Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Zimbra Cluster - Sender Domain

  1. #1
    Join Date
    Apr 2007
    Location
    WV
    Posts
    49
    Rep Power
    8

    Default Zimbra Cluster - Sender Domain

    I'm assuming that this is a simple fix, but I'm not sure where to make the change: I have 2 servers (mx1 & mx2) that are clustered (mx). Mail is received through mx, but is delivered using the local hostname (mx1 or mx2), which causes quite a few domains to reject connections from us.

    Any ideas?

  2. #2
    Join Date
    Apr 2007
    Location
    WV
    Posts
    49
    Rep Power
    8

    Default

    bump.

    Anyone?

  3. #3
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,322
    Rep Power
    13

    Default

    Is that a Zimbra cluster ?

  4. #4
    Join Date
    Apr 2007
    Location
    WV
    Posts
    49
    Rep Power
    8

    Default

    Yes, that's right.

  5. #5
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,322
    Rep Power
    13

    Default

    My question was not specific enough, sorry.

    It's not a HA cluster, right ?
    It's a multi-server installation with two MTA.

    How is your domain setup on the DNS side ?
    Is there one MX (mx.domain.tld) with RoundRobin or are the two MX set(with same or different weight) ?

  6. #6
    Join Date
    Apr 2007
    Location
    WV
    Posts
    49
    Rep Power
    8

    Default

    No. I am using RHCS, but am running two servers in active/passive mode. I have a single mx record pointing to mx. Whatever server is the active node acts as mx.

    So, if mx1 is the active node, e-mails have mx1 in the headers, if mx2 is active... you get the picture.

    In short, 'mx' only works for inbound, but not outbound.

  7. #7
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,322
    Rep Power
    13

    Default

    With RHCS, you have a "floating" IP going from one server to the other. This IP is the "cluster IP" and is attached to the currently active node.

    AFAIK, this IP is supposed to be the one of mx.domain.tld.

    And your active node (either mx1 or mx2) should never use its own IP/name (mx1 or mx2) to communicate with other servers on the Internet (or elsewhere) but use the mx.domain.tld IP (and name)...

    I've just checked with one customer's cluster (RHCS, two nodes, active/passive) and the headers do not show the node name but the "cluster name" (zimbra.domain.tld while the nodes are zimbra1.domain.tld and zimbra2.domain.tld).

    Where I am lost/wrong in this?
    Last edited by Klug; 08-17-2007 at 10:53 AM.

  8. #8
    Join Date
    Apr 2007
    Location
    WV
    Posts
    49
    Rep Power
    8

    Default

    No, you're not lost. That is my setup.

    When I initially installed, I was getting a ton of bounces/rejections because the connection to the outside domain (let's say 'gmail.com') was being rejected due to the ip of the connecting server did not have a valid DNS entry outside our firewall, mainly because it was using our masquerade address (the default for all outbound connections that don't have a 1-to-1 NAT).

    So, I added a static NAT and created DNS entries for both of the servers. That clear up a lot, but now I have a few residual e-mails that are being refused. I can only assume it's because the sending server is not the same as the MX record.

    So, here is what I have for DNS as an example:

    INTERNAL
    IN MX 10 mx.domain.com.
    mx IN A 10.xxx.22.10
    mx1 IN A 10.xxx.22.11
    mx2 IN A 10.xxx.22.12

    ; <<>> DiG 9.2.1 <<>> mx domain.com
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30663
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

    ;; QUESTION SECTION:
    ;domain.com. IN MX

    ;; ANSWER SECTION:
    domain.com. 400 IN MX 10 mx.domain.com.

    ;; AUTHORITY SECTION:
    domain.com. 400 IN NS news.domain.com.

    ;; ADDITIONAL SECTION:
    mx.domain.com. 400 IN A 10.xxx.22.10
    ns.domain.com. 400 IN A 10.xxx.22.20

    ;; Query time: 1 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Fri Aug 17 13:16:41 2007
    ;; MSG SIZE rcvd: 103
    EXTERNAL
    IN MX 10 mx.domain.com.
    mx IN A xxx.xxx.56.10
    mx1 IN A xxx.xxx.56.11
    mx2 IN A xxx.xxx.56.12

    ; <<>> DiG 9.3.4 <<>> mx domain.com
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27957
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

    ;; QUESTION SECTION:
    ;domain.com. IN MX

    ;; ANSWER SECTION:
    domain.com. 40 IN MX 10 mx.domain.com.

    ;; AUTHORITY SECTION:
    domain.com. 40 IN NS ns1.domain.com.
    domain.com. 40 IN NS ns2.domain.com.

    ;; ADDITIONAL SECTION:
    mx.domain.com. 40 IN A xxx.xxx.56.10
    ns1.domain.com. 40 IN A xxx.xxx.56.5
    ns2.domain.com. 40 IN A xxx.xxx.56.66

    ;; Query time: 24 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Fri Aug 17 13:15:35 2007
    ;; MSG SIZE rcvd: 136
    I figure it must be something I have configured wrong with DNS. I don't know what should be different.

  9. #9
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,322
    Rep Power
    13

    Default

    DNS looks OK : mx1 and mx2 are not known from the outside.

    Are you sure you have "mx1.domain.tld" or "mx2.domain.tld" appearing in the headers of your emails sent to the outside ?

  10. #10
    Join Date
    Apr 2007
    Location
    WV
    Posts
    49
    Rep Power
    8

    Default

    Here's what I see:

    Aug 17 13:32:37 mx1 postfix/smtp[15535]: 0C0C51D78033: to=<bernadette.s@xxxxxx.com>, relay=none, delay=51737, status=deferred (connect to webmail.xxxxxx.com[65.215.37.210]: Connection refused)
    Aug 17 13:32:37 mx1 postfix/smtp[15535]: 0C0C51D78033: to=<carolyn.k@xxxxxxx.com>, relay=none, delay=51737, status=deferred (connect to webmail.xxxxxxx.com[65.215.37.210]: Connection refused)

    Aug 17 13:32:37 mx1 postfix/smtp[14653]: connect to xxxxxxx.org[208.73.212.12]: Connection refused (port 25)
    Aug 17 13:32:37 mx1 postfix/smtp[14653]: B6DC51D78141: to=<claire1@xxxxxxx.org>, relay=none, delay=51736, status=deferred (connect to missoula.lib.mt.org[208.73.212.12]: Connection refused)
    I could have sworn that I saw something before about sender domain mis-match, but can't find it now.

    If I manually attempt a connection to any of the domains, I get the same refusal, so it's not something in the HELO.

    PS: and I am sorry if my thoughts seem disjointed. I was here for 15 hours yesterday trying to resolve another issue. I could use: 1) a beer, 2) a steak dinner, 3) a good night's sleep.

Similar Threads

  1. upgrade woes -made into new thread
    By JustinHarlow in forum Installation
    Replies: 18
    Last Post: 06-08-2007, 01:11 PM
  2. Replies: 8
    Last Post: 02-27-2007, 04:10 AM
  3. huge log size
    By rmvg in forum Administrators
    Replies: 5
    Last Post: 01-02-2007, 10:39 AM
  4. svn version still won't start
    By kinaole in forum Developers
    Replies: 0
    Last Post: 10-04-2006, 07:47 AM
  5. port 7071 not listening OS X install
    By leeimber in forum Installation
    Replies: 7
    Last Post: 03-21-2006, 10:47 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •