Strange Mail Transport Unavailable error on reboot

[zwvpadmin]

Ubuntu 8.04 LTS with 6.0.4 GA Open Source install of Zimbra. Largely stable and usually very few problems (the zimbra team really are rockstars IMO).

But I'm having kind of a weird issue. I think it might be DNS related, but can't seem to narrow it down. Here's the details:

Topology:

Internet
Router - 192.168.0.0
192.168.200.2 - Barracuda (in/out hybrid - passes all incoming mail to Zimbra)
192.168.1.7 - Zimbra server (passes all outgoing mail back to Barracuda MTA)

This all works normally, but whenever I reboot all mail starts going into the deferred queue with the "Mail Transport Unavailable" error.

after reading through various other similar posts I haven't found an exact match to my problem. Here is the typical information requested from other cases on these forums:

cat /etc/hosts

Code:

127.0.0.1       localhost.localdomain   localhost
127.0.0.1       mail.vpsupply.com       mail
192.168.200.2   barracuda.vpsupply.com  barracuda

cat /etc/resolv.conf

Code:

search corp.vpsupply.com
nameserver 192.168.1.10
nameserver 192.168.1.24

**I should note here that all other DNS names on our network have "corp." in from of our domain. The mail server does not intentionally so that it can interface with our website on the back-end more easily.

dig vpsupply.com mx

Code:

; <<>> DiG 9.4.2-P2.1 <<>> vpsupply.com mx
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13487
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;vpsupply.com.                  IN      MX

;; AUTHORITY SECTION:
vpsupply.com.           3600    IN      SOA     vp_supply.corp.vpsupply.com. hostmaster.corp.vpsupply.com. 14 900 600 86400 3600

;; Query time: 0 msec
;; SERVER: 192.168.1.10#53(192.168.1.10)
;; WHEN: Tue Feb 23 11:42:20 2010
;; MSG SIZE  rcvd: 92

dig vpsupply.com any

Code:

; <<>> DiG 9.4.2-P2.1 <<>> vpsupply.com any
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62058
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
;vpsupply.com.                  IN      ANY

;; ANSWER SECTION:
vpsupply.com.           3600    IN      NS      vp_supply.corp.vpsupply.com.
vpsupply.com.           3600    IN      NS      capitol.corp.vpsupply.com.
vpsupply.com.           3600    IN      SOA     vp_supply.corp.vpsupply.com. hostmaster.corp.vpsupply.com. 14 900 600 86400 3600

;; ADDITIONAL SECTION:
vp_supply.corp.vpsupply.com. 3600 IN    A       192.168.1.10
capitol.corp.vpsupply.com. 3600 IN      A       192.168.1.24

;; Query time: 0 msec
;; SERVER: 192.168.1.10#53(192.168.1.10)
;; WHEN: Tue Feb 23 11:42:55 2010
;; MSG SIZE  rcvd: 160

host `hostname`

Code:

mail.vpsupply.com has address 192.168.1.7

In order to fix this, I typically have to reboot my Barracuda, then go into the zimbra admin panel under servers>mail.vpsupply.com select the MTA tab, and under "relay MTA for external delivery" switch between "barracuda.corp.vpsupply.com" and "192.168.200.2"

It seems silly, but after doing that toggle, then a "zmcontrol stop/start" the queue flushes.

Like I said, I'm suspecting DNS issues, but then why would it work toggeling from the IP to the DNS name, and not ONLY work with the IP??

I'd like to solve this permanently so that I can work in an auto restart to our monthly maintenance for fsck's.

[uxbod]

A couple of things:

1. /etc/hosts is completely wrong and should look like

Code:

127.0.0.1       localhost.localdomain   localhost
192.168.1.7       mail.vpsupply.com       mail
192.168.200.2   barracuda.vpsupply.com  barracuda

2. You need to define a MX for your domain that points to your Zimbra server.

[zwvpadmin]

actually, that is how my hosts file was originally, and another one of your employees was kind enough to help out the very first time I had the problem. He recommended that change. I can easily change it back.

I noticed after posting that the internal DNS does not reflect our registrar's DNS (Dreamhost).

mail.vpsupply.com. 14339 IN A 64.128.166.94

mail.vpsupply.com. 14400 IN MX 10 mail.vpsupply.com.

I'm not sure if I need to replicate that internally or not. I have a fairly firm grasp on how DNS works, but in specific cases like this it gets a bit fuzzy for me. I assumed that requests for FQDN's go up to the chain to our registrar if not responded to, and ultimately will yield the same response. Perhaps I was wrong.

[uxbod]

and another one of your employees

I am not a employee; just a community volunteer

[uxbod]

As you are on a private IP range you will need to run a split DNS. I see from /etc/resolv.conf you are resolving internally anyway so add the MX to your internal DNS and ensure a A record is present as well.

[zwvpadmin]

Thats not the first time I've heard the "split DNS" config referred to. Is there a tutorial on that setup?

The forward and reverse records have always been in place. There is however not an MX record in place internally. I can add one.

[uxbod]

Split DNS - Zimbra :: Wiki

Main issue I see is the hosts file.

[zwvpadmin]

One more clarification question. In this example because of the Barracuda being on a seperate subnet (due to sandboxing) should the MX record be for the zimbra server itself, or for the barracuda which acts as an MTA relay? This is where it gets confusing for me.

[uxbod]

Would you wish internal email to go through the Barracuda or directly to the Zimbra server ?

[zwvpadmin]

all internal mail goes through the Barracuda for logging purposes - company policy from above. This definitely complicates the config. From the instructions given in the wiki, i'm not sure following that to the letter will resolve the issue.

As I see it, the problem arises in zimbra's ability to "find" the barracuda as the MTA. whether that be by IP or whether that be by name.