Relay allowed weirdness, access denied

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
zim_mike
Outstanding Member
Outstanding Member
Posts: 330
Joined: Sat Sep 13, 2014 3:26 am

Relay allowed weirdness, access denied

Post by zim_mike »

I have a zimbra 8.8.4 sever that allows relay from a remote network.
I recently added the acme script but I'm not sure this is related.
The zimbra server doesn't allow port 25 but it does allow 587.

The zimbra server has this set, 'zimbraMtaSmtpdTlsAskCcert yes' but that's for authenticated connections, not relay if I understand. I did change it to no to test and the same problem remains.

Several servers on the remote lan are able to relay but one.
When this one sends, an old centos 6.4 server, I always see this in the zimbra logs; 554 5.7.1 Client host rejected: Access denied

On this server that is unable to send, I have the usual smart host configured in the sendmail.mc and have port 587 as well.

Based on the client server sendmail log, it seems to be an authentication / user unknown error but I'm trying to relay, it doesn't need any auth and the IP is allowed on zimbra mynetworks.

Code: Select all

to=<the@aa.bbb.com>, delay=00:00:04, mailer=local, pri=240287, dsn=5.1.1, stat=User unknown
to=<email@aa.bbb.com>, delay=00:00:04, mailer=local, pri=240287, dsn=5.1.1, stat=User unknown
STARTTLS=client, relay=mx.ccc.com., version=TLSv1/SSLv3, verify=FAIL, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256/256
to=<xx@xxx.net>, delay=00:00:05, xdelay=00:00:01, mailer=esmtp, pri=240287, relay=mx.ccc.com. [1.1.9.6], dsn=5.7.1, stat=Service unavailable
DSN: Service unavailable
to=<dd@xxx.net>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=31486, relay=mx.ccc.com. [1.1.9.6], dsn=5.7.1, stat=Service unavailable
return to sender: Service unavailable
to=root, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=32510, dsn=2.0.0, stat=Sent
I found one post where it talks about changing "smtpd_client_restrictions" and "smtpd_relay_restrictions" but I'm not sure I should touch those settings and end up breaking something else. And my file seems to be completely different.
https://www.huuphan.com/2018/12/zimbra- ... ccess.html

I've read countless posts and docs and cannot find an answer to this. Can anyone shed some light on what I should be looking for?
Post Reply