Not able to send mails to external domain

[chandu]

Our users not able to send mails through outlook ..but able to recevie the mails...while sending on server getting below error :

Jul 16 17:37:32 mail postfix/smtpd[22186]: NOQUEUE: reject: RCPT from unknown[161.231.232.1]: 554 5.7.1 <test@yahoo.com>: Relay access denied; from=<user@example.com> to=<test@yahoo.com> proto=SMTP helo=<01HW162613>



through web interface everything is working fine...

[uxbod]

Could you post a screenie of how you have the Outlook client setup for your server ?

[chandu]

Hi Uxbod,

For the client end we have below setting :

#################################################
In Outlook express, under account properties settings are as below :

Under "Server " Tab :
1. "Log on using secure password authentication" is Unchecked

2. "my server requires authentication" is checked and under settings "Use same settings as my incoming mail server" is checked. I have didnt enabled "LOg on using" option here.

Under "Advanced" Tab :
Outgoing mail : 25
Incoming mail : 143
This server requires a secure connection ( ssl) is unchecked for both protocol.

################################################

And at server end we have below settings :

##################################################
For Server :

1. General Information :
Disply Name : mail.example.com
Service host name : mail.example.com
Max schdueled task : 20
Sleep time : 1 min
This server is a reverse proxy lookup target is checked mark

2. Services :

All services are checked excpet 'imap and pop proxy'

3. MTA :
Enable authentication is checked
TLS authentication is Unchecked
Web mail MTA hostname : mail.example.com
Web mail MTA port : 25
Web mail timeout: 60 sec
MTA trusted networks : 127.0.0.0/8 <mail server network>/24
enable dns lookup is checked

4.IMAP and POP

Enable IMAP service and clear text login are checked
ssl is diabled

################################################

Under Global settings :

1. general info :
Default domain : example.com
sleep time: 1 min

2. MTA :
Enable authentication is checked
TLS authentication is Unchecked
Web mail MTA hostname : mail.example.com
Web mail MTA port : 25
enable dns lookup is checked
Add x-originating to message is checked

3. IMAP and POP

Enable IMAP service and clear text login are checked
ssl is diabled

4. As /AV
Kill % : 66
Tag % : 33
Frequecy : 2 hours


##########################################

Please let me know if u need any other details.

Thanks

[chandu]

Hi,

Just wanted to update....i tried to searched those wieard lines and got below lines :

[zimbra@mail ~]$ grep -ir aW9uIFN1aXRlM *
conf/nginx.crt:aW9uIFN1aXRlMRgwFgYDVQQDEw90Y3MtaXRvbnRh cC5jb20wHhcNMDkwNzA3MTA1
conf/slapd.crt:aW9uIFN1aXRlMRgwFgYDVQQDEw90Y3MtaXRvbnRh cC5jb20wHhcNMDkwNzA3MTA1
conf/smtpd.crt:aW9uIFN1aXRlMRgwFgYDVQQDEw90Y3MtaXRvbnRh cC5jb20wHhcNMDkwNzA3MTA1

These lines are belong to crt files...but i dont understand why am i getting thse lines when i tried to lookup for MTA config.

and ya one more thing ...there is no MTA restriction in config :

[zimbra@mail ~]$ zmprov gacf | grep -i mtarestriction
[zimbra@mail ~]$


Wheni enter user's desktop ip in my postconfig mynetwork then they are able to send mails w/o any issue...but these can not be the solution as in every reboot Ips are keep changing and its public network ...



Ans yes...we are having 2 domains on this server and within this domain mail communication happening very fine w/o putting desktop entries in mynetwork..only the problem when these domains try to send mail to external world ...

Thanks

[veronica]

> [zimbra@mail ~]$ grep -ir aW9uIFN1aXRlM *
conf/nginx.crt:aW9uIFN1aXRlMRgwFgYDVQQDEw90Y3MtaXRvbnRh cC5jb20wHhcNMDkwNzA3MTA1
conf/slapd.crt:aW9uIFN1aXRlMRgwFgYDVQQDEw90Y3MtaXRvbnRh cC5jb20wHhcNMDkwNzA3MTA1
conf/smtpd.crt:aW9uIFN1aXRlMRgwFgYDVQQDEw90Y3MtaXRvbnRh cC5jb20wHhcNMDkwNzA3MTA1

Why should these lines display when you run zmprov commands. Thats odd.

[chandu]

Dear All,

Thanks all for your help....

Bill,

yes you were right...for testing purpose I have enabled TLS connection and ssl for IMAP at server end and open 993 (imap with ssl ) and 465 ( smtp with ssl ) at firewall end and then tried mail communication from outer world by doing required changes in outlook configuration and it worked without putting desktop ips in mynetwork

But yes it should work with my original server config with clear text authntication but tht is not happenening ....and it seems some authntication modules may got corrupt ...i dont knw how to explain that...but yes above mentioned lines are regarding certification...long back i enabled TLS and disbaled afterwards...but i think its not got diabled properly...its was showing it was disabled but some thing fishy going on internally regarding this....I hope i m making sense....

Anyways ..right now i m happy that this got fix by using secure connection...but yes i would like to fix my original issue also ...and i m thinking to plan schedule downtime and will reinstall zimbra.....if u guys have any suggestion then pls let me know...


Thanks

[chandu]

hi,

Users are now able to send/ recevie mails with TLS connection and 465 and 993 ports w/o any issue but they are keep getting below alert when they open Outlook :

"The server you are connected to is using a security certificate that could not be verified. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider."


Any idea how to remove this message ? DO i need to install root certificate at client's desktop ? if yes then from where i can get that certificate ?

Thanks.

[chandu]

Hi,


As I mentioned in my previous post, when we enable TLS connection then client getting below pop while accessing mail server through outlook...

"The server you are connected to is using a security certificate that could not be verified. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider."


How can we remove this pop up ?

Thanks

[itbuddhika]

I have put a lot of allowed relays into the MTA section however it seems to only have a 256 character limit on the website. We edited a postfix config file to add these manually however every time postfix is restarted these changes are reset. How else can we manually enter relays to bypass the websites 256 character limit?

[uxbod]

Why do you need to enter so many relays ?