CentOS 7.x Zimbra add additional ports for SMTP service when outgoing port 25 is blocked
It is possible for a email server eg mail.example.com to have public IP with bad reputation. In that case we can configure another Zimbra server (eg mail.sbarjatiya.com) as Smart_host so that all emails of mail.example.com email server go via mail.sbarjatiya.com. This solution works for public IP reputation cases but it does not works when outgoing port 25 is blocked on mail.example.com (Eg new AWS VM with email sending limitations or restricted broadband connection where outgoing port 25 is blocked).
In such cases we can work around by:
- Making mail.sbarjatiya.com zimbra server listen on additional SMTP ports (eg 2525) apart from port 25 using:
- Note comment "You could use postscreen as command name instead of smtpd to keep postscreen active on port 2525. "
- After that mail.example.com Smart host setting can be made to point to mail.sbarjatiya.com at port 2525 instead of port 25. This can be done using Zimbra Admin UI.
- Add mail.sbarjatiya.com public IP as permitted sender in SPF record of mail.example.com
- Allow port 2525 in firewall of Linux host CentOS 7.x Basic firewalld configuration
- Allow port 2525 in network firewall (Eg security group or some other appropriate firewall)
- Whitelist mail.example.com public IP in MTATrustedNetworks in mail.sbarjatiya.com so that all emails are accepted without authentication.
- Ideally update SPF records of mail.example.com (example.com domain) to include:
- to indicate that emails for example.com domain can come from A address of mail.sbarjatiya.com
- Send a few test emails from mail.example.com and validate.