Zimbra

ricardoc · #1 (**permalink**) 08-03-2010, 07:13 AM

I have a working zimbra install on centos 5 64 bit. I just got done with it yesterday after getting local BIND to work on it for DNS resolution to the local ip.

Mail routing is working in and out just fine.

What I'm having a difficult time grasping is why I can send to my mail domain from the outside world and it works when the MX record for my mail domain is local? How does Gmail know that my mail domain exists when it can't query the mx record?

I'm not saying anything is broken, this is the way I want my install to work, but I want to understand why something works the way it does...

chauvetp · #2 (**permalink**) 08-03-2010, 08:02 AM

If your domain has no MX record, but does have an A record, then Gmail or any other site will try to send mail to the server pointed to by the A record.

We might be able to tell more if you provide your mail server name and look at the dns records directly.

ewilen · #3 (**permalink**) 08-03-2010, 08:21 AM

Agreed with above. But note that if a public mx record exists, mail must not be delivered to the A record, even if all the mx's are unavailable. Some broken mta's will do this, though.

ricardoc · #4 (**permalink**) 08-03-2010, 08:32 AM

vcentra.rings-things.com

ricardoc · #5 (**permalink**) 08-03-2010, 08:44 AM

Ok I think I understand now. It is just defaulting to the A record like you mentioned.

So I need another MX record pointing to my external interface?

chauvetp · #6 (**permalink**) 08-03-2010, 08:52 AM

If you have an MX record pointint to your external interface, then (after a period of time for dns caching to expire externally) no legitimate mail should come from the outside to your Zimbra server.

You might want to, as many do, close off point 25 from all except your internal servers and require your users to connect via 465/ssl for SMTP.

phoenix · #7 (**permalink**) 08-03-2010, 09:13 AM

Quote:

Originally Posted by chauvetp

If you have an MX record pointint to your external interface, then (after a period of time for dns caching to expire externally) no legitimate mail should come from the outside to your Zimbra server.

That sounds rather confusing (at least to me), mail is delivered via an MX record so why wouldn't mail get to his server if he has an external MX records pointing at his public IP?

Quote:

Originally Posted by chauvetp

You might want to, as many do, close off point 25 from all except your internal servers and require your users to connect via 465/ssl for SMTP.

That should be Port 587 and Authenticate agains the Zimbra server but has he mentioned not wanting mail from outside or have I missed something simple here?

ricardoc · #8 (**permalink**) 08-03-2010, 09:42 AM

No i want mail from outside.

I setup internal DNS so if the net goes down, internal mail will still route.

i was curious as to why since my MX record was internal only that I was still able to recieve mail from the outside, thats all.

I think I just need another MX record that points to my external ip now, so that outside mail servers can use it instead of the A record.