I'm probably showing my ignorance here, but I have a stupid question...
An SMTP server requires authentication in order to prevent open relays. This I get. In cases of webmail (Zimbra), the server is itself the source (localhost) or behind the SMTP server on the network and added as a OK relay source. Again, this I get.
Now here's my question. When I send a message to an account on Zimbra from inside (webmail, or email client) to another account on Zimbra that has a forwarding address setup that goes to an external domain, everything works fine. However, if I send a message to said address FROM an external domain, to this address that forwards, I get a message back saying something about not relaying.
I ASSUME this is because the Zimbra MTA is looking at the original source of the message to determine if it's going to forward it or not (So a Gmail account wouldn't forward, while an internal account would). My question is then, (a) Why does it work this way? Shouldn't it just forward out from the Zimbra server and thus be OK'd? I'm assuming this is to stop an open relay type attack, but I'm not clear on where the vulnerability is. or (b) if this isn't the case, how do we open up the server to allow our users to have mail forwarded to their external accounts.
Specifically, I want to take email@example.com with a forward to firstname.lastname@example.org or email@example.com and when someone sends an e-mail to this user it automatically forwards it on. I'm getting relay errors though, and my search's to find a solution have been in vain thus far (Again, probably because of my own ignorance into the situation). Can someone explain to me what's going on / why it is that way, and if it is advisable to allow this, and if so, how?
This would be handy for distribution lists as well, unless I am misunderstanding the point of distribution lists...