Results 1 to 8 of 8

Thread: imap-proxy and Split DNS problem

  1. #1
    Join Date
    Nov 2008
    Location
    US
    Posts
    21
    Rep Power
    7

    Default imap-proxy and Split DNS problem

    Hello,

    Seeing an issue with imap-proxy in a Split DNS setup.

    Server A: Master LDAP/MTA/mailstore
    Server B: LDAP replica/MTA/mailstore/proxy

    B is behind firewall, configured with Split DNS. Server A sees B at external IP xx.xx.xx.1 and B seems its IP as 192.168.1.xx. DNS is configured correctly. No, really.

    Client connecting to B with mailbox on B (so, to itself) sometimes works and sometimes fails. When it fails, nginx.log on B shows:

    [error] 28730#0: *55 recv() failed (110: Connection timed out) while reading response from upstream, client: 192.168.1.xx, server: 0.0.0.0:993, login: "test_user@domain", upstream: xx.xx.xxx.1:7143, [192.168.1.xx:52223-192.168.1.xx:993] <=> [192.168.1.xx:53649-0.0.0.0:0]

    Setting client to hit port 7993 (direct to imaps) works correctly.

    Why is B trying to proxy to its external IP? I verified via tcpdump that it is trying (and failing).

  2. #2
    Join Date
    Nov 2008
    Location
    US
    Posts
    21
    Rep Power
    7

    Default

    I believe the problem is DNS resolution is happening at the wrong point, one of the services is doing a lookup on A when the query source is on B.

    Setting server A to NOT be a "reverse proxy target" fixes the issue of server B seeing B's external address.

    Issue: adding proxy to server A, now that server will try to proxy to B's internal IP.

    Any suggestions which piece is doing the wrong thing (resolving hostnames)?

  3. #3
    Join Date
    Feb 2009
    Location
    The Netherlands
    Posts
    33
    Rep Power
    6

    Default

    As a temporary solution, try adding the hostnames to /etc/hosts. See if that helps, otherwise (probably off-topic) post your /etc/resolv.conf and perhaps the DNS config.

  4. #4
    Join Date
    Nov 2008
    Location
    US
    Posts
    21
    Rep Power
    7

    Default

    No, already tried that.

    DNS resolution is correct. /etc/hosts is correct.

    My guess is whatever is handling "reverse proxy target" lookup is resolving the hostname and returning an IP address instead of returning a hostname.

    So, a call for "where is user X mailbox" get's 123.123.123.123:993 instead of serverB:993.

  5. #5
    Join Date
    Feb 2009
    Location
    The Netherlands
    Posts
    33
    Rep Power
    6

    Default

    What do you get when you execute:

    zimbra:~$ zmlocalconfig | grep 123.123.123.123

    ?

  6. #6
    Join Date
    Nov 2008
    Location
    US
    Posts
    21
    Rep Power
    7

    Default

    Nothing, for either the external, internal or server A IP address, on either server.

    'zmprov gs' for either server doesn't have any IPs either other than zimbraMtaMyNetworks.

  7. #7
    Join Date
    Feb 2009
    Location
    The Netherlands
    Posts
    33
    Rep Power
    6

    Default

    Sorry, I'm a bit out of inspiration... :-(

  8. #8
    Join Date
    Nov 2008
    Location
    US
    Posts
    21
    Rep Power
    7

    Default

    I understand, was hoping someone with more insight into the internals could address what I'm talking about.

    This issue combined with zimbra-proxy not supporting TLS puts me in a bind.

Similar Threads

  1. How to set up Zimbra Proxy
    By JetteroHeller in forum Administrators
    Replies: 1
    Last Post: 05-16-2008, 12:27 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •