Zimbra servers can route outgoing emails through anti-abuse relay services such as MailChannels. This article explains how to integrate the MailChannels Outbound Filtering platform in Zimbra-Postfix

Step 1: Setup an Authenticated Smarthost Relay

1. Login to your Zimbra server via SSH as ‘root’ user. We recommend doing the following steps as zimbra user.
   Switching to zimbra user

   # su - zimbra                                                                             

2. Setting a relay host: 

   # zmprov ms `zmhostname` zimbraMtaRelayHost smtp.mailchannels.net 25                     

   zmprov=> The zmprov tool performs all provisioning tasks in Zimbra LDAP, including creating accounts, aliases, domains, distribution lists

   ms => MS is the server Provisioning Command to modify server

3. Enabling SMTP authentication: Create a text file with the username/password. Replace USERNAME with your Mailchannels Username and PASSWORD with your Mailchannels password.

   #echo smtp.mailchannels.net USERNAME:PASSWORD > /opt/zimbra/conf/relay_password                   

4. Create a postfix lookup table
   

   #postmap /opt/zimbra/conf/relay_password                                                  

5. To test that the lookup table is correct, the following command should return the USERNAME:PASSWORD
   

   # postmap -q smtp.mailchannels.net /opt/zimbra/conf/relay_password                                

6. Configure postfix to use the new password map:

   # zmprov ms `zmhostname` zimbraMtaSmtpSaslPasswordMaps lmdb:/opt/zimbra/conf/relay_password

7. Configure postfix to use SSL authentication:

   # zmprov ms `zmhostname` zimbraMtaSmtpSaslAuthEnable yes                                 

8. Configure postfix to use the outgoing server name rather than the canonical server name:

   # zmprov ms `zmhostname` zimbraMtaSmtpCnameOverridesServername no                        

9. Enable to use TLS:

   # zmprov ms `zmhostname` zimbraMtaSmtpTlsSecurityLevel may                               

10. Enable Auth User Header

    # zmlocalconfig -e postfix_smtpd_sasl_authenticated_header=yes                           

11. Enable Plaintext Authentication: 
    

    #zmprov ms `zmhostname` zimbraMtaSmtpSaslSecurityOptions noanonymous                     

12. After updating the configurations, reload the postfix

    # postfix reload                                                                         

Fixing Common Issues

Step 1: Alternate SMTP Ports

MailChannels supports connections to alternative SMTP ports for Outbound Filtering. Smarthost relays can be configured to use ports 2525, 465 or 587 should 25 be inaccessible to you for any reason.