Results 1 to 10 of 10

Thread: Need help to get Zimbra to send & receive email without errors and rejections

  1. #1
    Join Date
    Feb 2009
    Location
    Singapore
    Posts
    503
    Rep Power
    7

    Default Need help to get Zimbra to send & receive email without errors and rejections

    I have a hosted Zimbra with multiple domains all sharing one IP address. I notice that my log contains varies error messages. Some of them includes:


    1. Relaying denied. IP name possibly forged [xxx.xxx.xxx.xxx] (in reply to RCPT TO command))
    2. Host or domain name not found. Name service error for name=zimbra.xxx.com type=A: Host found but no data record of requested type
    3. mail for zimbra.xxx.com loops back to myself


    After some research, I realize that beside getting Zimbra to run properly, we have to setup additional verification stuffs to ensure that Zimbra is able to send/receive email without rejections to/by other servers:

    * Have a valid rDNS
    * Have SPF set up
    * Have domain keys set up
    * Have signed up for feedback loop
    * Have a valid abuse@ and/or postmaster@ email address on your domain

    Since many users complains that they cannot receive/send emails to/from some domains, should I also disable these checks in Zimbra MTA settings?


    • Hostname in greeting violates RFC (reject_invalid_hostname)
    • Client must greet with a fully qualified hostname (reject_non_fqdn_hostname)
    • Sender address must be fully qualified (reject_non_fqdn_sender)
    • Client's IP address (reject_unknown_client)
    • Hostname in greeting (reject_unknown_hostname)
    • Sender's domain (reject_unknown_sender_domain)


    Zimbra has provide a good reference manual on what it's each option does. Unfortunately it didn't provide something more useful - an operation manual (step by step installation and setup guidance)

  2. #2
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

    Default

    Please post this information from your ZCS server
    Code:
    cat /etc/hosts
    cat /etc/resolv.conf
    dig yourdomain mx
    dig yourdomain any
    host `hostname` <- note backticks and not single quotes (copy 'n' paste)
    As long as your clients domain have a MX that points to a properly configured server with the right DNS entries all should be okay.

  3. #3
    Join Date
    Feb 2009
    Location
    Singapore
    Posts
    503
    Rep Power
    7

    Default

    Code:
    /etc/hosts
    
    127.0.0.1 localhost.localdomain localhost
    192.168.190.250 zimbra.mydomain.com zimbra
    
    ::1 ip6-localhost ip6-loopback
    fe00::0 ip6-localnet
    ff00::0 ip6-mcastprefix
    ff02::1 ip6-allnodes
    ff02::2 ip6-allrouters
    ff02::3 ip6-allhosts
    Code:
    /etc/resolv.conf
    
    nameserver 192.168.190.1
    nameserver 202.172.224.238
    nameserver 202.172.232.238
    Code:
    dig mydomain mx
    
    ; <<>> DiG 9.4.2-P2 <<>> mydomain mx
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 15292
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;mydomain. IN MX
    
    ;; AUTHORITY SECTION:
    com. 830 IN SOA a.gtld-servers.net nstld.verisign-grs.com. 1257219774 1800 900 604800 86400
    
    ;; Query time: 3 msec
    ;; SERVER: 202.172.224.238#53(202.172.224.238)
    ;; WHEN: Tue Nov 3 11:44:25 2009
    ;; MSG SIZE rcvd: 108
    Code:
    dig mydomain any
    
    ; <<>> DiG 9.4.2-P2 <<>> mydomain any
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 11038
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;mydomain. IN ANY
    
    ;; AUTHORITY SECTION:
    com. 532 IN SOA a.gtld-servers.net nstld.verisign-grs.com. 1257219774 1800 900 604800 86400
    
    ;; Query time: 4 msec
    ;; SERVER: 202.172.224.238#53(202.172.224.238)
    ;; WHEN: Tue Nov 3 11:49:23 2009
    ;; MSG SIZE rcvd: 108
    Code:
    host mydomain
    
    mydomain mail is handled by 10 zimbra.mydomain.
    Last edited by phoenix; 11-03-2009 at 12:55 AM.

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by bhwong View Post
    Code:
    /etc/resolv.conf
    
    nameserver 192.168.190.1
    nameserver 202.172.224.238
    nameserver 202.172.232.238
    The hosts file should only contain the IP address of your LAN server.

    Quote Originally Posted by bhwong View Post
    Code:
    dig mydomain mx
    
    ; <<>> DiG 9.4.2-P2 <<>> mydomain mx
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 15292
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;mydomain. IN MX
    
    ;; AUTHORITY SECTION:
    com. 830 IN SOA a.gtld-servers.net nstld.verisign-grs.com. 1257219774 1800 900 604800 86400
    
    ;; Query time: 3 msec
    ;; SERVER: 202.172.224.238#53(202.172.224.238)
    ;; WHEN: Tue Nov 3 11:44:25 2009
    ;; MSG SIZE rcvd: 108
    There appears to be no MX record for your domain.

    Quote Originally Posted by bhwong View Post
    Code:
    dig mydomain any
    
    ; <<>> DiG 9.4.2-P2 <<>> mydomain any
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 11038
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;mydomain. IN ANY
    
    ;; AUTHORITY SECTION:
    com. 532 IN SOA a.gtld-servers.net nstld.verisign-grs.com. 1257219774 1800 900 604800 86400
    
    ;; Query time: 4 msec
    ;; SERVER: 202.172.224.238#53(202.172.224.238)
    ;; WHEN: Tue Nov 3 11:49:23 2009
    ;; MSG SIZE rcvd: 108
    There apears to be no A record for your domain.

    Quote Originally Posted by bhwong View Post
    Code:
    host mydomain
    
    mydomain mail is handled by 10 zimbra.mydomain.
    The better command to use is the following:
    Code:
    host `hostname`  <-- with backticks not single quotes
    However, to your specific problem. I'll guess that those errors you've posted earlier relate to inbound mail, do those messages show in the daily report? It's not use just quoting the text from an error message as it's taken out of context, post some actual error messages from the log files for these errors.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    Join Date
    Feb 2009
    Location
    Singapore
    Posts
    503
    Rep Power
    7

    Default

    > The hosts file should only contain the IP address of your LAN server.

    I have entered the gateway and DNS server IP addresses instead. So, it should be the local IP address (not public IP) of the server that Zimbra run on which is 192.168.190.250?

    I dig the wrong domain, it should be zimbra.mydomain.com which is the domain that my Zimbra run on, mydomain.com is the main domain. So the result is as followed:

    dig mydomain mx

    ; <<>> DiG 9.4.2-P2 <<>> zimbra.mydomain mx
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 52089
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;zimbra.mydomain. IN MX

    ;; AUTHORITY SECTION:
    com. 900 IN SOA a.gtld-servers.net nstld.verisign-grs.com. 1257243961 1800 900 604800 86400

    ;; Query time: 8 msec
    ;; SERVER: 192.168.190.250#53(192.168.190.250)
    ;; WHEN: Tue Nov 3 18:26:12 2009
    ;; MSG SIZE rcvd: 115

    dig mydomain any

    ; <<>> DiG 9.4.2-P2 <<>> zimbra.mydomain any
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 32681
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;zimbra.mydomain. IN ANY

    ;; AUTHORITY SECTION:
    com. 544 IN SOA a.gtld-servers.net nstld.verisign-grs.com. 1257243961 1800 900 604800 86400

    ;; Query time: 2 msec
    ;; SERVER: 192.168.190.250#53(192.168.190.250)
    ;; WHEN: Tue Nov 3 18:32:08 2009
    ;; MSG SIZE rcvd: 115

  6. #6
    Join Date
    Feb 2009
    Location
    Singapore
    Posts
    503
    Rep Power
    7

    Default

    > post some actual error messages from the log files for these errors.

    Errors
    2009-11-02 01:01:31 bounced (Host or domain name not found. Name service error for name=zimbra.dc1.domain.com type=A: Host found but no data record of requested type)
    from=owner-confocalmicroscopy@LISTS.UMN.EDU to=xpan@domain.com.sg
    2009-11-02 13:24:57 bounced (Host or domain name not found. Name service error for name=zimbra.dc1.domain.com type=A: Host found but no data record of requested type)
    from=<> to=mchua@domain.com.sg
    2009-11-02 13:24:57 bounced (Host or domain name not found. Name service error for name=zimbra.dc1.domain.com type=A: Host found but no data record of requested type)
    from=lfeng@domain.com.sg to=mchua@domain.com.sg
    2009-11-02 14:20:05 bounced (Host or domain name not found. Name service error for name=6747-335.cudamail.com type=A: Host found but no data record of requested type)
    from=mchua@domain.com.sg to=bsawchuk@QIMAGING.com
    2009-11-02 14:20:05 bounced (Host or domain name not found. Name service error for name=6747-335.cudamail.com type=A: Host found but no data record of requested type)
    from=mchua@domain.com.sg to=cwillows@QIMAGING.com
    2009-11-02 15:19:24 deferred (host fw.paclp.de[212.63.70.228] said: 451 Please try again (in reply to RCPT TO command))
    from=wtan@domain.com.sg to=service@paclp.de
    2009-11-02 15:39:36 deferred (host fw.paclp.de[212.63.70.228] said: 451 Please try again (in reply to RCPT TO command))
    from=fwong@domain.com.sg to=jonathan.salimat@paclp.sg

  7. #7
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by bhwong View Post
    > The hosts file should only contain the IP address of your LAN server.

    I have entered the gateway and DNS server IP addresses instead. So, it should be the local IP address (not public IP) of the server that Zimbra run on which is 192.168.190.250?
    My mistake, that should have read: the resolv.conf should only have the IP of your LAN DNS server.

    Quote Originally Posted by bhwong View Post
    I dig the wrong domain, it should be zimbra.mydomain.com which is the domain that my Zimbra run on, mydomain.com is the main domain. So the result is as followed:
    Those results still show no A or MX records for the domain, can you not see that?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  8. #8
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by bhwong View Post
    > post some actual error messages from the log files for these errors.

    Errors
    2009-11-02 01:01:31 bounced (Host or domain name not found. Name service error for name=zimbra.dc1.domain.com type=A: Host found but no data record of requested type)
    from=owner-confocalmicroscopy@LISTS.UMN.EDU to=xpan@domain.com.sg
    2009-11-02 13:24:57 bounced (Host or domain name not found. Name service error for name=zimbra.dc1.domain.com type=A: Host found but no data record of requested type)
    from=<> to=mchua@domain.com.sg
    2009-11-02 13:24:57 bounced (Host or domain name not found. Name service error for name=zimbra.dc1.domain.com type=A: Host found but no data record of requested type)
    from=lfeng@domain.com.sg to=mchua@domain.com.sg
    2009-11-02 14:20:05 bounced (Host or domain name not found. Name service error for name=6747-335.cudamail.com type=A: Host found but no data record of requested type)
    from=mchua@domain.com.sg to=bsawchuk@QIMAGING.com
    2009-11-02 14:20:05 bounced (Host or domain name not found. Name service error for name=6747-335.cudamail.com type=A: Host found but no data record of requested type)
    from=mchua@domain.com.sg to=cwillows@QIMAGING.com
    2009-11-02 15:19:24 deferred (host fw.paclp.de[212.63.70.228] said: 451 Please try again (in reply to RCPT TO command))
    from=wtan@domain.com.sg to=service@paclp.de
    2009-11-02 15:39:36 deferred (host fw.paclp.de[212.63.70.228] said: 451 Please try again (in reply to RCPT TO command))
    from=fwong@domain.com.sg to=jonathan.salimat@paclp.sg
    That would be because of your DNS records problem.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  9. #9
    Join Date
    Feb 2009
    Location
    Singapore
    Posts
    503
    Rep Power
    7

    Default

    > My mistake, that should have read: the resolv.conf should only have the IP of your LAN DNS server.

    My LAN do not have a DNS server. So it should be my ISP DNS server right?

    > Those results still show no A or MX records for the domain, can you not see that?

    What will it show if there are A or MX records? I'm not familiar with dig output but Pingability.com: Web Site Monitoring and Alert Service output does show that my A and MX records are working fine. Something to do with the nameserver above?

  10. #10
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by bhwong View Post
    > My mistake, that should have read: the resolv.conf should only have the IP of your LAN DNS server, this is from your resolv.conf.

    My LAN do not have a DNS server. So it should be my ISP DNS server right?
    According to your earlier output your LAN does have a DNS server, this is from your resolv.conf:

    Code:
    nameserver 192.168.190.1
    and the output you provided earlier shows that the output from the dig query was provided by a LAN DNS server:

    Code:
    ; Query time: 8 msec
    ;; SERVER: 192.168.190.250#53(192.168.190.250)
    ;; WHEN: Tue Nov 3 18:26:12 2009
    ;; MSG SIZE rcvd: 115
    Your hosts file also shows you to be on a private LAN IP address for your Zimbra server:

    Code:
    192.168.190.250 zimbra.mydomain.com zimbra
    If that's the case you should have a DNS server on your LAN that provides the LAN IP of your Zimbra server when queried from the Zimbra server using the commands I gave you earlier.

    Quote Originally Posted by bhwong View Post
    > Those results still show no A or MX records for the domain, can you not see that?

    What will it show if there are A or MX records? I'm not familiar with dig output but Pingability.com: Web Site Monitoring and Alert Service output does show that my A and MX records are working fine. Something to do with the nameserver above?
    You haven't shown anything that has your A & MX records in it, there's no output other than the pingability web site in your link. If you wish to see what the records would look like check the output for the dig commands using google.com as an domain name.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •