[SOLVED] Mail out good. Mail in routing problem

[kjurkic]

Hi again Bill

here is the resolv.conf
------------------------
root@zimbra:~# cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 10.0.0.1
nameserver 192.75.26.15
nameserver 142.22.250.77
search bms.bc.ca
------------------------------------

[kjurkic]

PS, Did you or a mod tidy up my posting sequence? I think I may have cross-posted

tia
Ken

[phoenix]

Well, staff need access from around the world (lotta travellers here) and I am not sure how to re-bake my firewall/router to accept the traffic to my DNS correct public IP....

The sequence is that your external DNS points to your public IP address, the firewall passes the relevant ports to the LAN IP of your Zimbra server and your internal DNS server points it's records to the internal IP of the server.

The only ports you should need for your users to connect from outside the LAN would be port 25 (normal SMTP traffic), Submission port 587 (if they use clients such as Thunderbird, ZD etc.), port 443 for web UI access (using HTTPS) and port 993 for IMAPS.

[kjurkic]

Hi Bill

I had problem with port forwarding my F/W (Untangle, spent hours reading at their forums to try to solve - no joy, and many others have same problem with no clear guidelines from the devloper) so the Zimbra server is going to live at the public IP.

FWIW I am now running Turnkey linux/Zimbra to get this trialed. They have an ISO that installs fast & easy into a virtualbox VM. Much easier that the normal install routine of building server & running Zimbra install. One caveat, most linux install allow you to set the server name during this install, but for some reason this install does not include that.

I am back up with a clean-sheet install, and just need to get this puppy sending & receiving email using my registered domain. The server defaults to calling itself mail.example.com, and I cannot amend this using the Zimbra admin console, so I am guessing I need to edit /etc/hosts directly?

If I am not a total dunder-head, my hosts file shoud read

127.0.0.1 localhost
142.25.56.5 mail.catchmusic.ca

thanks
Ken

[kjurkic]

Ok, here is my latest configuration dump
------------------------------------------
root@mail:~# cat /etc/hosts
127.0.0.1 localhost mail.catchmusic.ca
127.0.1.1 mail.catchmusic.ca

#Required for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
142.25.56.5 mail.catchmusic.ca
root@mail:~# dig catchmusic.ca any

; <<>> DiG 9.4.2-P2 <<>> catchmusic.ca any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2534
;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 6, ADDITIONAL: 7

;; QUESTION SECTION:
;catchmusic.ca. IN ANY

;; ANSWER SECTION:
catchmusic.ca. 10131 IN MX 5 mail.catchmusic.ca.
catchmusic.ca. 9845 IN NS remote2.easydns.com.
catchmusic.ca. 9845 IN NS ns1.easydns.com.
catchmusic.ca. 9845 IN NS remote1.easydns.com.
catchmusic.ca. 9845 IN NS ns6.easydns.net.
catchmusic.ca. 9845 IN NS ns2.easydns.com.
catchmusic.ca. 9845 IN NS ns3.easydns.org.

;; AUTHORITY SECTION:
catchmusic.ca. 9845 IN NS ns3.easydns.org.
catchmusic.ca. 9845 IN NS remote2.easydns.com.
catchmusic.ca. 9845 IN NS ns1.easydns.com.
catchmusic.ca. 9845 IN NS remote1.easydns.com.
catchmusic.ca. 9845 IN NS ns6.easydns.net.
catchmusic.ca. 9845 IN NS ns2.easydns.com.

;; ADDITIONAL SECTION:
mail.catchmusic.ca. 9845 IN A 142.25.56.5
ns6.easydns.net. 20814 IN A 205.234.220.146
ns2.easydns.com. 118570 IN A 72.52.2.1
ns3.easydns.org. 53 IN A 209.200.177.4
remote2.easydns.com. 118570 IN A 209.200.141.4
ns1.easydns.com. 45291 IN A 66.225.199.10
remote1.easydns.com. 110734 IN A 209.200.131.4

;; Query time: 23 msec
;; SERVER: 192.75.26.15#53(192.75.26.15)
;; WHEN: Thu Dec 3 05:01:59 2009
;; MSG SIZE rcvd: 397

root@mail:~# dig catchmusic.ca mx

; <<>> DiG 9.4.2-P2 <<>> catchmusic.ca mx
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34568
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 6, ADDITIONAL: 7

;; QUESTION SECTION:
;catchmusic.ca. IN MX

;; ANSWER SECTION:
catchmusic.ca. 10125 IN MX 5 mail.catchmusic.ca.

;; AUTHORITY SECTION:
catchmusic.ca. 9839 IN NS ns2.easydns.com.
catchmusic.ca. 9839 IN NS ns3.easydns.org.
catchmusic.ca. 9839 IN NS remote2.easydns.com.
catchmusic.ca. 9839 IN NS ns1.easydns.com.
catchmusic.ca. 9839 IN NS remote1.easydns.com.
catchmusic.ca. 9839 IN NS ns6.easydns.net.

;; ADDITIONAL SECTION:
mail.catchmusic.ca. 9839 IN A 142.25.56.5
ns6.easydns.net. 20808 IN A 205.234.220.146
ns2.easydns.com. 118564 IN A 72.52.2.1
ns3.easydns.org. 47 IN A 209.200.177.4
remote2.easydns.com. 118564 IN A 209.200.141.4
ns1.easydns.com. 45285 IN A 66.225.199.10
remote1.easydns.com. 110728 IN A 209.200.131.4

;; Query time: 25 msec
;; SERVER: 192.75.26.15#53(192.75.26.15)
;; WHEN: Thu Dec 3 05:02:05 2009
;; MSG SIZE rcvd: 313

root@mail:~# host `hostname`
mail.catchmusic.ca A 142.25.56.5
root@mail:~# cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 192.75.26.15
nameserver 142.22.250.77
nameserver 142.32.100.115
root@mail:~#

[phoenix]

Your hosts file should read as follows:

Code:

127.0.0.1 localhost.localdomain localhost
142.25.56.5 mail.catchmusic.ca mail

[kjurkic]

hmmm

new really odd behaviour after making the changes

I set the hosts fiel as you stated above, reboot the server (I know I probably didn't have to...) and from the server console. it all looks good, and I can ssh into the server using either IP or FQDN, but NONE of the web pages are responding...can't get Zimbra admin, can't get user login, http or https...??????

Keep getting page load errors connection refused.

regards
Ken

[phoenix]

Keep getting page load errors connection refused

That usually indicates a filrewall or SElinux problem. Are you trying from the LAN or from an external address? Are all the Zimbra services running? What does the following show:

Code:

zmcontrol status

What happens if you try to telnet to port 25, 443, 80 on the server, any response?

[kjurkic]

hmmm curiouser & curiouser

I tried zmcontrol status but received "comamnd not found"

It seems the Turnkey appliance doesn't like change from example.com..
now the slapd is acting up


"Failed to start slapd. Attempting debug start to determine error.
daemon: getaddrinfo() failed: Name or service not known"

If I just leave the default setup of mail.example.com as default, and do the catchmusic.ca as a virtual domain, can this be made to work? I was getting annoyed because while I could send out, when I tried to send In to my Zimbra, I kept getting the bounce back with example.com as bad host.

I may have to ditch this preconfigged appliance; shame as it was so fast to set & reset if I strayed to far into bad configurations...

I will try a couple & things & get back

thanks very much for your time here

best regards
Ken

[kjurkic]

Hi Bill

Just wanted to thank you once more for the help on this. It turns out that the fault was not with Zimbra CS or the hosts file.

I was using a Turnkey Linux ZCS appliance to get this practice on, and it seems the most recent version slipped out the door with a configuration glitch. They have a CLI script that is supposed to allow you to enter one command and it would make all the hosts/mysql/zimbra/web/ldap/admin password changes needed, but a couple of lines of code got missed in the script. There is a walk-through on this at the Turnkey community forum. I had further complications from my recent ubuntu 9.04 desktop install that loses its network connect at random (shades of XP!!) so I was chasing missing web services that were in fact a bad NIC (s/w or h/w- dunno)

If there are any other lost souls here who are trying to get the TK appliance
working, you could maybe pass this along.

TK forums post here:
zimbra-conf fails with ERROR: account.AUTH_FAILED (Solved) | TurnKey Linux Virtual Appliance Library

Thanks again, I really appreciate that you took the time to help; is there some way I can return the favor?

best regards
Ken