Relay per Domain not working after upgrade to 8.0.0 OSE
here's basic info and problem:
Zimbra: Release 8.0.0.GA.5434.UBUNTU12.64 UBUNTU12_64 FOSS edition.
UBUNTU10_64 -> UBUNTU12.64
Corporational network architecture. Zimbra is used as local (LAN) workgroup system and mail with localdomain (nor registered or visible in Internet) and mail traffic (SMNP/POP/IMAP) is not allowed outside corporate network.
Beside that there are 10 mail shared accounts (like department accounts) in external domain hosted in remote server in WAN, but still not in Internet. Mail traffic from this server is allowed in/out corporate network.
This external domain is reflected in Zimbra and mails from remote server are fetched and delivered in Zimbra to corresponding local accounts. This way using external accounts is easier for users - it is the same as local account.
Local accounts in external domain are shared and users with rights to use it have created persona to send emails to the outside world. This accounts have main transport defined in settings as smtp:externalserver.com:25 (externalserver.com IP:y.y.y.y). In Zimbra 8 they are granted sendAs right.
Only problem was relying mails from local copies of external accounts through remote server. It was solved per Relay per Domain - Zimbra :: Wiki
After upgrade to 8.0.0 relaying per domain stopped working. Of course changes to Postfix configuration were reapplied after Zimbra upgrade.
Investigation showed that after changes introduced/related to zimbraAllowFromAddress/sendOnBehalfOf/sendAs
BUG67091 - Support creating persona for addresses for which user has been granted sendAs/sendOnBehalfOf rights
BUG66387 - zimbraAllowFromAddress pref should exclude internal accounts
all mails at postfix level are seen as sent by local user (even mails sent from external domain and mails sent with external account
Nov 19 12:32:14 hermes opendkim: 1ED6FC22C7: no signing table match for 'firstname.lastname@example.org'
Nov 19 12:32:14 hermes postfix/qmgr: 1ED6FC22C7: from=< email@example.com >, size=1316, nrcpt=1 (queue active)
Nov 19 12:32:22 hermes postfix/smtp: 8A70EC2BD1: to=< firstname.lastname@example.org >, relay=externalserver.com[y.y.y.y]:25, delay=0.18, delays=0/0/0.08/0.1, dsn=2.0.0, status=sent (250 Queued! 1353324742 qp 30605 < 917622890.48.1353324733935.JavaMail.email@example.com >)
Nov 19 11:48:04 hermes opendkim: 2BBAEC2D64: no signing table match for 'firstname.lastname@example.org'
Nov 19 11:48:04 hermes postfix/qmgr: 2BBAEC2D64: from=< email@example.com >, size=1571, nrcpt=1 (queue active)
Nov 19 11:48:12 hermes postfix/smtp: 2BBAEC2D64: to=< firstname.lastname@example.org >, relay=127.0.0.1[127.0.0.1]:10026, delay=8.5, delays=0.05/0/0/8.4,
dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 99581C2D60)
Nov 19 11:48:42 hermes postfix/smtp: connect to mail.com[z.z.z.z]:25: Connection timed out
Nov 19 11:48:42 hermes postfix/smtp: 99581C2D60: to=< email@example.com >, relay=none, delay=30, delays=0/0/30/0, dsn=4.4.1,
status=deferred (connect to mail.com[z.z.z.z]:25: Connection timed out)
Is there a workaround to the problem? Any suggestions? Is this a bug that should be reported? Any help appreciated.