| Welcome to the Zimbra :: Forums! | |
Welcome, if you would like to post a comment please register.
We also encourage you to explore all things Zimbra with our team and members of the community.
|
 | 
01-17-2011, 12:56 AM
| | Intermediate Member | |
Posts: 22
| |  mynetworks issue (open relay)
Hello,
Our mail server has a lot of external clients which connecting to us using Thunderbird mail client. For some reason they werent able to authorise unless theirs public ip address is added to mynetworks list. Only after adding clients public ip address to mynetworks list, mail client is able to connect using imap protocol. But that leaves some sort of a security issue.
So I have few questions:
1.) How can i find out when client (ip in mynetworks list) is connecting to us and which user account is he using as MAIL FROM: field, basically whom is he sending email from.
I've got following setup from postconf:
smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unlisted_recipient, reject_invalid_hostname, reject_non_fqdn_sender, reject_rbl_client dul.ru, reject_rbl_client bl.spamcop.net, reject_rbl_client pbl.spamhaus.org, reject_rbl_client zen.spamhaus.org, permit
2.) Also is it possible to somehow make zimbra to inform when a client from (mynetworks list) is sending email (any email, the point here is client must be in my networks list or i can specifically point out which ip address to watch)
Thank you.  |
01-17-2011, 03:23 AM
| | Zimbra Consultant & Moderator | |
Posts: 20,315
| |
You should update your forum profile with the output of the following command (do not post the output in this thread): Quote:
Originally Posted by s.vasilyev  Our mail server has a lot of external clients which connecting to us using Thunderbird mail client. For some reason they werent able to authorise unless theirs public ip address is added to mynetworks list. Only after adding clients public ip address to mynetworks list, mail client is able to connect using imap protocol. But that leaves some sort of a security issue. | You should never add an end-user IP address to the Trusted Networks, as you've said, it's a very large security hole. You should find out why they can't authenticate to your server, the correct Submission port for Zimbra is port 587 - are they using that (they will need to Authenticate). There are also plenty of threads in the forums on this subject if you'd like to do a search. Quote:
Originally Posted by s.vasilyev 1.) How can i find out when client (ip in mynetworks list) is connecting to us and which user account is he using as MAIL FROM: field, basically whom is he sending email from. | You'd have to search the log files for that information. Quote:
Originally Posted by s.vasilyev I've got following setup from postconf:
smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unlisted_recipient, reject_invalid_hostname, reject_non_fqdn_sender, reject_rbl_client dul.ru, reject_rbl_client bl.spamcop.net, reject_rbl_client pbl.spamhaus.org, reject_rbl_client zen.spamhaus.org, permit | Is there a question about these settings? Quote:
Originally Posted by s.vasilyev 2.) Also is it possible to somehow make zimbra to inform when a client from (mynetworks list) is sending email (any email, the point here is client must be in my networks list or i can specifically point out which ip address to watch) | No, it's not possible within Zimbra. As I've already said, you need to fix the Authentication problem and this question then goes away. 
__________________
Regards
Bill
|
01-17-2011, 11:16 PM
| | Intermediate Member | |
Posts: 22
| |
Quote:
Originally Posted by phoenix You should update your forum profile with the output of the following command (do not post the output in this thread): | Done. Quote:
You should never add an end-user IP address to the Trusted Networks, as you've said, it's a very large security hole. You should find out why they can't authenticate to your server, the correct Submission port for Zimbra is port 587 - are they using that (they will need to Authenticate). There are also plenty of threads in the forums on this subject if you'd like to do a search.
You'd have to search the log files for that information.
| Thank you I will be looking into that. Adding end-user IP wasnt my decision  Quote: |
Is there a question about these settings?
| Nope, its just a settings I have now for authentication. Quote: |
No, it's not possible within Zimbra. As I've already said, you need to fix the Authentication problem and this question then goes away. | Thanks a lot! | | Thread Tools | Search this Thread | | | | | Display Modes |  Linear Mode | | Why Join? Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.   |
Bugzilla
Wiki
Source
