Please,

It seems quite bizarre, but something very strange is happening to my Zimbra 7.2.3 Server.

Inside my internal network, the web interface works OK. But outside (internet, fyi), I can login, I can view emails, archive messages, but I CAN'T SEND EMAILS.

The server stop responding and after a long time answers: "The server or network stopped responding" "FAILURE: sendMsgRequest empty response".

- RELEASE -
My server is Release 7.2.3_GA_2872.DEBIAN5_64 DEBIAN5_64 FOSS edition.

I updated to this version because this problem just started from nothing on version 7.2.0.

- HARDWARE DETAILS -
HD: 300GB
RAM: 6GB
PROCESSOR: XEON 2 x 1.86Ghz

- CONFIG -
- TLS Auth is off
- MTA Trusted Networks: 127.0.0.0/8 10.100.21.71/32 172.20.1.55/32 172.20.1.31/32 201.18.153.71/32
- Relay: NO
- Domain (local and inet): ssp.ma.gov.br
- internal/external MX record DNS: mail.ssp.ma.gov.br
- dig mx query (internal): 172.20.1.31
- dig mx query (external): 201.18.153.71
- echo `hostname`: sspslssdmail-31
- server hostname: sspslssdmail-31
- server local IP: 172.20.1.31
- server public IP: 201.18.153.71
- server NAT IP: 10.100.21.71
- network primary DNS: 172.20.1.111
- network secondary DNS: 172.20.1.254 (same as firewall iface addr)
- network external DNS: 172.20.15.2 (handles external queries to public IPs).

I'm behind two firewalls, so the IP 10.100.21.71 NATs to 172.20.1.31.

So, it goes that way:
IN: X.X.X.X -> 201.18.153.71 -> 10.100.21.71 -> 172.20.1.31
OUT: 172.20.1.31 -> 10.100.21.71 -> 201.18.153.71 -> X.X.X.X

I'm pretty sure that my firewall is OK (NAT, port forward, open ports, whatever...). I've tested everything and didn't change anything since 200 days ago This problem is recent. About 30/45 days ago.

- MORE DETAILS -
The MX records on my DNS are OK.
The SPF entry is OK.

- FILES -

Content of /etc/resolv.conf

- RESOLV.CONF -

domain ssp.ma.gov.br
search ssp.ma.gov.br
nameserver 172.20.1.111 ---> Primary DNS (stupid Windows W2K8 R2 box, working fine).
nameserver 172.20.1.254 ---> Secondary DNS (same address of firewall pfSense).

Content of /etc/hosts

-HOSTS FILE -
127.0.0.1 localhost.localdomain localhost
172.20.1.31 sspslssdmail-31.ssp.ma.gov.br sspslssdmail-31

- zmcontrol status -
Host sspslssdmail-31.ssp.ma.gov.br
antispam: Running
antivirus: Running
ldap: Running
logger: Running
mailbox: Running
mta: Running
snmp: Running
spell: Running
stats: Running
zmconfigd: Running

Another useful command to confirm the above information:
$ zmprov gs `zmhostname` | grep zimbraMtaMyNetworks
zimbraMtaMyNetworks: 127.0.0.0/8 172.20.1.31/32 172.20.1.55/32 10.100.21.71/32 201.18.153.71/32

- QUESTION -

What is wrong? Please, can someone help me?

Sorry for my poor english.

Best regards,

Lucas Almeida
Network Administrator