Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 14 replies
  • Answers 1 answer
  • Subscribers 6 subscribers
  • Views 20334 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SMTP Relay Naming Issue

RobPurcell

A few years ago I set up a Zimbra mail server behind Sophos UTM using Email Protection. Configuration for incoming mail went smoothly, but I ran into an issue with outgoing mail when using the UTM for relaying. It's been a few years so I'm a little foggy on the details, but the problem as I remember it was that the host name configured in Zimbra was mail.domain.com, which was the same name as the UTM SMTP relay. Because the two names were the same, when Zimbra sent mail to the relay it was rejected. The UTM and the mail server argued over having the same name. I resolved the issue by renaming the mail server to mail.domain.local so they didn't argue, and then set up a second domain on Zimbra for mail.domain.com.  With this configuration everything works, but I've never been happy with it. I feel that there may be a more elegant way of doing things. Changing the SMTP hostname on the UTM doesn't seem like a good option since it's checked by receiving mail servers and should match RDNS and such. Perhaps I could leave the mail server name mail.domain.com and then modify the email header configuration in Zimbra to use a different name, but I've not looked into how that might be accomplished in Zimbra. 

 
I'm about to set up a new mail server so I'm reconsidering my configuration. Does anybody have a better way of dealing with the issue than what I've found?


This thread was automatically locked due to age.
Parents
  • 0

    The hostname on the UTM doesn't really matter. The main thing for spam filters is that there is an actual rdns entry for that domain. It doesn't really matter what it is as long as there is one.

    You will find multiple instances of this all over the web eg mx records not matching domain names.

  • 0 in reply to Louis-M

    Perhaps I didn't explain the issue well enough since DNS, RDNS, MX records and such are not involved at the point where I had a problem.

     
    Under normal circumstances when Zimbra sends outgoing mail it is handed to the Sophos UTM relay where it's processed and then sent to the outside world. My point of failure was between Zimbra and the UTM when Zimbra was trying to hand off mail to the UTM. At this point DNS records don't come into play since Zimbra is sending to the UTM via IP address (or locally defined DNS record).
     
    I assume that there's a normal SMTP dialogue going on between Zimbra and the UTM when handing over outgoing mail, and I believe the failure was caused by both the UTM and Zimbra thinking they were mail.domain.com. At least the error messages that I saw lead me to believe so. I changed the SMTP hostname in the UTM to something else and then it accepted mail from Zimbra, but doing so changed the banner on my outgoing mail which could lead to bounced or rejected messages.
     
    After determining that both the UTM and Zimbra could not have the same SMTP hostname I used my correct SMTP hostname, the one that matches RDNS, in the UTM, and then used mail.domain.local as the Zimbra SMTP hostname. That way the UTM and Zimbra would communicate correctly since they no longer had the same name.
     
    One problem with this approach is that the Zimbra server now has a fictitious name, and my real domain name is configured as a secondary domain. It works the way it's configured, but in my opinion it's not an elegant solution and I'm looking for perhaps a better way to do things.
  • 0 in reply to RobPurcell

    As mentioned, I've never had an issue with mail which uses a different banner. Never had mail bounced back.

    mxtoolbox might give you a warning that it doesn't match but I've always had mail go through. Now no rdns entry or the ip coming from a dynamic range is a different kettle of fish but the banner not matching generally doesn't affect things.

    In fact, where i@m typing this from has 4 domains behind the UTM which all accept/send mail without issue.

    Going back to the UTM, until they change something within it or you just forego the UTM, you will be stuck with one rdns banner

Reply
  • 0 in reply to RobPurcell

    As mentioned, I've never had an issue with mail which uses a different banner. Never had mail bounced back.

    mxtoolbox might give you a warning that it doesn't match but I've always had mail go through. Now no rdns entry or the ip coming from a dynamic range is a different kettle of fish but the banner not matching generally doesn't affect things.

    In fact, where i@m typing this from has 4 domains behind the UTM which all accept/send mail without issue.

    Going back to the UTM, until they change something within it or you just forego the UTM, you will be stuck with one rdns banner

Children
No Data
Unfiltered HTML