Page 1 of 3 123 LastLast
Results 1 to 10 of 30

Thread: open relay??

  1. #1
    rmvg is offline Advanced Member
    Join Date
    Sep 2005
    Location
    Calgary
    Posts
    208
    Rep Power
    9

    Default open relay??

    Not to alarm anyone but is zimbra functioning as an open relay??

    I have checked authentication enabled and TLS authentication only everywhere i can see inside zimbra admin.

    However in outlook express i can send mail without setting any username or password for outbound smtp server and also did NOT have to check the this server requires authentication not to mention not enabling the ssl only settings for port 25

    am I overlooking something or is zimbra really functioning as an open relay?
    Last edited by rmvg; 09-12-2005 at 07:32 PM.

  2. #2
    schemers is offline Zimbra Employee
    Join Date
    Aug 2005
    Posts
    228
    Rep Power
    9

    Default

    Hi. I believe postfix will trust hosts on the same network/subnet as itself. auth is only required if the requesting IP is outside of that network.

    See /opt/zimbra/postfix/conf/main.cf, and look for "trust", as it describes the behavior that you are seeing.

    roland

  3. #3
    sgatto is offline New Member
    Join Date
    Aug 2009
    Posts
    4
    Rep Power
    6

    Post

    Quote Originally Posted by schemers View Post
    Hi. I believe postfix will trust hosts on the same network/subnet as itself. auth is only required if the requesting IP is outside of that network.

    See /opt/zimbra/postfix/conf/main.cf, and look for "trust", as it describes the behavior that you are seeing.

    roland
    I've just installed Zimbra CS on a vm for testing purpose. ZCS is on a private lan, natted to Internet with port 25 forwarded from the firewall to zimbra private ip.

    I've tested smtp authentication with Email Server Test - Online SMTP diagnostics tool. Seems like zimbra accepts rcpt to without asking for authentication.

    What's wrong with this ? Is a nat problem ? Or is that service not reliable ?

    Thanks for your help.

    Leonardo

  4. #4
    jrefl5 is offline Advanced Member
    Join Date
    Nov 2007
    Location
    AZ, USA
    Posts
    205
    Rep Power
    7

    Default

    Check the values for MTA trusted network.

    I goofed and included the DMZ address of my firewall and it acted as a relay for about a day till I stumbled on that.

  5. #5
    sgatto is offline New Member
    Join Date
    Aug 2009
    Posts
    4
    Rep Power
    6

    Default

    Quote Originally Posted by jrefl5 View Post
    Check the values for MTA trusted network.

    I goofed and included the DMZ address of my firewall and it acted as a relay for about a day till I stumbled on that.
    thanks for your reply, I'll check for this.

    In my understanding, when a packet passes through the firewall with a port forward, the packet retains its src address. Am I wrong ? This "open relay" problem is causing me some headaches...

    Is it possibile to completely disable open relaying, leaving this feature only for localhost (webmail) ?

    Thanks !

    Leonardo
    Last edited by sgatto; 08-14-2009 at 03:16 PM.

  6. #6
    bdial's Avatar
    bdial is offline Moderator
    Join Date
    Jul 2007
    Location
    Baltimore
    Posts
    1,649
    Rep Power
    11

    Default

    just to verify, you're not trying to send to soemone on your zimbra server right? that will always work

    If your server is setup to accept mail for woopty.com, and I set your server up as my smtp server, i'll always be able to send e-mail to someone@woopty.com. This is because really i'm not doing anything more than another mail server would be doing.

    However, if I"m using your server as my smtp, i should not be able to send email to any other domain, thats where it should error with relay denied.

  7. #7
    sgatto is offline New Member
    Join Date
    Aug 2009
    Posts
    4
    Rep Power
    6

    Default

    Quote Originally Posted by bdial View Post
    just to verify, you're not trying to send to soemone on your zimbra server right?
    At the moment, I'm able to send email *from* zimbra (webmail) to another external account (gmail). But I'm not able to *receive* email because of a DNS misconfiguration (zimbra is on a private LAN, it receives email from other MTA but delivery fails with "host nof found" error. But this is another story ;-) ).

    This "open relay" problem raised when I used the service i linked in my first post: that service of course did not use my domain email. Please try that service yourself and tell me if you think is wrong or bad implemented.

    Thanks for your replies guys, I appreciate it.

    Leonardo.

  8. #8
    Bill Brock is offline Outstanding Member
    Join Date
    May 2007
    Location
    Oklahoma
    Posts
    703
    Rep Power
    9

    Default Only from trusted networks.

    I must logon to send mail unless I am in the trusted network setup in my Zimbra GUI. If I try to send without logging on from Outlook I get an error that the recipient could not be reached and there was no transport provider.

    Zimbra is definitely not an open relay server if it is configured properly.

  9. #9
    Bill Brock is offline Outstanding Member
    Join Date
    May 2007
    Location
    Oklahoma
    Posts
    703
    Rep Power
    9

    Default No problem here

    Quote Originally Posted by sgatto View Post
    At the moment, I'm able to send email *from* zimbra (webmail) to another external account (gmail). But I'm not able to *receive* email because of a DNS misconfiguration (zimbra is on a private LAN, it receives email from other MTA but delivery fails with "host nof found" error. But this is another story ;-) ).

    This "open relay" problem raised when I used the service i linked in my first post: that service of course did not use my domain email. Please try that service yourself and tell me if you think is wrong or bad implemented.

    Thanks for your replies guys, I appreciate it.

    Leonardo.
    It tells me that relaying was denied! If you are relaying your configuration is not setup to prevent. A properly configured Zimbra server will not relay.

  10. #10
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,581
    Rep Power
    57

    Default

    Quote Originally Posted by sgatto View Post
    I've tested smtp authentication with Email Server Test - Online SMTP diagnostics tool. Seems like zimbra accepts rcpt to without asking for authentication.
    Of course it accepts the connection without authentication, that's what mail servers do on port 25 - they accept connections from other mail servers and do not need authentication for that.

    Quote Originally Posted by sgatto View Post
    What's wrong with this ? Is a nat problem ? Or is that service not reliable ?
    Nothing is wrong with that, the output from that test should also show the 'Relay access is denied'. Zimbra is not, by default, an open relay unless you've made it one.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

Page 1 of 3 123 LastLast

LinkBacks (?)

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 15
    Last Post: 05-14-2012, 09:32 AM
  2. Error message in Server status
    By Max Ma in forum Installation
    Replies: 20
    Last Post: 04-19-2007, 08:55 AM
  3. Understanding the Daily Mail Report - Open Relay?
    By gihrig in forum Administrators
    Replies: 4
    Last Post: 10-16-2006, 08:53 AM
  4. Zimbra acts as open relay by default?
    By lilwong in forum Administrators
    Replies: 2
    Last Post: 06-21-2006, 09:09 PM
  5. The mailbox and mta dies in FC4 GA version
    By meikka in forum Installation
    Replies: 72
    Last Post: 03-16-2006, 05:30 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •