Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

external spam server, incoming to Zimbra (blocked)

Posted on 2014-09-24
14
Medium Priority
?
1,192 Views
Last Modified: 2014-10-03
I need to install an assp server in front of a zimbra server.
The spam server is being run in transparent mode on the same lan as Zimbra which is the MTA in the DNS records.

When I try sending an email from an external network, I am getting;
'relay attempt blocked' and '530 Relaying not allowed' on assp and on the zimbra server,

Sep 24 10:15:06 uc postfix/smtpd[18211]: connect from unknown[192.168.1.60]
Sep 24 10:15:06 uc postfix/smtpd[18211]: lost connection after MAIL from unknown[192.168.1.60]
Sep 24 10:15:06 uc postfix/smtpd[18211]: disconnect from unknown[192.168.1.60]

My local and any other relay networks are configured in zimbra yet it won't allow from the above local server. I've searched quite a lot and have found nothing which gives me a solution so time to post here.

Zimbra 8.0.6
0
Comment
Question by:projects
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 5
14 Comments
 
LVL 18

Expert Comment

by:Sanga Collins
ID: 40342284
In zimbra add 192.168.1.60 to the list of IPs on your MTA trusted networks

http://wiki.zimbra.com/wiki/ZimbraMtaMyNetworks
0
 

Author Comment

by:projects
ID: 40342319
I do have the list of trusted networks but only in Configure/Servers/"myserver"/MTA/MTA trusted networks

However, I don't have anything set in Configure/Global Settings/MTA/MTA trusted networks.

Do you mean there?

I tried this also and same results.
0
 

Author Comment

by:projects
ID: 40342323
I have noticed that sometimes, changing settings in the GUI does not seem to remain set when looking on command line.

In fact, even after setting this, I went to another page, then came back and the settings are no longer there. I am not sure what command sets the global trusted networks from the command line.

$ postconf mynetworks
mynetworks = 127.0.0.0/8 192.168.0.0/16 172.16.30.0/24 10.0.0.0/8 xx.xx.xx.xx/32

I tried adding the server IP in GUI but it doesn't stay. I then tried in CLI

zmprov ms myserver zimbraMtaMyNetworks '127.0.0.0/8 192.168.0.0/16 172.16.30.0/24 10.0.0.0/8 xx.xx.xx.xx/32 192.168.1.60/32'

but that didn't work either. Not sure how to set this globally from CLI.
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 

Author Comment

by:projects
ID: 40342372
$ zmprov mcf zimbraMtaMyNetworks '127.0.0.0/8 192.168.0.0/16 172.16.30.0/24 10.0.0.0/8 192.168.1.60/32'

$ postconf mynetworks
mynetworks = 127.0.0.0/8 192.168.0.0/16 172.16.30.0/24 10.0.0.0/8 92.168.1.60/32

(Tried with an without reloading postfix)

$ postfix reload
/postfix-script: refreshing the Postfix mail system

This seems to be the way to set my networks globally but this also made no difference, the spam server was stick blocked in the same way.

In GUI, my networks still don't show up  in global settings, my trusted nets.
0
 
LVL 18

Expert Comment

by:Sanga Collins
ID: 40342420
the network 192.168.0.0/16 should take care of 192.168.1.60.

Is the 'relay attempt blocked' message appearing in the zimbra logs or only in the assp server?
0
 

Author Comment

by:projects
ID: 40342425
The relay attempt is showing on assp.
On zimbra, all I see is the connect/disconnect message.
0
 
LVL 18

Expert Comment

by:Sanga Collins
ID: 40342738
Ok then Zimbra is probably not where you issue is. The connect disconnect message is correct for when a server attempts a connection but fails to do anything after that.

I have experience with Zimbra than assp, but I am going to reach out to a colleague to find more info so we can get your email flowing again.
0
 
LVL 18

Expert Comment

by:Sanga Collins
ID: 40342752
In the assp config do you have the following

Relaying section:
Accept All Mail* (acceptAllMail): enter your ip addresses here

and

Email interface section:
Authorized Addresses* (EmailAdmins): enter your domains here for example: @domain1.com|@domain2.com etc ...
0
 

Author Comment

by:projects
ID: 40342769
acceptAllMail has all of my local and any external IP's which should be allowed.

127.0.0.1|10.|192.168.|172.16.|xx.xx.x.|x.x.x.x|x.x.x.

The second section looks as follows so I am not sure what to enter here since assp is sending TO zimbra.

Authorized Addresses* (EmailAdmins)

Mail from any of these addresses can add/remove to/from redlist, spamlovers, noprocessing, blacklist. May request an EmailBlockReport for a list of users. Accepts specific addresses (user@example.com), user parts (user) or entire domains (@example.com)
0
 

Author Comment

by:projects
ID: 40342875
The spam server is trying to send so it must be zimbra stopping it no?
0
 
LVL 18

Assisted Solution

by:Sanga Collins
Sanga Collins earned 2000 total points
ID: 40348595
Ok, lets break it down a little more. I think the first thing we need to be sure on is which server is responsible for preventing the mail flow.

When you say in the original post: " sending an email from an external network" Are you

a) sending outbound mail as a zimbra user from a computer or device that is on an external network (such as laptop or mobile)?
b) Receiving mail from and external network going to a zimbra user through the spam filter?
0
 

Accepted Solution

by:
projects earned 0 total points
ID: 40348657
The problem was that assp didn't have an updated list of allowed domains so it was blocking incoming email to the mail server since it didn't know about the allowed domains.

The allowed domains list is a list of domains which are allowed to relay, either because they exist on the local network/mail server or are simply allowed to relay for other reasons.

What I meant by "sending an email from an external network" was that email was coming from an external source, such as any other network, not something we own or have control over such as yahoo, gmail, any other domain.
0
 

Author Closing Comment

by:projects
ID: 40359024
Even though I found my own answer, your input helped so thanks.
0

Featured Post

Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
Familiarize people with the process of utilizing SQL Server views from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Access…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question