Zimbra doesn't send mail via smtp relay anmore

postfix smtp zimbra email-server
6,749

As others pointed out your SMTP relay has probably changed something. Looks like they chagned their advertised authentication mechanisms.

I don't know if swaks tells you which authentication mechanism it used in it's output, but you could try specifying an auth-type and see if you get through.

The parameter for digest-md5 would be:

swaks -s smtp.strato.de -tls -p 587 -f [email protected] -t [email protected] -a digest-md5 -au [email protected] -ap xxxxxx

See swaks man page for other auth-types (like SCRAM-SHA1).

In the Zimbra main.cf you can specify the auth-type by setting the following parameter (which is empty in your config):

smtp_sasl_mechanism_filter = digest-md5

If that doesn't help, maybe you are missing a package on your system.

Share:
6,749

Related videos on Youtube

Broco
Author by

Broco

System administrator and web-developer. Kind of a jack of all trades for a company specialized in work safety and environmental protection.

Updated on September 18, 2022

Comments

  • Broco
    Broco almost 2 years

    our Zimbra-Server isn't working for outgoing external mail since yesterday. Friday I installed some updates (for shell shock and Kernel updates), restarted and it worked fine. But since yesterday sending mail to external recipients stopped working. Internal mail (which doesn't use the relay-MTA) works.

    Since I didn't change any settings I checked the remote server (Strato) with swaks and it worked: swaks -s smtp.strato.de -tls -p 587 -f [email protected] -t [email protected] -a -au [email protected] -ap xxxxxx

    The same credentials as listed with -au and -ap are listed in /opt/zimbra/conf/relay_password

    When sending a mail via Zimbra I get the following from /var/log/zimbra.log:

    Oct 2 09:00:10 server postfix/smtp[8144]: 3952465A24A: to=<[email protected]>, relay=smtp.strato.de[81.169.145.133]:587, delay=0.55, delays=0.27/0.01/0.26/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.strato.de[81.169.145.133]: bad protocol / cancel)

    Zimbra main.cf

    mail_owner = postfix
bounce_notice_recipient = postmaster
content_filter = smtp-amavis:[127.0.0.1]:10024
smtp_sasl_security_options = noanonymous
relayhost = smtp.strato.de:587
virtual_alias_expansion_limit = 10000
smtpd_sasl_authenticated_header = no
smtp_helo_name = $myhostname
broken_sasl_auth_clients = yes
minimal_backoff_time = 300s
sender_canonical_maps = proxy:ldap:/opt/zimbra/conf/ldap-scm.cf
always_add_missing_headers = yes
smtpd_tls_key_file = /opt/zimbra/conf/smtpd.key
smtpd_helo_required = yes
virtual_transport = error
sendmail_path = /opt/zimbra/postfix/sbin/sendmail
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_mynetworks, reject_unlisted_recipient, reject_non_fqdn_sender, permit
smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_reject_unlisted_recipient = no
bounce_queue_lifetime = 5d
smtp_sasl_mechanism_filter = 
local_header_rewrite_clients = permit_mynetworks,permit_sasl_authenticated
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_milters = 
smtpd_tls_security_level = may
smtpd_sender_restrictions = check_sender_access regexp:/opt/zimbra/postfix/conf/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, permit_tls_clientcerts, check_sender_access regexp:/opt/zimbra/postfix/conf/tag_as_foreign.re
lmtp_host_lookup = dns
delay_warning_time = 0h
header_checks = 
queue_run_delay = 300s
virtual_mailbox_maps = proxy:ldap:/opt/zimbra/conf/ldap-vmm.cf
notify_classes = resource,software
command_directory = /opt/zimbra/postfix/sbin
smtpd_client_restrictions = reject_unauth_pipelining
smtpd_tls_auth_only = yes
virtual_alias_maps = proxy:ldap:/opt/zimbra/conf/ldap-vam.cf
mailq_path = /opt/zimbra/postfix/sbin/mailq
smtpd_banner = $myhostname ESMTP $mail_name
mynetworks = 127.0.0.0/8 192.168.117.0/24 [::1]/128 [fe80::]/64
lmtp_connection_cache_time_limit = 4s
transport_maps = proxy:ldap:/opt/zimbra/conf/ldap-transport.cf
virtual_alias_domains = proxy:ldap:/opt/zimbra/conf/ldap-vad.cf
smtpd_sasl_auth_enable = yes
smtpd_tls_loglevel = 1
maximal_backoff_time = 4000s
virtual_mailbox_domains = proxy:ldap:/opt/zimbra/conf/ldap-vmd.cf
inet_protocols = ipv4
non_smtpd_milters = 
daemon_directory = /opt/zimbra/postfix/libexec
smtp_tls_security_level = 
alias_maps = hash:/etc/aliases
setgid_group = postdrop
smtp_cname_overrides_servername = no
mydestination = localhost
smtpd_end_of_data_restrictions = 
import_environment = 
myhostname = mail.example.com
message_size_limit = 1048576000
recipient_delimiter = 
in_flow_delay = 1s
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
queue_directory = /opt/zimbra/data/postfix/spool
propagate_unmatched_extensions = canonical
manpage_directory = /opt/zimbra/postfix/man
smtp_fallback_relay = 
smtpd_tls_cert_file = /opt/zimbra/conf/smtpd.crt
smtp_sasl_password_maps = hash:/opt/zimbra/conf/relay_password
lmtp_connection_cache_destinations = 
newaliases_path = /opt/zimbra/postfix/sbin/newaliases
smtp_sasl_auth_enable = yes
mailbox_size_limit = 0
disable_dns_lookups = no

    It's Zimbra 8.04. Any hints?

    Edit: With higher loglevel after sending a Mail this is what I get from zimbra.log:

    Oct  2 09:26:51 server postfix/smtp[21000]: warning: SASL authentication failure: ServerSignature expected in SCRAM-SHA-1 input
    • Jenny D
      Jenny D over 9 years
      Were any changes made on the remote server around that time? Could you get hold of the matching logs from that side?
    • Broco
      Broco over 9 years
      No, the remote server is hosted by a big service provider in Germany, the only logs I can get are those from our server. Since swaks says that the sasl authentication works I guess it's something on our side but we didn't change any settings...
    • Jenny D
      Jenny D over 9 years
      It would appear that the service provider has changed something. You need to contact their support center. Also, when you run swaks, you need to make sure you're using the same kind of authentication as your zimbra installation is using (in this case, SCRAM-SHA-1), or the result will be inconclusive. And the config you posted shows how your server handles incoming connections, not how it works when it acts as a client.
    • Broco
      Broco over 9 years
      You are right, they set up scram-sha-1 to default. I fixed it using zmlocalconfig -e postfix_smtp_sasl_mechanism_filter=plain,login
  • Broco
    Broco over 9 years
    Yep, they changed it, that was the problem. Fixed it using zmlocalconfig -e postfix_smtp_sasl_mechanism_filter=plain,login

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Mail not relaying in postfix
How to fix 'Relay Access Denied'
Settings to change to allow PostFix to accept outgoing mail from authenticated users
Reverse proxy for mailserver (SMTP + HTTP for web client)
What should I set in postfix's myhostname / mydestination?
POSTFIX cant connect from SMTP with TLS
How to stop or prevent Postfix / smtpd / Sasl brute forcing
Postfix and access restrictions for unknown clients
Relay access denied (in reply to RCPT TO command) Postfix Issue
postfix multiple IP SMTP banner