Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Using A instead of MX record, in spite of setting

  1. #1
    ekkas is offline Special Member
    Join Date
    Feb 2010
    Location
    South Africa
    Posts
    107
    Rep Power
    5

    Default Using A instead of MX record, in spite of setting

    Hi all, (ZCS 7.2.0)
    I've been having problem with my connection/server load.
    Almost no mail goes out, all bounce back with 'Connection timeout' or 'Connection refused'
    Upon closer inspection and head scratching, cursing at the upstream provider, etc. (The usual geek tantrums.), I've found that it seems Zimbra is not using the correct MX record to send out to.
    This server has public static IP with reverse DNS, I've tried with/without split-DNS, different DNS namservers, all stays teh same.
    I've tried to 'untick/tick' (turn it off and on again) the Use DNS option in ZCS web. Rebooted, etc. etc.

    See what I mean below, in the logs, it shows trying to speak to intekom.co.za at 196.25.69.14 but if I do a dig, the MX is supposed to be 196.25.211.70

    Any help how I can fix this? (I've tried to re-queue all messages in defereed queue, but they just pop right back)

    Code:
    Jul 10 16:31:17 mail postfix/error[16818]: 2FD465CC0113: to=<tar@intekom.co.za>, relay=none, delay=0.29, delays=0.16/0.04/0/0.09, dsn=4.4.1, status=deferred (delivery mporarily suspended: connect to intekom.co.za[196.25.69.14]:25: Connection refused)
    Code:
    [root@mail ~]# dig intekom.co.za mx
    
    ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5 <<>> intekom.co.za mx
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18034
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; QUESTION SECTION:
    ;intekom.co.za.                 IN      MX
    
    ;; ANSWER SECTION:
    intekom.co.za.          654     IN      MX      20 mail.intekom.com.
    
    ;; ADDITIONAL SECTION:
    mail.intekom.com.       401     IN      A       196.25.211.70
    
    ;; Query time: 58 msec
    ;; SERVER: 168.210.2.2#53(168.210.2.2)
    ;; WHEN: Tue Jul 10 16:31:32 2012
    ;; MSG SIZE  rcvd: 79

  2. #2
    soxfan is offline Moderator
    Join Date
    Mar 2006
    Location
    Massachusetts
    Posts
    965
    Rep Power
    10

    Default

    So, your Zimbra server is directly connected to the Internet and you have authority / control over the DNS settings? I'm a bit confused about the "tried with/without Split DNS" comment. Typically you need to decide this prior to doing the install. If you make changes after the fact it could cause problems. Or did you re-install after making the changes?

    Also, do you know about the 196.25.69.14 IP address? Is this another one of your servers or a firewall / router?

  3. #3
    ekkas is offline Special Member
    Join Date
    Feb 2010
    Location
    South Africa
    Posts
    107
    Rep Power
    5

    Default

    Thanks for your reply.
    No I did not change IPs or anything, just changed /etc/resolv.conf to either use local BIND or ISP DNS. Local BIND is setup to mirror the ISPs settings, i.t.o. MX, A records.
    The point is if I do a DIG MX I get the correct MX & A (So on CentOS side all seems fine), but Zimbra seem to want to use the domain's A record instead of the MX record's IP.
    "Use DNS" tick is on under "Global Settings" and "Server settings".
    I did upgrade from 7.1.3 to 7.2.0 but after some issues started.

  4. #4
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,483
    Rep Power
    56

    Default

    Quote Originally Posted by ekkas View Post
    No I did not change IPs or anything, just changed /etc/resolv.conf to either use local BIND or ISP DNS.
    That is incorrect, if you're behind a NAT router you should only use the DNS server on your LAN.

    Quote Originally Posted by ekkas View Post
    Local BIND is setup to mirror the ISPs settings, i.t.o. MX, A records
    This is also incorrect. I'd suggest you change the resolv.conf as I've mentioned above then go to the Split DNS article in the wiki and provide the output from all the commands in the 'Verify...' section of the article.
    Last edited by phoenix; 07-10-2012 at 10:16 AM.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    ekkas is offline Special Member
    Join Date
    Feb 2010
    Location
    South Africa
    Posts
    107
    Rep Power
    5

    Default

    It seems that after another reboot and some more deferred queue 'requeues', the mails are starting to be forwarded to proper MX instead of the A.
    It appears that postfix (zimbra/amavis?) remembers the IP it originally wanted to send it on, and a requeue let it re-lookup the MX again, or so it seems to me anyways.

    Mails are finally going out now.

  6. #6
    ekkas is offline Special Member
    Join Date
    Feb 2010
    Location
    South Africa
    Posts
    107
    Rep Power
    5

    Default

    Quote Originally Posted by phoenix View Post
    That is incorrect, as you're behind a NAT router you should only use the DNS server on your LAN.

    This is also incorrect. I'd suggest you change the resolv.conf as I've mentioned above then go to the Split DNS article in the wiki and provide the output from all the commands in the 'Verify...' section of the article.
    Thank you for your effort, but I'm afraid you misunderstood my problem.
    The server have a static, public IP, not NAT or other routers. I've setup split-DNS for the sole purpose that when the Internet is down, at last the server knows about it's own MX record and internal users can send to each other.
    So in essense my split-DNS give the same results (MX & A) as what the public ISP DNS would give, just as an local copy on the server itself.
    I did run the 'Verify' sections ad infinitum
    My problem was that the OS (CentOS) DNS was working fine, but Zimbra tried to use the A record for that domain, instead of the MX record, which is what is supposed to happen if the 'Use DNS' option is unticked.
    I was puzzled because it was ticked and still this happened. Seems it needed to be requeued/rebooted.
    Time wounds all heals- John Lennon

  7. #7
    ekkas is offline Special Member
    Join Date
    Feb 2010
    Location
    South Africa
    Posts
    107
    Rep Power
    5

    Default

    Seems I'm still experiencing some Zimbra DNS issues:

    Code:
    Jul 10 20:17:16 mail postfix/smtp[18853]: 3E72A2168127: to=<mbcvvans@daimler.com>, relay=none, delay=7973, delays=6313/1640/20/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=daimler.com type=MX: Host not found, try again)
    But seconds after"

    Code:
    [root@mail ~]# dig daimler.com mx
    
    ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5 <<>> daimler.com mx
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22581
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; QUESTION SECTION:
    ;daimler.com.                   IN      MX
    
    ;; ANSWER SECTION:
    daimler.com.            2535    IN      MX      0 mail-in.daimler.com.
    
    ;; ADDITIONAL SECTION:
    mail-in.daimler.com.    2535    IN      A       141.113.103.103
    
    ;; Query time: 1767 msec
    ;; SERVER: 168.210.2.2#53(168.210.2.2)
    ;; WHEN: Tue Jul 10 20:17:44 2012
    ;; MSG SIZE  rcvd: 69
    Code:
    [root@mail ~]# telnet 141.113.103.103 25
    Trying 141.113.103.103...
    Connected to mail-in.daimler.com (141.113.103.103).
    Escape character is '^]'.
    220 mail-in.daimler.com ESMTP Postfix

  8. #8
    soxfan is offline Moderator
    Join Date
    Mar 2006
    Location
    Massachusetts
    Posts
    965
    Rep Power
    10

    Default

    I'm not going to say your setup is wrong, but typically most people configure Zimbra in a LAN / DMZ with a private IP address behind a firewall, and have a Split DNS setup. I can't specifically say why your setup, being directly connected to the Internet, won't work, but it's just not typical. I also think you have a misunderstanding of what the "use DNS" option does. In my installation it says "Enable DNS lookups", so maybe I'm looking at a different option, but if not you should read the Admin Guide for a better description of what this is used for.

  9. #9
    silbro is offline Active Member
    Join Date
    Jan 2008
    Location
    Switzerland
    Posts
    46
    Rep Power
    7

    Default

    Hey

    I have a similar setup. This is what I would do:

    1) /etc/hostname
    mail-in

    2) /etc/hosts:
    <external ip> mail-in.daimler.com
    127.0.0.1 localhost

    3) Log into the admin interface and go to server settings and add the external ip to the trusted MTA-Networks -> ip/prefix

    4) /etc/resolf.conf -> 2 nameservers that resolve the mail-in.daimler.com to your correct external ip address.

    5) I have selected activate DNS lookups

    The first error was because your mailserver resolved the name to the external IP and it wouldnt allow it to connect to itself (that is what the trusted mta networks is for)

    Does this help ? If not I'll try to help you more

    cheers

  10. #10
    ekkas is offline Special Member
    Join Date
    Feb 2010
    Location
    South Africa
    Posts
    107
    Rep Power
    5

    Default

    Thanks for your replies.
    I initially installed the server many years ago in a completely different setup like that. Tried to change the IP twice (to move from public to DMZ) since, but had to revert to backups as I didn't have joy. However, I do not think this is what the problem here is though.
    For example, look here:

    Code:
    Jul 11 13:47:12 mail postfix/smtp[21229]: D7FC478097: to=<drcaroux@tiscali.co.za>, relay=none, delay=53773, delays=52888/865/20/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=tiscali.co.za type=MX: Host not found, try again)
    Jul 11 13:47:12 mail postfix/qmgr[10674]: 9244FE2595: removed
    And 3 seconds later: (please not server used is 127.0.0.1, I get similar issues if I use my ISP DNS, sometime MX not found by Zimbra, but from the OS I always resolve correctly.
    • I've stopped iptables, just in case
    • ISP says no firewall is blocking anything
    • it works sometimes


    Code:
    [root@mail ~]# dig tiscali.co.za mx
    
    ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.1 <<>> tiscali.co.za mx
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45196
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 7, ADDITIONAL: 5
    
    ;; QUESTION SECTION:
    ;tiscali.co.za.                 IN      MX
    
    ;; ANSWER SECTION:
    tiscali.co.za.          9       IN      MX      10 mx-wol.smp.mweb.co.za.
    
    ;; AUTHORITY SECTION:
    co.za.                  86252   IN      NS      ns.coza.net.za.
    co.za.                  86252   IN      NS      ns0.is.co.za.
    co.za.                  86252   IN      NS      ns0.plig.net.
    co.za.                  86252   IN      NS      ns0.neotel.co.za.
    co.za.                  86252   IN      NS      ns1.coza.net.za.
    co.za.                  86252   IN      NS      ns4.iafrica.com.
    co.za.                  86252   IN      NS      coza1.dnsnode.net.
    
    ;; ADDITIONAL SECTION:
    mx-wol.smp.mweb.co.za.  309     IN      A       196.28.76.15
    ns.coza.net.za.         4203    IN      A       206.223.136.200
    ns0.plig.net.           1732    IN      A       195.40.6.40
    ns4.iafrica.com.        181     IN      A       196.7.142.131
    coza1.dnsnode.net.      3433    IN      A       194.146.106.74
    
    ;; Query time: 2133 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Wed Jul 11 13:47:47 2012
    ;; MSG SIZE  rcvd: 316

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Mx record
    By koststok in forum Administrators
    Replies: 11
    Last Post: 08-02-2011, 06:26 AM
  2. SPF record
    By maceee in forum Administrators
    Replies: 3
    Last Post: 07-07-2010, 02:33 AM
  3. Replies: 11
    Last Post: 05-12-2009, 06:26 AM
  4. Replies: 1
    Last Post: 12-16-2007, 08:15 PM
  5. PTR record
    By rpvaughnjr in forum Administrators
    Replies: 4
    Last Post: 04-06-2006, 07:04 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •