I have a weird problem with my zimbra setup that I hope some of you can help me with. I have a zimbra community ed 6.0.7 on Centos5.3 with 200+ users running on our internal network. I'm using an astaro 7 firewall and use that as internal dns that resolves the mailserver internally. External connection is routed with DNAT thru a virtual interface on the firewall.

The problem is: some days, some clients get shut out from IMAP with SSL enabled. It's like the client don't resolve the IP of the mailserver, it just sits there. This happens with random clients both internally and outside the firewall but only wireless (wifi or 3g/edge). On the failing client machine I can ping the hostname and it resolves fine and if I just change the client to connect without ssl, the client app resolves and connects without problems. If I telnet directly to the mailserver with internal ip and port 993, it says "trying 192.168.1.xx..." If I reboot the client machine the problem is still there. After a few minutes or hours, the problem is gone...

It's not consistent but it always happens like mid-day with either iPhones or mail clients connected over wireless links when there are like 50-100+ active users. I have not seen this happening at evenings/nights when there are fewer clients.

I first suspected the firewall to be the problem, so I have switched on and off all possible things like iptables, intrusion detection, tcp/udp flood etc. but the problem still comes back randomly...

I now suspect there might be some network/switch/wireless thingy going on, but I have no idea how to troubleshoot. I also suspect there might be something up with network kernel settings on the mailserver itself...

Do any of you have any idea what could be going on? Any help appreciated. Where do I start looking for any clues? We mostly use OS X with mail.app and iPhones, but some clients are windows with thunderbird or outlook. wireless ap's is apple airport extreme...

--thomas