@dbeato said in Zimbra help..multi-domain each with own external relay:

I am connecting to the Zimbra server this morning and will let you know.

Thanks @dbeato! Really appreciate it.

@wirestyle22
Oh great, just great. Noted. Thanks for letting me know.

@dbeato
Wow! You are one of the gems which has set it up correctly.

How? How? How?

@dbeato
I think it would work if only one domain, but as SAM is pointing out, it seems that I may have an unusual configuration.

@SAM
Thanks. Presently, we have an almost similar setup (in terms of relay/smart host but both is on different physical machine and sending to each other means to send or route to our external server.

@dbeato
Yes, you got it. The one in zimbra is my first try. It seemed well but I'm unsure if domain2.com really routes to smtp.external2.com. I was pretty impressed by myself having set it up the way I wanted and I have not tried to check the header. :persevering_face:

When it broke, I tried to set it up again. This time, I have checked the header and external email is not routing as expected, it instead routes to mtp.external2.com.

After several months, I'd opened the topic in SW.

I have asked Zimbra forum, even Spiceworks but no solution was provided. I have been struggling for almost 1.5 years. I've tried Ubuntu and CentOS...I think it made no difference, it's in Zimbra configuration itself.

I have been building a test Zimbra OSE server (spanning different versions, latest is 8.8). In my previous test (2015), I think it was successful as I was able to receive an external email test, however, I failed to check the email header if it routed right. That test server failed and I am to rebuild it.

I have 2 domains, domain1.com and domain2.com both of which will reside in a single Zimbra server.

We also have 2 mail providers (smtp.external1.com and smtp.external2.com) providing each one our external servers which acts as smarthosts and emails pulled via POP3 by the Zimbra server.

Considering DNS are all set locally, I was able to setup a working Zimbra (using domain1.com) including routing to correct external host (smtp.external1.com). I've added another domain (domain2.com) and emails between the domain is working great (internally routing).

I have configured relay per domain/sender_dependent_relayhost_maps (bysender) and Outgoing SMTP Authentication (relay_password).

bysender:
@domain1.com [smtp.external1.com]:587
@domain2.com [smtp.external2.com]:587

relay_password:
[smtp.external1.com]:587 [email protected]:Password1
[smtp.external2.com]:587 [email protected]:Password2

I presently do not have anything in the "Relay MTA for external delivery" and fallback. However, sending external emails (test to my google.com account) produces the following error which suggests that it it routing directly to the recipient's domain:

Jan 31 11:46:34 zimbraserver postfix/cleanup[11546]: 4BB3F9B418D1: message-id=[email protected]
Jan 31 11:46:34 zimbraserver postfix/qmgr[5514]: 4BB3F9B418D1: from=[email protected], size=8044, nrcpt=1 (queue active)
Jan 31 11:46:34 zimbraserver postfix/amavisd/smtpd[6176]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 mail=11 rcpt=11 data=11 noop=1 quit=1 commands=36
Jan 31 11:46:34 zimbraserver amavis[7960]: (07960-02) SESxErtKd5sx FWD from [email protected] -> [email protected], BODY=7BIT 250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 4BB3F9B418D1
Jan 31 11:46:34 zimbraserver amavis[7960]: (07960-02) Passed CLEAN {RelayedOutbound}, MYNETS LOCAL [127.0.0.1]:60666 [email protected] -> [email protected], Queue-ID: 6389A9B418B6, Message-ID: [email protected], mail_id: SESxErtKd5sx, Hits: -0.999, size: 7563, queued_as: 4BB3F9B418D1, 1406 ms
Jan 31 11:46:34 zimbraserver postfix/smtp[11532]: 438429B41912: to=[email protected], relay=127.0.0.1[127.0.0.1]:10024, delay=64731, delays=64727/2.7/0/1.4, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 4BB3F9B418D1)
Jan 31 11:46:34 zimbraserver postfix/qmgr[5514]: 438429B41912: removed
Jan 31 11:47:06 zimbraserver postfix/smtp[11562]: connect to gmail-smtp-in.l.google.com[74.125.204.27]:25: Connection timed out
Jan 31 11:47:06 zimbraserver postfix/smtp[11557]: connect to gmail-smtp-in.l.google.com[74.125.204.27]:25: Connection timed out
Jan 31 11:47:36 zimbraserver postfix/smtp[11557]: connect to alt1.gmail-smtp-in.l.google.com[64.233.160.26]:25: Connection timed out
Jan 31 11:47:36 zimbraserver postfix/smtp[11562]: connect to alt1.gmail-smtp-in.l.google.com[64.233.160.26]:25: Connection timed out
Jan 31 11:48:06 zimbraserver postfix/smtp[11562]: connect to alt2.gmail-smtp-in.l.google.com[108.177.121.27]:25: Connection timed out
Jan 31 11:48:06 zimbraserver postfix/smtp[11557]: connect to alt2.gmail-smtp-in.l.google.com[108.177.121.27]:25: Connection timed out
Jan 31 11:48:26 zimbraserver zmconfigd[1615]: Fetching All configs
Jan 31 11:48:26 zimbraserver zmconfigd[1615]: All configs fetched in 0.19 seconds

Same error above if using [email protected].

If I use smtp.domain1.com as "Relay MTA for external delivery," mails are routing externally but both domain1.com and domain2.com is using smtp.external1.com using the [email protected]:Password1 credential (but...domain2.com should use the smtp.external2.com instead).

If I issue the following (from Zimbra: Smarthost by Domain) then no emails get routed, even internally:

zmprov md domain1.com +zimbraSmtpHostname smtp.external1.com
zmprov md domain2.com +zimbraSmtpHostname smtp.external2.com

The page hangs for a while (with circling waiting mouse pointer) then error prompts "network error" and will not get sent and no logs in /var/log/zimbra.log or /opt/zimbra/log/mailbox.log.

What I require is the following:

• domain1.com to domain2.com internal routing (working)
• domain2.com to domain1.com internal routing (working)
• domain1.com to anyoutsidedomain should route to smtp.external1.com.
• domain2.com to anyoutsidedomain should route to smtp.external2.com.

Provision for a 3rd or 4th domain to do the same (emails to and from domain1.com and domain2.com should route internally and any other domain, externally).

Why I want on single server? Sending and receiving will be much faster and inter-domain chats are possible. I also think that this will have an effect in disk space utilization as messages will be stored single between the 2 domains as opposed to being downloaded via POP3. The test server, BTW, is Hyper-V client.

Thanks and advance!

I've read about Netwrix as well, however I'm critical on those I install on my servers

Topic in SW:
https://community.spiceworks.com/topic/1967683-free-file-auditing-software

Had enabled auditing in my server. I filter based on my notes:

• 4663 - Attempt was made to an object.
• 4660 - An object was deleted
• 5140 - A network share object was accessed.
• Filter using the code 4663 then on result, find the file.

However, logs do tend to get big. Initially, I have configured it to a max of 13GB but has now adjusted to 5.24GB for a week of logs

@DustinB3403 Thanks! Already applying via GPO

I do them with RackTables. With it, you can document your rack, servers, networks and other devices. You'll have to configure it manually though, but I know with your skills that you'll be able configure it better than mine.

With one look, you'll get a view of what resides in your rack, a deeper inspection will reveal what is connected to what, it's up to you on how detailed you wanted to be. However, I have to be creative on the patchpanel side, I had to double the ports, one in front and one at the back.

You can also configure what details to show to other users. I have my 2 colleagues have access but can not view some server details like usernames and passwords which I made (similar to normal fields). Going this route, you have to ensure that you have a good grip on your database as it stores them as regular text.

Also check OpenDCIM and RackMonkey.

hhhmmm....have you checked the email header? Did it really came from MS server?

Had an issue when a colleague and his whole dept had made a signature which includes an image. However, a forward or reply, makes the email visible. Had traced down that that image caused the blank mail so I re-created the image (by print screen) then inserting it back.

We were using Zimbra, BTW.

@Grey said in Nethserver for FTPS/SFTP:

t up an SFTP or FTPS server using Nethserver with AD integration for those FTP users?

Hi Grey, you can check their forums out. I have not tried it myself during my test. People there are very much friendly and helpful. It seems @alefattorini has not checked this site for a while.

@jrc said in Substitutes for Active Directory and Windows Server:

Hmm, the problem with the pre-built ones you mentioned is that they come with a ton of things that won't be needed. There is no reason for it to handle email, or web filtering among other things. AD, DNS and File Server is all they need.
I assume the non-needed services can be turned off so that they do not consume any resources?

As mentioned by @alefattorini, NethServer is extremely modular. If you just need the DC, there's no need to install/activate firewall, email, VPN, etc. Though you can also install the backup for the just-in-case scenario.

For help in installation and/or configuration, head out to the community forum, developers are there as well to lend their helping hand.

@vhinzsanchez said in Zimbra installation and configuration (internal use only):

Now, continuing, if you still want to route only internal emails, you'll be better off to configure /etc/hosts file and bind9 in itself, check with nslookup after.

This is what I followed...its dated...and in Ubuntu, just make some adjustments:

https://ubuntuforums.org/showthread.php?t=1866784

@JaredBusch said in Zimbra installation and configuration (internal use only):

If you do not know what you are doing, and this is actually important, hire someone.

I get paid for that level of support.

Exactly this. Before you built on a mail server, you should have familiarized yourself with things like NS, DNS, MX records, etc.

Now, continuing, if you still want to route only internal emails, you'll be better off to configure /etc/hosts file and bind9 in itself, check with nslookup after.

@PenguinWrangler said in Simple NethServer 7 ISO Installation:

Has anyone ever used SME Sever? http://wiki.contribs.org? Looks similar to NethServer, not as up to date of an interface it appears but I have used it at locations and it works well. It is based on CentOS.

Actually, NethServer is based off SME Server:
http://www.nethserver.org/nethserver_smeserver/
https://forums.contribs.org/index.php?topic=49865.0

That's the reason for the similarity.

@scottalanmiller Thank you!

@Dashrender said in Windows Offline Files query:

I'm guessing those 8 people didn't make any offline updates to files in that folder, so Windows never checked to see if there were new versions.

They have Read-Only access to the network folder. Another group is tasked of updating it.

@scottalanmiller said in Windows Offline Files query:

Even the one file that was modified did not update its own ACLs?

@scottalanmiller said in Windows Offline Files query:

In what way were the ACLs changed? How would the changes have affected the person in question?

Yes, this group previously had access then was revoked. The online folder made sure that they do not have access, however, when I did check to access it offline from one of the group's member, the folder was accessible.

Tried to access it online (which prompted access error--as it should) then offline again...that ensured that ACL was propagated..manual updating. Fortunately, there's only a handful of those in a group.