Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » INTERNAL EMAILS WHEN INTERNET IS DOWN (How to configure Kerio to send emails within domain when internet down)
  •  
br

Messages: 12
Karma: 0
Send a private message to this user
I want to know how its possible to set up Kerio so that users can still send internal email to each other (within domain) when the internet goes down?

Running Kerio 7.0.1 on OSX Server 10.5.8 - Quad core Xeon Xserve
Server is running SMTP, POP & IMAP
Server is internal and has MX/A records

This happened to us a couple weeks ago where our 10Mb pipe went down so I wanted to send an all staff advising people of the status. It just wasn't possible. Emails would be queued (I could see they left my outbox) but internally I couldn't receive them.

When the internet came back up I got all the messages

The thing is before Kerio we were running Communigate and it was possible with that program (we've been with Kerio for about 4 years).

Thought maybe it could be an issue with our router's routing table?

Or maybe changing the subnet mask on the mail server to the broadcast address (255.255.255.255)?

i'd like to figure this out in case we ever go down again. Luckily our connection is pretty solid but I'd like this to work just in case. thanks for your help

[Updated on: Wed, 01 June 2011 21:41]

  •  
subnet

Messages: 133
Karma: 0
Send a private message to this user
Hi Br,

If I am correct, I was always been able to send emails internally if my internet connection went down. I am assuming your clients are using Koff/Pop/Imap whereas there settings point to the kerio server. If you are saying that your e-mails leaves your outbox and can confirm that it is on the message queue, then the only thing I could suspect is that your outgoing queue is set to low.
  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
Do you have a DNS on the LAN and how are your users connected to KC? Sounds like you have a basic networking deficiency on hand. MX records aside, can you resolve the mail server's hostname from a workstation when the internet pipe is broken? If not, KC probably can't resolve internal domains either. You can always put host names in OS X's hostfile (or wherever OS X stores it this week), but it's pretty cumbersome to maintain and quite inelegant.

Oh, and by the way; if you change the mail server's netmask to 255.255.255.255, it won't talk to anyone but itself (it ends up in a subnet with a single IP address). Sorta against the whole idea of a server Wink
  •  
br

Messages: 12
Karma: 0
Send a private message to this user
Thanks for the replies. We don't have a DNS on LAN we use the ISP's DNS, which is what we had when we were using Communigate and that worked? I see your point on the netmask, just thought it might point me in the right direction since I am not sure what the issue is in the first place. Thanks fot the tip on resolving internally from a workstation. I'll see if I can set up a sub network on LAN to test this out. I'll also check the outgoing queue number. Any one else sure they can send through Kerio internally when ISP goes down?
  •  
stupot1397

Messages: 54
Karma: 0
Send a private message to this user
Yes.

Defintely can send internally when internet is down.

I agree with TorW, you definitely have some sort of network issue.

Does your DNS record for the mailserver resolve to an internal IP address? IE when you ping the mailservers DNS does it return an internal or external IP address?

Stuart
  •  
br

Messages: 12
Karma: 0
Send a private message to this user
hi Stuart, it returns the internal IP, which is what is on the host file of the domain (MX record). The only thing I haven't been able to check is the routing table on the ISP's router. I am waiting to hear from them to get the login info. I'm thinking thats next to check out?

[Updated on: Thu, 02 June 2011 20:38]

  •  
stupot1397

Messages: 54
Karma: 0
Send a private message to this user
Do I take it the server is on a different subnet to the clients?

If it is on the same subnet, the routing table will make no difference.

Try telnet on port 25 to the mail server with internet up, and internet down. Do you get the same result?


Stuart
  •  
br

Messages: 12
Karma: 0
Send a private message to this user
Hi Stuart yes I get the same results:

says 220 mail.example.com ESMTP ready

Sent a test mail through telnet with the internet on then off and they both went through?

When I took it down though, I did take the firewall offline as well (just quicker to unplug the internet from) so now I'm wondering if I should look at the configuration of my firewall again.

Definitely on the right track so at least I feel I am progressing

I really appreciate the help
  •  
scottwilkins

Messages: 654
Karma: 7
Send a private message to this user
I've run into this issue too. Different routers can do very very different results for routing external to internal addresses in many ways.

I finally gave up, and moved DNS in house under Windows Server 2008 R2 and created foward lookup zones to point our mail server as if it were external, but instead returns the internal LAN address. That turned out to be a great solution for our mobile workforce as their laptops would be fast and efficient while in the LAN, but still work with no changes to KOFF configuration when outside the LAN. I also directed DNS calls for my server to OpenDNS.com to control surfing habits. If you have a Windows Server in house, it's the only way to go. I'm not even a Windows DNS expert, so paid someone to come in and show me. It was really easy and worth it. The only way to really control your LAN.
  •  
markyd

Messages: 25
Karma: 0
Send a private message to this user
I would suggest checking where your clients are forwarding DNS requests to, if they're forwarding the requests to the router then it's going to resolve an external IP address.

I have setup our network very much like Scott has his setup, all clients forward DNS requests to a local DNS server, these requests then get forwarded to OpenDNS for web filtering. The local DNS server also has a stub zone setup for the mail domain which includes MX records and A records for the mailserver. These records point to internal IP's. So when mobile users are within the LAN they are working quicker than connecting over the internet. When the mobile users are offsite they are using the public DNS server and resolve to external IP's.

I hope this helps

[Updated on: Sun, 05 June 2011 17:57]

  •  
stupot1397

Messages: 54
Karma: 0
Send a private message to this user
Because we use Active Directory, we already have a DNS set up in the way the two posts are described above.

It will most likely be a DNS issue.

It CANNOT be a routing issue, unless the server is on a different subnet or the A record is being resolved to an external address.

A router is not used when the client and server is on the same network address range.

If you have a client and server plugged into a basic switch, you will find that they can talk to each other just fine, no router required...

If the internal DNS address resolves to external then that is another matter........

do a DNS lookup and see what result you get for the mailserver, both internal and externally. They should be different. Otherwise this will need some sort on NAT loopback. Some routers are better than others at this.

I hope this helps.

Cheers
  •  
br

Messages: 12
Karma: 0
Send a private message to this user
Our emails also get filtered using a Spam Security Appliance from SonicWall. Again, even when we were with Communigate it wasn't a problem when our internet went down. We also use LDAP on kerio to validate to the Spam appliance. Does anyone have any pro's and con's for using this (Kerio/LDAP)?

I definitely see the benefits of having an internal DNS server. I'd like to check and recheck everything before we consider implementing another server, as to have that not be a band aid to bigger issue.

On the whole router discussion, we were in another building and did have a different router when we were on Communigate - just had a T1 so the 10MB pipe was a huge upgrade.

Thanks everyone for the info and advice

[Updated on: Mon, 06 June 2011 17:00]

Previous Topic: Kerio Connect over WAN
Next Topic: public calendar sync with push
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Nov 20 04:45:42 CET 2017

Total time taken to generate the page: 0.00521 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.