Relay mails from Zimbra to other Mail server (the same domain)

[radoslawl]

Hi,
I have some problem with configuration. I spent many hours with no success.

I set up Zimbra v 8.8 with 1 domain - mydomain.com
Than added some local accounts to Zimbra and all is working fine. (Transport for mail is lmtp:mydomain.com:7025)

Beside Zimbra, we have old mail server based on postfix with the same domain - mydomain.com

And now... when I add local account to Zimbra but transport I set to old server (Transport smtp:my_old_mail_server.com:25)
I'm, gotting error
Sender address rejected: not owned by user

According to this (what user Phoenix writes) viewtopic.php?t=37055
I specified one account in /opt/zimbra/conf/relay_password in format "IP_of_other_mail_server username:password"
where username and passord is set for account in old mail server.
postmap /opt/zimbra/conf/relay_password

Aftre this I modified Zimbra
zmprov ms mysrerver zimbraMtaSmtpSaslPasswordMaps lmdb:/opt/zimbra/conf/relay_password

I also set some other settings according to this
https://wiki.zimbra.com/wiki/Outgoing_S ... entication

smtp_sasl_auth_enable=yes
smtp_cname_overrides_servername=no
smtp_sasl_security_options = noanonymous
smtp_sasl_mechanism_filter = plain,login

What else should I set to correctly send mails to Zimbra which will relay/transport mails to my old mail server with the same domain name (using olny one account for SASL auth).

Thank you for support

[pup_seba]

Hi mate,

I think that the problem with your configuration is not authentication. I belive that your zimbra server, is the authoritative server for your domain. As that server is authoritative and you are sending a mail for a domain it is authoritative for, it tells you "that's my domain, but i have no such user".

What you need to do, is to de-authorize your zimbra server and make your postfix server your authoritative server for your domain. Then, configure your zimbra server to catchall emails, even for accounts he does not have, and create a transport for the domain to your postfix server.

Take a look at this document. https://wiki.zimbra.com/wiki/Split_Domain

Regards,

[axslingr]

Wouldn't it be easier to leave the transport settings at default and just set zimbraMTARelayHost to your Postfix server? Add the ip address of your Zimbra server to MyNetworks on Postfix server and you should be set. No authentication needed.

Lance

[radoslawl]

Thanks for replay.
My new Zimbra server will be main mail server. But I will transfer all accounts one by one to new server when I have time. Finally I will have all accounts on my new Zimbra mail server. So option to catchallemail suggested by pup_seba is to my aim.
Other proposiotion by axslingr is also not my aim.

Please help me to solve my problem.
Thanks.

[phoenix]

Read the wiki article on Split Domain.

[radoslawl]

I set up as it is on Wiki (split-domain as a primary system) but still not working.
Maybe other setting I did earlier make problems...

Do I have to set anything on old postfix mail server ?

Best Regards
Radoslaw

[radoslawl]

Hi guys,
I still have unresolved problem with relay.
Seraching the internet I found this.

https://serverfault.com/questions/63772 ... in-postfix

Is there any similar place in Zimbra where I can manage selected items like here

http://www.postfixvirtual.net/postfixconf.html

eq.
# mysql-virtual-maps.cf
user = vmailuser
password = password123
dbname = mail
query = SELECT maildir FROM postfix_users where email='%s' and postfix = 'y'


Maybe this way I will solve my problem with error "Sender address rejected: not owned by user"

It looks like zimbra is trying to find user in relay_password file which will match sender user.

Please anyone can give me helpfull hand. Thanks a lot.

[pup_seba]

Hi mate,

I've never had to use such settings myself, at least not that I have to touch them myself (maybe I did used them by means of some zimbra wrapper...).

I would review the wiki if I were you, I'm pretty sure there is something not well configured there if you just keep getting that error.

As for my understanding, SMTP protocol works in a "circuit", for which the "authoritative server" is your last server in a particular queue. When you configure a server with the "catch all" configuration, you are telling it that it can accept mails for mailboxes that it doesn't own. In that way, if you have 2 servers in your circuit, and the 1st server is configured as "catch all", but is NOT the authoritative server, it will accept the email even when it doesn't have that account. That's why you also configure a forward address for that catch all conf, which is aiming to your next server in the circuit, in your case, the server that should be configured as authoritative for that domain. In this case, this 2nd server can accept or decline the email based on if the account exists or don't in that particular server (the authoritative one).

This is something I've done many many times, and that guide was the only thing I needed to follow. The error message you are getting, makes me think that the first server in your system is the authoritative one declining the messages for the accounts it doesn't own.