preventing spam to be relayed

[ruyterb]

I am posting this under "installation" since I could not find a more focused topic like "security"...

The Zimbra server is by default an open relay for trusted networks.

In my setup there is a webserver in the trusted network that is using Zimbra as a relay server. For that the webserver uses mostly the PHP mail() function. It is difficult to ensure that the scripts will *never* be abused so I want to focus on securing the mail server as much as possible.

The question: is it possible to spam filter the messages that are being offered for relay? If any script would get hacked on the webserver the email server would block the spam from being sent out.

[phoenix]

You simple need to have the loopback IP and the single IP of the ZImbra server in you mynetworks setting to overcome this problem, there are several threads in the forums that describe this.

I've also moved this to a more appropriate forum as it's not an Installation problem.

[ruyterb]

sorry for using the wrong form
to which one did you move it?

Removing the webserver from the trusted networks does not solve my issue (and by the way: I did search the forum and found that people had new problems when doing that like error message in the admin panel).

Moving the web server outside of the trusted network would require this server to authenticate before sending but this authentication is not done at the script level but at postfix level at the webserver. So any hacked script would still be possible to send authenticated email.

Or is there a second effect of moving the webserver out of the trusted network in that the messages offered for relaying would be filtered for spam? If so, that would indeed solve the problem...