Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 09-11-2009, 09:41 AM
Active Member
 
Posts: 49
Default Is there a way to block email sends from domains that aren't native to the host?

I'm trying to combat a spammer that seems to have the ability to send smap through my machine. I'd like to setup Zimbra so that the only emails it's allowed to send, are from our domain (domainx.org) instead of (domainy.com). I have authenication turned on, as well as TLS in the MTA settings for my domain.

I'm seeing a large increase in small emails going out, where their "From" emails are not from our domain. Is there a way to increase the amount of info being logged to show the username being provided to the SMTP server in zimbra.log?

Thank you for taking the time to read this, and thank you for any responses...

Rob

Last edited by omegainstitute; 09-11-2009 at 09:42 AM.. Reason: Added info
Reply With Quote
  #2 (permalink)  
Old 09-11-2009, 10:11 AM
Trained Alumni
 
Posts: 74
Default

Hi, I believe zimbra by default only trusts hosts on your own subnet and anything else can't relay through it unless they are authenticated. There are many websites to test for open relay, Network Tools: DNS,IP,Email is one I believe. Could it be an infected machine on your network perhaps?
Reply With Quote
  #3 (permalink)  
Old 09-11-2009, 10:19 AM
Active Member
 
Posts: 49
Default

I haven't ruled that out. Very well could be an internal machine sending the spam. If I am able to determin the IP of the internal machine I'd go over and throw the machine out the window in a heartbeat..

I found some spamassasin and postifx changes that I could make to block the machine sending emails from an address that doesn't reside on the machine (SMTP authentication for zimbra postfix).

Now comes the tracking down part. Is there a way to increase the amount of info logged?
Reply With Quote
  #4 (permalink)  
Old 09-11-2009, 10:44 AM
Trained Alumni
 
Posts: 74
Default

I don't believe so, If you have the sending address you could search /var/log/zimbra.log for it and it should list the IP somewhere in there. cat /var/log/zimbra.log | grep sendingaddress@domain.com.
Reply With Quote
  #5 (permalink)  
Old 09-11-2009, 01:36 PM
Moderator
 
Posts: 1,147
Default

Under the default configuration the Zimbra server will accept SMTP connections sending mail to a domain on the server from any computer on the same network, but will deny sending to any domain not on the server. For example:
Zimbra Server: 10.0.0.2/24 domain company.com
Client machine 1: 10.0.0.3/24
Client 1 makes a SMTP connection to the Zimbra server trying to send an email to admin@company.com from user@company.com. The Zimbra server will accept this and queue the message.
However anything not addressed to a domain on the Zimbra server will give a "554 5.7.1 <asdf@gmail.com>: Relay access denied" message.

What is likely going on is you have a machine on your network that is infected and just connecting directly to the external email servers. The way to solve this problem is to block all SMTP outbound traffic from any machine that is not your email server.

Where are you seeing these messages going out? Are you finding them in the Zimbra logs, or from bounce back messages you are getting?
Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


Similar Threads

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com




 

SEO by vBSEO ©2011, Crawlability, Inc.