| Welcome to the Zimbra :: Forums! | |
Welcome, if you would like to post a comment please register.
We also encourage you to explore all things Zimbra with our team and members of the community.
|
 | 
11-23-2009, 06:48 AM
| | |  How to disable remote relaying?
Hello all,
sorry, if my question sounds simple. We have zimbra on a server, which is available on public IP (not hard-firewalled, although possible to make). In the past few weeks we were blacklisted several times, but still are unable to find out "why". At this moment I just want to be sure, that we do not allow using our server as "outgoing mail server" (relay) even for our authenticated users. They may be allowed to send email from webmail, but not remotely. Is it possible or is it strongly not suggested? Can it break outlook-plugin functionality?
Regards,
Anton.
P.S.: is it possible to trace source of spam using entries in mysql database "zimbra_logger"? Please advice.. |
11-23-2009, 06:50 AM
| | Outstanding Member | |
Posts: 594
| |
Trace of spam you can find in your /var/log/zimbra.log file |
11-23-2009, 07:59 AM
| | |
Trace is a good idea, but looks like it happend quite long time ago and zimbra.log is just for few last days. And if tracing - trace for what? How do find out which outgoing emails caused server to become blacklisted?
One side question - where is mail queue dir? In zimbra admin I can see that we have few emails in the queue and I would love to see at its source..
Anton. |
11-23-2009, 08:25 AM
| | Zimbra Consultant & Moderator | |
Posts: 20,312
| |
Quote:
Originally Posted by anton.aleksandrov  sorry, if my question sounds simple. We have zimbra on a server, which is available on public IP (not hard-firewalled, although possible to make). In the past few weeks we were blacklisted several times, but still are unable to find out "why". At this moment I just want to be sure, that we do not allow using our server as "outgoing mail server" (relay) even for our authenticated users. They may be allowed to send email from webmail, but not remotely. Is it possible or is it strongly not suggested? Can it break outlook-plugin functionality? | Why do you want your authenticated users to not relay mail (that's how mail is delivered), if you're trying to restrict them to specific domains then search the wiki for the word 'restrict'. Zimbra, by default, is not an open realy and if you're concerned about that then use some of the 'open relay' tests available on the web (do a google or yahoo search for them).
__________________
Regards
Bill
|
11-23-2009, 08:52 AM
| | |
Well, I have already got understanding, that outlook users wont be able to send anything, so idea of blocking authenticated relay is out of question now. I will later try to figure out what I can get from logger database - may be I will be able to get users, who sent high number of emails on a specific date, since they all should be authenticated, right?  |
11-23-2009, 08:56 AM
| | Zimbra Consultant & Moderator | |
Posts: 20,312
| |
You could use policyd to limit sender based throttling or there's a few more 'tricks' you could use: maximum of adressees for a mail
__________________
Regards
Bill
|
11-23-2009, 02:49 PM
| | |
Can I benefit from zimbra_logger database in any way?
I know the date when there was extream number of emails. I grouped records in table "mta" by field "sender" and looked through some of them. Most have status like this: Quote: |
(250 2.7.0 Ok, discarded, id=10282-17 - SPAM)
| In this case - was bounce back email sent or was email silently discarded or connection was closed before email reached us? Is there any setting that could make such incoming emails be returned back?
Table "raw_logs" has grew to 128G, that's why I could not check it..
Anton. |
11-23-2009, 09:31 PM
| | Outstanding Member | |
Posts: 594
| |
> In this case - was bounce back email sent or was email silently discarded or connection was closed before email reached us?
Bounce back always relate to mails accepted by the system and discarded later after scanning vis amavis. Rather in case where mails were dropped in smtp negotiation should as per my understanding not show up in the database. Those would be best analysed from zimbra.log only.
On a separate note if you want to have better analysis of zimbra.log, you can use Postfix Monitoring With Mailgraph And pflogsumm | HowtoForge - Linux Howtos and Tutorials. I use the same and it gives detailed report both graphically as well as in text. |
11-23-2009, 11:36 PM
| | |
Thank you, Veronica! So if email appears in database - it was accepted and then bounce email sent back. I think , that is why we may be blacklisted. Is there any way to tweak this behaviour? e.g. send only one bounce back per sender, not send bounce back in case of unaccepted spam?
Is amavis resposable for spam scanning as well? It would be good not to accept and bounce-back after scanning such emails.. I was analyzing database of the day when we have this peak in received emails and can say - suddenly a lot of different senders were sending to us emails, they were scanned and looks like bounced back..
P.S.: am I asking too many questions? | | Thread Tools | Search this Thread | | | | | Display Modes |  Linear Mode | | Why Join? Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.   |
Bugzilla
Wiki
Source
