| Welcome to the Zimbra :: Forums! | |
Welcome, if you would like to post a comment please register.
We also encourage you to explore all things Zimbra with our team and members of the community.
|
 | | 
10-10-2007, 01:59 PM
| | Special Member | |
Posts: 169
| |  Zimbra as filter/relay
Hi, we've started deploying Zimbra servers in environments where they replace the existing mail server. It's been refreshing to have the beautiful web interface and also the increase in its ability to deal appropriately with spam over the solutions it has replaced. However, we also have some clients who aren't ready yet to part with their Exchange servers. In this case I'm wondering if at least as a first step, some of the improvements in spam detection and tracking could be had by putting the Zimbra server in front of the Exchange server as sort of a mail relay. With the postfix restriction that addresses must exist on the server in order to be accepted - that alone could cut down on the number of SMTP connections we're having to deal with. However, ideally, Zimbra would authenticate addresses on the domain without having to actually set the accounts up manually on Zimbra, and then it would pass the messages on to the Exchange server rather than storing them locally. Is this feasible? |
10-10-2007, 02:55 PM
| | Advanced Member | |
Posts: 177
| |
We are doing the same thing. I have a post in asking about the configuration rewriting that occurs when you restart Zimbra. However one of our clients is moving back to Exchange from Zimbra due to Outlook connector and mobile phone issues.
Basically you will be changing the configuration of Postfix to act as a mail gateway for those domains still using Exchange. You can do this with a combination of relay_domains, relay_recipient_maps, and transport_maps.
I believe the The Postfix Home Page site has examples of a mail gateway.
I have it working (sans recipient auth) my problem is that the transport_maps parameter in main.cf is recreated each time postfix is restarted so I do not know how to make my changes stick.
Let me know if I can be of further assistance. I am no mail expert by any means (I am not even and admin) but I have gotten this work. |
10-10-2007, 03:06 PM
| | Special Member | |
Posts: 169
| |
Well good, that's a first step. 
Anyone have a solution to the recipient authentication issue in this instance? Since Zimbra can authenticate with AD, can't Zimbra accept or deny a recipient address against AD, and then if it is accepted recognize that the account must exist (according to AD) but isn't local, and therefore redirect it to a specified mail host?
dlochart - What were the Outlook connector and mobile sync problems? If you were only using Zimbra as an email gateway, why would you even be using the Outlook connector and mobile sync? Wouldn't you just leave that to Exchange, since Zimbra is only the gateway and doesn't even store any messages?
Last edited by bjquinn; 10-10-2007 at 03:09 PM..
|
10-10-2007, 03:17 PM
| | Advanced Member | |
Posts: 177
| |
Quote:
Originally Posted by bjquinn  Well good, that's a first step.
Anyone have a solution to the recipient authentication issue in this instance? Since Zimbra can authenticate with AD, can't Zimbra accept or deny a recipient address against AD, and then if it is accepted recognize that the account must exist (according to AD) but isn't local, and therefore redirect it to a specified mail host? | Not sure what you want here so I will stay out of it. I plan to implement relay_recipients ( a check to see that there is a valid recipient in the exchange server) before I send the mail on to the Exchange server but as far as authentication goes that is all done in Exchange. Quote:
Originally Posted by bjquinn dlochart - What were the Outlook connector and mobile sync problems? If you were only using Zimbra as an email gateway, why would you even be using the Outlook connector and mobile sync? Wouldn't you just leave that to Exchange, since Zimbra is only the gateway and doesn't even store any messages? | We moved this client from Exchange into Zimbra. Bad Move. They were used to OutLook and Exchange. No one used the web interface (except to get around Calendaring issues). The Outlook connector has lots of issues. So much so they decided to go back to Exchange. We still want to use the Zimbra MTA as a gateway for this client only. Our other clients (web users) are very happy.
Microsoft products do not play well with non M$ products ... plain and simple.  |
10-10-2007, 04:27 PM
| | Special Member | |
Posts: 169
| |
Quote:
We moved this client from Exchange into Zimbra. Bad Move. They were used to OutLook and Exchange. No one used the web interface (except to get around Calendaring issues). The Outlook connector has lots of issues. So much so they decided to go back to Exchange. We still want to use the Zimbra MTA as a gateway for this client only. Our other clients (web users) are very happy.
Microsoft products do not play well with non M$ products ... plain and simple.
| Ah, ok that makes more sense now. Quote:
Originally Posted by dlochart Not sure what you want here so I will stay out of it. I plan to implement relay_recipients ( a check to see that there is a valid recipient in the exchange server) before I send the mail on to the Exchange server but as far as authentication goes that is all done in Exchange. | Well, I don't actually want to "authenticate" as such (meaning verifying username AND password), I just want to verify that a user exists, and since Zimbra can hook up to AD (I believe), I would imagine this is possible, I just don't know how. Is that related to your relay_recipients thing? How does that work?
Last edited by bjquinn; 10-10-2007 at 04:31 PM..
|
10-10-2007, 04:41 PM
| | Special Member | |
Posts: 169
| |
|
10-10-2007, 06:39 PM
| | Advanced Member | |
Posts: 177
| |
Quote:
Originally Posted by bjquinn | That is how you do it! I just haven't hooked up the PERL script yet because the exchange server is on one network (local) and the AD is on another behind a firewall.
An alternate approach I would like to try involves Postfix directly.
The Postfix forum offered me this:
...
Futhermore the Postfix LDAP driver can do recipient lookups against AD:
server_host = ad.example.com
bind_dn = ...
bind_pw = ...
version = 3
query_filter = proxyAddresses=smtp:%s
result_attribute = mail
...
Not sure how it fits in but it would be better than the PERL script solution. Either way it is doable! |
10-11-2007, 10:08 AM
| | Special Member | |
Posts: 169
| |
Hmmm, that would be nice! Do we even know which configuration file that goes in?
Again, I may be way behind you on this, but I've found the following wiki article... Split Domain - ZimbraWiki
Is that how you're planning on setting your Zimbra server up as a gateway? Using the terms from the wiki article your Zimbra server is primary, Exchange is secondary, and the main difference from the article being -
1. NO addresses are permanently stored on the Zimbra server, ALL are forwarded on the Exchange server, and
2. You want to check AD for verifying recipient addresses rather than adding them to a list or manually adding the accounts to the Zimbra server and setting each one up to relay to the Exchange server (which would be what we're discussing in this thread)
Is that correct?
Anyway, do keep me updated on how it works out for you if you don't mind.
Thanks! |
10-11-2007, 11:02 AM
| | Advanced Member | |
Posts: 177
| |
Quote:
Originally Posted by bjquinn Hmmm, that would be nice! Do we even know which configuration file that goes in?
Again, I may be way behind you on this, but I've found the following wiki article... Split Domain - ZimbraWiki
Is that how you're planning on setting your Zimbra server up as a gateway? Using the terms from the wiki article your Zimbra server is primary, Exchange is secondary, and the main difference from the article being -
1. NO addresses are permanently stored on the Zimbra server, ALL are forwarded on the Exchange server, and
2. You want to check AD for verifying recipient addresses rather than adding them to a list or manually adding the accounts to the Zimbra server and setting each one up to relay to the Exchange server (which would be what we're discussing in this thread)
Is that correct? | So I guess you wanna cookie or something for being so smart ehh?  J/K .... You are CORRECT! Fact is I never considered looking at this Wiki page because for me the idea of a split domain is having users across different mail servers. If I had read further I would have seen that setting Zimbra up as 'Primary' would have accomplished the trick.
The only problem I see for going the Primary Split Domain route (Zimbra way) is having to maintain the users on both systems (add from both, delete from both etc).
I may test this approach just to see what config changes are made to the Postfix files. Quote:
Originally Posted by bjquinn Anyway, do keep me updated on how it works out for you if you don't mind.
Thanks! | No problem! So far all is well during testing. | | Thread Tools | Search this Thread | | | | | Display Modes |  Linear Mode | | Why Join? Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.   |
Bugzilla
Wiki
Source
