Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators
Reload this Page My mail users can replace sender's email address.

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 10-07-2009, 05:22 AM
Junior Member
  
Posts: 8
Default My mail users can replace sender's email address.
Hello!

I have the problem with replace sender's email address. My email users can replace sender's email address (FROM on mail's header.

This problem gives possibility for send spam or bad messages from some of my other email users.

Exemple:
$telnet mail.exemple.com 25
Trying 172.0.0.1...
Connected to mail.exemple.com.
Escape character is '^]'.
220 mail.exemple.com ESMTP Postfix
HELO my.exemple.com
250 mail.exemple.com
MAIL FROM some_of_the_users@mail.exemple.com
250 2.1.0 Ok
RCPT TO:the_target_user@mail.exemple.com
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
The bad message! :P.
.
250 2.0.0 Ok: queued as 65040230001
quit
221 2.0.0 Bye
Connection closed by foreign host.

How can we create security?
Reply With Quote
  #2 (permalink)  
Old 10-07-2009, 06:44 AM
Active Member
  
Posts: 31
Default
can you post your SMTP_XXX_restriction?
Reply With Quote
  #3 (permalink)  
Old 10-07-2009, 06:59 AM
Junior Member
  
Posts: 8
Default
Is these?

root@myserver conf]# cat main.cf | grep -e "smtpd_.*_restrictions"
smtpd_client_restrictions = reject_unauth_pipelining
smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unlisted_recipient, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_unknown_client, reject_unknown_hostname, reject_unknown_sender_domain, permit
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_sender_restrictions = check_sender_access hash:/opt/zimbra/conf/restricted_senders
Reply With Quote
  #4 (permalink)  
Old 10-07-2009, 07:13 AM
Active Member
  
Posts: 31
Default
i think you must try add smtpd_client_restriction and verify that users must autheticate with SASL before SMTPD_sender_restriction like this:

smtpd_client_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject


I think with those lines you can fix it
Reply With Quote
  #5 (permalink)  
Old 10-08-2009, 12:11 AM
Junior Member
  
Posts: 8
Default
Where can I add or enable these parameters? I added these parameters in the main.cf. But after I restated my Zimbra server, these parameters were missing.
Reply With Quote
  #6 (permalink)  
Old 10-08-2009, 05:42 AM
Active Member
  
Posts: 31
Default
Try it on /opt/zimbra/conf/zmmta.conf in mail server configuration.
Reply With Quote
  #7 (permalink)  
Old 10-08-2009, 06:26 AM
Junior Member
  
Posts: 8
Default
We enabled client's auth through TLS and SSL. But authenticated users can replace sender's email address (FROM).

This method can block the viruses on the client's PС. This is quite well.

How can we limit the replace sender's email address for our authenticated users?
Reply With Quote
  #8 (permalink)  
Old 11-24-2009, 12:28 AM
Junior Member
  
Posts: 8
Default
I think you could set some restrictions in the Admin UI -> the user account -> preferences -> sending mail
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.