open relay??

[Bill Brock]

Quote:

Originally Posted by sgatto

. Seems like zimbra accepts rcpt to without asking for authentication.
Leonardo

As Phoenix said, this is what mail servers do. The issue then becomes where is the e-mail to be delivered. It will only deliver locally from a unauthenticated connection. That is how someone else send mail to one of your users. It will not, if configured properly, send mail to someone external, or in other words, relay.

[sgatto]

Quote:

Originally Posted by phoenix

Of course it accepts the connection without authentication, that's what mail servers do on port 25 - they accept connections from other mail servers and do not need authentication for that.

Nothing is wrong with that, the output from that test should also show the 'Relay access is denied'. Zimbra is not, by default, an open relay unless you've made it one.

Sorry, I'm relatively new to email trasport systems. Please take this post as an help-request not something against zimbra (which I'm evaluating for my company).

I made a handmade test. From a remote host I telnet my zimbra on 25 and after this sequence:

helo ....
mail from...
rcpt to...
data
.

zimbra accepted my email. From the admin console I can see this email (I paused it) and here is the screenshot (it's in italian). Obviously my domain is not super.com or poor.com but it is ciavatta.hopto.org (a no-ip.com test domain, created for this zimbra evaluation).

Now, I'm running ubuntu (ubuntu-8.04.3-server-i386.iso) and zimbra CS (zcs-5.0.18_GA_3011.UBUNTU8.20090708092550.tgz). I don't think I have changed something in zimbra configuration. But, as I'm human and not perfect, maybe this is my mistake. Can you guys please help me locating my conf mistake ? I'll post here all of my configuration files, just say what.

Thanks in advance,
Leonardo.

[Dirk]

I think postfix is configured to trust the local network, so it wont matter what domain you say you are if you have physical access.

[phoenix]

Quote:

Originally Posted by sgatto

Sorry, I'm relatively new to email trasport systems. Please take this post as an help-request not something against zimbra (which I'm evaluating for my company).

I didn't think it was anything against Zimbra.

When you did the open relay test did it say that relaying was denied or not? When you did your test above, what errors for that message did you see in the log files ? When you did your 'handmade' test did you send an email to an external domain, was the test done from an IP address on your LAN? Without details of your domain name and server IP it's impossible for us to verify what your saying (or trying to do) is correct.

As mentioned earlier, by default Zimbra will not act as an open relay. By default, for any user on the LAN IP (Trusted Networks) Zimbra will relay mail to anywhere (that's normal). Without details it's impossible to tell if you have a problem or if you are misunderstanding what's happening.

Go to this page: Open Relay Test enter the IP address of your mail server and look at the results. They should almost all say £Relay access denied" and the others should tell you what restrictions there are on your server. Let us know what happens with that test.