Relaying Local zimbra mails to external server

[zim_love]

I have setup zimbra and it relays external mail properly.

But the issue is as follows:
If zimbra user user1@zimbra.example.com sends to
another zimbra account, say to user2@zimbra.example.com,
I want it to route via the external server say mail.example1.com for some processing (encryption etc.) which will then route it back to the zimbra user user2@zimbra.example.com. Unfortunately, it does local delivery of all existing zimbra accounts without using the relay mta.

I tried to do as explained below, but it relays only non-local mails.
Transport Table for external servers - Zimbra :: Wiki

I also came across this posts, but it seems that they could not get it solved.
[SOLVED] How can I relay ALL mails (even internal ones)
split domain and sole use of mta relay

Could anybody please help me out with this?
I am using ZCS5.0.10 on CentOS.

Thank you very much in advance.

[uxbod]

Welcome to the forums

Unfortunately I do not believe that is possible as Postfix will believe it is authoritative for those users. If running split you can use zimbraMailTransport to redirect mail to a different server; but that is not what you are trying to achieve. If you were able to install the crypting on the Zimbra server you could you a Postfix policy to encrypt it prior to delivery.

[zim_love]

Thank you very much for your quick reply.

**If running split you can use zimbraMailTransport to redirect mail to a different server**
Did you mean, by using a split, we can redirect mails to an external server(non-zimbra) or does it have to be a zimbra server?

Is there a way out by changing the amavisd-new or postfix config files?

What if the users having zimbra account use a mail client like outlook, thunderbird etc? Will it be possible to route the mails from the external server to user2@zimbra.example.com?

[jocx]

I've found nothing straight forward with zimbra configs to achieve
this.

I believe a workable solution, which would require some
extra maintenance work after zimbra upgrades,
would be to try using outward vectoring with
postfix's content_filter. As to the maintenance work,
from some other postings...
"Zimbra regenerates main.cf. If you want to persistently
change the postfix config, I believe you need to edit
/opt/zimbra/conf/zmmta.cf instead and add/change a POSTCONF line."

Look at "External Email Clients Setting A SMTP Server"
of Ajcody-MTA-Postfix-Topics - Zimbra :: Wiki

Also, look around on postfix sites for content filter guidance.

I'll be interested to learn of your success. Would be nice if
zimbra had this straightforwardly configurable.

thanks
John

[zim_love]

Thank you jocx for the detailed explanation.
I was thinking on the same lines, but wasn't sure how to.
I will try it out and post back after resolving it.

If anybody else have come across a similar problem, you are welcome to update this post.

[uxbod]

Setting zimbraSmtpHostname should work; just remember that you encryption server should send the email back to your Zimbra server using LMTP on port 7025 or you will end up with a mail loop.

[zim_love]

Hi All,
Thank you for your valuable information.

I managed to redirect local mails to external smtp and back to local mailbox by doing the following:

Consider this example which uses the FILTER settings:

change the main.cf file of postfix
# note that permit_mynetworks only checks for key presence and ignores rhs
mynetworks = cidr:/etc/postfix/mynetworks-filter.cidr

smtpd_recipient_restrictions =
reject_unauth_pipelining, reject_non_fqdn_recipient, reject_non_fqdn_sender,
reject_unknown_recipient_domain, reject_unknown_sender_domain,
check_client_access cidr:/etc/postfix/mynetworks-filter.cidr,
permit_mynetworks,
permit_sasl_authenticated, permit_tls_clientcerts,
reject_unauth_destination,
check_sender_access regexp:/etc/postfix/filter-catchall.regexp

The check_client_access cidr:/etc/postfix/mynetworks-filter.cidr preceeds the permit_mynetworks (which uses the same cidr table, but ignores the righthand side), and it serves to override the global content_filter setting by the use of FILTER for each of the networks (presumably internal) listed in mynetworks-filter.cidr.

/etc/postfix/mynetworks-filter.cidr :

127.0.0.0/8 FILTER smtp:[202.x.x.x]:25
192.168.0.0/16 FILTER smtp:[202.x.x.x]:25


Note:This is not yet fully tested for all cases, but it serves the purpose. I also need to restrict certain domains/IP from sending mail to the external server. I guess it should work fine. Got to also check the mail path and security.
Resource: amavisd-new documentation bits and pieces

[exmnick]

I am trying to configure this so we can force all emails to be routed externally through a smarthost, and then any local domains will be routed back inbound and delivered locally. We have a solution we're trying to implement, and in order for it to work we need to route ALL inbound emails out to the internet and back in so we can split the emails to two different locations.

Any additional assistance anyone can provide on this setup? I have gone through these instructions so far with no luck.

[zim_love]

Hi exmnick,
I have this solved. There is a little config change from my previous post.
I can route internal zimbra mails to a external smtp server and back to the local inbox. If that is what you are trying, let me post the config files for you. I am not an expert, but if it helps you, it will be great.

Change postfix files
1) main.cf
smtpd_sender_restrictions = check_sender_access hash:/opt/zimbra/postfix-2.4.7.5z/conf/filter_recipient_domains, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unlisted_recipient, reject_invalid_hostname, reject_non_fqdn_sender, check_sender_access regexp:/opt/zimbra/postfix-2.4.7.5z/conf/filter-catchall.regexp, permit

2) The contents of filter_recipient_domains file is (please put the domain names configured on your server):
domain1.org FILTER smtp:[202.xxx.xxx.xx1]
domain2.com FILTER smtp:[202.xxx.xxx.xx2]
domain3.com FILTER smtp:[202.xxx.xxx.xx1]

Please make a db by using the command (change the file path according to your setting):
postmap /opt/zimbra/postfix-2.4.7.5z/conf/filter_recipient_domains

3)The contents of filter-catchall.regexp
/^/ FILTER smtp-amavis:[127.0.0.1]:10024

4)Also make an entry of the domains in /etc/hosts
72.xx.xx1.xx2 domain1.org domain1.org
72.xx.x31.xx2 domain2.com domain2.com
72.xx.x41.xx2 domain3.com domain3.com

4) execute the command:
reload postfix

5) Test the settings by sending a mail.

Explanation is given here:
amavisd-new documentation bits and pieces

If there are any questions,please post back. If at all there is something missing I can help out if possible.
All the best!!