Results 1 to 8 of 8

Thread: zimbra MTA as "backend MTA" another postfix MTA in front

  1. #1
    dagobert is offline Junior Member
    Join Date
    Mar 2008
    Posts
    5
    Rep Power
    7

    Default zimbra MTA as "backend MTA" another postfix MTA in front

    Hi,

    i want to use some domains with zimbra and some with simple imap/webmail server.
    I thought about not messing around too much with the postfix shipped with zimbra for update reasons. Therefor i thought about using a postfix MTA in front of all zimbra MTAs.
    The postfix would handle all incoming mails and has all MX records set to its IP.

    The scenatio woult be like this:

    internet ---mail---> postfix ---relay-mail-to--->zimbraMasterMTA(---relay-mail-to--->zimbrasubserver)

    Are there any problems i would face with this idea? For example: to prevent spam, the front postfix needs access to the user/mailbox table of the zimbraMasterMTA table. Is this possible?

    Thanx for your help.

  2. #2
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,016
    Rep Power
    24

    Default

    Welcome to the forums

    Yes this could be achieved IMHO, but the way I would do it would be to get a list of all the users from the Zimbra server using something like :-

    Code:
    zmprov gaa -v domain.com
    write this out to a file say zmusers and then run :-

    Code:
    postmap zmusers
    to create the binary db file. This is then called via the front-end Postfix process by changed main.cf and adding :-

    Code:
    relay_recipient_maps = hash:/etc/postfix/zmusers
    so any invalid users should be rejected. Doing it this way would also reduce the number of network calls between the two machines. I do this for our Lotus Notes installation but extracting from LDAP.

    If you want to split the domain traffic then just use transport files, so in /etc/postfix/transport setup something like :-

    Code:
    domain1.com                     smtp:normalmail.domain.com
    .domain1.com                    smtp:normalmail.domain.com
    domain2.com                     smtp:zimbramail.domain.com
    .domain2.com                    smtp:zimbramail.domain.com
    Hope this helps ?
    Last edited by uxbod; 03-20-2008 at 08:56 AM.

  3. #3
    brian is offline Project Contributor
    Join Date
    Jul 2006
    Posts
    623
    Rep Power
    9

    Default

    I wouldn't bother with getting the list of zimbra users to the frontend mta. That's a nightmare to maintain for a sight with any level of turn over. Instead I'd simply remove the frontend mta from the list of trusted mtas on the zimbra side and you can process spam with the zimbra mta.
    Bugzilla - Wiki - Downloads - Before posting... Search!

  4. #4
    dagobert is offline Junior Member
    Join Date
    Mar 2008
    Posts
    5
    Rep Power
    7

    Default

    It is not that much about scanning mails to detect spam. It ist more about pre-queue anti spam.

    To prevent the spam the postfix would use policyd and of cause the user table. without the user table zimbra would bounce mail to my postfix and i have to deal with that. This is not a good way.

    @uxbod: Thanx for your help. The zmprov command dows not extract the "alias accounts".

    Keeping the network calls low ist pretty good, but your way i would need to sync the file at least about every 10 to 15 minutes. With all the overhead to configure a secure way to copy the file, i might better stick to a ldap query.
    Activating my rusty postfix knowledge i would translate your transport map as: mail for domain.com will be sent via smtp to the server normalmail.domain.com

    For the outgoing direction i would need to configure the postfix server as smarthost for all zimbraMTAs, don't i?

  5. #5
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,016
    Rep Power
    24

    Default

    Quote Originally Posted by dagobert View Post
    For the outgoing direction i would need to configure the postfix server as smarthost for all zimbraMTAs, don't i?
    You could if you wanted to validate outgoing mail aswell, or the Zimbra MTAs could either send to a upstream smarthost of straight out to the Internet. The choice is yours.

  6. #6
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,016
    Rep Power
    24

    Default

    Quote Originally Posted by brian View Post
    I wouldn't bother with getting the list of zimbra users to the frontend mta. That's a nightmare to maintain for a sight with any level of turn over. Instead I'd simply remove the frontend mta from the list of trusted mtas on the zimbra side and you can process spam with the zimbra mta.
    Out of the box Zimbra only has a number of SPAM defences in its arsenal, and I appreciated that you could bolster it by reading Improving Anti-spam system - Zimbra :: Wiki

    Though using a front-end MTA to pre-filter does make the maintenance of Zimbra a lot easier in respect to ensuring when a upgrade takes place all your modifications are carried across. I personally prefer this approach as I can have multiple MTAs serving my domains, and feeding into a select number of ZM servers.

  7. #7
    dagobert is offline Junior Member
    Join Date
    Mar 2008
    Posts
    5
    Rep Power
    7

    Default

    Hi,

    sorry for my late response. I searched alot and found everything on handling emails of a domain which zimbra thinks as local but does not have registered.
    So it sends it to a relay.
    Thats all fine.

    Now my Problem is more on the postfix side and probably not the right place for this forum. Still i will ask.

    On the primary MTA (postfix) in this scenario i need to decide for every single email address to which imap or relay MTA it will be delivered.

    Example:

    a@mydomain.com -> (relay to) -> Zimbra MTA
    b@mydomain.com -> (relay to) -> other MTA
    c@mydomain.com -> to internal IMAP

    I hope someone might help me.
    Thanks in advance.

  8. #8
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,016
    Rep Power
    24

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Daily mail report always reports "No messages found"
    By McPringle in forum Installation
    Replies: 42
    Last Post: 06-13-2011, 08:57 AM
  2. Replies: 9
    Last Post: 03-01-2008, 08:21 PM
  3. Replies: 12
    Last Post: 02-25-2008, 07:28 PM
  4. zmtlsctl give LDAP error
    By sourcehound in forum Administrators
    Replies: 5
    Last Post: 03-11-2007, 03:48 PM
  5. FC3 Install and no zimbra ?
    By aws in forum Installation
    Replies: 10
    Last Post: 10-09-2005, 04:19 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •