Zimbra and Proxmox Gateway

C

Christopher Coronado

New Member
May 23, 2018
9
0
1
50
Hello to everyone,

I am having trouble configuring the proxmox mail gateway to send email to a produccion zimbra server (community edition). All the outgoing mail gets relayed by proxmox but when I redirect port 25 on my firewall to the proxmox gateway I get the following error in syslog:

NOQUEUE: reject: RCPT from mail-wr0-f178.google.com[209.85.128.178]: 550 5.1.1 <ccoronado@lpt.cl>: Recipient address rejected: User unknown in local recipient table; from=<XXXX>.

I have searched everywhere to figure the basis of the error, but have been unsuccesfull. The configuration of the relay is pointing towards the zimbra server and TLS is activated on zimbra and proxmox.

Any help will be greatly appreciated.

Thank you.
 
I guess you cannot receive any Mail at all right now so to be sure:
- Is your domain in configuration --> Mail Proxy --> Relay Domains ?
- is the IP and the Port in configuration --> Mail Proxy --> Relaying correct?
- Im guessing u have "Yes (550)" activated in configuration --> Mail Proxy --> Options --> Verify Receivers --- try changing that to "Yes (450)"
That way your PMG first does nothing with an incoming Mail --> Timeout --> Then it queries the local Mail Server and checks, if the User exists. If it exists, it trys again later.
 
Hi, thanks for the reply and sorry for not answering earlier, I was prettty sick. I tried the changes suggested but with no availe, it keeps reporting the same failure, I was thinking it could be the TLS, but this didnt change the error.
 
Can you post some Logs from the Tracking Center? After you anonymised the data..

and just to be sure: Double check your Domain in Configuration --> Mail Proxy --> Relay Domains

And can you check the Zimbra logs? What does the log of the Mail Server say?
 
Jun 18 08:25:37 sanclxx postfix/smtpd[12167]: connect from mail-ua0-f170.google.com[209.85.217.170]
Jun 18 08:25:38 sanclxx postfix/smtpd[12167]: Anonymous TLS connection established from mail-ua0-f170.google.com[209.85.217.170]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Jun 18 08:25:42 sanclxx postfix/smtpd[12167]: NOQUEUE: reject: RCPT from mail-ua0-f170.google.com[209.85.217.170]: 550 5.1.1 <ccoron@sanclxx.cl>: Recipient address rejected: User unknown in local recipient table; from=<ccoronxxbrxx@gmail.com> to=<ccoron@sanclxx.cl> proto=ESMTP helo=<mail-ua0-f170.google.com>
Jun 18 08:25:42 sanclxx postfix/smtpd[12167]: disconnect from mail-ua0-f170.google.com[209.85.217.170] ehlo=2 starttls=1 mail=1 rcpt=0/1 data=0/1 quit=1 commands=5/7
 
Zimbra:
Jun 18 08:25:49 mail postfix/smtpd[33249]: connect from unknown[192.168.3.24]
Jun 18 08:25:49 mail postfix/smtpd[33249]: Anonymous TLS connection established from unknown[192.168.3.24]: TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)
Jun 18 08:25:50 mail postfix/smtpd[33249]: NOQUEUE: filter: RCPT from unknown[192.168.3.24]: <double-bounce@sanclxx.cl>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<dou$
Jun 18 08:25:50 mail postfix/smtpd[33249]: 5B1541066C36: client=unknown[192.168.3.24]
Jun 18 08:25:50 mail postfix/smtpd[33249]: disconnect from unknown[192.168.3.24] ehlo=2 starttls=1 mail=1 rcpt=1 rset=1 quit=1 commands=7
 
So your PMG tries to verify the receiver because we see this line:
Jun 18 08:25:50 mail postfix/smtpd[33249]: NOQUEUE: filter: RCPT from unknown[192.168.3.24]: <double-bounce@sanclxx.cl>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<dou$

And it seems your Zimbra Server declines the Mail because of the sender of the Mail.
Have you tried from another sending Server?

I found something like this but i never used Zimbra:
https://www.howtoforge.com/community/threads/connection-refused-by-amavisd-new.72948/
 
In your Zimbra Logs it says the Mail comes from 192.168.3.24.
I guess you need to tell Zimbra that thats your Relay and it has to take the next IP as real sender IP.
That could be the Reason for the reject.
Ive seen this on other Mail Gateways. They called it "True Source IP"
 
I just read that zimbra uses postfix. so i would check if the IP or the Subnet of your Mailgateway is listet in your mynetwork in main.cf under /etc/postfix/
I cannot really tell you if thats the common use but still worth a try.

since the ips listet in mynetwork are allowed to relay your mailgateway shouldnt have any restrictions.
 
Ok, I have done the following:
Bypass smtp-amavis using whitelisting the IP of the proxmox gateway.
Turned off TLS authentication to see if that was the problem.
Listed proxmox mail gateway as trusted.

All of these have not changed the error.
 
After whitelisting:

Jun 18 11:23:19 mail postfix/postscreen[56538]: CONNECT from [192.168.3.24]:32994 to [192.168.3.23]:25
Jun 18 11:23:19 mail postfix/postscreen[56538]: WHITELISTED [192.168.3.24]:32994
Jun 18 11:23:19 mail postfix/smtpd[56539]: connect from unknown[192.168.3.24]
Jun 18 11:23:19 mail postfix/smtpd[56539]: NOQUEUE: filter: RCPT from unknown[192.168.3.24]: <double-bounce@mail.sanclxx.cl>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<double-bounce@mail.sanclxx.cl> to=$
Jun 18 11:23:19 mail postfix/smtpd[56539]: 9C821110242B: client=unknown[192.168.3.24]
Jun 18 11:23:19 mail postfix/cleanup[56524]: 9C821110242B: message-id=<20180618152314.180861101D84@mail.sanclxx.cl>
Jun 18 11:23:19 mail postfix/smtpd[56539]: disconnect from unknown[192.168.3.24] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Jun 18 11:23:19 mail postfix/qmgr[56516]: 9C821110242B: from=<double-bounce@mail.sanclxx.cl>, size=6426, nrcpt=1 (queue active)
Jun 18 11:23:19 mail amavis[53808]: (53808-01) ESMTP [127.0.0.1]:10026 /opt/zimbra/data/amavisd/tmp/amavis-20180618T112319-53808-wK_MUQsc: <double-bounce@mail.sanclemente.cl> -> <postmaster@mail.sanclxx.cl> Received: from mail.sancl$
Jun 18 11:23:19 mail amavis[53808]: (53808-01) Checking: W673HvVhrc3i ORIGINATING/MYNETS [192.168.3.24] <double-bounce@mail.sanc

Still no result
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back