The Zimbra MTA
How the MTA routes mail
Note: Valid DNS records are necessary in order to send and receive email.
There are three general mail-sending scenarios:
- 1. sending mail from Zimbra to somewhere on the internet,
- 2. sending mail between users on the same Zimbra server, and
- 3. receiving mail from the internet to the Zimbra server.
Let's say the Zimbra server is zimbra.domain.com, hosting mail for users @ domain.com, and somewhere on the internet is a server mail.example.com, hosting mail for users @ example.com.
1. Zimbra to the Internet
In order to send mail to a remote domain (example.com) on the internet, Zimbra will look in DNS for the MX record(s) for that domain*. You can check this out yourself with this command: "host -t mx example.com". You should see something like this:
$ host -t mx example.com example.com mail is handled by 10 mail.example.com.
The MX record "points" to a hostname (mail.example.com) of a machine that receives mail for it. That host also has an A record; once again, you can verify this for yourself: "host -t a mail.example.com", which should produce a result like this (though, if it truly is remote, you will see a publicly routable IP address):
$ host -t a mail.example.com mail.example.com has address 10.10.10.101
A newly installed Zimbra server can probably send mail to arbitrary remote domains just fine, even if it can't send in the cases that follow, because DNS is already configured for those domains.
2. Zimbra to Zimbra
In order to send mail to a domain hosted on the Zimbra server (domain.com), Zimbra will look in DNS for MX record(s) for that domain*. Again, you can check this for yourself: "host -t mx domain.com". Like before, you should see an MX record listed that "points" to the Zimbra server (zimbra.domain.com). If your Zimbra server has a private IP address (keywords: private address space, LAN, NAT), you'll need to run what gets called "split dns"*. If you can't send mail to other users on the same Zimbra server, this may be why.
3. Internet to Zimbra
In order for a remote MTA on the internet to send mail to the Zimbra server, the remote host will look in DNS for MX record(s) for the destination domain (domain.com). After finding out that the MX record for domain.com is zimbra.domain.com, the remote MTA will look for the A record of zimbra.domain.com, so that it can connect to the appropriate server (Zimbra) and deliver the mail. If these entries are not available in public DNS, you probably will not receive mail from remote accounts.
* DNS Lookups
If you disable DNS Lookups (under the MTA tab of the admin console, or with zmprov), Zimbra will end up using (according to the postconf man page) the "gethostbyname() system library routine which normally also looks in /etc/hosts" (based on the entries on the "hosts" line in /etc/nsswitch.conf). If you do this but don't also specify an SMTP relay host (typically your ISP's SMTP server), which will take care of checking DNS, you will reverse your ability to send mail: suddenly you can send mail to other users on the Zimbra server, but you can't send to the internet (though you can still receive mail from the internet either way).
Special Cases and Zimbra Mail Routing Details
Local Mail Transfer Protocol (LMTP) and the zimbraMailHost attribute
Antispam/Antivirus and amavisd
Troubleshooting mail routing.