Results 1 to 6 of 6

Thread: Help configuring relay for outside network clients

  1. #1
    Join Date
    Sep 2008
    Posts
    6
    Rep Power
    7

    Question Help configuring relay for outside network clients

    Hey, first of all thanks the Zimbra staff for developing a great product.

    Second I'm new to Zimbra and Linux in general (Mostly ussing MS servers all my life) but with the help of this forum and the Zimbra docs I was able to migrate our old 4.5 Zimbra to the new mail server with Ver 5.

    Now everything is working as expected the only problem I have is that my outside trusted networks clients (Clients accessing via Internet) wich are using Mail Clients (ie. Outlook, etc) are not able to send emails to external domains (aka error 554 <xxx@xxx.xxx>: Relay access denied).

    I know this isn't a Zimbra bug/error and I'm sure I'm missing one more configuration option/command.

    Here are my MTA Configuration right now:

    Enable authentication is checked
    TLS authentication only is checked

    MTA trusted networks: 127.0.0.0/8 200.87.XXX.XXX 10.120.0.0/24 10.110.0.0/24 10.130.0.0/24
    (200.87.XXX.XXX is the external IP for the mail server, the other networks were changed for security but are reflecting the same idea)

    Enable Dns lookups is checked

    I tried some of the suggestions in these forums about enable "smtp Authentication for my outgoing server" on my outlook test client but as soon I enable that it cannot connect to the server anymore, I think thats related to explicit reject rule wich I cannot find, but I do not know if that will solve my problem.

    I already read hxxp://wiki.zimbra.com/index.php?title=ZimbraMtaMyNetworks wiki wich doesnt help me on this cause the clients will be connecting from IP addresses wich are not known to me.

    I will appreciate any help you can give me and thanks in advance.

  2. #2
    Join Date
    Aug 2008
    Location
    St Pete FL USA
    Posts
    392
    Rep Power
    7

    Default

    Find the Zimbra postfix master.cf, uncomment the line that says 'submission', restart Zimbra, and point your clients to port 587, with TLS.
    Jay R. Ashworth - ZCS 6.0.9CE/CentOS5 - St Pete FL US - Music - Blog - Photography - IANAL - IAAMA
    Try to Ask Questions The Smart Way -- you'll get better answers.

    Put your product and version in your profile/signature - All opinions strictly my own, even though I have an employer these days.
    If you [SOLVE] something, please tell everyone how for the archives
    And, please... read what people write, and answer the questions they asked, not the ones they didn't.

  3. #3
    Join Date
    Sep 2008
    Posts
    6
    Rep Power
    7

    Default ...

    Quote Originally Posted by Baylink View Post
    Find the Zimbra postfix master.cf, uncomment the line that says 'submission', restart Zimbra, and point your clients to port 587, with TLS.
    Hey Baylink, thanks for your answer.

    Checking my master.cf file I found the following:

    #submission inet n - n - - smtpd
    # -o smtpd_etrn_restrictions=reject
    # -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
    465 inet n - n - - smtpd
    -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
    #submission inet n - n - - smtpd
    # -o smtpd_etrn_restrictions=reject
    # -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes

    now wich should I uncomment the first one, the second one, both? I think its the second one but I want to be sure first cause this is a production server before restarting,etc.

    Thanks

  4. #4
    Join Date
    Aug 2008
    Location
    St Pete FL USA
    Posts
    392
    Rep Power
    7

    Default

    Well, I uncommented the first one, and none of the options lines, and mine seems to be working ok.
    Jay R. Ashworth - ZCS 6.0.9CE/CentOS5 - St Pete FL US - Music - Blog - Photography - IANAL - IAAMA
    Try to Ask Questions The Smart Way -- you'll get better answers.

    Put your product and version in your profile/signature - All opinions strictly my own, even though I have an employer these days.
    If you [SOLVE] something, please tell everyone how for the archives
    And, please... read what people write, and answer the questions they asked, not the ones they didn't.

  5. #5
    Join Date
    Sep 2008
    Posts
    6
    Rep Power
    7

    Default Didnt work

    Quote Originally Posted by Baylink View Post
    Well, I uncommented the first one, and none of the options lines, and mine seems to be working ok.
    Ok I tried this on a test server and sadly it didnt work...

    Any other suggestion?

    Zimbra wiki states that: The default postfix configuration allows relaying only for the local network, but you can configure postfix to allow relaying unconditionally for arbitrary hosts or networks.

    Then there should be a way to allow the server to relay freely?
    Last edited by rasoft2000; 09-29-2008 at 05:58 AM.

  6. #6
    Join Date
    Aug 2008
    Location
    St Pete FL USA
    Posts
    392
    Rep Power
    7

    Default

    You *did* restart Zimbra after uncommenting that line, right?

    I didn't have to do any configuration after enabling the MSA daemon.
    Jay R. Ashworth - ZCS 6.0.9CE/CentOS5 - St Pete FL US - Music - Blog - Photography - IANAL - IAAMA
    Try to Ask Questions The Smart Way -- you'll get better answers.

    Put your product and version in your profile/signature - All opinions strictly my own, even though I have an employer these days.
    If you [SOLVE] something, please tell everyone how for the archives
    And, please... read what people write, and answer the questions they asked, not the ones they didn't.

Similar Threads

  1. Could use some advise: Re: Relay setup
    By DMRDave in forum Administrators
    Replies: 3
    Last Post: 07-18-2008, 09:05 PM
  2. upgrading to network edition
    By zzzzsg in forum Installation
    Replies: 11
    Last Post: 03-06-2008, 09:58 PM
  3. need advice on configuring zimbra to work with fax server
    By pheonix1t in forum Administrators
    Replies: 0
    Last Post: 07-11-2007, 07:46 PM
  4. Postfix Relay Domains Possible?
    By LMStone in forum Administrators
    Replies: 1
    Last Post: 09-18-2006, 10:41 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •