Results 1 to 3 of 3

Thread: [SOLVED] SMTP AUTH/TLS Problem

  1. #1
    Join Date
    Sep 2008
    Rep Power

    Default [SOLVED] SMTP AUTH/TLS Problem

    Hi everyone,

    I have taken a look at previous posts and the wiki for the problem I am having, but the only ones I can find are regarding authentication issues connecting to the back end LDAP server. I have just done a fresh install of Zimbra and installed commercial CA (via the admin website wizard) and everything seems to be working fine however the issue I am having is that even though "Enable authentication" and "TLS authentication only" is enabled in both the global settings and the specific MTA server (i have even checked the when connecting and hoping to relay, postfix does not even offer up STARTTLS and the AUTH methods available and therefore relaying fails for all but local(virtual) accounts.

    During my initial testing the TLS was working but all of a sudden it just "dissappeared" and I am not sure when it actually did this, there are no errors in zimbra.log or mail.log from postfix (there is actually nothing at all referencing saslauthd from postfix) apart from the relay rejection messages. As I thought it could be to do with the certs I installed our commercial ones which did not make a difference and I really don't want to have to reinstall now I have got them working as the process looks very troublesome restoring them (unless I can be told otherwise)? Can there be anything I am missing or the reason why postfix is no longer advertising SMTP AUTH even though according to the configs it should be, I am zcs-5.0.9_GA_2533 and the postfix is below:

    sender_canonical_maps = proxy:ldap:/opt/zimbra/conf/
    virtual_alias_domains = proxy:ldap:/opt/zimbra/conf/
    lmtp_connection_cache_time_limit = 4s
    recipient_delimiter =
    smtpd_sasl_auth_enable = yes
    smtpd_tls_cert_file = /opt/zimbra/conf/smtpd.crt
    smtpd_tls_auth_only = yes
    myhostname =
    virtual_mailbox_domains = proxy:ldap:/opt/zimbra/conf/
    mydestination = localhost
    mailbox_size_limit = 0
    setgid_group = postdrop
    smtpd_client_restrictions = reject_unauth_pipelining
    queue_run_delay = 300s
    minimal_backoff_time = 300s
    virtual_alias_maps = proxy:ldap:/opt/zimbra/conf/
    transport_maps = proxy:ldap:/opt/zimbra/conf/
    message_size_limit = 10240000
    sendmail_path = /opt/zimbra/postfix/sbin/sendmail
    broken_sasl_auth_clients = yes
    lmtp_connection_cache_destinations =
    alias_maps = hash:/etc/aliases
    manpage_directory = /opt/zimbra/postfix/man
    smtpd_helo_required = yes
    in_flow_delay = 1s
    daemon_directory = /opt/zimbra/postfix/libexec
    maximal_backoff_time = 4000s
    virtual_transport = error
    mynetworks =
    smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unlisted_recipient, reject_invalid_hostname, reject_non_fqdn_sender, permit
    lmtp_host_lookup = dns
    smtpd_tls_loglevel = 1
    relayhost =
    disable_dns_lookups = yes
    mail_owner = postfix
    virtual_mailbox_maps = proxy:ldap:/opt/zimbra/conf/
    content_filter = smtp-amavis:[]:10024
    version =
    mailq_path = /opt/zimbra/postfix/sbin/mailq
    header_checks = pcre:/opt/zimbra/conf/postfix_header_checks
    smtpd_use_tls = yes
    queue_directory = /opt/zimbra/data/postfix/spool
    newaliases_path = /opt/zimbra/postfix/sbin/newaliases
    smtpd_reject_unlisted_recipient = no
    smtpd_data_restrictions = reject_unauth_pipelining
    local_header_rewrite_clients = permit_mynetworks,permit_sasl_authenticated
    smtpd_tls_key_file = /opt/zimbra/conf/smtpd.key
    command_directory = /opt/zimbra/postfix/sbin

  2. #2
    Join Date
    Sep 2008
    Rep Power

    Default Solved

    Hi everyone,
    I have to say this lost me a hell of alot of time and it was nothing to do with the Zimbra install but for whatever reason a firewall was proxying the smtp connection and I presume did not support TLS as when I carried out a telnet from a both a nearby box and the localhost the STARTTLS was there. So to save people pulling thier hair out in the future try a localhost telnet first before you start messing around for hours on end and if you are having problems check not only your local antivirus/firewall but also any including proxys(transparent) between your mail servers and the potential clients as alot do not support TLS...

  3. #3
    Join Date
    Aug 2007
    Rep Power


    THANK YOU!!!!!!! That was my problem too. Thank you so much for coming back to post your solution.. I wanted to let you know that your efforts to do so was not wasted.

    Your post and the clues from this link:

    Transport Layer Security (TLS)

    solved my problem.

    seeding this forum post:


Similar Threads

  1. SMTP problem
    By yk11 in forum Administrators
    Replies: 3
    Last Post: 01-23-2008, 04:49 PM
  2. smtp table lookup problem
    By s_c_johnson in forum Installation
    Replies: 5
    Last Post: 09-21-2007, 05:46 AM
  3. need advice on configuring zimbra to work with fax server
    By pheonix1t in forum Administrators
    Replies: 0
    Last Post: 07-11-2007, 07:46 PM
  4. Replies: 0
    Last Post: 03-26-2007, 03:12 AM
  5. Is it started or not
    By kwelipatton in forum Installation
    Replies: 10
    Last Post: 03-28-2006, 10:11 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts