Zimbra relay problems
We have a zimbra server that we use for sending mails for all our applications. For this we added some trusted MTA networks:
However, even after rebooting the system we still get the following error.
zmprov getServer zimbra.capegroep.nl | grep zimbraMtaMyNetworks
zimbraMtaMyNetworks: 127.0.0.0/8 22.214.171.124/29 126.96.36.199/29 188.8.131.52/32 184.108.40.206/32 220.127.116.11/32
In here esb.capegroep.nl is the server that sends the relay request to our mailserver and cqa.btc.echelon.nl is the public address of our network.
Aug 29 15:59:53 zimbra postfix/smtpd: NOQUEUE: reject: RCPT from cqa.btc.echelon.nl[18.104.22.168]: 554 5.7.1 <firstname.lastname@example.org>: Relay access denied; from=<email@example.com> to=<firstname.lastname@example.org> proto=ESMTP helo=<esb.capegroep.nl>
What are we missing to enable our relay request?
You should not add any addition entries to the Trusted Networks other than your own LAN (or just the ZCS server) otherwise you may end up with a spam problem if the other server get compromised. Any 'user' sending mail through your server should use the correct Submission port 587 and that will need authentication, it's more secure than adding them to the Trusted Networks.
Originally Posted by Narev
That would require us to create an account for sending out mail, while i'm not opposed to that i would wonder, is it possible to create an account that is only able to send mail but not receive mail?
Yes, you can restrict who can send mail to a specific account.
I thought about this, but wouldn't the same thing go for the account? If i would store the username and password somewhere on the server? As a matter of fact if the server would get compromised and i would store the username/password somewhere on the server it would be a worse scenario. Because then i would need to change the username and password on all servers ^^ Or i would need to create separate accounts for each application but that seems like a waste of your licenses.
So that still makes me wonder, why could my initial configuration be off? Since my external ip address is added to the trustedmtanetwork i would still expect it to work?
I have thought things over Phoenix and i still would like to go with our initial try. Could you help me out with the reason why our zimbra server would still give a relay acces denied error even though our external ip is added to the MTAMyNetworks param?
I found out that my problem might be caused that my postfix/conf/main.cf file is not updated properly. I am not sure why this would be the case. But after restarting my postfix i noticed that there actually was a difference in my postconf mynetworks and my zimbra mtanetworks. The reason why these differe i don't know. But my guess is that it has something to do with my other forum post, about the auth error i receive in the admin console. Is there anyone out there that could shine a light on this?