Outgoing SMTP authentication on Zimbra 8

Yesterday we brought our Zimbra 8.0 install online. All outgoing mail should be relayed through our relay server, but as authentication settings are not available through the web interface and all configuration info found on Google, including the Zimbra wiki is wrong (at least for version 8), here’s my doc on it.

Set the relay host in the admin console (Configure > Global Settings > MTA) to point to your outgoing mail server. You may have to set the port as well if it’s not 25 (mine’s 587). The examples below will configure relay using mailrelay.example.com.

Run these commands as the zimbra user:

echo mailrelay.example.com username:password > /opt/zimbra/conf/relay_password
postmap hash:/opt/zimbra/conf/relay_password

Here’s where it gets interesting. If you follow the older documentation and use postconf to set the settings, they are not saved in the configuration. Or sometimes they are, but then they disappear almost immediately. They get overwritten by Zimbra’s internal configuration; this was most likely not the case in older versions as it worked fine on our older Zimbra 6.0 system. Instead, you can configure these settings through the zmlocalconfig command, prefixing the fields by “postfix_”.

zmlocalconfig -e postfix_smtp_sasl_password_maps=hash:/opt/zimbra/conf/relay_password
zmlocalconfig -e postfix_smtp_sasl_auth_enable=yes
zmlocalconfig -e postfix_smtp_use_tls=yes

In case of only PLAIN login support on your relay, disable Postfix’s restrictions on this:

zmlocalconfig -e postfix_smtp_sasl_security_options=

Reload postfix (postfix reload as zimbra), and all should be well. Check /var/log/mail.log (as root) for postfix log output.

Update: I just upgraded to 8.0.6 and relaying broke. Apparently postfix_smtp_use_tls has no effect anymore. What got it to work again was:

zmlocalconfig -e postfix_smtp_tls_security_level=may

The wiki seems to have been updated with correct information by now.

Writing informative technical how-to documentation takes time, dedication and knowledge. Should my blog series have helped you in getting things working the way you want them to, or configure certain software step by step, feel free to tip me via PayPal (paypal@powersource.cx) or the Flattr button. Thanks!
  • hi,

    Good day.

    we have our dnsserver in separate location.and,we install and use zimbra 8.0.5 in our office.
    we configure with proper settings in zimbra mail server.but,when our clients mail us from outside,they got a undelivered message.
    that message shows like this…

    host in.mx2.mailhostbox.com[] said: 550-5.7.1
    Service unavailable; client [] blocked using zen.spamhaus.org
    550 5.7.1 Please see
    http://support.mailhostbox.com/email-administrators-guide/error-codes for
    explanation of the problem. (in reply to RCPT TO command)

    kindly give me a solution..

    Thank You.

    • Tom Laermans


      This totally unrelated to outgoing SMTP authentication. Anyway, it shows your clients’ mailserver is blacklisted by the spamhaus blacklist. I suggest they fix that, or failing that, you may want to whitelist their server or stop using a blacklist if you don’t understand how it works.

      Unfortunately I can’t give you any hints how to do either as I have no experience doing that with Zimbra.