Zcs 5.0.13_GA Moved IP Address

[gspearson]

When I installed 5.0.13_GA I used a live routable IP Address so I could understand and learn about this wonderful solution I learned about while working for H & R Block who uses it for email and I wanted to jump on this bandwagon. Once I had it installed and working without any problems and moved over some email accounts and showed them how to use it I left it run for approx 2 months without any issues.

Now since I received my new Hardware Firewall device, I changed the IP Address of this server from a routable ip address to an internal ip address. With the help of google I was able to get the server back up and running most of the way since this change. I am able to receive inbound email without any issues.

My issue at the present time is when sending out email from this machine, I am able to telnet external.mail.server 25 and receive a helo prompt for most email messages. On some of them like gmail.com I get a message about connection timed out port 25. I have not checked other commercial mail servers just the ones that have a deferred state in the system.


Any Ideas?

[uxbod]

Welcome to the forums

As you are now on a private IP you will need to set up a Wiki :: Split DNS architecture and ensure that it has a MX and A record for your server and domain.

[gspearson]

In my origional message, I am not having any problems with email from an outside source sending messages to the mailbox. On the console of the server the external domain name of zimbra.yourcfpro.com resolves to the Internal IP Address of the machine.

This issue is that sending mail out to google will produce a Connection Time Out that was never an issue before the IP Change. I can connect to other mail servers just trying to understand why I am not able to connect to this one.

[uxbod]

Is the MX for the account your trying to send email to being looked up correctly ? Is your router dumping connections for some reason ?

[gspearson]

The domain I am having issues sending mail to which worked before I put the zimbra server behind a router/vpn/firewall is gmail.com. From the server console when I perform dig mail.com I get the following output:

; <<>> DiG 9.3.4-P1 <<>> gmail.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32304
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;gmail.com. IN A

;; ANSWER SECTION:
gmail.com. 25 IN A 209.85.171.83
gmail.com. 25 IN A 74.125.79.83
gmail.com. 25 IN A 64.233.161.83

;; Query time: 22 msec
;; SERVER: 172.27.15.254#53(172.27.15.254)
;; WHEN: Sun Apr 5 19:48:33 2009
;; MSG SIZE rcvd: 75

Which when I try to send an email these are the three IP Addresses that it tries to connect to. Now if I do another dig gmail.com mx here is the output I am getting:

; <<>> DiG 9.3.4-P1 <<>> gmail.com mx
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15794
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 5

;; QUESTION SECTION:
;gmail.com. IN MX

;; ANSWER SECTION:
gmail.com. 2064 IN MX 20 alt2.gmail-smtp-in.l.google.com.
gmail.com. 2064 IN MX 30 alt3.gmail-smtp-in.l.google.com.
gmail.com. 2064 IN MX 40 alt4.gmail-smtp-in.l.google.com.
gmail.com. 2064 IN MX 5 gmail-smtp-in.l.google.com.
gmail.com. 2064 IN MX 10 alt1.gmail-smtp-in.l.google.com.

;; ADDITIONAL SECTION:
alt3.gmail-smtp-in.l.google.com. 81 IN A 209.85.220.64
alt4.gmail-smtp-in.l.google.com. 178 IN A 74.125.45.114
gmail-smtp-in.l.google.com. 89 IN A 209.85.133.27
alt1.gmail-smtp-in.l.google.com. 166 IN A 216.239.59.27
alt2.gmail-smtp-in.l.google.com. 222 IN A 209.85.135.114

;; Query time: 23 msec
;; SERVER: 172.27.15.254#53(172.27.15.254)
;; WHEN: Sun Apr 5 19:49:21 2009
;; MSG SIZE rcvd: 230


From the console I am able to telnet to these mx records on port 25. In my thinking since nothing has changed on the server with the exception of the IP Address, why would a user have been able to send email to a gmail.com account before and not now.

[phoenix]

It would be an helpful to look in the log files and see what errors you're getting.

[molahs]

Hi gspearson,
Were you able to resolve your problem?
i am having the exact same issue, and it seems the responders aren't grasping the problem itself.

When Zimbra is trying to resolve the MX record under the mentioned conditions, it resolves to the A record and NOT to the MX record.

Any help is appreciated.
Amir

[phoenix]

Quote:

Originally Posted by molahs

Hi gspearson,
Were you able to resolve your problem?
i am having the exact same issue, and it seems the responders aren't grasping the problem itself.

Yes, the 'responders' do grasp the problem.

Quote:

Originally Posted by molahs

When Zimbra is trying to resolve the MX record under the mentioned conditions, it resolves to the A record and NOT to the MX record.

The problem is there's been no response from the o/p and you've provided no information about what error you're seeing in the zimbra log files nor any diagnostic information about your DNS nor whether you have a valid hosts file. Do you have a Split DNS set-up as mentioned earlier? Are you behind a Firewall or NAT router?

Lack of information in your post will almost certainly guarantee a lack of response to your question.

[molahs]

Hi Bill.
No offense intended in 'responders'

We've managed to fix our specific problem, but I'm still struggling to understand the logic.

Our zimbra installation is behind a firewall.
The MX record for the domain is not the zimbra server but rather a spamfiltering device.
under global settings, MTA i entered the Inbound SMTP host name.
When "enable DNS lookups" was disabled zimbra would try to send email to the ip address of the A record for the target domains. ie gmail, hotmail etc.

Example: trying to email xxxxx@gmail.com, zimbra will resolve the MX record to an ip address of: 74.125.127.100, while what it should have done is resolve it to 209.85.221.52 or one of the other 3 mx records.

if we look at outgoing email only for example, this isn't an expected behavior. at least not with other email suites I used before.

I resolved our specific issue, by setting up "false" dns entries in an internal DNS server (split dns?) that will allow zimbra to resolve the MX record for it's own domain to the local private ip, and then enabling DNS lookups under the MTA.

My biggest question though is: why would zimbra resolve the MX records incorrectly, when the DNS lookup under MTA was off?

Thx
Amir