Block sending mails to specific domain

[Rk_Raj]

Dear all,

1. My zimbra 7.1.1 opensource edition has 500 user accounts under a domain called someexample.com. But daily there are about 400 spam mails gets relayed by my mail server goes out from<> address. This information I got from daily mail report. But I can't trace the from address. When I see /var/log/mail.log I can able to see lots of mail from swderfhy@aol.com, denvhruf@aol.com, njyhfifkcvj@yahoo.com etc., going out from my mail server. We asked all our users to change their passwords with 10 characters and symbols and numbers. but still we cannot stop that mails. How to block this?

2. I already said that we have 500 user accounts under the domain someexample.com. How to make my mail server to validate and send mails only from those 500 accounts. ie) When a user tries to send a mail, our mail server should check the from address and if the from address is one of the valid accounts of our mail server then only it has to allow the mail to go out. Otherwise it should simply reject it.

output of my daily mail report.

**************************

top 50 Senders by message count
-------------------------------
400 from=<>
384 trusteduser1@trusteddomain1.com
312 trusteduser2@trusteddomain2.com

top 50 Senders by message size
------------------------------
695m trusteduser1@trusteddomain1.com
270152k from=<>
176561k trusteduser2@trusteddomain2.com

***********************

[phoenix]

Quote:

Originally Posted by Rk_Raj

1. My zimbra 7.1.1 opensource edition has 500 user accounts under a domain called someexample.com. But daily there are about 400 spam mails gets relayed by my mail server goes out from<> address.

You'r e mistaken. Zimbra does not act as an open relay unless you've modified it to act as one. Unless you have a bot on your network or a compromised account this is not mail relayed through your server.

Quote:

Originally Posted by Rk_Raj

2. I already said that we have 500 user accounts under the domain someexample.com. How to make my mail server to validate and send mails only from those 500 accounts. ie) When a user tries to send a mail, our mail server should check the from address and if the from address is one of the valid accounts of our mail server then only it has to allow the mail to go out. Otherwise it should simply reject it.

This is not necessary if your users are use the correct Submission port 587, that requires authentication.

These subjects have been covered in the forums many times, do search for them.

[Rk_Raj]

Dear phoenix,

1. Please don't mistake me. How should I ensure that my mail server is not configured to open relay. If so how to modify it. If my server is not relaying then what happens here. what are those addresses from which the mails are going out.

2. please mention the thread which discuss my issue exactly. because I searched for many times bu t I can't find.

[Rk_Raj]

Hi,

How to block 25 port for sending e-mails from my mail server and open the 587 port for mail submission

[phoenix]

Quote:

Originally Posted by Rk_Raj

How to block 25 port for sending e-mails from my mail server and open the 587 port for mail submission

If you block port 25 you will not be able to send any email to any external domain, why do you want to do that? Port 587 is already open. Do search the forums these these subject have already been covered many times.

[Rk_Raj]

Hi,

But I am not able to send mails from my outlook express/outlook when i set the SMTP port as 587 in the outlook express. Also if my mail server is not relaying unknown mails then please explain me what is this,

Dec 28 18:51:24 mail postfix/smtp[23380]: 26240224842: to=<fsilovsky@aol.com>, relay=127.0.0.1[127.0.0.1]:9026, delay=0.15, delays=0.02/0/0.01/0.12, dsn=2.0.0, status=sent (250 2.0.0 Ok (2.0.0 Ok: queued as 3FD78224845 ))
Dec 28 18:51:27 mail postfix/smtp[25468]: 3FD78224845: to=<fsilovsky@aol.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.7, delays=0.04/0/0/2.7, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=08475-18, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as EE1B0224842)
Dec 28 18:51:31 mail postfix/smtp[28768]: > smtp3.gtcare.co.in[205.169.242.10]:25: RCPT TO:<fsilovsky@aol.com> ORCPT=rfc822;fsilovsky@aol.com
Dec 28 18:51:32 mail postfix/smtp[28768]: F1AF3224847: to=<fsilovsky@aol.com>, relay=smtp3.gtcare.co.in[205.169.242.10]:25, delay=5, delays=0.01/0.01/4.1/0.89, dsn=2.0.0, status=sent (250 2.0.0 smtp15.gtcare.co.in Ok: queued as EF775E3D69)

Dec 28 09:19:44 mail postfix/smtpd[31193]: connect from oms-ma02.r1000.mx.aol.com[64.12.140.130]
Dec 28 09:19:45 mail postfix/smtpd[31193]: 306862236F6: client=oms-ma02.r1000.mx.aol.com[64.12.140.130]
Dec 28 09:19:45 mail postfix/qmgr[13425]: 306862236F6: from=<fsilovsky@aol.com>, size=5374, nrcpt=2 (queue active)
Dec 28 09:19:45 mail postfix/smtpd[31193]: disconnect from oms-ma02.r1000.mx.aol.com[64.12.140.130]

Dec 29 18:23:35 mail postfix/smtpd[20494]: connect from nm1-vm0.bullet.mail.in.yahoo.com[121.101.151.211]
Dec 29 18:23:35 mail postfix/smtpd[20494]: 2AE04224929: client=nm1-vm0.bullet.mail.in.yahoo.com[121.101.151.211]
Dec 29 18:23:35 mail postfix/cleanup[29866]: 2AE04224929: message-id=<1325163290.56627.YahooMailNeo@web137301.mail.i n.yahoo.com>
Dec 29 18:23:49 mail postfix/smtpd[20494]: disconnect from nm1-vm0.bullet.mail.in.yahoo.com[121.101.151.211]

But none of our user send mail to fsilovsky@aol.com. Not only this none of our users will send mails to aol.com.

[phoenix]

Quote:

Originally Posted by Rk_Raj

But I am not able to send mails from my outlook express/outlook when i set the SMTP port as 587 in the outlook express.

Using port 587 works for me and from your description nobody is likely to be able to tell you what is causing the problem. Why don't you look in the log files and see exactly what the problem is then search the forums for the error?

[Rk_Raj]

Hi,

I got this info from my daily mail admin report which I recieve as e-mail what is this what is happening here. Does it is spam? How to find what is that from<>

top 50 Senders by message count
-------------------------------

515 from=<>

top 50 Senders by message size
------------------------------

27907k from=<>

Sender address rejected: Domain not found (total: 44)
8 nobody@ws1.ziddu.com
8 bounce@jewelsnext.in
5 root@isenditnow.in
5 arun4@snappyjoy4.in
3 arun5@snappyjoy5.in
2 rolex@nrolex.com
1 us@dj.1
1 star@camenana.hst.terra.com.br

How these mails are sent from my zimbra server

[phoenix]

Quote:

Originally Posted by Rk_Raj

I got this info from my daily mail admin report which I recieve as e-mail what is this what is happening here. Does it is spam?

Yes.

Quote:

Originally Posted by Rk_Raj

How to find what is that from<>

You can't, that was the information in the log files (it's spam and probably forged).

Quote:

Originally Posted by Rk_Raj

How these mails are sent from my zimbra server

They are not sent from your server.

[Rk_Raj]

But we are using an external service provider to relay our mail. Which we configured in our mail server using the username and password given byt them by following the article Outgoing SMTP Authentication - Zimbra :: Wiki They are telling that lots of spam mails are comming from our server.