Possible to verify outbound smtp 'from' address?

[gazumping]

Hello,
In dealing with spambots we are trying to lock down our outbound smtp email transmissions to a given set of domains. E.g. if someone is using the smtp server to send emails, we want to check the 'from' line and verify that the address exists in zimbra or at least the domain is one of ours.
Is it possible to accomplish this in zimbra or the tools that comprise it?

Thanks,
--Christian

version: Zimbra Community Server 6.0.4

[LMStone]

Not sure why you would need to do this?

Zimbra's Postfix is not an open relay. You can only send if you auth with credentials or have an IP listed in MTA Trusted Networks.

Have you added IPs to MTA Trusted Networks? Any compromised accounts on the system? I'd deal with those first...

Hope that helps,
Mark

[gazumping]

I think we do have compromised accounts, people love to respond to falsified password requests.
I posted another thread asking for help in tracing down these compromised accounts. I do have trusted MTA IP blocks and user authenticated smtp.

Thanks for the quick reply,
--Christian

[LMStone]

If you look at the Daily Mail Report you can see which of your mailbox accounts are sending out the most email; the ones that are sending way too much are likely compromised, yes?

You can then change the password on those accounts and call (by phone!) the "real" end-users to give them their new password.

I would really, really resist adding IPs to Trusted MTA. The only time we do this is for managed services clients of who have old emailing scanners that don't do auth. We require the client to devote a fixed public IP to the scanner, and we set up their firewall for them.

Once you get a compromised machine on your Trusted MTA list the chance of getting on RBLs increases significantly!

Hope that helps,
Mark