Results 1 to 9 of 9

Thread: [SOLVED] Sending mail through an external relay - PER DOMAIN

Hybrid View

  1. #1
    Join Date
    Jul 2007
    Posts
    2
    Rep Power
    8

    Cool [SOLVED] Sending mail through an external relay - PER DOMAIN

    Good day,

    I've read the article on configuring zimbra for using a external SMTP relay. Sending mail through an external relay - Zimbra :: Wiki

    I have multiple domains on my server and only want one of them using a external SMTP relay.

    How can I set it up to do this routing

    Thank you in advance

  2. #2
    Join Date
    Apr 2010
    Location
    Italy
    Posts
    160
    Rep Power
    5

    Default

    Hi,

    the related bug is still assigned:

    Bug 32740 – Per domain Relay MTA for external delivery

    maybe this article could help you:

    Relay per Domain - Zimbra :: Wiki

    Regards

  3. #3
    Join Date
    Jul 2007
    Posts
    2
    Rep Power
    8

    Default

    Thanks a lot. This is a big help

  4. #4
    Join Date
    Apr 2010
    Location
    Italy
    Posts
    160
    Rep Power
    5

    Default

    Glad you have solved.

    Regards

  5. #5
    Join Date
    Nov 2009
    Location
    Ljubljana, Slovenia
    Posts
    268
    Rep Power
    6

    Default

    I've just been hitting the wall last two days trying to configure ZCS 7.1.4 to do the following:
    - SmartHost/relay outbound mail only for single domain among lots of them
    - relay to different smarthost relays depending on zimbra USER
    - and finally, the toughest nut, to use SMTP authentication and SSL/TLS

    Simple relay by domain and relay by user would have been working as described in link 2 posts above, but hey, how to use SMTP auth and also how to use TLS or SSL for SmartHost relay?

    Well, I finally succeed!
    Here's how:

    0.) Change to zimbra user:
    Code:
    sudo su zimbra
    1.) Add the following to /opt/zimbra/postfix/conf/main.cf file:
    Code:
    sender_dependent_relayhost_maps = hash:/opt/zimbra/postfix/conf/relaybysender
    2.) Create file /opt/zimbra/postfix/conf/relaybysender and put the maps for smarthost relays in it, for example:
    Code:
    @domain1.com  [10.20.30.40]
    @domain2.com  [relay2.someserver.com]:submission
    user@domain3.com  [relay3.someserver.com]:submission
    NOTE: Adding "submission" at the end tells relay to use TLS over 587 port instead of port 25. Also be aware if you use "[" , "]" and ":submission" port here, you must use them also in Relay_passwords file!
    3.) Create hash file:
    Code:
    postmap /opt/zimbra/postfix/conf/relaybysender
    4.) Not done yet!
    Now we create matrix for SMTP authentication usernames and passwords. Create file /opt/zimbra/postfix/conf/relaypasswords and put server userass combinations in it:
    Code:
    [10.20.30.40] username:password
    [relay2.someserver.com]:submission username:password
    [relay3.someserver.com]:submission username:password
    NOTE, how we preserved exact server notation, exactly as in previous file!
    5.) Create map for this one, too:
    Code:
    postmap hash:/opt/zimbra/postfix/conf/relaypasswords
    6.) In previous file we edited postfix configuration file manually, but we can do it also this way:
    Code:
    postconf -e smtp_sasl_password_maps=hash:/opt/zimbra/postfix/conf/relaypasswords
    7.) Configure postfix to use SSL authentication and try if available TLS:
    Code:
    postconf -e smtp_sasl_auth_enable=yes
    postconf -e smtp_tls_security_level = may
    8.) ...and to use outgoing server name, rather than canonical name:
    Code:
    postconf -e smtp_cname_overrides_servername=no
    9.) Reload postfix
    Code:
    postfix reload
    10) Restart some Zimbra services, just for sure:
    Code:
    zmmtactl restart
    So, in /opt/zimbra/postfix/conf/main.cf you should see at the end of the file:
    Code:
    smtp_tls_security_level = may
    sender_dependent_relayhost_maps = hash:/opt/zimbra/postfix/conf/relaybydomain
    smtp_sasl_password_maps = hash:/opt/zimbra/postfix/conf/relaypasswords
    smtp_cname_overrides_servername = no
    Test! Should work fine.
    See the logs for errors:
    Code:
    tail -n 500 /var/log/mail.info
    IMPORTANT: This config will NOT survive Zimbra upgrade! You must repeat above steps after each Zimbra upgrade.
    Zimbra on SGH dedicated hosting farm, Slovenia.
    In 2013 we announce new program of low cost SSL server certificates.

  6. #6
    Join Date
    Mar 2012
    Posts
    3
    Rep Power
    3

    Default Question about using Gmail as an SMTP relay for one user

    Labsy,

    I just read and followed you excellent instructions on getting Zimbra to send to an external SMTP relay for a single user.

    However I ran into a little problem; when I send a test mail I get the following in the log file:

    Code:
    Mar 26 14:26:19 mail postfix/smtp[31360]: certificate verification failed for smtp.gmail.com[173.194.76.108]:587: untrusted issuer /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
    Mar 26 14:26:19 mail postfix/smtp[31360]: warning: SASL authentication failure: No worthy mechs found
    Mar 26 14:26:19 mail postfix/smtp[31360]: 6A9BAA399F: SASL authentication failed; cannot authenticate to server smtp.gmail.com[173.194.76.108]: no mechanism available
    So it looks like Zimbra doesn't like the certificate for smtp.gmail.com. Is there a way to add an exception? Or does anyone have any other ideas?

    Any help would be appreciated.

    Sean

  7. #7
    Join Date
    Nov 2009
    Location
    Ljubljana, Slovenia
    Posts
    268
    Rep Power
    6

    Default

    Hi SeanJoyce,
    you may try with suggestions from Troubleshoting part of this Wiki article: Outgoing SMTP Authentication - Zimbra :: Wiki
    Zimbra on SGH dedicated hosting farm, Slovenia.
    In 2013 we announce new program of low cost SSL server certificates.

  8. #8
    Join Date
    Mar 2012
    Posts
    3
    Rep Power
    3

    Default Debugging

    Hi Labsy,

    Thanks for the reply and the link to that post. I had seen it already but I haven't fully followed it yet. I just got some higher level debugging back in the log and I have a better idea of what's going on now. I have to try a few things and then I'll let you know how I get on. Thanks again.

    Sean

  9. #9
    Join Date
    Mar 2012
    Posts
    3
    Rep Power
    3

    Default Solution for Gmail

    Thanks Labsy,

    The solution to make this work with Gmail was in that post you sent me.

    Add the following line to main.cf:

    Code:
    smtp_sasl_security_options = noanonymous
    The default is:
    Code:
    smtp_sasl_security_options = noplaintext, noanonymous
    Because you have already established a TLS tunnel, gmail then does the authenication in plaintext.

    Sean

Similar Threads

  1. Replies: 8
    Last Post: 04-10-2011, 10:14 AM
  2. help with smtp auth
    By pheonix1t in forum Installation
    Replies: 1
    Last Post: 04-27-2009, 07:56 AM
  3. Replies: 2
    Last Post: 02-12-2008, 11:55 AM
  4. Sending mail to external addresses
    By dmg in forum Installation
    Replies: 1
    Last Post: 02-21-2007, 01:16 PM
  5. domain coexistence
    By marcmac in forum Administrators
    Replies: 14
    Last Post: 06-30-2006, 02:19 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •