Results 1 to 9 of 9

Thread: [SOLVED] Not receiving external mail

  1. #1
    Join Date
    Oct 2008
    Posts
    31
    Rep Power
    6

    Default [SOLVED] Not receiving external mail

    New install...internal mail works ok, but I'm not getting any external messages. I can send externally ok. I have read through a lot of similar problems, as well as Wiki articles but have not yet been able to resolve my problem.

    My server is on a private network behind an Astaro Security Gateway which is configured to forward port 25 to the mail server.

    My domain is hosted on an ISP. I have set the mx record for domain.org to mail.domain.org. The A record for mail.domain.org is set to the public IP on my firewall.

    Here is some config info:

    cat /etc/hosts
    Code:
    127.0.0.1	localhost.localdomain	localhost
    192.168.232.7	mail.domain.org	mail
    
    # The following lines are desirable for IPv6 capable hosts
    ::1     ip6-localhost ip6-loopback
    fe00::0 ip6-localnet
    ff00::0 ip6-mcastprefix
    ff02::1 ip6-allnodes
    ff02::2 ip6-allrouters
    ff02::3 ip6-allhosts
    cat /etc/resolv.conf
    Code:
    search domain.org
    nameserver 192.168.232.7
    dig domain.org mx
    Code:
    ; <<>> DiG 9.4.2-P2 <<>> domain.org mx
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13898
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
    
    ;; QUESTION SECTION:
    ;domain.org.		IN	MX
    
    ;; ANSWER SECTION:
    domain.org.	604800	IN	MX	10 mail.domain.org.
    
    ;; AUTHORITY SECTION:
    domain.org.	604800	IN	NS	mail.domain.org.
    
    ;; ADDITIONAL SECTION:
    mail.domain.org.	604800	IN	A	192.168.232.7
    
    ;; Query time: 0 msec
    ;; SERVER: 192.168.232.7#53(192.168.232.7)
    ;; WHEN: Thu Jul 30 16:25:17 2009
    ;; MSG SIZE  rcvd: 86
    dig domain.org any
    Code:
    ; <<>> DiG 9.4.2-P2 <<>> domain.org any
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45704
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; QUESTION SECTION:
    ;domain.org.		IN	ANY
    
    ;; ANSWER SECTION:
    domain.org.	604800	IN	SOA	mail.domain.org. admin.domain.org. 90731 604800 86400 2419200 604800
    domain.org.	604800	IN	NS	mail.domain.org.
    domain.org.	604800	IN	MX	10 mail.domain.org.
    domain.org.	604800	IN	A	192.168.232.7
    
    ;; ADDITIONAL SECTION:
    mail.domain.org.	604800	IN	A	192.168.232.7
    
    ;; Query time: 0 msec
    ;; SERVER: 192.168.232.7#53(192.168.232.7)
    ;; WHEN: Thu Jul 30 16:28:18 2009
    ;; MSG SIZE  rcvd: 144
    hostname `host`
    Code:
    mail.domain.org has address 192.168.232.7
    Thanks!

  2. #2
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Code:
    host `hostname`
    What happens if you telnet to port 25 from outside the firewall to your server ?
    Code:
    su - zimbra
    zmcontrol -v
    zmcontrol status
    Do you see any email connections in /var/log/zimbra.log from external ?

  3. #3
    Join Date
    Jun 2009
    Posts
    195
    Rep Power
    6

    Default Having the same problem

    I will like a follow-up on the solution of this problem, because I am having exactly the same problem with basically the almost the same setup. Forwarded port 25 and all necessary ports to the public ip of my zimbra server. I am unable to telnet the fqdn and the public ip on port 25 from outside. I am able to access webmail from outside using the fqdn. There must be something some where stoping us from receiveing email from the outside. I thought it was my firewall, but after being able to telnet something else from outside and block it there after, I am beginning to suspect that it is zimbra. Especially with a second person complaining it now.

  4. #4
    Join Date
    Oct 2008
    Posts
    31
    Rep Power
    6

    Default

    Actually, host `hostname` is actually posted above, I just typed it wrong in my post.

    I tried connecting my DSL line directly to the Zimbra box and configured the public IP on it. Once I did that, my external mail came through, so it appears to be a firewall issue in my case. The ASG has an SMTP proxy that I am trying to go through. I am going to contact Astaro about it and see if we can figure out why the configuration isn't working.

    Any tips on what the firewall config should look like with an SMTP proxy?
    Last edited by infosyst; 07-31-2009 at 11:17 AM. Reason: can't spell :P

  5. #5
    Join Date
    Jun 2009
    Posts
    195
    Rep Power
    6

    Default

    In other words, you are using the public ip on the zimbra box now instead of the private ip configuration on the box?

  6. #6
    Join Date
    Oct 2008
    Posts
    31
    Rep Power
    6

    Default

    Quote Originally Posted by borngunners View Post
    In other words, you are using the public ip on the zimbra box now instead of the private ip configuration on the box?
    Yes, I setup the second interface on my Zimbra server with the public IP, but just as a test. I still need to get it working through my firewall for added security and so that I can use the firewalls built-in AS/AV filtering.

  7. #7
    Join Date
    Oct 2008
    Posts
    31
    Rep Power
    6

    Default

    It's working now! I had to configure some policy routes and SNAT.

  8. #8
    Join Date
    Jun 2009
    Posts
    195
    Rep Power
    6

    Default

    You mean some policy route on the firewall? Can you post me the policy route that you use. In other words, can you explain a little bit further.

    Thanks,

  9. #9
    Join Date
    Oct 2008
    Posts
    31
    Rep Power
    6

    Default

    Yes, I had to use policy routes because the SMTP traffic is going out through an interface on my firewall other than my primary interface. These are the two policy routes that I am using on the Astaro box:

    Interface Route
    Source Network: Internal Network
    Service: SMTP
    Destination Network: Any
    Target Interface: DSL Interface

    Gateway Route
    Source Network: DSL Network
    Service: Any
    Destination Network: Any
    Gateway: DSL Gateway from provider

    I also had to setup NAT masquerading between the internal network and the DSL network and SNAT rules between my server and the DSL interface. Again, this is because I am not using my primary external firewall interface for the SMTP traffic.

Similar Threads

  1. zmamavisdctl stopped and won't restart
    By alto in forum Installation
    Replies: 2
    Last Post: 04-18-2008, 12:41 AM
  2. My Zimbra server down ... please help :)
    By frankb in forum Administrators
    Replies: 2
    Last Post: 12-12-2007, 10:29 AM
  3. fresh install down may be due to tomcat
    By gon in forum Installation
    Replies: 10
    Last Post: 07-25-2007, 08:09 AM
  4. DynDNS and Zimbra
    By afterwego in forum Installation
    Replies: 30
    Last Post: 04-01-2007, 03:34 PM
  5. fatal: Queue report unavailable - mail system is down
    By zzzzsg in forum Administrators
    Replies: 16
    Last Post: 08-24-2006, 02:31 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •