Zimbra is running Postfix under the hood and can be configured in the same manner as Postfix when relaying/smarthosting through the MailChannels Outbound Filtering spam filtering system.
Instructions for updating the Zimbra/Postfix configuration to use MailChannels Outbound Filtering are provided in this article. Authentication with MailChannels is required and is relatively simple to setup.
For more advanced configuration scenarios, refer to the online Postfix documentation.
The first step in this process is to create the password map. Zimbra/Postfix uses this for authentication. The MailChannels team will provide the SMTP username. The password for authentication can be generated by logging into the MailChannels Customer Console.
Create a text file password in /etc/postfix folder using the following command:
# touch /etc/postfix/password
The format of the client password file is space delimited and will contain the following:
Example: #smtp.isp.com username:password
Add the following line to the password file after replacing SMTP username and password with your actual SMTP username and password:
smtp.mailchannels.net <SMTP username>:<password>
Save and close the file.
Set the following permissions on the password file to allow proper access.
- # chown root:root /etc/postfix/password
- # chmod 0600 /etc/postfix/password
Run a postmap command on the new password file to load it into Zimbra/Postfix:
- # postmap hash:/etc/postfix/password
Zimbra/Postfix Smarthost Authentication
An authenticated sender header is required to track sender reputation within the MailChannels system. These headers are added when the parameters exist in the configuration file. The configuration directives are appended to /etc/postfix/main.cf.
- relayhost = smtp.mailchannels.net
- smtp_sasl_auth_enable = yes
- smtp_sasl_password_maps = hash:/etc/postfix/password
- smtp_sasl_security_options = noanonymous
- smtpd_sasl_authenticated_header = yes
- smtp_tls_security_level = encrypt
The parameters used in the configuration directives are described in the following table.
|relayhost = smtp.mailchannels.net||Relays all mail via smtp.mailchannels.net mail service.|
|smtp_sasl_auth_enable = yes||Indicates Cyrus-SASL support for authentication of mail servers.|
|smtp_sasl_password_maps = hash:/etc/postfix/password||Sets path to sasl_passwd.|
|smtp_sasl_security_options||When empty (default), allows Postfix to use anonymous and plain text authentication.|
|smtpd_sasl_authenticated_header = yes||Tells Postfix to log the authenticated user ID in the received header so that the user behavior and reputation are tracked.|
|smtp_tls_security_level: Encrypt||Optional. If there are issues connecting with this option, try disabling.|
You will need to save and close the file. Restart Postfix using the following command:
# /etc/init.d/postfix restart
Test your setup by sending a text email containing the following content:
$ echo 'This is a test.' > /tmp/test
$ mail -s 'Test' firstname.lastname@example.org < /tmp/test
# tail -f /var/log/mail.log
# rm /tmp/test
If you are getting no mechanism available error messages, you may be missing SASL authentication libraries.
If the operating system is Debian® or Ubuntu®, install the missing module dependency using apt-get:
# apt-get install libsasl2-modules
If the operating system is RedHat®, Fedora®, or CentOS®, obtain the following module using yum, the default package manager:
# yum install cyrus-sasl-plain