how to protect email from @domain.com to @domain.com from internet

[stiawan]

I have installing zimbra server with Public Internet IP.
One big problem is, I found one email come from internet,
destination to local domain recv@domain.com with sender
email recv@domain.com.

How do I protect this things not happen again ?

[uxbod]

Welcome to the forums

They are just spoofing the header. If you can post the headers of that email we can see how to help you improve the SPAM checking.

[adeelarifbhatti]

Hi,
its simple!!

Enable the SMTP authentication on port 465, and protect the port 25 from receiving the mail from localdomain.com

Regards
Adeel

[phoenix]

Quote:

Originally Posted by adeelarifbhatti

Hi,
its simple!!

Enable the SMTP authentication on port 465, and protect the port 25 from receiving the mail from localdomain.com

I believe this is a question about stopping spam not blocking the inbound messages. BTW, the correct Submissions port is 587 not 465 (details in the forums on how to enable that).

[adeelarifbhatti]

on 25 port when mail will be coming from the localdomain.com, it will be rejected, or can be blocked as being consider as SPAM, now all the spammer who are pretending to be from localdomain.com will deliver mail on 25 and that will be rejected or will be send to spam.someting@localdomain.com.
When users will deliver email on port 465 SMTP (SSL port), it will ask users to authenticate before delivering email, and as this mail is coming on port 465 with authentication, so will get kicked in to recepient mailbox.


Issue resolved.
Regards
Adeel

[ewilen]

I believe he's saying that port 25 should be blocked only from receiving mail addressed from a local domain. How to do this, I don't know.

Speaking of port 465 vs. 587, does anyone know why Zimbra persists in using 465 as the default?

[phoenix]

Quote:

Originally Posted by ewilen

Speaking of port 465 vs. 587, does anyone know why Zimbra persists in using 465 as the default?

That's changed in version 6.

[adeelarifbhatti]

making 465 works by uncommenting or adding following lines in master.cf.in file

465 inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticate d,reject

As far as blocking mails from localdomain.com on port 25, you can add localdomain.com is to the blacklist of spamassassin, or you can use the postfix to reject mails coming on port 25 from localdomain.com. It can be done by using the access file.

Regards
Adeel

[stiawan]

Thank for all suggestions.

This is the examples telnet to mailserver directly from internet.
220 ***********************************
HELO mail.my-domain.com
250 mx1-zimbra.my-domain.com
MAIL FROM: zidane@my-domain.com
250 2.1.0 Ok
RCPT TO: toni.stiawan@my-domain.com
250 2.1.5 Ok
DATA
354 Please start mail input.
FROM: zidane@my-domain.com
TO: toni.stiawan@my-domain.com
SUBJECT: test direct telnet 0946AM GMT+7
abcdef
ignore please
.
250 Mail queued for delivery.


Return-Path: zidane@my-domain.com
Received: from blade01.my-domain.com (LHLO mx1-zimbra.my-domain.com)
(172.16.241.25) by mx1-zimbra.my-domain.com with LMTP; Mon, 10 Aug 2009
09:46:35 +0700 (GMT+07:00)
Received: from mail.my-domain.com (unknown [222.124.198.186])
by mx1-zimbra.my-domain.com (Postfix) with SMTP id 32E58382743
for <toni.stiawan@my-domain.com>; Mon, 10 Aug 2009 09:46:33 +0700 (WIT)
FROM: zidane@my-domain.com
TO: toni.stiawan@my-domain.com
SUBJECT: test direct telnet 0946AM GMT+7
Message-Id: <20090810024634.32E58382743@mx1-zimbra.my-domain.com>
Date: Mon, 10 Aug 2009 09:46:33 +0700 (WIT)

abcdef
ignore please
-----------------------

I donot know how to configure zimbra to protect spam/sender with the sampe domain.

I think SPF/Domainkey can be help to block email spam with the same domain, but i cannot find any manual to configure zimbra with SPF.

any suggest ?

[phoenix]

What you're seeing is known as backscatter or NDR spam, search the forums for the word 'backscatter' for some advice on reducing it.