Results 1 to 7 of 7

Thread: [SOLVED] Domain rejects

  1. #1
    Join Date
    May 2007
    Posts
    63
    Rep Power
    8

    Default [SOLVED] Domain rejects

    Ok, I have a lot of experience with sendmail, but the postfix/zimbra mta is all new to me. We have a mailfoundry appliance, and I've disabled anti-spam/anti-virus on the zimbra service (for load reasons). The mailfoundry auto-learns what domain to forward to smtp destination IP's that I specify for it, this worked fine with sendmail, however my zimbra/postfix is apparently not responding properly when the mailfoundry ask it if it host the domain, it appears to the mailfoundry that zimbra accepts the domain. The mailfoundry then adds the domain automatically to the smtp host, this is bad. Is there any way to change this behavior, so Zimbra only accepts mail for domains it actually host?

  2. #2
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    By default ZCS will reject email for non-deliverable mail addresses. So, I reckon the issue is that your ZimbraMtaMyNetworks - Zimbra :: Wiki is allowing the invalid domain as a relayed one.

  3. #3
    Join Date
    May 2007
    Posts
    63
    Rep Power
    8

    Default

    Nope, that's not the case. What else could be causing Zimbra to think it host domains that it doesn't? It is rejecting plenty of mail.

    zmprov getServer nfs.tc3net.com | grep zimbraMtaMyNetworks
    zimbraMtaMyNetworks: 127.0.0.0/8 10.40.40.0/24 64.112.192.0/26 10.20.20.0/24 64.112.192.0/19

  4. #4
    Join Date
    May 2007
    Posts
    63
    Rep Power
    8

    Default

    Any help on this? I just got word back from the vendor of my mail appliance, they say the following.

    "Make sure that your mail server is only accepting domains that it actually controls. One thing that can cause this behavior is if the mail server is setup in to trusting of a mode for other servers on its network and since the mailfoundry is on its network it may just be assuming anything attempted from the appliance should be valid and accepting it. I am not sure where that kind of setting would be on your mail server but I have seen this behavior before and it typically is just a minor permission change thats needed.

    Auto domains will work correctly with any server that will give a correct 250 OK for domains it actually controls and a 550 denied for domains it does not. "

    I do have the device set up as the zimbraDNSCheckHostname and zimbraMtaRelayHost, and it is also included in the networks I have specified for relay. With my previous sendmail system it was also part of an allowed relay network, it was also specified as a smarthost, and all my local domains were specified in sendmail.cw, I think I just need to figure out how all this works in postfix.

    EDIT: Pretty much what you said UxBod, but I'm not sure how my previous sendmail setups worked fine when the mailfoundry was allowed to relay.
    Last edited by drwho18; 05-18-2009 at 09:03 AM.

  5. #5
    Join Date
    May 2007
    Posts
    63
    Rep Power
    8

    Default

    Ok, I did some awkward subnetting with mynetworks to exclude the Mailfoundry MX device from being able to relay, and that appears to have resolved the Domain discovery issue between it and Zimbra.

  6. #6
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Cool At least it keeps your networking hand in Glad it is okay now though.

    On a serious note can your front-end MTA now perform LDAP lookups ?

  7. #7
    Join Date
    May 2007
    Posts
    63
    Rep Power
    8

    Default

    I've not tried, the mailfoundry has an Exchange plugin feature which also says it does LDAP lookups, but I'm not familiar enough with the zimbra schema to know if it's a generic enough lookup to work. It does work with Exchange server customers that we have fine.

    A typical Auth DN for Active Directory might look like CN=Auth E. User,CN=Users,DC=winserver,DC=mailfoundry,DC=com . A typical Search Base for Active Directory could be CN=Users,DC=winserver,DC=mailfoundry,DC=com.

    Although I did a test with a valid address and it said it was successful, and it said an invalid one was invalid. It only works for my main Domain though, none of the aliased ones seem to work.
    Last edited by drwho18; 05-18-2009 at 03:01 PM.

Similar Threads

  1. Replies: 7
    Last Post: 04-27-2009, 02:49 AM
  2. Replies: 20
    Last Post: 03-18-2008, 05:37 AM
  3. [SOLVED] Remove main domain!
    By zibra in forum Administrators
    Replies: 11
    Last Post: 09-27-2007, 08:50 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •