@dbeato, I can not stress my gratitude on this. Thanks!

@dbeato, thanks...I'm relieved that someone still has working with me on this.

@BBigford yeah, that's it. And no fault of any other. I just can't figure this thing out...luckily, its just a test server (planning for an upgrade...thus the test).

@scottalanmiller Thanks! I did enjoy it with family and friends!

Hi,

Guys, I'll be out and will be back on Monday. Tomorrow is a holiday here in Philippines, work resumes on Monday. Hope you can help me out :smiling_face_with_open_mouth:

Thanks!

Really like what I'm reading here and the other threads/community...but I'm still a linux newbie (for several years)..I do not claim to know it all or anything to be advanced, but has stuck with what we have here (Ubuntu server) which I know enough on how to manage.

On the desktop side, I've had it in my personal laptop which is now decommissioned due to hardware failure. I actually liked the desktop (have not tried other ones though...aside from Windows ).

@dbeato said in Zimbra help..multi-domain each with own external relay:

Strange, I mean your error seem to be trying to connect to Gmail that the ports are timing out.

That's where I'm also confused about. It seems that it is directly trying to connect to Gmail to send the messages. The recipient is my personal gmail account. Creating bysender and relay_password files and configuring Zimbra to recognize those (by the searches I had done), it should have routed the mails to the external (SMTP) server.

Inputting the smtp.domain1.com to "Relay MTA for external delivery" routes all outgoing emails to it, including the ones from domain2.com which should route to smtp.domain2.com.

Thanks @dbeato, by goal is to use our own SMTP (external email server) as smarthost. We are using the 2 now, in a separate physical Zimbra installation, without issues. I was only trying to replicate that settings into a single (VM) zimbra install.

Thanks again for sticking with me to help me out with my dilemma.

Also liking pfSense. Once you got the hang of it, its easy-peasy to manage.

@scottalanmiller said in Looking for recommendations on the best UTM Firewalls for SMB's...:

@ccwtech said in Looking for recommendations on the best UTM Firewalls for SMB's...:

Have you looked at Meraki?

Ewwwwwww

Hahaha Liking the reaction. In anyways, no experience in Meraki...but I like the reaction...simply classic.

@dbeato

Yup...tried to enter the IPs in MTA Trusted Networks but still the same even after issuing "zmcontrol restart" and even restarting the whole VM. It seems as though that the email is being sent directly to the recipient's server (Google's in this case):

Feb 13 16:36:59 postoffice systemd-logind[936]: Removed session 92.
Feb 13 16:37:10 postoffice postfix/smtp[38133]: connect to alt1.gmail-smtp-in.l.google.com[74.125.198.27]:25: Connection timed out
Feb 13 16:37:10 postoffice postfix/smtp[38134]: connect to alt1.gmail-smtp-in.l.google.com[74.125.198.27]:25: Connection timed out
Feb 13 16:37:40 postoffice postfix/smtp[38134]: connect to alt2.gmail-smtp-in.l.google.com[74.125.124.26]:25: Connection timed out
Feb 13 16:37:40 postoffice postfix/smtp[38133]: connect to alt2.gmail-smtp-in.l.google.com[74.125.124.26]:25: Connection timed out
Feb 13 16:37:46 postoffice zmconfigd[1371]: Fetching All configs
Feb 13 16:37:46 postoffice zmconfigd[1371]: All configs fetched in 0.09 seconds
Feb 13 16:37:51 postoffice zmconfigd[1371]: Watchdog: service antivirus status is OK.
Feb 13 16:37:51 postoffice zmconfigd[1371]: All rewrite threads completed in 0.00 sec
Feb 13 16:37:51 postoffice zmconfigd[1371]: All restarts completed in 0.00 sec
Feb 13 16:38:10 postoffice postfix/smtp[38133]: connect to alt3.gmail-smtp-in.l.google.com[74.125.136.26]:25: Connection timed out
Feb 13 16:38:10 postoffice postfix/smtp[38134]: connect to alt3.gmail-smtp-in.l.google.com[74.125.136.26]:25: Connection timed out
Feb 13 16:38:40 postoffice postfix/smtp[38134]: connect to alt4.gmail-smtp-in.l.google.com[173.194.208.26]:25: Connection timed out
Feb 13 16:38:40 postoffice postfix/smtp[38133]: connect to alt4.gmail-smtp-in.l.google.com[173.194.208.26]:25: Connection timed out
Feb 13 16:38:40 postoffice postfix/smtp[38133]: B00E09B4207B: to=[email protected], relay=none, delay=3353, delays=3231/0.75/121/0, dsn=4.4.1, status=deferred (connect to alt4.gmail-smtp-in.l.google.com[173.194.208.26]:25: Connection timed out)
Feb 13 16:38:40 postoffice postfix/smtp[38134]: 065129B42075: to=[email protected], relay=none, delay=3351, delays=3230/0.59/121/0, dsn=4.4.1, status=deferred (connect to alt4.gmail-smtp-in.l.google.com[173.194.208.26]:25: Connection timed out)

@dbeato thanks!

Do I also need to include both SMTP servers in MTA Trusted Networks? How do I input them in CIDR format?

119.93.x.x /32?
119.93.x.y /32?

Thanks!

@dbeato said in Zimbra help..multi-domain each with own external relay:

P of the Server as NAT through the firewall while the other two domains are sending through a relay server as belo

Thanks @dbeato, great! Same as what I'm trying to achieve!

I have below as my settings

bysender:
@domain1.com [ smtp.domain1.com]:587
@domain2.com [ smtp.domain2.com]:587

relay_password:
[smtp.domain1.com]:587 [email protected]:Password1
[smtp.domain2.com]:587 [email protected]:Password2

@dbeato said in Zimbra help..multi-domain each with own external relay:

Also are you SMTP Servers also on the MTA Trusted networks?

No. Does it need to be?

Below are mynetworks (edited the line '# name postoffice.domain1.com as it formats large):
zimbra@postoffice:~$ postconf mynetworks
mynetworks = 127.0.0.0/8 [::1]/128 192.168.0.0/24
zimbra@postoffice:~$ zmprov gs postoffice.domain1.com zimbraMtaMyNetworks
'# name postoffice.domain1.com
zimbraMtaMyNetworks: 127.0.0.0/8 [::1]/128 192.168.0.0/24

Honestly, I do not understand the MTA Trusted networks. Our present servers (physical and one domain on one server..this is not the one I opened in this thread) only have the loopback (127.0.0.1/8) and its network (192.168.0.0/24) but our other VLANs, other offices (via IPSEC) and outside access (NATted) works.

What I was thinking is that the since our users are accessing the (zimbra) webmail, it is using the server's own IP address. However, this is also true if I set up POP/IMAP through a client, it connects and sends via the server's IP. Pls. correct me if I'm understanding it wrong.

Other configuration would be the same as the original post except the external1.com which should have been smtp.domain1.com and external2.com which should be smtp.domain2.com.

Again, thanks in advance.

Seemed like I had given the wrong information, sorry for the confusion. Just occurred to me that I may have provided the wrong info. Domain1.com is also external1.com (same domain name as our external provider). I think it may have no effect but it may have otherwise.

Lets I’ll step back and start my installation procedure. Most of the steps I made are taken from https://ubuntuforums.org/showthread.php?t=1866784 specially those pre-Zimbra installation – preparation and DNS. I think it is the same guide my predecessor has made to create our present server.

Just to make it clear, I have removed the extenal1.com (it is confusing, I think):
Internal network/domain name: domain.local
Server name: postoffice.domain1.com (192.168.0.1)
Zimbra domain1: domain1.com
Zimbra domain2: domain2.com
External server1: smtp.domain1.com (119.93.x.x)
External server2: smtp.domain2.com (119.93.x.y)

============

/etc/hostname:
postoffice.domain1

============

/etc/network/interfaces
iface eth0 inet static
address 192.168.0.1
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.5
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 192.168.0.1 8.8.8.8
dns-search domain1.com

============

/etc/resolv.conf
nameserver 192.168.0.1
nameserver 8.8.8.8
search domain1.com

============

/etc/bind/named.conf.local
zone "domain1.com" {
type master;
file "/etc/bind/db.domain1.com";
allow-transfer {"none";};
forwarders {8.8.8.8;};
};

zone "domain2.com" {
type master;
file "/etc/bind/db.domain2.com";
allow-transfer {"none";};
forwarders {8.8.8.8;};
};

============

/etc/bind/db.domain1.com
; domain1.com
$TTL 604800
@ IN SOA ns.domain1.com. root.domain1.com. (
20180124 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ); Negative Cache TTL
;
@ IN NS ns
IN MX 10 postoffice
IN MX 10 smtp
IN A 192.168.0.1
ns IN A 192.168.0.1
postoffice IN A 192.168.0.1
smtp IN A 119.93.x.x
www IN A 192.168.0.1

