Zimbra

rasga · #1 (**permalink**) 02-13-2011, 05:44 PM

Hi,

Our Zimbra (open source) is allowing local relay without authentication.

E.g.:

1@zimbra.xxx > 2@zimbra.xxx without authentication.

I want to be mandatory an authentication even local domain.

How can i modify postfix to have a mandatory authentication?

Thanks.

mavlenko · #2 (**permalink**) 02-13-2011, 06:56 PM

Admin Cosole -> Server Settings -> MTA -> MTA Trusted Networks

Remove your local network from here, and place only external IP of zimbra server like this 127.0.0.0/8 192.168.100.10/32.

By default zimbra accept whole network of external interface like trusted network and don't ask authentication

rasga · #3 (**permalink**) 02-13-2011, 07:01 PM

Already did. 127.0.0.0/8 xxx.xxx.xxx.xxx/29.

Didnt work.

mavlenko · #4 (**permalink**) 02-13-2011, 08:37 PM

From what IP addres you try to connect to your server and try to relay message? Mask /29 contains 6 host, maybe you try to relay from one of that 6 hosts?

rasga · #5 (**permalink**) 02-14-2011, 04:16 AM

Quote:

Originally Posted by mavlenko

From what IP addres you try to connect to your server and try to relay message? Mask /29 contains 6 host, maybe you try to relay from one of that 6 hosts?

Yeah, we trying from another ip from same /29. But i really want authenticate, even in our /29.

Outside our /29 using @zimbra.xxx > @zimbra.xxx works too.

(Just for understanding, another company used our zimbra.xxx to send an e-mail from a CIO to CEO asking for resignation...)

rasga · #6 (**permalink**) 02-14-2011, 03:17 PM

If i remove my own /29 from trusted networks? Is that safe? Works?

mavlenko · #7 (**permalink**) 02-14-2011, 07:30 PM

I think we're talking about different things, relaying entails sending mail outside your domain which hosted on your zimbra. Within the domain - it does not relay.

Quote:

If i remove my own /29 from trusted networks? Is that safe? Works?

you needn't remoove whole network, you must leave your external IP of zimbra server and IP of trusted hosts in your network as i told 127.0.0.0/8 192.168.100.10/32 10.10.10.40/32. It's safe and works.
Trusted networks mean that only those hosts can relay mails throught your server to another domains, it's may be another mail-server (zimbra, exchange etc) or something like a mail-robot.

rasga · #8 (**permalink**) 02-16-2011, 02:32 AM

I removed from trusted networks and tested out of our structure (at datacenter) a 0-day Zimbra installation and local still not require authentication. So, how can i make mandatory authentication for @zimbra.xxx to @zimbra.xxx ?

Thanks!

mavlenko · #9 (**permalink**) 02-16-2011, 07:48 PM

I think you need to read this smtp authentication and some other thread on the forum about authentication and relaying to anderstand that zimbra allways accept mails for internal domains without authentication, and ask authentication only for send mesaages to other domains. So, answer to your first post is: "No, it is impossible to have an authentication for local domains"
I was a little bit stupid when answering your question. I told about an external relay, and you asked about internal. Sorry

Zimbra

Downloads

Product Information

Toolbox

Why Join?