Yesterday we brought our Zimbra 8.0 install online. All outgoing mail should be relayed through our relay server, but as authentication settings are not available through the web interface and all configuration info found on Google, including the Zimbra wiki is wrong (at least for version 8), here’s my doc on it.
Set the relay host in the admin console (Configure > Global Settings > MTA) to point to your outgoing mail server. You may have to set the port as well if it’s not 25 (mine’s 587). The examples below will configure relay using mailrelay.example.com.
Run these commands as the zimbra user:
echo mailrelay.example.com username:password > /opt/zimbra/conf/relay_password
Here’s where it gets interesting. If you follow the older documentation and use postconf to set the settings, they are not saved in the configuration. Or sometimes they are, but then they disappear almost immediately. They get overwritten by Zimbra’s internal configuration; this was most likely not the case in older versions as it worked fine on our older Zimbra 6.0 system. Instead, you can configure these settings through the zmlocalconfig command, prefixing the fields by “postfix_”.
zmlocalconfig -e postfix_smtp_sasl_password_maps=hash:/opt/zimbra/conf/relay_password
zmlocalconfig -e postfix_smtp_sasl_auth_enable=yes
zmlocalconfig -e postfix_smtp_use_tls=yes
In case of only PLAIN login support on your relay, disable Postfix’s restrictions on this:
zmlocalconfig -e postfix_smtp_sasl_security_options=
Reload postfix (postfix reload as zimbra), and all should be well. Check /var/log/mail.log (as root) for postfix log output.
Update: I just upgraded to 8.0.6 and relaying broke. Apparently postfix_smtp_use_tls has no effect anymore. What got it to work again was:
zmlocalconfig -e postfix_smtp_tls_security_level=may
The wiki seems to have been updated with correct information by now.