Results 1 to 3 of 3

Thread: mynetworks issue (open relay)

  1. #1
    s.vasilyev is offline Active Member
    Join Date
    Dec 2009
    Location
    Russia, Moscow
    Posts
    27
    Rep Power
    5

    Post mynetworks issue (open relay)

    Hello,

    Our mail server has a lot of external clients which connecting to us using Thunderbird mail client. For some reason they werent able to authorise unless theirs public ip address is added to mynetworks list. Only after adding clients public ip address to mynetworks list, mail client is able to connect using imap protocol. But that leaves some sort of a security issue.

    So I have few questions:

    1.) How can i find out when client (ip in mynetworks list) is connecting to us and which user account is he using as MAIL FROM: field, basically whom is he sending email from.

    I've got following setup from postconf:
    smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unlisted_recipient, reject_invalid_hostname, reject_non_fqdn_sender, reject_rbl_client dul.ru, reject_rbl_client bl.spamcop.net, reject_rbl_client pbl.spamhaus.org, reject_rbl_client zen.spamhaus.org, permit

    2.) Also is it possible to somehow make zimbra to inform when a client from (mynetworks list) is sending email (any email, the point here is client must be in my networks list or i can specifically point out which ip address to watch)

    Thank you.

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,585
    Rep Power
    57

    Default

    You should update your forum profile with the output of the following command (do not post the output in this thread):

    Code:
    zmcontrol -v
    Quote Originally Posted by s.vasilyev View Post
    Our mail server has a lot of external clients which connecting to us using Thunderbird mail client. For some reason they werent able to authorise unless theirs public ip address is added to mynetworks list. Only after adding clients public ip address to mynetworks list, mail client is able to connect using imap protocol. But that leaves some sort of a security issue.
    You should never add an end-user IP address to the Trusted Networks, as you've said, it's a very large security hole. You should find out why they can't authenticate to your server, the correct Submission port for Zimbra is port 587 - are they using that (they will need to Authenticate). There are also plenty of threads in the forums on this subject if you'd like to do a search.

    Quote Originally Posted by s.vasilyev View Post
    1.) How can i find out when client (ip in mynetworks list) is connecting to us and which user account is he using as MAIL FROM: field, basically whom is he sending email from.
    You'd have to search the log files for that information.

    Quote Originally Posted by s.vasilyev View Post
    I've got following setup from postconf:
    smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unlisted_recipient, reject_invalid_hostname, reject_non_fqdn_sender, reject_rbl_client dul.ru, reject_rbl_client bl.spamcop.net, reject_rbl_client pbl.spamhaus.org, reject_rbl_client zen.spamhaus.org, permit
    Is there a question about these settings?

    Quote Originally Posted by s.vasilyev View Post
    2.) Also is it possible to somehow make zimbra to inform when a client from (mynetworks list) is sending email (any email, the point here is client must be in my networks list or i can specifically point out which ip address to watch)
    No, it's not possible within Zimbra. As I've already said, you need to fix the Authentication problem and this question then goes away.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    s.vasilyev is offline Active Member
    Join Date
    Dec 2009
    Location
    Russia, Moscow
    Posts
    27
    Rep Power
    5

    Default

    Quote Originally Posted by phoenix View Post
    You should update your forum profile with the output of the following command (do not post the output in this thread):

    Code:
    zmcontrol -v
    Done.

    You should never add an end-user IP address to the Trusted Networks, as you've said, it's a very large security hole. You should find out why they can't authenticate to your server, the correct Submission port for Zimbra is port 587 - are they using that (they will need to Authenticate). There are also plenty of threads in the forums on this subject if you'd like to do a search.

    You'd have to search the log files for that information.
    Thank you I will be looking into that. Adding end-user IP wasnt my decision

    Is there a question about these settings?
    Nope, its just a settings I have now for authentication.

    No, it's not possible within Zimbra. As I've already said, you need to fix the Authentication problem and this question then goes away.
    Thanks a lot!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Open relay? Nonlocal recips but not originating
    By hmayorga in forum Administrators
    Replies: 2
    Last Post: 12-14-2010, 05:50 AM
  2. Open Relay Help & Telnet Security Issue
    By OfMacAndMen in forum Installation
    Replies: 17
    Last Post: 07-10-2007, 07:51 PM
  3. Zimbra being an open relay?
    By gkra in forum Installation
    Replies: 6
    Last Post: 06-29-2007, 10:59 AM
  4. Error message in Server status
    By Max Ma in forum Installation
    Replies: 20
    Last Post: 04-19-2007, 08:55 AM
  5. The mailbox and mta dies in FC4 GA version
    By meikka in forum Installation
    Replies: 72
    Last Post: 03-16-2006, 05:30 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •