Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 25

Thread: [SOLVED] Authenticate SMTP with Active Directory

  1. #11
    pornsakb is offline Intermediate Member
    Join Date
    Sep 2007
    Posts
    21
    Rep Power
    7

    Default

    Phoenix, the Web Mail MTA port is currently set as 25. I want to make that connection happen over SSL on port 465. How do I do that? The Admin UI does not allow the port to be changed.

  2. #12
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    No, the web mail UI connects on port 80. If you want to use https then that will connect via port 443. Port 25 is for SMTP to SMTP connections.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #13
    pornsakb is offline Intermediate Member
    Join Date
    Sep 2007
    Posts
    21
    Rep Power
    7

    Default

    Phoenix, I'm sorry if I wasn't being clear earlier. Please see the attached screenshot. I want the Web mail client to communicate with the SMTP server over SSL, that's why I'm trying to change the Web mail MTA Port from 25 to 465.
    Attached Images Attached Images
    Last edited by pornsakb; 09-02-2007 at 12:09 AM.

  4. #14
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    20

    Default

    Are we concerned with a thick-client or the web-client interface?

    the 'WebMail MTA' port is generally left unchanged-if you change that port, you also have to redirect port 25 on your firewalls etc.

    Thick-Client: See the above authentication section? you probably have it different in server vs the global tab. (server overrides global)

    Athentication may fail if you recently changed the zimbraMailMode server configuration attribute (with the zmtlsctl command) or if you changed the webmail access port server configuration attribute (zimbraMailPort or zimbraMailSSLPort) for the tomcat server, since the zimbraMtaAuthURL is not always automatically recreated.

    Global would be:
    zmprov gacf | grep Auth
    zmprov gacf | grep Mode

    Server would be: (zmlocalconfig)
    zmprov gs server.domain.com | grep Auth
    zmprov gs server.domain.com | grep Mode

    Make sure the url in the zimbraMtaAuthURL will work with the zimbraMailMode. ie: if the MailMode is "https" or "mixed", the AuthURL must begin with "https://" (so that auth will be attempted over ssl), but if the MailMode is "http" (tomcat is only listening on http), the AuthURL must begin with "http://".

    If they don't match-regenerate with:
    zmprov ms zimbra.domain.com zimbraMtaAuthHost zimbra.domain.com


    Notes:
    zmtlsctl mixed and then a zmcontrol stop/start (will change zimbraMailMode to mixed)
    zimbraMtaAuthEnabled TRUE
    zimbraMtaTlsAuthOnly TRUE

    Go ahead and throw in a value for 'MTA Trusted Networks" (zimbraMtaMyNetworks)
    If you
    zmprov gs zimbra.example.com | grep zimbraMtaMyNetworks
    or
    zmprov gacf zimbra.example.com | grep zimbraMtaMyNetworks
    and don't at least get back 127.0.0.0/8 ....
    Last edited by mmorse; 09-02-2007 at 10:23 AM.

  5. #15
    pornsakb is offline Intermediate Member
    Join Date
    Sep 2007
    Posts
    21
    Rep Power
    7

    Default

    Here's the current settings:

    Code:
    zimbraMailMode: mixed
    zimbraMtaAuthEnabled: TRUE
    zimbraMtaAuthHost: zimbra.domain.local
    zimbraMtaAuthURL: https://zimbra.domain.local:7777/service/soap/
    zimbraMtaTlsAuthOnly: TRUE
    I still can't use the Web mail client to send mails to addresses not being hosted by Zimbra. The error message hasn't changed, it is: "message not sent; one or more addresses were not accepted."

    Please note that this problem doesn't occur if I use Thunderbird and configure the SMTP connection to happen over SSL.

  6. #16
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    20

    Default

    zimbra.domain.local:7777
    -7777 So you did change the zimbraMailPort/zimbraMailSSLPort -could have told us several posts ago...
    -.local? (you mention your 'users'; so you put .local on the end of your server name for a production box? For kicks could you explain your DNS setup?)
    -'message not sent; one or more addresses were not accepted' - usually is if one of the email address is invalid... (for instance, if using the advanced client & you leave off the domain-it'll show you the rejected address)
    Monitor your zimbra.log & mailbox.log as you hit send-hunt for SMTPAddressFailedException. If so, is the error 504 or 550 or 554?
    -check both your entries of mynetworks & enable dns lookups boxes


    Just double checking; You/users browse to zimbra.domain.local:7777 for the zcs web-client correct? Or do you have a virtual host configured so they don't type .local?
    If that is notthe case, and somehow 7777 got in there:
    zimbraMailPort 80
    zimbraMailSSLPort 443
    tomcat stop/start
    zmprov ms server.domain.com zimbraMtaAuthHost server.domain.com
    zmcontrol stop/start
    Last edited by mmorse; 09-02-2007 at 02:30 AM.

  7. #17
    pornsakb is offline Intermediate Member
    Join Date
    Sep 2007
    Posts
    21
    Rep Power
    7

    Default

    That is the case, the zimbraMtaAuthHost setting is correct and tomcat is listening on the port I that mentioned above.
    Last edited by pornsakb; 09-02-2007 at 12:41 AM.

  8. #18
    pornsakb is offline Intermediate Member
    Join Date
    Sep 2007
    Posts
    21
    Rep Power
    7

    Default

    Both mailbox.log and zimbra.log indicates "Exception 554: relay access denied".

  9. #19
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    20

    Default

    darn, that would be mynetworks all over again....

    Could you post your:
    zmprov gacf
    zmlocalconfig
    and postfix main.cf
    put it in a txt file so it's not a huge post

    Other notes:
    smtpd_sasl_security_options = noanonymous, noplaintext

    smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks (+whatever other restrictions)

    BTW-in regards to your pic before, if you really wanted to change it-from say 25 to 35-changing it to 465 would not make it SSL (and it's gonna revert back when you upgrade zimbra):
    -modify /opt/zimbra/postfix/conf/master.cf
    from: smtp inet n - n - - smtpd
    to: 35 inet n - n - - smtpd
    zmprov mcf zimbraSmtpPort 35
    zmprov ms server.domain.com zimbraSmtpPort 35
    zmcontrol stop/start

  10. #20
    pornsakb is offline Intermediate Member
    Join Date
    Sep 2007
    Posts
    21
    Rep Power
    7

    Default

    I don't think the problem lies with Postfix because this problem does not occur if I use Thunderbird to send e-mail so it must be the Zimbra Web Mail client. Maybe the Web Mail client is not authenticating properly, is there way to trace this procedure?

    smtpd_sasl_security_options = noanonymous, noplaintext

    smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unlisted_recipient, reject_invalid_hostname, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_destination, permit

    I'll post the result of zmprov gacf, and zmlocalconfig in a while.

Page 2 of 3 FirstFirst 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 1
    Last Post: 05-28-2008, 04:18 AM
  2. centos 5 zimbra 4.5.6 no statistics
    By rutman286 in forum Installation
    Replies: 9
    Last Post: 08-14-2007, 09:30 AM
  3. need advice on configuring zimbra to work with fax server
    By pheonix1t in forum Administrators
    Replies: 0
    Last Post: 07-11-2007, 07:46 PM
  4. Active Directory GAL Problem
    By TheZog in forum Installation
    Replies: 5
    Last Post: 04-06-2006, 05:48 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •