Results 1 to 8 of 8

Thread: Zimbra with Barracuda spam appliance goofiness

  1. #1
    ricardoc is offline Intermediate Member
    Join Date
    Aug 2010
    Posts
    18
    Rep Power
    4

    Default Zimbra with Barracuda spam appliance goofiness

    We have a zimbra server that works fine in house.

    The problem we are having is with user authentication in conjunction with a barracuda spam appliance.

    The spam appliance is where our MX record points, so all mail goes there first, gets scanned, and if is legit, comes to the zimbra server.

    The barracuda is supposed to check with the zimbra server to see if the incoming mail matches a real user on the zimbra server...user verification?

    It appears to not work. The barracuda is having troubles talking with zimbra.

    I hope I'm explaining this right.. Has anyone had any issues like this?

    It looks like the spam appliance isnt verifying with the zimbra server correctly.

    We've switched the spambox from RCPT to VRFY and that still doesn't work.

    Any advice?
    Last edited by ricardoc; 03-30-2011 at 09:00 AM.

  2. #2
    John Siu is offline Loyal Member
    Join Date
    Feb 2011
    Posts
    82
    Rep Power
    4

    Default

    VRFY will not work. It will always reply with:
    Code:
    450 4.7.1 <email address>: Recipient address rejected: Access denied
    I believe it is an anti-spam configuration. But RCPT has to work or else your email server will not accept any email at all.

    Anyway for you to get more details/log from your spam appliance?

  3. #3
    ricardoc is offline Intermediate Member
    Join Date
    Aug 2010
    Posts
    18
    Rep Power
    4

    Default

    The spam appliance is at an ISP, so I'll have to get them to check their logs.

    The spam appliance is supposed to do address verification against zimbra's users and then block emails at the spam appliance level.

    It's just not working. My zimbra server is rejecting emails to bad addresses, when it shouldn't have to.

    I started looking at LDAP as a mechanism to verify between the two, but man it's complicated.

    Do you know how to find the BASEDN AND BINDDN of your zimbra server?

  4. #4
    odeleon is offline Advanced Member
    Join Date
    Sep 2009
    Location
    Spain
    Posts
    233
    Rep Power
    5

    Default

    Do you know how to find the BASEDN AND BINDDN of your zimbra server?
    The Base DN is a string of DC's based on your mail domain (as in dc=example,dc=com). You get the bind dn running zmlocalconfig zimbra_ldap_userdn , by default it's uid=zimbra,cn=admins,cn=zimbra .

    You should be aware that you would be giving your ISP total, complete and full access to your Zimbra LDAP if you do this. I would advice against it.

    ... as for your other problems, I think you might want to add the barracuda appliance as the incoming MX for your domain if you haven't already. OR, you could add your ISP's network as a Trusted Network in you ZCS MTA (but that opens a whole other can of worms in terms of security so think it over carefully).

  5. #5
    ricardoc is offline Intermediate Member
    Join Date
    Aug 2010
    Posts
    18
    Rep Power
    4

    Default

    Quote Originally Posted by odeleon View Post
    The Base DN is a string of DC's based on your mail domain (as in dc=example,dc=com). You get the bind dn running zmlocalconfig zimbra_ldap_userdn , by default it's uid=zimbra,cn=admins,cn=zimbra .

    You should be aware that you would be giving your ISP total, complete and full access to your Zimbra LDAP if you do this. I would advice against it.

    ... as for your other problems, I think you might want to add the barracuda appliance as the incoming MX for your domain if you haven't already. OR, you could add your ISP's network as a Trusted Network in you ZCS MTA (but that opens a whole other can of worms in terms of security so think it over carefully).
    Thanks, our MX record is pointing to the barracuda, and that part works great.

    I've also added the barracudas ip as a trusted network. Just for some reason the user verification fails, so our server is the one bouncing bad addresses (we get hit hard, and have been targets for lots of joejobs).

    The last thing we are trying is LDAP to user verification.

    I trust the guys at the ISP, we've been customers of theirs for a long time.

    I will try that command you gave, thanks.

  6. #6
    ricardoc is offline Intermediate Member
    Join Date
    Aug 2010
    Posts
    18
    Rep Power
    4

    Default

    I'm trying to use Softerras LDAP browser to see if the ldap settings Im using work, and I get invalid credential errors, which means I have the wrong user/pass.

    Can anyone help, this is what I have so far as my basedn and binddn. I don't ever remember setting up a password for user "zimbra". Do I need to use a different user to authenticate to the directory so I can browse it?

    basedn:
    dc=bigballs,dc=com

    binddn:
    uid=zimbra,cn=admins,cn=zimbra
    Last edited by ricardoc; 03-31-2011 at 11:25 AM.

  7. #7
    John Siu is offline Loyal Member
    Join Date
    Feb 2011
    Posts
    82
    Rep Power
    4

    Default

    Try ldap_root_password in /opt/zimbra/conf/localconfig.xml

  8. #8
    ricardoc is offline Intermediate Member
    Join Date
    Aug 2010
    Posts
    18
    Rep Power
    4

    Default

    Appreciate it, that works great, thanks for everything. 1 for your karma bank

    Now to lock down the appropiate filter that the fortimail likes...yipee!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [SOLVED] Help, I think I am running Zimbra as root!
    By primaxx in forum Administrators
    Replies: 9
    Last Post: 10-06-2010, 11:04 AM
  2. Major Issue - 5.0RC2 NE to 5.0GA NE failed
    By DougWare in forum Installation
    Replies: 7
    Last Post: 01-06-2008, 09:56 PM
  3. 4.5 Upgrade failure
    By brained in forum Installation
    Replies: 9
    Last Post: 03-03-2007, 03:30 PM
  4. huge log size
    By rmvg in forum Administrators
    Replies: 5
    Last Post: 01-02-2007, 10:39 AM
  5. svn version still won't start
    By kinaole in forum Developers
    Replies: 0
    Last Post: 10-04-2006, 06:47 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •