Post some details of the IP ranges in use and what is in your 'postconf mynetworks'.
The network which I use is 172.27.0.0/20.
The result of 'postconf mynetworks' is:
mynetworks = 127.0.0.0/8 172.27.0.0/20 a.b.c.d/25
where a.b.c.d/25 represents my Public IP Address range( Obscured for privacy reasons).
Please note that I am having two network interfaces on the Zimbra server. One private and one public.
The IP Address of the PC from which relaying was possible is 172.26.105.127.
Last edited by generic31; 01-13-2007 at 08:06 AM.
Generic31, I don't understand why do you think zimbra relay block is not working.
If you host a domain in Zimbra, your server will ALWAYS ACCEPT all mails for your domain because it's YOUR DOMAIN.
It will refuse send mails to other domains, but yours is yours. Don't bother about "mynetworks" and others in postfix. If it's for you, it's accepted.
For not accepting emails for your domain, you should use antispam system, for example, or tune postfix with a blacklist system.
Generic, re-reading your post, I understand that you have a "direct transport" for two domains (a.domain and b.domain) , and that you only host a third one (c.domain), and when you try to relay to a or b, zimbra do it without rejecting. Is it true?
If yes, check zimbra postfix config for "mydestination" (exec postconf | grep mydestinatio as zimbra user). These property controls what domains are consider as local, and so mail are accepted without checking IP address...
You could have found a bug.
how have you implemented the 'direct transport'?
mydestination = $myhostname, localhost.$mydomain, localhost
dijichi2, let me explain my situation again.
'Other' domains: 'cse.domain.net' and 'domain.net'
My domain: 'security.domain.net'
To these 'local' domains, I have configured Zimbra to deliver the mails directly by the following procedure:
zmprov cd domain.net
zmrov>md domain.net zimbraMailCatchAllAddress @domain.net
zmprov>md domain.net zimbraMailCatchAllForwardingAddress @domain.net
zmprov>md domain.net zimbraMailTransport smtp:172.31.1.1
where, 172.31.1.1 is the internal address of the Mail Server running for the above domain.
Same for the domain- 'cse.domain.net'
Could I be wrong somewhere?
Last edited by generic31; 01-15-2007 at 03:57 AM.
You have to check that there is a MX register at DNS server for cse.domain.net and domain.net or at least a default A register (or a hosts entry for csd.domain.net and domain.net if you don't have a DNS server or access to an external DNS server).
Your server will receive mails, apply relay rules and if user authenticates, it will check with your defined DNS where to relay that mails. And no other configuration is needed.
yup, as inigoml says, you've created an authoritative domain in your server then you're deliberately catching all incoming email to the domain and forwarding it through specific transport directive. Of course the server is going to relay email to those domains, you've explicity told it to
this is what split dns is for - presumably your internal dns is setup with correct internal mx records for the other subnets, use those for delivery. this should be faster and more accurate (for instance, you're currently accepting email through catchalls that possibly should not be accepted).
I did try the hosts file trick, but could not get it working. Could you please elaborate on how to setup my hosts file to point to 172.31.1.1 for the 'cse.domain.net' and 'domain.net'.
The problem has been solved. We just need to configure transports and get the required job done. Thank you all for your help.