Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: [SOLVED] Configuring Trusted Networks

  1. #1
    lmerrill is offline Intermediate Member
    Join Date
    May 2010
    Location
    Southern Tier New York, USA
    Posts
    15
    Rep Power
    5

    Question [SOLVED] Configuring Trusted Networks

    Hello all,

    I am a new Zimbra user and have set up version 6.0.6 GA of the Open Source Edition of the Zimbra Collaboration Suite on my CentOS 5.4 machine.

    Everything seems to be working fine except when I attempt to send mail from my installation to an external domain, such as to an account at cscsd.org (the high school that I attend).

    Every time I try to send am e-mail to a remote host I get a message about a rejected address. I have read elsewhere on these forums that this is due to a misconfigured "mynetworks" parameter in te Zimbra MTA.

    All of the other solutions I have read have told me to add remote hosts manually by entering in their IP address. However, I plan to be sending e-mails probably to a lot of remote hosts as I am using this Zimbra installation for the staff and clients of my company.

    Therefore, since I do not want to add remote hosts by hand, is there a way that I can set up Zimbra so that it does not ch3eck trusted networks? In other words, can I set Zimbra to allow sending to all hosts?

    Thanks in advance for any assistance provided!

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,470
    Rep Power
    56

    Default

    The 'Trusted Networks' is not the networks you send to but the Trusted Network that you can send from i.e. your LAN. You need to post some information from the log files with the exact error messages in it.

    I assume this server is behind a NAT router, did you set-up a Split DNS on your system?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    lmerrill is offline Intermediate Member
    Join Date
    May 2010
    Location
    Southern Tier New York, USA
    Posts
    15
    Rep Power
    5

    Question RE: Configuring Trusted Networks

    I am indeed running on a home router with port forwarding set up. I've forwarded all of the necessary Zimbra ports to the CentOS machine on my LAN, and have also set aside a DHCP reservation for the machine's IP address so that it never gets assigned a new one and always remains at 192.168.0.124.

    I took a look at the /var/log/zimbra.log file to see if I could find an entry with the error I was getting and found several entries that correspond to the problem.

    Because I am unsure as to whether forum users are allowed to post log file output in their messages, the few lines from the /var/log/zimbra.log file that correspond to the error can be found here (direct link):

    http://tmp.bladescape.com/logs/zimbra-stripped.log

    Finally, as for the Split DNS thing, I already have BIND 9.3 running on my CentOS machine which serves as my domain's DNS server. I have my MX records set up correctly, using one record for mail.bladescape.com that points to an A record of the same address which points to my external IP, 64.185.145.24. I never configured BIND through the command line though; I always used a Web-based server management solution called Webmin.

    So, since I have BIND, do I still need to set up Split DNS, and if so how would I do that from within Webmin? (I'm OK with working at the command line but don't know how to use BIND from there.)

    By the way, I've also discovered that I can't receive e-mail at my domain either. Several people have told me they have sent me e-mails but after checking in the Zimbra Web client and in Microsoft Outlook I don't get them. I have no idea if this is related to this same issue or not.

    Thanks again for any assistance provided!

  4. #4
    owl700 is offline Active Member
    Join Date
    Aug 2007
    Posts
    42
    Rep Power
    7

    Default

    You must set another bind server only for zimbra that use local addresses

    ex.

    Code:
    @     IN  MX 10  mail.bladescape.com.
    @     IN  A      192.168.0.124
    mail  IN  A      192.168.0.124
    don't forget the NS entry (i think it will be the same zimbra server)

  5. #5
    lmerrill is offline Intermediate Member
    Join Date
    May 2010
    Location
    Southern Tier New York, USA
    Posts
    15
    Rep Power
    5

    Question RE: Configuring Trusted Networks

    Quote Originally Posted by owl700 View Post
    You must set another bind server only for zimbra that use local addresses

    ex.

    Code:
    @     IN  MX 10  mail.bladescape.com.
    @     IN  A      192.168.0.124
    mail  IN  A      192.168.0.124
    don't forget the NS entry (i think it will be the same zimbra server)
    How would I do this from within Webmin? I have never edited BIND configuration and zone files manually, but have always gone through the Webmin Web-based server management interface to set up and configure DNS zones.

  6. #6
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,470
    Rep Power
    56

    Default

    Quote Originally Posted by lmerrill View Post
    How would I do this from within Webmin? I have never edited BIND configuration and zone files manually, but have always gone through the Webmin Web-based server management interface to set up and configure DNS zones.
    If you're going to set-up a new DNS server on your ZImbra server then just add the records mentioned in the SPlit DNS article via the webmin interface. If you want to use your current DNS server then add them into that server.

    Just for confirmation let's have a look at your current set-up. Post the output of the following commands (run on the zimbra server):

    Code:
    cat /etc/hosts
    cat /etc/resolv.conf
    dig yourdomain.com mx
    dig yourdomain.com any
    host `hostname` <- use that exact command with backticks not single quotes
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  7. #7
    lmerrill is offline Intermediate Member
    Join Date
    May 2010
    Location
    Southern Tier New York, USA
    Posts
    15
    Rep Power
    5

    Question RE: Configuring Trusted Networks

    Quote Originally Posted by phoenix View Post
    If you're going to set-up a new DNS server on your ZImbra server then just add the records mentioned in the SPlit DNS article via the webmin interface. If you want to use your current DNS server then add them into that server.

    Just for confirmation let's have a look at your current set-up. Post the output of the following commands (run on the zimbra server):

    Code:
    cat /etc/hosts
    cat /etc/resolv.conf
    dig yourdomain.com mx
    dig yourdomain.com any
    host `hostname` <- use that exact command with backticks not single quotes
    Here is the output from the given commands as requested:

    Code:
    > cat /etc/hosts
    # Do not remove the following line, or various programs
    # that require network functionality will fail.
    127.0.0.1		localhost.localdomain localhost
    192.168.0.124	ms1c.bladescape.com	ms1c
    Code:
    > cat /etc/resolv.conf
    ; generated by /sbin/dhclient-script
    search earthlink.net
    nameserver 192.168.0.1
    Code:
    > dig bladescape.com mx
    
    ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> bladescape.com mx
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59553
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;bladescape.com.			IN	MX
    
    ;; ANSWER SECTION:
    bladescape.com.		38400	IN	MX	10 mail.bladescape.com.
    
    ;; Query time: 286 msec
    ;; SERVER: 192.168.0.1#53(192.168.0.1)
    ;; WHEN: Thu May  6 08:39:37 2010
    ;; MSG SIZE  rcvd: 53
    Code:
    > dig bladescape.com any
    
    ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> bladescape.com any
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18994
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;bladescape.com.			IN	ANY
    
    ;; ANSWER SECTION:
    bladescape.com.		38400	IN	SOA	ns1.bladescape.com. support.bladescape.com. 1268175620 10800 3600 604800 38400
    bladescape.com.		38400	IN	NS	ns2.bladescape.com.
    bladescape.com.		38400	IN	NS	ns1.bladescape.com.
    bladescape.com.		38400	IN	MX	10 mail.bladescape.com.
    bladescape.com.		38400	IN	A	64.185.145.24
    
    ;; Query time: 171 msec
    ;; SERVER: 192.168.0.1#53(192.168.0.1)
    ;; WHEN: Thu May  6 08:41:55 2010
    ;; MSG SIZE  rcvd: 149
    Code:
    > host `ms1c.bladescape.com`
    bash: ms1c.bladescape.com: command not found
    Usage: host [-aCdlriTwv] [-c class] [-N ndots] [-t type] [-W time]
                [-R number] hostname [server]
           -a is equivalent to -v -t *
           -c specifies query class for non-IN data
           -C compares SOA records on authoritative nameservers
           -d is equivalent to -v
           -l lists all hosts in a domain, using AXFR
           -i IP6.INT reverse lookups
           -N changes the number of dots allowed before root lookup is done
           -r disables recursive processing
           -R specifies number of retries for UDP packets
           -t specifies the query type
           -T enables TCP/IP mode
           -v enables verbose output
           -w specifies to wait forever for a reply
           -W specifies how long to wait for a reply
           -4 use IPv4 query transport only
           -6 use IPv6 query transport only
           -s a SERVFAIL response should stop query
    I hope this helps; I still don't know how to add the above DNS records (also shown below for reference) to my existing bladescape.com DNS zone through Webmin though. I mean I don't know how to translate those records into what I need to enter into the different fields in Webmin like A records, NS records, MX records, etc.

    Right now, in Webmin, I have one MX record with the "name" being "bladescape.com" and the "address" being "mail.bladescape.com"; I also have an A record set up with the "name" being "mail.bladescape.com" and the "address" being "64.185.145.24"; finally I also have two NS records set to ns1.bladescape.com and ns2.bladescape.com which both have A records pointing to the same IP address - my external IP of 64.185.145.24.

    Hope this helps!

  8. #8
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,470
    Rep Power
    56

    Default

    The problem with those records is the fact you have the public IP address in your DNS A record, it should be the LAN IP of your Zimbra server - you need to modify it.

    I asked you to run this command:

    Code:
    host `hostname`
    You need to run it exactly as you see it there, do not modify it in any way, do not add your host name or do anything at all to it.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  9. #9
    lmerrill is offline Intermediate Member
    Join Date
    May 2010
    Location
    Southern Tier New York, USA
    Posts
    15
    Rep Power
    5

    Question RE: Configuring Trusted Networks

    Quote Originally Posted by phoenix View Post
    The problem with those records is the fact you have the public IP address in your DNS A record, it should be the LAN IP of your Zimbra server - you need to modify it.

    I asked you to run this command:

    Code:
    host `hostname`
    You need to run it exactly as you see it there, do not modify it in any way, do not add your host name or do anything at all to it.
    Oh, sorry about that. I thought you wanted me to replace the "hostname" part of the command with my system's actual hostname.

    I updated the A record in Webmin for mail.bladescape.com with my internal LAN IPO address instead of my router's external IP address as you instructed, and then I saved the BIND zone and configuration data. I then tried sending another e-mail with Zimbra and get the same error message as I originally started with. Is there something else I bneed to do to solve this problem?

    Also, here is the output from the command, this time entered correctly:

    Code:
    > host `hostname`
    ms1c.bladescape.com has address 64.185.145.24
    Hope this helps,
    -Logan

  10. #10
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,470
    Rep Power
    56

    Default

    Quote Originally Posted by lmerrill View Post
    Oh, sorry about that. I thought you wanted me to replace the "hostname" part of the command with my system's actual hostname.
    It's no problem.

    Quote Originally Posted by lmerrill View Post
    Also, here is the output from the command, this time entered correctly:

    Code:
    > host `hostname`
    ms1c.bladescape.com has address 64.185.145.24
    Can I assume you only still have one DNS server on your LAN? If that's the case then the output above shows that it's still not picking up the correct IP address. Have you disabled the firewall and SElinux on your Zimbra server? Run the commands above (on the Zimbra server) and check the output is correct, you can post it here if you like.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [SOLVED] MTA Trusted Networks Bypass Spam Filter?
    By kazooless in forum Administrators
    Replies: 6
    Last Post: 04-09-2012, 03:16 PM
  2. MTA trusted networks question
    By goran in forum Administrators
    Replies: 8
    Last Post: 08-24-2010, 10:41 PM
  3. MTA Trusted Networks
    By ray.perea in forum Administrators
    Replies: 9
    Last Post: 04-07-2009, 12:23 AM
  4. error about mta trusted networks on non-mta server
    By bdial in forum Administrators
    Replies: 4
    Last Post: 02-14-2008, 09:50 AM
  5. Trusted Networks question
    By dwmtractor in forum Administrators
    Replies: 4
    Last Post: 09-28-2007, 02:15 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •