Having an issue with locally generated mail being deferred

[hescominsoon]

It's either my mail server or the firewall in terms of a setting i have wrong or i missed. When the mailserver tries to send mail from root@mail.faithsbc.org it goes to the right external ip 75.148.28.141 but the packets die. I have setup a packet filter rule to allow that traffic to no avail. I have port 25 form the outside forwarded to the box in question(it runs zimbra). When i try to telnet to mail.faithsbc.org port 25 it hooks in. When i try to telnet to 75.248.28.141 port 25 it times out. I've also setup hosts definition of 75.248.28.141 to mail.faithsbc.org to no avail on the mail server. I can ping it form the mail server but port 25 traffic won't make it. Maybe it won't due to the fact it's a loop. I may have to mod the mail server internally so root@ heads to it's internal address. FYI originating ip for the mail in question is the loopback address 127.0.0.1. I know it's got to be something simple..any ideas?

[phoenix]

Quote:

Originally Posted by hescominsoon

It's either my mail server or the firewall in terms of a setting i have wrong or i missed. When the mailserver tries to send mail from root@mail.faithsbc.org it goes to the right external ip 75.148.28.141 but the packets die. I have setup a packet filter rule to allow that traffic to no avail. I have port 25 form the outside forwarded to the box in question(it runs zimbra). When i try to telnet to mail.faithsbc.org port 25 it hooks in. When i try to telnet to 75.248.28.141 port 25 it times out. I've also setup hosts definition of 75.248.28.141 to mail.faithsbc.org to no avail on the mail server. I can ping it form the mail server but port 25 traffic won't make it. Maybe it won't due to the fact it's a loop. I may have to mod the mail server internally so root@ heads to it's internal address. FYI originating ip for the mail in question is the loopback address 127.0.0.1. I know it's got to be something simple..any ideas?

You need a Split DNS set-up if your behind a firewall or a NAT router - do you have one? You can also check your current configuration by going to the wiki article and looking in the 'Verify...' section and running all the required commands.

[hescominsoon]

hrmm so a hosts entry won't work? Isn't the machine supposed to check the hosts list first? Whoops wrong ip it's 75.148.28.141. Just modded the hosts file to no avail. I had another deferred issue i solved this way. That's really odd. I already ahve a dns server on my netowrk so running another one is jsut another thing to go wrong. is split dns relaly the only way to go here?

I ahve an AD server that's authoritative for the internal(which this box resides on). Right now the box's hostname is mail.faithsbc.org(using mail.fbc.local caused all mail to be deferred). I have an a record in ad for this machine as mail.fbc.local to it's internal IP which is what folks int he building use to get to it. Should i add it as MX as well and then mod the zimbra hostname to mail.fbc.local?

[phoenix]

Quote:

Originally Posted by hescominsoon

hrmm so a hosts entry won't work? Isn't the machine supposed to check the hosts list first? Whoops wrong ip it's 75.148.28.141. Just modded the hosts file to no avail. I had another deferred issue i solved this way. That's really odd. I already ahve a dns server on my netowrk so running another one is jsut another thing to go wrong. is split dns relaly the only way to go here?

You're not asked to run another server, the article is just one example of how to set-up a Split DNS. You need valid DNS A & MX records (including a valid and correctly formatted hosts file) that point to the LAN IP of your Zimbra server so that it (it's a postfix requirement) can do a DNS lookup for it's mail delivery, this has been covered many times in the forums - you can run the commands in the 'Verify...' section of the split DNS article to confirm whether the Zimbra server can 'see' itself.

[hescominsoon]

Quote:

Originally Posted by phoenix

You're not asked to run another server, the article is just one example of how to set-up a Split DNS. You need valid DNS A & MX records (including a valid and correctly formatted hosts file) that point to the LAN IP of your Zimbra server so that it (it's a postfix requirement) can do a DNS lookup for it's mail delivery, this has been covered many times in the forums - you can run the commands in the section of the split DNS article to confirm whether the Zimbra server can 'see' itself.

Right now it apparently doesn't hence my question. split-dns isn't needed in my case as i have an authoritative dns for the internal.

[phoenix]

Quote:

Originally Posted by hescominsoon

Right now it apparently doesn't hence my question. split-dns isn't needed in my case as i have an authoritative dns for the internal.

Obviously your current set-up appears not to be working correctly as it's trying to deliver the email to the Public IP of your network rather than the correct LAN IP.

A Split DNS is any DNS server on your LAN that has valid DNS records for your Zimbra server, I’ll say it again:

Quote:

you can run the commands in the 'Verify...' section of the split DNS article to confirm whether the Zimbra server can 'see' itself.

Perhaps you can do that and confirm what's happening on your system?

[hescominsoon]

Quote:

Originally Posted by phoenix

Obviously your current set-up appears not to be working correctly as it's trying to deliver the email to the Public IP of your network rather than the correct LAN IP.

A Split DNS is any DNS server on your LAN that has valid DNS records for your Zimbra server, I’ll say it again:

Perhaps you can do that and confirm what's happening on your system?

It's not seeing itself. I'm going to see if there's a way to either get the hosts file to handle this or mod my internal AD server for this. I personally don't see the need to run yet another DNS server..there has to be a way to make this work otherwise.

[hescominsoon]

what if i mod the hostname to be mail.fbc.local? That would make it resolve internal. Can i then mod zimbra itself so that it knows it's actually doing business as mail.faithsbc.org?

[phoenix]

You need a valid A and MX record pointing to that server, without them it will not be able to do a DNS resolution for that mail server - for a mail server it's an MX lookup that also has a valid A record pointing to the LAN IP of the server. The records can be added to any DNS server on your LAN.

[hescominsoon]

Quote:

Originally Posted by phoenix

You need a valid A and MX record pointing to that server, without them it will not be able to do a DNS resolution for that mail server - for a mail server it's an MX lookup that also has a valid A record pointing to the LAN IP of the server. The records can be added to any DNS server on your LAN.

aha ok..now that explains it. i'll have to see if i can mod my internal AD then. i tried the split in the wiki but it never worked..Bind kept throwing errors when i configured it as shown...now that i know i need the a and mx lemme see what i can come up with..