I've just been hitting the wall last two days trying to configure ZCS 7.1.4 to do the following:
- SmartHost/relay outbound mail only for single domain among lots of them
- relay to different smarthost relays depending on zimbra USER
- and finally, the toughest nut, to use SMTP authentication and SSL/TLS
Simple relay by domain and relay by user would have been working as described in link 2 posts above, but hey, how to use SMTP auth and also how to use TLS or SSL for SmartHost relay?
Well, I finally succeed!
0.) Change to zimbra user:
1.) Add the following to /opt/zimbra/postfix/conf/main.cf file:
2.) Create file /opt/zimbra/postfix/conf/relaybysender and put the maps for smarthost relays in it, for example:
sender_dependent_relayhost_maps = hash:/opt/zimbra/postfix/conf/relaybysender
NOTE: Adding "submission" at the end tells relay to use TLS over 587 port instead of port 25. Also be aware if you use "[" , "]" and ":submission" port here, you must use them also in Relay_passwords file!
3.) Create hash file:
4.) Not done yet!
Now we create matrix for SMTP authentication usernames and passwords. Create file /opt/zimbra/postfix/conf/relaypasswords and put server userass combinations in it:
NOTE, how we preserved exact server notation, exactly as in previous file!
5.) Create map for this one, too:
6.) In previous file we edited postfix configuration file manually, but we can do it also this way:
7.) Configure postfix to use SSL authentication and try if available TLS:
postconf -e smtp_sasl_password_maps=hash:/opt/zimbra/postfix/conf/relaypasswords
8.) ...and to use outgoing server name, rather than canonical name:
postconf -e smtp_sasl_auth_enable=yes
postconf -e smtp_tls_security_level = may
9.) Reload postfix
postconf -e smtp_cname_overrides_servername=no
10) Restart some Zimbra services, just for sure:
So, in /opt/zimbra/postfix/conf/main.cf you should see at the end of the file:
Test! Should work fine.
smtp_tls_security_level = may
sender_dependent_relayhost_maps = hash:/opt/zimbra/postfix/conf/relaybydomain
smtp_sasl_password_maps = hash:/opt/zimbra/postfix/conf/relaypasswords
smtp_cname_overrides_servername = no
See the logs for errors:
IMPORTANT: This config will NOT survive Zimbra upgrade! You must repeat above steps after each Zimbra upgrade.
tail -n 500 /var/log/mail.info