Alternate SMTP port for my zimbra email server

[alogicking]

Hi,

I do not really undestand what you mean about 8025 :
- 8025 as listen port for SMTP when receiving message on your Zimbra
or
- 8025 as delivery port on a remote target server

Regards,

Actually I wanted the first option as per your comment. " 8025 as listen port for SMTP when receiving message on your Zimbra"

Is it possible?

Thanks & Regards

[JDunphy]

I followed the below URL to add SMTP port 8025 in my case by editing the file: /opt/zimbra/postfix/conf/master.cf.in
by following the old wiki: https://wiki.zimbra.com/wiki/Adding_add ... ener_ports

but when I restart the MTA by the given command (zmmtactl restart), the changes gets reverted back to original values.

It sounds like you created a new master.cf.in at /opt/zimbra/postfix/conf/master.cf.in given your comments above. I am not running 8.8+ but it probably is the same. That /opt/zimbra/postfix/conf/master.cf.in was from a few releases ago if memory serves so look in /opt/zimbra/common/conf for your master.cf.in file.

[alogicking]

I followed the below URL to add SMTP port 8025 in my case by editing the file: /opt/zimbra/postfix/conf/master.cf.in
by following the old wiki: https://wiki.zimbra.com/wiki/Adding_add ... ener_ports

but when I restart the MTA by the given command (zmmtactl restart), the changes gets reverted back to original values.

It sounds like you created a new master.cf.in at /opt/zimbra/postfix/conf/master.cf.in given your comments above. I am not running 8.8+ but it probably is the same. That /opt/zimbra/postfix/conf/master.cf.in was from a few releases ago if memory serves so look in /opt/zimbra/common/conf for your master.cf.in file.

Hi JDunphy,

Sorry it was my bad in typing. I took the wrong path while posting to the forum but actual file I was modifying was

Code: Select all

[root@mail1 ~]# vim /opt/zimbra/common/conf/master.cf.in

which was getting reverted to original after

Code: Select all

[root@mail1 ~]$ zmmtactl stop && zmmtactl start

As per the old archived wiki, below changes in master.cf.in file should resolve my issue

Code: Select all

#
# Postfix master process configuration file.  For details on the format
# of the file, see the Postfix master(5) manual page.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       n       -       1       postscreen
8025      inet  n       -       n       -       -       smtpd

But the problem is in the version I have installed the changes need to be applied in ldap using command: zmprov to make permanent changes.

I need the command syntax for the same. I hope I am clear in explaining.

Regards

[DualBoot]

Yes it is possible but you need to add a new custom listener in the master.cf.in .

[JDunphy]

Code: Select all

#
# Postfix master process configuration file.  For details on the format
# of the file, see the Postfix master(5) manual page.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       n       -       1       postscreen
8025      inet  n       -       n       -       -       smtpd

But the problem is in the version I have installed the changes need to be applied in ldap using command: zmprov to make permanent changes.

I need the command syntax for the same. I hope I am clear in explaining.

Regards

I am having different results here. Just yank the smtp line above and replace it with 8025... Yes it will still say postscreen even if you are not using it. If you really want smtpd, then you need to add the -o options that are required.

Observe.

Code: Select all

[zimbra@tmail ~]$ vi /opt/zimbra/common/conf/master.cf.in
[zimbra@tmail ~]$ grep 8025 /opt/zimbra/common/conf/master.cf.in
8025      inet  n       -       n       -       1       postscreen
[zimbra@tmail ~]$ netstat -na |grep LISTEN |grep 8025
[zimbra@tmail ~]$ zmmtactl restart
Rewriting configuration files...done.
Stopping saslauthd...done.
Starting saslauthd...done.
/postfix-script: refreshing the Postfix mail system
[zimbra@tmail ~]$ netstat -na |grep LISTEN |grep 8025
tcp        0      0 0.0.0.0:8025                0.0.0.0:*                   LISTEN     

Not sure why you claim it is being reset. Perhaps double check like I did above to verify if you have a socket in listen on port 8025.

I also did it exactly like you have it above.

Code: Select all

[zimbra@tmail ~]$ vi /opt/zimbra/common/conf/master.cf.in
[zimbra@tmail ~]$ grep 8025 /opt/zimbra/common/conf/master.cf.in
8025      inet  n       -       n       -       1       smtpd
[zimbra@tmail ~]$  zmmtactl restart
Rewriting configuration files...done.
Stopping saslauthd...done.
Starting saslauthd...done.
/postfix-script: refreshing the Postfix mail system
[zimbra@tmail ~]$ netstat -na |grep LISTEN |grep 8025
tcp        0      0 0.0.0.0:8025                0.0.0.0:*                   LISTEN      

Again without issue. Finally resetting it back to nothing.

Code: Select all

[zimbra@tmail ~]$ !vi
vi /opt/zimbra/common/conf/master.cf.in
[zimbra@tmail ~]$ grep 8025 /opt/zimbra/common/conf/master.cf.in
[zimbra@tmail ~]$ netstat -na |grep LISTEN |grep 8025
tcp        0      0 0.0.0.0:8025                0.0.0.0:*                   LISTEN      
[zimbra@tmail ~]$  zmmtactl restart
Rewriting configuration files...done.
Stopping saslauthd...done.
Starting saslauthd...done.
/postfix-script: refreshing the Postfix mail system
[zimbra@tmail ~]$ netstat -na |grep LISTEN |grep 8025
[zimbra@tmail ~]$

Very confusing why you are having different results... Perhaps provide the netstat output so we could see. If you think it is being reset because it doesn't work... well that is a different problem and don't forget your FW. BTW, I don't know of any ldap variable that would hold what you are asking to do. You could do this and look for something if you believe otherwise.

Code: Select all

#list all ldap entries
zmprov gs `zmhostname` > /tmp/zmprov.out
#list all zmlocalconfig
zmlocalconfig -q -m export > /tmp/zmlocalconfig.out

[alogicking]

Hi JDunphy,

Thanks for the detail explanation. Not sure where I was making the mistake last time but I rechecked and did all again and now after saving the file and restarting the service, the setting is not getting reverted and is working.

Code: Select all

[root@mail1 ~]#  netstat -na |grep LISTEN |grep 8025
tcp        0      0 0.0.0.0:8025            0.0.0.0:*               LISTEN 

Now when I try sending email from the email client using outgoing SMTP port as 8025, I get the error as None of the authentication methods supported by this client are supported by your server.

On checking I find that the SMTP SASL Security is as below :
zimbraMtaSmtpSaslSecurityOptions: noplaintext,noanonymous

I want to allow plaintext password authentication only on this port 8025. Is it possible?

Thanks and Regards

[JDunphy]

Take a look at how port 587 works ... ie. submission entry in your master file. Pay special attention to smtpd_client_restrictions and smtpd_sasl_auth_enable ... If you trust the ip space, you could do it that way also. No open relays please.

[alogicking]

Take a look at how port 587 works ... ie. submission entry in your master file. Pay special attention to smtpd_client_restrictions and smtpd_sasl_auth_enable ... If you trust the ip space, you could do it that way also. No open relays please.

Hi JDunphy,

Thanks for you reply.

I don't want to trust the IP and provide full access to all from that IP but have at-least plain text authentication.

below are the current submission entry in /opt/zimbra/common/conf/master.cf.in file, which is the default one.

Code: Select all

submission inet n      -       n       -       -       smtpd
%%uncomment SERVICE:opendkim%%  -o content_filter=scan:[%%zimbraLocalBindAddress%%]:10030
    -o smtpd_etrn_restrictions=reject
    -o smtpd_sasl_auth_enable=%%zimbraMtaSaslAuthEnable%%
    -o smtpd_tls_security_level=%%zimbraMtaTlsSecurityLevel%%
%%uncomment LOCAL:postfix_submission_smtpd_tls_key_file%%   -o smtpd_tls_key_file=@@postfix_submission_smtpd_tls_key_file@@
%%uncomment LOCAL:postfix_submission_smtpd_tls_cert_file%%  -o smtpd_tls_cert_file=@@postfix_submission_smtpd_tls_cert_file@@
    -o smtpd_client_restrictions=permit_sasl_authenticated,reject

I wanted the submission port to be the way as it is, but wanted to allow plain text authentication only for port 8025. Do i still need to modify the "submission" block? Do I need to make changes from smtp_sasl_security_options = noplaintext,noanonymous to
smtp_sasl_security_options = noanonymous

I assume with the below command the changes will be for globally right :

Code: Select all

zmprov ms `zmhostname` zimbraMtaSmtpSaslSecurityOptions noanonymous

Thanks & Regards

[JDunphy]

I wanted the submission port to be the way as it is, but wanted to allow plain text authentication only for port 8025. Do i still need to modify the "submission" block?

I was not recommending you change the submission block but to look at it for possible items to include with your custom port 8025 service.

Do I need to make changes from smtp_sasl_security_options = noplaintext,noanonymous to
smtp_sasl_security_options = noanonymous

Yes. We don't use this feature but sounds right.

I assume with the below command the changes will be for globally right :

Code: Select all

zmprov ms `zmhostname` zimbraMtaSmtpSaslSecurityOptions noanonymous

Yes. Look inside /opt/zimbra/conf/zmconfigd.cf to see what it maps to... in this case... smtp_sasl_security_options

[alogicking]

Somehow I could not make it work to enable plain text authentication only for port 8025

I tried adding the below lines master.cf.in but it did not helped in plain text authentication.

Code: Select all

8025      inet  n       -       n       -       1       postscreen
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_tls_security_level=none
    -o smtpd_client_restrictions=permit_sasl_authenticated,reject

Any suggestion would be appreciated.

Thanks and Regards