Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Zimbra not sending mail to MX record - A record instead?

  1. #1
    Join Date
    Dec 2005
    Posts
    43
    Rep Power
    10

    Default Zimbra not sending mail to MX record - A record instead?

    I'm having an intermittent problem sending mail out from the zimbra box. When I send an email to a domain, say, matt@mapolce.com (my work account), I get a bounce back:

    This is the Postfix program at host zimbra.mapolce.com.

    I'm sorry to have to inform you that your message could not
    be delivered to one or more recipients. It's attached below.

    For further assistance, please send mail to <postmaster>

    If you do so, please include this problem report. You can
    delete your own text from the attached returned message.



    The Postfix program

    <matt@mapolce.com>: host mapolce.com[12.96.183.122] said: 553 sorry, that
    domain isn't in my list of allowed rcpthosts (#5.7.1) (in reply to RCPT TO
    command)

    But that IP address for mapolce.com is the A record for mapolce.com, not the MX record.

    Why is it looking up the A records for the domains rather than the MX?
    Last edited by yetdog; 03-10-2006 at 06:21 AM.

  2. #2
    Join Date
    Dec 2005
    Posts
    43
    Rep Power
    10

    Default

    Some more info:

    I sent a message from zimbra to two external addresses.

    here's the zimbra log for oen of the external addresses that made is successfully:

    Mar 10 07:41:12 matthew-yettes-ibook-g4-2 postfix/smtp[21069]: 96EA8A05F2: to=<matt@antsmarching.org>, relay=127.0.0.1[127.0.0.1], delay=1, status=sent (250 2.6.0 Ok, id=00383-02, from MTA([127.0.0.1]:10025): 250 Ok: queued as 2F13FA05FD)
    Mar 10 07:41:12 matthew-yettes-ibook-g4-2 postfix/smtp[21069]: 96EA8A05F2: to=<matt@mapolce.com>, relay=127.0.0.1[127.0.0.1], delay=1, status=sent (250 2.6.0 Ok, id=00383-02, from MTA([127.0.0.1]:10025): 250 Ok: queued as 2F13FA05FD)
    Mar 10 07:41:12 matthew-yettes-ibook-g4-2 postfix/qmgr[858]: 96EA8A05F2: removed
    Mar 10 07:41:13 matthew-yettes-ibook-g4-2 postfix/smtp[21072]: 2F13FA05FD: to=<matt@antsmarching.org>, relay=antsmarching.org[216.86.155.7], delay=1, status=sent (250 ok 1141994473 qp 30923)


    Now here's the log for the very same message, but the second address (that bounced with the message above):

    Mar 10 07:41:16 matthew-yettes-ibook-g4-2 postfix/smtp[21073]: 2F13FA05FD: to=<matt@mapolce.com>, relay=mapolce.com[12.96.183.122], delay=4, status=bounced (host mapolce.com[12.96.183.122] said: 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1) (in reply to RCPT TO command))
    Mar 10 07:41:16 matthew-yettes-ibook-g4-2 postfix/cleanup[21067]: 7E20EA05FF: message-id=<20060310124116.7E20EA05FF@zimbra.mapolce.com>
    Mar 10 07:41:16 matthew-yettes-ibook-g4-2 postfix/qmgr[858]: 7E20EA05FF: from=<>, size=2913, nrcpt=1 (queue active)
    Mar 10 07:41:16 matthew-yettes-ibook-g4-2 postfix/qmgr[858]: 2F13FA05FD: removed
    Mar 10 07:41:16 matthew-yettes-ibook-g4-2 postfix/lmtp[21075]: 7E20EA05FF: to=<matt@mapci.com>, relay=zimbra.mapolce.com[127.0.0.1], delay=0, status=sent (250 2.1.5 OK)

    I notice differences in the relay value between both messages, one uses localhost and one tries using the actual A record for the recipient's domain...why the difference?

  3. #3
    Join Date
    Dec 2005
    Posts
    43
    Rep Power
    10

    Default

    Hmm...I turned on DNS lookups (thought I turned it off prior due to problems) and it seems to have solved the problem.

    Does any of this sound familiar?

  4. #4
    Join Date
    Sep 2005
    Posts
    2,103
    Rep Power
    14

    Default

    THat's what postfix does - if DNS is disabled, and no relay host is set up, it looks up the A record of the domain, and sends to that. (It also sends to the A record if DNS is enabled, and no MX record exists)

  5. #5
    Join Date
    Dec 2005
    Posts
    43
    Rep Power
    10

    Default

    Thanks Marc,

    I can't remember what DNS problem caused me to disable it in the first place, but it seems to be working great now!

    Thanks!

    Matt

  6. #6
    Join Date
    Jan 2008
    Location
    Germany
    Posts
    83
    Rep Power
    7

    Default

    Hi There!

    I have had the same problem with the 553 error after upgrading from 4.5.7 to 5.0.0. In fact I had it some months ago too after upgrading between versions, I also started getting "Undelivered Mail Returned to Sender" mails back. I could not find any errors in the logs, only bounce responses from the ISP's mail server resulting in the "Undelivered Mail Returned to Sender" mails.

    Just to round off the picture a bit, I am running the zimbra server on an ADSL line with a static IP and using my ISP's mail server as a smart host (relay server) to send out going mails.

    The Error:

    <name@server.com>: host smtprelay.isp.com[XXX.XXX.XXX.XXX] said: 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1) (in reply to RCPT TO command)

    I recall, as above, at some stage during Troubleshooting turning on and off DNS lookups in the MTA tab in the server administration console, This did not really better anything for me. So I had a close look at what the 553 error message was all about and this is where I found the answer. In my case the second point applied "retrieve (POP) your mail first before sending your messages through SMTP." i.e. you have to authenticate with the smart host before sending mail!!




    The Why:

    The following error will be bounced back to a sender if the email address the sender is trying to send to is not fully activated:

    "Reason: 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)"

    1. The domain name contained in the email address (being sent to) has not fully propagated yet.

    Domain propagation is the process where Internet Service Providers (ISPs) around the world automatically
    update their records (DNS tables) to reflect the new domain or to reflect a change in the hosting provider for the domain name. Once the changes have been made, the domain's website and email services will be activated. Please note that full domain propagation can take between 24-72 hours. To verify when your domain was last updated.

    OR

    2. Your POP mail client is not configured properly. We suggest the following: Use port 587 with SMTP authentication or if using port 25, retrieve (POP) your mail first before sending your messages through SMTP.

    The Fix:
    So I had a look at the wiki article I used back then to configure the smart host checking that /opt/zimbra/conf/relay_password was still correct, I ran the following as in the wiki article to fix the problem:
    postconf -e smtp_sasl_password_maps=hash:/opt/zimbra/conf/relay_password
    postconf -e smtp_sasl_auth_enable=yes
    postconf -e smtp_cname_overrides_servername=no
    postconf -e smtp_sasl_security_options=noanonymous
    postfix reload

    Funny is that there were no auth errors from the smart host at all or other flags that would point one in the direction that authenticate before send was not working....

    I hope this helps someone out there some time.

    Cheers
    Heinzg

  7. #7
    Join Date
    May 2007
    Location
    Oklahoma
    Posts
    703
    Rep Power
    9

    Default MX vs. A record.

    Your MX record should point to a host and that host needs an A record. It needs to be an A record and not a CNAME.

  8. #8
    Join Date
    Jan 2008
    Location
    Germany
    Posts
    83
    Rep Power
    7

    Default

    Like so?

    ;
    ; Addresses and other host information.
    ;
    @ IN SOA mail.host.biz. mail.host.biz. (
    10118 ; Serial
    43200 ; Refresh
    3600 ; Retry
    3600000 ; Expire
    2592000 ) ; Minimum
    ; Define the nameservers and the mail servers
    IN NS 192.168.2.50
    IN A 192.168.2.50
    IN MX 10 mail.host.biz.

    Funny is that this mail servers DNS did not change before or after the upgrade.

  9. #9
    Join Date
    Mar 2006
    Location
    Kansas City
    Posts
    36
    Rep Power
    9

    Default

    I'm going to dig out an older thread, but I'm experiencing a similar issue, in which enabling DNS lookups is not resolving the issue. I continue to receive timeout errors when sending email, and upon investigation the IP it is attempting to send to is actually the A record and not the MX record.

    For example,
    Code:
    May 12 15:56:09 zimbra postfix/smtp[831]: 03C543648A9: to=<mike@savemycoupons.com>, relay=none, delay=508, delays=478/0.02/30/0, dsn=4.4.1, status=deferred (connect to savemycoupons.com[74.205.50.24]: Connection timed out)
    If I perform an nslookup on that same box:
    Code:
    zimbra@zimbra:~/log$ nslookup
    > set type=MX
    > savemycoupons.com
    Server:         192.168.1.39
    Address:        192.168.1.39#53
    
    Non-authoritative answer:
    savemycoupons.com       mail exchanger = 10 mx1.emailsrvr.com.
    savemycoupons.com       mail exchanger = 20 mx2.emailsrvr.com.
    
    Authoritative answers can be found from:
    savemycoupons.com       nameserver = ns.rackspace.com.
    savemycoupons.com       nameserver = ns2.rackspace.com.
    ns.rackspace.com        internet address = 69.20.95.4
    ns2.rackspace.com       internet address = 65.61.188.4
    I've been through the WIKI and the different threads, yet all the suggestions of Split DNS (this is on Ubuntu, thus the Split DNS setup was required) to no avail. I have a reverse DNS record out there, so its not being rejected due to Spam.

    Code:
    zimbra@zimbra:~/log$ host `hostname`
    zimbra.tdpassets.com has address 192.168.1.39

    Thoughts?

  10. #10
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    The problem would appear to be the DNS configuration of the receiving domain. Take a look at this report and not specifically the first box 'Zone Info'. The IP address you're trying to deliver to is their web server. They would appear to have their A record for the domain set incorrectly as it set for the domain name rather than the FQDN of their mail server and, as I mentioned, points to their web server.

    Code:
    dig savemycoupons.com any
    
    ; <<>> DiG 9.4.1-P1 <<>> savemycoupons.com any
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49544
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;savemycoupons.com.             IN      ANY
    
    ;; ANSWER SECTION:
    savemycoupons.com.      85961   IN      A       74.205.50.24
    savemycoupons.com.      85945   IN      MX      20 mx2.emailsrvr.com.
    savemycoupons.com.      85945   IN      MX      10 mx1.emailsrvr.com.
    savemycoupons.com.      85945   IN      NS      ns.rackspace.com.
    savemycoupons.com.      85945   IN      NS      ns2.rackspace.com.
    
    ;; AUTHORITY SECTION:
    savemycoupons.com.      85945   IN      NS      ns2.rackspace.com.
    savemycoupons.com.      85945   IN      NS      ns.rackspace.com.
    
    ;; Query time: 1 msec
    ;; SERVER: 192.168.1.6#53(192.168.1.6)
    ;; WHEN: Tue May 13 07:08:58 2008
    ;; MSG SIZE  rcvd: 174
    Is this the only domain that you're having delivery problems with?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

Similar Threads

  1. Replies: 7
    Last Post: 02-03-2011, 07:01 AM
  2. Replies: 9
    Last Post: 03-01-2008, 08:21 PM
  3. svn version still won't start
    By kinaole in forum Developers
    Replies: 0
    Last Post: 10-04-2006, 07:47 AM
  4. fatal: Queue report unavailable - mail system is down
    By zzzzsg in forum Administrators
    Replies: 16
    Last Post: 08-24-2006, 03:31 AM
  5. Mail logs
    By Rick Baker in forum Installation
    Replies: 8
    Last Post: 01-17-2006, 04:33 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •