Zimbra

ivan78 · #1 (**permalink**) 03-05-2010, 01:05 AM

Hello,

When email is received with badly formed From/To headers:

Code:

From: an evil spammer@spam.com
To: me

it is rewritten the following way:

Code:

From: an@$mydomain, evil@$mydomain, spammer@spam.com
To: me@$mydomain

which is very confusing for the person receiving such email.

Zimbra default setting for postfix headers rewrite seems very reasonable and should not allow this:

Code:

local_header_rewrite_clients = permit_mynetworks,permit_sasl_authenticated

The problem is that this setting does not work!
When incoming email scanned with amavis it gets reinjected to postfix from 127.0.0.1 source address, which falls under permit_mynetworks criterium.

As a workaround I completely disabled From/To headers rewrite:

Code:

local_header_rewrite_clients =

Is there any more elegant way to resolve this issue?
Is it a bug?

PS: Zimbra version - ZCS 6.0.5 open source

Thank you,
Ivan.

uxbod · #2 (**permalink**) 03-05-2010, 02:21 AM

Welcome to the forums

How does that effect things ? as the SPAM email should be rejected before being injected back in by LMTP.

ivan78 · #3 (**permalink**) 03-05-2010, 03:16 AM

Thanks.

Are you sure all spam emails are rejected by spam filter? If that was true there would not be such problem in the world as SPAM. :-)
This issue bothers me because my users receiving spam messages as if they were sent from my email server.

Ivan.

uxbod · #4 (**permalink**) 03-05-2010, 03:27 AM

I understand where you are coming from but that would be no different than a spam coming through as

Code:

From: me@$mydomain
To: me@$mydomain

Are you blocking those as well ? You could add

Code:

smtpd_recipient_restrictions =  reject_non_fqdn_sender

ivan78 · #5 (**permalink**) 03-05-2010, 09:13 AM

Quote:

Originally Posted by uxbod

I understand where you are coming from but that would be no different than a spam coming through as

Code:

From: me@$mydomain
To: me@$mydomain

Are you blocking those as well ?

Let me explain my point again.
Yes, spamers can send emails from @$mydomain, but from my experience:
- they prefer not to do it because they aware of sender verification, such as SPF and DKIM
- if they do it, i know how to deal with that issue

I'm dealing with a case when spamer, not qualified enough to compose valid email template, sending me spam with malformed From: header. This is not a single case, this happens on daily basis.
That's why I'm asking for help. And my question is - how to make Zimbra not to rewrite malformed From: header to multiple addresses from my domain.

Quote:

Originally Posted by uxbod

You could add

Code:

smtpd_recipient_restrictions =  reject_non_fqdn_sender

This check is enabled, but it is related to envelope from, not From: header.

Thank you,
Ivan.

uxbod · #6 (**permalink**) 03-05-2010, 09:30 AM

Okay; I would file a RFE on this one. I believe the better approach would to be use something like

Code:

local_header_rewrite_clients = permit_sasl_authenticated, check_address_map hash:/opt/zimbra/conf/postfix_interfaces.cf

And in the .cf just have the primary IP address of the server and not the loopback. Great catch

ivan78 · #7 (**permalink**) 03-05-2010, 11:42 AM

Well, after some researching I found a proper way to fix my problem.
Amavis injects scanned email back to postfix via special smtpd instance, listening on localhost:100025, which has its own set of configuration parameters.

I've just added

Code: