Results 1 to 3 of 3

Thread: My Zimbra 8.0 is an Open Relay

  1. #1
    Andre81's Avatar
    Andre81 is offline Junior Member
    Join Date
    Nov 2012
    Location
    Italy
    Posts
    7
    Rep Power
    2

    Exclamation My Zimbra 8.0 is an Open Relay

    Hi there,

    this is my first post in this community. I'm new on Zimbra colaboration suite, and I've some question about my particular configuration.

    My network is quite complicated, and I have two NAT one behind the other.
    This prejudice that Zimbra will always see all incoming connections to be local, and they are generated locally (192.168.xx) although is generated by an external ip.
    In this scenario we understand very well that restrict the authorization with trusted network does not make sense.

    My idea is simple:

    in order to send out of Zimbra domain (users@mydomain.com -> users@outside_the_world), users MUST be authenticated trough username and password regardless of where the connection is originated.

    in order to receive mail, is permitted to the sender outside my domain to send only to users in my domain.

    I' ve read some about how to restrict here: ZIMBRA SMTP AUTH problem but I've some problem.

    1) in this way all type of mail relay only if the sender is authenticated
    2) my Zimbra 8.0 rewrite all changes I've made in configuration files, so after restart I've lost the configuration


    Any help will'be appreciated.

    Thanks

    Andrea
    zimbra@mail:~$ zmcontrol -v
    Release 8.0.0.GA.5434.UBUNTU12.64 UBUNTU12_64 FOSS edition.
    zimbra@mail:~$

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    Zimbra, by default, is not an open relay unless you've modified something to make it one.

    Quote Originally Posted by Andre81 View Post
    My network is quite complicated, and I have two NAT one behind the other.
    That makes no sense and doesn't provide any benefit.

    Quote Originally Posted by Andre81 View Post
    This prejudice that Zimbra will always see all incoming connections to be local, and they are generated locally (192.168.xx) although is generated by an external ip.
    In this scenario we understand very well that restrict the authorization with trusted network does not make sense.
    Quote Originally Posted by Andre81 View Post
    My idea is simple:

    in order to send out of Zimbra domain (users@mydomain.com -> users@outside_the_world), users MUST be authenticated trough username and password regardless of where the connection is originated.
    Your users should use Port 587 as the correct submission port, that requires authentication.

    Quote Originally Posted by Andre81 View Post
    in order to receive mail, is permitted to the sender outside my domain to send only to users in my domain.
    They can't send mail to anyone else unless you're an open relay (see my first comment).

    Quote Originally Posted by Andre81 View Post
    I' ve read some about how to restrict here: ZIMBRA SMTP AUTH problem but I've some problem.

    1) in this way all type of mail relay only if the sender is authenticated
    2) my Zimbra 8.0 rewrite all changes I've made in configuration files, so after restart I've lost the configuration
    Then you need to make the changes correctly in ZCS 8, search the forums for details.

    FWIW, I have my server behind a NAT router and I also have my LAN subnet in the Trusted Networks and nobody can relay through my server. I'd suggest you search the internet for sites that will test your server to see if it's an open relay.
    Last edited by phoenix; 11-08-2012 at 08:20 AM.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Andre81's Avatar
    Andre81 is offline Junior Member
    Join Date
    Nov 2012
    Location
    Italy
    Posts
    7
    Rep Power
    2

    Default

    Quote Originally Posted by phoenix View Post
    Zimbra, by default, is not an open relay unless you've modified something to make it one.

    That makes no sense and doesn't provide any benefit.
    This is correct, I think exactly like you, but this configuration is provided by my ISP and I can't change.
    Don't remember, this is Italy for better or for worse
    (we have not thought patterns and we range into the strangest default configuration )


    Quote Originally Posted by phoenix View Post
    Your users should use Port 587 as the correct submission port, that requires authentication.
    The port 587 must be configured in initial setup?

    Quote Originally Posted by phoenix View Post
    They can't send mail to anyone else unless you're an open relay (see my first comment).
    That's right, but in my particular case Zimbra is an Open Relay (I've done test) due to this particular scenario.
    I think that permits to send based only in IP address isn't enough secure, in fact if my network has many server, and one of them is compromised, the Trusted network isn't enough.

    Quote Originally Posted by phoenix View Post
    Then you need to make the changes correctly in ZCS 8, search the forums for details.
    I've searched but there are a bit of confusion, one user talks to one method, another one talks to another method, and so...

    Quote Originally Posted by phoenix View Post
    FWIW, I have my server behind a NAT router and I also have my LAN subnet in the Trusted Networks and nobody can relay through my server. I'd suggest you search the internet for sites that will test your server to see if it's an open relay.
    If I've only one NAT, my Zimbra works like a charm... even if the problem of access to the local network even to other servers remains.


    Thanks for your attention.

    Andrea
    Last edited by Andre81; 11-08-2012 at 07:47 AM.
    zimbra@mail:~$ zmcontrol -v
    Release 8.0.0.GA.5434.UBUNTU12.64 UBUNTU12_64 FOSS edition.
    zimbra@mail:~$

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. First Zimbra Installation - How to block open relay
    By kaioh84 in forum Administrators
    Replies: 4
    Last Post: 07-06-2012, 10:25 PM
  2. First Zimbra Installation - How to block open relay
    By kaioh84 in forum Installation
    Replies: 1
    Last Post: 07-04-2012, 12:24 AM
  3. Replies: 15
    Last Post: 05-14-2012, 09:32 AM
  4. [SOLVED] Zimbra - acting as open relay
    By milind.v.patil in forum Administrators
    Replies: 14
    Last Post: 11-17-2009, 02:48 AM
  5. Zimbra being an open relay?
    By gkra in forum Installation
    Replies: 6
    Last Post: 06-29-2007, 10:59 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •