I installed zimbra on centos 4.4. Everything was working fine. I then enabled the firewall on our network to block access to/from certain ports (basically I want port 25, 443, and 7071 to be able to access the system from the public internet. We may open POP3 and IMAP but that will be for later.
the system's fqdn resolves via DNS (to the public IP which is forwarded through the firewall), and it is in the hosts file so it should (and does) resolve to 127.0.0.1 from the local machine. However, once I enable the firewall, inbound mail gets stuck in deferred, with errors that a connection to the fqdn is timing out. I assume something is using DNS (instead of hosts file) to resolve the name, getting the public IP and trying to connect to some port on that IP through the firewall which then is blocked by the firewall...
If I change the DNS resolution of the fqdn to 127.0.0.1 and add another A record that resolves to the public IP then it all works. But I've got to think having a records resolve to 127.0.0.1 has to be a no no in some RFC (if you try to ping that a record it resolves to your local machine and you ping yourself...)
So the question is what ports are required to be accessible on the IP that the FQDN resolves to via DNS?