Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: [SOLVED] Zimbra Behind Firewall Acting as an OPEN RELAY

  1. #1
    Nascimento's Avatar
    Nascimento is offline Intermediate Member
    Join Date
    Jan 2010
    Posts
    21
    Rep Power
    5

    Default [SOLVED] Zimbra Behind Firewall Acting as an OPEN RELAY

    Hya!
    I'm getting a strage behavior from zimbra when I look into this network structure of my client; Zimbra is behind a NAT, everything is forwarded as expected and work just fine - but strangely; Zimbra is starting to act as an Open Relay (?).

    Everything that came to Zimbra, came from firewall with internal ip; Example:

    200.68.123.1 <---external [] firewall internal IP. ----> 192.168.0.1 ---> 192.168.0.2 [Zimbra server]

    As it is FORWARDING, I dunno if has to be with the "trusted networking" configured wrong or if it is the DMZ (that they DO NOT have - everything is on the LAN network in the example: 192.168.0.0/24 - including NAT-FORWARD SERVERS.

    Anybody has any tip about making my client Zimbra stop acting as a open relay?

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,485
    Rep Power
    56

    Default

    Have you actually tested it to see if it's an open relay? Why do you think it's an open relay? You'll need to post some evidence to substantiate what you're saying (such as headers form some email)? What's happening to this email (is it in the queues or is it being sent out)? Have you checked to see if any of the accounts have been compromised? Have you searched the forums for some further information, this subject has been covered recently.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Nascimento's Avatar
    Nascimento is offline Intermediate Member
    Join Date
    Jan 2010
    Posts
    21
    Rep Power
    5

    Default Yeap, i'ved done that...

    I've checked if it is really an open relay - and i'm already listed on najsbl.org because of that wrong behavior.

    I was not the one that build Zimbra on that client, but I'm the one that must solve that problem - lol


    -- RELAY TEST --
    Mail relay testing
    Connecting to ***.***.***.*** for relay test...
    <<< 220 smtp.mydomain.com.br ESMTP Postfix
    >>> HELO antispam-ufrj.pads.ufrj.br
    <<< 250 smtp.mydomain.com.br
    Relay test 1
    >>> RSET
    <<< 250 2.0.0 Ok
    >>> MAIL FROM:<spamtest@antispam-ufrj.pads.ufrj.br>
    <<< 250 2.1.0 Ok
    >>> RCPT TO:<relaytest@antispam-ufrj.pads.ufrj.br>
    <<< 250 2.1.5 Ok

    >>> QUIT
    <<< 221 2.0.0 Bye
    Relay test result
    Ops!!! Host appeared to accept a message relay!

    -- EOF --


    I know that Zimbra doesn't behave it self as and open relay - All I'm saying is that something must be making Zimbra to act as one. Maybe a miss configuration - or as I'm in doubt: Every e-mail that came from World Wide Web is hitting my MTA with internal IP from firewall. I think it was supposed to sustain the valid IP, as it is been forwarded - right?

    Sooo - if everything came from firewall hitting my MTA in 25 smtp port - it is on my trusted network, right?

    How to solve that without changing my client's entire hack putting a freaking DMZ (Where it had to be at the first place - i know.. don't shoot me. )

    I'm already listed in some blacklist's as an open relay.

    ----------------------------
    Note:. The other freak sys admin have installed Gentoo Linux, than putt Zimbra into a chroot dir with Debian 4.
    Plz - Don't ask me why.
    -----------------------------


    i'm just trying to fix that to WORK, just in time to my new blade server came in and them EVERYTHING it will be normally (re)installed as it's recommended by all nice people at ZIMBRA's. lol again.

    - I look to the network design again, and I've stopped a moment just to cry alone in the bathroom.. ow my... -

  4. #4
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Code:
    su - zimbra
    zmprov gs `zmhostname` zimbraMtaMyNetworks
    and check what it has been set too. I am guessing that it is wide open hence allowing others to relay through it.

  5. #5
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,485
    Rep Power
    56

    Default

    If the firewall external IP is in the Trusted Networks then that's most likely your problem. Look at the ZimbraMtaMyNetworks settings and ensure that you only have the loopback IP (that must stay) and the LAN subnet (that shouldn't cause you any problem) are in there, if there's anything else then remove it - tell us what's in there.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  6. #6
    Nascimento's Avatar
    Nascimento is offline Intermediate Member
    Join Date
    Jan 2010
    Posts
    21
    Rep Power
    5

    Thumbs up That was it, Bill!

    Thnkx for the support!

    They have set my external ip into the mynetwork's setup.

    Well - very nice for you guys to answer it very fast and SOOO sorry about my really bad-english. I've learned that by myself... lol a lot.



    See yah!

  7. #7
    Nascimento's Avatar
    Nascimento is offline Intermediate Member
    Join Date
    Jan 2010
    Posts
    21
    Rep Power
    5

    Default

    Ooooops!

    Sorry to bother again with that topic - but my MTA is still accepting any HELO command and queueing any mail.

    Example:.
    smtp.mydomain.com.br = my client smtp
    damm.spammer.net = that ****les -.-

    #] telnet smtp.mydomain.com.br 25

    220 smtp.mydomain.com.br ESMTP Postfix
    helo damm.spammer.net
    250 smtp.mydomain.com
    mail from: virus@damm.spammer.net
    250 2.1.0 OK
    rcpt to: crynow@hotmail.com
    250 2.1.0 OK
    Data
    354 End data with <CR><LF>.<CR><LF>
    Smile, you have been spammed!
    try finding the ANY KEY now to stop it!
    .
    250 2.0.0 Ok: queued as 0D0426E4D4




    Curse you, Old-Sys-Admin! .
    ..
    Could u guys help me out? maybe is something else TOO - besides the valid ip address into the trusted networks. -.-'

    ------------------
    Thnkx!
    Daniel Nascimento


    Ps: Yeap - I'm really thinking about rebuild a brand new Zimbra MTA. =\

  8. #8
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Did they restart ZCS once the change was made ?
    Code:
    su - zimbra
    zmmtactl stop ; zmmtactl start

  9. #9
    Nascimento's Avatar
    Nascimento is offline Intermediate Member
    Join Date
    Jan 2010
    Posts
    21
    Rep Power
    5

    Default

    I've used the binary located in /etc/init.d/ called zimbra.

    #] /etc/init.d/zimbra restart

    I will try that one... thnkx!


    Latter!!!

  10. #10
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    That should be okay then as that completely restarts Zimbra. Please post the following so we can help further
    Code:
    su - zimbra
    zmprov gs `zmhostname` zimbraMtaMyNetworks

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 8
    Last Post: 01-20-2009, 01:06 PM
  2. Upgrade to ZCS 5.10
    By blozancic in forum Installation
    Replies: 0
    Last Post: 10-21-2008, 08:03 AM
  3. zimbra install with perpetually broken logger/stats
    By jptech in forum Installation
    Replies: 8
    Last Post: 09-29-2008, 02:33 PM
  4. Big Fubar on 5 FOSS GA Upgrade
    By uxbod in forum Administrators
    Replies: 24
    Last Post: 01-21-2008, 03:37 AM
  5. Mail logs
    By Rick Baker in forum Installation
    Replies: 8
    Last Post: 01-17-2006, 04:33 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •