Page 6 of 8 FirstFirst ... 45678 LastLast
Results 51 to 60 of 76

Thread: ZIMBRA SMTP AUTH problem

  1. #51
    siomon.liu's Avatar
    siomon.liu is offline Senior Member
    Join Date
    Apr 2009
    Location
    ASIA
    Posts
    66
    Rep Power
    6

    Default

    Quote Originally Posted by phoenix View Post
    Is your server on a LAN or directly connected to the internet?

    For the loopback interface you need the following:

    Code:
    127.0.0.0/8


    now i setup

    zmprov ms gbd.hand-china.com zimbraMtaMyNetworks '127.0.0.0/8'


    after setup ,i test again.

    then send mail to other domain with auth.

    '8568518@xx.com',时间为 2009-07-20 22:43
    554 5.7.1 <8568518@xx.com>: Relay access denied



    but for local domain send mail without auth.

    admin@test.zimbra.com to test@test.zimbra.com is successful without auth.

    why?

  2. #52
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    are you sending the email from the server or off your LAN via a workstation ?

  3. #53
    siomon.liu's Avatar
    siomon.liu is offline Senior Member
    Join Date
    Apr 2009
    Location
    ASIA
    Posts
    66
    Rep Power
    6

    Default

    Quote Originally Posted by uxbod View Post
    are you sending the email from the server or off your LAN via a workstation ?
    zimbra server is on internet!

    i use my pc in my home or my office,anywhere.


    and i also send mail to the account of same domain without auth.


    now

    my server is same domain send without auth,our domain to other domain only with auth.


    for example

    admin@test.zimbra.com to test@test.zimbra.com without auth.

    it is very dangerous.

    i want send mail only with auth.


    How to setup the configure?

    Pls help to solve.
    Appreciate for your help.
    Last edited by siomon.liu; 07-20-2009 at 08:14 AM.

  4. #54
    thorng is offline Active Member
    Join Date
    Apr 2009
    Posts
    46
    Rep Power
    6

    Default

    Something for people who are following the thread.
    * Include physical interface does not make it an open relay. notice the mask is limited to only the server itself. This is for internal routing (av/spam) not necessary using the loopback interface. It is required. *

    Now the solution. There is nothing wrong.
    You are testing it wrong. the Recipient address has to be an external email adderss. This is due to the fact you need to able to receive email for your domain without authentication. SMTP behave no differently talking to another SMTP server or an SMTP client.
    But authentication become required if it is to "relay" an message outside of its receiving domain.

    One other thing. When you make the change for the "MTA Trusted Networks" you may need to restart services for the new network to take effect.

  5. #55
    siomon.liu's Avatar
    siomon.liu is offline Senior Member
    Join Date
    Apr 2009
    Location
    ASIA
    Posts
    66
    Rep Power
    6

    Cool

    Quote Originally Posted by thorng View Post
    Something for people who are following the thread.
    * Include physical interface does not make it an open relay. notice the mask is limited to only the server itself. This is for internal routing (av/spam) not necessary using the loopback interface. It is required. *

    Now the solution. There is nothing wrong.
    You are testing it wrong. the Recipient address has to be an external email adderss. This is due to the fact you need to able to receive email for your domain without authentication. SMTP behave no differently talking to another SMTP server or an SMTP client.
    But authentication become required if it is to "relay" an message outside of its receiving domain.

    One other thing. When you make the change for the "MTA Trusted Networks" you may need to restart services for the new network to take effect.
    after setup,i reboot my zimbra server.

    now test

    *@test.zimbra.com to hotmail,yahoo,gmail,anywhere only with auth.

    but *@test.zimbra.com to *@test.zimbra.com without autn.


    Pls help to solve.

  6. #56
    thorng is offline Active Member
    Join Date
    Apr 2009
    Posts
    46
    Rep Power
    6

    Default

    This behavior is by design. There is nothing to fix. If authentication is required, then you won't be able to received any emails from other domains.

    It's possible to configure postfix to change this behavior by changing the smtpd_sender_restrictions but I don't have the details on how to do this.

    The Only time you want do this is you are using the server to send email only and received only from predefined partners defined in the trused networks. Such server is not used for Internet facing.

  7. #57
    rockman is offline New Member
    Join Date
    Jul 2009
    Posts
    3
    Rep Power
    6

    Default

    Can Cyrus-SASL do any good?

  8. #58
    rockman is offline New Member
    Join Date
    Jul 2009
    Posts
    3
    Rep Power
    6

    Default how to handle this issue with iptables

    Hi Zimbra Pros,

    Our mailing system is going live shortly. But we are a bit worried as the SMTP auth issue is still there. Can we block unauthorized connection from remote telnet with certain configuration on iptables? If positive, how to do that?

    Please help.

    TIA

  9. #59
    adeelarifbhatti is offline Advanced Member
    Join Date
    Feb 2009
    Posts
    188
    Rep Power
    6

    Post

    Hi all,
    didn't really go through the whole forum, but the auth issue while delivering email can be solved using the following configurations.

    465 inet n - n - - smtpd
    -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
    -o smtpd_client_restrictions=permit_sasl_authenticate d,reject

    ##############
    Please make sure that this lines are added or uncommented in the master.conf.in file.


    After restarting I am sure there isn't going to be any issue with auth before delivering email. And definatly the auth is going to be on port 465.
    THIS WILL 100&#37; SOLVES THE AUTH ISSUE.

    Regards
    Adeel

  10. #60
    dalmate is offline Elite Member
    Join Date
    Jan 2009
    Posts
    369
    Rep Power
    6

    Default

    Maybe I have answer for all.
    In Admin console, you must uncheck in "TLS authentication only" to enable "AUTH= PLAIN LOGIN" in smtp
    If you want to force people who is in your local network must authenticated before can use smtp service you can configure in Postfix.To do that, you must modify in MTA Trusted Network:
    -if your server has ip:10.2.22.48==> you can modify to 10.2.22.48/32==>so if user telnet from your local network they are notified to authenticate before send mail.
    Sorry about my English if it's too unintelligible. If you want to know more detail you can send mail to me: dalmate@zing.vn.

Page 6 of 8 FirstFirst ... 45678 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Major Issue - 5.0RC2 NE to 5.0GA NE failed
    By DougWare in forum Installation
    Replies: 7
    Last Post: 01-06-2008, 09:56 PM
  2. Replies: 31
    Last Post: 12-15-2007, 09:05 PM
  3. zmtlsctl give LDAP error
    By sourcehound in forum Administrators
    Replies: 5
    Last Post: 03-11-2007, 03:48 PM
  4. Replies: 8
    Last Post: 02-27-2007, 04:10 AM
  5. dspam logrotate errors
    By michaeln in forum Users
    Replies: 7
    Last Post: 02-19-2007, 12:45 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •