Results 1 to 4 of 4

Thread: Relay per Domain not working after upgrade to 8.0.0 OSE

  1. #1
    Join Date
    Nov 2011
    Posts
    11
    Rep Power
    4

    Exclamation Relay per Domain not working after upgrade to 8.0.0 OSE

    Hi,
    here's basic info and problem:

    Zimbra: Release 8.0.0.GA.5434.UBUNTU12.64 UBUNTU12_64 FOSS edition.

    Upgrade history:
    7.1.3_GA_3346.UBUNTU10_64
    7.2.0_GA_2669.UBUNTU10_64
    UBUNTU10_64 -> UBUNTU12.64
    8.0.0.GA.5434.UBUNTU12.64

    Corporational network architecture. Zimbra is used as local (LAN) workgroup system and mail with localdomain (nor registered or visible in Internet) and mail traffic (SMNP/POP/IMAP) is not allowed outside corporate network.
    Beside that there are 10 mail shared accounts (like department accounts) in external domain hosted in remote server in WAN, but still not in Internet. Mail traffic from this server is allowed in/out corporate network.
    This external domain is reflected in Zimbra and mails from remote server are fetched and delivered in Zimbra to corresponding local accounts. This way using external accounts is easier for users - it is the same as local account.
    Local accounts in external domain are shared and users with rights to use it have created persona to send emails to the outside world. This accounts have main transport defined in settings as smtp:externalserver.com:25 (externalserver.com IP:y.y.y.y). In Zimbra 8 they are granted sendAs right.
    Only problem was relying mails from local copies of external accounts through remote server. It was solved per Relay per Domain - Zimbra :: Wiki

    Problem
    After upgrade to 8.0.0 relaying per domain stopped working. Of course changes to Postfix configuration were reapplied after Zimbra upgrade.
    Investigation showed that after changes introduced/related to zimbraAllowFromAddress/sendOnBehalfOf/sendAs

    BUG67091 - Support creating persona for addresses for which user has been granted sendAs/sendOnBehalfOf rights
    BUG66387 - zimbraAllowFromAddress pref should exclude internal accounts

    all mails at postfix level are seen as sent by local user (even mails sent from external domain and mails sent with external account

    Before upgrade
    Code:
    Nov 19 12:32:14 hermes opendkim[11339]: 1ED6FC22C7: no signing table match for 'extaccount@externalserver.com'
    Nov 19 12:32:14 hermes postfix/qmgr[16643]: 1ED6FC22C7: from=< extaccount@externalserver.com >, size=1316, nrcpt=1 (queue active)
    ...
    Nov 19 12:32:22 hermes postfix/smtp[19025]: 8A70EC2BD1: to=< john@mail.com >, relay=externalserver.com[y.y.y.y]:25, delay=0.18, delays=0/0/0.08/0.1, dsn=2.0.0, status=sent (250 Queued! 1353324742 qp 30605 < 917622890.48.1353324733935.JavaMail.root@externalserver.com >)
    After upgrade
    Code:
    Nov 19 11:48:04 hermes opendkim[2267]: 2BBAEC2D64: no signing table match for 'extaccount@externalserver.com'
    Nov 19 11:48:04 hermes postfix/qmgr[4453]: 2BBAEC2D64: from=< localuser@internalserver.com >, size=1571, nrcpt=1 (queue active)
    ...
    Nov 19 11:48:12 hermes postfix/smtp[8092]: 2BBAEC2D64: to=< john@mail.com >, relay=127.0.0.1[127.0.0.1]:10026, delay=8.5, delays=0.05/0/0/8.4, 
    dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 99581C2D60)
    ...
    Nov 19 11:48:42 hermes postfix/smtp[7609]: connect to mail.com[z.z.z.z]:25: Connection timed out
    Nov 19 11:48:42 hermes postfix/smtp[7609]: 99581C2D60: to=< john@mail.com >, relay=none, delay=30, delays=0/0/30/0, dsn=4.4.1, 
    status=deferred (connect to mail.com[z.z.z.z]:25: Connection timed out)
    Question
    Is there a workaround to the problem? Any suggestions? Is this a bug that should be reported? Any help appreciated.
    Last edited by b0rek; 11-27-2012 at 02:04 AM. Reason: not all visible in logs

  2. #2
    Join Date
    Nov 2012
    Location
    Bangalore
    Posts
    173
    Rep Power
    3

    Default

    Hi,

    Hope you have tried this before upgrade..


    0.) Change to zimbra user:
    Code:

    sudo su zimbra

    1.) Add the following to /opt/zimbra/postfix/conf/main.cf file:
    Code:

    sender_dependent_relayhost_maps = hash:/opt/zimbra/postfix/conf/relaybysender

    2.) Create file /opt/zimbra/postfix/conf/relaybysender and put the maps for smarthost relays in it, for example:
    Code:

    @domain1.com [10.20.30.40]
    @domain2.com [relay2.someserver.com]:submission
    user@domain3.com [relay3.someserver.com]:submission

    NOTE: Adding "submission" at the end tells relay to use TLS over 587 port instead of port 25. Also be aware if you use "[" , "]" and ":submission" port here, you must use them also in Relay_passwords file!
    3.) Create hash file:
    Code:

    postmap /opt/zimbra/postfix/conf/relaybysender

    4.) Not done yet!
    Now we create matrix for SMTP authentication usernames and passwords. Create file /opt/zimbra/postfix/conf/relaypasswords and put server userass combinations in it:
    Code:

    [10.20.30.40] usernameassword
    [relay2.someserver.com]:submission usernameassword
    [relay3.someserver.com]:submission usernameassword

    NOTE, how we preserved exact server notation, exactly as in previous file!
    5.) Create map for this one, too:
    Code:

    postmap hash:/opt/zimbra/postfix/conf/relaypasswords

    6.) In previous file we edited postfix configuration file manually, but we can do it also this way:
    Code:

    postconf -e smtp_sasl_password_maps=hash:/opt/zimbra/postfix/conf/relaypasswords

    7.) Configure postfix to use SSL authentication and try if available TLS:
    Code:

    postconf -e smtp_sasl_auth_enable=yes
    postconf -e smtp_tls_security_level = may

    8.) ...and to use outgoing server name, rather than canonical name:
    Code:

    postconf -e smtp_cname_overrides_servername=no

    9.) Reload postfix
    Code:

    postfix reload

    10) Restart some Zimbra services, just for sure:
    Code:

    zmmtactl restart

    So, in /opt/zimbra/postfix/conf/main.cf you should see at the end of the file:
    Code:

    smtp_tls_security_level = may
    sender_dependent_relayhost_maps = hash:/opt/zimbra/postfix/conf/relaybydomain
    smtp_sasl_password_maps = hash:/opt/zimbra/postfix/conf/relaypasswords
    smtp_cname_overrides_servername = no

    Test! Should work fine.
    See the logs for errors:
    Code:

    tail -n 500 /var/log/mail.info

    You must repeat above steps after each Zimbra upgrade.

    This should work ..
    Let me know about it

    ()Raunaq---

  3. #3
    Join Date
    Nov 2011
    Posts
    11
    Rep Power
    4

    Default

    Thanks Raunaq for answer. I've followed Relay per Domain - Zimbra :: Wiki and everything was working fine before upgrade to 8.0.0. In this version of Zimbra there were changes to MTA configuration that made this solution not working.
    I've searched forum before posting to no avail, but yesterday after second approach in searching from different angle I've came across new informations.

    1. In ZCS 8 file /opt/zimbra/postfix/conf/main.cf is no longer used. To make changes to those settings zmlocalconfig should be used. For example

    Code:
    zmlocalconfig -e postfix_smtp_sasl_auth_enable=yes
    zmlocalconfig -e postfix_smtp_cname_overrides_servername=no
    More here:
    http://www.zimbra.com/forums/adminis...ix-reload.html
    http://www.zimbra.com/forums/adminis...x-senders.html

    2. For relay per domain I've run

    Code:
    zmlocalconfig -e postfix_sender_dependent_relayhost_maps=hash:/opt/zimbra/postfix/conf/bysender
    zmmtactl restart
    But still mails from external accounts and personas were sent with local sender address.

    3. Then I've found Bug 40731 &ndash; Wrong MAIL FROM in SMTP dialog when using a Persona and http://www.zimbra.com/forums/adminis...gh-zimbra.htmlwhich pointe me to setting zimbraSmtpRestrictEnvelopeFrom

    SMTP behavior now switches based on the value of
    zimbraSmtpRestrictEnvelopeFrom. When it's set to TRUE, we force
    MAIL FROM in the SMTP session to be the address of the account.
    When it's set to FALSE, MAIL FROM is set to either the Sender or
    From header value in the outgoing message, in that order.
    after setting
    Code:
    zmprov mc default zimbraSmtpRestrictEnvelopeFrom FALSE
    zmprov mc defaultExternal zimbraSmtpRestrictEnvelopeFrom FALSE
    mails sent by personas are correctly relayed as set in /opt/zimbra/postfix/conf/bysender but mails set from external account still have local address as sender and postfix tries to deliver them directly and mails ends deferred.

    I'm still looking for complete solution.

    Leszek

  4. #4
    Join Date
    Jun 2013
    Posts
    3
    Rep Power
    2

    Default

    I'm facing the same issue with Zimbra 8, did you manage to resolve?

    GIuseppe

Similar Threads

  1. Relay per domain
    By xray0045 in forum Administrators
    Replies: 1
    Last Post: 11-30-2012, 02:01 AM
  2. [SOLVED] specify relay for a certain domain
    By maxxer in forum Administrators
    Replies: 2
    Last Post: 08-31-2010, 01:56 AM
  3. Use Zimbra as relay for one domain
    By zagg in forum Administrators
    Replies: 3
    Last Post: 11-26-2009, 09:30 AM
  4. Relay per Domain is not working
    By Savage82 in forum Administrators
    Replies: 0
    Last Post: 09-24-2009, 04:21 AM
  5. How to add relay domain to postfix
    By borispr in forum Administrators
    Replies: 2
    Last Post: 07-31-2008, 07:37 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •