| Welcome to the Zimbra :: Forums! | |
Welcome, if you would like to post a comment please register.
We also encourage you to explore all things Zimbra with our team and members of the community.
|
 | | 
05-05-2010, 07:12 AM
| | Intermediate Member | |
Posts: 15
| |  [SOLVED] Configuring Trusted Networks
Hello all,
I am a new Zimbra user and have set up version 6.0.6 GA of the Open Source Edition of the Zimbra Collaboration Suite on my CentOS 5.4 machine.
Everything seems to be working fine except when I attempt to send mail from my installation to an external domain, such as to an account at cscsd.org (the high school that I attend).
Every time I try to send am e-mail to a remote host I get a message about a rejected address. I have read elsewhere on these forums that this is due to a misconfigured "mynetworks" parameter in te Zimbra MTA.
All of the other solutions I have read have told me to add remote hosts manually by entering in their IP address. However, I plan to be sending e-mails probably to a lot of remote hosts as I am using this Zimbra installation for the staff and clients of my company.
Therefore, since I do not want to add remote hosts by hand, is there a way that I can set up Zimbra so that it does not ch3eck trusted networks? In other words, can I set Zimbra to allow sending to all hosts?
Thanks in advance for any assistance provided!  |
05-05-2010, 09:32 AM
| | Zimbra Consultant & Moderator | |
Posts: 20,313
| |
The 'Trusted Networks' is not the networks you send to but the Trusted Network that you can send from i.e. your LAN. You need to post some information from the log files with the exact error messages in it.
I assume this server is behind a NAT router, did you set-up a Split DNS on your system?
__________________
Regards
Bill
|
05-05-2010, 01:36 PM
| | Intermediate Member | |
Posts: 15
| | RE: Configuring Trusted Networks
I am indeed running on a home router with port forwarding set up. I've forwarded all of the necessary Zimbra ports to the CentOS machine on my LAN, and have also set aside a DHCP reservation for the machine's IP address so that it never gets assigned a new one and always remains at 192.168.0.124.
I took a look at the /var/log/zimbra.log file to see if I could find an entry with the error I was getting and found several entries that correspond to the problem.
Because I am unsure as to whether forum users are allowed to post log file output in their messages, the few lines from the /var/log/zimbra.log file that correspond to the error can be found here (direct link): http://tmp.bladescape.com/logs/zimbra-stripped.log
Finally, as for the Split DNS thing, I already have BIND 9.3 running on my CentOS machine which serves as my domain's DNS server. I have my MX records set up correctly, using one record for mail.bladescape.com that points to an A record of the same address which points to my external IP, 64.185.145.24. I never configured BIND through the command line though; I always used a Web-based server management solution called Webmin.
So, since I have BIND, do I still need to set up Split DNS, and if so how would I do that from within Webmin? (I'm OK with working at the command line but don't know how to use BIND from there.)
By the way, I've also discovered that I can't receive e-mail at my domain either. Several people have told me they have sent me e-mails but after checking in the Zimbra Web client and in Microsoft Outlook I don't get them. I have no idea if this is related to this same issue or not.
Thanks again for any assistance provided! |
05-05-2010, 04:44 PM
| | |
You must set another bind server only for zimbra that use local addresses
ex. Code:
@ IN MX 10 mail.bladescape.com.
@ IN A 192.168.0.124
mail IN A 192.168.0.124 don't forget the NS entry (i think it will be the same zimbra server) |
05-05-2010, 05:12 PM
| | Intermediate Member | |
Posts: 15
| | RE: Configuring Trusted Networks
Quote:
Originally Posted by owl700  You must set another bind server only for zimbra that use local addresses
ex. Code:
@ IN MX 10 mail.bladescape.com.
@ IN A 192.168.0.124
mail IN A 192.168.0.124 don't forget the NS entry (i think it will be the same zimbra server) | How would I do this from within Webmin? I have never edited BIND configuration and zone files manually, but have always gone through the Webmin Web-based server management interface to set up and configure DNS zones. |
05-06-2010, 12:12 AM
| | Zimbra Consultant & Moderator | |
Posts: 20,313
| |
Quote:
Originally Posted by lmerrill How would I do this from within Webmin? I have never edited BIND configuration and zone files manually, but have always gone through the Webmin Web-based server management interface to set up and configure DNS zones. | If you're going to set-up a new DNS server on your ZImbra server then just add the records mentioned in the SPlit DNS article via the webmin interface. If you want to use your current DNS server then add them into that server.
Just for confirmation let's have a look at your current set-up. Post the output of the following commands (run on the zimbra server): Code: cat /etc/hosts
cat /etc/resolv.conf
dig yourdomain.com mx
dig yourdomain.com any
host `hostname` <- use that exact command with backticks not single quotes
__________________
Regards
Bill
|
05-06-2010, 05:51 AM
| | Intermediate Member | |
Posts: 15
| | RE: Configuring Trusted Networks
Quote:
Originally Posted by phoenix If you're going to set-up a new DNS server on your ZImbra server then just add the records mentioned in the SPlit DNS article via the webmin interface. If you want to use your current DNS server then add them into that server.
Just for confirmation let's have a look at your current set-up. Post the output of the following commands (run on the zimbra server): Code: cat /etc/hosts
cat /etc/resolv.conf
dig yourdomain.com mx
dig yourdomain.com any
host `hostname` <- use that exact command with backticks not single quotes | Here is the output from the given commands as requested: Code: > cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
192.168.0.124 ms1c.bladescape.com ms1c Code: > cat /etc/resolv.conf
; generated by /sbin/dhclient-script
search earthlink.net
nameserver 192.168.0.1 Code: > dig bladescape.com mx
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> bladescape.com mx
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59553
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;bladescape.com. IN MX
;; ANSWER SECTION:
bladescape.com. 38400 IN MX 10 mail.bladescape.com.
;; Query time: 286 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Thu May 6 08:39:37 2010
;; MSG SIZE rcvd: 53 Code: > dig bladescape.com any
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> bladescape.com any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18994
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;bladescape.com. IN ANY
;; ANSWER SECTION:
bladescape.com. 38400 IN SOA ns1.bladescape.com. support.bladescape.com. 1268175620 10800 3600 604800 38400
bladescape.com. 38400 IN NS ns2.bladescape.com.
bladescape.com. 38400 IN NS ns1.bladescape.com.
bladescape.com. 38400 IN MX 10 mail.bladescape.com.
bladescape.com. 38400 IN A 64.185.145.24
;; Query time: 171 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Thu May 6 08:41:55 2010
;; MSG SIZE rcvd: 149 Code: > host `ms1c.bladescape.com`
bash: ms1c.bladescape.com: command not found
Usage: host [-aCdlriTwv] [-c class] [-N ndots] [-t type] [-W time]
[-R number] hostname [server]
-a is equivalent to -v -t *
-c specifies query class for non-IN data
-C compares SOA records on authoritative nameservers
-d is equivalent to -v
-l lists all hosts in a domain, using AXFR
-i IP6.INT reverse lookups
-N changes the number of dots allowed before root lookup is done
-r disables recursive processing
-R specifies number of retries for UDP packets
-t specifies the query type
-T enables TCP/IP mode
-v enables verbose output
-w specifies to wait forever for a reply
-W specifies how long to wait for a reply
-4 use IPv4 query transport only
-6 use IPv6 query transport only
-s a SERVFAIL response should stop query I hope this helps; I still don't know how to add the above DNS records (also shown below for reference) to my existing bladescape.com DNS zone through Webmin though. I mean I don't know how to translate those records into what I need to enter into the different fields in Webmin like A records, NS records, MX records, etc.
Right now, in Webmin, I have one MX record with the "name" being "bladescape.com" and the "address" being "mail.bladescape.com"; I also have an A record set up with the "name" being "mail.bladescape.com" and the "address" being "64.185.145.24"; finally I also have two NS records set to ns1.bladescape.com and ns2.bladescape.com which both have A records pointing to the same IP address - my external IP of 64.185.145.24.
Hope this helps! |
05-06-2010, 06:23 AM
| | Zimbra Consultant & Moderator | |
Posts: 20,313
| |
The problem with those records is the fact you have the public IP address in your DNS A record, it should be the LAN IP of your Zimbra server - you need to modify it.
I asked you to run this command: You need to run it exactly as you see it there, do not modify it in any way, do not add your host name or do anything at all to it. 
__________________
Regards
Bill
|
05-06-2010, 06:54 AM
| | Intermediate Member | |
Posts: 15
| | RE: Configuring Trusted Networks
Quote:
Originally Posted by phoenix The problem with those records is the fact you have the public IP address in your DNS A record, it should be the LAN IP of your Zimbra server - you need to modify it.
I asked you to run this command: You need to run it exactly as you see it there, do not modify it in any way, do not add your host name or do anything at all to it. | Oh, sorry about that. I thought you wanted me to replace the "hostname" part of the command with my system's actual hostname.
I updated the A record in Webmin for mail.bladescape.com with my internal LAN IPO address instead of my router's external IP address as you instructed, and then I saved the BIND zone and configuration data. I then tried sending another e-mail with Zimbra and get the same error message as I originally started with. Is there something else I bneed to do to solve this problem?
Also, here is the output from the command, this time entered correctly: Code: > host `hostname`
ms1c.bladescape.com has address 64.185.145.24 Hope this helps,
-Logan |
05-07-2010, 01:36 AM
| | Zimbra Consultant & Moderator | |
Posts: 20,313
| |
Quote:
Originally Posted by lmerrill Oh, sorry about that. I thought you wanted me to replace the "hostname" part of the command with my system's actual hostname. | It's no problem.  Quote:
Originally Posted by lmerrill Also, here is the output from the command, this time entered correctly: Code: > host `hostname`
ms1c.bladescape.com has address 64.185.145.24 | Can I assume you only still have one DNS server on your LAN? If that's the case then the output above shows that it's still not picking up the correct IP address. Have you disabled the firewall and SElinux on your Zimbra server? Run the commands above (on the Zimbra server) and check the output is correct, you can post it here if you like.
__________________
Regards
Bill
| | Thread Tools | Search this Thread | | | | | Display Modes |  Linear Mode | | Why Join? Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.   |
Bugzilla
Wiki
Source
