Results 1 to 7 of 7

Thread: External Mail Relay authentication question

  1. #1
    pauloc is offline Junior Member
    Join Date
    Jul 2013
    Location
    Évora, Portugal
    Posts
    5
    Rep Power
    1

    Default External Mail Relay authentication question

    Hello,

    I'm running zimbra 8.0.4 on Centos 6.3.
    The zimbra server was configured (not by me) to make external mail relay to my ISP authenticated and encripted by tls and was working just fine.
    Now my ISP have changed the service of mail relay to another host with plain login authentication.
    For this configuration i have folowed this wiki:Outgoing SMTP Authentication - Zimbra :: Wiki.
    I can't send any mails to outside of my domain, it says " 554 5.7.1 <anymail@gmail.com>: Relay access denied (in reply to RCPT TO command)"

    The support staff of my ISP tell me that my server is trying to send the mails without sending the authentication to mail relay server.

    in the mains.cf of my postfix i have these lines:

    Code:
    ...
    smtp_sasl_security_options = noanonymous
    relayhost = outbound_relay.com:25
    smtpd_sasl_authenticated_header = no
    smtp_helo_name = $myhostname
    broken_sasl_auth_clients = yes
    smtpd_tls_key_file = /opt/zimbra/conf/smtpd.key
    smtpd_helo_required = yes
    sendmail_path = /opt/zimbra/postfix/sbin/sendmail
    smtpd_sasl_security_options = noanonymous
    smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_mynetworks, reject_unlisted_recipient, permit
    smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
    smtpd_reject_unlisted_recipient = no
    smtp_sasl_mechanism_filter = plain,login
    local_header_rewrite_clients = permit_mynetworks,permit_sasl_authenticated
    smtpd_data_restrictions = reject_unauth_pipelining
    smtpd_milters = inet:127.0.0.1:8092
    smtpd_tls_security_level = may
    smtpd_sender_restrictions = check_sender_access regexp:/opt/zimbra/postfix/conf/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, permit_tls_clientcerts, check_sender_access regexp:/opt/zimbra/postfix/conf/tag_as_foreign.re
    lmtp_host_lookup = dns
    smtpd_client_restrictions = reject_unauth_pipelining
    smtpd_tls_auth_only = no
    smtpd_banner = $myhostname ESMTP $mail_name
    mynetworks = 127.0.0.0/8 10.27.0.0/16 10.80.0.0/24 192.168.100.0/30 62.28.164.245/32
    smtpd_sasl_auth_enable = yes
    smtpd_tls_loglevel = 1
    non_smtpd_milters =
    smtp_tls_security_level = may
    smtp_cname_overrides_servername = no
    mydestination = localhost
    smtpd_end_of_data_restrictions =
    smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
    smtp_fallback_relay =
    smtpd_tls_cert_file = /opt/zimbra/conf/smtpd.crt
    smtp_sasl_password_maps = hash:/opt/zimbra/conf/relay_password
    smtp_sasl_auth_enable = yes
    disable_dns_lookups = no
    debug_peer_list = outbound-relay.com
    debug_peer_level = 3
    ...

    I have read many documentation and everything it seams rigth to me.

    His it possible that in other configuration files still remains some missing lines from old mail relay settings??


    Thanks in advance

    Paulo

  2. #2
    Raunaq's Avatar
    Raunaq is offline Zimbra Employee
    Join Date
    Nov 2012
    Location
    Bangalore
    Posts
    163
    Rep Power
    2

    Default

    Can you provide the output of

    zmprov gs server.domain.com zimbraMtaRelayHost

    and

    zmprov gcf zimbraMtaRelayHost

  3. #3
    pauloc is offline Junior Member
    Join Date
    Jul 2013
    Location
    Évora, Portugal
    Posts
    5
    Rep Power
    1

    Default

    Hello Raunaq,

    the output of these commands its :

    zimbraMtaRelayHost: outbound_relay.com:25

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    Quote Originally Posted by pauloc View Post
    Hello Raunaq,

    the output of these commands its :

    zimbraMtaRelayHost: outbound_relay.com:25
    Is that really the FQDN of the relay server?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    pauloc is offline Junior Member
    Join Date
    Jul 2013
    Location
    Évora, Portugal
    Posts
    5
    Rep Power
    1

    Default

    Hello phoenix,

    No, the real FQDN its : outbound-relay-in.ptprime.pt

  6. #6
    pauloc is offline Junior Member
    Join Date
    Jul 2013
    Location
    Évora, Portugal
    Posts
    5
    Rep Power
    1

    Default

    After some tests with the tcdump tool i was able to verify that my zimbra server isn´t sending the authentication credentials.

    This means that after sending the EHLO he should try the authentication, instead he tries to send the mail skiping this step.
    But in zimbra postfix i have the smtp_sasl_auth_enable = yes and smtpd_sasl_auth_enable = yes.


    Paulo

  7. #7
    pauloc is offline Junior Member
    Join Date
    Jul 2013
    Location
    Évora, Portugal
    Posts
    5
    Rep Power
    1

    Default

    Is it possible that zimbra don't force authentication because the port of the relay server is 25 and not 587??

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 3
    Last Post: 03-09-2013, 02:59 PM
  2. Replies: 1
    Last Post: 07-13-2012, 07:57 AM
  3. External mail relay authentication error
    By Rk_Raj in forum Administrators
    Replies: 1
    Last Post: 10-24-2011, 01:04 AM
  4. Relay MTA for external delivery Question
    By quangkhuong7255 in forum Installation
    Replies: 4
    Last Post: 07-30-2008, 02:46 AM
  5. SMTP authentication to mail relay on ATT DSL
    By btietz in forum Migration
    Replies: 4
    Last Post: 05-09-2008, 12:50 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •