Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Adding SSL based SMTP authentication

  1. #1
    Miklos Kalman is offline Loyal Member
    Join Date
    Dec 2007
    Location
    Hungary
    Posts
    76
    Rep Power
    7

    Default Adding SSL based SMTP authentication

    Hi,

    How can I setup SSL based SMTP authentication? I need this to allow me to send emails using the Zimbra server from my PDA, since I am getting relay denied in the Zimbra logs. The ISP allows port 25 so that part shouldn't be a problem.

    Thanks,
    Miklos

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,470
    Rep Power
    56

    Default

    Look in the Global Settings/IMAP tab for the settings (& MTA tab for Authentication). BTW, the correct port for Submissions is 587 not 25, to use that you would require a change to the master.cf file. If you want to make that chang, do the following:

    Code:
    In the /opt/zimbra/postfix/conf/master.conf file uncomment the following three lines:
    
    #submission inet n      -       n       -       -       smtpd
    #	-o smtpd_etrn_restrictions=reject
    #	-o smtpd_client_restrictions=permit_sasl_authenticated,reject
    make sure that the whitespace remain at the beginning of lines 2 & 3. You might also want to vote on this bug. Changes you make to the master.cf file will not survive an upgrade, you'll need to make the change again.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Miklos Kalman is offline Loyal Member
    Join Date
    Dec 2007
    Location
    Hungary
    Posts
    76
    Rep Power
    7

    Default

    Hi,

    I uncommented the lines and restarted/reloaded postfix. In the admin I have enable SSL for IMAP.

    I tried sending a mail from my PDA (WM6, outgoing requires SSL setting), it reached the server and this is what I got in the logs:

    Feb 10 15:00:39 mail postfix/smtpd[6336]: NOQUEUE: reject: RCPT from apn-89-223-245-75.vodafone.hu[89.223.245.75]: 554 5.7.1 : Relay access denied; from= to= proto=ESMTP helo=
    Feb 10 15:00:39 mail postfix/smtpd[6336]: 9B0461B4006C: client=apn-89-223-245-75.vodafone.hu[89.223.245.75]
    Feb 10 15:00:40 mail postfix/smtpd[6336]: NOQUEUE: reject: RCPT from apn-89-223-245-75.vodafone.hu[89.223.245.75]: 554 5.7.1 : Relay access denied; from= to= proto=ESMTP helo=

    The request reaches the server so the ISP is not blocking anything. The PDA responded with : "Cannot establish SSL connection, check your setting and try again...". I also tried without SSL but still got the error in the logs, also a message came back to the PDA saying relay not permitted.

    Any ideas what else can be wrong?

    Miklos

  4. #4
    Miklos Kalman is offline Loyal Member
    Join Date
    Dec 2007
    Location
    Hungary
    Posts
    76
    Rep Power
    7

    Default

    for some reason the email addresses were omitted during the post, but both sender and recipients are valid email addresses with the sender being on the domain of the zimbra server.

  5. #5
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,470
    Rep Power
    56

    Default

    This has been covered dozens of times in the forums, authenticated users are able to relay through Zimbra servers. You should check the mynetworks configuration in the following articles:

    Outgoing Mail Problems - Zimbra :: Wiki
    ZimbraMtaMyNetworks - Zimbra :: Wiki

    One thing to note, the mynetworks configuration is for your local LAN and the Zimbra server itself, you do NOT need to add the IP of your remote PDA.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  6. #6
    Miklos Kalman is offline Loyal Member
    Join Date
    Dec 2007
    Location
    Hungary
    Posts
    76
    Rep Power
    7

    Default

    I know it has been covered, but mynetworks in not the solution in this case. I want to allow authenticated users to use the zimbra server as an SMTP server no matter which network they are on. If for instance I use thunderbird and authenticate using TLS I am able to send email using the same Zimbra server. I want to have the same effect happen using my PDA. However since my PDA does not allow TLS for outgoing I am left with the SSL option which should work the same way right?

  7. #7
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,470
    Rep Power
    56

    Default

    Please check that your mynetworks configuration is OK and post some output to show that it is. Once you've done that we can move forward with any other checks that may be necessary.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  8. #8
    Miklos Kalman is offline Loyal Member
    Join Date
    Dec 2007
    Location
    Hungary
    Posts
    76
    Rep Power
    7

    Default

    This is the output of mynetworks:

    zimbra@mail:~$ zmprov gs `zmhostname` | grep zimbraMtaMyNetworks
    zimbraMtaMyNetworks: 127.0.0.0/8 217.65.100.0/26 172.16.228.0/24

  9. #9
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,470
    Rep Power
    56

    Default

    Run the following on your Zimbra server:

    Code:
    host `hostname`  <-- use backticks not single quotes
    dig yourdomain.com mx
    dig yourdomain.com any
    
    cat /etc/hosts
    cat /etc/resolv.conf
    and post the exact output that you get from those commands.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  10. #10
    Miklos Kalman is offline Loyal Member
    Join Date
    Dec 2007
    Location
    Hungary
    Posts
    76
    Rep Power
    7

    Default

    Hi,

    Here is the output:

    root@mail:~# host `hostname`
    mail.westerlike.com has address 217.65.100.52
    root@mail:~# dig mail.westerlike.com mx

    ; <<>> DiG 9.3.2 <<>> mail.westerlike.com mx
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59790
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;mail.westerlike.com. IN MX

    ;; AUTHORITY SECTION:
    westerlike.com. 10800 IN SOA ans0.t-online.hu. hostmaster.t-online.hu. 2008020603 28800 7200 1209600 86400

    ;; Query time: 18 msec
    ;; SERVER: 195.228.240.249#53(195.228.240.249)
    ;; WHEN: Sun Feb 10 15:55:02 2008
    ;; MSG SIZE rcvd: 100



    root@mail:~# dig mail.westerlike.com any

    ; <<>> DiG 9.3.2 <<>> mail.westerlike.com any
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6529
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;mail.westerlike.com. IN ANY

    ;; ANSWER SECTION:
    mail.westerlike.com. 66714 IN A 217.65.100.52

    ;; Query time: 12 msec
    ;; SERVER: 195.228.240.249#53(195.228.240.249)
    ;; WHEN: Sun Feb 10 15:55:10 2008
    ;; MSG SIZE rcvd: 53

    root@mail:~# cat /etc/hosts
    127.0.0.1 localhost.localdomain localhost
    217.65.100.52 mail.westerlike.com mail

    # The following lines are desirable for IPv6 capable hosts
    ::1 ip6-localhost ip6-loopback
    fe00::0 ip6-localnet
    ff00::0 ip6-mcastprefix
    ff02::1 ip6-allnodes
    ff02::2 ip6-allrouters
    ff02::3 ip6-allhosts

    root@mail:~# cat /etc/resolv.conf
    search westerlike.com
    nameserver 195.228.240.249
    nameserver 195.228.242.180
    nameserver 217.65.96.3

    root@mail:~#

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 13
    Last Post: 07-20-2007, 03:21 AM
  2. Is it started or not
    By kwelipatton in forum Installation
    Replies: 10
    Last Post: 03-28-2006, 11:11 PM
  3. Replies: 13
    Last Post: 10-31-2005, 04:22 PM
  4. Replies: 18
    Last Post: 10-30-2005, 09:12 PM
  5. Certify Error on (re)install
    By rodrigoccurvo in forum Installation
    Replies: 4
    Last Post: 09-23-2005, 09:04 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •