Page 2 of 2 FirstFirst 12
Results 11 to 20 of 20

Thread: Zimbra as filter/relay

  1. #11
    bjquinn is offline Advanced Member
    Join Date
    Nov 2005
    Posts
    175
    Rep Power
    9

    Default

    Chocolate chip, please.

  2. #12
    bjquinn is offline Advanced Member
    Join Date
    Nov 2005
    Posts
    175
    Rep Power
    9

    Default

    What are the modifications you've made to your Zimbra server so far (other than the AD lookup)? Have you done anything different that isn't mentioned in the Split Domain article with Zimbra as a primary server?

  3. #13
    dlochart is offline Advanced Member
    Join Date
    Nov 2006
    Posts
    177
    Rep Power
    8

    Default

    Quote Originally Posted by bjquinn View Post
    What are the modifications you've made to your Zimbra server so far (other than the AD lookup)? Have you done anything different that isn't mentioned in the Split Domain article with Zimbra as a primary server?
    I am actually documenting what I did now. When I am done and I eat lunch I will post back here. I think I'll have chocolate chip cookie for desert

  4. #14
    bjquinn is offline Advanced Member
    Join Date
    Nov 2005
    Posts
    175
    Rep Power
    9

    Default

    Lol sounds great!

  5. #15
    dlochart is offline Advanced Member
    Join Date
    Nov 2006
    Posts
    177
    Rep Power
    8

    Default

    I am putting this up to show what I did to allow the Zimbra MTA to server as a gateway to some domains while remain primary to others. This may not be the optimal solution and it deviates from the split domain approach defined in the WIKI. I am not a system admin/email admin but learning all of this on the fly so bear this in mind. It works for us.

    Mail Gateway Setup
    Setup to allow the Zimbra MTA to act as a gateway to an Exchange Server without validating the recipient email address at the MTA.

    Configure relay domain

    This is where you place the domains to be relayed. This is changed in the main.cf config file under /opt/zimbra/postfix/conf directory

    relay_domains=example.com

    Create a transport map.
    You need to create a transport map that basically maps the domains specified by relay_domains to a protocol and destination. This tells Postfix what to do with mail for a specific domain. For my implementation I will name the transport file “relay_domain_transport”. I simply copied the transport file in /opt/zimbra/postfix/conf to this name and at the bottom added this line:

    example.com smtp:[10.129.1.13]

    Make sure place the ip address in brackets. This prevents DNS lookups on the domain and will prevent infinite looping.

    After saving the file then you must compile the map into a .db file (for hash access)

    /opt/zimbra/postfix/sbin/postmap relay_domain_transport

    Add the new transport map to the transport_maps parameter in the main.cf. This is only a temporary solution used for testing connectivity and flow. Once you are satisfied you will need to modify the localconfig.xml (see below)
    transport_maps= hash:/opt/zimbra/postfix/conf/relay_domain_transport,ldap:/opt/zimbra/conf/ldap-transport.cf
    To make this change last across postfix restarts we need to modify the localconfig.xml file. This file is used in generating configuration files.

    Edit /opt/zimbra/conf/localconfig.xml. Look for “ postfix_transport_maps “. Add hash:/opt/zimbra/postfix/conf/relay_domain_transport to the beginning like so.

    <key name="postfix_transport_maps">
    <value>hash:/opt/zimbra/postfix/conf/relay_domain_transport,ldap:/opt/zimbra/conf/ldap-transport.cf</value>
    </key>

    Allow Outbound Mail
    If your secondary (Exchange) server will send mail out through the Zimbra MTA then you need to add the IP Address of the Exchange Server to your mynetworks parameter in the main.cf config file.

    mynetworks = 127.0.0.1/32, 10.129.1.13/32

    Voila!

  6. #16
    bjquinn is offline Advanced Member
    Join Date
    Nov 2005
    Posts
    175
    Rep Power
    9

    Default

    Great! You deserve a dozen chocolate chip cookies for that!

    A couple of questions real quick ---

    Quote Originally Posted by dlochart View Post
    example.com smtp:[10.129.1.13]

    Make sure place the ip address in brackets. This prevents DNS lookups on the domain and will prevent infinite looping.
    Do you really have to use the IP address, it would be sad to hard code that... is that just to avoid unnecessary DNS traffic?

    And I guess you haven't figured out the "recipient lookups against AD" yet? If not, and you're not going to try to do it immediately, maybe I'll get started on this project soon enough and be able to offer some help. So far I've just been researching out whether it's possible or not.
    Last edited by bjquinn; 10-12-2007 at 04:11 PM.

  7. #17
    dlochart is offline Advanced Member
    Join Date
    Nov 2006
    Posts
    177
    Rep Power
    8

    Default

    Quote Originally Posted by bjquinn View Post
    Great! You deserve a dozen chocolate chip cookies for that!

    A couple of questions real quick ---



    Do you really have to use the IP address, it would be sad to hard code that... is that just to avoid unnecessary DNS traffic?
    Actually you need to if your external MX record points to your postfix MTA. If you did not use the ip (and the enclosing brackets) postfix will try to resolve the domain with DNS to know where to send the mail. Since the resolved address would be the postifx box and not the final destination you would get into an infinite mail loop.

    Quote Originally Posted by bjquinn View Post
    And I guess you haven't figured out the "recipient lookups against AD" yet? If not, and you're not going to try to do it immediately, maybe I'll get started on this project soon enough and be able to offer some help. So far I've just been researching out whether it's possible or not.
    I have with the use of the PERL script. However I would like to see if the snippet I got from the postfix board works. I have relay_recipients working but my Exchange admin wants me to let all traffic pass into the Exchange box and let it bounce themails back out. He wants to only be able to look at one machine for logs and what not.

    If I have not elaborated what the perls script does is log into the AD server and get a list of valid email recipients. It then updates a file for that domain say example_relay_recipients. It has the form

    email1@example.com OK
    email2@example.com OK ... and so on

    After it writes the file it runs postmap on to create a hash.

    In your main.cf you need to add a value to the relay_recipient_maps parameter like so:

    relay_recipient_maps=hash:/opt/zimbra/postfix/conf/example_relay_recipients

    Now Postfix will reject all mail for example.com that does not have a valid recipient.

    Good luck!

  8. #18
    bjquinn is offline Advanced Member
    Join Date
    Nov 2005
    Posts
    175
    Rep Power
    9

    Default

    Ok great. I'll give that a shot myself here pretty soon. Do post back if you don't mind and let me know if the snippet from the postfix board works. That would be the ideal solution. Thanks!

  9. #19
    dlochart is offline Advanced Member
    Join Date
    Nov 2006
    Posts
    177
    Rep Power
    8

    Default

    Quote Originally Posted by bjquinn View Post
    Ok great. I'll give that a shot myself here pretty soon. Do post back if you don't mind and let me know if the snippet from the postfix board works. That would be the ideal solution. Thanks!
    Been a while. I did not try the postfix board snippet so I cannot comment on that. My plan did not work in production. Why? Because I was not testing apples and oranges. In test I was given a domain to use that did not correspond with a real zimbra domain (I asked for one but did not get it) and I failed to create one to match it. So all my tests worked great. However when you already have an existing Zimbra domain all the efforts I put forth in the main.cf were trumped by zimbra because they use the virtual_* maps and pull the data dynamically out with LDAP queries. Since I did not want to delete the domain at that time I needed to come up with a work around real quick. I followed the Split Domain WIKI following the Zimbra MTA as secondary (meaning Zimbra MTA is hit first and relays to primary). I needed to relay each individuals account to the new primary server. This was not bad at all but needs manual maintenance.

    Just an FYI for those that find this thread and are having issues.

    Again I am no expert at this stuff and i am learning as I go so keep that in mind.

    I will be deleting that domain soon so I will revert to implementing the relay the way I initially described.

    thanks

  10. #20
    mikec is offline Active Member
    Join Date
    Jan 2008
    Posts
    42
    Rep Power
    7

    Default Question.

    Would this solution also work in an example where I am just trying to relay all outbound emails for one of the many domains I have hosted my Zimbra NE to Postini for outbound mail archiving?

    I have tried some thing simular using transport maps with no sucess. Here is the post.


    Any help would be great.

    Thanks

Page 2 of 2 FirstFirst 12

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 26
    Last Post: 04-19-2011, 09:24 AM
  2. [SOLVED] Spam Being Sent Thru Server - Help Needed!
    By msf004 in forum Administrators
    Replies: 22
    Last Post: 03-14-2008, 11:11 PM
  3. Zimbra shutdowns every n hours.
    By Andrewb in forum Administrators
    Replies: 13
    Last Post: 08-14-2007, 08:55 AM
  4. Monitoring : Data not yet avalaible
    By s3nz3x in forum Installation
    Replies: 7
    Last Post: 11-30-2005, 07:18 PM
  5. FC3 Install and no zimbra ?
    By aws in forum Installation
    Replies: 10
    Last Post: 10-09-2005, 04:19 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •