Results 1 to 8 of 8

Thread: Problem with Open Relay... Can it be disabled?

  1. #1
    Leonardo Maldonado is offline Junior Member
    Join Date
    Jun 2012
    Posts
    5
    Rep Power
    2

    Exclamation Problem with Open Relay... Can it be disabled?

    Hello to you all!

    I just started working on a new company, and they installed Zimbra Collaboration Suite a couple of months ago.

    I've been getting this last 2 days more than 3000 emails deferred from random email accounts of our domain coming from different ip addresses (i've blocked most of ip addresses on salocal.cf.in but i keep getting too many deferred emails)

    All of our users have installed Thunderbird with SSL-TLS with authentication for incoming & outgoing emails, and they all changed their passwords last week.

    This is our current Zimbra version: Release 7.1.0_GA_3140.UBUNTU8 UBUNTU8 FOSS edition.

    As i started checking /var/log/zimbra.log i kept getting this lines:


    Jun 6 06:50:36 mail amavis[30206]: (30206-14) [B]Open relay? Nonlocal recips but not originating

    I also tried different open relay testing sites and i kept failing all test (Message received: Relays accepted by remote host)

    Is there any way to disable open relay on Zimbra? if so... how do i do it? i read many threads without any solution.

    Kind regards in advance for all your help and assistance

    Leonardo
    Last edited by Leonardo Maldonado; 06-07-2012 at 09:06 AM.

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    Quote Originally Posted by Leonardo Maldonado View Post
    Is there any way to disable open relay on Zimbra? if so... how do i do it? i read many threads without any solution.
    Zimbra is not by default an open relay. Have you used one of the many internet sites that check your mail server for an open relay?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Leonardo Maldonado is offline Junior Member
    Join Date
    Jun 2012
    Posts
    5
    Rep Power
    2

    Default

    Quote Originally Posted by phoenix View Post
    Zimbra is not by default an open relay. Have you used one of the many internet sites that check your mail server for an open relay?
    Yes i did. As i wrote on my first reply: "I also tried different open relay testing sites and i kept failing all test (Message received: Relays accepted by remote host)"

    The ones i tried were:
    MailRadar - Email Oriented Community for Linux Sysadmins - FAILED
    Check an Open Relay - FAILED
    MX Lookup Tool - Check your DNS MX Records online - MxToolbox - FAILED (Msg: "May be an open relay")
    ...and 6 more

  4. #4
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    Quote Originally Posted by Leonardo Maldonado View Post
    Yes i did. As i wrote on my first reply: "I also tried different open relay testing sites and i kept failing all test (Message received: Relays accepted by remote host)"

    The ones i tried were:
    MailRadar - Email Oriented Community for Linux Sysadmins - FAILED
    Check an Open Relay - FAILED
    MX Lookup Tool - Check your DNS MX Records online - MxToolbox - FAILED (Msg: "May be an open relay")
    ...and 6 more
    Then you need to provide further evidence that it failed and more details about your ZCS configuration such as whether it's in a DMZ or what changes you've made to ZCS that would make it an open relay.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    Leonardo Maldonado is offline Junior Member
    Join Date
    Jun 2012
    Posts
    5
    Rep Power
    2

    Default

    Quote Originally Posted by phoenix View Post
    Then you need to provide further evidence that it failed and more details about your ZCS configuration such as whether it's in a DMZ or what changes you've made to ZCS that would make it an open relay.
    - Result of 16 out of 18 openrelay tests made by mailradar.com:

    [Method 13]
    <<< 220 MY_MAIL_DOMAIN ESMTP Postfix
    >>> HELO mailradar.com
    <<< 250 MY_MAIL_DOMAIN
    >>> MAIL FROM: <antispam@[ZCS_IP_ADDRESS]>
    <<< 250 2.1.0 Ok
    >>> RCPT TO: <@[MY_MAIL_DOMAIN]:relaytest@mailradar.com>
    <<< 250 2.1.5 Ok
    >>> QUIT
    <<< 221 2.0.0 Bye
    [TEST NOT PASSED]

    - The server is behind a firewall, it's not on a DMZ.
    - I haven't made any changes to ZCS
    - I dont have a record of any configuration changes on ZCS before my arrival to the company
    Last edited by Leonardo Maldonado; 06-07-2012 at 09:05 AM.

  6. #6
    Leonardo Maldonado is offline Junior Member
    Join Date
    Jun 2012
    Posts
    5
    Rep Power
    2

    Default

    Please, let me know if you need any other information to solve this problem; i just saw >2000 emails on my ZCS Deferred List this morning and i can't afford to be blacklisted to some email servers.

    Any help will be appreciated! Kind regards

  7. #7
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    Well, as I mentioned earlier, ZCS is not an open relay so something must have been modified on the server. When you say 'behind a firewall', do you actually mean the same server or another server behind the firewall and is it behind NAT? You can start by checking the

    This is from a standard ZCS install behind a NAT router (it fails every open relay test):

    Code:
    [Method 13]
    <<< 220 myserver.com ESMTP Postfix
    >>> HELO mailradar.com
    <<< 250 mail01.phoenix-systems.uk.com
    >>> MAIL FROM: <antispam@[myserverip]>
    <<< 250 2.1.0 Ok
    >>> RCPT TO: <@[myserver.com]:relaytest@mailradar.com>
    <<< 554 5.7.1 <relaytest@mailradar.com>: Relay access denied
    >>> QUIT
    <<< 221 2.0.0 Bye
    You can start by checking the settings in this part of the Admin UI.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  8. #8
    Leonardo Maldonado is offline Junior Member
    Join Date
    Jun 2012
    Posts
    5
    Rep Power
    2

    Default

    Solved!

    The link you sent me about "Enabling Mail Submission/Relaying from Remote Networks" helped me check all right values on MTA config.

    It turns out that relaying was allowed on ZCS for other machines on my network; i changed this setting by allowing only ZCS itself to relay and not the entire network.

    Before:
    zimbra@mail:~$ postconf mynetworks
    mynetworks = 127.0.0.0/8 <Network_IP>/24

    Command used:
    zmprov modifyServer myserver.zimbra.com zimbraMtaMyNetworks '127.0.0.0/8 <Zimbra_IP_Address>/32'

    After:
    zimbra@mail:~$ postconf mynetworks
    mynetworks = 127.0.0.0/8 <Zimbra_IP_Address>/32

    Result of relay tests:
    [Method 13]
    <<< 220 myserver.zimbra.com ESMTP Postfix
    >>> HELO mailradar.com
    <<< 250 myserver.zimbra.com
    >>> MAIL FROM: <antispam@[zimbra_ip]>
    <<< 250 2.1.0 Ok
    >>> RCPT TO: <@[zimbra.ip]:relaytest@mailradar.com>
    <<< 554 5.7.1 <relaytest@mailradar.com>: Relay access denied
    >>> QUIT
    <<< 221 2.0.0 Bye
    All tested completed! No relays accepted by remote host!

    Thank you very much for your assistance Bill!

    Kind regards and have an excellent day!

    Leonardo

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [SOLVED] upgrade problem
    By zhushazang in forum Administrators
    Replies: 5
    Last Post: 01-11-2011, 04:40 AM
  2. Relay Problem - 454 directory unavailable
    By coldfusion in forum Administrators
    Replies: 0
    Last Post: 01-24-2008, 01:48 AM
  3. [SOLVED] Upgraded to 5.0 OSS - Sendmail Problem
    By Chewie71 in forum Installation
    Replies: 11
    Last Post: 12-28-2007, 07:07 PM
  4. Understanding the Daily Mail Report - Open Relay?
    By gihrig in forum Administrators
    Replies: 4
    Last Post: 10-16-2006, 08:53 AM
  5. SMTP send relay problem
    By Billy in forum Installation
    Replies: 18
    Last Post: 12-28-2005, 12:31 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •