Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: [SOLVED] Connecting Zimbra to the outside world...

  1. #1
    mclark2112 is offline Member
    Join Date
    Jul 2009
    Posts
    12
    Rep Power
    6

    Default [SOLVED] Connecting Zimbra to the outside world...

    Please have mercy on me, I am new to running Linux on my own box. I have run some dedicated servers, but never had to mess with the DNS side, as the hosting company always took care of that.


    First my install:

    My Network domain is mydomain.com (mydomain is fake, but the .com part is real (not my design))

    Windows 2000 network, 2000 machine handling DNS, all static DHCP is not running

    We have an internal 10.x.x.x ip scheme, which I set up on the Zimbra server.

    The zimbra server is called mailhost.mydomain.com

    The mail sever is running great, everything works, I can pop and IMAP to my heart's delight. I set up an alias so that http://webmail/ points to the web client, and it works fine. Internally that is.
    Now I want to try the next step. I want to connect to the outside world with my Zimbra mail. We have a dedicated connection (Comcast) to the internet that is firwalled (SonicWall) and we were given 5 external IPs.

    My question is this, should I have used one of those IPs to setup my Zimbra box? Or can I somehow route the external IP to my internal IP, maybe with the SonicWall?

    Also, our external domain name is slightly different than our internal domain name, will that matter, or does the MX record take care of that, since it is all IP driven?

  2. #2
    rsw686 is offline Active Member
    Join Date
    Feb 2009
    Posts
    41
    Rep Power
    6

    Default

    You need to setup NAT translation on the SonicWall to forward the appropriate ports to your Zimbra box. Setup a A record in the DNS for your domain for mail and smtp to point to your external zimbra IP. Then create an MX record that points to smtp.yourdomain.com

  3. #3
    mclark2112 is offline Member
    Join Date
    Jul 2009
    Posts
    12
    Rep Power
    6

    Default

    Thanks for the super quick response!!!

    You need to setup NAT translation on the SonicWall to forward the appropriate ports to your Zimbra box.
    This would be for all the Zimbra ports? 22,25,80, etc? I can have that done (I don't control the Sonicwall).

    Setup a A record in the DNS for your domain for mail and smtp to point to your external zimbra IP.
    This would be done on my 2000 DNS, not bind or anything on the Zimbra box, correct?


    Then create an MX record that points to smtp.yourdomain.com
    yourdomain.com being the external web domain that we have, not our internal 2000 domain. Should I have named my Zimbra box this domain name? Does it even matter?

  4. #4
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,582
    Rep Power
    57

    Default

    You need to forward port 25 through the firewall and whichever port you're using for the Web UI and for submitting mail (submission port) from external mail clients (Thunderbird/Outlook etc.). I'd suggest you use 443 (https mode) for the Web UI and port 587 for the submission port.

    You will need DNS A & MX records for your external domain name and DNS A & MX records pointing to your LAN IP inside the LAN using whichever DNS server you like.

    I usually recommend naming your internal domain the same as your external domain, it generally saves any confusion for email addresses and server names.
    Last edited by phoenix; 07-15-2009 at 06:53 AM.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    rsw686 is offline Active Member
    Join Date
    Feb 2009
    Posts
    41
    Rep Power
    6

    Default

    Like phoenix was saying you need to setup split DNS.

    When somebody goes to mail.yourdomain.com or smtp.yourdomain.com it queries DNS and returns the IP address associated with the record. When a mail server wants to send email to your domain it looks up the MX record which points to the A record for your mail server.

    Externally clients need to see your external IP. On your external DNS create the A and MX records.

    Internally you want your clients to use the internal IP of your mail server. In your 2000 DNS create the same A and MX records but point them to your internal IP. A number of corporate firewalls don't support NAT reflection so if you go to your external IP internally nothing will happen. Even if it does work it places an extra load on the firewall and increased latency.

  6. #6
    mclark2112 is offline Member
    Join Date
    Jul 2009
    Posts
    12
    Rep Power
    6

    Default

    How does Zimbra send to the outside world? Does Zimbra have to know how to get out of my network? Or is the opening of the ports good enough.

    I do have the internal A and MX records setup and internal mail works great.

    And the SPlit DNS is setup on the Zimbra Box as per the wiki? Which I didn't fully understand, but I will read it again...

  7. #7
    rsw686 is offline Active Member
    Join Date
    Feb 2009
    Posts
    41
    Rep Power
    6

    Default

    Zimbra gets out just like any other computer on your network does. The only thing you need to keep in mind is what NAT pool it is going out of. On the Sonicwall you want it to make connections from the same external IP it is accepting connections from. That way your reverse DNS will match. Reverse DNS records are setup by your ISP.

    In short externally nslookup externalip should match the nslookup yourdomain.com.

    Split DNS is just a term. You setup DNS on your 2000 DNS server and whatever DNS server you use for your external domain.

  8. #8
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,582
    Rep Power
    57

    Default

    Quote Originally Posted by mclark2112 View Post
    How does Zimbra send to the outside world? Does Zimbra have to know how to get out of my network? Or is the opening of the ports good enough.
    You shouldn't need to do anything, just try sending an email to an external account (if you have a gmail or yahoo account try sending to them).

    Quote Originally Posted by mclark2112 View Post
    I do have the internal A and MX records setup and internal mail works great.
    That's good.

    Quote Originally Posted by mclark2112 View Post
    And the SPlit DNS is setup on the Zimbra Box as per the wiki? Which I didn't fully understand, but I will read it again...
    You can check your DNS with the following commands (run on the zimbra server):

    Code:
    cat /etc/hosts
    cat /etc/resolv.conf
    dig yourdomain.com mx
    dig yourdomain.com any
    host `hostname` <-- use that exact command with backticks not single quotes
    Post the output in this thread if you want it checked.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  9. #9
    mclark2112 is offline Member
    Join Date
    Jul 2009
    Posts
    12
    Rep Power
    6

    Default

    OK it is comng together. Sorry I am so backwards on all of this. I just sent an email out to my gmail account and it worked, cool.

    So next step is with the ISP and the consultant that leases us the sonicwall. Life is gonna be good.

    BY the way, I love the Zimbra server, it rocks. The Admin is very straight forward, and the web client is second to none. I only have about 75 users right now, so this will be the perfect solution for our company.

    Thanks for all the help.

  10. #10
    dwmtractor's Avatar
    dwmtractor is offline Moderator
    Join Date
    Jul 2007
    Location
    San Jose, CA
    Posts
    1,027
    Rep Power
    10

    Default

    Quote Originally Posted by mclark2112 View Post
    How does Zimbra send to the outside world? Does Zimbra have to know how to get out of my network? Or is the opening of the ports good enough.

    I do have the internal A and MX records setup and internal mail works great.

    And the SPlit DNS is setup on the Zimbra Box as per the wiki? Which I didn't fully understand, but I will read it again...
    This is an issue that confuses a lot of people. Some day when I have time I really need to write a new "SplitDNS for Dummies" article for the Wiki, because the current one assumes far more knowledge than it should (please understand I'm not calling you a "dummy" here, I get it).

    Basically, you have half of what you need already, in that your Windows 2000 internal DNS is clearly giving the internal network the information it needs, or your Zimbra installation would have crashed & burned already. But those of us on the outside who send mail to you, never see your Windows 2000 DNS. We see an external DNS--whether you host it or whether your ISP or DynDNS or other provider does--that points our queries of yourdomain.com to the public IP address which you haven't yet set up, but which will DNAT to your internal Zimbra IP. It's this public DNS that needs to have A and MX (and preferably PTR and RDNS) records set up so that we can send you mail.

    I would underline what Phoenix just said that you really want the same domain both places; if people "out here" were to see that your outgoing email comes from a different domain than the one we send to (which would be the case if public and private domains are different), then many spam filters would reject the message.

    Likewise, have whoever configures your Sonicwall set up a SNAT rule for outgoing traffic from your Zimbra box; otherwise, the outgoing traffic will use the existing generic NAT rule, and sent mail will come from a different source IP than the one that shows up on a reverse DNS lookup (which would show the mail server's public IP). That, too, will get you into spam folders. . .or blacklists.
    Cheers,

    Dan

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 8
    Last Post: 01-12-2012, 02:20 AM
  2. Replies: 8
    Last Post: 01-20-2009, 01:06 PM
  3. Replies: 12
    Last Post: 02-25-2008, 07:28 PM
  4. zmperditionctl start asking for password
    By k7sle in forum Administrators
    Replies: 32
    Last Post: 02-20-2008, 11:13 AM
  5. Replies: 22
    Last Post: 12-02-2007, 05:05 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •