Zimbra servers can route outgoing emails through anti-abuse relay services such as MailChannels. This article explains how to integrate the MailChannels Outbound Filtering platform in Zimbra-Postfix
Step 1: Setup an Authenticated Smarthost Relay
- Login to your Zimbra server via SSH as ‘root’ user. We recommend doing the following steps as zimbra user.
Switching to zimbra user# su - zimbra
- Setting a relay host:
# zmprov ms `zmhostname` zimbraMtaRelayHost smtp.mailchannels.net 25
zmprov=> The zmprov tool performs all provisioning tasks in Zimbra LDAP, including creating accounts, aliases, domains, distribution lists
ms => MS is the server Provisioning Command to modify server
- Enabling SMTP authentication: Create a text file with the username/password. Replace USERNAME with your Mailchannels Username and PASSWORD with your Mailchannels password.
#echo smtp.mailchennels.net USERNAME:PASSWORD > /opt/zimbra/conf/relay_password
- Create a postfix lookup table
#postmap /opt/zimbra/conf/relay_password
- To test that the lookup table is correct, the following command should return the USERNAME:PASSWORD
# postmap -q smtp.mailchannels.net /opt/zimbra/conf/relay_password
- Configure postfix to use the new password map:
# zmprov ms `zmhostname` zimbraMtaSmtpSaslPasswordMaps lmdb:/opt/zimbra/conf/relay_password
- Configure postfix to use SSL authentication:
# zmprov ms `zmhostname` zimbraMtaSmtpSaslAuthEnable yes
- Configure postfix to use the outgoing server name rather than the canonical server name:
# zmprov ms `zmhostname` zimbraMtaSmtpCnameOverridesServername no
- Enable to use TLS:
# zmprov ms `zmhostname` zimbraMtaSmtpTlsSecurityLevel may
- Enable Auth User Header
# zmlocalconfig -e postfix_smtpd_sasl_authenticated_header=yes
- Enable Plaintext Authentication:
#zmprov ms `zmhostname` zimbraMtaSmtpSaslSecurityOptions noanonymous
-
After updating the configurations, reload the postfix
# postfix reload
Fixing Common Issues
Step 1: Alternate SMTP Ports
MailChannels supports connections to alternative SMTP ports for Outbound Filtering. Smarthost relays can be configured to use ports 2525, 465 or 587 should 25 be inaccessible to you for any reason.
This command doesn't work : # zmprov ms `zmhostname` zimbraMtaRelayHost smtp.mailchannels.net 25
It must be : # zmprov ms `zmhostname` zimbraMtaRelayHost smtp.mailchannels.net:25