Phoenix, the Web Mail MTA port is currently set as 25. I want to make that connection happen over SSL on port 465. How do I do that? The Admin UI does not allow the port to be changed.
Printable View
Phoenix, the Web Mail MTA port is currently set as 25. I want to make that connection happen over SSL on port 465. How do I do that? The Admin UI does not allow the port to be changed.
No, the web mail UI connects on port 80. If you want to use https then that will connect via port 443. Port 25 is for SMTP to SMTP connections.
Phoenix, I'm sorry if I wasn't being clear earlier. Please see the attached screenshot. I want the Web mail client to communicate with the SMTP server over SSL, that's why I'm trying to change the Web mail MTA Port from 25 to 465.
Are we concerned with a thick-client or the web-client interface?
the 'WebMail MTA' port is generally left unchanged-if you change that port, you also have to redirect port 25 on your firewalls etc.
Thick-Client: See the above authentication section? you probably have it different in server vs the global tab. (server overrides global)
Athentication may fail if you recently changed the zimbraMailMode server configuration attribute (with the zmtlsctl command) or if you changed the webmail access port server configuration attribute (zimbraMailPort or zimbraMailSSLPort) for the tomcat server, since the zimbraMtaAuthURL is not always automatically recreated.
Global would be:
zmprov gacf | grep Auth
zmprov gacf | grep Mode
Server would be: (zmlocalconfig)
zmprov gs server.domain.com | grep Auth
zmprov gs server.domain.com | grep Mode
Make sure the url in the zimbraMtaAuthURL will work with the zimbraMailMode. ie: if the MailMode is "https" or "mixed", the AuthURL must begin with "https://" (so that auth will be attempted over ssl), but if the MailMode is "http" (tomcat is only listening on http), the AuthURL must begin with "http://".
If they don't match-regenerate with:
zmprov ms zimbra.domain.com zimbraMtaAuthHost zimbra.domain.com
Notes:
zmtlsctl mixed and then a zmcontrol stop/start (will change zimbraMailMode to mixed)
zimbraMtaAuthEnabled TRUE
zimbraMtaTlsAuthOnly TRUE
Go ahead and throw in a value for 'MTA Trusted Networks" (zimbraMtaMyNetworks)
If you
zmprov gs zimbra.example.com | grep zimbraMtaMyNetworks
or
zmprov gacf zimbra.example.com | grep zimbraMtaMyNetworks
and don't at least get back 127.0.0.0/8 ....
Here's the current settings:
I still can't use the Web mail client to send mails to addresses not being hosted by Zimbra. The error message hasn't changed, it is: "message not sent; one or more addresses were not accepted."Code:zimbraMailMode: mixed
zimbraMtaAuthEnabled: TRUE
zimbraMtaAuthHost: zimbra.domain.local
zimbraMtaAuthURL: https://zimbra.domain.local:7777/service/soap/
zimbraMtaTlsAuthOnly: TRUE
Please note that this problem doesn't occur if I use Thunderbird and configure the SMTP connection to happen over SSL.
-7777 So you did change the zimbraMailPort/zimbraMailSSLPort -could have told us several posts ago...Quote:
zimbra.domain.local:7777
-.local? (you mention your 'users'; so you put .local on the end of your server name for a production box? For kicks could you explain your DNS setup?)
-'message not sent; one or more addresses were not accepted' - usually is if one of the email address is invalid... (for instance, if using the advanced client & you leave off the domain-it'll show you the rejected address)
Monitor your zimbra.log & mailbox.log as you hit send-hunt for SMTPAddressFailedException. If so, is the error 504 or 550 or 554?
-check both your entries of mynetworks & enable dns lookups boxes
Just double checking; You/users browse to zimbra.domain.local:7777 for the zcs web-client correct? Or do you have a virtual host configured so they don't type .local?
If that is notthe case, and somehow 7777 got in there:
zimbraMailPort 80
zimbraMailSSLPort 443
tomcat stop/start
zmprov ms server.domain.com zimbraMtaAuthHost server.domain.com
zmcontrol stop/start
That is the case, the zimbraMtaAuthHost setting is correct and tomcat is listening on the port I that mentioned above.
Both mailbox.log and zimbra.log indicates "Exception 554: relay access denied".
darn, that would be mynetworks all over again....
Could you post your:
zmprov gacf
zmlocalconfig
and postfix main.cf
put it in a txt file so it's not a huge post
Other notes:
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks (+whatever other restrictions)
BTW-in regards to your pic before, if you really wanted to change it-from say 25 to 35-changing it to 465 would not make it SSL (and it's gonna revert back when you upgrade zimbra):
-modify /opt/zimbra/postfix/conf/master.cf
from: smtp inet n - n - - smtpd
to: 35 inet n - n - - smtpd
zmprov mcf zimbraSmtpPort 35
zmprov ms server.domain.com zimbraSmtpPort 35
zmcontrol stop/start
I don't think the problem lies with Postfix because this problem does not occur if I use Thunderbird to send e-mail so it must be the Zimbra Web Mail client. Maybe the Web Mail client is not authenticating properly, is there way to trace this procedure?
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unlisted_recipient, reject_invalid_hostname, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_destination, permit
I'll post the result of zmprov gacf, and zmlocalconfig in a while.