Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: Zimbra as filter/relay

  1. #1
    bjquinn is offline Advanced Member
    Join Date
    Nov 2005
    Posts
    175
    Rep Power
    9

    Default Zimbra as filter/relay

    Hi, we've started deploying Zimbra servers in environments where they replace the existing mail server. It's been refreshing to have the beautiful web interface and also the increase in its ability to deal appropriately with spam over the solutions it has replaced. However, we also have some clients who aren't ready yet to part with their Exchange servers. In this case I'm wondering if at least as a first step, some of the improvements in spam detection and tracking could be had by putting the Zimbra server in front of the Exchange server as sort of a mail relay. With the postfix restriction that addresses must exist on the server in order to be accepted - that alone could cut down on the number of SMTP connections we're having to deal with. However, ideally, Zimbra would authenticate addresses on the domain without having to actually set the accounts up manually on Zimbra, and then it would pass the messages on to the Exchange server rather than storing them locally. Is this feasible?

  2. #2
    dlochart is offline Advanced Member
    Join Date
    Nov 2006
    Posts
    177
    Rep Power
    8

    Default

    We are doing the same thing. I have a post in asking about the configuration rewriting that occurs when you restart Zimbra. However one of our clients is moving back to Exchange from Zimbra due to Outlook connector and mobile phone issues.

    Basically you will be changing the configuration of Postfix to act as a mail gateway for those domains still using Exchange. You can do this with a combination of relay_domains, relay_recipient_maps, and transport_maps.

    I believe the The Postfix Home Page site has examples of a mail gateway.

    I have it working (sans recipient auth) my problem is that the transport_maps parameter in main.cf is recreated each time postfix is restarted so I do not know how to make my changes stick.

    Let me know if I can be of further assistance. I am no mail expert by any means (I am not even and admin) but I have gotten this work.

  3. #3
    bjquinn is offline Advanced Member
    Join Date
    Nov 2005
    Posts
    175
    Rep Power
    9

    Default

    Well good, that's a first step.

    Anyone have a solution to the recipient authentication issue in this instance? Since Zimbra can authenticate with AD, can't Zimbra accept or deny a recipient address against AD, and then if it is accepted recognize that the account must exist (according to AD) but isn't local, and therefore redirect it to a specified mail host?

    dlochart - What were the Outlook connector and mobile sync problems? If you were only using Zimbra as an email gateway, why would you even be using the Outlook connector and mobile sync? Wouldn't you just leave that to Exchange, since Zimbra is only the gateway and doesn't even store any messages?
    Last edited by bjquinn; 10-10-2007 at 02:09 PM.

  4. #4
    dlochart is offline Advanced Member
    Join Date
    Nov 2006
    Posts
    177
    Rep Power
    8

    Default

    Quote Originally Posted by bjquinn View Post
    Well good, that's a first step.

    Anyone have a solution to the recipient authentication issue in this instance? Since Zimbra can authenticate with AD, can't Zimbra accept or deny a recipient address against AD, and then if it is accepted recognize that the account must exist (according to AD) but isn't local, and therefore redirect it to a specified mail host?
    Not sure what you want here so I will stay out of it. I plan to implement relay_recipients ( a check to see that there is a valid recipient in the exchange server) before I send the mail on to the Exchange server but as far as authentication goes that is all done in Exchange.

    Quote Originally Posted by bjquinn View Post
    dlochart - What were the Outlook connector and mobile sync problems? If you were only using Zimbra as an email gateway, why would you even be using the Outlook connector and mobile sync? Wouldn't you just leave that to Exchange, since Zimbra is only the gateway and doesn't even store any messages?
    We moved this client from Exchange into Zimbra. Bad Move. They were used to OutLook and Exchange. No one used the web interface (except to get around Calendaring issues). The Outlook connector has lots of issues. So much so they decided to go back to Exchange. We still want to use the Zimbra MTA as a gateway for this client only. Our other clients (web users) are very happy.

    Microsoft products do not play well with non M$ products ... plain and simple.

  5. #5
    bjquinn is offline Advanced Member
    Join Date
    Nov 2005
    Posts
    175
    Rep Power
    9

    Default

    We moved this client from Exchange into Zimbra. Bad Move. They were used to OutLook and Exchange. No one used the web interface (except to get around Calendaring issues). The Outlook connector has lots of issues. So much so they decided to go back to Exchange. We still want to use the Zimbra MTA as a gateway for this client only. Our other clients (web users) are very happy.

    Microsoft products do not play well with non M$ products ... plain and simple.
    Ah, ok that makes more sense now.


    Quote Originally Posted by dlochart View Post
    Not sure what you want here so I will stay out of it. I plan to implement relay_recipients ( a check to see that there is a valid recipient in the exchange server) before I send the mail on to the Exchange server but as far as authentication goes that is all done in Exchange.
    Well, I don't actually want to "authenticate" as such (meaning verifying username AND password), I just want to verify that a user exists, and since Zimbra can hook up to AD (I believe), I would imagine this is possible, I just don't know how. Is that related to your relay_recipients thing? How does that work?
    Last edited by bjquinn; 10-10-2007 at 03:31 PM.

  6. #6
    bjquinn is offline Advanced Member
    Join Date
    Nov 2005
    Posts
    175
    Rep Power
    9

    Default

    Maybe you're way past this, but the following link seems helpful...

    Automatically Update Recipient Maps From Active Directory - Fairly-Secure Anti-Spam

  7. #7
    dlochart is offline Advanced Member
    Join Date
    Nov 2006
    Posts
    177
    Rep Power
    8

    Default

    Quote Originally Posted by bjquinn View Post
    Maybe you're way past this, but the following link seems helpful...

    Automatically Update Recipient Maps From Active Directory - Fairly-Secure Anti-Spam
    That is how you do it! I just haven't hooked up the PERL script yet because the exchange server is on one network (local) and the AD is on another behind a firewall.

    An alternate approach I would like to try involves Postfix directly.

    The Postfix forum offered me this:

    ...
    Futhermore the Postfix LDAP driver can do recipient lookups against AD:

    server_host = ad.example.com
    bind_dn = ...
    bind_pw = ...
    version = 3
    query_filter = proxyAddresses=smtp:%s
    result_attribute = mail
    ...

    Not sure how it fits in but it would be better than the PERL script solution. Either way it is doable!

  8. #8
    dlochart is offline Advanced Member
    Join Date
    Nov 2006
    Posts
    177
    Rep Power
    8

    Default

    On how to make the postfix config changes permanent read this thread.

    http://www.zimbra.com/forums/adminis...lp-please.html

  9. #9
    bjquinn is offline Advanced Member
    Join Date
    Nov 2005
    Posts
    175
    Rep Power
    9

    Default

    Hmmm, that would be nice! Do we even know which configuration file that goes in?

    Again, I may be way behind you on this, but I've found the following wiki article...

    Split Domain - ZimbraWiki

    Is that how you're planning on setting your Zimbra server up as a gateway? Using the terms from the wiki article your Zimbra server is primary, Exchange is secondary, and the main difference from the article being -

    1. NO addresses are permanently stored on the Zimbra server, ALL are forwarded on the Exchange server, and
    2. You want to check AD for verifying recipient addresses rather than adding them to a list or manually adding the accounts to the Zimbra server and setting each one up to relay to the Exchange server (which would be what we're discussing in this thread)

    Is that correct?

    Anyway, do keep me updated on how it works out for you if you don't mind.

    Thanks!

  10. #10
    dlochart is offline Advanced Member
    Join Date
    Nov 2006
    Posts
    177
    Rep Power
    8

    Default

    Quote Originally Posted by bjquinn View Post
    Hmmm, that would be nice! Do we even know which configuration file that goes in?

    Again, I may be way behind you on this, but I've found the following wiki article...

    Split Domain - ZimbraWiki

    Is that how you're planning on setting your Zimbra server up as a gateway? Using the terms from the wiki article your Zimbra server is primary, Exchange is secondary, and the main difference from the article being -

    1. NO addresses are permanently stored on the Zimbra server, ALL are forwarded on the Exchange server, and
    2. You want to check AD for verifying recipient addresses rather than adding them to a list or manually adding the accounts to the Zimbra server and setting each one up to relay to the Exchange server (which would be what we're discussing in this thread)

    Is that correct?
    So I guess you wanna cookie or something for being so smart ehh? J/K .... You are CORRECT! Fact is I never considered looking at this Wiki page because for me the idea of a split domain is having users across different mail servers. If I had read further I would have seen that setting Zimbra up as 'Primary' would have accomplished the trick.

    The only problem I see for going the Primary Split Domain route (Zimbra way) is having to maintain the users on both systems (add from both, delete from both etc).

    I may test this approach just to see what config changes are made to the Postfix files.

    Quote Originally Posted by bjquinn View Post
    Anyway, do keep me updated on how it works out for you if you don't mind.

    Thanks!
    No problem! So far all is well during testing.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 26
    Last Post: 04-19-2011, 09:24 AM
  2. [SOLVED] Spam Being Sent Thru Server - Help Needed!
    By msf004 in forum Administrators
    Replies: 22
    Last Post: 03-14-2008, 11:11 PM
  3. Zimbra shutdowns every n hours.
    By Andrewb in forum Administrators
    Replies: 13
    Last Post: 08-14-2007, 08:55 AM
  4. Monitoring : Data not yet avalaible
    By s3nz3x in forum Installation
    Replies: 7
    Last Post: 11-30-2005, 07:18 PM
  5. FC3 Install and no zimbra ?
    By aws in forum Installation
    Replies: 10
    Last Post: 10-09-2005, 04:19 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •