Strange Behavior

**atevewr** · 12-10-2009, 06:51 AM

Let me explain my scenario.

Zimbra Test Set up.
Release 5.0.18_GA_3011.SuSEES10_20090707174207 SuSEES10 FOSS edition

2 days back i installed this new zimbra for testing purposes.
Everything is installed as default.
My Trusted Networks for the domain are
mynetworks = 127.0.0.0/8 A.B.C.0/24

For e.g. A.B.C is my subnet for zimbra server like 192.168.1.1
so everything in 192.168.1.0-254 is accepted by default.

Now the problem is
1. I can send mails using outlook or telnet without any authentication even when those subnets are out of my trusted subnets.

For e.g. if 192.168.1.0/24 is trusted, i can send mail from 192.168.2.[0-254] or something like that.

I understand that, either there should be authentication [which isin't happening] or it should be in my trusted networks [which too isin't there]

Can you please tell me, how am i able to send mails from other untrusted subnets.
[Web UI is supposed to work from everywhere, which is fine, I am concerned about my POP/telnet conversations.]
Am i missing something here
Thanks in advance.

**ArcaneMagus** · 12-11-2009, 03:08 PM

Well that depends on what you mean by "send mails".

Are you saying that you can relay messages through the Zimbra server to other servers? For example a client on 192.168.2.x sending a message to user1@gmail.com to the Zimbra server and then having the Zimbra server forward that on? This is the expected behavior for machines in the trusted network. (Which is why putting the entire subnet of your network into the MTA trusted network is generally a very bad idea).

However if you are saying that a machine can send a message to user1@yourZimbraDomain.com then that is the expected behavior... if it didn't work like that your Zimbra server would never be able to receive messages.

**atevewr** · 12-11-2009, 06:03 PM

1. Mail to user1@gmail.com from 192.168.2.x - Yes
But i haven't added the network in my Trusted Networks. Still i am able to send mails.

2.If i can send mail to user1@mydomain.com - Yes
I agree thats the way, any mail server is expected to work, but shouldn't it Ask for SMTP AUTH ?

**ArcaneMagus** · 12-14-2009, 11:56 AM

How are the 192.168.1.0/24 and 192.168.2.0/24 networks linked? Do they have a router between them?

Also I'm sure you have probably checked this, but Global Settings -> MTA tab -> Enable Authentication is checked right?

**atevewr** · 12-14-2009, 08:02 PM

Yes, I have setup my Trusted networks properly. The problem is, i have just set up my localhost & the other network in my trusted networks. But the problems is even other subnets are able to send mail without authentication.

For e.g.
if i have added 192.168.1.0/24, then i am able to send mail from all other subnets like 192.168.2.0/24 or 192.168.3.9/24.
Yes, The authentication is working on SMTP.
Isin't there a way to force it ?
I mean only the SMTP Auth login is allowed, not the mail relaying without asking for any passwords?

**ArcaneMagus** · 12-14-2009, 10:43 PM

I moved the only post with new(ish) info to this thread and deleted your posts in this thread: force smtp auth zimbra

Posting your issue with duplicate (and partially conflicting) information helps nobody.

You still haven't answered my question as to how the other subnets get their traffic to the server. Is their souce IP in the logs on the server showing as their original IP address, or do you have a router in between these networks that is in the MTA trusted network... and showing as the source address?

**atevewr** · 12-15-2009, 12:19 AM

Yes, there is a L3 switch in between, which interconnects all subnets. In the source IP, Yes, i get the original IP of the machine and not any of the trusted network.
My basic question still remains, i am saying its authenticating, if i start the EHLO session and then auth login, but if i simply start a HELO session, it doesn't ask for any authentication and lets me to send mail
Thank you

**atevewr** · 12-15-2009, 01:32 AM

Enable Authentication checkbox is checked on both places
1. Global Settings
2. Server Settings

but zmprov gs mailx.watever.com | grep zimbraMtaTls
zimbraMtaTlsAuthOnly: FALSE

**atevewr** · 12-15-2009, 12:14 PM

I hope this can put my problem in better perspective
This is what my postfix/conf/main.cf reads for client restriction

smtpd_client_restrictions = reject_unauth_pipelining

In postfix, i can specify something like
# Allow connections from trusted networks only.
smtpd_client_restrictions = permit_mynetworks, reject

I do not know where does Zimbra puts client restrictions, I have been told, that Zimbra accepts whatsoever is in the mynetworks(UI or the modifyServer), but where does it explicitly allows permission for mynetworks.

PS: This is client restrictions, not recipient restrictions

Zimbra

Thread: Strange Behavior

LinkBack

Thread Tools

Search Thread

Display

Strange Behavior

Thread Information

Users Browsing this Thread

Similar Threads

[SOLVED] HTTP/HTTPS strange behavior on different systems and browsers

Strange behavior on search

Strange Zimlet behavior

Network edition - strange behavior

Posting Permissions