Zimbra

gerdpeter · #1 (**permalink**) 07-03-2008, 07:59 PM

I installed zimbra 5.0.7 on Debian etch for my home network and followed the split FDSN instructions since I am behind a hw NAT router.
I can send emails to outsiders, but not insiders and I can not receive any emails, outside ot inside my neywork.
Postfix log says it cannot resolve my hostname (mail.xxx.com) and the emails bounce.
I know the fault is somewhere in DNS but I spent a day on it and I can'y figure it out...
here is my data - I collected everything I can think of, let me know if something is missing:

Local network is 10.0.0.0 , network definition across all workstations and servers is 255.255.255.0, 10.0.0.1 gateway and 10.0.0.1 DNS.
router/NAT/local DNS is 10.0.0.1
Zimbra server is 10.0.0.7 - hostname is mail.
ports 25, 80, 443 and a bunch of other are forwared by the router to 10.0.0.7 (this works since emails are received and then bounced).
MX record is defined with my registar pointing to mail.xxx.com and is working since emails are received and then bounced.
named is runnig.

Code:

postfix.log extract (internally sent email - replaced domain name with xxx):
Jul  3 16:17:12 mail postfix/smtpd[27164]: disconnect from localhost.localdomain[127.0.0.1]
Jul  3 16:17:12 mail postfix/smtp[27161]: AFB5E4801D7: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=0.78, delays=0.32/0/0/0.45, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 5DEE14801E1)
Jul  3 16:17:12 mail postfix/qmgr[5588]: AFB5E4801D7: removed
Jul  3 16:17:12 mail postfix/lmtp[27165]: 5DEE14801E1: to=, relay=none, delay=0.02, delays=0.01/0.01/0/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=mail.xxx.com type=A: Host not found)

file hosts:

Code:

127.0.0.1 localhost.localdomain localhost
10.0.0.7 mail.xxx.com mail

# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

file named.conf (unchanged - only refernces here):

Code:

include "/etc/bind/named.conf.options";

// prime the server with knowledge of the root servers
zone "." {
        type hint;
        file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
        type master;
        file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";
};

include "/etc/bind/named.conf.local";

file named.conf.local (I customized with references to stay with best practice):

Code:

//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

zone "xxx.com" {
        type master;
        file "/etc/bind/db.xxx";
};

file db.xxx (here is where the meat is):

Code:

;
; BIND reverse data file for broadcast zone
;
$TTL    604800
@       IN      SOA     mail.xxx.com. mail.xxx.com. (
                         2008040201     ; Serial
                         7200           ; Refresh
                          120           ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@                       IN      NS      10.0.0.1.
@                       IN      NS      10.0.0.7.
xxx.com.       IN      MX      10 mail.xxx.com.
xxx.com.       IN      A       10.0.0.7

file resolv.conf:

Code:

search xxx.com
nameserver 10.0.0.7

file hostname:

Code:

mail

if you see any error in this set of config file - please point it out..... Thanks for reviewing and any help in advance!
gerd

phoenix · #2 (**permalink**) 07-03-2008, 10:55 PM

What do the following commands show (when run on the Zimbra server)?

Code:

host `hostname`   <-- type as-is and use backticks not single quotes
dig yourdomain.com mx
dig yourdomain.com any

gerdpeter · #3 (**permalink**) 07-04-2008, 09:29 AM

Here are the responses from the 3 commands - Thanks for looking into this!!:

Code:

mail:~# host `hostname`
Host mail not found: 3(NXDOMAIN)

Code:

mail:~# dig xxx.com mx

; <<>> DiG 9.3.4 <<>> xxx.com mx
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34431
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;xxx.com.              IN      MX

;; ANSWER SECTION:
xxx.com.       604800  IN      MX      10 mail.xxx.com.

;; AUTHORITY SECTION:
xxx.com.       604800  IN      NS      10.0.0.1.
xxx.com.       604800  IN      NS      10.0.0.7.

;; Query time: 0 msec
;; SERVER: 10.0.0.7#53(10.0.0.7)
;; WHEN: Fri Jul  4 08:24:41 2008
;; MSG SIZE  rcvd: 99

;

Code:

 <<>> DiG 9.3.4 <<>> xxx.com any
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26953
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;xxx.com.              IN      ANY

;; ANSWER SECTION:
xxx.com.       604800  IN      SOA     mail.xxx.com. mail.xxx.com. 2008040201 7200 120 2419200 604800
xxx.com.       604800  IN      NS      10.0.0.7.
xxx.com.       604800  IN      NS      10.0.0.1.
xxx.com.       604800  IN      MX      10 mail.xxx.com.
xxx.com.       604800  IN      A       10.0.0.7

;; Query time: 0 msec
;; SERVER: 10.0.0.7#53(10.0.0.7)
;; WHEN: Fri Jul  4 08:26:15 2008
;; MSG SIZE  rcvd: 151

gerdpeter · #4 (**permalink**) 07-05-2008, 07:37 AM

Anybody out there in the community who can help with this ? I am reading anything I can find for split DNS setup but I am still stuck... Thanks for helping !

phoenix · #5 (**permalink**) 07-05-2008, 08:09 AM

I haven't forgotten you.

Change the A record to mai.xxx.com and see what that returns from the dig command. Is your hosts file correct, I don't know debian but most hosts file usually contain the FQDN of the server.

gerdpeter · #6 (**permalink**) 07-05-2008, 08:21 AM

Thanks for getting abck to me so quickly......it is driving me nuts that I can't figure this out.....

here is the new output after I changed the A record:

mail:/etc/bind# dig mail.xxx.com

; <<>> DiG 9.3.4 <<>> mail.xxx.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 58310
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;mail.xxx.com. IN A

;; AUTHORITY SECTION:
xxx.com. 604800 IN SOA mail.xxx.com. mail.xxx.com. 2008040201 7200 120 2419200 604800

;; Query time: 0 msec
;; SERVER: 10.0.0.7#53(10.0.0.7)
;; WHEN: Sat Jul 5 11:18:22 2008
;; MSG SIZE rcvd: 75

gerdpeter · #7 (**permalink**) 07-05-2008, 08:33 AM

host `hostname` still returns:

mail:/etc/bind# host `hostname`
Host mail not found: 3(NXDOMAIN)
......

here is the outpu from daemon.log....if that helps...:

Jul 5 11:30:58 mail named[13423]: starting BIND 9.3.4
Jul 5 11:30:58 mail named[13423]: found 2 CPUs, using 2 worker threads
Jul 5 11:30:58 mail named[13423]: loading configuration from '/etc/bind/named.conf'
Jul 5 11:30:58 mail named[13423]: listening on IPv6 interfaces, port 53
Jul 5 11:30:58 mail named[13423]: binding TCP socket: address in use
Jul 5 11:30:58 mail named[13423]: listening on IPv4 interface lo, 127.0.0.1#53
Jul 5 11:30:58 mail named[13423]: binding TCP socket: address in use
Jul 5 11:30:58 mail named[13423]: listening on IPv4 interface eth1, 10.0.0.7#53
Jul 5 11:30:58 mail named[13423]: binding TCP socket: address in use
Jul 5 11:30:58 mail named[13423]: none:0: open: /etc/bind/rndc.key: permission denied
Jul 5 11:30:58 mail named[13423]: couldn't add command channel 127.0.0.1#953: permission denied
Jul 5 11:30:58 mail named[13423]: none:0: open: /etc/bind/rndc.key: permission denied
Jul 5 11:30:58 mail named[13423]: couldn't add command channel ::1#953: permission denied
Jul 5 11:30:58 mail named[13423]: zone 0.in-addr.arpa/IN: loaded serial 1
Jul 5 11:30:58 mail named[13423]: zone 127.in-addr.arpa/IN: loaded serial 1
Jul 5 11:30:58 mail named[13423]: zone 255.in-addr.arpa/IN: loaded serial 1
Jul 5 11:30:58 mail named[13423]: dns_rdata_fromtext: /etc/bind/db.xxx:15: near 'mail.xxx.com': bad dotted quad
Jul 5 11:30:58 mail named[13423]: zone xxx.com/IN: loading master file /etc/bind/db.xxx: bad dotted quad
Jul 5 11:30:58 mail named[13423]: zone localhost/IN: loaded serial 1
Jul 5 11:30:58 mail named[13423]: running

phoenix · #8 (**permalink**) 07-05-2008, 08:38 AM

The dig command should still just be for your domain name i.e. dig xxx.com

gerdpeter · #9 (**permalink**) 07-05-2008, 08:44 AM

sorry - here it is:

; <<>> DiG 9.3.4 <<>> xxx.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 12708
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;xxx.com. IN A

;; Query time: 0 msec
;; SERVER: 10.0.0.7#53(10.0.0.7)
;; WHEN: Sat Jul 5 11:43:44 2008
;; MSG SIZE rcvd: 34

phoenix · #10 (**permalink**) 07-05-2008, 08:51 AM

What about my question on the hosts file configuration?

Zimbra

Downloads

Product Information

Toolbox

Why Join?