Page 7 of 8 FirstFirst ... 5678 LastLast
Results 61 to 70 of 76

Thread: ZIMBRA SMTP AUTH problem

  1. #61
    Join Date
    Oct 2006
    Location
    Bangalore, India
    Posts
    95
    Rep Power
    9

    Default

    Not understanding why you want authentication for sending emails. SMTP authentication doesn't means authenticate before sending each mails. It is using for protect your server from being an Open Relay. SASL authentication normally working on port 465 for users who want to relay mail to other domains.

    If you enable authentication on port 25 , not any other servers (domains) will be able to send mails to your Server. bcz it wont allow to connect on port 25 without authentication.

  2. #62
    Join Date
    Apr 2009
    Location
    ASIA
    Posts
    66
    Rep Power
    6

    Default

    [solved]

    1、modify zimbraMtaMyNetworks (local interface and loopback interface)

    2、add reject_authenticated_sender_login_mismatch to smtpd_recipient_restrictions(after permit mynetworks,reject last)

    3、add smtpd_sender_login_maps = ldap:/opt/zimbra/conf/hms-user-map.cf

    (hms-user-map.cf from ldap-vmd.cf by custom.)


    now send mail only auth.


    thks all!

  3. #63
    Join Date
    Sep 2009
    Posts
    4
    Rep Power
    6

    Default

    Hi siomon,

    I'm having the same problem too, and followed your direction,
    but still didn't auth..
    could you please explain your steps more detail..
    and what is hm-user-map.cf looks like?

    Thx very much!

  4. #64
    Join Date
    Apr 2009
    Location
    ASIA
    Posts
    66
    Rep Power
    6

    Smile

    Quote Originally Posted by siomon.liu View Post
    [solved]

    1、modify zimbraMtaMyNetworks (local interface and loopback interface)

    2、add reject_authenticated_sender_login_mismatch to smtpd_recipient_restrictions(after permit mynetworks,reject last)

    3、add smtpd_sender_login_maps = ldap:/opt/zimbra/conf/hms-user-map.cf

    (hms-user-map.cf from ldap-vmd.cf by custom.)


    now send mail only auth.


    thks all!
    hi oranggil

    you may add this file for auth

    /opt/zimbra/postfix/conf/

    create local_domain for auth domain(your domain)
    #Content
    test.com local_domain

    as zimbra run(create db file)
    postmap local_domain


    modify main.cf at last

    smtpd_restriction_classes = local_domain
    local_domain=permit_mynetworks,reject_authenticate d_sender_login_mismatch, permit_sasl_authenticated,reject



    modify postfix_recipient_restrictions.cf
    ###first line
    check_sender_access hash:/opt/zimbra/postfix/conf/local_domain


    zmmtactl restart


    pls try ag

  5. #65
    Join Date
    Jun 2009
    Posts
    9
    Rep Power
    6

    Default I'd like to get SMTP AUTH working with Zimbra too

    We have an external spam appliance as the listed mx, and external mail should go to that, not directly to the mail server. Therefore we'd like anything not in mynetworks to have to authenticate.

    On my test server, I got SMTP AUTH working when I test it by telnetting to port 25, but now plaintext imap logins are broken. I get an error from the mail client about how I may need to connect via SSL or TLS.

    These are the postfix settings I changed:
    smtp_sasl_security_options=
    smtpd_recipient_restrictions=permit_mynetworks,per mit_sasl_authenticated,reject
    smtpd_sasl_auth_enable=yes
    smtpd_tls_auth_only=no

    I also changed this zimbra setting: zimbraMtaTlsAuthOnly FALSE

    This zimbra setting looks ok: zimbraImapCleartextLoginEnabled TRUE

    Any suggestions?

  6. #66
    Join Date
    Dec 2009
    Posts
    2
    Rep Power
    6

    Default

    Hello

    Basicly we can protect addresses in our domain with use of "smtpd_recipient_restrictions = reject_sender_login_mismatch".
    This will force need of auth for emails sended from our domain to other adresses in our domain and on to external domains. Also prevent auth users from spoofing mail because with "smtpd_sender_login_maps" we can define proper address owners so joedoe can only send from mail address joedoe@example.com not from janedoe@example.com.

    Now the question is how to integrate this with zimbra. Best way is to use ldap query but i dont have idea how to write a proper one. Any ideas ?

  7. #67
    Join Date
    Sep 2009
    Posts
    4
    Rep Power
    6

    Default

    Hi all,

    I actually followed siomon's previous steps, basically by adding these line in
    /opt/zimbra/postfix-2.6.5.2z/conf/main.cf
    proxy_read_maps = [all_maps], proxy:ldap:/opt/zimbra/conf/ldap-slm.cf
    smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch
    smtpd_sender_login_maps = proxy:ldap:/opt/zimbra/conf/ldap-slm.cf

    and create /opt/zimbra/conf/ldap-slm.cf, which contains
    server_host = ldap://[your_ldap_host]:389
    server_port = 389
    search_base =
    query_filter = (mail=%s)
    result_attribute = uid
    version = 3
    start_tls = yes
    tls_ca_cert_dir = /opt/zimbra/conf/ca
    bind = yes
    bind_dn = uid=zmpostfix,cn=appaccts,cn=zimbra
    bind_pw = zimbra
    timeout = 30

    and it worked! smtp will auth first, which met our requirement..
    actual use may vary depends on your version..

    Thx all!
    Last edited by oranggil; 12-11-2009 at 08:45 AM.

  8. #68
    Join Date
    Apr 2010
    Posts
    3
    Rep Power
    5

    Default

    First you need to check what you have in proxy_read_maps ( for example postconf | grep proxy_read_maps ) then mod it like this:

    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps proxy:ldap:/opt/zimbra/conf/ldap-slm.cf

    I also change ldap-slm.cf to :

    server_host = ldap://[your_ldap_host]:389
    server_port = 389
    search_base =
    query_filter = (&(|(zimbraMailDeliveryAddress=%s)(zimbraMailAlias =%s)(zimbraMailCatchAllAddress=%s)(mail=%s))(zimbr aMailStatus=enabled))
    result_attribute = zimbraMailDeliveryAddress,zimbraMailForwardingAddr ess,zimbraPrefMailForwardingAddress,zimbraMailCatc hAllForwardingAddress,uid
    version = 3
    start_tls = yes
    tls_ca_cert_dir = /opt/zimbra/conf/ca
    bind = yes
    bind_dn = uid=zmpostfix,cn=appaccts,cn=zimbra
    bind_pw = zimbra
    timeout = 30

    It becouse it didn't work with multiple domains served by zimbra ( in previous version only main domain worked for me). I think (and hope ) it should be ok now.

  9. #69
    Join Date
    Feb 2012
    Posts
    4
    Rep Power
    3

    Default

    Quote Originally Posted by siomon.liu View Post
    hi oranggil

    you may add this file for auth

    /opt/zimbra/postfix/conf/

    create local_domain for auth domain(your domain)
    #Content
    test.com local_domain

    as zimbra run(create db file)
    postmap local_domain


    modify main.cf at last

    smtpd_restriction_classes = local_domain
    local_domain=permit_mynetworks,reject_authenticate d_sender_login_mismatch, permit_sasl_authenticated,reject



    modify postfix_recipient_restrictions.cf
    ###first line
    check_sender_access hash:/opt/zimbra/postfix/conf/local_domain


    zmmtactl restart


    pls try ag
    Hi Guys - Hi Siomon.liu

    I was the procedure and it's working fine.
    At this moment I do not receive for example e-mail such me@domain.com to myself@domain.com by another host without smtp auth. However I receive the error bellow when me@domain.com try sent email to myself@domain.com without smtp auth:

    Transcript of session follows.

    Out: 220 Mavex Email Secure Server
    In: EHLO mx.systemcred.com.br
    Out: 250-smtp.mavex.com.br
    Out: 250-PIPELINING
    Out: 250-SIZE 10240000
    Out: 250-VRFY
    Out: 250-ETRN
    Out: 250-STARTTLS
    Out: 250-ENHANCEDSTATUSCODES
    Out: 250-8BITMIME
    Out: 250 DSN
    In: STARTTLS
    Out: 220 2.0.0 Ready to start TLS
    In: EHLO mx.systemcred.com.br
    Out: 250-smtp.mavex.com.br
    Out: 250-PIPELINING
    Out: 250-SIZE 10240000
    Out: 250-VRFY
    Out: 250-ETRN
    Out: 250-AUTH LOGIN PLAIN
    Out: 250-AUTH=LOGIN PLAIN
    Out: 250-ENHANCEDSTATUSCODES
    Out: 250-8BITMIME
    Out: 250 DSN
    In: MAIL FROM:<noreply@mavex.com.br>
    Out: 250 2.1.0 Ok
    In: RCPT TO:<suporte@mavex.com.br>
    Out: 451 4.3.5 Server configuration error
    In: QUIT
    Out: 221 2.0.0 Bye

    For other details, see the local mail logfile

    Someone can help me?

    Thanks!

  10. #70
    Join Date
    Feb 2012
    Location
    USA
    Posts
    6
    Rep Power
    3

    Default

    The below --

    Quote Originally Posted by oranggil
    I actually followed siomon's previous steps, basically by adding these line in
    /opt/zimbra/postfix-2.6.5.2z/conf/main.cf
    proxy_read_maps = [all_maps], proxy:ldap:/opt/zimbra/conf/ldap-slm.cf
    smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch
    smtpd_sender_login_maps = proxy:ldap:/opt/zimbra/conf/ldap-slm.cf
    In combination with the below --

    Quote Originally Posted by sh444man View Post
    First you need to check what you have in proxy_read_maps ( for example postconf | grep proxy_read_maps ) then mod it like this:

    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps proxy:ldap:/opt/zimbra/conf/ldap-slm.cf

    I also change ldap-slm.cf to :

    server_host = ldap://[your_ldap_host]:389
    server_port = 389
    search_base =
    query_filter = (&(|(zimbraMailDeliveryAddress=%s)(zimbraMailAlias =%s)(zimbraMailCatchAllAddress=%s)(mail=%s))(zimbr aMailStatus=enabled))
    result_attribute = zimbraMailDeliveryAddress,zimbraMailForwardingAddr ess,zimbraPrefMailForwardingAddress,zimbraMailCatc hAllForwardingAddress,uid
    version = 3
    start_tls = yes
    tls_ca_cert_dir = /opt/zimbra/conf/ca
    bind = yes
    bind_dn = uid=zmpostfix,cn=appaccts,cn=zimbra
    bind_pw = zimbra
    timeout = 30
    I can confirm WORKS!

    I have been trying different solutions for a couple days to try and limit users from sending from any domain/persona/identity using external client (in my case thunderbird 10) -- this solution is working great!

    Only minor change I made was to comment out the following line in /opt/zimbra/conf/zmmta.cf --

    #POSTCONF smtpd_sender_restrictions LOCAL postfix_smtpd_sender_restrictions

    (it was overwriting smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch in main.cf)


    Thank you!

    First post woo!
    Last edited by c1nco; 02-04-2012 at 08:32 PM.

Similar Threads

  1. Major Issue - 5.0RC2 NE to 5.0GA NE failed
    By DougWare in forum Installation
    Replies: 7
    Last Post: 01-06-2008, 09:56 PM
  2. Replies: 31
    Last Post: 12-15-2007, 09:05 PM
  3. zmtlsctl give LDAP error
    By sourcehound in forum Administrators
    Replies: 5
    Last Post: 03-11-2007, 04:48 PM
  4. Replies: 8
    Last Post: 02-27-2007, 04:10 AM
  5. dspam logrotate errors
    By michaeln in forum Users
    Replies: 7
    Last Post: 02-19-2007, 12:45 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •