SMTP Auth. Failed outside the subnet

[chanck]

I don't know whether it is a MUST that smtp auth + tls should be applied together to make auth works. But in your previous post, you require me to do so. Anyway, please notice that it was another error if I use both smtp auth + tls. Thunderbird complaint that the zimbra server doesn't support EHLO command.

I tried to
c:\> telnet 202.175.x.x 25
220 safp.gov.mo ESMTP Postfix
ELHO host
502 Error: command not implemented

That means now I got 2 diff problem sending from Internet.
Without TLS, it is Relay Access Denined
With TLS, it is "502 Error: Command not Implemented".

Both would not happened inside the subnet of the Zimbra Server.

Thomas

[marcmac]

I feel compelled to point out that you entered ELHO, not EHLO.

[marcmac]

and zimbraMailMode on the server is http?

[chanck]

Sorry, because I am trying those stuff with another machine. Some stuff are typed by me and not copy and paste. Therefore, typo mistake may happened.

I just found another strange stuff.

If I telnet INTERNAL_IP_of_zimbra 25

Code:

220 my_domin ESMTP Postfix
EHLO host
250-my_domain
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250 8BITMIME

If I telnet INTERNET_IP_of zimbra 25

Code:

220 *******************
EHLO host
502 Error: command not implemented

With this strange case, I also suspected that I have connected to the wrong host, but I did not because I checked at the /var/log/zimbra.log, there were connection trails:

Code:

 Mar 16 11:24:55 safp postfix/smtpd[14342]: connect from unknown[202.175.xx.xx]
Mar 16 11:25:06 safp postfix/smtpd[14446]: timeout after CONNECT from unknown[202.175.xx.xx]

That means I connected correctly.

Thomas

[chanck]

Quote:

Originally Posted by marcmac

and zimbraMailMode on the server is http?

Code:

zimbra@mailsrv:~> zmprov gs my_domain | grep Mode
zimbraMailMode: http

[marcmac]

My friend, if you're getting different banners on port 25, you're connecting to different postfix instances.

ps auxww | grep postfix
kill -9 everything listed
su - zimbra
postfix start

Make sure you're not starting some system-default postfix on boot.

[chanck]

Great, the keywords "anther instances" hit me. So I search through the Internet "Postfix + banner + asterisk" and found that there is SMTP proxy in my PIX firewall (I really don't know about that). I disable the "fixup protocol smtp 25" settings.

Now the authentication dialog comes out. Without TLS, the SMTP connection is worked. There is still STARTTLS error when using TLS, I am trying to investigate it to see whether it is also related to my PIX firewall settings too.

Thank you for your patience.

Thomas

[koolokamba]

I telnet INTERNAL_IP_of_zimbra 25 and INTERNAL_IP_OF_ZIMBRA 25 the result are the same.

but I cannot send email in the outside subnet.

Pls help...

[phoenix]

Quote:

Originally Posted by koolokamba

I telnet INTERNAL_IP_of_zimbra 25 and INTERNAL_IP_OF_ZIMBRA 25 the result are the same.

but I cannot send email in the outside subnet.

Pls help...

Did you search the forum first? This has been covered many times. Do you have 'enable DNS lookup' set in the ADMIN UI?

[phoenix]

Oh, and if your zimbra server is up at the moment it's not possible to telnet to port 25. How are you checking that you can get to it?