ZIMBRA SMTP AUTH problem

**siomon.liu** · 07-20-2009, 07:48 AM

Originally Posted by phoenix

Is your server on a LAN or directly connected to the internet?

For the loopback interface you need the following:

Code:

127.0.0.0/8

now i setup

zmprov ms gbd.hand-china.com zimbraMtaMyNetworks '127.0.0.0/8'

after setup ,i test again.

then send mail to other domain with auth.

'8568518@xx.com'，时间为 2009-07-20 22:43
554 5.7.1 <8568518@xx.com>: Relay access denied

but for local domain send mail without auth.

admin@test.zimbra.com to test@test.zimbra.com is successful without auth.

why?

**uxbod** · 07-20-2009, 07:50 AM

are you sending the email from the server or off your LAN via a workstation ?

**siomon.liu** · 07-20-2009, 08:00 AM

Originally Posted by uxbod

are you sending the email from the server or off your LAN via a workstation ?

zimbra server is on internet!

i use my pc in my home or my office,anywhere.

and i also send mail to the account of same domain without auth.

now

my server is same domain send without auth,our domain to other domain only with auth.

for example

admin@test.zimbra.com to test@test.zimbra.com without auth.

it is very dangerous.

i want send mail only with auth.

How to setup the configure?

Pls help to solve.
Appreciate for your help.

**thorng** · 07-20-2009, 11:44 AM

Something for people who are following the thread.
* Include physical interface does not make it an open relay. notice the mask is limited to only the server itself. This is for internal routing (av/spam) not necessary using the loopback interface. It is required. *

Now the solution. There is nothing wrong.
You are testing it wrong. the Recipient address has to be an external email adderss. This is due to the fact you need to able to receive email for your domain without authentication. SMTP behave no differently talking to another SMTP server or an SMTP client.
But authentication become required if it is to "relay" an message outside of its receiving domain.

One other thing. When you make the change for the "MTA Trusted Networks" you may need to restart services for the new network to take effect.

**siomon.liu** · 07-20-2009, 03:25 PM

Originally Posted by thorng

Something for people who are following the thread.
* Include physical interface does not make it an open relay. notice the mask is limited to only the server itself. This is for internal routing (av/spam) not necessary using the loopback interface. It is required. *

Now the solution. There is nothing wrong.
You are testing it wrong. the Recipient address has to be an external email adderss. This is due to the fact you need to able to receive email for your domain without authentication. SMTP behave no differently talking to another SMTP server or an SMTP client.
But authentication become required if it is to "relay" an message outside of its receiving domain.

One other thing. When you make the change for the "MTA Trusted Networks" you may need to restart services for the new network to take effect.

after setup,i reboot my zimbra server.

now test

*@test.zimbra.com to hotmail,yahoo,gmail,anywhere only with auth.

but *@test.zimbra.com to *@test.zimbra.com without autn.

Pls help to solve.

**thorng** · 07-20-2009, 07:09 PM

This behavior is by design. There is nothing to fix. If authentication is required, then you won't be able to received any emails from other domains.

It's possible to configure postfix to change this behavior by changing the smtpd_sender_restrictions but I don't have the details on how to do this.

The Only time you want do this is you are using the server to send email only and received only from predefined partners defined in the trused networks. Such server is not used for Internet facing.

**rockman** · 07-21-2009, 06:26 AM

Can Cyrus-SASL do any good?

**rockman** · 08-02-2009, 08:49 PM

Hi Zimbra Pros,

Our mailing system is going live shortly. But we are a bit worried as the SMTP auth issue is still there. Can we block unauthorized connection from remote telnet with certain configuration on iptables? If positive, how to do that?

Please help.

TIA

**adeelarifbhatti** · 08-02-2009, 10:30 PM

Hi all,
didn't really go through the whole forum, but the auth issue while delivering email can be solved using the following configurations.

465 inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticate d,reject

##############
Please make sure that this lines are added or uncommented in the master.conf.in file.

After restarting I am sure there isn't going to be any issue with auth before delivering email. And definatly the auth is going to be on port 465.
THIS WILL 100% SOLVES THE AUTH ISSUE.

Regards
Adeel

**dalmate** · 08-06-2009, 12:23 AM

Maybe I have answer for all.
In Admin console, you must uncheck in "TLS authentication only" to enable "AUTH= PLAIN LOGIN" in smtp
If you want to force people who is in your local network must authenticated before can use smtp service you can configure in Postfix.To do that, you must modify in MTA Trusted Network:
-if your server has ip:10.2.22.48==> you can modify to 10.2.22.48/32==>so if user telnet from your local network they are notified to authenticate before send mail.
Sorry about my English if it's too unintelligible. If you want to know more detail you can send mail to me: dalmate@zing.vn.

Zimbra

Thread: ZIMBRA SMTP AUTH problem

LinkBack

Thread Tools

Search Thread

Display

how to handle this issue with iptables

Thread Information

Users Browsing this Thread

Similar Threads

Major Issue - 5.0RC2 NE to 5.0GA NE failed

How to install Zimbra Debian 3.1 binaries on Debian Etch 4.0 [Workaround]

zmtlsctl give LDAP error

Problem - Queue report unavailable - mail system is down

dspam logrotate errors

Posting Permissions