Outgoing SMTP authentication on Zimbra 8

Yesterday we brought our Zimbra 8.0 install online. All outgoing mail should be relayed through our relay server, but as authentication settings are not available through the web interface and all configuration info found on Google, including the Zimbra wiki is wrong (at least for version 8), here’s my doc on it.

Set the relay host in the admin console (Configure > Global Settings > MTA) to point to your outgoing mail server. You may have to set the port as well if it’s not 25 (mine’s 587). The examples below will configure relay using mailrelay.example.com.

Run these commands as the zimbra user:

echo mailrelay.example.com username:password > /opt/zimbra/conf/relay_password
postmap hash:/opt/zimbra/conf/relay_password

Here’s where it gets interesting. If you follow the older documentation and use postconf to set the settings, they are not saved in the configuration. Or sometimes they are, but then they disappear almost immediately. They get overwritten by Zimbra’s internal configuration; this was most likely not the case in older versions as it worked fine on our older Zimbra 6.0 system. Instead, you can configure these settings through the zmlocalconfig command, prefixing the fields by “postfix_”.

zmlocalconfig -e postfix_smtp_sasl_password_maps=hash:/opt/zimbra/conf/relay_password
zmlocalconfig -e postfix_smtp_sasl_auth_enable=yes
zmlocalconfig -e postfix_smtp_use_tls=yes

In case of only PLAIN login support on your relay, disable Postfix’s restrictions on this:

zmlocalconfig -e postfix_smtp_sasl_security_options=

Reload postfix (postfix reload as zimbra), and all should be well. Check /var/log/mail.log (as root) for postfix log output.

Update: I just upgraded to 8.0.6 and relaying broke. Apparently postfix_smtp_use_tls has no effect anymore. What got it to work again was:

zmlocalconfig -e postfix_smtp_tls_security_level=may

The wiki seems to have been updated with correct information by now.

Writing informative technical how-to documentation takes time, dedication and knowledge. Should my blog series have helped you in getting things working the way you want them to, or configure certain software step by step, feel free to tip me via PayPal (paypal@powersource.cx) or the Flattr button. Thanks!