I've recently had some problems regarding upgrading Zimbra while also upgrading my OS at the same time. To be more specific: I wanted to upgrade Zimbra Open Source Edition from 8.0.5 to 8.6 and at the same time upgrade Ubuntu Server from 12.04 to 14.04. The problem I encountered was that I couldn't get it to work, Zimbra threw a lot of Perl-related exceptions and since the Zimbra forum isn't very communicative I had to reroll to my backup to be up and running after the weekend again. So what is the correct process?
our Zimbra-Server isn't working for outgoing external mail since yesterday. Friday I installed some updates (for shell shock and Kernel updates), restarted and it worked fine. But since yesterday sending mail to external recipients stopped working. Internal mail (which doesn't use the relay-MTA) works.
Since I didn't change any settings I checked the remote server (Strato) with swaks and it worked:
swaks -s smtp.strato.de -tls -p 587 -f [email protected] -t [email protected] -a -au [email protected] -ap xxxxxx
The same credentials as listed with -au and -ap are listed in /opt/zimbra/conf/relay_password
When sending a mail via Zimbra I get the following from /var/log/zimbra.log:
Oct 2 09:00:10 server postfix/smtp[8144]: 3952465A24A: to=<[email protected]>, relay=smtp.strato.de[81.169.145.133]:587, delay=0.55, delays=0.27/0.01/0.26/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.strato.de[81.169.145.133]: bad protocol / cancel)
Zimbra main.cf
mail_owner = postfix
bounce_notice_recipient = postmaster
content_filter = smtp-amavis:[127.0.0.1]:10024
smtp_sasl_security_options = noanonymous
relayhost = smtp.strato.de:587
virtual_alias_expansion_limit = 10000
smtpd_sasl_authenticated_header = no
smtp_helo_name = $myhostname
broken_sasl_auth_clients = yes
minimal_backoff_time = 300s
sender_canonical_maps = proxy:ldap:/opt/zimbra/conf/ldap-scm.cf
always_add_missing_headers = yes
smtpd_tls_key_file = /opt/zimbra/conf/smtpd.key
smtpd_helo_required = yes
virtual_transport = error
sendmail_path = /opt/zimbra/postfix/sbin/sendmail
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_mynetworks, reject_unlisted_recipient, reject_non_fqdn_sender, permit
smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_reject_unlisted_recipient = no
bounce_queue_lifetime = 5d
smtp_sasl_mechanism_filter =
local_header_rewrite_clients = permit_mynetworks,permit_sasl_authenticated
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_milters =
smtpd_tls_security_level = may
smtpd_sender_restrictions = check_sender_access regexp:/opt/zimbra/postfix/conf/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, permit_tls_clientcerts, check_sender_access regexp:/opt/zimbra/postfix/conf/tag_as_foreign.re
lmtp_host_lookup = dns
delay_warning_time = 0h
header_checks =
queue_run_delay = 300s
virtual_mailbox_maps = proxy:ldap:/opt/zimbra/conf/ldap-vmm.cf
notify_classes = resource,software
command_directory = /opt/zimbra/postfix/sbin
smtpd_client_restrictions = reject_unauth_pipelining
smtpd_tls_auth_only = yes
virtual_alias_maps = proxy:ldap:/opt/zimbra/conf/ldap-vam.cf
mailq_path = /opt/zimbra/postfix/sbin/mailq
smtpd_banner = $myhostname ESMTP $mail_name
mynetworks = 127.0.0.0/8 192.168.117.0/24 [::1]/128 [fe80::]/64
lmtp_connection_cache_time_limit = 4s
transport_maps = proxy:ldap:/opt/zimbra/conf/ldap-transport.cf
virtual_alias_domains = proxy:ldap:/opt/zimbra/conf/ldap-vad.cf
smtpd_sasl_auth_enable = yes
smtpd_tls_loglevel = 1
maximal_backoff_time = 4000s
virtual_mailbox_domains = proxy:ldap:/opt/zimbra/conf/ldap-vmd.cf
inet_protocols = ipv4
non_smtpd_milters =
daemon_directory = /opt/zimbra/postfix/libexec
smtp_tls_security_level =
alias_maps = hash:/etc/aliases
setgid_group = postdrop
smtp_cname_overrides_servername = no
mydestination = localhost
smtpd_end_of_data_restrictions =
import_environment =
myhostname = mail.example.com
message_size_limit = 1048576000
recipient_delimiter =
in_flow_delay = 1s
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
queue_directory = /opt/zimbra/data/postfix/spool
propagate_unmatched_extensions = canonical
manpage_directory = /opt/zimbra/postfix/man
smtp_fallback_relay =
smtpd_tls_cert_file = /opt/zimbra/conf/smtpd.crt
smtp_sasl_password_maps = hash:/opt/zimbra/conf/relay_password
lmtp_connection_cache_destinations =
newaliases_path = /opt/zimbra/postfix/sbin/newaliases
smtp_sasl_auth_enable = yes
mailbox_size_limit = 0
disable_dns_lookups = no
It's Zimbra 8.04. Any hints?
Edit: With higher loglevel after sending a Mail this is what I get from zimbra.log:
Oct 2 09:26:51 server postfix/smtp[21000]: warning: SASL authentication failure: ServerSignature expected in SCRAM-SHA-1 input
I've just set up an Active Directory Domain Controller (running Samba 4), created users, shares, groups, etc and everything is working.
However, I have an environment where the use of roaming profiles is wanted. I can change the profile path for each user (e.g. \SERVER\PROFILES\%USERNAME%) but how can I make this the default for all accounts (including newly created accounts).
I haven't found anything on this topic and I'm wondering why nobody wants to set default profile paths for all users with no exception.