============

/etc/bind/db.domain2.com
; domain2
$TTL 604800
@ IN SOA ns.domain2.com. root.domain2.com. (
20180125 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ); Negative Cache TTL
;
@ IN NS ns
IN MX 10 postoffice
IN MX 10 smtp
IN A 192.168.0.1
ns IN A 192.168.0.1
postoffice IN A 192.168.0.1
smtp IN A 119.93.x.y
www IN A 192.168.0.1

============

admin@postoffice:~$ nslookup domain1.com
Server: 192.168.0.1
Address: 192.168.0.1#53

Name: domain1.com
Address: 192.168.0.1

============

admin@postoffice:~$ nslookup smtp.domain1.com
Server: 192.168.0.1
Address: 192.168.0.1#53

Name: smtp.domain1.com
Address: 119.93.x.x

============

admin@postoffice:~$ nslookup domain2.com
Server: 192.168.0.1
Address: 192.168.0.1#53

Name: domain2.com
Address: 192.168.0.1

============

admin@postoffice:~$ nslookup smtp.domain2.com
Server: 192.168.0.1
Address: 192.168.0.1#53

Name: smtp.domain2.com
Address: 119.93.x.y

============

admin@postoffice:~$ dig domain1.com

; <<>> DiG 9.10.3-P4-Ubuntu <<>> domain1.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28427
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;domain1.com. IN A

;; ANSWER SECTION:
domain1.com. 604800 IN A 192.168.0.1

;; AUTHORITY SECTION:
domain1.com. 604800 IN NS ns.domain1.com.

;; ADDITIONAL SECTION:
ns.domain1.com. 604800 IN A 192.168.0.1

;; Query time: 0 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Tue Feb 06 16:42:01 +08 2018
;; MSG SIZE rcvd: 91

============

admin@postoffice:~$ dig domain1.com mx

; <<>> DiG 9.10.3-P4-Ubuntu <<>> domain1.com mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11646
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 4

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;domain1.com. IN MX

;; ANSWER SECTION:
domain1.com. 604800 IN MX 10 smtp.domain1.com.
domain1.com. 604800 IN MX 10 postoffice.domain1.com.

;; AUTHORITY SECTION:
domain1.com. 604800 IN NS ns.domain1.com.

;; ADDITIONAL SECTION:
smtp.domain1.com. 604800 IN A 119.93.x.x
postoffice.domain1.com. 604800 IN A 192.168.0.1
ns.domain1.com. 604800 IN A 192.168.0.1

;; Query time: 0 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Tue Feb 06 16:42:20 +08 2018
;; MSG SIZE rcvd: 155

============

admin@postoffice:~$ dig domain2.com mx

; <<>> DiG 9.10.3-P4-Ubuntu <<>> domain2.com mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10800
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 4

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;domain2.com. IN MX

;; ANSWER SECTION:
domain2.com. 604800 IN MX 10 postoffice.domain2.com.
domain2.com. 604800 IN MX 10 smtp.domain2.com.

;; AUTHORITY SECTION:
domain2.com. 604800 IN NS ns.domain2.com.

;; ADDITIONAL SECTION:
smtp.domain2.com. 604800 IN A 119.93.x.y
postoffice.domain2.com. 604800 IN A 192.168.0.1
ns.domain2.com. 604800 IN A 192.168.0.1

;; Query time: 0 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Tue Feb 06 16:42:27 +08 2018
;; MSG SIZE rcvd: 166

@dbeato No, not doing split dns (well, I just don't get an idea of splitdns so I was thinking it was not implemented). Just simple bind9 implementation making sure it recognize itself as postoffice.domain1.com and itself and the other mail servers (external1.com and external2.com) as mx.

• nxlookup and dig is working as expected and seeing itself, including the mx records.

• Domain in network is still domain.local.

• /etc/hostname is postoffice.domain1.com

• /etc/hosts:
  127.0.0.1
  192.168.0.1 postoffice.domain1.com postoffice
  119.93.x.x smtp.external1.com smtp

I also think so...but setups are stating otherwise. I think I have the local bind9 working as dig works and the first domain is working fine.

@dbeato Thanks! I was just wondering where my setup went wrong...in all of my tests :grinning_face_with_smiling_eyes: for the last 1.5 to 2 years

HI Guys,

Bumping this topic should anyone has an idea.

Thanks!

Hi Guys,

I was wondering if you have ever got to check out my queries.

Thanks in advance!