OK. I tried this now:
I shut down postfix with following command:
Then I did a
I got a lot of these:
tcpdump -p port 25 -X
If I try to start postfix with following command:
18:47:00.967025 IP <my.server.domain>.smtp > <my.internal.router.IP>.35556: R 0:0(0) ack 1416549322 win 0
0x0000: 4500 0028 0000 4000 4006 3773 c0a8 c10a E..(..@.@.7s....
0x0010: c0a8 c101 0019 8ae4 0000 0000 546e d3ca ............Tn..
0x0020: 5014 0000 f93c 0000 P....<..
18:47:02.813531 IP <my.internal.router.IP>.35557 > <my.server.domain>.smtp: S 1427397831:1427397831(0) win 32767 <mss 16396>
0x0000: 4500 002c 5a8f 4000 4006 dcdf c0a8 c101 E..,Z.@.@.......
0x0010: c0a8 c10a 8ae5 0019 5514 5cc7 0000 0000 ........U.\.....
0x0020: 6002 7fff 9d97 0000 0204 400c 0000 `.........@...
but zmcontrol status shows me:
postfix/postfix-script: warning: not owned by root: /opt/zimbra/postfix-126.96.36.199z/conf/main.cf
postfix/postfix-script: starting the Postfix mail system
and there is no other service running on port 25.
Now I'd run:
and postfix starts without errors.
Postfix is relaying only to 127.0.0.1 and my DMZ-Subnet.
No I have an idea. My router has SPAMd installed, that means it's an open-relay that passes e-mails straight to my zimbra-box. So if SPAMd doesn't work correctly, and passes the SPAM-Mails through to the zimbra-box, it looks for zimbra like it comes from a client (my router) in the trusted network..hmm..
Is there a possiblity to forbid local clients/clients from the trusted network to relay or that any client without username/pwd can't relay on zimbra?