Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Migration

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 05-10-2009, 05:57 PM
Senior Member
 
Posts: 57
Default [SOLVED] Domain rejects

Ok, I have a lot of experience with sendmail, but the postfix/zimbra mta is all new to me. We have a mailfoundry appliance, and I've disabled anti-spam/anti-virus on the zimbra service (for load reasons). The mailfoundry auto-learns what domain to forward to smtp destination IP's that I specify for it, this worked fine with sendmail, however my zimbra/postfix is apparently not responding properly when the mailfoundry ask it if it host the domain, it appears to the mailfoundry that zimbra accepts the domain. The mailfoundry then adds the domain automatically to the smtp host, this is bad. Is there any way to change this behavior, so Zimbra only accepts mail for domains it actually host?
Reply With Quote
  #2 (permalink)  
Old 05-11-2009, 12:58 AM
Moderator
 
Posts: 7,911
Default

By default ZCS will reject email for non-deliverable mail addresses. So, I reckon the issue is that your ZimbraMtaMyNetworks - Zimbra :: Wiki is allowing the invalid domain as a relayed one.
__________________
Reply With Quote
  #3 (permalink)  
Old 05-11-2009, 02:20 PM
Senior Member
 
Posts: 57
Default

Nope, that's not the case. What else could be causing Zimbra to think it host domains that it doesn't? It is rejecting plenty of mail.

zmprov getServer nfs.tc3net.com | grep zimbraMtaMyNetworks
zimbraMtaMyNetworks: 127.0.0.0/8 10.40.40.0/24 64.112.192.0/26 10.20.20.0/24 64.112.192.0/19
Reply With Quote
  #4 (permalink)  
Old 05-18-2009, 09:08 AM
Senior Member
 
Posts: 57
Default

Any help on this? I just got word back from the vendor of my mail appliance, they say the following.

"Make sure that your mail server is only accepting domains that it actually controls. One thing that can cause this behavior is if the mail server is setup in to trusting of a mode for other servers on its network and since the mailfoundry is on its network it may just be assuming anything attempted from the appliance should be valid and accepting it. I am not sure where that kind of setting would be on your mail server but I have seen this behavior before and it typically is just a minor permission change thats needed.

Auto domains will work correctly with any server that will give a correct 250 OK for domains it actually controls and a 550 denied for domains it does not. "

I do have the device set up as the zimbraDNSCheckHostname and zimbraMtaRelayHost, and it is also included in the networks I have specified for relay. With my previous sendmail system it was also part of an allowed relay network, it was also specified as a smarthost, and all my local domains were specified in sendmail.cw, I think I just need to figure out how all this works in postfix.

EDIT: Pretty much what you said UxBod, but I'm not sure how my previous sendmail setups worked fine when the mailfoundry was allowed to relay.

Last edited by drwho18; 05-18-2009 at 10:03 AM..
Reply With Quote
  #5 (permalink)  
Old 05-18-2009, 11:41 AM
Senior Member
 
Posts: 57
Default

Ok, I did some awkward subnetting with mynetworks to exclude the Mailfoundry MX device from being able to relay, and that appears to have resolved the Domain discovery issue between it and Zimbra.
Reply With Quote
  #6 (permalink)  
Old 05-18-2009, 12:47 PM
Moderator
 
Posts: 7,911
Default

Cool At least it keeps your networking hand in Glad it is okay now though.

On a serious note can your front-end MTA now perform LDAP lookups ?
__________________
Reply With Quote
  #7 (permalink)  
Old 05-18-2009, 03:53 PM
Senior Member
 
Posts: 57
Default

I've not tried, the mailfoundry has an Exchange plugin feature which also says it does LDAP lookups, but I'm not familiar enough with the zimbra schema to know if it's a generic enough lookup to work. It does work with Exchange server customers that we have fine.

A typical Auth DN for Active Directory might look like CN=Auth E. User,CN=Users,DC=winserver,DC=mailfoundry,DC=com . A typical Search Base for Active Directory could be CN=Users,DC=winserver,DC=mailfoundry,DC=com.

Although I did a test with a valid address and it said it was successful, and it said an invalid one was invalid. It only works for my main Domain though, none of the aliased ones seem to work.

Last edited by drwho18; 05-18-2009 at 04:01 PM..
Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


Similar Threads

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com




 

SEO by vBSEO ©2011, Crawlability, Inc.