ZimbraMtaMyNetworks: Difference between revisions

No edit summary
No edit summary
 
(9 intermediate revisions by 5 users not shown)
Line 1: Line 1:
== Enabling Mail Submission/Relaying from Remote Networks - Relay Access Denied ==
{{BC|Community Sandbox}}
To enable this, you'll want to add the remote networks to the zimbraMtaMyNetworks attribute on the server. If this is not set, the postfix default is used.
__FORCETOC__
<div class="col-md-12 ibox-content">
=ZimbraMtaMyNetworks=
{{KB|{{Unsupported}}|{{ZCS 8.0}}|{{ZCS 7.0}}|}}
{{WIP}}= Enabling Mail Submission/Relaying from Remote Networks =
 
==What is the problem==
The default postfix configuration allows relaying only for the local network<sup>[[ZimbraMtaMyNetworks#Making_sure_the_LAN_interface_of_the_zimbra_server_itself_is_allowed|Note 1]]</sup>, but you can configure postfix to allow relaying unconditionally for arbitrary hosts or networks.
 
==When you want to do this==
*You would like to allow machines that are not on the local network to send mail through the zimbra server
 
*You are observing "Relay Access Denied" errors in the MTA log (/var/log/zimbra.log) for hosts or subnets that you trust for relaying.
 
*You are observing "Relay Access Denied" errors in the MTA log (/var/log/zimbra.log) for the zimbra server itself.
 
==Checking the current configuration==
''Note: For the examples here, we will assume the hostname of the zimbra server is "zimbra.example.com" with an IP address of 10.10.130.10.''


Get the current value from postconf:
Get the current value from postconf:
Line 8: Line 25:
  mynetworks = 127.0.0.0/8 10.10.130.0/23  
  mynetworks = 127.0.0.0/8 10.10.130.0/23  


Check for the existing value in zimbra (replace <SERVERNAME> with the zmhostname of the server):
This shows that postfix will relay for all machines with 10.10.130.x and 10.10.131.x IP addresses.
zmprov getServer <SERVERNAME> | grep zimbraMtaMyNetworks


Add your new network or IP (for example, 192.168.1.0/24):
Check next whether this is set in the server configuration in the zimbra ldap:
  zmprov modifyServer <SERVERNAME> zimbraMtaMyNetworks "127.0.0.0/8 10.10.130.0/23 192.168.1.0/24 '''''<SERVER IP>'''''"
  zmprov gs zimbra.example.com zimbraMtaMyNetworks


NOTE - make sure that the 127.0.0.0/8 network is included.  Quotes are important in the above command.<br>
Up until at least ZCS 4.5.5, this is unset by default; in a future release, this will probably be set. If set, this value will propagate to postconf's mynetworks when the MTA is restarted.
ALSO NOTE (''This is a BUG that should be fixed'')- You MUST include the '''''SERVER IP''''' of the server itself (eth0 or bond0) or you will not be able to
send outside of your own domain. It supports individual ip's, not just subnets.  


==Examples==
''Note: For the examples here, we will assume the hostname of the zimbra server is "zimbra.example.com" with an IP address of 10.10.130.10.''
''Note: Make sure that the localhost "127.0.0.0/8" network is included.''
====Making sure the LAN interface of the zimbra server itself is allowed====
If you see lines like this one in /var/log/zimbra.log when a webmail user (for example, "user@example.com") tries to send mail (for example, to "somebody@domain.com"):


If you see the following error in your Outlook Connector, then you have a relay problem:
<pre>
<pre>
Error: This message could not be sent.
Jun 28 06:39:23 zimbra postfix/smtpd[31788]: NOQUEUE: reject:
RCPT from zimbra.example.com[10.10.130.10]: 554 <somebody@domain.com>:
Relay access denied; from=<user@example.com> to=<somebody@domain.com>
proto=SMTP helo=<zimbra.example.com></pre>
 
You probably see this as well:
 
postconf mynetworks
mynetworks = 127.0.0.0/8
 
If you want to allow all the other machines on the 10.10.130.x network to relay, configure the server like this:
 
zmprov ms zimbra.example.com zimbraMtaMyNetworks '127.0.0.0/8 10.10.130.0/24'
postfix reload
 
If you don't want to allow relaying for the network, but only for the zimbra server itself, configure the server like this:
 
zmprov ms zimbra.example.com zimbraMtaMyNetworks '127.0.0.0/8 10.10.130.10/32'
postfix reload
 
===Allowing relaying for a remote machine===
 
Let's say you have a single machine on a remote network (for example, an automated mailing list manager with the IP address 10.10.200.25), and the current settings look like this:
 
postconf mynetworks
mynetworks = 127.0.0.0/8 10.10.130.0/24
 
Add the remote machine like this:
 
zmprov ms zimbra.example.com zimbraMtaMyNetworks '127.0.0.0/8 10.10.130.0/24 10.10.200.25/32'
postfix reload
 
===Allowing relaying for a remote network===
 
Let's say you have POP or IMAP users on a remote network (for example, 192.168.1.x, with a netmask of 255.255.255.0), and the current settings look like this:
 
postconf mynetworks
mynetworks = 127.0.0.0/8 10.10.130.0/24
 
Add the remote network like this:
 
zmprov ms zimbra.example.com zimbraMtaMyNetworks '127.0.0.0/8 10.10.130.0/24 192.168.1.0/24'
postfix reload
 
==Possible Problems==
Make sure you specify the network properly. If you see an error like this in /var/log/zimbra.log, take a look at the subnet notation guide linked below, and compare the CIDR suffixes (/27) with the network address suffixes (.198).
 
Jul 17 20:29:12 zimbra postfix/smtpd[5092]: fatal: non-null host address bits in "10.10.130.198/27", perhaps you should use "10.10.130.192/27" instead


Subject: Blah blah...


To: xxxx@xxxxx.com
==Additional Reading==
[http://www.postfix.org/postconf.5.html#mynetworks postconf mynetworks]


Note: Soap Fault. Please recreate and resend the message. Details below:
private networks address space - [http://en.wikipedia.org/wiki/Private_network wikipedia article], [http://www.faqs.org/rfcs/rfc1918.html RFC 1918]


Error Code: mail.SEND_ABORTED_ADDRESS_FAILURE
[http://en.wikipedia.org/wiki/Subnetwork subnet notation]


Error Text: Invalid address: xxxx@xxxxx.com
{{Article Footer|Zimbra Collaboration 8.0, 7.0|04/16/2014}}
</pre>
[[Category:Troubleshooting MTA]]
[[Category:Pending Certification]]

Latest revision as of 14:45, 13 July 2015

ZimbraMtaMyNetworks

   KB 1827        Last updated on 2015-07-13  




0.00
(0 votes)

Enabling Mail Submission/Relaying from Remote Networks

What is the problem

The default postfix configuration allows relaying only for the local networkNote 1, but you can configure postfix to allow relaying unconditionally for arbitrary hosts or networks.

When you want to do this

  • You would like to allow machines that are not on the local network to send mail through the zimbra server
  • You are observing "Relay Access Denied" errors in the MTA log (/var/log/zimbra.log) for hosts or subnets that you trust for relaying.
  • You are observing "Relay Access Denied" errors in the MTA log (/var/log/zimbra.log) for the zimbra server itself.

Checking the current configuration

Note: For the examples here, we will assume the hostname of the zimbra server is "zimbra.example.com" with an IP address of 10.10.130.10.

Get the current value from postconf:

# su - zimbra
$ postconf mynetworks
mynetworks = 127.0.0.0/8 10.10.130.0/23 

This shows that postfix will relay for all machines with 10.10.130.x and 10.10.131.x IP addresses.

Check next whether this is set in the server configuration in the zimbra ldap:

zmprov gs zimbra.example.com zimbraMtaMyNetworks

Up until at least ZCS 4.5.5, this is unset by default; in a future release, this will probably be set. If set, this value will propagate to postconf's mynetworks when the MTA is restarted.

Examples

Note: For the examples here, we will assume the hostname of the zimbra server is "zimbra.example.com" with an IP address of 10.10.130.10.

Note: Make sure that the localhost "127.0.0.0/8" network is included.

Making sure the LAN interface of the zimbra server itself is allowed

If you see lines like this one in /var/log/zimbra.log when a webmail user (for example, "user@example.com") tries to send mail (for example, to "somebody@domain.com"):

Jun 28 06:39:23 zimbra postfix/smtpd[31788]: NOQUEUE: reject: 
RCPT from zimbra.example.com[10.10.130.10]: 554 <somebody@domain.com>: 
Relay access denied; from=<user@example.com> to=<somebody@domain.com> 
proto=SMTP helo=<zimbra.example.com>

You probably see this as well:

postconf mynetworks
mynetworks = 127.0.0.0/8

If you want to allow all the other machines on the 10.10.130.x network to relay, configure the server like this:

zmprov ms zimbra.example.com zimbraMtaMyNetworks '127.0.0.0/8 10.10.130.0/24'
postfix reload

If you don't want to allow relaying for the network, but only for the zimbra server itself, configure the server like this:

zmprov ms zimbra.example.com zimbraMtaMyNetworks '127.0.0.0/8 10.10.130.10/32'
postfix reload

Allowing relaying for a remote machine

Let's say you have a single machine on a remote network (for example, an automated mailing list manager with the IP address 10.10.200.25), and the current settings look like this:

postconf mynetworks
mynetworks = 127.0.0.0/8 10.10.130.0/24

Add the remote machine like this:

zmprov ms zimbra.example.com zimbraMtaMyNetworks '127.0.0.0/8 10.10.130.0/24 10.10.200.25/32'
postfix reload

Allowing relaying for a remote network

Let's say you have POP or IMAP users on a remote network (for example, 192.168.1.x, with a netmask of 255.255.255.0), and the current settings look like this:

postconf mynetworks
mynetworks = 127.0.0.0/8 10.10.130.0/24

Add the remote network like this:

zmprov ms zimbra.example.com zimbraMtaMyNetworks '127.0.0.0/8 10.10.130.0/24 192.168.1.0/24'
postfix reload

Possible Problems

Make sure you specify the network properly. If you see an error like this in /var/log/zimbra.log, take a look at the subnet notation guide linked below, and compare the CIDR suffixes (/27) with the network address suffixes (.198).

Jul 17 20:29:12 zimbra postfix/smtpd[5092]: fatal: non-null host address bits in "10.10.130.198/27", perhaps you should use "10.10.130.192/27" instead


Additional Reading

postconf mynetworks

private networks address space - wikipedia article, RFC 1918

subnet notation

Verified Against: Zimbra Collaboration 8.0, 7.0 Date Created: 04/16/2014
Article ID: https://wiki.zimbra.com/index.php?title=ZimbraMtaMyNetworks Date Modified: 2015-07-13



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search