External MTA and TLS Question

[3RiversTechAdmin]

Hey Everyone,

I have a P4 2.8 GHz, with 1.5 GB RAM and 250 GB x2 SATA drives in RAID 1, I am running Version 4.0.2_GA_362.DEBIAN3.1
Performance is good.

I have a couple of quick questions,

Currently I have a Zimbra box using another mail server on my network for external delivery. I would like to turn this off.
What should the servers external relay MTA be set as in the admin console? Also, what should zimbraMtaRelayHost and zimbraMtaDnsLookupsEnabled be set to?

My second question is related to TLS. Originally I could not connect at all using TLS (I would recive a message saying STARTTLS failed). After taking a look at the the logs I realized there was no SMTP cert, so I rebuild by certs. Now I am prompted for a password; however, no password ever works, authentication always fails. There is nothing on the log side besides noting the connected starts then auth fails.

Thanks

[phoenix]

Quote:

Originally Posted by 3RiversTechAdmin

Currently I have a Zimbra box using another mail server on my network for external delivery. I would like to turn this off.
What should the servers external relay MTA be set as in the admin console? Also, what should zimbraMtaRelayHost and zimbraMtaDnsLookupsEnabled be set to?

Those options can be changed in the Admin UI, the relay host field is empty (you're not using one) and the Enable DNS lookup should be enabled (you'll need it to deliver external mail). Those are both on the Global Settings/MTA tab.

Quote:

Originally Posted by 3RiversTechAdmin

My second question is related to TLS. Originally I could not connect at all using TLS (I would recive a message saying STARTTLS failed). After taking a look at the the logs I realized there was no SMTP cert, so I rebuild by certs. Now I am prompted for a password; however, no password ever works, authentication always fails. There is nothing on the log side besides noting the connected starts then auth fails

What exactly is in the logs?

[3RiversTechAdmin]

Thanks Phoenix,

Relay:
When I try to set the field to be blank in the Admin UI, it fills it with my host name when I click save.


Here is my log of a connection attempt from Evolution using TLS:

Quote:

ec 20 08:42:51 localhost postfix/smtpd[14864]: connect from unknown[192.168.X.XX]
Dec 20 08:42:51 localhost postfix/smtpd[14864]: setting up TLS connection from unknown[192.168.X.XX]
Dec 20 08:42:52 localhost postfix/smtpd[14864]: TLS connection established from unknown[192.168.X.XX]: TLSv1 with cipher RC4-MD5 (128/128 bits)
Dec 20 08:43:06 localhost postfix/smtpd[14864]: warning: unknown[192.168.X.XX]: SASL LOGIN authentication failed
Dec 20 08:43:07 localhost postfix/smtpd[14864]: disconnect from unknown[192.168.X.XX]

Thanks

[phoenix]

Quote:

Originally Posted by 3RiversTechAdmin

Thanks Phoenix,

Relay:
When I try to set the field to be blank in the Admin UI, it fills it with my host name when I click save.

You can set thos from the command line, the DNS setting should be TRUE and the relay host should be disable by entering nothing for the attribute (use '' single quotes for the attribute to disable it)

Quote:

Originally Posted by 3RiversTechAdmin

Here is my log of a connection attempt from Evolution using TLS:

I'll come back to you later about this (sorry, I'm in the middle of something).

[phoenix]

Is your saslauthd.conf correct? Have a look at this thread and see if it helps.

[3RiversTechAdmin]

My issue with TLS was the same as mentioned in that thread. The server had been changed to https and the link it was generating was for http.

I will be able to test your suggestion as to the external relay tonight when I can have a bit of downtime. Thanks for your help again.