Secure MTA connection with authentication
Greetings,
I am having a heck of a time getting my Zimbra server to relay mail through my external SMTP server (which supports plain old relaying, SMTP AUTH, TLS, SSL, etc.). Ideally, I'd like to have all mail forward through that server, and be encrypted (both the password and the message).
I have tried to piece together a number of the current posts on the forum, but haven't had any luck.
Here is the end of my main.cf:
Code:
smtpd_helo_required = yes
smtpd_client_restrictions = reject_unauth_pipelining
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_sender, reject_unauth_destination, permit
broken_sasl_auth_clients = yes
smtpd_use_tls = yes
smtpd_tls_cert_file = /opt/zimbra/conf/smtpd.crt
smtpd_tls_key_file = /opt/zimbra/conf/smtpd.key
smtpd_tls_loglevel = 3
message_size_limit = 10240000
content_filter = smtp-amavis:[127.0.0.1]:10024
myhostname = zimbra.(MY INTERNALDOMAIN)
recipient_delimiter =
smtpd_sasl_auth_enable = yes
smtpd_tls_auth_only = no
disable_dns_lookups = yes
smtp_sasl_password_maps = hash:/opt/zimbra/conf/relay_password
relayhost = (MY EXTERNAL SMTP SERVER)
smtp_sasl_authentication_filter =
smtp_sasl_security_options = noanonymous
smtp_tls_enforce_peername = no
debug_peer_list = (MY EXTERNAL SMTP SERVER)
Any help you could give me would be great... looking at the logs, I see that while my server advertises AUTH LOGIN CRAM-MD5 PLAIN STARTTLS PIPELINING, etc., Zimbra only chooses ESMTP PIPELINING and does not attempt to authenticate.
Thanks!
Dave
postfix auth to relay host
man 5 postconf on my box doesn't have smtp_sasl_authentication_filter, so I'm not sure what that does - but I'm pretty sure that you'll want to set smtp_sasl_auth_enable to yes...
Quote:
Originally Posted by firebin
Greetings,
I am having a heck of a time getting my Zimbra server to relay mail through my external SMTP server (which supports plain old relaying, SMTP AUTH, TLS, SSL, etc.). Ideally, I'd like to have all mail forward through that server, and be encrypted (both the password and the message).
I have tried to piece together a number of the current posts on the forum, but haven't had any luck.
Here is the end of my main.cf:
Code:
smtpd_helo_required = yes
smtpd_client_restrictions = reject_unauth_pipelining
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_sender, reject_unauth_destination, permit
broken_sasl_auth_clients = yes
smtpd_use_tls = yes
smtpd_tls_cert_file = /opt/zimbra/conf/smtpd.crt
smtpd_tls_key_file = /opt/zimbra/conf/smtpd.key
smtpd_tls_loglevel = 3
message_size_limit = 10240000
content_filter = smtp-amavis:[127.0.0.1]:10024
myhostname = zimbra.(MY INTERNALDOMAIN)
recipient_delimiter =
smtpd_sasl_auth_enable = yes
smtpd_tls_auth_only = no
disable_dns_lookups = yes
smtp_sasl_password_maps = hash:/opt/zimbra/conf/relay_password
relayhost = (MY EXTERNAL SMTP SERVER)
smtp_sasl_authentication_filter =
smtp_sasl_security_options = noanonymous
smtp_tls_enforce_peername = no
debug_peer_list = (MY EXTERNAL SMTP SERVER)
Any help you could give me would be great... looking at the logs, I see that while my server advertises AUTH LOGIN CRAM-MD5 PLAIN STARTTLS PIPELINING, etc., Zimbra only chooses ESMTP PIPELINING and does not attempt to authenticate.
Thanks!
Dave
