Hi.

I recently moved our zimbra install from port 8888 to port 80 using zmprov ms hostname zimbraMailPort 80.

It's working well!

My problem is that our 'mail' and 'MX' DNS records point to the same IP as our mail web server. So I'm forwarding the traffic to the Web Client from the firewall using a different IP and different hostname 'zimbra.domain.com'.

It's working well!

The only thing that isn't working is that suddenly, all IMAP and pop clients (Mail on MAC OSX and Outlook and Outlook Express) have lost the ability to SEND MAIL.

Everyone is getting bad password messages. I checked and the problem is that all SMTP auth is gone, even though it appears to be on. If I turn off SMTP auth and 'use tls' in my Mail client, they send just fine. Meaning, my SMTP service is running pretty much wide open! : ( uh oh I can telnet in on port 25 and send mail just fine. So somehow, by moving this port I've broken my authentication for smtp even though IMAP and POP and the web client are all working really well.

So I checked zmprov by... zmprov gs hostname | grep Auth

and found:

zimbraMtaAuthEnabled: TRUE
zimbraMtaAuthHost: mail.mydomain.com
zimbraMtaAuthURL: http://mail.mydomain.com/service/soap
zimbraMtaTlsAuthOnly: TRUE

Those seem ok to me, but no auth is being enforced at all. Is that URL being used by the client machines outside the firewall.... in which case it'd need to be http://zimbra.mydomain.com/service/soap.

I've fiddled with those two settings a bit but haven't effected any change in the behaviour of my system. No matter how I set them up it seems the same... web client is fine, imap is fine, pop is fine, but smtp is messed up, because it's running wide open with no auth and no tls.

Can anyone point me to an article I'm missing or suggest some settings I might want to check or just assure me that zimbraMtaAuthURL is never used by anything outside my firewall?

Sorry to not have provided more info, I'm just not sure what else to post so hopefully if I've missed something obvious that would be helpful you could let me know.

Many thanks,
Heath