[SOLVED] ISP SMTP in, Relay access denied

[siyverts]

Probably has this been a question before but I can't find the answer.

- I have an public domain abc.com with an ISP hosted email server.
- I have an local Zimbra with split DNS behind a firewall, also as domain abc.com
- I relay emails out through the ISP and out ex user@abc.com, works good
- ISP also host the public DNS with a MX record pointed to the ISP's mail.
- Internal DNS has MX record pointed to local Zimbra server.

My problem is how to get my emails from the ISP's inbox to the Zimbras inbox.

I tried to forward ISP's mail user@abc.com to user@local.com.
local.com is the public IP of the FW and is routed to the internal/local Zimbra server.

I think I should let the MTA:
- Allow mail.isp.com
- translate local.com to abc.com before Zimbra gets it.

But I don't know how to do it!


zimbra.log
======

postfix/smtpd[3414]: connect from unknown[12.34.56.78]
postfix/smtpd[3414]: setting up TLS connection from unknown[12.34.56.78]
postfix/smtpd[3414]: TLS connection established from unknown[12.34.56.78]: SSLv3 with cipher DHE-RSA-AES256-SHA (256/256 bits)
postfix/smtpd[3414]: NOQUEUE: reject: RCPT from unknown[12.34.56.78]: 554 5.7.1 < user@local.com >: Relay access denied; from=< user@abc.com > to=< user@local.com > proto=ESMTP helo=< mail.isp.com >
postfix/smtpd[3414]: disconnect from unknown[12.34.56.78]


/Simon

[uxbod]

Welcome to the forums

Search the forums for fetchmail as that will do it for you

[siyverts]

Hi,

I found fetchmail but it is a POP polling thing.
I thought there may be a way of getting the SMTP thing working before I dig into fetchmail.

As I understand configuring and running fetchmail is done outside Zimbra

[uxbod]

Why not point the public MX record of your domain directly at your Zimbra server ?

[siyverts]

I did that first and it failed due to the reverse DNS lookup.
My provider of 'local.com' was unwilling to add a reverse lookup of my IP to 'abc.com' in there DNS.
Otherwise in that case I could skip the ISP's mail and run just Zimbra.

So I'm stuck with the MTA translation question now...

[uxbod]

Sorry I am a bit confused ... If you point the MX at your server then there should be not problem. Why does you need a RDNS entry if outbound email is being relayed through your ISP ?

[siyverts]

I'm no expert at all on mailservers.
Maybe I'm wrong but I got an expression that some not all
MTA checked if the RDNS host is right before transfering.

Sending an email to host abc.com 11.11.11.11 will be
be sent to SMTP host local.com 22.22.22.22 (MX record of abc.com)

RDNS for 22.22.22.22 is local.com

In this case the mail ends up at local.com insted of abc.com

If it is like this then it is simple thing to change the MX record.

/Simon

[uxbod]

As long as the sending MTA can reach your Zimbra server on port 25 then all should be good. You can test this from a external server by telneting to your public IP address on port 25 and see if your server responds. Then just point your MX record at your public IP. rDNS lookups are performed by a receiving server and not usually the sender.

[siyverts]

I added a new MX with higher priority (lower no) directed to my server.
Leaving the ISP's MX as an backup.

Works good!

/Many Thanks
Simon

[uxbod]

Great though remember one thing that as your ISP is a secondary MX they will deliver to their local mailboxes and not perform a store and forward. ie. if your server is offline they will not queue email and deliver once your mailserver is back online.