Zimbra MTA SMTP AUTH

[milesteg]

Hi all!

I have a Zimbra server on my LAN. I've set up SMTP auth and only TLS.
I can do this from any machine on my LAN:

telnet server.mydomain.com 25
EHLO domain.com
MAIL FROM: other_user_than_me@mydomain.com
RCPT TO: existent_user_in_my_domain@mydomain.com
DATA blahblahblah
.
OK!

Zimbra MTA does not ask me for authentication (nor user nor password). I can send emails to any user account from any user account in my local network. Is there any way of avoiding this?

The only 'solution' I've found till now is firewalling port 25 in my local network and opening 587 for submission, but this is not operative: I need port 25 opened to my DMZ network, and I can do the same from there...

Also, I've changed the zimbraMtaMyNetworks variable equal to '127.0.0.0/8', but I still can do the same I've posted on top (telnet, mail from...)

I've reloaded postix (postfix reload) and zimbra (zmcontrol stop / zmcontrol start) but nothing happens.

Any idea? I think I'm getting crazy...

[phoenix]

Quote:

Originally Posted by milesteg

Zimbra MTA does not ask me for authentication (nor user nor password). I can send emails to any user account from any user account in my local network. Is there any way of avoiding this?

Why would you want to avoid this, that's exactly what the server is supposed to do. What are you trying to achieve or what problem is it that you're having?

BTW, you should leave the LAN subnet and the localhost IP in zimbraMtaMyNetworks.

[milesteg]

phoenix:

Thanks a lot for your replay. I'm trying to avoid one user sending mail with a different account. I'll explain:

user1: worker1@domain.com
user2: worker2@domain.com
user3: chief@domain.com

At this moment Zimbra MTA allows worker1 sending a mail to worker2 from the chief account using telnet and port 25. If chief account were protected with user/password, worker1 couldn't send mail in the name of chief.

I wil put again my LAN on the zimbraMtaMyNetworks, as I understand it's the default configuration of Zimbra. But... is there any way of solving this authentication issue?

Thanks a lot again

[uxbod]

Or restrict who can sent to who ? Restrict sending to certain domains - Zimbra :: Wiki

[milesteg]

Quote:

Originally Posted by uxbod

Or restrict who can sent to who ? Restrict sending to certain domains - Zimbra :: Wiki

Mmmm but I want all my users to send email to any domain; What I need is users to be authenticated via SMTP. I mean, when I telnet server.mydomain.com in port 25, I need the server to ask for user and password. This way users will not be able to 'spoof' the identity of others.

I've managed this forcing users to use port 587, submission, but then I have the problem of my port 25 being still open and allowing relay this way, without asking for password.

Thanks a lot too for your reply!

[uxbod]

Even if you use SMTP AUTH the connected user will still be able to spoof the email address. If that was to happy then why can't you check the headers and logs for where the connection came from ? If this is a corporate environment you should know where your IPs are allocated

[milesteg]

Quote:

Originally Posted by uxbod

Even if you use SMTP AUTH the connected user will still be able to spoof the email address. If that was to happy then why can't you check the headers and logs for where the connection came from ? If this is a corporate environment you should know where your IPs are allocated

Oh, so it seems it was my concept mistake... Well, at least I can avoid relaying from the outside via zimbraMyNetworks. Plenty of organizations here, where I live, don't even block the outside.

Thanks a lot for your help!!