Secure MTA connection with authentication

[firebin]

Greetings,

I am having a heck of a time getting my Zimbra server to relay mail through my external SMTP server (which supports plain old relaying, SMTP AUTH, TLS, SSL, etc.). Ideally, I'd like to have all mail forward through that server, and be encrypted (both the password and the message).

I have tried to piece together a number of the current posts on the forum, but haven't had any luck.

Here is the end of my main.cf:

Code:

smtpd_helo_required = yes

smtpd_client_restrictions = reject_unauth_pipelining

smtpd_data_restrictions = reject_unauth_pipelining

smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_sender, reject_unauth_destination, permit

broken_sasl_auth_clients = yes

smtpd_use_tls = yes
smtpd_tls_cert_file = /opt/zimbra/conf/smtpd.crt
smtpd_tls_key_file = /opt/zimbra/conf/smtpd.key
smtpd_tls_loglevel = 3

message_size_limit = 10240000
content_filter = smtp-amavis:[127.0.0.1]:10024
myhostname = zimbra.(MY INTERNALDOMAIN)
recipient_delimiter =
smtpd_sasl_auth_enable = yes
smtpd_tls_auth_only = no
disable_dns_lookups = yes
smtp_sasl_password_maps = hash:/opt/zimbra/conf/relay_password
relayhost = (MY EXTERNAL SMTP SERVER)
smtp_sasl_authentication_filter =
smtp_sasl_security_options = noanonymous
smtp_tls_enforce_peername = no
debug_peer_list = (MY EXTERNAL SMTP SERVER)

Any help you could give me would be great... looking at the logs, I see that while my server advertises AUTH LOGIN CRAM-MD5 PLAIN STARTTLS PIPELINING, etc., Zimbra only chooses ESMTP PIPELINING and does not attempt to authenticate.


Thanks!

Dave

[marcmac]

man 5 postconf on my box doesn't have smtp_sasl_authentication_filter, so I'm not sure what that does - but I'm pretty sure that you'll want to set smtp_sasl_auth_enable to yes...

Quote:

Originally Posted by firebin

Greetings,

I am having a heck of a time getting my Zimbra server to relay mail through my external SMTP server (which supports plain old relaying, SMTP AUTH, TLS, SSL, etc.). Ideally, I'd like to have all mail forward through that server, and be encrypted (both the password and the message).

I have tried to piece together a number of the current posts on the forum, but haven't had any luck.

Here is the end of my main.cf:

Code:

smtpd_helo_required = yes

smtpd_client_restrictions = reject_unauth_pipelining

smtpd_data_restrictions = reject_unauth_pipelining

smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_sender, reject_unauth_destination, permit

broken_sasl_auth_clients = yes

smtpd_use_tls = yes
smtpd_tls_cert_file = /opt/zimbra/conf/smtpd.crt
smtpd_tls_key_file = /opt/zimbra/conf/smtpd.key
smtpd_tls_loglevel = 3

message_size_limit = 10240000
content_filter = smtp-amavis:[127.0.0.1]:10024
myhostname = zimbra.(MY INTERNALDOMAIN)
recipient_delimiter =
smtpd_sasl_auth_enable = yes
smtpd_tls_auth_only = no
disable_dns_lookups = yes
smtp_sasl_password_maps = hash:/opt/zimbra/conf/relay_password
relayhost = (MY EXTERNAL SMTP SERVER)
smtp_sasl_authentication_filter =
smtp_sasl_security_options = noanonymous
smtp_tls_enforce_peername = no
debug_peer_list = (MY EXTERNAL SMTP SERVER)

Any help you could give me would be great... looking at the logs, I see that while my server advertises AUTH LOGIN CRAM-MD5 PLAIN STARTTLS PIPELINING, etc., Zimbra only chooses ESMTP PIPELINING and does not attempt to authenticate.


Thanks!

Dave

[firebin]

Nice! I knew it had to be something small. The smtp_auth_enable did the trick.


Thanks,

Dave