LinkBack URL
About LinkBacks
[SOLVED] SMTP AUTH/TLS Problem
Hi everyone,
I have taken a look at previous posts and the wiki for the problem I am having, but the only ones I can find are regarding authentication issues connecting to the back end LDAP server. I have just done a fresh install of Zimbra and installed commercial CA (via the admin website wizard) and everything seems to be working fine however the issue I am having is that even though "Enable authentication" and "TLS authentication only" is enabled in both the global settings and the specific MTA server (i have even checked the main.cf) when connecting and hoping to relay, postfix does not even offer up STARTTLS and the AUTH methods available and therefore relaying fails for all but local(virtual) accounts.
During my initial testing the TLS was working but all of a sudden it just "dissappeared" and I am not sure when it actually did this, there are no errors in zimbra.log or mail.log from postfix (there is actually nothing at all referencing saslauthd from postfix) apart from the relay rejection messages. As I thought it could be to do with the certs I installed our commercial ones which did not make a difference and I really don't want to have to reinstall now I have got them working as the process looks very troublesome restoring them (unless I can be told otherwise)? Can there be anything I am missing or the reason why postfix is no longer advertising SMTP AUTH even though according to the configs it should be, I am zcs-5.0.9_GA_2533 and the postfix main.cf is below:
sender_canonical_maps = proxy:ldap:/opt/zimbra/conf/ldap-scm.cf
virtual_alias_domains = proxy:ldap:/opt/zimbra/conf/ldap-vad.cf
lmtp_connection_cache_time_limit = 4s
recipient_delimiter =
smtpd_sasl_auth_enable = yes
smtpd_tls_cert_file = /opt/zimbra/conf/smtpd.crt
smtpd_tls_auth_only = yes
myhostname = mail.zomp.net
virtual_mailbox_domains = proxy:ldap:/opt/zimbra/conf/ldap-vmd.cf
mydestination = localhost
mailbox_size_limit = 0
setgid_group = postdrop
smtpd_client_restrictions = reject_unauth_pipelining
queue_run_delay = 300s
minimal_backoff_time = 300s
virtual_alias_maps = proxy:ldap:/opt/zimbra/conf/ldap-vam.cf
transport_maps = proxy:ldap:/opt/zimbra/conf/ldap-transport.cf
message_size_limit = 10240000
sendmail_path = /opt/zimbra/postfix/sbin/sendmail
broken_sasl_auth_clients = yes
lmtp_connection_cache_destinations =
alias_maps = hash:/etc/aliases
manpage_directory = /opt/zimbra/postfix/man
smtpd_helo_required = yes
in_flow_delay = 1s
daemon_directory = /opt/zimbra/postfix/libexec
maximal_backoff_time = 4000s
virtual_transport = error
mynetworks = 127.0.0.0/8
smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unlisted_recipient, reject_invalid_hostname, reject_non_fqdn_sender, permit
lmtp_host_lookup = dns
smtpd_tls_loglevel = 1
relayhost = test.example.com:25
disable_dns_lookups = yes
mail_owner = postfix
virtual_mailbox_maps = proxy:ldap:/opt/zimbra/conf/ldap-vmm.cf
content_filter = smtp-amavis:[127.0.0.1]:10024
version = 2.4.7.5z
mailq_path = /opt/zimbra/postfix/sbin/mailq
header_checks = pcre:/opt/zimbra/conf/postfix_header_checks
smtpd_use_tls = yes
queue_directory = /opt/zimbra/data/postfix/spool
newaliases_path = /opt/zimbra/postfix/sbin/newaliases
smtpd_reject_unlisted_recipient = no
smtpd_data_restrictions = reject_unauth_pipelining
local_header_rewrite_clients = permit_mynetworks,permit_sasl_authenticated
smtpd_tls_key_file = /opt/zimbra/conf/smtpd.key
command_directory = /opt/zimbra/postfix/sbin
