Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: amavis thinks my server is an openrelay when I use it to send mail while roaming

  1. #1
    tiger is offline Junior Member
    Join Date
    Apr 2012
    Posts
    5
    Rep Power
    3

    Default amavis thinks my server is an openrelay when I use it to send mail while roaming

    I connect to my Zimbra server from my mobile phone when I roam (off the LAN, on the cellular network, from some 'random' dynamically assigned IP), for both sending (SMTP) and receiving (IMAP). The connections are TLS encrypted and Authenticated. Pretty typical.

    Each time I send a message from my roaming connected phone, I get in the logs

    Code:
    May  3 08:30:26 cheetah amavis[27180]: (27180-02) Open relay? Nonlocal recips but not originating: ###@###.com
    I tested my server, and it's not an OpenRelay, but amavis thinks it is anyway.

    I only get this message from a roaming connection.

    I need to configure something I guess. How can I fix this?

  2. #2
    tiger is offline Junior Member
    Join Date
    Apr 2012
    Posts
    5
    Rep Power
    3

    Default

    This same question keeps getting asked, but not answered for this case -- roaming authenticated users

    https://www.zimbra.com/forums/admini...bra-log-2.html
    https://www.zimbra.com/forums/admini...iginating.html
    https://www.zimbra.com/forums/admini...inating-2.html

    Does anyone from Zimbra have an answer? What do we do in Zimbra server to fix this?

  3. #3
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,580
    Rep Power
    57

    Default

    I see no such behaviour on my server when I send a message via a mobile phone, I've just sent a message and see nothing in the /var/log/zimbra.log other than the expected conversation about the mail being sent to an external account (in this case, my gmail account).

    You haven't really given much information about the problem such as log file entries (one line out-of-context doesn't really tell us much) - try a "tail -f" of the log when you send an email, which version and release of Zimbra, has this always happened, are your DNS records correct, does this happen for external wired connections or just mobile?

    What about the setting mentioned in one of your quoted threads:

    Quote Originally Posted by ewilen View Post
    Earlier I'd also noticed in the Admin GUI that Configuration > Servers > servername >MTA > Web Mail MTA Hostnames was set to the fully qualified domain name of Zimbra, but there was a button to "reset to COS"
    Have you reset it back to the COS default, does that make any difference. What entries do you have in your Trusted Network setting?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  4. #4
    tiger is offline Junior Member
    Join Date
    Apr 2012
    Posts
    5
    Rep Power
    3

    Default

    I see no such behaviour on my server when I send a message via a mobile phone, I've just sent a message and see nothing in the /var/log/zimbra.log other than the expected conversation about the mail being sent to an external account (in this case, my gmail account).
    Certainly other people do, as they have repeatedly reported.

    You haven't really given much information about the problem such as log file entries (one line out-of-context doesn't really tell us much) - try a "tail -f" of the log when you send an email

    Code:
    May  4 08:14:22 cheetah postfix/smtpd[27601]: connect from unknown[107.36.180.3]
    May  4 08:14:23 cheetah postfix/smtpd[27601]: setting up TLS connection from unknown[107.36.180.3]
    May  4 08:14:23 cheetah postfix/smtpd[27601]: Anonymous TLS connection established from unknown[107.36.180.3]: TLSv1 with cipher RC4-MD5 (128/128 bits)
    May  4 08:14:24 cheetah saslauthd[22385]: zmauth: authenticating against elected url 'https://cheetah.###.com:7071/service/admin/soap/' ...
    May  4 08:14:24 cheetah saslauthd[22385]: zmpost: url='https://cheetah.###.com:7071/service/admin/soap/' returned buffer->data='<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"><soap:Header><context xmlns="urn:zimbra"><change token="8146"/></context></soap:Header><soap:Body><AuthResponse xmlns="urn:zimbraAccount"><authToken>0_ff6cabdeb5f8e315c17800d8ad447b5113486ab0_69643d33363a356436316566303433633b747913131622d376332303232d346435372d343662312d643238353a3133326236636262373b6578703d3133332303338370653d363a7a696d6272613b</authToken><lifetime>172799999</lifetime><skin>carbon</skin></AuthResponse></soap:Body></soap:Envelope>', hti->error=''
    May  4 08:14:24 cheetah saslauthd[22385]: auth_zimbra: tiger@###.com auth OK
    May  4 08:14:24 cheetah postfix/smtpd[27601]: 78ED3600E1: client=unknown[107.36.180.3], sasl_method=LOGIN, sasl_username=tiger@###.com
    May  4 08:14:24 cheetah postfix/cleanup[26986]: 78ED3600E1: message-id=<915461b3-5c6e-4bb8-a6f7-bcd9754e64cc.maildroid@localhost>
    May  4 08:14:24 cheetah postfix/qmgr[26976]: 78ED3600E1: from=<tiger@###.com>, size=949, nrcpt=1 (queue active)
    May  4 08:14:24 cheetah amavis[22127]: (22127-02) ESMTP::10024 /opt/zimbra/data/amavisd/tmp/amavis-20120504T061558-22127: <tiger@###.com> -> <###@gmail.com> SIZE=949 Received: from cheetah.###.com ([127.0.0.1]) by localhost (cheetah.###.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <###@gmail.com>; Fri,  4 May 2012 08:14:24 -0700 (PDT)
    May  4 08:14:24 cheetah amavis[22127]: (22127-02) Checking: 3oFLdrAncVjU [107.36.180.3] <tiger@###.com> -> <###@gmail.com>
    May  4 08:14:24 cheetah amavis[22127]: (22127-02) Open relay? Nonlocal recips but not originating: ###@gmail.com
    May  4 08:14:24 cheetah postfix/smtpd[27601]: disconnect from unknown[107.36.180.3]
    May  4 08:14:29 cheetah postfix/smtpd[27002]: connect from localhost.localdomain[127.0.0.1]
    May  4 08:14:29 cheetah postfix/smtpd[27002]: 9029460278: client=localhost.localdomain[127.0.0.1]
    May  4 08:14:29 cheetah postfix/cleanup[26986]: 9029460278: message-id=<915461b3-5c6e-4bb8-a6f7-bcd9754e64cc.maildroid@localhost>
    May  4 08:14:29 cheetah postfix/qmgr[26976]: 9029460278: from=<tiger@###.com>, size=1467, nrcpt=1 (queue active)
    May  4 08:14:29 cheetah postfix/smtpd[27002]: disconnect from localhost.localdomain[127.0.0.1]
    , which version and release of Zimbra
    Code:
    zmcontrol -v
     Release 7.2.0_GA_2669.UBUNTU10_64 UBUNTU10_64 FOSS edition.
    has this always happened
    Yes

    are your DNS records correct
    Yes. Everything else on my server is fine.

    does this happen for external wired connections or just mobile?
    I've only tested it from mobile. I don't connect from any other external device.

    What about the setting mentioned in one of your quoted threads:
    Have you reset it back to the COS default,
    Yes.

    does that make any difference.
    No.

    What entries do you have in your Trusted Network setting?
    Code:
    https://###.com:7071/zimbraAdmin/
    	MTA Trusted Networks:
    		192.168.1.0/24 ##.##.##.##/29
    "##.##.##.##/29" is my Real IP range assigned from my ISP.

  5. #5
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,580
    Rep Power
    57

    Default

    Quote Originally Posted by tiger View Post
    Certainly other people do, as they have repeatedly reported.
    I don't dispute that, I was merely telling you that I didn't.

    Quote Originally Posted by tiger View Post
    Code:
    https://###.com:7071/zimbraAdmin/
    	MTA Trusted Networks:
    		192.168.1.0/24 ##.##.##.##/29
    "##.##.##.##/29" is my Real IP range assigned from my ISP.
    That configuration is incorrect, it should have the loopback entry and your LAN in there:

    Code:
    127.0.0.0/8 192.168.1.0/24
    Change that value and restart ZCS and see if there's any change. Are you using port 587 to Submit the mail from your mobile?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  6. #6
    tiger is offline Junior Member
    Join Date
    Apr 2012
    Posts
    5
    Rep Power
    3

    Default

    That configuration is incorrect, it should have the loopback entry and your LAN in there:
    In Zimbra's salocal.cf.in I see,

    Code:
    %%uncomment VAR:zimbraMtaMyNetworks%%trusted_networks %%zimbraMtaMyNetworks%%
    Is Zimbra's "trusted networks" different than that used by spamassassin? For SA, 127/8 is included by default.

    Code:
    https://spamassassin.apache.org/full...ssin_Conf.html
    Note: 127/8 and ::1 are always included in trusted_networks, regardless of your config.

    Code:
    127.0.0.0/8 192.168.1.0/24
    Change that value and restart ZCS
    I did

    and see if there's any change.
    There isn't. I still get the OpenRelay message.

    Are you using port 587 to Submit the mail from your mobile?
    Yes.

  7. #7
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,580
    Rep Power
    57

    Default

    Have you also changed the setting at Global Settings/MTA to 'localhost'?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  8. #8
    tiger is offline Junior Member
    Join Date
    Apr 2012
    Posts
    5
    Rep Power
    3

    Default

    Quote Originally Posted by phoenix View Post
    Have you also changed the setting at Global Settings/MTA to 'localhost'?
    Yes.

    I have posted in the other related threads trying to consolidate them and point people here on the same topic, and nicely inviting other users to join the conversation here.

    Why are you removing those comments with no notice or communication?

  9. #9
    msmcknight is offline Senior Member
    Join Date
    May 2009
    Posts
    59
    Rep Power
    6

    Default

    I'm having the same problem...

    The "Open relay? Nonlocal recips but not originating: recipient@externaldomain.com" messages come up whenever a remote user tries to send an email via imap/submission (587). These errors do not appear when users on the LAN send messages.

    I just upgraded from 606 to 7.2.0_GA_2669.RHEL5_20120410001957 RHEL5 FOSS edition, Patch 7.2.0_P1 and I did not have this problem before the upgrade.

    From what I've gathered, I need to set the Web mail MTA hostname on the Global Settings screen and the Server Settings screen both to 'localhost.' Right now my Global Setting = localhost and my Server Setting = zimbra.mydomain.com

    But... when I try to change the Server Setting to localhost, I get an error:
    Invalid Value!
    Message: Error! [::1]/128 is not a valid subnet value in CIDR notation!
    Additional information about MTA Trusted Networks configuration can be
    found at ZimbraMtaMyNetworks - Zimbra :: Wiki
    Which tells me nothing useful.

    postconf mynetworks
    mynetworks = 127.0.0.0/8 10.1.1.0/24 [::1]/128

    zmprov getServer zimbra.mydomain.com | grep zimbraMtaMyNetworks
    zimbraMtaMyNetworks: 127.0.0.0/8 10.1.1.0/24 [::1]/128
    My host file is pretty straight forward:
    127.0.0.1 localhost.localdomain localhost

    And my DNS is fine... nothing else is having any trouble, and even Zimbra didn't trouble until I upgraded.

    I'm not sure if it's the right value, but I tried to set zimbraMtaAuthHost from the command line and got the following:
    zmprov ms zimbra.mydomain.com zimbraMtaAuthHost localhost
    ERROR: service.INVALID_REQUEST (invalid request: specified zimbraMtaAuthHost does not correspond to a valid service hostname: localhost)
    The web administration interface wont let me change the value. It breaks no matter what browser I use.

    Is there a way to set the value via the command line? Is there a way to fix the web error?

    Thanks,
    -Michael

  10. #10
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,580
    Rep Power
    57

    Default

    Quote Originally Posted by msmcknight View Post
    But... when I try to change the Server Setting to localhost, I get an error:

    Which tells me nothing useful
    It actually does tell you something useful, there's an IPv6 address in there and ZCS doesn't (currently) support IPv6.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 7
    Last Post: 02-03-2011, 07:01 AM
  2. Zimbra fails after working for 2 weeks
    By Linsys in forum Administrators
    Replies: 10
    Last Post: 10-07-2008, 12:42 AM
  3. use internal mail server to send email in external net
    By abisello in forum Administrators
    Replies: 5
    Last Post: 03-18-2008, 08:29 AM
  4. [SOLVED] Upgraded to 5.0 OSS - Sendmail Problem
    By Chewie71 in forum Installation
    Replies: 11
    Last Post: 12-28-2007, 07:07 PM
  5. My Zimbra server down ... please help :)
    By frankb in forum Administrators
    Replies: 2
    Last Post: 12-12-2007, 11:29 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •