I need help - New Install

[provider1]

Hi,


I've tried to install Zimbra in a VM on the DMZ side, and I assume that all ports are opened at the zone. So, what I'm going to ask here probably was discussed before, and I've seen all the docs on the Zimbra Wiki Forum but I just couldn't get it working correctly.

The question is: Is somebody out there that may could help me setting up this server? Here is the architecture of my network:

Lets assume that is on DMZ side

HOST: mail.example.com
IP: 192.168.90.25 (Internal IP - NOT NAT)

Firewall

192.168.0.254 ---------> Internal LAN
192.168.90.254 -------> DMZ
200.000.000.2 ---------> PUBLIC IP

Since the firewall its not NATing any ports, I assume that is no restriction here about communication with another servers.

My hosts file:

127.0.0.1 localhost.localdomain localhost
192.168.90.25 mail.absolutaconsultoriagv.com.br policarpo
200.000.000.00 mail.absolutaconsultoriagv.com.br policarpo


My named.conf.options file:

options {
directory "/var/cache/bind";

// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See US-CERT Vulnerability Note VU#800113

query-source address * port 53;

// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.

forwarders {
my-ISP-DNS-IP; my-ISP-DNS-IP;
};

auth-nxdomain no; # conform to RFC1035
};



My resolv.conf file:

search example.com

nameserver my-ISP-DNS-IP
nameserver my-ISP-DNS-IP



My named.conf file:

// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";

// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
type master;
file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";



My named.conf.local file

//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

zone "example.com" {
type master;
file "/etc/bind/db.example.com";
};



My db.example.com file:

; BIND data file for mydomain.com
;
$TTL 604800
@ IN SOA mail.example.com. admin.example.com. (
070725 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS mail
IN MX 10 mail
IN A 192.168.90.25
mail IN A 192.168.90.25



After all this, I get the message when I tried to send any messages (outside):

"Connect to f.mx.mail.yahoo.com.br[IP]:25 - Reason: Network is unreachable"


If I can get any help, I'll be grateful !..

Thanks in advance.

[phoenix]

Quote:

Originally Posted by provider1

Since the firewall its not NATing any ports, I assume that is no restriction here about communication with another servers.

My hosts file:

127.0.0.1 localhost.localdomain localhost
192.168.90.25 mail.absolutaconsultoriagv.com.br policarpo
200.000.000.00 mail.absolutaconsultoriagv.com.br policarpo

This is incorrect, it should look like this (I assume that your firewall has the public IP?):

Code:

127.0.0.1       localhost.localdomain   localhost
192.168.90.25   mail.absolutaconsultoriagv.com.br mail

[uxbod]

The resolv.conf should not have your ISP DNS is there neither; you should point to your own DNS for which you have defined forwarders anyway.

[provider1]

I just don't get it. Let me see if I understand right.

I've configured everything in the way all docs shows.....And still getting nowhere...

One thing is: When I go to "Mail Queue" tab, it shows the message:

ID Recipients Sender Origin IP Origin Host
C*** user@yahoo.com.br user@example.com 127.0.0.1 localhost.localdomain


On the above, its supposed to be on Origin host and IP, my Public and real hostname, It shouldn't?

Oh, by the way, thanks for the quickly reply.......

[phoenix]

Quote:

Originally Posted by provider1

I just don't get it. Let me see if I understand right.

I've configured everything in the way all docs shows.....And still getting nowhere...

That's not quite correct, you need to modify the hosts file as I've shown it above and you need to have a resolv.conf that points to your LAN DNS server not any other DNS server. Do that and see how you get on, if you still have problems then look in the log files for any errors.

[provider1]

My problem I think could be the Debian Lenny.......its resolv.conf points to itself, and still getting the errors.....

/var/log/zimbra.log


Feb 27 22:00:33 policarpo postfix/smtp[19229]: connect to d.mx.mail.yahoo.com[209.191.88.254]:25: Network is unreachable
Feb 27 22:00:33 policarpo postfix/smtp[19229]: connect to c.mx.mail.yahoo.com[206.190.54.127]:25: Network is unreachable
Feb 27 22:00:33 policarpo postfix/smtp[19229]: connect to f.mx.mail.yahoo.com[98.137.54.237]:25: Network is unreachable
Feb 27 22:00:33 policarpo postfix/smtp[19229]: connect to a.mx.mail.yahoo.com[67.195.168.31]:25: Network is unreachable
Feb 27 22:00:33 policarpo postfix/smtp[19229]: connect to b.mx.mail.yahoo.com[74.6.136.65]:25: Network is unreachable
Feb 27 22:00:34 policarpo postfix/smtp[19229]: C627216252C: to=, relay=none, delay=0.18, delays=0.02/0.04/0.11/0, dsn=4.4.1, status=deferred
(connect to b.mx.mail.yahoo.com[74.6.136.65]:25: Network is unreachable)

[provider1]

I've heard somewhere that Bind must be allowed to resolv outside its self (box)....any ideas?

[phoenix]

Quote:

Originally Posted by provider1

I've heard somewhere that Bind must be allowed to resolv outside its self (box)....any ideas?

For a split DNS, you can have forwarders set in there to external DNS servers but you must not have any other DNS server in the resolv.conf.

[provider1]

Hi Bill,

I still getting nowhere......I may not knowing how to configure DNS on the rigth way.....

I think I may give up the project, because its really getting my nervs...

As far as I know, my problem could be the DNS configuration........but I really can't afford to get this working properly without any direct advice......I'm not kind of new on the linux systems, but never had setup a properly DNS system before....if there is any other docs I could check to make this project working, I would be glad to hear from.....All docs that I've checked before still not getting me anywhere......

[provider1]

Hi Bill,

If there is a chance to give you access to my server, could you check my confs??