Server Zimbra failures in Dmz with Nethserver 7

Dear friends, I tell you that I have configured a server nethserver, but it is presenting some flaws with the use of the zimbra mail server.
The server nethserver has the interfaces and zones: external, internal, dmz. In the dmz segment is the zimbra mail server with a private IP of that segment.
I have 4 public ips available, the main public ip is assigned to the interface of the external segment.
As an alias add the other 03 ips to this network interface.
In the port forwarding configuration, configure the relation of a public IP of an alias of the network card of the external segment, towards the private IP of the zimbra mail server, with its necessary ports. This same public ip is configured in the provider’s dns records, mx dns, ptr, a, spf, dkim, dmarc, etc., so that the mail server works.
Some emails that are sent from our domain, to others, do not arrive or are banned by security systems of other email servers, verified logs and analyzing on the web of www.mail-tester.com, I can see that the emails arrive As the public IP of the one that has the main IP of the external card, but it does not go with the IP assigned to the domain, which is configured in the alias.
Please any one of you can tell me that you are missing the configuration.

Best regards.

PAUL CRIOLLO
PERU

Please share the portforward config:

db portforward show

Maybe setup SNAT instead of port forwarding for testing?

thank you very much i send you my portforward report

db portforward show
1=pf
Allow=0.0.0.0/0
Description=SERVIDOR ZIMBRA DMZ
Dst=
DstHost=host;server_correo_zimbra
Log=info
OriDst=1.2.3.75
Proto=tcp
Src=25,110,143,465,587,993,995,465,8443,7071,443
status=enabled
10=pf
Allow=0.0.0.0/0
Description=
Dst=3389
DstHost=host;sigre3
Log=none
OriDst=1.2.3.58
Proto=tcp
Src=3389
status=enabled
2=pf
Allow=0.0.0.0/0
Description=REMOTO_PC_HYAMUNAQUE
Dst=3389
DstHost=host;pc_hyamunaque
Log=none
OriDst=1.2.3.74
Proto=tcp
Src=3389
status=enabled
3=pf
Allow=0.0.0.0/0
Description=SIGRE
Dst=80
DstHost=host;server_aplicaciones
Log=none
OriDst=1.2.3.76
Proto=tcp
Src=80
status=enabled
4=pf
Allow=0.0.0.0/0
Description=BD_ORACLE
Dst=8080
DstHost=host;server_aplicaciones
Log=none
OriDst=1.2.3.76
Proto=tcp
Src=8080
status=enabled
6=pf
Allow=0.0.0.0/0
Description=oracle
Dst=1521
DstHost=host;server_bd_oracle
Log=none
OriDst=1.2.3.78
Proto=tcp
Src=1521
status=enabled
7=pf
Allow=0.0.0.0/0
Description=oracle
Dst=1158
DstHost=host;server_bd_oracle
Log=none
OriDst=1.2.3.78
Proto=tcp
Src=1158
status=enabled
8=pf
Allow=0.0.0.0/0
Description=oracle
Dst=443
DstHost=host;server_bd_oracle
Log=none
OriDst=1.2.3.78
Proto=tcp
Src=443
status=enabled
9=pf
Allow=0.0.0.0/0
Description=
Dst=3389
DstHost=host;server_aplicaciones
Log=none
OriDst=1.2.3.76
Proto=tcp
Src=3389
status=disabled
[root@fw ~]#

The main idea that the emails that come out of my zimbra server that is in the dmz behind the nethserver, should come out with the public IP that is registered in the domain, which was created in an alias to the external network card.
Port forwarding and SNAT need to be enabled, or only one option is required.

Only one option is required.

The portforwards look good, I don’t see an error.

Does the domain resolve to the correct public IP basically and on the Zimbra server?

Which of the two solutions is the best for my requirement.

Port forward should be good, to not expose the mail host. It was meant just for testing.

The fault is that the emails arrive with the header of the main public IP that has the network card of the external segment. Some mail servers ban me because they qualify it as an error, because that IP is not registered in the dns of the mail domain, the IP that is configured is in the alias of the network card of the external segment.

It seems setup correctly.

Does your maildomain resolve to the right public IP basically and on the Zimbra server?

You may try snat as workaround…

Thank you very much I will try in the evening.