Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Zimbra as a smarthost

  1. #1
    drez is offline Intermediate Member
    Join Date
    Jan 2007
    Location
    Quebec
    Posts
    16
    Rep Power
    8

    Default Zimbra as a smarthost

    Hi, I would like my zimbra server to handle the smtp relaying of a particular domain, which is not the current zimbra domain.

    How can I do that ?

    Thank you,
    Fred

  2. #2
    drez is offline Intermediate Member
    Join Date
    Jan 2007
    Location
    Quebec
    Posts
    16
    Rep Power
    8

    Default

    I seems to get more information about what I want to do but it's not clear yet:

    It seems that :
    - to get the smtp server to accept mail from other domain, I need to setup a authentication : How can I do that ? Must I use a zimbra domain account ?
    - Is it possible to restrict the SMTP recipient to a list of domain instead of the authentication ?

  3. #3
    LMStone's Avatar
    LMStone is offline Moderator
    Join Date
    Sep 2006
    Location
    477 Congress Street | Portland, ME 04101
    Posts
    1,374
    Rep Power
    11

    Default

    Admin Console > Configuration > Servers > Select your server > MTA tab > MTA Trusted Networks and add the IP address(es) for the server(s) you want to allow to relay through your Zimbra server without any authentication.

    See also for background information:
    Postfix Configuration Parameters and search for the "mynetworks" parameter.

    Hope that helps,
    Mark

  4. #4
    drez is offline Intermediate Member
    Join Date
    Jan 2007
    Location
    Quebec
    Posts
    16
    Rep Power
    8

    Default

    Am I right to think that with this parameter, I need to specified the address of each and every host who could use the relay ? This would be impossible since I have roadwarriors users !

    My best config would be to permit on a recipient domain basis ...?

    I don't want to be an open relay, but I tried for fun to put 0.0.0.0 to allow all network but without success...

  5. #5
    LMStone's Avatar
    LMStone is offline Moderator
    Join Date
    Sep 2006
    Location
    477 Congress Street | Portland, ME 04101
    Posts
    1,374
    Rep Power
    11

    Default

    Quote Originally Posted by drez View Post
    Am I right to think that with this parameter, I need to specified the address of each and every host who could use the relay ? This would be impossible since I have roadwarriors users !

    My best config would be to permit on a recipient domain basis ...?

    I don't want to be an open relay, but I tried for fun to put 0.0.0.0 to allow all network but without success...
    For road warriors, either they should use the ZCS web interface, or you can easily configure their Outlook to do authentication.

    We use the trusted networks parameter to allow, for example, a client's scanners to send scanned documents via email through our Zimbra server without authentication. The scanners are old enough that their firmware has no capability to do smtp-auth.

    And that I suppose is a good, simple way to differentiate:

    • Devices on fixed (hopefully private) IPs that can't do authentication may be added to trusted networks.
    • Users wanting to send through ZCS should be required to authenticate, one way or the other.


    Hope that helps,
    Mark

  6. #6
    drez is offline Intermediate Member
    Join Date
    Jan 2007
    Location
    Quebec
    Posts
    16
    Rep Power
    8

    Default

    Ok good, that's clear. Thank you for your time.

    If I could still abuse a little bit :

    How do I proceed to enable authentication ? Do I have to create a zimbra mail account and make my users use it ?

    The fact is that my zimbra act as a backup SMTP server, and test server ... The zimbra domain and accounts are not the same as the domain I wanted to SMTP backup.

    So what I understand is I create an account like SMTP@zimbradomain.com, and setup my client to use my zimbra SMTP server with this user.

    Is there a simple way to limit this account to act only as a authentication account : no mail, no anything, exept the name / passwd ?

  7. #7
    LMStone's Avatar
    LMStone is offline Moderator
    Join Date
    Sep 2006
    Location
    477 Congress Street | Portland, ME 04101
    Posts
    1,374
    Rep Power
    11

    Default

    Maybe I am missing something but why not just have your road warriors authenticate directly to the production mail server, whatever it is?

    If it's that you want a complete backup mail system, then either yes, you will need Zimbra accounts on the Zimbra server against which the users may authenticate, or, you'll need to configure Zimbra to authenticate against something else (like Active Directory).

    And if the remote users will authenticate against Zimbra directly, you'll need to keep the Zimbra accounts "in sync" with your primary MX accounts.

    FWIW, No Starch Press's "The Book of Postfix" has a nice script you could modify that was designed to have a Postfix box be either a Smarthost, backup MX or gateway server for an Exchange box. The script periodically does an AD lookup to extract all valid email addresses and updates Postfix's relay_recipients tables automagically.

    Zimbra uses LDAP for storing this info, so you'll need to do some major work on the script, but it will keep the user accounts sync'd automagically between the production mail server and the Zimbra backup server (but not the passwords).

    Hope that helps, I expect others here have much more elegant ways of doing this sort of thing, but we'd all need much more information about your current production environment and the specific use cases you are trying to solve before we can help more.

    All the best,
    Mark

  8. #8
    drez is offline Intermediate Member
    Join Date
    Jan 2007
    Location
    Quebec
    Posts
    16
    Rep Power
    8

    Default

    Thanks a lot for the info, I will consider your proposition.

    For the record, our production mail are supplied by a company which uses his ISP SMTP server via his own relay. The fact is that ISP SMTP is often down for different reasons. So I would like to be able to provide a backup SMTP by the time I turn around my email system.

    I think I will go ahead and simply switch to Zimbra in a near future.

    Thank a lot again,
    Have a great day,
    Fred

  9. #9
    Robert Mortimer is offline Active Member
    Join Date
    Apr 2006
    Posts
    31
    Rep Power
    9

    Default

    Just my 10p but why not sack the ISP for mail sending and send direct.

    I'm still not quite sure what you want to achieve

    Backup to your ISP (if they are no good set up Zimbra and Bypass them)
    Authless sending (if you are the recipient the mail will go through without auth)

    or something I have missed

  10. #10
    LMStone's Avatar
    LMStone is offline Moderator
    Join Date
    Sep 2006
    Location
    477 Congress Street | Portland, ME 04101
    Posts
    1,374
    Rep Power
    11

    Default

    Quote Originally Posted by Robert Mortimer View Post
    Just my 10p but why not sack the ISP for mail sending and send direct.

    I'm still not quite sure what you want to achieve

    Backup to your ISP (if they are no good set up Zimbra and Bypass them)
    Authless sending (if you are the recipient the mail will go through without auth)

    or something I have missed
    Robert,

    The OP did not say if they had fixed IPs and/or a Business Class account with their ISP.

    If not, we are seeing that a number of ISPs block outbound port 25 traffic from their "consumer/dynamic IP" netblocks, requiring those customers either to upgrade to a Business Class connection or use the ISP's smtp servers as a smarthost.

    Even if no blocking by the ISP is taking place, we have seen many other mail servers block inbound connections from netblocks known to be assigned to dynamic IPs, primarily to deflect spambot attacks from compromised home machines.

    Hope that helps,
    Mark

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. admin consol blank after 5.0.3 upgarde
    By maumar in forum Administrators
    Replies: 6
    Last Post: 03-21-2008, 05:16 AM
  2. Replies: 12
    Last Post: 02-25-2008, 07:28 PM
  3. Zimbra shutdowns every n hours.
    By Andrewb in forum Administrators
    Replies: 13
    Last Post: 08-14-2007, 08:55 AM
  4. Monitoring : Data not yet avalaible
    By s3nz3x in forum Installation
    Replies: 7
    Last Post: 11-30-2005, 07:18 PM
  5. FC3 Install and no zimbra ?
    By aws in forum Installation
    Replies: 10
    Last Post: 10-09-2005, 04:19 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •