Page 1 of 1

erratic behaviour of our Zimbra 8.8.9

Posted: Thu Oct 18, 2018 10:22 am
by richCasud
Hello

We are experiencing difficulties with our new Zimbra Server

Most of the emails coming from outside our domain are bouncing
Some of our email from inside to inside just don't pass
...

We just finished a migration that took 4 weeks. We migrated account by batch, using zextras mig and, during this time, we had
the ZimbraOld passing mail to accounts on ZimbraNew using

Code: Select all

zmprov ma usermail@domaine.fr zimbraMailTransport smtp:mta.domaine.fr:25
zmprov ma usermail@domaine.fr zimbraMailTransport lmtp:mta2.domaine.fr:7025


Here is a part of our log

Oct 18 12:17:50 mta2 postfix/smtpd[10305]: warning: unknown smtpd restriction: "OK"
Oct 18 12:17:50 mta2 postfix/smtpd[10305]: NOQUEUE: reject: RCPT from mail-run1.idom.fr[domainNameProviderIP]: 451 4.3.5 Server configuration error; from=<someone@orange.fr> to=<user1@ourdomain.fr> proto=ESMTP helo=<mail-run1.idom.fr>
Oct 18 12:17:54 mta2 postfix/smtpd[10305]: NOQUEUE: reject: RCPT from mail-run1.idom.fr[domainNameProviderIP]: 554 5.7.1 <user2@ourdomain.fr>: Recipient address rejected: Access denied; from=<bounces+2708438-8cec-user2=ourdomain.fr@em8862.villagefse2019.fr> to=<user2@ourdomain.fr> proto=ESMTP helo=<mail-run1.idom.fr>
Oct 18 12:17:54 mta2 postfix/smtpd[10305]: warning: restriction `permit' after `reject' is ignored
Oct 18 12:17:56 mta2 postfix/smtp[11919]: 23C7A2886A0: to=<postmaster@mta2.ourdomain.fr>, orig_to=<postmaster>, relay=smtp.mobius.fr[ouProviderIP]:25, delay=406, delays=385/20/0.07/0.21, dsn=4.1.8, status=deferred (host smtp.mobius.fr[ouProviderIP] said: 450 4.1.8 <double-bounce@mta2.ourdomain.fr>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Oct 18 12:17:56 mta2 postfix/smtp[11933]: 2B06D28863F: to=<postmaster@mta2.ourdomain.fr>, orig_to=<postmaster>, relay=smtp.mobius.fr[ouProviderIP]:25, delay=487, delays=466/20/0.06/0.22, dsn=4.1.8, status=deferred (host smtp.mobius.fr[ouProviderIP] said: 450 4.1.8 <double-bounce@mta2.ourdomain.fr>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Oct 18 12:17:56 mta2 postfix/smtp[9138]: 2036A2886A2: to=<postmaster@mta2.ourdomain.fr>, orig_to=<postmaster>, relay=smtp.mobius.fr[ouProviderIP]:25, delay=441, delays=420/20/0.07/0.22, dsn=4.1.8, status=deferred (host smtp.mobius.fr[ouProviderIP] said: 450 4.1.8 <double-bounce@mta2.ourdomain.fr>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Oct 18 12:17:56 mta2 postfix/smtp[11918]: 2298A28869A: to=<postmaster@mta2.ourdomain.fr>, orig_to=<postmaster>, relay=smtp.mobius.fr[ouProviderIP]:25, delay=461, delays=440/20/0.07/0.22, dsn=4.1.8, status=deferred (host smtp.mobius.fr[ouProviderIP] said: 450 4.1.8 <double-bounce@mta2.ourdomain.fr>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Oct 18 12:17:56 mta2 postfix/smtp[11917]: 27558288698: to=<postmaster@mta2.ourdomain.fr>, orig_to=<postmaster>, relay=smtp.mobius.fr[ouProviderIP]:25, delay=477, delays=456/20/0.06/0.23, dsn=4.1.8, status=deferred (host smtp.mobius.fr[ouProviderIP] said: 450 4.1.8 <double-bounce@mta2.ourdomain.fr>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Oct 18 12:17:57 mta2 postfix/smtp[11935]: 4777D280E4B: to=<postmaster@mta2.ourdomain.fr>, orig_to=<postmaster>, relay=smtp.mobius.fr[ouProviderIP]:25, delay=1012, delays=991/20/1.1/0.01, dsn=4.1.8, status=deferred (host smtp.mobius.fr[ouProviderIP] said: 450 4.1.8 <double-bounce@mta2.ourdomain.fr>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Oct 18 12:17:58 mta2 postfix/postscreen[10304]: CONNECT from [ourZimbraServerIP]:48620 to [ourZimbraServerIP]:25
Oct 18 12:17:58 mta2 postfix/postscreen[10304]: WHITELISTED [ourZimbraServerIP]:48620
Oct 18 12:17:58 mta2 postfix/smtpd[11931]: connect from mta2.ourdomain.fr[ourZimbraServerIP]
Oct 18 12:17:58 mta2 postfix/smtpd[11931]: 29DAA288696: client=mta2.ourdomain.fr[ourZimbraServerIP]
Oct 18 12:17:58 mta2 postfix/cleanup[10357]: 29DAA288696: message-id=<1294940953.79.1539850677996.JavaMail.zimbra@ourdomain.fr>
Oct 18 12:17:58 mta2 postfix/qmgr[4944]: 29DAA288696: from=<user3@ourdomain.fr>, size=2168, nrcpt=5 (queue active)
Oct 18 12:17:58 mta2 postfix/smtpd[11931]: disconnect from mta2.ourdomain.fr[ourZimbraServerIP] ehlo=1 mail=1 rcpt=2 data=1 quit=1 commands=6
Oct 18 12:17:58 mta2 postfix/dkimmilter/smtpd[11913]: connect from localhost.ourdomain.fr[127.0.0.1]
Oct 18 12:17:58 mta2 postfix/dkimmilter/smtpd[11913]: Anonymous TLS connection established from localhost.ourdomain.fr[127.0.0.1]: TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)
Oct 18 12:17:58 mta2 postfix/dkimmilter/smtpd[11913]: 2F70D288699: client=localhost.ourdomain.fr[127.0.0.1]
Oct 18 12:17:58 mta2 postfix/cleanup[10340]: 2F70D288699: message-id=<1294940953.79.1539850677996.JavaMail.zimbra@ourdomain.fr>
Oct 18 12:17:58 mta2 opendkim[4716]: 2F70D288699: no signing table match for 'user3@ourdomain.fr'
Oct 18 12:17:58 mta2 postfix/smtp[11912]: 29DAA288696: to=<user4@ourdomain.fr>, orig_to=<dsi@ourdomain.fr>, relay=127.0.0.1[127.0.0.1]:10030, delay=0.08, delays=0.02/0/0/0.06, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 2F70D288699)
Oct 18 12:17:58 mta2 postfix/smtp[11912]: 29DAA288696: to=<user5@ourdomain.fr>, orig_to=<dsi@ourdomain.fr>, relay=127.0.0.1[127.0.0.1]:10030, delay=0.08, delays=0.02/0/0/0.06, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 2F70D288699)
Oct 18 12:17:58 mta2 postfix/qmgr[4944]: 2F70D288699: from=<user4@ourdomain.fr>, size=2362, nrcpt=5 (queue active)
Oct 18 12:17:58 mta2 postfix/smtp[11912]: 29DAA288696: to=<user5@ourdomain.fr>, orig_to=<dsi@ourdomain.fr>, relay=127.0.0.1[127.0.0.1]:10030, delay=0.08, delays=0.02/0/0/0.06, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 2F70D288699)
Oct 18 12:17:58 mta2 postfix/smtp[11912]: 29DAA288696: to=<user6@ourdomain.fr>, orig_to=<dsi@ourdomain.fr>, relay=127.0.0.1[127.0.0.1]:10030, delay=0.08, delays=0.02/0/0/0.06, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 2F70D288699)
Oct 18 12:17:58 mta2 postfix/smtp[11912]: 29DAA288696: to=<user6@ourdomain.fr>, relay=127.0.0.1[127.0.0.1]:10030, delay=0.08, delays=0.02/0/0/0.06, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 2F70D288699)
Oct 18 12:17:58 mta2 postfix/qmgr[4944]: 29DAA288696: removed


Can someone help us ?

Re: erratic behaviour of our Zimbra 8.8.9

Posted: Thu Oct 18, 2018 10:32 am
by phoenix
There's no mention in this post of your Split Domain configuration, it's mentioned in a different thread and this is probably a side effect of that. Have you reversed all the changes from the Split Domain configuration and if you have post the output after those changes. Do you also have a Split DNS configuration for this server? If you have post all the output from the commands in the 'Verify...' section of the Split DNS article.

Re: erratic behaviour of our Zimbra 8.8.9

Posted: Thu Oct 18, 2018 10:45 am
by richCasud
Thing is , we are not sur we used split domain

What we did:
On ZimbraOld
we created a transition domain (transitdomain.fr) and moved batches of user account to that domain, to export them using ZX MigrationTool
On ZimbraNew
We imported those account and moved them to ourdomain.fr
Then, run that command
zmprov ma usermail@domaine.fr zimbraMailTransport smtp:mta.domaine.fr:25
zmprov ma usermail@domaine.fr zimbraMailTransport lmtp:mta2.domaine.fr:7025

Does that means we used split domain ?

Re: erratic behaviour of our Zimbra 8.8.9

Posted: Thu Oct 18, 2018 10:55 am
by phoenix
richCasud wrote:Does that means we used split domain ?
No, that's not a Split Domain and I'm only quoting the fact you said that's what you had. The only entry you need on any account is for the lmtp setting, you can remove the smtp one.

You didn't answer my question about a Split DNS.

Re: erratic behaviour of our Zimbra 8.8.9

Posted: Thu Oct 18, 2018 11:17 am
by richCasud
question about a Split DNS


I don't know, how do I check for it ?

Re: erratic behaviour of our Zimbra 8.8.9

Posted: Thu Oct 18, 2018 11:18 am
by phoenix
Take a look at the Split DNS wiki article I mentioned earlier.

Re: erratic behaviour of our Zimbra 8.8.9

Posted: Thu Oct 18, 2018 11:35 am
by richCasud
does that helps ?

considering this page, https://wiki.zimbra.com/wiki/Split_DNS# ... is_working
this is what we get when we do.
(we didn't use dnsmasq but bind instead)

dig ourdomain.fr mx

; <<>> DiG 9.10.3-P4-Ubuntu <<>> ourdomain.fr mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44629
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ourdomain.fr. IN MX

;; AUTHORITY SECTION:
ourdomain.fr. 2313 IN SOA srv-dc01.ccsud.local. hostmaster.ccsud.local. 52 900 600 86400 3600

;; Query time: 3 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Oct 18 15:23:47 +04 2018
;; MSG SIZE rcvd: 104

zimbra@mta2:~/common/conf$ clear
zimbra@mta2:~/common/conf$ dig ourdomain.fr any

; <<>> DiG 9.10.3-P4-Ubuntu <<>> ourdomain.fr any
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23735
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ourdomain.fr. IN ANY

;; ANSWER SECTION:
ourdomain.fr. 2264 IN NS srv-dc02.ccsud.local.
ourdomain.fr. 2264 IN NS srv-dc01.ccsud.local.
ourdomain.fr. 2264 IN NS srv-dc03.ccsud.local.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Oct 18 15:24:36 +04 2018
;; MSG SIZE rcvd: 117

zimbra@mta2:~/common/conf$ host $(hostname)
mta2.ourdomain.fr has address 10.10.1.22
mta2.ourdomain.fr mail is handled by 10 mta2.ourdomain.fr.

Re: erratic behaviour of our Zimbra 8.8.9

Posted: Thu Oct 18, 2018 1:19 pm
by phoenix
That output indicates that you don't have a Split DNS but the output suggests you are behind a NAT router and in that case you need a Split DNS configured (that includes configuring the hosts file correctly as per the wiki article).

Re: erratic behaviour of our Zimbra 8.8.9

Posted: Mon Oct 22, 2018 12:26 pm
by richExt
thank you a 1000 times phoenix

We've been working at it until today and without your help we wouldn't be in good shape now.
But, here we are, with a zimbra server that sends and receives emails :)

We still have some bug, like the Distribution lists not receiving from outside our domain and
some double-bounce that keep coming at us, but at least people have mail.

//***********To give an ANSWER to the post's question:

It was all about the BIND
Being behind a NAT we should have known that we needed a split Domain settup
We choosed Bind
It took us a lot of time to get the Bind setting right
The zimbra server was really behaving crazy and we didn't know what to tackle first
so many things going wrong
but once the bind status showed everthing in green, the server became a good boy again

//**************

Don't know where we would be without this forum

THANK YOU

Re: erratic behaviour of our Zimbra 8.8.9

Posted: Mon Oct 22, 2018 1:26 pm
by phoenix
Well done, I'm glad you've fixed it. :)

I'd suggest you open a new thread on your D/L problem if you don't find a solution, I don't use them but there should be no reason why they wouldn't work in your environment.