📌 Compatibility: Zimbra Collaboration Suite (all versions)
Objective
Instead of sending emails directly to the Internet, this procedure allows you to route all outbound messages from your organization through the e-securemail antispam gateways using a secure SMTP relay.
🔑 Important Information
SMTP relay server to configure:smtp.security-mail.net
This is the address you must configure to route your outbound mail flow through the e-securemail filtering gateways.
🔒 Security Recommendation
For optimal protection of your Zimbra infrastructure, restrict inbound connections by allowing only the IP addresses of the e-securemail servers in your MTA (Postfix) settings.
📥 View the list of e-securemail IP ranges
📋 Configuration Procedure
Configure Outbound SMTP Routing
Method 1: Using the Zimbra Administration Console (GUI)
Step 1: Access MTA Settings
- Sign in to the Zimbra Administration Console
- Go to:
Configuration > Servers - Select your MTA server
- Click the MTA tab
Step 2: Configure the SMTP Relay
- Locate the Relayhost or Relay Host setting
- In the corresponding field, enter:
smtp.security-mail.net:25(or use the port provided by e-securemail, such as 587)
- Click Save
Step 3: Restart Services
Restart the MTA service to apply the changes.
Via the interface:
Home > Monitor > Services > Restart MTA
Method 2: Using the Command Line (CLI)
Step 1: Connect via SSH
Connect to your Zimbra server over SSH as the zimbra user:
su - zimbraStep 2: Configure the Relay Host
Run the following command to define the SMTP relay:
zmprov ms `zmhostname` zimbraMtaRelayHost smtp.security-mail.net:25Step 3: Verify the Configuration
Verify that the parameter has been applied correctly:
zmprov gs `zmhostname` zimbraMtaRelayHostStep 4: Apply the Changes
Regenerate the Postfix configuration and restart services:
zmmtactl restart🔧 Advanced Configuration (Optional)
SMTP Authentication (If Required)
If e-securemail requires SMTP authentication, create a password file:
# As the zimbra user
echo "smtp.security-mail.net username:password" > /opt/zimbra/conf/relay_password
# Secure the file
chmod 600 /opt/zimbra/conf/relay_password
# Generate the database
postmap /opt/zimbra/conf/relay_password
# Configure Postfix
zmprov mcf +zimbraMtaSmtpSaslPasswordMaps lmdb:/opt/zimbra/conf/relay_password
zmprov mcf zimbraMtaSmtpSaslAuthEnable TRUE
# Restart MTA
zmmtactl restartEnable TLS Encryption
zmprov mcf zimbraMtaSmtpTlsSecurityLevel may
zmmtactl restartRestrict Inbound Connections by IP
Edit the file:
/opt/zimbra/conf/postfix_rbl_overrideAdd the e-securemail IP addresses:
192.0.2.10 OK
192.0.2.11 OKThen reload Postfix:
zmmtactl reload✅ Verify the Configuration
To confirm that your emails are routed through e-securemail:
Send a Test Email
echo "e-securemail relay test" | mail -s "SMTP Test" recipient@example.comCheck Postfix Logs
tail -f /var/log/zimbra.log | grep smtp.security-mail.netVerify Email Headers
Inspect the headers of the received message and confirm that smtp.security-mail.net appears in the routing path.
ℹ️ Additional Help
For more details about MTA configuration in Zimbra, refer to the Official Zimbra Documentation or the Zimbra community forums.