Page 3 of 3 FirstFirst 123
Results 21 to 26 of 26

Thread: No incoming mail from outside

  1. #21
    Mistoffeles is offline Senior Member
    Join Date
    Oct 2007
    Posts
    70
    Rep Power
    7

    Default

    Fine then, let's go back to basics:

    Can you ping the mail server from the outside world?

    Can you connect with a pop/smtp client to send/receive email, rather than using the webmail client?

    Because it sounds to me as if either your DNS or your firewall, most likely the latter, is eating the mail because as you say there are no bounces.

    Perhaps you could use wireshark installed in various places through your network to monitor port 25. I would be looking on both sides of your 5505, and then right up against the Zimbra server, to see the differences in traffic at the three locations. If nothing is making it to the server, you know where to make your changes (or at least have your search narrowed down to something outside the Zimbra server, depending on how complex and extensive your network is).

    Edit: You could also try working around port 25, depending on how your ISP is set up. I have one server that accepts smtp from 25 or 2525 due to TELUS' habit of completely blocking port 25 on parts of their network.

    Quote Originally Posted by borngunners View Post
    That was what i thought, but I have all the necessary ports forwarded to the public ip. I went as far as just opening the server to all ip. I am still in doubt as to whether the firewall might be responsible for this or the zimbra configuration with the MTA, etc.
    Sometimes opening it up is not enough, you have to do both: DMZ the server and explicitly forward the required ports. I have had this happen on numerous firewalls and routers from various manufacturers (imageStream, Cisco, SonicWall, D-Link, for various applications, not just Zimbra). In which case make sure you have configured IPTables impeccably to protect your Zimbra server without compromising its functionality.
    Last edited by Mistoffeles; 07-27-2009 at 11:40 AM.
    - Misty

  2. #22
    borngunners is offline Advanced Member
    Join Date
    Jun 2009
    Posts
    195
    Rep Power
    5

    Default

    Now. It is obvious no one can ping to my servers from the outside because I set it not to receive any pings from the outside. I tried setting up pop/smtp client to send/receive email and having trouble completing the setup. It send successfully, but keeps asking for a password when receiving. Any time I enter the same password, it does not go further. I have addedd port 2525 on the firewall to receive emails and I also added it in the master.cf.in file:

    # Postfix master process configuration file. For details on the format
    # of the file, see the Postfix master(5) manual page.
    #
    # ================================================== ========================
    # service type private unpriv chroot wakeup maxproc command + args
    # (yes) (yes) (yes) (never) (100)
    # ================================================== ========================
    smtp inet n - n - - smtpd
    2525 inet n - n - - smtpd
    #submission inet n - n - - smtpd
    # -o smtpd_etrn_restrictions=reject
    # -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
    465 inet n - n - - smtpd
    -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
    submission inet n - n - - smtpd
    -o smtpd_etrn_restrictions=reject
    -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
    #628 inet n - n - - qmqpd
    pickup fifo n - n 60 1 pickup
    cleanup unix n - n - 0 cleanup
    qmgr fifo n - n 300 1 qmgr
    #qmgr fifo n - n 300 1 oqmgr
    tlsmgr unix - - n 1000? 1 tlsmgr
    rewrite unix - - n - - trivial-rewrite
    bounce unix - - n - 0 bounce
    defer unix - - n - 0 bounce
    trace unix - - n - 0 bounce
    verify unix - - n - 1 verify
    flush unix n - n 1000? 0 flush
    proxymap unix - - n - - proxymap
    smtp unix - - n - - smtp
    # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
    relay unix - - n - - smtp
    -o fallback_relay=
    # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
    showq unix n - n - - showq
    error unix - - n - - error
    discard unix - - n - - discard
    local unix - n n - - local
    virtual unix - n n - - virtual
    lmtp unix - - n - - lmtp
    anvil unix - - n - 1 anvil
    scache unix - - n - 1 scache
    %%uncomment LOCALostfix_enable_smtpd_policyd%%policy unix - n n - 0 spawn
    %%uncomment LOCALostfix_enable_smtpd_policyd%% user=zimbra argv=/usr/bin/perl /opt/zimbra/libexec/zmpostfixpolicyd

  3. #23
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    The easiest set of tests would be to telnet to port 25 on your Zimbra server, you could try the following:

    a) on the zimbra server telnet to localhost, fqdn & the public ip.

    b) from another machine on your LAN telnet to the zimbra fqdn, lan IP and the public IP address.

    c) from outside your network telnet to the fqdn & the public IP.

