Difference between revisions of "ZimbraMtaMyNetworks"

(Clarify how to use this and add explicit examples)
Line 1: Line 1:
== Enabling Mail Submission/Relaying from Remote Networks - Relay Access Denied ==
+
= Enabling Mail Submission/Relaying from Remote Networks =
To enable this, you'll want to add the remote networks to the zimbraMtaMyNetworks attribute on the server. If this is not set, the postfix default is used.
+
 
 +
==What is the problem==
 +
The default postfix configuration allows relaying only for the local network<sup>[[Making_sure_the_LAN_interface_of_the_zimbra_server_itself_is_allowed|Note 1]]</sup>, but you can configure postfix to allow relaying unconditionally for arbitrary hosts or networks.
 +
 
 +
==When you want to do this==
 +
*You would like to allow machines that are not on the local network to send mail through the zimbra server
 +
 
 +
*You are observing "Relay Access Denied" errors in the MTA log (/var/log/zimbra.log) for hosts or subnets that you trust for relaying.
 +
 
 +
*You are observing "Relay Access Denied" errors in the MTA log (/var/log/zimbra.log) for the zimbra server itself.
 +
 
 +
==Checking the current configuration==
 +
''Note: For the examples here, we will assume the hostname of the zimbra server is "zimbra.example.com" with an IP address of 10.10.130.10.''
  
 
Get the current value from postconf:
 
Get the current value from postconf:
Line 8: Line 20:
 
  mynetworks = 127.0.0.0/8 10.10.130.0/23  
 
  mynetworks = 127.0.0.0/8 10.10.130.0/23  
  
Check for the existing value in zimbra (replace <SERVERNAME> with the zmhostname of the server):
+
This shows that postfix will relay for all machines with 10.10.130.x and 10.10.131.x IP addresses.
zmprov getServer <SERVERNAME> | grep zimbraMtaMyNetworks
 
  
Add your new network or IP (for example, 192.168.1.0/24):
+
Check next whether this is set in the server configuration in the zimbra ldap:
  zmprov modifyServer <SERVERNAME> zimbraMtaMyNetworks "127.0.0.0/8 10.10.130.0/23 192.168.1.0/24 '''''<SERVER IP>'''''"
+
  zmprov getServer zimbra.example.com | grep zimbraMtaMyNetworks
  
NOTE - make sure that the 127.0.0.0/8 network is included.  Quotes are important in the above command.<br>
+
Up until at least ZCS 4.5.5, this is unset by default; in a future release, this will probably be set. If set, this value will propagate to postconf's mynetworks when the MTA is restarted.
ALSO NOTE (''This is a BUG that should be fixed'')- You MUST include the '''''SERVER IP''''' of the server itself (eth0 or bond0) or you will not be able to
 
send outside of your own domain. It supports individual ip's, not just subnets.  
 
  
 +
==Examples==
 +
''Note: For the examples here, we will assume the hostname of the zimbra server is "zimbra.example.com" with an IP address of 10.10.130.10.''
 +
 +
''Note: Make sure that the localhost "127.0.0.0/8" network is included.''
 +
 +
====Making sure the LAN interface of the zimbra server itself is allowed====
 +
If you see lines like this one in /var/log/zimbra.log when a webmail user (for example, "user@example.com") tries to send mail (for example, to "somebody@domain.com"):
  
If you see the following error in your Outlook Connector, then you have a relay problem:
 
 
<pre>
 
<pre>
Error: This message could not be sent.
+
Jun 28 06:39:23 zimbra postfix/smtpd[31788]: NOQUEUE: reject:
 +
RCPT from zimbra.example.com[10.10.130.10]: 554 <somebody@domain.com>:
 +
Relay access denied; from=<user@example.com> to=<somebody@domain.com>
 +
proto=SMTP helo=<zimbra.example.com></pre>
 +
 
 +
You probably see this as well:
 +
 
 +
postconf mynetworks
 +
mynetworks = 127.0.0.0/8
 +
 
 +
If you want to allow all the other machines on the 10.10.130.x network to relay, configure the server like this:
 +
 
 +
zmprov modifyServer zimbra.example.com zimbraMtaMyNetworks '127.0.0.0/8 10.10.130.0/24'
 +
postfix reload
 +
 
 +
If you don't want to allow relaying for the network, but only for the zimbra server itself, configure the server like this:
 +
 
 +
zmprov modifyServer zimbra.example.com zimbraMtaMyNetworks '127.0.0.0/8 10.10.130.10/32'
 +
postfix reload
 +
 
 +
===Allowing relaying for a remote machine===
 +
 
 +
Let's say you have a single machine on a remote network (for example, an automated mailing list manager with the IP address 10.10.200.25), and the current settings look like this:
 +
 
 +
postconf mynetworks
 +
mynetworks = 127.0.0.0/8 10.10.130.0/24
 +
 
 +
Add the remote machine like this:
 +
 
 +
zmprov modifyServer zimbra.example.com zimbraMtaMyNetworks '127.0.0.0/8 10.10.130.0/24 10.10.200.25/32'
 +
postfix reload
 +
 
