Zimbra help..multi-domain each with own external relay

scottalanmiller

@wirestyle22 said in Zimbra help..multi-domain each with own external relay:

@vhinzsanchez said in Zimbra help..multi-domain each with own external relay:

@SAM
Thanks. Presently, we have an almost similar setup (in terms of relay/smart host but both is on different physical machine and sending to each other means to send or route to our external server.

Just so you know @SAM is not @scottalanmiller, although Scott does go by SAM. It's just not his username.

That would confuse even me.

vhinzsanchez

@wirestyle22
Oh great, just great. Noted. Thanks for letting me know.

vhinzsanchez

@dbeato said in Zimbra help..multi-domain each with own external relay:

I am connecting to the Zimbra server this morning and will let you know.

Thanks @dbeato! Really appreciate it.

vhinzsanchez

Hi Guys,

I was wondering if you have ever got to check out my queries.

Thanks in advance!

vhinzsanchez

HI Guys,

Bumping this topic should anyone has an idea.

Thanks!

dbeato

@vhinzsanchez said in Zimbra help..multi-domain each with own external relay:

HI Guys,

Bumping this topic should anyone has an idea.

Thanks!

Sorry, I haven't been able to connect to that Zimbra server... I am wondering why. Let me report back.

vhinzsanchez

@dbeato Thanks! I was just wondering where my setup went wrong...in all of my tests :grinning_face_with_smiling_eyes: for the last 1.5 to 2 years

dbeato

@vhinzsanchez said in Zimbra help..multi-domain each with own external relay:

@dbeato Thanks! I was just wondering where my setup went wrong...in all of my tests :grinning_face_with_smiling_eyes: for the last 1.5 to 2 years

There is nothing wrong with what you setup and I have that file on my Zimbra server so I am not sure what is different from yours.

vhinzsanchez

I also think so...but setups are stating otherwise. I think I have the local bind9 working as dig works and the first domain is working fine.

dbeato

@vhinzsanchez said in Zimbra help..multi-domain each with own external relay:

I also think so...but setups are stating otherwise. I think I have the local bind9 working as dig works and the first domain is working fine.

So you are doing split DNS correct? If so, you need to add that domain there as well.

vhinzsanchez

@dbeato No, not doing split dns (well, I just don't get an idea of splitdns so I was thinking it was not implemented). Just simple bind9 implementation making sure it recognize itself as postoffice.domain1.com and itself and the other mail servers (external1.com and external2.com) as mx.

• nxlookup and dig is working as expected and seeing itself, including the mx records.

• Domain in network is still domain.local.

• /etc/hostname is postoffice.domain1.com

• /etc/hosts:
  127.0.0.1
  192.168.0.1 postoffice.domain1.com postoffice
  119.93.x.x smtp.external1.com smtp

vhinzsanchez

Seemed like I had given the wrong information, sorry for the confusion. Just occurred to me that I may have provided the wrong info. Domain1.com is also external1.com (same domain name as our external provider). I think it may have no effect but it may have otherwise.

Lets I’ll step back and start my installation procedure. Most of the steps I made are taken from https://ubuntuforums.org/showthread.php?t=1866784 specially those pre-Zimbra installation – preparation and DNS. I think it is the same guide my predecessor has made to create our present server.

Just to make it clear, I have removed the extenal1.com (it is confusing, I think):
Internal network/domain name: domain.local
Server name: postoffice.domain1.com (192.168.0.1)
Zimbra domain1: domain1.com
Zimbra domain2: domain2.com
External server1: smtp.domain1.com (119.93.x.x)
External server2: smtp.domain2.com (119.93.x.y)

============

/etc/hostname:
postoffice.domain1

============

/etc/network/interfaces
iface eth0 inet static
address 192.168.0.1
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.5
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 192.168.0.1 8.8.8.8
dns-search domain1.com

============

/etc/resolv.conf
nameserver 192.168.0.1
nameserver 8.8.8.8
search domain1.com

============

/etc/bind/named.conf.local
zone "domain1.com" {
type master;
file "/etc/bind/db.domain1.com";
allow-transfer {"none";};
forwarders {8.8.8.8;};
};

zone "domain2.com" {
type master;
file "/etc/bind/db.domain2.com";
allow-transfer {"none";};
forwarders {8.8.8.8;};
};

============

/etc/bind/db.domain1.com
; domain1.com
$TTL 604800
@ IN SOA ns.domain1.com. root.domain1.com. (
20180124 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ); Negative Cache TTL
;
@ IN NS ns
IN MX 10 postoffice
IN MX 10 smtp
IN A 192.168.0.1
ns IN A 192.168.0.1
postoffice IN A 192.168.0.1
smtp IN A 119.93.x.x
www IN A 192.168.0.1

============

/etc/bind/db.domain2.com
; domain2
$TTL 604800
@ IN SOA ns.domain2.com. root.domain2.com. (
20180125 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ); Negative Cache TTL
;
@ IN NS ns
IN MX 10 postoffice
IN MX 10 smtp
IN A 192.168.0.1
ns IN A 192.168.0.1
postoffice IN A 192.168.0.1
smtp IN A 119.93.x.y
www IN A 192.168.0.1

============

admin@postoffice:~$ nslookup domain1.com
Server: 192.168.0.1
Address: 192.168.0.1#53

Name: domain1.com
Address: 192.168.0.1

============

admin@postoffice:~$ nslookup smtp.domain1.com
Server: 192.168.0.1
Address: 192.168.0.1#53

Name: smtp.domain1.com
Address: 119.93.x.x

============

admin@postoffice:~$ nslookup domain2.com
Server: 192.168.0.1
Address: 192.168.0.1#53

Name: domain2.com
Address: 192.168.0.1

============

admin@postoffice:~$ nslookup smtp.domain2.com
Server: 192.168.0.1
Address: 192.168.0.1#53

Name: smtp.domain2.com
Address: 119.93.x.y

============

admin@postoffice:~$ dig domain1.com

; <<>> DiG 9.10.3-P4-Ubuntu <<>> domain1.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28427
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;domain1.com. IN A

;; ANSWER SECTION:
domain1.com. 604800 IN A 192.168.0.1

;; AUTHORITY SECTION:
domain1.com. 604800 IN NS ns.domain1.com.

;; ADDITIONAL SECTION:
ns.domain1.com. 604800 IN A 192.168.0.1

;; Query time: 0 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Tue Feb 06 16:42:01 +08 2018
;; MSG SIZE rcvd: 91

============

admin@postoffice:~$ dig domain1.com mx

; <<>> DiG 9.10.3-P4-Ubuntu <<>> domain1.com mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11646
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 4

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;domain1.com. IN MX

;; ANSWER SECTION:
domain1.com. 604800 IN MX 10 smtp.domain1.com.
domain1.com. 604800 IN MX 10 postoffice.domain1.com.

;; AUTHORITY SECTION:
domain1.com. 604800 IN NS ns.domain1.com.

;; ADDITIONAL SECTION:
smtp.domain1.com. 604800 IN A 119.93.x.x
postoffice.domain1.com. 604800 IN A 192.168.0.1
ns.domain1.com. 604800 IN A 192.168.0.1

;; Query time: 0 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Tue Feb 06 16:42:20 +08 2018
;; MSG SIZE rcvd: 155

============

admin@postoffice:~$ dig domain2.com mx

; <<>> DiG 9.10.3-P4-Ubuntu <<>> domain2.com mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10800
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 4

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;domain2.com. IN MX

;; ANSWER SECTION:
domain2.com. 604800 IN MX 10 postoffice.domain2.com.
domain2.com. 604800 IN MX 10 smtp.domain2.com.

;; AUTHORITY SECTION:
domain2.com. 604800 IN NS ns.domain2.com.

;; ADDITIONAL SECTION:
smtp.domain2.com. 604800 IN A 119.93.x.y
postoffice.domain2.com. 604800 IN A 192.168.0.1
ns.domain2.com. 604800 IN A 192.168.0.1

;; Query time: 0 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Tue Feb 06 16:42:27 +08 2018
;; MSG SIZE rcvd: 166

vhinzsanchez

Other configuration would be the same as the original post except the external1.com which should have been smtp.domain1.com and external2.com which should be smtp.domain2.com.

Again, thanks in advance.

dbeato

Okay, so I reviewed finally that Zimbra server. What I found out is that we have three domains in there, one is sending through the WAN IP of the Server as NAT through the firewall while the other two domains are sending through a relay server as below:

dbeato

Also are you SMTP Servers also on the MTA Trusted networks?

vhinzsanchez

@dbeato said in Zimbra help..multi-domain each with own external relay:

P of the Server as NAT through the firewall while the other two domains are sending through a relay server as belo

Thanks @dbeato, great! Same as what I'm trying to achieve!

I have below as my settings

bysender:
@domain1.com [ smtp.domain1.com]:587
@domain2.com [ smtp.domain2.com]:587

relay_password:
[smtp.domain1.com]:587 [email protected]:Password1
[smtp.domain2.com]:587 [email protected]:Password2

@dbeato said in Zimbra help..multi-domain each with own external relay:

Also are you SMTP Servers also on the MTA Trusted networks?

No. Does it need to be?

Below are mynetworks (edited the line '# name postoffice.domain1.com as it formats large):
zimbra@postoffice:~$ postconf mynetworks
mynetworks = 127.0.0.0/8 [::1]/128 192.168.0.0/24
zimbra@postoffice:~$ zmprov gs postoffice.domain1.com zimbraMtaMyNetworks
'# name postoffice.domain1.com
zimbraMtaMyNetworks: 127.0.0.0/8 [::1]/128 192.168.0.0/24

Honestly, I do not understand the MTA Trusted networks. Our present servers (physical and one domain on one server..this is not the one I opened in this thread) only have the loopback (127.0.0.1/8) and its network (192.168.0.0/24) but our other VLANs, other offices (via IPSEC) and outside access (NATted) works.

What I was thinking is that the since our users are accessing the (zimbra) webmail, it is using the server's own IP address. However, this is also true if I set up POP/IMAP through a client, it connects and sends via the server's IP. Pls. correct me if I'm understanding it wrong.

dbeato

@vhinzsanchez said in Zimbra help..multi-domain each with own external relay:

What I was thinking is that the since our users are accessing the (zimbra) webmail, it is using the server's own IP address. However, this is also true if I set up POP/IMAP through a client, it connects and sends via the server's IP. Pls. correct me if I'm understanding it wrong.

Your understanding is correct.

vhinzsanchez

@dbeato thanks!

Do I also need to include both SMTP servers in MTA Trusted Networks? How do I input them in CIDR format?

119.93.x.x /32?
119.93.x.y /32?

Thanks!

dbeato

@vhinzsanchez said in Zimbra help..multi-domain each with own external relay:

@dbeato thanks!

Do I also need to include both SMTP servers in MTA Trusted Networks? How do I input them in CIDR format?

119.93.x.x /32?
119.93.x.y /32?

Thanks!

Yes /32 is one IP address.

dbeato

@vhinzsanchez said in Zimbra help..multi-domain each with own external relay:

@dbeato thanks!

Do I also need to include both SMTP servers in MTA Trusted Networks? How do I input them in CIDR format?

119.93.x.x /32?
119.93.x.y /32?

Thanks!

Please include them there for sure.