Zimbra sending mails without authentication via JavaMail

[curium]

Hi,

I am trying to use Zimbra (or postfix for that matter) to send mails using JavaMail.

The problem is that Zimbra is sending mails from non-existant users / domains and not using authentication. Ex: Zimbra sends off mails from admin123@mydomain.com even if this account doesnt exist. Also, mails can be sent from admin@mydomain123.com where the domain doesnt exist!!!

Below are the relevant settings (according to me ) from my /postfix/conf/main.cf file:

smtpd_recipient_restrictions = reject_unlisted_recipient, reject_non_fqdn_sender, reject_unlisted_recipient, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_invalid_hostname, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_invalid_hostname, reject_non_fqdn_sender, reject
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_client_restrictions = reject_unauth_pipelining


The below is my /zimbra/conf/postfix_recipient_restrictions.cf file:

reject_unlisted_recipient
reject_non_fqdn_sender
reject_unlisted_recipient
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
reject_invalid_hostname
reject_unknown_sender_domain
reject_unknown_recipient_domain
%%contains VAR:zimbraMtaRestriction reject_invalid_hostname%%
%%contains VAR:zimbraMtaRestriction reject_non_fqdn_hostname%%
%%contains VAR:zimbraMtaRestriction reject_non_fqdn_sender%%
%%contains VAR:zimbraMtaRestriction reject_unknown_client%%
%%contains VAR:zimbraMtaRestriction reject_unknown_hostname%%
%%contains VAR:zimbraMtaRestriction reject_unknown_sender_domain%%
%%contains VAR:zimbraMtaRestriction reject_rbl_client dnsbl.njabl.org%%
%%contains VAR:zimbraMtaRestriction reject_rbl_client cbl.abuseat.org%%
%%contains VAR:zimbraMtaRestriction reject_rbl_client bl.spamcop.net%%
%%contains VAR:zimbraMtaRestriction reject_rbl_client dnsbl.sorbs.net%%
%%contains VAR:zimbraMtaRestriction reject_rbl_client sbl.spamhaus.org%%
%%contains VAR:zimbraMtaRestriction reject_rbl_client xbl.spamhaus.org%%
%%contains VAR:zimbraMtaRestriction reject_rbl_client sbl-xbl.spamhaus.org%%
%%contains VAR:zimbraMtaRestriction reject_rbl_client relays.mail-abuse.org%%
reject


Plz note that some of these settings might be unneccessary as I have just been trying things out

Any help will be welcomed as I have been at it the whole day but havent been able to find any solutions!

Regards,
Sumit

[uxbod]

If you are running JavaMail from the ZCS server then the option permit_mynetworks in Postfix will allow it through and perform no other checks.

[curium]

Hi uxbod,

Thanks a lot for the super quick response!! Yes it finally worked.. Thanks a lot.

But just curious, within zimbra which config file is given precedence: '/postfix/conf/main.cf' or '/zimbra/conf/postfix_recipient_restrictions.cf'? Or am I asking the wrong question?? Basically want to ensure that I am not authenticating mails twice!!!

Regards,
Sumit

[curium]

Hi uxbod,

Just tested using a valid email account and even thats not able to send mails now!! What am I doing wrong? I just removed 'permit_mynetworks' from the above mentioned files.

The logs say that the recipient address is invalid and so , 554 <recipient@domain.com>: Relay access denied.

Regards,
Sumit