SMTP Relay

[alohrer]

Saw this product a few weeks back and I've got it installed. I'm really impressed. I'm planning on releasing this into a private school that I work at. However, I have a question. Is there a way that I can setup the SMTP relay through my ISP to use some sort of authentication? I'm still learning the ropes in regards to email in the Linux world so any help is beneficial. I've got this up and running on Fedora 4. Everything else is working fine, it just sends an email back saying that my SMTP server needs authentication.

Great product and great support. Keep up the great work!!!

[KevinH]

So your getting this ero back in the post fix logs? Or at the mail client when you send?

[alohrer]

Getting it back in the message. I know I can specify and relay but there is not a way to specify a username and password in the Admin Client. Is there a way to do this elsewhere?

[KevinH]

Quote:

Originally Posted by alohrer

Getting it back in the message. I know I can specify and relay but there is not a way to specify a username and password in the Admin Client. Is there a way to do this elsewhere?

Can you post the exact error and context of the e-mail you get back.

[alohrer]

Here it is. Thanks so much for your responses. I'm off for now, I'll check back in tomorrow.

"This is the Postfix program at host mail.XXX.XXX.net.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to

If you do so, please include this problem report. You can
delete your own text from the attached returned message.




The Postfix program

: host outgoing.verizon.net[206.46.232.12] said: 550 5.7.1
Authentication Required (in reply to MAIL FROM command)"

Basically it looks like I just need a username and password to send. I'm currently using this at home while I'm testing and making sure everything works ok before it will go live. I also want to make sure I know if I can or cannot do this in case I need to have something similar where I'm deploying it.

[anand]

Haven't tested, but this should do it.

Suppose your ISP relay host is "mailrelay.example.com" and the user
name and password to use there is "user" and "password" respectively.

Enable SMTP authentication on outbound messages:

Code:

  $ postconf -e smtp_sasl_auth_enable=yes

Create a file text file mapping which name/password should be used for
which given outbound destination. This file can contain multiple
lines.

Code:

$ echo mailrelay.example.com user:password > /opt/zimbra/conf/relay_password

Create a postfix lookup table from this text file:

Code:

$ postmap /opt/zimbra/conf/relay_password

Test that the map is okay and that the user: password pair is returned.

Code:

$ postmap -q mailrelay.example.com /opt/zimbra/conf/relay_password
user:password

Make postfix use this:

Code:

$ postconf -e smtp_sasl_password_maps=hash:/opt/zimbra/conf/relay_password
$ postfix reload

reload should do it - in this case no stop/start should be needed.

Also take a look at all the other smtp_sasl config options in
postfix documentation, starting at.

http://www.postfix.org/postconf.5.ht...sl_auth_enable

Beware of smtpd_ vs smtp_ sasl options. For mail being sent out via
SMTP, you care about the latter. smtpd_sasl_* are used for mail client
authentication, and the zimbra install already sets those up.

[alohrer]

Thanks for all your help. I'll try this out tonight. It is helpful for people whose ISP requires SMTP authentication. Another question. Should I run these commands as ROOT or under ZIMBRA account?

[anand]

Quote:

Originally Posted by alohrer

Thanks for all your help. I'll try this out tonight. It is helpful for people whose ISP requires SMTP authentication. Another question. Should I run these commands as ROOT or under ZIMBRA account?

as the zimbra user. The postfix config (main.cf) is owned by the zimbra user so that user is allowed to edit it with postconf -e (or directly). There is a /etc/sudoers blessing for the zimbra user to start/stop postfix.

[alohrer]

OK. So I tried this and it did not work. I did a reload and it did not work, but when I tried to send to an outside address nothing happened. I tried start and stop and I got this:

postfix/postfix-script: warning: not owned by root: /opt/zimbra/postfix-2.2.3/conf/main.cf
postfix/postfix-script: warning: not owned by root: /opt/zimbra/postfix-2.2.3/conf/main.cf.bak
postfix/postfix-script: starting the Postfix mail system

So I added this command:

postconf -e relayhost=outgoing.****.net

Doing a tail on main.cf I get this:
content_filter = smtp-amavis:[127.0.0.1]:10024
smtpd_tls_auth_only = yes
disable_dns_lookups = no
message_size_limit = 10240000
relayhost = outgoing.*******.net
smtp_sasl_password_maps = /opt/zimbra/conf/relay_password
smtpd_sasl_auth_enable = yes

However, when I do a postfix reload I get this:

content_filter = smtp-amavis:[127.0.0.1]:10024
smtpd_tls_auth_only = yes
disable_dns_lookups = no
message_size_limit = 10240000
relayhost =
smtp_sasl_password_maps = /opt/zimbra/conf/relay_password
smtpd_sasl_auth_enable = yes

The relayhost is gone. I'm not sure what to do about this. Let me know if you have any thoughts. I'm not sure if I explained this but my thoughts we to have internal mail routed by the server and to have external mail routed through my ISP which it has to do. Let me know if this will work.

[anand]

we rewrite postfix config on startup - because we have an admin UI around some postfix config. In the case of relayhost, we definitely have that in the admin console - you should set it there, and the value will propogate to postfix main.cf (postfix stop; postfix start will also do it).

You can also set the relay host with zmprov command line utility - by setting the zimbraMtaRelayHost attribute on the server objects (or global config). That is what the admin UI does too. This value is read on postfix start and stored into postfix config.