Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Sporadic Web Mail Client

  1. #1
    Join Date
    Mar 2009
    Posts
    9
    Rep Power
    6

    Default Sporadic Web Mail Client

    Hi,

    I have done a fair amount of searching and haven't been able to find resolution to my problem. I am running 5.10 and have enabled "redirect" to https so that I can make webmail available externally to my 3 users. The LAN side works great and speedy every time to "problem with this sites security certificate" dialog in IE7. However, when I try to access https://mail.example.com from the internet, sometimes my users go immediately to the same certificate page and sometimes they timeout. The server that zimbra is running on is a dual-homed fanless VIA box with 1GB ram (roughly 100K available with everything running) and 1Ghz cpu that doesn't seem to be cpu bound in all the tests I have run while using top. RHEL 5.2 is installed and the firewall (SEL and iptables) is turned off. I watch connection attempts using tcpdump and see 3 https packets come in before the browser gets a timeout and 8 or 9 when successful. Right after I restart zimbra and sometimes right after I connect through the Lan port on a separate machine I get an almost instanteous connection to zimbra from the internet.

    I downloaded the open source version, I do not have a trial license, I am hosting several different domains, I am the root authority for DNS on DMZ servers and have an edge network LAN dns machine that knows mail.domain.local (zimbra server) but not mail.example.com. I just put mail.example.com in my hosts file pointed to 127 and the dmz port address (192.168..) and that appears to be helping but this is the way it has been; it will work several times in a row I close the browser and come back to it an hour later and then get timeouts. After reading the posts about split DNS I thought I might try the simple approach of using the hosts file since my machine is pretty limited on resources.

    Why is the internet side so sporadic in working instantaneously or timing out all within the amount of time of 5 minutes doing constant trials from the internet. I thought it might be a ethernet cable problem but is not. Is it a license key issue or a DNS issue or ... I completely don't get why it works sometimes and not others (when the machine is taxed and when it is idle). Any ideas to help stabilize would be appreciated.

    Thanks,

    Brian

  2. #2
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

    Default

    Welcome to the forums

    Are you behind a firewall then on a private IP ? If so have you setup a Split DNS - Zimbra :: Wiki architecture ?

    Perhaps you could post the following so that we can check your DNS setup
    Code:
    cat /etc/hosts
    cat /etc/resolv.conf
    dig yourdomain mx
    dig yourdomain any
    host `hostname` <- note backticks and not single quotes
    You would also benefit from additional memory in your server aswell as 1GB is the bare minimum for a Production environment.

  3. #3
    Join Date
    Mar 2009
    Posts
    9
    Rep Power
    6

    Default

    ------ hosts
    127.0.0.1 localhost.domain.local localhost mail
    127.0.0.1 mail.example.org localhost mail
    127.0.0.1 mail.example.net localhost mail
    ::1 localhost.domain.local localhost mail
    10...100 mail.domain.local mail
    192.168..100 mail.domain.local mail
    192.168..100 mail.example.org mail
    192.168..100 mail.example.net mail
    ----- resolve
    nameserver 10...70
    nameserver 68...
    nameserver 68...

    --- dig mx
    ; <<>> DiG 9.3.4-P1 <<>> example.org mx
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1247
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 3

    ;; QUESTION SECTION:
    ;example.org. IN MX

    ;; ANSWER SECTION:
    example.org. 86400 IN MX 10 mail.example.org.

    ;; AUTHORITY SECTION:
    conds. 86400 IN NS landns.domain.local.

    ;; ADDITIONAL SECTION:
    mail.example.org. 86400 IN A 10...100
    landns.domain.local. 86400 IN A 10...70

    ;; Query time: 2 msec
    ;; SERVER: 10...70#53(10...70)
    ;; WHEN: Sun Mar 15 03:57:41 2009
    ;; MSG SIZE rcvd: 220

    -------dig any

    ; <<>> DiG 9.3.4-P1 <<>> example.org any
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18878
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 1, ADDITIONAL: 3

    ;; QUESTION SECTION:
    ;example.org. IN ANY

    ;; ANSWER SECTION:
    example.org. 86400 IN A 10...30
    example.org. 86400 IN NS landns.domain.local.
    example.org. 86400 IN MX 10 mail.example.org.
    example.org. 86400 IN SOA landns.domain.local. admin.domain.local. 2009012701 28800 14400 3600000 86400

    ;; AUTHORITY SECTION:
    example.org. 86400 IN NS landns.domain.local.

    ;; ADDITIONAL SECTION:
    landns.domain.local. 86400 IN A 10...70

    mail.example.org. 86400 IN A 10...100

    ;; Query time: 2 msec
    ;; SERVER: 10...70#53(10...70)
    ;; WHEN: Sun Mar 15 04:07:04 2009
    ;; MSG SIZE rcvd: 389

    --- hostname
    mail.domain.local has address 10...100
    Host mail.domain.local not found: 3(NXDOMAIN)
    Host mail.domain.local not found: 3(NXDOMAIN)

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Your host file is totally wrong, please read the Quick Start Installation Guide for the required format of that file.

    Fix the hosts file and then run the diagnostic commands that Uxbod asked you for earlier the post the full output of those commands including LAN IP addresses so we can check them. Without the full addresses it's impossible to tell if your DNS & hosts file is correct.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    Join Date
    Mar 2009
    Posts
    9
    Rep Power
    6

    Default

    There wasn't a lot of information about the hosts file but hopefully mine is less screwed up than before. I ran zmcertmgr viewdeployedcrt and it referenced mail.domain.local in every case. Also, I do not have proxy running because I had trouble getting the install to complete.

    ----- hosts
    127.0.0.1 localhost.localdomain localhost
    10.14.4.100 mail.domain.local mail
    192.168.14.100 mail.domain.local mail
    10.14.4.70 landns.domain.local

    ----- resolve
    search local
    nameserver 10.14.4.70
    nameserver 68...
    nameserver 68...

    ----- dig mx
    ; <<>> DiG 9.3.4-P1 <<>> example.org mx
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9182
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 3

    ;; QUESTION SECTION:
    ;example.org. IN MX

    ;; ANSWER SECTION:
    example.org. 86400 IN MX 10 mail.example.org.

    ;; AUTHORITY SECTION:
    hx\005\008\248_\005\008mt.com. 86400 IN NS landns.domain.local.

    ;; ADDITIONAL SECTION:
    mail.example.org. 86400 IN A 10.14.4.100
    landns.domain.local. 86400 IN A 10.14.4.70
    landns.domain.local. 86400 IN A 10.14.14.70

    ;; Query time: 3 msec
    ;; SERVER: 10.14.4.70#53(10.14.4.70)
    ;; WHEN: Sun Mar 15 12:04:23 2009
    ;; MSG SIZE rcvd: 229

    ----- dig any
    ; <<>> DiG 9.3.4-P1 <<>> example.org any
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23395
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 1, ADDITIONAL: 3

    ;; QUESTION SECTION:
    ;example.org. IN ANY

    ;; ANSWER SECTION:
    example.org. 86400 IN A 10.14.4.30
    example.org. 86400 IN NS landns.domain.local.
    example.org. 86400 IN MX 10 mail.example.org.
    example.org. 86400 IN SOA landns.domain.local. admin.domain.local. 2009012701 28800 14400 3600000 86400

    ;; AUTHORITY SECTION:
    example.org. 86400 IN NS landns.domain.local.

    ;; ADDITIONAL SECTION:
    landns.domain.local. 86400 IN A 10.14.4.70
    landns.domain.local. 86400 IN A 10.14.14.70
    mail.example.org. 86400 IN A 10.14.4.100

    ;; Query time: 2 msec
    ;; SERVER: 10.14.4.70#53(10.14.4.70)
    ;; WHEN: Sun Mar 15 12:04:49 2009
    ;; MSG SIZE rcvd: 389

    ----- hostname
    mail.domain.local has address 10.14.4.100
    Host mail.domain.local not found: 3(NXDOMAIN)
    Host mail.domain.local not found: 3(NXDOMAIN)

  6. #6
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Your hosts file should contain only this (it is described in the documentation):

    Code:
    127.0.0.1 localhost.localdomain localhost
    10.14.4.100 mail.domain.local mail
    and only this. Your resolv file needs to contain only this:

    Code:
    search domain.local
    nameserver 10.14.4.70
    and for a single install you don't need (nor should you install) the proxy. Your DNS A record should reference this IP address:

    Code:
    mail.example.local. 86400 IN A 10.14.4.100
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  7. #7
    Join Date
    Mar 2009
    Posts
    9
    Rep Power
    6

    Default

    Thank you so much for the help. You are the reason this community is alive and growing. Without reasonable responsiveness I would have given up and gone with another solution. I rarely use these kinds of forums due to previous bad experiences.

    Can I assume that your a record entry "mail.example.local. 86400 IN A 10.14.4.100"
    should be mail.example.org. 86400 IN A 10.14.4.100

    Also, want to make sure it is clear that all internet requests come in to 192.168.14.100 (DMZ) not 10.14.4.100 (edge). 10.14.14.* is the users lan.

    I am still having sporadic connection success and have completed all the reccomendations with the exception of the .local vs. .org above.
    Last edited by ebfjohnson; 03-15-2009 at 07:31 PM. Reason: Still having problem

  8. #8
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by ebfjohnson View Post
    Can I assume that your a record entry "mail.example.local. 86400 IN A 10.14.4.100"
    should be mail.example.org. 86400 IN A 10.14.4.100
    That DNS record should point to the same IP as you have in your hosts file, that's why I changed it to .local.

    Quote Originally Posted by ebfjohnson View Post
    Also, want to make sure it is clear that all internet requests come in to 192.168.14.100 (DMZ) not 10.14.4.100 (edge). 10.14.14.* is the users lan.
    I'm glad you pointed that out, I totally missed it in your first post (mainly because I didn't read it).

    OK, just so I completely understand your set-up. You have a single zimbra server in your DMZ on a 192.168.x.x IP and your users are on the 10.x.x.x subnet - is that correct?

    If that's the case, your hosts file should reflect the 192.168.x.x IP address and the mail.domain.org and your DNS should also reference the domain.org. I'm also assuming that your primary domain on the server is domain.org. Are those assumptions correct and more importantly do they make sense to you?

    Just so your users can send mail (with fat clients), you'll need to add the 10.x.x.x subnet to your ZimbraMtaMyNetworks setting.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  9. #9
    Join Date
    Mar 2009
    Posts
    9
    Rep Power
    6

    Default

    I have 3 networks. 192.168 is my DMZ, 10.14.4 is my edge network, and 10.14.14 is my lan. My zimbra server has 2 ethernet ports 192.168.14.100 and 10.14.4.100. My WAN DNS server(public IP's) has 2 ethernet ports 192.168.14.123 and 10.14.4.123 and my LAN DNS server has 2 ethernet ports 10.14.4.70 and 10.14.14.70. I host 140 different domains that I own, example.org being 1 of them and Zimbra is already setup and working for what nets out to be 5 potential email accounts per user with a large number of email aliases. I am using domain.local as a generic domain name and need have those 5 different email domains working via the https internet client. I will try your changes and report back.

  10. #10
    Join Date
    Mar 2009
    Posts
    9
    Rep Power
    6

    Default

    I made the changes and still the same problem. My hosts file has 2 lines (127 and 192 for mail.domain.local), I added 10.14.14.0/24 (Users LAN) to MtaNetworks (already had 127, 192.168.14, 10.14.4) and my LAN DNS has A records mail.domain.local (10.14.4.100) mail.example.org (192.168.14.100) and mail.aaa.com (192.168.14.100) along with associated NS (10.14.4.70) and MX records (mail.*) and SOA for all three. I will add the other top level domains later.

Similar Threads

  1. Incoming connection problems
    By whiteoakprinting in forum Administrators
    Replies: 4
    Last Post: 11-14-2010, 08:46 PM
  2. Messages not being delivered
    By buee in forum Administrators
    Replies: 53
    Last Post: 10-23-2009, 11:28 AM
  3. Replies: 13
    Last Post: 10-30-2007, 12:41 AM
  4. DynDNS and Zimbra
    By afterwego in forum Installation
    Replies: 30
    Last Post: 04-01-2007, 04:34 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •