[SOLVED] cannot send email to external domains

[partner]

Hi there,

Yes I know, this question has been asked zillion times already but after 3 days researching, testing and more of the same I have to ask you for help on this please.

My situation:

I am running zcs 5.0.11 on opensuse 10.3 and followed the guide as per the sticky in this section of your forum. My system is behind a NAT-ed router and my IP is dynamic with the compliments of my ISP

I have read just about every article re split DNS and used various tool to verify my DNS setup is correct. Thus far I can see no flaw in that. I am able to receive emails from external domains, but I simply cannot send any email to external domains. Any email sent gets qeued with connection time outs on the external hostname.

I have purchased and activated recursive DNS from dynDNS.org and used their services to have a 'static' mx pointer to my location.

Please help

the domain koloristik.nl
FQN zimbraserver mailserv.koloristik.nl

[partner]

FYI,

I have moved the box to the DMZ of the router

nslookup koloristik.nl returns

Code:

Server:         192.168.1.141
Address:        192.168.1.141#53

Name:   koloristik.nl
Address: 192.168.1.141

dig koloristik.nl mx returns

Code:

; <<>> DiG 9.4.1-P1 <<>> koloristik.nl mx
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26676
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;koloristik.nl.                 IN      MX

;; ANSWER SECTION:
koloristik.nl.          172800  IN      MX      10 mailserv.koloristik.nl.

;; AUTHORITY SECTION:
koloristik.nl.          172800  IN      NS      192.168.1.141.koloristik.nl.

;; ADDITIONAL SECTION:
mailserv.koloristik.nl. 172800  IN      A       192.168.1.141

;; Query time: 1 msec
;; SERVER: 192.168.1.141#53(192.168.1.141)
;; WHEN: Sat Jan 17 15:11:48 2009
;; MSG SIZE  rcvd: 100

dig koloristik.nl a returns

Code:

; <<>> DiG 9.4.1-P1 <<>> koloristik.nl a
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39972
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;koloristik.nl.                 IN      A

;; ANSWER SECTION:
koloristik.nl.          172800  IN      A       192.168.1.141

;; AUTHORITY SECTION:
koloristik.nl.          172800  IN      NS      192.168.1.141.koloristik.nl.

;; Query time: 1 msec
;; SERVER: 192.168.1.141#53(192.168.1.141)
;; WHEN: Sat Jan 17 15:12:17 2009
;; MSG SIZE  rcvd: 75

[Bill Brock]

I think your name server should be resolving to a FQDN and not an IP. It probably should be the same name that you are using for your mail server since they appear to be the same machine.

[partner]

thank you for your reply!

changed the /var/lib/named/master/koloristik.nl zone entries to reflect a FQDN in NS i/o IP. Also changed priority from 10 to 5 After the change restarted named and zimbra.

Following the dig results

dig koloristik.nl mx

Code:

; <<>> DiG 9.4.1-P1 <<>> koloristik.nl mx
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60222
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;koloristik.nl.                 IN      MX

;; ANSWER SECTION:
koloristik.nl.          172800  IN      MX      5 mailserv.koloristik.nl.

;; AUTHORITY SECTION:
koloristik.nl.          172800  IN      NS      mailserv.koloristik.nl.

;; ADDITIONAL SECTION:
mailserv.koloristik.nl. 172800  IN      A       192.168.1.141

;; Query time: 1 msec
;; SERVER: 192.168.1.141#53(192.168.1.141)
;; WHEN: Sat Jan 17 17:56:10 2009
;; MSG SIZE  rcvd: 86

dig koloristik.nl a

Code:

; <<>> DiG 9.4.1-P1 <<>> koloristik.nl a
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9587
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;koloristik.nl.                 IN      A

;; ANSWER SECTION:
koloristik.nl.          172800  IN      A       192.168.1.141

;; AUTHORITY SECTION:
koloristik.nl.          172800  IN      NS      mailserv.koloristik.nl.

;; ADDITIONAL SECTION:
mailserv.koloristik.nl. 172800  IN      A       192.168.1.141

;; Query time: 1 msec
;; SERVER: 192.168.1.141#53(192.168.1.141)
;; WHEN: Sat Jan 17 17:55:31 2009
;; MSG SIZE  rcvd: 86

After that still not able to send email to remote domains. I checked DNS settings for mx via MX Lookup Tool and Pingability.com both pass DNS settings although mxt complains about relay and pingab about an email not being answered.

Any further thoughts welcome. Your help is very much appreciated.

-edit- corrected some typos and inserted the code that I omitted -end edit-

[partner]

Hopefully to speed this up below the output of:

host `hostname`

Code:

mailserv.koloristik.nl has address 192.168.1.141

cat /etc/hosts

Code:

192.168.1.141   mailserv.koloristik.nl mailserv
127.0.0.1       localhost

# special IPv6 addresses
::1             localhost ipv6-localhost ipv6-loopback

fe00::0         ipv6-localnet

ff00::0         ipv6-mcastprefix
ff02::1         ipv6-allnodes
ff02::2         ipv6-allrouters
ff02::3         ipv6-allhosts

cat /etc/resolv.conf

Code:

nameserver 192.168.1.141
search mailserv.koloristik.nl

I have checked if my ISP is blocking port 25 via this tool Open Port Check Tool and found that this is not the case

I have cheked if my Ip is blacklisted. It turned out that it is with tiny... because I am on a dynamic IP. The IP listed refers to 127.0.0.2. This was in the /etc/hosts originally. I have deleted this entry but the result remains unchanged. In my humble opinion this is not the issue.

When I try to telnet to my gmail-account using port 25 I get the connection time out.

Strangely enough when I telnet to one of my other hosting accounts which uses smtp on port 26 I can connect without issue. But when sending via zimbra it gets deferred as well.

This brings me to the conclusion that something is blocking port 25 internally. Firewall is off, Apparmour is running. (But in my previous attempts I installed opensuse without it and still had the same problem. I had in one instance installed zimbra and modified smtp to port 26. All results still the same, no outbound mail, all get deferred from a connection time out.

It is driving me up the wall. I have succesfully deployed other instances of Zimbra on opensuse 10.2 but this one on 10.3 is giving me headaches.

Thanks for your time helping me solve it. The winner deserves a cold sixpack on my expense.

[partner]

wel at least I am getting somewhere right now when I try to telnet to a host on port 25 I get an error no route to host, I can however telnet to hosts on port 26 and get talk to their mx

nmap -open localhost tells me that port 25 is open and connected to smtp. the firewall of the router is modified to accept incoming traffic on port 25 and the other ports zimbra needs

maybe I missed something in the split DNS setup

any hints are welcome

[Bill Brock]

Just because that site can hit your port 25 coming back in doesn't mean you can go out on 25. Most ISP will only block outgoing port 25 traffic while port 25 incoming will be open. You need to call your ISP and ask for sure.

[partner]

That sure might be, but the manual for installing the router explains how to setup a server yourself albeit the propose window$ XP Pro or IIS so I take it port 25 outbound is not blocked. I have sent them an email just to make sure.

Meanwhile I have gone through various clean installs and tried different settings installed in different order but got stuck on the same issue.

So I agree it must either be the router/ISP which is blocking the port, or it is my NIC which is not set properly, or OpenSUSE having made some change to the network settings that I am unaware off.

I have tried making changes to postfix in the main.conf using some tips from the postfix main site on how to setup servers behind firewalls and NAT-ed routers, but none had the desired result, all got stuck.

Their are 2 things that stick out:

1. after every boot I have to set the hostname as it is not picked up by itself whilst it should according to the setup.

2. OpenSUSE sysconfig keeps adding 127.0.0.2 to my /etc/hosts file which I have to delete.

Maybe you have some suggestions on how to troubleshoot this any further.

Thank you for your time

[uxbod]

Have you disabled DHCP on your server ?

[partner]

Thank you for your tip but, yes DHCP is disabled on my server