Unable to send mail

[jsx]

I am on CentOS (v4) with the latest version of zimbra (installed yesterday).
Install went very smooth - very nice integrated product.

The zimbra tool will allow all users of all domains to receive emails with no problems - either via IMAP or POP.

Any user of any domain that sends email to any other user of any other domain also on the same machine is able to send the emails to those people.

Here is the problem - all email that is targeted for another server is put into the Deferred bucket. Retries until it bounces back to the sender.
I don't know if the problem lies in:
1) DNS problem
2) potential firewall from company I rented server from (this is a dedicated server from godaddy.com) I have asked them if they are blocking port 25 - and they have not responded as of yet
3) CentOS settings
4) zimbra settings

Here is my DNS info:

Code:

file: named.conf:
include "/etc/named-turbopanel.conf";
....
file: named-turbopanel.conf:
zone "js-x.com" {
    type master;
    file "/var/named/forward.js-x.com";
};
....
file: forward.js-x.com:
; zone file for js-x.com
$TTL 86400 ; default TTL for zone
$ORIGIN js-x.com.
@  3600       IN      SOA   ns3.js-x.com. root.js-x.com. (
                        2007052703 ; serial number
                        86400      ; refresh
                        3600       ; retry
                        3600000    ; expire
                        172800     ; negative
                        )
www           IN      A       208.109.162.164
ns3           IN      A       208.109.162.164
mail          IN      A       208.109.162.164
js-x.com.     IN      MX  10  mail.js-x.com.
js-x.com.     IN      TXT     "v=spf1 a mx ptr ~all"
js-x.com.     IN      A       208.109.162.164
asp           IN      A       208.109.162.164
consulting    IN      A       208.109.162.164
contact       IN      A       208.109.162.164
forums        IN      A       208.109.162.164
invoices      IN      A       208.109.162.164
javascript    IN      A       208.109.162.164
mysql         IN      A       208.109.162.164
phprt         IN      A       208.109.162.164
robbs         IN      A       208.109.162.164
shop          IN      A       208.109.162.164
sporum        IN      A       208.109.162.164
164.162.109.208.in-addr.arpa IN      A       208.109.162.164
js-x.com.     IN      NS      ns3
ns5           IN      A       208.109.162.166
lc1988        IN      A       208.109.162.164
js-x.com.     IN      NS      ns5

resolve.conf:

Code:

nameserver 127.0.0.1
#nameserver 216.69.160.1
#nameserver 216.69.160.2
options rotate

etc/hosts:

Code:

#127.0.0.1              ip-208-109-162-164.ip.secureserver.net localhost.secureserver.net localhost.localdomain localhost
127.0.0.1               mail.js-x.com localhost.mail.js-x.com localhost.js-x.com localhost.localdomain localhost
#127.0.0.1 localhost.localdomain localhost
208.109.162.164 js-x.com mail.js-x.com
208.109.162.166 mysql.js-x.com

example error from /var/log/zimbra:

Code:

May 27 11:15:47 ip-208-109-162-164 postfix/qmgr[2285]: 1CBA5384664: to=, orig_to=, relay=none, delay=119, status=deferred (delivery temporarily suspended: connect to mail.mesh.net[208.46.109.34]: Connection timed out)

I've done much searching through the net and this site and found many stories of not able to send email. i've followed the advice and tried many things. this may have resulted in settings in the files that aren't right - but i'm no worse now than when i first noticed the problem.

I have noticed that if I do a telnet to some server (port 25) from this server it will not work:

Code:

# telnet mail.mesh.net 25
Trying 208.46.109.34...
telnet: connect to address 208.46.109.34: No route to host
telnet: Unable to connect to remote host: No route to host

here is from the iptables:

Code:

/sbin/iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

When mail comes in, I can see in the /var/log/messages that it processes it right up until it should deliver it:

Code:

May 27 10:33:55 ip-208-109-162-164 amavis[380]: (00380-02) Checking: x7vahlSwLhlT [127.0.0.1]  -> 
May 27 10:33:55 ip-208-109-162-164 amavis[380]: (00380-02) FWD via SMTP:  -> , BODY=8BITMIME 250 2.6.0 Ok, id=00380-02, from MTA([127.0.0.1]:10025): 250 Ok: queued as C88CF384650
May 27 10:33:55 ip-208-109-162-164 amavis[380]: (00380-02) Passed CLEAN, LOCAL [127.0.0.1] [208.66.144.10]  -> , Message-ID: <200705271034.36431.user@js-x.com>, mail_id: x7vahlSwLhlT, Hits: -2.428, queued_as: C88CF384650, 630 ms

If someone can help me out I would greatly appreciate it.

(note: i did change my email to 'user' above so i don't pick up spam from bots...)

TIA!

[phoenix]

Your hosts file should be in this format:

Code:

127.0.0.1 localhost.localdomain localhost
208.109.162.164 mail.js-x.com mail

where208.109.162.164 is your (public) IP address.

If you are behind a NAT device you will need a local DNS server with correct A & MX records pointing to your Zimbra server. Are you behind NAT? I assume not as your domain name resolves to that IP address and I can connect to a postfix mail server that gives this response:

Code:

220 ip-208-109-162-164.ip.secureserver.net ESMTP Postfix

[jsx]

Thanks for helping.

I am not aware of exactly how godaddy.com sets up their dedicated servers. I've done nothing directly to block traffic (iptables/firewall/nat/...).

I have updated the /etc/hosts file as you indicated.

I agree that my server can receive port 25 traffic:

Code:

telnet mail.js-x.com 25

However on this server, I can not do the same to any other server.
Is it possible to route via a secure channel (standardized alternative port to 25 that might be open)? My presumption is that zimbra sends emails to other servers via port 25. Is this correct? Is there a setting for this where I could have messed it up?

Are there any suggestions on how to make the update? I've previously posted my DNS table - is there something wrong that I need to alter?

Thanks
--Mike

[phoenix]

I forgot to ask if you have DNS lookups enabled in the admin ui. Go to the admin ui at https://yourserver:7071 and in the Global Settings/MTA tab make sure the "Enable DNS lookups" option is checked.

You should also check the SElinux is disabled on the server, is the firewall also disabled on the Zimbra server?

[jsx]

Thanks for the tips.

I have the DNS enabled on both the global and the site MTA tab.

SELINUX is not enabled, and no firewall is running (from iptables -L).
If there is a firewall inside of zimbra I've not noticed where/how to enable, configure or disable that.

I will reboot the server and see if it comes back up in a happier state (perhaps something got mismatched or reconfigured and needs to be restarted...)

-- rebooted --

After it came back up I went into the admin and re-queued one of the emails in the defer bucket. from looking at the /var/log/zimbra messages:

Code:

]: connect to mx01.mesh.net[208.46.109.35]: No route to host (port 25)
...
May 27 14:07:33 ip-208-109-162-164 postfix/smtp[6155]: 51F7C38465A: to=, relay=127.0.0.1[127.0.0.1], delay=45, status=sent (250 2.6.0 Ok, id=04541-01, from MTA([127.0.0.1]:10025): 250 Ok: queued as 8EE0F384659)
May 27 14:07:33 ip-208-109-162-164 postfix/smtp[6159]: connect to mx01.mesh.net[208.46.109.35]: No route to host (port 25)
May 27 14:08:03 ip-208-109-162-164 postfix/smtp[6159]: connect to mx01.mesh.net[208.46.109.37]: Connection timed out (port 25)
May 27 14:08:33 ip-208-109-162-164 postfix/smtp[6159]: connect to mx01.mesh.net[208.46.109.39]: Connection timed out (port 25)
May 27 14:09:03 ip-208-109-162-164 postfix/smtp[6159]: connect to mail.mesh.net[208.46.109.34]: Connection timed out (port 25)
May 27 14:09:03 ip-208-109-162-164 postfix/smtp[6159]: 8EE0F384659: to=, relay=none, delay=90, status=deferred (connect to mail.mesh.net[208.46.109.34]: Connection timed out)

i'll start digging specifics for a firewall inside of zimbra...

[jsx]

godaddy responded, and told me this is their smtp server that all email outgoing must route through:

k2smtpout.secureserver.net

Here is more I found (knowing what to search for is the kicker):
What are the relay mail server settings on my dedicated server? - Help Center—Knowledge Base and FAQ

I went and turned of DNS and set this for the outgoing relay under the MTA tab. The email went out -- I'll just cross my fingers that it didn't go into a huge bit bucket

Thanks for the assistance and to all who helped make this tool what it is!

[mmorse]

no firewall in zimbra btw

why don't you check to confim that you can send email's out via an outside provider?
(gmail, yahoo, hotmail etc)
this is real simple:
10 Minute Mail

[jsx]

Thanks for the closure on zimbra-firewall.

Yes I have validated I can send emails. The entire problem was induced by godaddy's policy to filter all outgoing emails on any of their servers.

This program is a snap to install - Kudos to the developers!

[mmorse]

excellent!

godaddy probably does it for several reasons
-quotas (also prevents setting up a spam machine)
-management
-a simple anti-virus check
-etc