[SOLVED] SNMP authorization for outgoing mail or SASL problem?

[sh444man]

I got some huge problem. My Zimbra server does'nt requests authorization. I can send mail with authorization and WITHOUT IT (i don't want that). I can simply telnet from anywhere (also not from mynetworks) and send email like this:

Code:

220 myserver.com ESMTP Postfix
ehlo someserver.com
250-myserver.com
250-PIPELINING
250-SIZE 120000000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM: <existinguser@myserver.com>
250 2.1.0 Ok
RCPT TO: <existinguser@myserver.com>
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
Suject: Test
Test
.
250 2.0.0 Ok: queued as C1DEDCBE88
quit
221 2.0.0 Bye

Zimbra configuration:

Code:

~$ zmprov gs myserver.com | grep Auth
zimbraMtaAuthEnabled: TRUE
zimbraMtaAuthHost: myserver.com
zimbraMtaAuthTarget: TRUE
zimbraMtaAuthURL: https://myserver.com:443/service/soap/
zimbraMtaSaslAuthEnable: TRUE
zimbraMtaTlsAuthOnly: FALSE

Postfix postconf | grep sasl

Code:

smtp_sasl_auth_cache_name =
smtp_sasl_auth_cache_time = 90d
smtp_sasl_auth_enable = no
smtp_sasl_auth_soft_bounce = yes
smtp_sasl_mechanism_filter =
smtp_sasl_password_maps =
smtp_sasl_path =
smtp_sasl_security_options = noplaintext, noanonymous
smtp_sasl_tls_security_options = $smtp_sasl_security_options
smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_options
smtp_sasl_type = cyrus
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_exceptions_networks =
smtpd_sasl_local_domain =
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_type = cyrus

Some Logs :

Code:

Apr 29 10:12:56 zimbra saslauthd[26582]: auth_zimbra: user@myserver.com auth OK
Apr 29 10:12:56 zimbra postfix/smtpd[5633]: 8F1E01365B3: client=x.x.x.x, sasl_method=LOGIN, sasl_username=user@myserver.com
Apr 29 10:12:56 zimbra saslauthd[26581]: zmauth: authenticating against elected url 'https://myserver.com:7071/service/admin/soap/' ...
Apr 29 10:12:56 zimbra saslauthd[26581]: zmpost: url='https://myserver.com:7071/service/admin/soap/' returned buffer->data='<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"><soap:Header><context xmlns="urn:zimbra"><change token="1812"/></context></soap:Header><soap:Body><AuthResponse xmlns="urn:zimbraAccount"><authToken>sometoken</authToken><lifetime>172800000</lifetime><skin>beach</skin></AuthResponse></soap:Body></soap:Envelope>', hti->error=''

Please HELP!

[phoenix]

Quote:

Originally Posted by sh444man

I got some huge problem. My Zimbra server does'nt requests authorization. I can send mail with authorization and WITHOUT IT (i don't want that).

That's perfectly normal for an authenticated user and one sending mail to your server.

Quote:

Originally Posted by sh444man

I can simply telnet from anywhere (also not from mynetworks) and send email like this:

That's also normal if you're sending email to your server. You probably can't send email to another domain otherwise you'd be an open relay, have you tested this via one of the internet relay testing sites?

BTW, this was also in the wrong forum, as it's not an Installation problem I'll move it to the correct place.

[sh444man]

Thank you very much for your response. I am too affraid of spoofing between users on my mailserver. Also there is a spam issue - about 99% of passing spam comes through becouse of that. I found today my solution written in post ZIMBRA SMTP AUTH problem . Sorry for duplicate this problem. For now it works superb as i wanted. Do you see any reasons for not doing this by default?