SMTP Relay Issue

[mailman1175]

…but my situation is similar in context, and it seemed to make more sense to start here. I have trudged through the forums and the wiki, and have found a number of different suggestions for how to appropriately configure Zimbra in this situation. So far, though, I've been unable to send or receive mail.

Situation:

• My server is running Zimbra 8 on Ubuntu 12.04; it is a clean install.
• I'm using No-IP Alt-SMTP relay service and Reflector.
• My server is at home, behind a NAT.
• My ISP blocks port 25 inbound and outbound.
• No-IP's Alt-SMTP is at smtp-auth.no-ip.com:3325, and requires authentication.
• I have No-IPs reflector service pointing to port 2525, with that port forwarded to port 25 on the server. No-IP reports pings to that port time out.
• My MX records are correctly pointed at No-IPs reflector servers.

Problems:

• I cannot send mail from the new server (I receive a message from No-IP's relay host, informing me that my send mail request isn't authenticated).
• Mail sent from other hosts/domains to the new server (i.e., Gmail) does not arrive.
• Port 2525 times out, though it's port-forwarded to 25 on the Zimbra server

Attempted solution:

If I understand correctly, it's simpler for postfix to continue listening on port 25, just using the NAT to port-forward to there. I want outbound traffic to change to port 3325. To that end, I've done (as zimbra user):

Code:

$ zmprov ms my.mailserver.com zimbraMtaRelayHost smtp-auth.no-ip.com:3325
$ postmap hash:/opt/zimbra/conf/relay_password ## where relay_password contains username:password
$ postmap -q smtp-auth.no-ip.com /opt/zimbra/conf/relay_password ## confirmed here
<my_username:password>
$ postconf -e smtp_sasl_password_maps=hash:/opt/zimbra/postfix/conf/relay_password
$ postconf -e smtp_sasl_auth_enable=yes
$ postconf -e smtp_cname_overrides_servername=no
$ postconf -e smtp_use_tls=yes
$ postconf -e relayhost=smtp-auth.no-ip.com:3325
$ postfix reload
/postfix-script: refreshing the Postfix mail system
$ zmcontrol restart

The Web Admin interface [Home -> Configure -> Global Settings -> MTA] shows: "Relay MTA for external delivery: smtp-auth.no-ip.com : 3325" … So does [Home -> Configure -> Servers -> my.mailserver.com -> MTA]. BUT, for some reason the smtp_sasl_password_maps setting isn't surviving postfix reload; it gets reset to null every time. The file was originally owned by zimbra:zimbra; I changed to root:postfix, but that didn't seem to help.

I'd appreciate any help you folks can give me in getting to the bottom of this.

----------

Additional info:

• I did set up split DNS.
• I can access the web Admin interface, so port forwarding/firewall doesn't seem to be the issue with the port 2525 time-out.

-----------

More info:

Code:

$ sudo netstat -tlnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:10029         0.0.0.0:*               LISTEN      28013/master    
tcp        0      0 0.0.0.0:110             0.0.0.0:*               LISTEN      27319/java      
tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN      27319/java      
tcp        0      0 127.0.0.1:80            0.0.0.0:*               LISTEN      27319/java      
tcp        0      0 127.0.0.1:8465          0.0.0.0:*               LISTEN      28034/opendkim  
tcp        0      0 0.0.0.0:465             0.0.0.0:*               LISTEN      28013/master    
tcp        0      0 0.0.0.0:7025            0.0.0.0:*               LISTEN      27319/java      
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      935/dnsmasq     
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      836/sshd        
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      28013/master    
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      27319/java      
tcp        0      0 0.0.0.0:8735            0.0.0.0:*               LISTEN      27319/java      
tcp        0      0 0.0.0.0:7071            0.0.0.0:*               LISTEN      27319/java      
tcp        0      0 0.0.0.0:7072            0.0.0.0:*               LISTEN      27319/java      
tcp        0      0 0.0.0.0:993             0.0.0.0:*               LISTEN      27319/java      
tcp        0      0 127.0.0.1:7171          0.0.0.0:*               LISTEN      13839/java      
tcp        0      0 0.0.0.0:995             0.0.0.0:*               LISTEN      27319/java      
tcp        0      0 0.0.0.0:7780            0.0.0.0:*               LISTEN      27735/httpd     
tcp        0      0 192.168.1.9:389         0.0.0.0:*               LISTEN      25444/slapd     
tcp        0      0 127.0.0.1:10663         0.0.0.0:*               LISTEN      14942/zmlogger: zmr
tcp        0      0 127.0.0.1:10024         0.0.0.0:*               LISTEN      27396/amavisd (mast
tcp        0      0 127.0.0.1:10025         0.0.0.0:*               LISTEN      28013/master    
tcp        0      0 127.0.0.1:10026         0.0.0.0:*               LISTEN      27396/amavisd (mast
tcp        0      0 127.0.0.1:7306          0.0.0.0:*               LISTEN      27247/mysqld    
tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN      28013/master    
tcp        0      0 0.0.0.0:11211           0.0.0.0:*               LISTEN      27331/memcached 
tcp6       0      0 :::53                   :::*                    LISTEN      935/dnsmasq     
tcp6       0      0 :::22                   :::*                    LISTEN      836/sshd        
tcp6       0      0 :::11211                :::*                    LISTEN      27331/memcached

** I'll just toss this up here so you can see current port configuration.