New Install Help

[sdb927]

Hello everyone,

Let me preface the following questions with the knowledge that I am relatively new to Linux systems and core internet mail concepts. I have a heavy MS background and have done a few Exchange installs but that knowledge does not seem to translate well (or be applicable in many cases) in this environment. I have done quite a bit of searching for various messages I'm receiving in these forums as well as on the internet at large and am still stumped. Please accept my apologies in advance if the answers are already out there and I just didn't know what to search for.

The install:
* Unbuntu 6.10 on an AMD system, 2GB RAM, 60GB hard drive
* Latest open source Zimbra for Ubuntu
* This server is behind a firewall and has a private (10.x.x.x) address with an assigned dedicated public IP. I've opened the following incoming ports in the firewall between the public IP and the private IP: 25, 80, 110, 143, 443, 993, 995, 7071, 7110, 7143, 7993, 7995.

I followed posts on this forum and some blogs I found to ultimately get the system running. I can log into the managment console and create accounts. I can log into the accounts via the web front end as well as with IMAP. I can configure POP accounts and "receive" mail by performing the "Get POP Mail" command.

I am unable to send messages. Attempting to send a message to an external e-mail address results in a pop-up message "Message not sent;... Rejected addresses: someone@domain.com". If I send to a local Zimbra account the e-mail sends but shows up in the management console under the Deferred section with a reason of "connection refused". The address being resolved for sending the message is the public IP, not the 10.x.x.x address - while not optimal, I'm not sure why this would result in a refused connection even if it's making a round-trip through the firewall.

My hosts file has only 2 entries (attempts to change are instantaneously reversed, I'm not sure why):
127.0.0.1 localhost
127.0.1.1 myserver.mydomain.com myserver
Where the 2nd entry has my computer's FQDN.

I have 2 DNS resolvers in the resolv.conf file which point to my own DNS servers. They will resolve myserver.mydomain.com to the public IP. They have an MX record which points mail for anything @myserver.mydomain.com to the public IP.

In the Zimbra configuration area I have 1 Server and 1 Domain, both for myserver.mydomain.com. I have tried many different settings in the Server MTA area to no avail. I have also installed bind9 and tried setting up a local zone. I'm no expert at DNS so while these attempts failed to solve the issue it may have been my lack of understanding on how to set it up correctly.

If I understand what "split-DNS" means I don't believe it applies in this case. I want Zimbra to manage all accounts for @myserver.mydomain.com. However, there is different server which manages e-mail for @mydomain.com.

In the system logs the following messages pops up frequently:

Code:

Feb 25 22:11:33 email postfix/trivial-rewrite[11138]: warning: do not list domain myserver.mydomain.com in BOTH mydestination and virtual_mailbox_domains

I have read several threads discussing this but so far have not understood how to resolve it.

Ideally I would like the system to to resolve it's own FDQN to the internal IP and perform DNS lookups for everything else. I'm not sure if I just have DNS screwed up, settings in Zimbra, or both. Any help on MTA, DNS, and server config file settings would be greatly appreciated. If there's any other information I can provide please let me know.

Thanks,
Steve

[phoenix]

Welcome to the forums.

This line:

Code:

127.0.1.1 myserver.mydomain.com myserver

I don't know Ubuntu but that should be the LAN IP of you machine. This page should tell what you need to know to convert your machine to a fixed IP via the command line. Let's get that fixed before we move on.

[sdb927]

Hi Phoenix.

I've modified the line to read:

Code:

10.0.1.20 myserver.mydomain.com myserver

That seems to have stuck (I had tried making other changes like adding lines and they were removed by the system). Pings from the command line now show the local static IP. I'm a little confused on why 127.0.1.1 would have been pingable (it was, but what was responding since I don't know of anything bound to that address, unless all 127. addresses are special?). I also had to restart Zimbra as it lost connection to the logging service and some other strange things were happening.

Nothing else appears to have changed. Messages sent to external e-mail addresses result in the "rejected addreses" popup (can't even send them). Messages sent to local mailboxes get stuck in the deferred section with the following reason:

Code:

connect to myserver.mydomain.com[public IP]: connection refused

For whatever reason it looks like the e-mail system is resolving the local FQDN via external DNS and ignoring the hosts setting.

In case it helps, the Server settings for myserver.mydomain.com are-
General: all form fields empty
Services: all services enabled
MTA:

[x] Enable authentication
[x] TLS authentication only
Web mail MTA hostname: [localhost]
Web mail MTA timeout(s): [60]
Relay MTA for external delivery: []
MTA Trusted networks: []
[x] Enable DNS lookups

(Where [] = empty)

Thanks for taking the time to help with this.

--------
Steve

[phoenix]

OK, next thing is split-DNS. You're behind a NAT device, that's why your domain name can't be resolved back to your Zimbra server - you need to follow the instructions for a local DNS server here. That will allow your server to be available via DNS lookup and get resolved to your LAN IP rather than your public IP.

Let us know how you get on with that.

[sdb927]

Ok, looks like I misunderstood what split-DNS was for Following instructions at the link you provided as well as Ubuntu bind9 setup instructions I have made the following changes:

1. Changed /etc/bind/named.conf.local to look like the following:

Code:

zone "myserver.mydomain.com" {
        type master;
        file "/etc/bind/zones/myserver.mydomain.com.db";
        };

This file is referenced via an include statement in the named.conf file.

2. Added the following to the named.conf.options file:

Code:

forwarders {
   publicDNSserver1IP;
}

3. Created the file /etc/bind/zones/myserver.mydomain.com.db:

Code:

myserver.mydomain.com.  IN      SOA     myserver.mydomain.com. (
// Do not modify the following lines!
                                                        2006081401
                                                        28800
                                                        3600
                                                        604800
                                                        38400
 )

myserver.mydomain.com.  IN      NS      10.0.1.20
myserver.mydomain.com.  IN      MX      10      myserver.mydomain.com.
myserver.mydomain.com   IN      A       10.0.1.20

Note: the Unbuntu documentation had information about a reverse zone file which I skipped since I saw no reverse zone needs in the ZimbraWiki Split-DNS documentation.

4. Restarted bind (/etc/init.d/bind9 restart)

5. Modified the file /etc/resolv.conf to look like:

Code:

search myserver.mydomain.com
nameserver 10.0.1.20
nameserver publicDNSserver1IP
nameserver publicDNSserver2IP

"dig myserver.mydomain.com" now returns (along with a lot of other info) 10.0.1.20. I'm not sure my zone file is set up the best it can be but it was the first combination of settings where dig produced the desired results. I rebooted the server and reverified the results just to be sure.

FYI, still no change on the Zimbra front - sending local messages are resolving myserver.mydomain.com to the public IP.

Thanks again for your continued help.

---------
Steve

[dkarp]

If you restart tomcat, do things start working? Java caches DNS lookups indefinitely by default...

[sdb927]

Did "tomcat stop; tomcat start" and restested - no joy

[sdb927]

Maybe I spoke too soon on the split-DNS working. After doing more examination of the dig results (i've never used dig before) it appears I'm not getting an answer to the DNS query (I see a "question" section, but no "answer" section like I do for other dig queries). I guess this means the DNS settings list above are bad. I'm going to experiment to see if I can figure it out. If anyone can tell off-hand what the problem is and wants to point it out that'd be great too

As always thanks for your help.

----------
Steve

[sdb927]

Found some more specific documentation for split-DNS on Debian/Ubuntu and now dig and nslookup are returning confirmed results. I can now send e-mails between local accounts on the Zimbra box. Thanks phoenix and dkarp for the links and suggestions.

I'm still faced with an inability to send e-mail to external users. I'm guessing it's some simple settings change but it's not jumping out at me. To recap, when I try to send mail to any non-local account I get a pop-up saying:

"Message not sent; one or more addresses were not accepted. Rejected addresses: someone@anotherdomain.com"

I also still see the log messages about "do not list domain myserver.mydomain.com in BOTH mydestination and virtual_mailbox_domains".

I found a thread on the forums here that talks about those 2 issues possibly being linked but I just can't seem to uncover how I change them and what I should change them to.

Again, thanks for all the help.

----------
Steve

[phoenix]

Sorry, I haven't been around to answer your posts. Have a look in the Admin UI under the Server/MTA tab and see if the 'Enable DNS lookups' entry is unchecked - if it is check the box and save the settings. Once you've done that you should be able to send externally as well.