Help configuring relay for outside network clients

[rasoft2000]

Hey, first of all thanks the Zimbra staff for developing a great product.

Second I'm new to Zimbra and Linux in general (Mostly ussing MS servers all my life) but with the help of this forum and the Zimbra docs I was able to migrate our old 4.5 Zimbra to the new mail server with Ver 5.

Now everything is working as expected the only problem I have is that my outside trusted networks clients (Clients accessing via Internet) wich are using Mail Clients (ie. Outlook, etc) are not able to send emails to external domains (aka error 554 <xxx@xxx.xxx>: Relay access denied).

I know this isn't a Zimbra bug/error and I'm sure I'm missing one more configuration option/command.

Here are my MTA Configuration right now:

Enable authentication is checked
TLS authentication only is checked

MTA trusted networks: 127.0.0.0/8 200.87.XXX.XXX 10.120.0.0/24 10.110.0.0/24 10.130.0.0/24
(200.87.XXX.XXX is the external IP for the mail server, the other networks were changed for security but are reflecting the same idea)

Enable Dns lookups is checked

I tried some of the suggestions in these forums about enable "smtp Authentication for my outgoing server" on my outlook test client but as soon I enable that it cannot connect to the server anymore, I think thats related to explicit reject rule wich I cannot find, but I do not know if that will solve my problem.

I already read hxxp://wiki.zimbra.com/index.php?title=ZimbraMtaMyNetworks wiki wich doesnt help me on this cause the clients will be connecting from IP addresses wich are not known to me.

I will appreciate any help you can give me and thanks in advance.

[Baylink]

Find the Zimbra postfix master.cf, uncomment the line that says 'submission', restart Zimbra, and point your clients to port 587, with TLS.

[rasoft2000]

Quote:

Originally Posted by Baylink

Find the Zimbra postfix master.cf, uncomment the line that says 'submission', restart Zimbra, and point your clients to port 587, with TLS.

Hey Baylink, thanks for your answer.

Checking my master.cf file I found the following:

#submission inet n - n - - smtpd
# -o smtpd_etrn_restrictions=reject
# -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
465 inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission inet n - n - - smtpd
# -o smtpd_etrn_restrictions=reject
# -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes

now wich should I uncomment the first one, the second one, both? I think its the second one but I want to be sure first cause this is a production server before restarting,etc.

Thanks

[Baylink]

Well, I uncommented the first one, and none of the options lines, and mine seems to be working ok.

[rasoft2000]

Quote:

Originally Posted by Baylink

Well, I uncommented the first one, and none of the options lines, and mine seems to be working ok.

Ok I tried this on a test server and sadly it didnt work...

Any other suggestion?

Zimbra wiki states that: The default postfix configuration allows relaying only for the local network, but you can configure postfix to allow relaying unconditionally for arbitrary hosts or networks.

Then there should be a way to allow the server to relay freely?

[Baylink]

You *did* restart Zimbra after uncommenting that line, right?

I didn't have to do any configuration after enabling the MSA daemon.