Results 1 to 3 of 3

Thread: Send from any domain or address using authentification

  1. #1
    rafael.viciana is offline Beginner Member
    Join Date
    May 2012
    Posts
    1
    Rep Power
    3

    Default Send from any domain or address using authentification

    Hi all,

    I installed Zimbra succesfull and using in a production enviroment (Release 7.1.3_GA_3346.RHEL6_64_20110928134428 RHEL6_64 FOSS edition, Patch 7.1.3_P1.)

    I activated the SASL login authentication and I realized that I can set up in any EMAIL client the email address that I want, event I can change the domain to google if I wish.
    I just have to set up correctly the username and password.

    So the recipient receive a mail where the from field is incorrect. So, any user of my company can send to other one changing the from FIELD and making a mess to the recipients.

    To clarify:
    My domain : domain.es
    My user: username
    My passwd: password

    but i configure in OUTLOOK kk@otherdomain.es or rafa@domain.es using the credencials "username" and "password".


    I did many changes and nothing work.
    I post the smtp restriction for your information:

    > postconf smtpd_recipient_restrictions
    smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unlisted_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_rbl_client cbl.abuseat.org reject_rbl_client psbl.surriel.com reject_rbl_client dnsbl.njabl.org, permit


    More info:

    In zimbra.log I got the following:
    zimbra amavis[14038]: (14038-01) Open relay? Nonlocal recips but not originating: xxxxxx@xxxx.xx

    Note: the xxxxx@xxxx.xx is any recipient address I send to.


    I got the above when the users are not in my trusted networks, but thats why I use authentification.

    Thanks a lot in advance

  2. #2
    Crayz9000 is online now Senior Member
    Join Date
    Feb 2012
    Location
    Las Vegas
    Posts
    65
    Rep Power
    3

    Default

    Make sure that the COS option "Allow sending email from any address" (which can be found under the Preferences tab of the default COS) is unchecked.

    Update: And it seems that's wholly ineffective for anything other than webmail. I suppose it's not surprising, since most mail servers have for years assumed that if you grant a user access, then you implicitly trust them.
    Last edited by Crayz9000; 06-28-2012 at 01:25 PM.

  3. #3
    Crayz9000 is online now Senior Member
    Join Date
    Feb 2012
    Location
    Las Vegas
    Posts
    65
    Rep Power
    3

    Default

    Here you go. The Wiki article is the only method I managed to get working.
    RestrictPostfixSenders - Zimbra :: Wiki

    The methods described in this discussion don't actually work:
    How to enforce sasl_username=FROM ADDRESS

    The reason is that regexp maps do not work properly for the sender maps, as noted here:
    http://www.mailinglistarchive.com/po.../msg36838.html
    Last edited by Crayz9000; 06-28-2012 at 03:33 PM.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 0
    Last Post: 09-28-2010, 03:58 AM
  2. Add other domain address in Global Address Book
    By raghuram1980 in forum Administrators
    Replies: 0
    Last Post: 09-13-2010, 11:00 PM
  3. Replies: 5
    Last Post: 08-16-2010, 05:33 AM
  4. Replies: 1
    Last Post: 06-25-2010, 10:08 PM
  5. Replies: 4
    Last Post: 07-29-2009, 07:24 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •