I'm trying to send mail from a server that is on a different subnet. The server cannot do ssl or even authenticate so it needs to be setup as a trusted server.

My trusted MTAs setup is:

Code:
127.0.0.0/8 192.168.2.5/32 192.168.0.2/32
My server's details:

Host: server1.medalist.com.au
Internal IP: 192.168.2.5
gateway: 192.168.2.1
CNAME alias: mail.medalist.com.au
external dns (isp) mx: mail.medalist.com.au and external ip

The ports are all forwarded through the firewall and point to 192.168.2.5, but just as importantly, we have a VPN between 192.168.0 and 192.168.2, so it bypasses the firewall anyway.

I've set up bind9 to split dns. I'm not sure if it's absolutely correct, but it's working for normal mail.

cat /etc/hosts:

Code:
127.0.0.1       localhost.localdomain   localhost
192.168.2.5     server1.medalist.com.au server1
192.168.2.5     mail.medalist.com.au server1

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
cat /etc/resolv.conf:

Code:
nameserver 192.168.2.5
nameserver 192.168.2.1
nameserver 192.168.0.4
dig medalist.com.au mx:
Code:
; <<>> DiG 9.4.2-P1 <<>> medalist.com.au mx
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35822
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;medalist.com.au.               IN      MX

;; ANSWER SECTION:
medalist.com.au.        604800  IN      MX      10 mail.medalist.com.au.

;; AUTHORITY SECTION:
medalist.com.au.        604800  IN      NS      192.168.2.5.medalist.com.au.

;; Query time: 0 msec
;; SERVER: 192.168.2.5#53(192.168.2.5)
;; WHEN: Thu Aug  7 13:51:07 2008
;; MSG SIZE  rcvd: 80
dig medalist.com.au any:
Code:
; <<>> DiG 9.4.2-P1 <<>> medalist.com.au any
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6884
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;medalist.com.au.               IN      ANY

;; ANSWER SECTION:
medalist.com.au.        604800  IN      MX      10 mail.medalist.com.au.
medalist.com.au.        604800  IN      AAAA    ::1
medalist.com.au.        604800  IN      SOA     server1.medalist.com.au. server.medalist.com.au. 3 604800 86400 2419200 604800
medalist.com.au.        604800  IN      NS      192.168.2.5.medalist.com.au.
medalist.com.au.        604800  IN      A       192.168.2.5

;; Query time: 0 msec
;; SERVER: 192.168.2.5#53(192.168.2.5)
;; WHEN: Thu Aug  7 13:52:51 2008
;; MSG SIZE  rcvd: 175
When I telnet to port 25 from the remote server I get nothing at all, it just times out. I also don't see anything in the zimbra.log which I have tailing at the same time.

However, when I telnet to port 110 or 143, I do get a connection, so only port 25 seems to be blocked from sending.

in the Global MTA settings I do have all the Protocol checks and DNS checks ticked.
Protocol checks
Hostname in greeting violates RFC (reject_invalid_hostname)
Client must greet with a fully qualified hostname (reject_non_fqdn_hostname)
Sender address must be fully qualified (reject_non_fqdn_sender)
DNS checks
Client's IP address (reject_unknown_client)
Hostname in greeting (reject_unknown_hostname)
Sender's domain (reject_unknown_sender_domain)

I've also disabled apparmor.

So now I'm at a bit of a loss. Should I add the remote server to my hosts file? Have I stuffed the bind settings?