Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: [SOLVED] How force user auth to sending mail

  1. #1
    mablux is offline New Member
    Join Date
    May 2011
    Posts
    3
    Rep Power
    4

    Exclamation [SOLVED] How force user auth to sending mail

    I have checked several thread with issues similar to the following, but i donīt find a clear answer.

    My server has auth TLS enable but also permit to send mail to my domain users without any auth. That condition could permit to any user from my domain send mail supplanting any another user of my domain (eg. using SMTP commands).

    That is, for example, userA send a mail to userB as come from userC.
    To avoid this situation i want to force auth before a user send mail.

    It is possible??

    (I know about a pop before smtp, but i donīt want install a additional tool to do that)

  2. #2
    Labsy is offline Elite Member
    Join Date
    Nov 2009
    Location
    Ljubljana, Slovenia
    Posts
    268
    Rep Power
    5

    Default

    If I understand corectly, you might have been confused about mail relay and mail receiving. If you have TLS auth enabled, then also authentication must be forced, so noone can send (relay) mail using your server without authenticating first.
    Then, regarding user1 send mail on behalf of user2, I don't think it would work if authentication is enebled. Except in situation if user1 has an ALIAS named user2.
    But it might be that I am also wrong - haven't test it.

  3. #3
    beli.sk is offline Intermediate Member
    Join Date
    Apr 2011
    Location
    Slovakia
    Posts
    18
    Rep Power
    4

    Default

    Hi,
    yes, it is indeed possible that ANYONE can hand an e-mail message over to your server if it is addressed to one of your users and can fill in the "From" field with anything including other of your e-mail addresses. The sender field of an e-mail should by no means be trusted. If your users require some certainty as to who the mail is really from, they should use S/MIME or other cryptograhpical solution. Support for S/MIME in Zimbra is on the way (for some time now), you can see progress and vote for it here:

    https://bugzilla.zimbra.com/show_bug.cgi?id=9046

    Best regards.

    Edit: And this is not a problem of Zimbra but e-mail in general.

  4. #4
    mablux is offline New Member
    Join Date
    May 2011
    Posts
    3
    Rep Power
    4

    Default

    Thanks for reply.
    I found a solution for my issue.

    I checked my main.cf and under smtpd_recipient_restrictions was the parameters "permit_mynetwork", "permit_sasl_authenticated" and others checks and rejects. In fact in my server users could send mail with (permited by "permit_sasl_authenticated") and without (permited by "permit_mynetwork") SMTP authentication. I removed the users's network from mynetwork and added the parameter "reject" at the end of smtpd_recipient_restrictions.

    Now the users must enable SMTP authentication in their mail clients (outlook, thunderbird, etc.) in order to they can send mail. If users donīt use SMTP authentication (or try to send mail using directly SMTP commands) the server reject the message with error "Recipient address rejected: Access denied".

    Maybe it is not the most elegant solution but it works. I think smtpd_client_restrictions may be used to do that in a better manner.
    Last edited by mablux; 07-05-2011 at 06:34 AM.

  5. #5
    dalmate is offline Elite Member
    Join Date
    Jan 2009
    Posts
    369
    Rep Power
    6

    Default

    It's a good idea. But did you check if outgoing and ingoing mails are good.

  6. #6
    dalmate is offline Elite Member
    Join Date
    Jan 2009
    Posts
    369
    Rep Power
    6

    Default

    I can't add the "reject" parameter to the smptd_recipient_restrictions, zimbra always resets that value.

  7. #7
    mablux is offline New Member
    Join Date
    May 2011
    Posts
    3
    Rep Power
    4

    Default

    dalmate:

    The ingoing and outgoing mails are good, already tested.

    You must add "reject" (or change the last "permit" to "reject") in /opt/zimbra/conf/postfix_recipient_restrictions.cf

    good luck!!

  8. #8
    shoneo's Avatar
    shoneo is offline Member
    Join Date
    Jul 2007
    Location
    Belgrade, Serbia
    Posts
    14
    Rep Power
    8

    Default

    Hello Mablux,
    In this situations I have a problem to send mail via webmail. Do you have solution for this?

    Best Regards

  9. #9
    shoneo's Avatar
    shoneo is offline Member
    Join Date
    Jul 2007
    Location
    Belgrade, Serbia
    Posts
    14
    Rep Power
    8

    Default

    My question is how to make mail server as open relay (zmprov modifyServer mail.example.com zimbraMtaMyNetworks '0.0.0.0/0' ) and force everybody to use smtp authentification and also use webmail?

    Best Regards

  10. #10
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,586
    Rep Power
    57

    Default

    Quote Originally Posted by shoneo View Post
    In this situations I have a problem to send mail via webmail. Do you have solution for this?
    What exactly is the problem and what errors do you see in the log files?

    Quote Originally Posted by shoneo View Post
    My question is how to make mail server as open relay (zmprov modifyServer mail.example.com zimbraMtaMyNetworks '0.0.0.0/0' ) and force everybody to use smtp authentification and also use webmail?
    You do not, under and circumstances, want to make your server an open relay. If you want your suers to authenticate then they should use port 587 as the submission port.

    What are you trying to achieve by making these changes?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 7
    Last Post: 02-03-2011, 07:01 AM
  2. Problem with Postfix and MTA
    By ZMilton in forum Administrators
    Replies: 16
    Last Post: 04-16-2008, 06:47 AM
  3. [SOLVED] Mailserver down when send file attach of 50Mb
    By ZMilton in forum Administrators
    Replies: 20
    Last Post: 04-10-2008, 11:44 AM
  4. Issues...
    By timothyalangorman in forum Administrators
    Replies: 3
    Last Post: 11-19-2007, 10:43 AM
  5. Can't start Zimbra!
    By zibra in forum Administrators
    Replies: 5
    Last Post: 03-22-2007, 11:34 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •