Results 1 to 7 of 7

Thread: Zimbra MTA SMTP AUTH

  1. #1
    milesteg is offline Intermediate Member
    Join Date
    Dec 2008
    Posts
    19
    Rep Power
    6

    Default Zimbra MTA SMTP AUTH

    Hi all!

    I have a Zimbra server on my LAN. I've set up SMTP auth and only TLS.
    I can do this from any machine on my LAN:

    telnet server.mydomain.com 25
    EHLO domain.com
    MAIL FROM: other_user_than_me@mydomain.com
    RCPT TO: existent_user_in_my_domain@mydomain.com
    DATA blahblahblah
    .
    OK!

    Zimbra MTA does not ask me for authentication (nor user nor password). I can send emails to any user account from any user account in my local network. Is there any way of avoiding this?

    The only 'solution' I've found till now is firewalling port 25 in my local network and opening 587 for submission, but this is not operative: I need port 25 opened to my DMZ network, and I can do the same from there...

    Also, I've changed the zimbraMtaMyNetworks variable equal to '127.0.0.0/8', but I still can do the same I've posted on top (telnet, mail from...)

    I've reloaded postix (postfix reload) and zimbra (zmcontrol stop / zmcontrol start) but nothing happens.

    Any idea? I think I'm getting crazy...

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,566
    Rep Power
    57

    Default

    Quote Originally Posted by milesteg View Post
    Zimbra MTA does not ask me for authentication (nor user nor password). I can send emails to any user account from any user account in my local network. Is there any way of avoiding this?
    Why would you want to avoid this, that's exactly what the server is supposed to do. What are you trying to achieve or what problem is it that you're having?

    BTW, you should leave the LAN subnet and the localhost IP in zimbraMtaMyNetworks.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    milesteg is offline Intermediate Member
    Join Date
    Dec 2008
    Posts
    19
    Rep Power
    6

    Default

    phoenix:

    Thanks a lot for your replay. I'm trying to avoid one user sending mail with a different account. I'll explain:

    user1: worker1@domain.com
    user2: worker2@domain.com
    user3: chief@domain.com

    At this moment Zimbra MTA allows worker1 sending a mail to worker2 from the chief account using telnet and port 25. If chief account were protected with user/password, worker1 couldn't send mail in the name of chief.

    I wil put again my LAN on the zimbraMtaMyNetworks, as I understand it's the default configuration of Zimbra. But... is there any way of solving this authentication issue?

    Thanks a lot again

  4. #4
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Or restrict who can sent to who ? Restrict sending to certain domains - Zimbra :: Wiki

  5. #5
    milesteg is offline Intermediate Member
    Join Date
    Dec 2008
    Posts
    19
    Rep Power
    6

    Default

    Quote Originally Posted by uxbod View Post
    Mmmm but I want all my users to send email to any domain; What I need is users to be authenticated via SMTP. I mean, when I telnet server.mydomain.com in port 25, I need the server to ask for user and password. This way users will not be able to 'spoof' the identity of others.

    I've managed this forcing users to use port 587, submission, but then I have the problem of my port 25 being still open and allowing relay this way, without asking for password.

    Thanks a lot too for your reply!

  6. #6
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Even if you use SMTP AUTH the connected user will still be able to spoof the email address. If that was to happy then why can't you check the headers and logs for where the connection came from ? If this is a corporate environment you should know where your IPs are allocated

  7. #7
    milesteg is offline Intermediate Member
    Join Date
    Dec 2008
    Posts
    19
    Rep Power
    6

    Default

    Quote Originally Posted by uxbod View Post
    Even if you use SMTP AUTH the connected user will still be able to spoof the email address. If that was to happy then why can't you check the headers and logs for where the connection came from ? If this is a corporate environment you should know where your IPs are allocated
    Oh, so it seems it was my concept mistake... Well, at least I can avoid relaying from the outside via zimbraMyNetworks. Plenty of organizations here, where I live, don't even block the outside.

    Thanks a lot for your help!!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [SOLVED] Moving Zimbra to a new server
    By krolen in forum Administrators
    Replies: 109
    Last Post: 02-05-2009, 11:38 AM
  2. Upgrade to ZCS 5.10
    By blozancic in forum Installation
    Replies: 0
    Last Post: 10-21-2008, 08:03 AM
  3. Replies: 12
    Last Post: 02-25-2008, 07:28 PM
  4. zmtlsctl give LDAP error
    By sourcehound in forum Administrators
    Replies: 5
    Last Post: 03-11-2007, 03:48 PM
  5. Zimbra server crashed
    By goetzi in forum Administrators
    Replies: 6
    Last Post: 03-25-2006, 01:00 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •