Results 1 to 3 of 3

Thread: Secure MTA connection with authentication

  1. #1
    Join Date
    Feb 2006
    Posts
    3
    Rep Power
    9

    Default Secure MTA connection with authentication

    Greetings,

    I am having a heck of a time getting my Zimbra server to relay mail through my external SMTP server (which supports plain old relaying, SMTP AUTH, TLS, SSL, etc.). Ideally, I'd like to have all mail forward through that server, and be encrypted (both the password and the message).

    I have tried to piece together a number of the current posts on the forum, but haven't had any luck.

    Here is the end of my main.cf:
    Code:
    smtpd_helo_required = yes
    
    smtpd_client_restrictions = reject_unauth_pipelining
    
    smtpd_data_restrictions = reject_unauth_pipelining
    
    smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_sender, reject_unauth_destination, permit
    
    broken_sasl_auth_clients = yes
    
    smtpd_use_tls = yes
    smtpd_tls_cert_file = /opt/zimbra/conf/smtpd.crt
    smtpd_tls_key_file = /opt/zimbra/conf/smtpd.key
    smtpd_tls_loglevel = 3
    
    message_size_limit = 10240000
    content_filter = smtp-amavis:[127.0.0.1]:10024
    myhostname = zimbra.(MY INTERNALDOMAIN)
    recipient_delimiter =
    smtpd_sasl_auth_enable = yes
    smtpd_tls_auth_only = no
    disable_dns_lookups = yes
    smtp_sasl_password_maps = hash:/opt/zimbra/conf/relay_password
    relayhost = (MY EXTERNAL SMTP SERVER)
    smtp_sasl_authentication_filter =
    smtp_sasl_security_options = noanonymous
    smtp_tls_enforce_peername = no
    debug_peer_list = (MY EXTERNAL SMTP SERVER)
    Any help you could give me would be great... looking at the logs, I see that while my server advertises AUTH LOGIN CRAM-MD5 PLAIN STARTTLS PIPELINING, etc., Zimbra only chooses ESMTP PIPELINING and does not attempt to authenticate.


    Thanks!

    Dave

  2. #2
    Join Date
    Sep 2005
    Posts
    2,103
    Rep Power
    14

    Default postfix auth to relay host

    man 5 postconf on my box doesn't have smtp_sasl_authentication_filter, so I'm not sure what that does - but I'm pretty sure that you'll want to set smtp_sasl_auth_enable to yes...

    Quote Originally Posted by firebin
    Greetings,

    I am having a heck of a time getting my Zimbra server to relay mail through my external SMTP server (which supports plain old relaying, SMTP AUTH, TLS, SSL, etc.). Ideally, I'd like to have all mail forward through that server, and be encrypted (both the password and the message).

    I have tried to piece together a number of the current posts on the forum, but haven't had any luck.

    Here is the end of my main.cf:
    Code:
    smtpd_helo_required = yes
    
    smtpd_client_restrictions = reject_unauth_pipelining
    
    smtpd_data_restrictions = reject_unauth_pipelining
    
    smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_sender, reject_unauth_destination, permit
    
    broken_sasl_auth_clients = yes
    
    smtpd_use_tls = yes
    smtpd_tls_cert_file = /opt/zimbra/conf/smtpd.crt
    smtpd_tls_key_file = /opt/zimbra/conf/smtpd.key
    smtpd_tls_loglevel = 3
    
    message_size_limit = 10240000
    content_filter = smtp-amavis:[127.0.0.1]:10024
    myhostname = zimbra.(MY INTERNALDOMAIN)
    recipient_delimiter =
    smtpd_sasl_auth_enable = yes
    smtpd_tls_auth_only = no
    disable_dns_lookups = yes
    smtp_sasl_password_maps = hash:/opt/zimbra/conf/relay_password
    relayhost = (MY EXTERNAL SMTP SERVER)
    smtp_sasl_authentication_filter =
    smtp_sasl_security_options = noanonymous
    smtp_tls_enforce_peername = no
    debug_peer_list = (MY EXTERNAL SMTP SERVER)
    Any help you could give me would be great... looking at the logs, I see that while my server advertises AUTH LOGIN CRAM-MD5 PLAIN STARTTLS PIPELINING, etc., Zimbra only chooses ESMTP PIPELINING and does not attempt to authenticate.


    Thanks!

    Dave

  3. #3
    Join Date
    Feb 2006
    Posts
    3
    Rep Power
    9

    Default

    Nice! I knew it had to be something small. The smtp_auth_enable did the trick.


    Thanks,

    Dave

Similar Threads

  1. Daily mail report always reports "No messages found"
    By McPringle in forum Installation
    Replies: 42
    Last Post: 06-13-2011, 08:57 AM
  2. Does Zimbra support IMAP Secure Authentication?
    By zzzzsg in forum Administrators
    Replies: 6
    Last Post: 11-06-2009, 06:19 PM
  3. Replies: 3
    Last Post: 07-19-2007, 02:00 AM
  4. Server Stats Cont...
    By DMRDave in forum Administrators
    Replies: 15
    Last Post: 02-16-2006, 12:16 PM
  5. MTA TLS authentication
    By gutzeit in forum Installation
    Replies: 10
    Last Post: 11-16-2005, 03:15 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •