Common Zimbra outgoing mail issues behind NAT

Setup Zimbra Collaboration Suite on a cloud server without public interface (read: behind NAT) may waste you an afternoon trying to figure out why local emails (same domain) are not delivered, while sending/receiving mail from/to the internet works flawless.

You may find something like this on your /var/log/zimbra.log:

May  7 04:32:39 mail postfix/lmtp[15305]: connect to mail.mydomain.com[XXX.XXX.XXX.XXX]:25: Connection timed out

where XXX.XXX.XXX.XXX is the public ip address of your zimbra server.

Problem is that Zimbra MTA performs DNS lookups for local mail delivery by default. Check your Zimbra configuration and you will find out the trick:

su - zimbra
zmlocalconfig | grep postfix_lmtp_host_lookup
postfix_lmtp_host_lookup = dns

Now, let’s fix it:
su - zimbra
zmlocalconfig -e postfix_lmtp_host_lookup=native

then restart the MTA:

zmmtactl restart

Note that you *MUST* flag “Enable DNS lookups” under “Server settings” / “MTA” or outgoing mail will stop to work.