: { a: "USER@DOMAIN.TLS", p: "NAME", t: "f" } }, idnt: "88308096-36b3-4714-b18b-3db0bac62621", mp: { 0: { ct: "multipart/alternative", mp: { 0: { content: { _content: "test " }, ct: "text/plain" }, 1: { content: { _content: "<html><head><style type='text/css'>p { margin: 0; }</style></head><body><div style='font-family: Times New Roman; font-size: 12pt; color: #000000'>test<br></div></body></html>" }, ct: "text/html" } } } }, su: { _content: "test" } }, suid: 1247426662096 } }, Header: { context: { _jsns: "urn:zimbra", account: { _content: "USER@DOMAIN.TLS", by: "name" }, authToken: "(removed)", format: { type: "js" }, notify: { seq: 2 }, sessionId: { _content: 14, id: 14 }, userAgent: { name: "ZimbraWebClient - FF3.0 (Linux)", version: "5.0.16_GA_2921.RHEL5" } } }

Any help you be appreciated.

PS : Here is some extra info about my setup :

- I use the latest ZCS version on Centos 5.3.
- I use a split DNS with bind as my server is on dynamic IP (I use dyndns for external access). The mailserver.DOMAIN.TLS adress is NOT accessible outside of the system which is why I use bind. I assume the webserver tries to send it from its own MTA so uses bind to resolve to itself as every other server service successfully does ?
- Since I use bind, my port 443 on my router still points to my non-zimbra server. Changing the port to direct to the zimbra server as quick a test did not get this working (its now back to pointing to the old server as https access for it is needed until I decommission the old server to replace it with Zimbra).

[phoenix]

Did you restart the Zimbra services?

[dkbk]

Thanks for your reply.

And yes, I did restart the server since making those changes (hence restarting the services).

PS : If that makes any difference, I should also point out that I do receive the admin notices in the admin mailbox (such as services started notices).

[phoenix]

Are you sure your DNS is OK? Post the outputr of the following commands (run on the zimbra server):

Code:

cat /etc/hosts
cat /etc/resolv.conf
dig yourdomain.com any
dig yourdomain.com mx
host `hostname`  <-- us ethat exact command with backticks not single quotes

zmprov gs `zmhostname` | grep -i smtphost

[dkbk]

Here is the hosts output :

Code:

# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1       localhost.localdomain localhost
::1             localhost6.localdomain6 localhost6
192.168.10.11   mailserver.DOMAIN.TLS    mailserver
192.168.10.11   mailserver.DOMAIN.TLS    DOMAIN.TLS

Here is the resolv.conf output :

Code:

search DOMAIN.TLS
nameserver 192.168.10.11

The any dig output :

Code:

; <<>> DiG 9.3.4-P1 <<>> DOMAIN.TLS any
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34216
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
;DOMAIN.TLS.                     IN      ANY

;; ANSWER SECTION:
DOMAIN.TLS.              86400   IN      SOA     DOMAIN.TLS. mailserver.DOMAIN.TLS. 42 10800 900 604800 86400
DOMAIN.TLS.              86400   IN      NS      mailserver.DOMAIN.TLS.
DOMAIN.TLS.              86400   IN      MX      10 DOMAIN.TLS.
DOMAIN.TLS.              86400   IN      A       192.168.10.11

;; ADDITIONAL SECTION:
mailserver.DOMAIN.TLS.   86400   IN      A       192.168.10.11
DOMAIN.TLS.              86400   IN      A       192.168.10.11

;; Query time: 1 msec
;; SERVER: 192.168.10.11#53(192.168.10.11)
;; WHEN: Sun Jul 12 16:22:53 2009
;; MSG SIZE  rcvd: 152

Here is the mx dig output :

Code:

; <<>> DiG 9.3.4-P1 <<>> DOMAIN.TLS mx
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37230
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; QUESTION SECTION:
;DOMAIN.TLS.                     IN      MX

;; ANSWER SECTION:
DOMAIN.TLS.              86400   IN      MX      10 DOMAIN.TLS.

;; AUTHORITY SECTION:
DOMAIN.TLS.              86400   IN      NS      mailserver.DOMAIN.TLS.

;; ADDITIONAL SECTION:
DOMAIN.TLS.              86400   IN      A       192.168.10.11
mailserver.DOMAIN.TLS.   86400   IN      A       192.168.10.11

;; Query time: 1 msec
;; SERVER: 192.168.10.11#53(192.168.10.11)
;; WHEN: Sun Jul 12 16:25:42 2009
;; MSG SIZE  rcvd: 100

Here is the `hostname` output :

Code:

mailserver.DOMAIN.TLS has address 192.168.10.11

Here is the zmprov output :

Code:

zimbraSmtpHostname: mailserver.DOMAIN.TLS

Everything appears normal to me.

[uxbod]

Well your /etc/hosts looks wrong to me .. It should be

Code:

# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1       localhost.localdomain localhost
::1             localhost6.localdomain6 localhost6
192.168.10.11   mailserver.DOMAIN.TLS    mailserver

Why did you add a second entry for the IP that pointed to just your domain ? And why do you have the MX record pointing at DOMAIN.TLS when it should be going to mailserver.DOMAIN.TLS

[dkbk]

Quote:

Originally Posted by uxbod

Well your /etc/hosts looks wrong to me .. It should be

Code:

# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1       localhost.localdomain localhost
::1             localhost6.localdomain6 localhost6
192.168.10.11   mailserver.DOMAIN.TLS    mailserver

Why did you add a second entry for the IP that pointed to just your domain ? And why do you have the MX record pointing at DOMAIN.TLS when it should be going to mailserver.DOMAIN.TLS

Hi. Thanks for the reply.

I was actually following a zimbra split dns guide that suggested doing so to have the user@domain.tls e-mail format and not user@mailserver.domain.tls. I used many different guide to set up the split dns properly but I think it might even be the one residing on the zimbra wiki that suggested this solution. While its definately not the standard way of doing it (the standard would probably be to just edit the domain name in initial config) its been working great so far. As for the hosts file config, that was a custom modification to add the domain name to the machine as well as I was under the impression the hosts file's function was to give shortened names to the the host system so it can redirect to itself when needed ? As such can't it bear multiple names ?

I certainly don't mind doing the appropriate changes if needed, but since this setup was working internally before changing the mode to https (so when using http), wouldn't that be an indication the issue lies elsewhere ? If further evidence points to there being a hosts/bind issue, I'll take the corrective measures so set it up in a standard way (ie: change the mx record to the fqdn name of the machine, modify the hosts file, etc.). I would however like to make sure you believe its the culprit for the situation.

Thank you.

[phoenix]

The comments by Uxbod about your hosts confirm why you're getting the error message as your current settings leave you with no MX record for the domain. I don't know if you changed it for posting in the forums but this DOMAIN.TLS should be in lower case as domain.tls

[phoenix]

If you think there's an error in the wiki article please point out which article it's in and where on the page the error is located.

[dkbk]

Yes, I did change it.

I will make the appropriate changes tomorrow or Thursday as I'm travelling and report back on the results.

Thanks on the feedback so far.