Force smtp authentication!

[lmthong]

Hi there

I configured the MTA with Enable authentication and TLS authentication only. Everything works well, all the mail client have to set "My outgoing server (SMTP) requires authentication" and use 465 (SSL) to send mail.

Now i found that I can telnet to port 25 (from and LAN machine) and do send mail without any authentication (the mail client still required)

I still control my trusted network list.

Any ideas?

[phoenix]

Quote:

Originally Posted by lmthong

Hi there

I configured the MTA with Enable authentication and TLS authentication only. Everything works well, all the mail client have to set "My outgoing server (SMTP) requires authentication" and use 465 (SSL) to send mail.

You actually should be using the correct Submission port which is 587.

Quote:

Originally Posted by lmthong

Now i found that I can telnet to port 25 (from and LAN machine) and do send mail without any authentication (the mail client still required)

Of course you can do that, what would you expect to happen? The LAN users are in your Trusted Network settings, did you search for this in the forums (you should, it's been covered many times)?

[lmthong]

Sorry, but I did search.

By the way, how can i remove LAN out of Trusted Network. I saw there's only 127.0.0.0/8, zimbra-mailbox-server-ip,zimbra-mta-server-ip.

And why the LAN users can not send mail if the mail client doesnot set to "My outgoing server (SMTP) requires authentication" but the telnet?

[vavai]

Quote:

Originally Posted by lmthong

Sorry, but I did search.

By the way, how can i remove LAN out of Trusted Network. I saw there's only 127.0.0.0/8, zimbra-mailbox-server-ip,zimbra-mta-server-ip.

And why the LAN users can not send mail if the mail client doesnot set to "My outgoing server (SMTP) requires authentication" but the telnet?

To remove your LAN from trusted network, mark your Zimbra ip with /32 subnet instead of the default /24, so your trusted network should be look like this :

127.0.0.0/8 192.168.10.1/32 (if your Zimbra IP = 192.168.10.1)

Why your client need SMTP auth because you force it to use TLS only.

[lmthong]

Quote:

Originally Posted by vavai

To remove your LAN from trusted network, mark your Zimbra ip with /32 subnet instead of the default /24, so your trusted network should be look like this :

127.0.0.0/8 192.168.10.1/32 (if your Zimbra IP = 192.168.10.1)

Why your client need SMTP auth because you force it to use TLS only.

Sure, except loopback address, all other Trust Network was /32.

Now the MTA is "TLS authentication only" but why the port 25 still allow send mail without any authentication (test by telnet mta.mydomain.com 25). And why the mail client (like MS outlook, outlook express) have to set "My outgoing server (SMTP) requires authentication" (this is what I expect). I'm taking about LAN users.

more clear: I put my MTA in DMZ, trusted network is: 127.0.0.0/8, zimbra-mailbox-ip/32,zimbra-mta-ip/32 and nothing else