Results 1 to 6 of 6

Thread: main.cf overwritten: trying to restrict relay access?

  1. #1
    KDoc is offline Intermediate Member
    Join Date
    Jul 2008
    Posts
    15
    Rep Power
    6

    Default main.cf overwritten: trying to restrict relay access?

    I am trying to lock down postfix so the zimbra server doesn't behave as an open relay.

    I tried modifying main.cf with the;

    smtpd_sender_restrictions = check_sender_access hash:/opt/zimbra/nice_guys

    and adding to;

    smtpd_client_restrictions = reject_unauth_pipelining, check_client_access hash:/opt/zimbra/nice_guys

    But as soon as I save and issue a postfix reload, the main.cf appears to get overwritten.

    What have I missed pls?

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,480
    Rep Power
    56

    Default

    Quote Originally Posted by KDoc View Post
    I am trying to lock down postfix so the zimbra server doesn't behave as an open relay.
    Zimbra, by default, does not act as an open relay unless you've made changes to it that make that happen. If you've installed a standard copy of Zimbra and made no changes to it then you will not be able to relay through that server unless you are authenticated or on the Trusted Networks IP range.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    KDoc is offline Intermediate Member
    Join Date
    Jul 2008
    Posts
    15
    Rep Power
    6

    Default

    That surprises me Phoenix.

    My experience is;

    I installed a std copy.
    Prior to wanting to modify main.cf, I had only tried, via UI and/or zmprov to set up a relay host to my ISP.
    My ISP only accepts secure connections over SSL on 465, which of course, Postfix no longer supports/implements. This took a bit of reading to discover.
    In the meantime however, ALL mails were attemptimg to send via SSL to the relay host. And of course, were being simply 'deferred' with the error; "status=deferred (lost connection with <ISP_Host>[IP.add.ress.x] while receiving the initial server greeting)".
    And so, I would see in the 'deferred' queue, all mails sitting there.
    This included zimbra attempting to send what were very obviously spam mails with spurious addresses which were apparently attempting to traverse my ZCS.

    There's only 1 MS host in my network with well updated AV. The rest are linux or OSX, so I'm confident there're no bots inside.

  4. #4
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,480
    Rep Power
    56

    Default

    Quote Originally Posted by KDoc View Post
    That surprises me Phoenix.
    Really? Take my word for it, what I've posted above is correct - if you don't believe me then search the forums for further information. You could also run an external test to see if you're an open relay, there are plenty available if you do a web search.

    Here's the instructions for relaying through your ISP: Outgoing SMTP Authentication - Zimbra :: Wiki
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    KDoc is offline Intermediate Member
    Join Date
    Jul 2008
    Posts
    15
    Rep Power
    6

    Default

    That's what I followed Phoenix. But as I mentioned, my ISP only accepts secure connections over SSL on 465. They do not have TLS implemented. And The wiki just connfirms what I've read about Postfix. It no longer supports SSL over 465.

    In fact, I just found a post by Wietse himself stating as much; Mailing List Archive - postfix-users : Re: postfix errors when sending smtp auth via yahoo.
    Last edited by KDoc; 03-20-2011 at 03:41 PM.

  6. #6
    KDoc is offline Intermediate Member
    Join Date
    Jul 2008
    Posts
    15
    Rep Power
    6

    Default

    Re: Relay Access,

    It does seem to pass all the tests, so I'll say it (not, I'm sure, that you need it saying, but nevertheless...), you were right.

    To address the other part of my question. How do I go about ensuring a parameter change in main.cf, IF I WANTED TO, and ensuring it persists?

    Do I have to issue a postconf command?

    Or do I have to filter it through zmlocalconfig?

    The fact the file gets re-written suggests zimbra is storing it elsewhere and reading/writing it out at start-up? How is it handling this please?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [SOLVED] Relay access denied
    By get2guy in forum Administrators
    Replies: 8
    Last Post: 10-29-2010, 09:40 AM
  2. Relay Access Denied
    By mmj1000 in forum Administrators
    Replies: 8
    Last Post: 03-27-2009, 12:33 PM
  3. Relay Access Denied, Help!
    By jpcaldwell in forum Administrators
    Replies: 5
    Last Post: 08-15-2008, 09:11 AM
  4. Relay Access Denied
    By AutootuA in forum Administrators
    Replies: 34
    Last Post: 02-07-2008, 09:26 AM
  5. Relay Access Denied
    By kbarnd in forum Installation
    Replies: 2
    Last Post: 02-07-2007, 10:08 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •