| Welcome to the Zimbra :: Forums! | |
Welcome, if you would like to post a comment please register.
We also encourage you to explore all things Zimbra with our team and members of the community.
|
 | | 
03-15-2009, 02:38 AM
| | |  Sporadic Web Mail Client
Hi,
I have done a fair amount of searching and haven't been able to find resolution to my problem. I am running 5.10 and have enabled "redirect" to https so that I can make webmail available externally to my 3 users. The LAN side works great and speedy every time to "problem with this sites security certificate" dialog in IE7. However, when I try to access https://mail.example.com from the internet, sometimes my users go immediately to the same certificate page and sometimes they timeout. The server that zimbra is running on is a dual-homed fanless VIA box with 1GB ram (roughly 100K available with everything running) and 1Ghz cpu that doesn't seem to be cpu bound in all the tests I have run while using top. RHEL 5.2 is installed and the firewall (SEL and iptables) is turned off. I watch connection attempts using tcpdump and see 3 https packets come in before the browser gets a timeout and 8 or 9 when successful. Right after I restart zimbra and sometimes right after I connect through the Lan port on a separate machine I get an almost instanteous connection to zimbra from the internet.
I downloaded the open source version, I do not have a trial license, I am hosting several different domains, I am the root authority for DNS on DMZ servers and have an edge network LAN dns machine that knows mail.domain.local (zimbra server) but not mail.example.com. I just put mail.example.com in my hosts file pointed to 127 and the dmz port address (192.168..) and that appears to be helping but this is the way it has been; it will work several times in a row I close the browser and come back to it an hour later and then get timeouts. After reading the posts about split DNS I thought I might try the simple approach of using the hosts file since my machine is pretty limited on resources.
Why is the internet side so sporadic in working instantaneously or timing out all within the amount of time of 5 minutes doing constant trials from the internet. I thought it might be a ethernet cable problem but is not. Is it a license key issue or a DNS issue or ... I completely don't get why it works sometimes and not others (when the machine is taxed and when it is idle). Any ideas to help stabilize would be appreciated.
Thanks,
Brian  |
03-15-2009, 02:54 AM
| | |
Welcome to the forums 
Are you behind a firewall then on a private IP ? If so have you setup a Split DNS - Zimbra :: Wiki architecture ?
Perhaps you could post the following so that we can check your DNS setup Code: cat /etc/hosts
cat /etc/resolv.conf
dig yourdomain mx
dig yourdomain any
host `hostname` <- note backticks and not single quotes You would also benefit from additional memory in your server aswell as 1GB is the bare minimum for a Production environment.
__________________  |
03-15-2009, 04:18 AM
| | |
------ hosts
127.0.0.1 localhost.domain.local localhost mail
127.0.0.1 mail.example.org localhost mail
127.0.0.1 mail.example.net localhost mail
::1 localhost.domain.local localhost mail
10...100 mail.domain.local mail
192.168..100 mail.domain.local mail
192.168..100 mail.example.org mail
192.168..100 mail.example.net mail
----- resolve
nameserver 10...70
nameserver 68...
nameserver 68...
--- dig mx
; <<>> DiG 9.3.4-P1 <<>> example.org mx
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1247
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 3
;; QUESTION SECTION:
;example.org. IN MX
;; ANSWER SECTION:
example.org. 86400 IN MX 10 mail.example.org.
;; AUTHORITY SECTION:
conds. 86400 IN NS landns.domain.local.
;; ADDITIONAL SECTION:
mail.example.org. 86400 IN A 10...100
landns.domain.local. 86400 IN A 10...70
;; Query time: 2 msec
;; SERVER: 10...70#53(10...70)
;; WHEN: Sun Mar 15 03:57:41 2009
;; MSG SIZE rcvd: 220
-------dig any
; <<>> DiG 9.3.4-P1 <<>> example.org any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18878
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 1, ADDITIONAL: 3
;; QUESTION SECTION:
;example.org. IN ANY
;; ANSWER SECTION:
example.org. 86400 IN A 10...30
example.org. 86400 IN NS landns.domain.local.
example.org. 86400 IN MX 10 mail.example.org.
example.org. 86400 IN SOA landns.domain.local. admin.domain.local. 2009012701 28800 14400 3600000 86400
;; AUTHORITY SECTION:
example.org. 86400 IN NS landns.domain.local.
;; ADDITIONAL SECTION:
landns.domain.local. 86400 IN A 10...70
mail.example.org. 86400 IN A 10...100
;; Query time: 2 msec
;; SERVER: 10...70#53(10...70)
;; WHEN: Sun Mar 15 04:07:04 2009
;; MSG SIZE rcvd: 389
--- hostname
mail.domain.local has address 10...100
Host mail.domain.local not found: 3(NXDOMAIN)
Host mail.domain.local not found: 3(NXDOMAIN) |
03-15-2009, 06:15 AM
| | Zimbra Consultant & Moderator | |
Posts: 20,316
| |
Your host file is totally wrong, please read the Quick Start Installation Guide for the required format of that file.
Fix the hosts file and then run the diagnostic commands that Uxbod asked you for earlier the post the full output of those commands including LAN IP addresses so we can check them. Without the full addresses it's impossible to tell if your DNS & hosts file is correct.
__________________
Regards
Bill
|
03-15-2009, 12:11 PM
| | |
There wasn't a lot of information about the hosts file but hopefully mine is less screwed up than before. I ran zmcertmgr viewdeployedcrt and it referenced mail.domain.local in every case. Also, I do not have proxy running because I had trouble getting the install to complete.
----- hosts
127.0.0.1 localhost.localdomain localhost
10.14.4.100 mail.domain.local mail
192.168.14.100 mail.domain.local mail
10.14.4.70 landns.domain.local
----- resolve
search local
nameserver 10.14.4.70
nameserver 68...
nameserver 68...
----- dig mx
; <<>> DiG 9.3.4-P1 <<>> example.org mx
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9182
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 3
;; QUESTION SECTION:
;example.org. IN MX
;; ANSWER SECTION:
example.org. 86400 IN MX 10 mail.example.org.
;; AUTHORITY SECTION:
hx\005\008\248_\005\008mt.com. 86400 IN NS landns.domain.local.
;; ADDITIONAL SECTION:
mail.example.org. 86400 IN A 10.14.4.100
landns.domain.local. 86400 IN A 10.14.4.70
landns.domain.local. 86400 IN A 10.14.14.70
;; Query time: 3 msec
;; SERVER: 10.14.4.70#53(10.14.4.70)
;; WHEN: Sun Mar 15 12:04:23 2009
;; MSG SIZE rcvd: 229
----- dig any
; <<>> DiG 9.3.4-P1 <<>> example.org any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23395
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 1, ADDITIONAL: 3
;; QUESTION SECTION:
;example.org. IN ANY
;; ANSWER SECTION:
example.org. 86400 IN A 10.14.4.30
example.org. 86400 IN NS landns.domain.local.
example.org. 86400 IN MX 10 mail.example.org.
example.org. 86400 IN SOA landns.domain.local. admin.domain.local. 2009012701 28800 14400 3600000 86400
;; AUTHORITY SECTION:
example.org. 86400 IN NS landns.domain.local.
;; ADDITIONAL SECTION:
landns.domain.local. 86400 IN A 10.14.4.70
landns.domain.local. 86400 IN A 10.14.14.70
mail.example.org. 86400 IN A 10.14.4.100
;; Query time: 2 msec
;; SERVER: 10.14.4.70#53(10.14.4.70)
;; WHEN: Sun Mar 15 12:04:49 2009
;; MSG SIZE rcvd: 389
----- hostname
mail.domain.local has address 10.14.4.100
Host mail.domain.local not found: 3(NXDOMAIN)
Host mail.domain.local not found: 3(NXDOMAIN) |
03-15-2009, 01:23 PM
| | Zimbra Consultant & Moderator | |
Posts: 20,316
| |
Your hosts file should contain only this (it is described in the documentation): Code: 127.0.0.1 localhost.localdomain localhost
10.14.4.100 mail.domain.local mail and only this. Your resolv file needs to contain only this: Code: search domain.local
nameserver 10.14.4.70 and for a single install you don't need (nor should you install) the proxy. Your DNS A record should reference this IP address: Code: mail.example.local. 86400 IN A 10.14.4.100
__________________
Regards
Bill
|
03-15-2009, 02:00 PM
| | |
Thank you so much for the help. You are the reason this community is alive and growing. Without reasonable responsiveness I would have given up and gone with another solution. I rarely use these kinds of forums due to previous bad experiences.
Can I assume that your a record entry "mail.example.local. 86400 IN A 10.14.4.100"
should be mail.example.org. 86400 IN A 10.14.4.100
Also, want to make sure it is clear that all internet requests come in to 192.168.14.100 (DMZ) not 10.14.4.100 (edge). 10.14.14.* is the users lan.
I am still having sporadic connection success and have completed all the reccomendations with the exception of the .local vs. .org above.
Last edited by ebfjohnson; 03-15-2009 at 06:31 PM..
Reason: Still having problem
|
03-16-2009, 12:51 AM
| | Zimbra Consultant & Moderator | |
Posts: 20,316
| |
Quote:
Originally Posted by ebfjohnson  Can I assume that your a record entry "mail.example.local. 86400 IN A 10.14.4.100"
should be mail.example.org. 86400 IN A 10.14.4.100 | That DNS record should point to the same IP as you have in your hosts file, that's why I changed it to .local. Quote:
Originally Posted by ebfjohnson Also, want to make sure it is clear that all internet requests come in to 192.168.14.100 (DMZ) not 10.14.4.100 (edge). 10.14.14.* is the users lan. | I'm glad you pointed that out, I totally missed it in your first post (mainly because I didn't read it). 
OK, just so I completely understand your set-up. You have a single zimbra server in your DMZ on a 192.168.x.x IP and your users are on the 10.x.x.x subnet - is that correct?
If that's the case, your hosts file should reflect the 192.168.x.x IP address and the mail.domain.org and your DNS should also reference the domain.org. I'm also assuming that your primary domain on the server is domain.org. Are those assumptions correct and more importantly do they make sense to you?
Just so your users can send mail (with fat clients), you'll need to add the 10.x.x.x subnet to your ZimbraMtaMyNetworks setting.
__________________
Regards
Bill
|
03-16-2009, 06:48 AM
| | |
I have 3 networks. 192.168 is my DMZ, 10.14.4 is my edge network, and 10.14.14 is my lan. My zimbra server has 2 ethernet ports 192.168.14.100 and 10.14.4.100. My WAN DNS server(public IP's) has 2 ethernet ports 192.168.14.123 and 10.14.4.123 and my LAN DNS server has 2 ethernet ports 10.14.4.70 and 10.14.14.70. I host 140 different domains that I own, example.org being 1 of them and Zimbra is already setup and working for what nets out to be 5 potential email accounts per user with a large number of email aliases. I am using domain.local as a generic domain name and need have those 5 different email domains working via the https internet client. I will try your changes and report back. |
03-16-2009, 08:43 AM
| | |
I made the changes and still the same problem. My hosts file has 2 lines (127 and 192 for mail.domain.local), I added 10.14.14.0/24 (Users LAN) to MtaNetworks (already had 127, 192.168.14, 10.14.4) and my LAN DNS has A records mail.domain.local (10.14.4.100) mail.example.org (192.168.14.100) and mail.aaa.com (192.168.14.100) along with associated NS (10.14.4.70) and MX records (mail.*) and SOA for all three. I will add the other top level domains later. | | Thread Tools | Search this Thread | | | | | Display Modes |  Linear Mode | | Why Join? Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.   |
Bugzilla
Wiki
Source
