TurnKey Linux Virtual Appliance Library

I've run into a brick wall with Zimbra.

jeff.morlen's picture

First, thanks for looking and considering helping me out on this... I appreciate it.

Okay, I have TKL-Zimbra installed in a VM and reconfigured, via the script, to a valid domain name (the-internet-guy.net).

I have setup the DNS (MX & A records) for the domain to point to the external IP of the FW that maps the services back to Zimbra.

I can login and manage the domain and everything seems fine... but I cannot send or receive email!?!?

When I send an email from a MS-Exchange server I get the message:

<admin@the-internet-guy.net>:553 Cannot find OUTBOUND MX Records for domain (the-internet-guy.net)

When I send an email from GMail, I get nothing back at all.

My hosts file looks like: localhost mail.the-internet-guy.net mail

My hostname file looks like:



I'm really confused as to why it won't send or receive mail?!?

I've been playing with Zimbra for a couple days and cannot get it working.

Any and all help is greatly appreciated!

jeffmorlen's picture

Ok... fixed one part...

I've figured out that the system, by default, doesn't like to send mail unless you specifically allow itself to relay through itself... which is weird to me.

But, the process is this:

Login and SU to the Zimbra user by performing 'su - Zimbra'

Verify your networks with postfix by performing 'postconf mynetworks'

You should see something like 'mynetworks'

You need to add your network, or any system/network you wish to allow to relay, by performing 'zmprov modifyServer mail.domain.com zimbraMtaMyNetworks ' xxx.xxx.xxx.xxx/24 yyy.yyy.yyy.yyy/32'  (where mail.domain.com is your server, xxx.xxx.xxx.xxx is the network you want to allow and yyy.yyy.yyy.yyy is the host you want to allow)

You then need to reload postfix by performing 'postfix reload'

This should allow you to start sending email as long as you included yourself in the list of allowed relays.


Jeff Morlen


jeffmorlen's picture

OK... fixed another part...

Seems that Zimbra like to talk to itself on port 7025 too.

If you are on a NAT'd network, you will have to allow access to that server on that port.

This may be a problem on Cisco hardware (due to hair-pinning being an issue).

Once you allow 7025, you should be able to send internal email.


Jeff Morlen


jeffmorlen's picture

Port 7025 is required?!?!

Okay, so now I have email flowing in and out... but only when port 7025 is open to the outside world?!?

I'm using a Juniper firewall for my test environment but will be moving to a Cisco in production.

In production the Cisco will not allow, by default, hair pinning (meaning going from the inside to a FQDN on an external IP that is NAT'd back inside).

So... how would this work?!?!

Can we make Zimbra not use port 7025 or change a configuration setting to not try to use the FQDN to route mail back to itself?!?




Jeff Morlen


Jeremy Davis's picture

Sounds like you're close...

I have no experience with Zimbra what-so-ever so don't think I'll probably be able to help with your specific issue, but perhaps you could try on the Zibra forums? I would imagine that their knowledge would be more Zimbra specific. Keep in mind that this appliance is based on Ubuntu 8.04/Hardy and is Zimbra v5.0.18_GA_3011.UBUNTU8 and hopefully you will be able to find the info you need.

Good luck

PS Thanks for posting back with your info as you've gone.

Guest's picture

dunno if you have solved

dunno if you have solved this, but i think i can help, notify me if you need any

Guest's picture

Solution from the Zimbra-Wiki

Post new comment

The content of this field is kept private and will not be shown publicly. If you have a Gravatar account, used to display your avatar.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <strike> <caption>

More information about formatting options

Leave this field empty. It's part of a security mechanism.
(Dear spammers: moderators are notified of all new posts. Spam is deleted immediately)