    If you don't receive a valid connection that should give you an idea where the problem is located.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  4. #24
    borngunners is offline Advanced Member
    Join Date
    Jun 2009
    Posts
    195
    Rep Power
    5

    Default

    Quote Originally Posted by phoenix View Post
    The easiest set of tests would be to telnet to port 25 on your Zimbra server, you could try the following:

    a) on the zimbra server telnet to localhost, fqdn & the public ip.

    b) from another machine on your LAN telnet to the zimbra fqdn, lan IP and the public IP address.

    c) from outside your network telnet to the fqdn & the public IP.

    If you don't receive a valid connection that should give you an idea where the problem is located.
    thanks Bill for your suggestions. I have tested all that you suggested and the results are as follows:

    A) I can telnet on both local and fqdn, but not public
    B) I cannot telnet on neither of them
    C) I can only telnet on public ip and not fqdn

    Thanks again

  5. #25
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    Quote Originally Posted by borngunners View Post
    thanks Bill for your suggestions. I have tested all that you suggested and the results are as follows:

    A) I can telnet on both local and fqdn, but not public
    B) I cannot telnet on neither of them
    C) I can only telnet on public ip and not fqdn
    OK, let me start this by saying I know nothing about your Cisco device and my comments would be as follows:

    a) I would expect those results as not many routers actually support 'loopback' for the public IP - does the Cisco? The FQDN result appears to show your DNS is OK, I'd be horrified if you couldn't get to localhost.

    b) I had three items in there, I would expect you to be able to do the LAN IP & FQDN but not the public as per my comments above about loopback.

    c) That would indicate that you have an external DNS problem.

    When you telnet to the server I guess you got a valid 220 response from Zimbra with the server FQDN?

    If your Cisco device does support 'loopback' then I would guess you don't have it set-up correctly, Is Zimbra just on a normal LAN IP or is it in a DMZ?

    Are you running the DNS server on your Zimbra server? Uxbod mentioned earlier that your MX record wasn't being returned, although you posted the config files it's difficult to confirm if they're correct as you've obfuscated the files - they do look OK so I don't know what could be wrong with them.

    Final questions, do you have external DNS records set-up on public DNS servers? Could you send me your domain name & public IP via PM so I can check them? Is there any other firewall and/or SElinux/AppArmor in your LAN or on the Zimbra server?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  6. #26
    borngunners is offline Advanced Member
    Join Date
    Jun 2009
    Posts
    195
    Rep Power
    5

    Default

    When you telnet to the server I guess you got a valid 220 response from Zimbra with the server FQDN?

    The answer to this question is yes:
    ~$ telnet 192.168.xxx.xx 25
    Trying 192.168.xxx.xx...
    Connected to 192.168.xxx.xx.
    Escape character is '^]'.
    220 mail.test.zimbra.com ESMTP Postfix

    *note* I am just using the above fqdn name as an example

    If your Cisco device does support 'loopback' then I would guess you don't have it set-up correctly, Is Zimbra just on a normal LAN IP or is it in a DMZ?

    Zimbra is on a Lan IP (Private IP). No DMZ is setup for zimbra on the firewall

    Are you running the DNS server on your Zimbra server?
    Yes I am running a Split DNS on the zimbra server just for zimbra seperated from the windows 2003 server, which is the "test.zimbra.com" domain. It is located on a seperate subnet from the public address of the zimbra server.

    The question about the MX record, I follow exactly the instructions in the Wiki document. And if anything, what could be a reason for it not to return?

    Final questions, do you have external DNS records set-up on public DNS servers? Could you send me your domain name & public IP via PM so I can check them? Is there any other firewall and/or SElinux/AppArmor in your LAN or on the Zimbra server?

    Yes I have external DNS records setup on public DNS servers. But which external DNS records are you refering to, the zimbra or the windows 2003 server? Also, yes I will send my domain name and public ip via pm.

    Finally, I made sure that I disabled ufw, apparmor/selinux, etc before starting the zimbra installation and made sure that I checked it even after installing that neither of them are enabled. I have been on this for quite some time now.

    Thanks Bill

Page 3 of 3 FirstFirst 123

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 7
    Last Post: 02-03-2011, 07:01 AM
  2. Replies: 30
    Last Post: 01-13-2009, 08:00 AM
  3. Migration Assistance
    By dwill in forum Administrators
    Replies: 10
    Last Post: 12-02-2008, 08:20 AM
  4. [SOLVED] Mailserver down when send file attach of 50Mb
    By ZMilton in forum Administrators
    Replies: 20
    Last Post: 04-10-2008, 11:44 AM
  5. fresh install down may be due to tomcat
    By gon in forum Installation
    Replies: 10
    Last Post: 07-25-2007, 08:09 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •