Multi-IP address zimbra server DNS PTR records and spam
If there is no specific reason you want/need a service to listen to multiple addresses, it always makes troubleshooting a lot less complicated if you can decide on one address to bind to. This is a generally good practice, and especially true for protocols such as SMTP which may attempt to match reverse DNS lookups with source addresses at level 7.
Some suggestions:
Make the Postfix SMTP client part of Zimbra bind only to your "main" IP. Either you must edit
/opt/zimbra/postfix/conf/master.cf.inadding an address to thesmtpline like this - see below. (Or to setinet_interfacesusing zmlocalconfig, but this doesn't work)Verify that you have a corresponding A and PTR (no round-robin records or anything).
Verify that you have servername/hostname & mail domain name setup correctly in Zimbra. Best verified by sending a test email somewhere and then inspecting the mail headers.
Make sure you have restart the corresponding daemons when necessary.
Here's the syntax for adjusting the smtp line:
smtp unix - - n - - smtp
-o smtp_bind_address=n.n.n.n
Related videos on Youtube
06 : 15
07 : 05
02 : 31
03 : 50
01 : 59
Comments
-
user1871402 over 1 year
We have a mail server running Zimbra (ZCS 6.0.8). The server has 5 active public IP addresses in the same subnet. (
.226-.230). I currently haveArecords for each of these (host0.domain.com..host4.domain.com), with the mainhost.domain.comof the machine pointing to.226.Our host has ended up being listed on the SORBS DUHL list (even though it's in a server farm). According to them you can get removed quickly by checking that your host has an
MXrecord, anArecord, and aPTRrecord that points back to the hostname given in theMXrecord.I tried setting the
PTRrecords so that each of these addresses resolved back to theirArecord (i.e..228had aPTRtohost2.domain.com). However, I then got mail being rejected from other servers because when Postfix (under Zimbra control) sends out mail, it uses the main hostname for theHELO- there doesn't seem to be any way to override it. So thePTRrecords currently sayhost.domain.comfor all 5 IP addresses.What's the correct way to handle this? Should I have an
Arecord for the domain that points to all the IP addresses (for round-robin handling)? I'm nervous of changes that could cause problems, so I'm wondering what the standard way to handle a multiple-IP-address mail server is.-
Admin over 13 yearsIt seems that the multiple-address thing is not an issue with SORBS; they've blocked the whole range and so should unblock it if demonstrated that one IP address is a valid mail server (unfortunately they've cached my old DNS and so their automatic exclusion tool is failing) -
Admin over 13 yearsIt also seems that HELO can now be configured: kutukupret.com/2010/01/02/…
-
Admin over 13 yearsThat
HELOsetup requirespostfix-2.7-20091209; ZCS is onpostfix-2.6.7.2z -
Admin over 13 yearsAh, Zimbra 7.0b3 now contains
postfix-2.7.1.2z- hopefully when the final 7.0 is released it will then support theHELOsyntax
-
-
user1871402 over 13 yearsThanks; the SMTP client part could help us here. (All the A and PTR records are correct; there are no round-robin records). Listening on multiple addresses is not so much the problem as sending from multiple... the "smtp" line in master.cf.in specifies a listening service and so does
inet_interfaces, butsmtp_bind_addressseems to be the right one to just adjusting client connections -
user1871402 over 13 yearsUnfortunately setting
smtp_bind_addressseemed to prevent our server from delivering any mail at all; will need to investigate/try other options -
conny over 13 yearsKeep in mind that it's likely you still need to explicitly listen on
127.0.0.1in addition to the one you intend binding on. Failing that will quite likely stop delivery (as well as look-prevention) from working. -
user1871402 over 13 yearsconny - thanks that's interesting; however I still had
inet_interfacesset to all; would adjustingsmtp_bind_addresscause a problem without explicitly settinginet_addressesto list the IP addresses? -
user1871402 over 13 yearsI've now tested adjusting the smtp 465 and submission lines in master.cf.in; they result in the server listening on only one address, but the client still sends out from multiple addresses
-
user1871402 over 13 yearsTrying to set smtp_bind_address as an option on the outgoing smtp in master.cf.in worked! (It required restarting the whole of Zimbra, not just the mta)