 +
===Allowing relaying for a remote network===
 +
 
 +
Let's say you have POP or IMAP users on a remote network (for example, 192.168.1.x, with a netmask of 255.255.255.0), and the current settings look like this:
 +
 
 +
postconf mynetworks
 +
mynetworks = 127.0.0.0/8 10.10.130.0/24
 +
 
 +
Add the remote network like this:
  
Subject: Blah blah...
+
zmprov modifyServer zimbra.example.com zimbraMtaMyNetworks '127.0.0.0/8 10.10.130.0/24 192.168.1.0/24'
 +
postfix reload
  
To: xxxx@xxxxx.com
 
  
Note: Soap Fault. Please recreate and resend the message. Details below:
+
==Additional Reading==
 +
[http://www.postfix.org/postconf.5.html#mynetworks postconf mynetworks]
  
Error Code: mail.SEND_ABORTED_ADDRESS_FAILURE
+
private networks address space - [http://en.wikipedia.org/wiki/Private_network wikipedia article], [http://www.faqs.org/rfcs/rfc1918.html RFC 1918]
  
Error Text: Invalid address: xxxx@xxxxx.com
+
[http://en.wikipedia.org/wiki/Subnetwork subnet notation]
</pre>
 

Revision as of 02:48, 29 June 2007

Enabling Mail Submission/Relaying from Remote Networks

What is the problem

The default postfix configuration allows relaying only for the local networkNote 1, but you can configure postfix to allow relaying unconditionally for arbitrary hosts or networks.

When you want to do this

  • You would like to allow machines that are not on the local network to send mail through the zimbra server
  • You are observing "Relay Access Denied" errors in the MTA log (/var/log/zimbra.log) for hosts or subnets that you trust for relaying.
  • You are observing "Relay Access Denied" errors in the MTA log (/var/log/zimbra.log) for the zimbra server itself.

Checking the current configuration

Note: For the examples here, we will assume the hostname of the zimbra server is "zimbra.example.com" with an IP address of 10.10.130.10.

Get the current value from postconf:

# su - zimbra
$ postconf mynetworks
mynetworks = 127.0.0.0/8 10.10.130.0/23 

This shows that postfix will relay for all machines with 10.10.130.x and 10.10.131.x IP addresses.

Check next whether this is set in the server configuration in the zimbra ldap:

zmprov getServer zimbra.example.com | grep zimbraMtaMyNetworks

Up until at least ZCS 4.5.5, this is unset by default; in a future release, this will probably be set. If set, this value will propagate to postconf's mynetworks when the MTA is restarted.

Examples

Note: For the examples here, we will assume the hostname of the zimbra server is "zimbra.example.com" with an IP address of 10.10.130.10.

Note: Make sure that the localhost "127.0.0.0/8" network is included.

Making sure the LAN interface of the zimbra server itself is allowed

If you see lines like this one in /var/log/zimbra.log when a webmail user (for example, "user@example.com") tries to send mail (for example, to "somebody@domain.com"):

Jun 28 06:39:23 zimbra postfix/smtpd[31788]: NOQUEUE: reject: 
RCPT from zimbra.example.com[10.10.130.10]: 554 <somebody@domain.com>: 
Relay access denied; from=<user@example.com> to=<somebody@domain.com> 
proto=SMTP helo=<zimbra.example.com>

You probably see this as well:

postconf mynetworks
mynetworks = 127.0.0.0/8

If you want to allow all the other machines on the 10.10.130.x network to relay, configure the server like this:

zmprov modifyServer zimbra.example.com zimbraMtaMyNetworks '127.0.0.0/8 10.10.130.0/24'
postfix reload

If you don't want to allow relaying for the network, but only for the zimbra server itself, configure the server like this:

zmprov modifyServer zimbra.example.com zimbraMtaMyNetworks '127.0.0.0/8 10.10.130.10/32'
postfix reload

Allowing relaying for a remote machine

Let's say you have a single machine on a remote network (for example, an automated mailing list manager with the IP address 10.10.200.25), and the current settings look like this:

postconf mynetworks
mynetworks = 127.0.0.0/8 10.10.130.0/24

Add the remote machine like this:

zmprov modifyServer zimbra.example.com zimbraMtaMyNetworks '127.0.0.0/8 10.10.130.0/24 10.10.200.25/32'
postfix reload

Allowing relaying for a remote network

Let's say you have POP or IMAP users on a remote network (for example, 192.168.1.x, with a netmask of 255.255.255.0), and the current settings look like this:

postconf mynetworks
mynetworks = 127.0.0.0/8 10.10.130.0/24

Add the remote network like this:

zmprov modifyServer zimbra.example.com zimbraMtaMyNetworks '127.0.0.0/8 10.10.130.0/24 192.168.1.0/24'
postfix reload


Additional Reading

postconf mynetworks

private networks address space - wikipedia article, RFC 1918

subnet notation

Jump to: navigation, search