Results 1 to 7 of 7

Thread: Zimbra relay problems

  1. #1
    Narev is offline Active Member
    Join Date
    Sep 2010
    Location
    Enschede Netherlands
    Posts
    47
    Rep Power
    4

    Default Zimbra relay problems

    We have a zimbra server that we use for sending mails for all our applications. For this we added some trusted MTA networks:

    Code:
    zmprov getServer zimbra.capegroep.nl | grep zimbraMtaMyNetworks
    zimbraMtaMyNetworks: 127.0.0.0/8 217.119.233.144/29 217.119.234.224/29 82.94.188.103/32 217.119.233.187/32 217.119.233.186/32
    However, even after rebooting the system we still get the following error.

    Code:
    Aug 29 15:59:53 zimbra postfix/smtpd[9686]: NOQUEUE: reject: RCPT from cqa.btc.echelon.nl[217.119.233.186]: 554 5.7.1 <someone@otherdomain.nl>: Relay access denied; from=<no-reply@capegroep.nl> to=<someone@otherdomain.nl> proto=ESMTP helo=<esb.capegroep.nl>
    In here esb.capegroep.nl is the server that sends the relay request to our mailserver and cqa.btc.echelon.nl is the public address of our network.

    What are we missing to enable our relay request?

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    Quote Originally Posted by Narev View Post
    What are we missing to enable our relay request?
    You should not add any addition entries to the Trusted Networks other than your own LAN (or just the ZCS server) otherwise you may end up with a spam problem if the other server get compromised. Any 'user' sending mail through your server should use the correct Submission port 587 and that will need authentication, it's more secure than adding them to the Trusted Networks.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Narev is offline Active Member
    Join Date
    Sep 2010
    Location
    Enschede Netherlands
    Posts
    47
    Rep Power
    4

    Default

    That would require us to create an account for sending out mail, while i'm not opposed to that i would wonder, is it possible to create an account that is only able to send mail but not receive mail?

  4. #4
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    Yes, you can restrict who can send mail to a specific account.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    Narev is offline Active Member
    Join Date
    Sep 2010
    Location
    Enschede Netherlands
    Posts
    47
    Rep Power
    4

    Default

    I thought about this, but wouldn't the same thing go for the account? If i would store the username and password somewhere on the server? As a matter of fact if the server would get compromised and i would store the username/password somewhere on the server it would be a worse scenario. Because then i would need to change the username and password on all servers ^^ Or i would need to create separate accounts for each application but that seems like a waste of your licenses.

    So that still makes me wonder, why could my initial configuration be off? Since my external ip address is added to the trustedmtanetwork i would still expect it to work?
    Last edited by Narev; 09-02-2013 at 05:14 AM.

  6. #6
    Narev is offline Active Member
    Join Date
    Sep 2010
    Location
    Enschede Netherlands
    Posts
    47
    Rep Power
    4

    Default

    I have thought things over Phoenix and i still would like to go with our initial try. Could you help me out with the reason why our zimbra server would still give a relay acces denied error even though our external ip is added to the MTAMyNetworks param?

  7. #7
    Narev is offline Active Member
    Join Date
    Sep 2010
    Location
    Enschede Netherlands
    Posts
    47
    Rep Power
    4

    Default

    I found out that my problem might be caused that my postfix/conf/main.cf file is not updated properly. I am not sure why this would be the case. But after restarting my postfix i noticed that there actually was a difference in my postconf mynetworks and my zimbra mtanetworks. The reason why these differe i don't know. But my guess is that it has something to do with my other forum post, about the auth error i receive in the admin console. Is there anyone out there that could shine a light on this?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 7
    Last Post: 10-18-2012, 12:22 PM
  2. Replies: 0
    Last Post: 08-31-2012, 11:08 AM
  3. Relay problems
    By sktwolf in forum Administrators
    Replies: 4
    Last Post: 07-31-2008, 06:48 AM
  4. New installation: mail relay & SOAP problems
    By cheros in forum Installation
    Replies: 3
    Last Post: 04-24-2008, 12:20 AM
  5. Problems with outgoing SMTP Relay
    By cyber_jack in forum Administrators
    Replies: 3
    Last Post: 01-10-2008, 03:38 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •