| Welcome to the Zimbra :: Forums! | |
Welcome, if you would like to post a comment please register.
We also encourage you to explore all things Zimbra with our team and members of the community.
|
 | 
03-01-2007, 06:01 AM
| | |  Relay MTA
I have experienced a behaviour that is strange for me and I would be very happy if someone can explain it to me.
We use Zimbra and MS Exchange in split domain scenario where Exchange is the smart host. Zimbra and Exchange are in different geographics locations. Zimbra uses MS Exchange as the Relay MTA, DNS lookups are disabled. Everything was working well until we set up a site-to-site VPN between Zimbra and Exchange locations. There are also DNS forwarders here (Windows AD integrated) that support VPN with providing DNS for corresponding remote location. After the VPN has been set up, I changed Relay MTA setting from FQDN to the external IP address of the Exchange box to be sure that e-mails are not going through VPN tunnel. But Zimbra still tries to relay using the wrong IP address, in fact the internal address of the Exchange box, even after restart of the Zimbra box. This is what I just don't understand to. Why, when there is the explicit IP address entry in Zimbra Relay MTA Zimbra still tries to deliver using another address? Does Zimbra use recursion?
I had to create an explicit host entry in CentOS with the external IP of the Exchange box to workaround this issue.
Using Zimbra 4.0.3 Open Source.
Thanks Petr
Last edited by PNE; 03-01-2007 at 06:04 AM..
Reason: just added notification
|
03-01-2007, 10:10 PM
| | Former Zimbran | |
Posts: 5,606
| |
Do you have split tunneling set up?
What about adding an entry for the hosts file on the client machine? |
03-02-2007, 05:03 AM
| | |
I do not think that split tunneling is in place.
I do not know what you mean with client machine. I have added host entry of Exchange public address in Zimbra.
I did not mention that both sites have independent internet access, but it is obvious I think. Just do not know why Zimbra does not use explicit IP address for relay MTA. |
03-02-2007, 05:08 AM
| | |
Quote:
Originally Posted by PNE  Just do not know why Zimbra does not use explicit IP address for relay MTA. | How did you set up this "IP address for relay MTA" ? |
03-02-2007, 05:16 AM
| | | Correction
Correction - in fact the split tunneling probably exists as the client in remote location has at the same time access to both internet (using local default gateway) and the remote site (using site-to-site VPN). Remote networks are routed, no NAT between them.
To Klug - I just typed the IP address using web admin interface, MTA tab in server settings. Saved, even restarted the whole CentOS server, did not work. |
03-02-2007, 05:23 AM
| | |
Quote:
Originally Posted by PNE To Klug - I just typed the IP address using web admin interface, MTA tab in server settings. Saved, even restarted the whole CentOS server, did not work. | As far as I remember (from the wiki and I'm a bit lazy to search right now) you have to add another parameter to get this work. Something that forbids the Zimbra server to use DNS resolution and forces it to use the smarthost.
Well, not that lazy afterwards : Code: zmprov mcf zimbraMtaDnsLookupsEnabled FALSE There's also (at least in 4.5.x) a checkbox to uncheck in the MTA tab in the adminUI. |
03-02-2007, 06:44 AM
| | |
Thanks Klug! Now I found that I had a different config in Server settings and Global settings.
Server settings are correct from my point of view (no DNS lookups, relay MTA as IP address.
In the Global settings there is no relay MTA specified and DNS lookups are enabled.
zmprov gcf zimbraMtaDnsLookupsEnabled returns TRUE.
In the Global settings there is said that "Server settings override global settings" - now I do not know if this is really true !?
Anyway - after I changed the settings on the Global tab, the problem still persists. zimbraMtaDnsLookupsEnabled now returns FALSE. It looks like Zimbra does some re-recursion, as it is possible that it asks local DNS for the FQDN of the IP address of relay MTA and then it again asks local DNS for the IP of previously learned FQDN, but that way it will get the internal IP of the Exchange instead of the external one that is explicitly set - above DNS are just guesses. Without host entry for the Exchange external IP it just does not work as expected.  |
03-12-2007, 02:44 AM
| | |
Update - resolved.
I found out that I need to use IP address instead of FQDN in the following command:
zmprov md example.com zimbraMailTransport smtp:123.456.789.012
With above, Zimbra then relays using IP address. In other case, Zimbra tries to resolve IP probably using DNS even when DNS lookups are turned off in both global and server MTA setting AND even when there is a host entry for the 123.456.789.012. I do not know if this is a bug or not, please consider. |
03-12-2007, 03:01 AM
| | Zimbra Consultant & Moderator | |
Posts: 19,653
| |
The setting for DNS lookups only affect mail and postfix delivery, for a relay MTA it will do a DNS lookup to try and resolve the server name you enter. Does the server exist in the DNS servers?
__________________
Regards
Bill
|
03-12-2007, 03:12 AM
| | |
Well, it depends. We have the site-to-site VPN in place. Zimbra is on one side, server to relay (Exchange) is on the other side of VPN. Then Exchange server has 2 different IPs - public external and internal. We use MS Active Directory on both sides, including DNS forwarders that take care of requests for the other site's computers. So it may happen that there is cached entry in DNS, but it may have Exchange's internal IP. And I want to be sure that we use Exchange's public IP to relay. Zimbra and Exchange are not in the same domain now, but they are setup according to the split domain scenario. I do not want to create split domain in DNS since I consider DNS forwarders as better solution. | | Thread Tools | Search this Thread | | | | | Display Modes |  Linear Mode | | Why Join? Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.   |
Bugzilla
Wiki
Source
