Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: smtp interface to accept valid email accounts

  1. #1
    Join Date
    Apr 2006
    Location
    France
    Posts
    56
    Rep Power
    9

    Default smtp interface to accept valid email accounts

    Hello,

    We are using zimbra 4.01. We need to configure the smtp interface to accept incoming mail sent to valid email users on our zimbra domains (eg foo.com & bar.com).

    The reason is that we have a large antispam server in the DMZ doing all the hard (cpu) work, and needs to check valid email users with zimbra (using a smtp callout method), otherwise our support team gets 100s of "undeliverable" mails a day eg to hotchick@foo.com etc...

    I think that postifx can do this but maybe there's an easier zmprov solution

    Any help would be appreciated !

    Sebastian

  2. #2
    Join Date
    Apr 2006
    Location
    France
    Posts
    56
    Rep Power
    9

    Default

    Does somebody have an idea ? maybe more explanations ?

    Sebastian

  3. #3
    Join Date
    Apr 2006
    Location
    France
    Posts
    56
    Rep Power
    9

    Default

    any help ?

    thanks in advance,

    Sebastian

  4. #4
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    21

    Default

    Quote Originally Posted by sperkins
    Hello,

    We are using zimbra 4.01. We need to configure the smtp interface to accept incoming mail sent to valid email users on our zimbra domains (eg foo.com & bar.com).
    Hi Sebastian-
    I think our problem is that I don't fully understand the problem.
    If mail comes in to your smtp interface, and the user exists, it should be delivered.

    Are you saying that currently, you already have a server that accepts mail, and you would like to somehow forward the messages on from your dmz server onto your zimbra server?

    Honestly, I'm lost.

    john

  5. #5
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,322
    Rep Power
    13

    Default

    John, here's what I understand : he has a antispam server in the DMZ. This server currently accepts all mail incoming mail because it does not know if a user exists or not.

    So Sperkins is looking for a way to do "smtp callout" to check, from this server, that an account is valid (in his Zimbra server). Zimbra is able to do the check on its own (when mail arrives in the Zimbra server) but he'd like to do it from the antispam server too...

    The smtp callout method depends on the smtp daemon (and additionnal tools) but I think it's possible to do a LDAP callout to the Zimbra's server...

    Sperkins, is you antispam server a homebrew or commercial solution ?
    Which MTA is it running ?

  6. #6
    Join Date
    Nov 2005
    Posts
    73
    Rep Power
    10

    Default

    I have exactly the same problem!

    We are using Zimbra 4.02 and have a Barracuda SpamFirewall Server which is the mx server for our domain. The Barracuda server accepts all our incoming mails and then sends them to the Zimbra server.

    Before upgrading from Zimbra 3.1 to 4.02, we had no problem.

    After upgrading to 4.02, the Barracuda Spam Firewall server is not able to verify with Zimbra server if the recipient email account exists on the Zimbra server.

    1) When Barracuda receives an incoming mail addressed to, e.g., tom@abc.com (where abc.com is our domain), it tries to check with the Zimbra server using smtp to see if tom@abc.com exists on the Zimbra server.
    Since upgrading to Zimbra 4.02, the Barracuda is not able to do this anymore, and so it sends the email to tom@abc.com at the Zimbra server.

    2) If this is the first time the Barracuda receives an email for tom@abc.com, it will create a Barracuda user account for tom@abc.com after checking with the Zimbra server that tom@abc.com exists on the Zimbra server. But since upgrading Zimbra to 4, Barracuda is unable to check with Zimbra server. And so Barracuda creates a Barracuda user account for tom@abc.com even if tom@abc.com doesn't exist on the Zimbra server.


    3) After that, it sends an email notification to tom@abc.com informing him of his Barracuda user account. But since tom@abc.com does not exist on Zimbra, Zimbra Postfix sends back an Undelivered Mail message to the Barracuda admin cmgui@abc.com.


    Thank you

    gui


    this is an example of the Undelivered Mail Returned to Sender message
    -------- Original Message --------
    Received: by mail.abc.com (Postfix) id 3CC9118900B3; Sun, 15 Oct 2006 00:32:45 -0700 (PDT)
    Date: Sun, 15 Oct 2006 00:32:45 -0700 (PDT)
    From: MAILER-DAEMON@mail.abc.com (Mail Delivery System)
    Subject: Undelivered Mail Returned to Sender
    To: cmgui@abc.com
    MIME-Version: 1.0
    Content-Type: multipart/report; report-type=delivery-status; boundary="2D25018900B1.1160897565/mail.abc.com"
    Message-Id: <20061015073245.3CC9118900B3@mail.abc.com>



    This is the Postfix program at host mail.abc.com.

    I'm sorry to have to inform you that your message could not
    be delivered to one or more recipients. It's attached below.

    For further assistance, please send mail to <postmaster>

    If you do so, please include this problem report. You can
    delete your own text from the attached returned message.

    The Postfix program

    <ywojgio@abc.com>: abc.com



    Reporting-MTA: dns; mail.abc.com
    X-Postfix-Queue-ID: 2D25018900B1
    X-Postfix-Sender: rfc822; cmgui@abc.com
    Arrival-Date: Sun, 15 Oct 2006 00:32:45 -0700 (PDT)

    Final-Recipient: rfc822; ywojgio@abc.com
    Action: failed
    Status: 5.0.0
    Diagnostic-Code: X-Postfix; abc.com



    Subject:
    User Quarantine Account Information
    From:
    "Barracuda Spam Firewall" <cmgui@abc.com>
    Date:
    Sun, 15 Oct 2006 00:30:34 -0700 (PDT)
    To:
    <ywojgio@abc.com>
    Received:
    from mgate.abc.com (mgate.abc.com [206.180.225.66]) by mail.abc.com (Postfix) with ESMTP id 2D25018900B1 for <ywojgio@abc.com>; Sun, 15 Oct 2006 00:32:45 -0700 (PDT)
    Content-Type:
    multipart/related; boundary="Barracuda.21060542201948"
    MIME-Version:
    1.0
    Message-ID:
    <20061015073034.1D2081C0C375@mgate.abc.com>

    Welcome to the Barracuda Spam Firewall. This message contains the information you will need to access your Spam Quarantine and Preferences.

    Your account has been set to the following username and password:
    Username: ywojgio@abc.com
    Password: yddadsfw32

    Access your Spam Quarantine directly using the following link: http://mgate.abc.com:10000/cgi-bin/i...&et=1161329434




    Quote Originally Posted by sperkins
    Hello,

    We are using zimbra 4.01.

    The reason is that we have a large antispam server in the DMZ doing all the hard (cpu) work, and needs to check valid email users with zimbra (using a smtp callout method), otherwise our support team gets 100s of "undeliverable" mails a day eg to hotchick@foo.com etc...

    Sebastian
    Last edited by zzzzsg; 10-15-2006 at 08:03 PM.

  7. #7
    Join Date
    May 2006
    Location
    England.
    Posts
    927
    Rep Power
    10

    Default

    I'm sure there is a real good reason why you guys dont just direct the raw smtp at the zimbra server. I dont know what it is though, care to tell me?

    You see, unless I'm way off, zimbra will bounce mail sent to invalid addresses (unless you set a catchall) and this seems to be what your frontline server is doing, so why not just have zimbra do it anyway?

  8. #8
    Join Date
    Nov 2005
    Posts
    73
    Rep Power
    10

    Default

    Many companies buy commercial SpamFirewall servers like Barracuda to accept mails and filter spams and then send non-spam mails to their mail servers. I also don't know why but that's the way it is.

    Zimbra 3 has no problem working with our Barracuda SpamFirewall server.

    Zimbra 4 does not allow our Barracuda SpamFirewall server to check if a recipient email account exists on Zimbra.


    Quote Originally Posted by Dirk
    I'm sure there is a real good reason why you guys dont just direct the raw smtp at the zimbra server. I dont know what it is though, care to tell me?

    You see, unless I'm way off, zimbra will bounce mail sent to invalid addresses (unless you set a catchall) and this seems to be what your frontline server is doing, so why not just have zimbra do it anyway?

  9. #9
    Join Date
    Apr 2006
    Location
    France
    Posts
    56
    Rep Power
    9

    Default

    Hello,

    Klug's definition of our problem is spot on, and it works exactly like zzzzsg's spamfirewall server.

    We're using mailcleaner - a commercial antivirus/antispam system - in the DMZ (it uses Exim as MTA).

    Why throw in a second SMTP system ? Although zimbra has these options, it's still prefereable to have another system in the DMZ (when you have one !) :
    - it's in a DMZ... if it gets hacked, only that server gets compromised.
    - it takes all the internet bashing... on a separate CPU.

    In our worst case scenario (relay is totally hacked and useless), the mailboxes are INTACT and we only have to rebuild a quickie smtp relay system or better use zimbra's antispam/virus functions while we rebuild the DMZ server

    Do I understand that zimbra 3 worked with SMTP callouts but not zimbra 4 ? There is also a LDAP callout method, but I would prefer to stick with SMTP.

    Hope this helps !

    Sebastian

  10. #10
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,322
    Rep Power
    13

    Default

    Dirk is right on one point : if you don't have a Barracuda or Mailcleaner appliance, you can setup Zimbra's own MTA/AS/AV in the DMZ.

    But it won't handle quarantine (as an example of what is not handled)...

    I'll check the SMTP callout out on mailcleaner later (today or tomorrow) as this is our "soon to be online" setup (not only for Zimbra but our all customers).

Similar Threads

  1. need advice on configuring zimbra to work with fax server
    By pheonix1t in forum Administrators
    Replies: 0
    Last Post: 07-11-2007, 08:46 PM
  2. upgrade to 4.0.3 antispam does'nt work
    By lucanannipieri in forum Administrators
    Replies: 14
    Last Post: 11-07-2006, 03:56 AM
  3. Replies: 20
    Last Post: 05-08-2006, 12:34 AM
  4. Replies: 2
    Last Post: 03-20-2006, 10:50 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •