Page 3 of 6 FirstFirst 12345 ... LastLast
Results 21 to 30 of 55

Thread: 8.0.2 Community Edition - no longer allows SMTP auth users send email - RBL blocked

  1. #21
    liverpoolfcfan's Avatar
    liverpoolfcfan is offline Outstanding Member
    Join Date
    Oct 2009
    Location
    Dublin, IRELAND
    Posts
    710
    Rep Power
    6

    Default

    You forgot the -e for edit after the zmlocalconfig command. See quanah's last post.

  2. #22
    quanah is offline Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,265
    Rep Power
    10

    Default

    zmconfigd will automatically restart amavis for you when it detects the value was changed (about 2 minutes or less)
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  3. #23
    thunder04 is offline Special Member
    Join Date
    Dec 2007
    Location
    Stockton, CA
    Posts
    164
    Rep Power
    7

    Default

    Hmm. Well, even after a full "zmcontrol restart", sending a test email to myself via the Zimbra web interface is still passed through spam and antivirus checks.

    However:

    Code:
    zimbra@cottontail:~/conf$ zmlocalconfig | grep amavis
    amavis_originating_bypass_sa = true
    Headers of my test message:

    Code:
    Return-Path: ahoppe@mpcsd.org
    Received: from cottontail.mpcsd.org (LHLO cottontail.mpcsd.org) (10.1.1.37)
     by cottontail.mpcsd.org with LMTP; Fri, 4 Jan 2013 09:20:35 -0800 (PST)
    Received: from localhost (localhost.localdomain [127.0.0.1])
    	by cottontail.mpcsd.org (Postfix) with ESMTP id CEB091300396
    	for <ahoppe@mpcsd.org>; Fri,  4 Jan 2013 09:20:32 -0800 (PST)
    X-Virus-Scanned: amavisd-new at mpcsd.org
    X-Spam-Flag: NO
    X-Spam-Score: -2.49
    X-Spam-Level:
    X-Spam-Status: No, score=-2.49 tagged_above=-10 required=4
    	tests=[ALL_TRUSTED=-1, BAYES_05=-0.5, RP_MATCHES_RCVD=-1,
    	T_NOT_A_PERSON=-0.01, T_THREAD_INDEX_BAD=0.01, T_UNKNOWN_ORIGIN=0.01]
    	autolearn=ham
    Received: from cottontail.mpcsd.org ([127.0.0.1])
    	by localhost (cottontail.mpcsd.org [127.0.0.1]) (amavisd-new, port 10024)
    	with ESMTP id v0WF6r05xdRj for <ahoppe@mpcsd.org>;
    	Fri,  4 Jan 2013 09:20:25 -0800 (PST)
    Received: from localhost (localhost.localdomain [127.0.0.1])
    	by cottontail.mpcsd.org (Postfix) with ESMTP id 5A25713003EE
    	for <ahoppe@mpcsd.org>; Fri,  4 Jan 2013 09:20:24 -0800 (PST)
    X-Virus-Scanned: amavisd-new at mpcsd.org
    Received: from cottontail.mpcsd.org ([127.0.0.1])
    	by localhost (cottontail.mpcsd.org [127.0.0.1]) (amavisd-new, port 10026)
    	with ESMTP id 295WO9QibYTS for <ahoppe@mpcsd.org>;
    	Fri,  4 Jan 2013 09:20:24 -0800 (PST)
    Received: from cottontail.mpcsd.org (cottontail.mpcsd.org [10.1.1.37])
    	by cottontail.mpcsd.org (Postfix) with ESMTP id 69D6F13003D0
    	for <ahoppe@mpcsd.org>; Fri,  4 Jan 2013 09:20:23 -0800 (PST)
    Date: Fri, 4 Jan 2013 09:20:23 -0800 (PST)
    From: Anthony Hoppe <ahoppe@mpcsd.org>
    To: Anthony Hoppe <ahoppe@mpcsd.org>
    Message-ID: <851833616.179.1357320023480.JavaMail.root@mpcsd.org>
    Subject: Test
    MIME-Version: 1.0
    Content-Type: text/plain; charset=utf-8
    Content-Transfer-Encoding: 7bit
    X-Originating-IP: [10.10.45.9]
    X-Mailer: Zimbra 8.0.2_GA_5569 (ZimbraWebClient - GC23 (Mac)/8.0.2_GA_5569)
    Thread-Topic: Test
    Thread-Index: hPkaTryx2vTYtLT8aaHEOfsWv3iOug==
    I'm not sure why it's not working.
    Last edited by thunder04; 01-04-2013 at 10:42 AM.

  4. #24
    Labsy is offline Elite Member
    Join Date
    Nov 2009
    Location
    Ljubljana, Slovenia
    Posts
    268
    Rep Power
    5

    Default

    I've been coping this issue last days way too much, spent hours into resolving, but cannot find resolution.
    In short:
    - postfix main.cf has "permit_sasl_authenticated" parameter there, so postfix should only do RBL check on general mail, but not for authenticated senders
    - amavis_originating_bypass_sa = true
    - All users are required to use SSL or TLS SMTP port 465 or 587 and authenticate before sending

    But most users on ADSL links still get refused.
    This issue came along with upgrade to 8.0.2

    WORKAROUND
    What resolved my problem is quote from Spamhaus:
    Caution: Because ZEN includes the XBL and PBL lists, do not use ZEN on smarthosts or SMTP AUTH outbound servers for your own customers (or you risk blocking your own customers). Do not use ZEN in filters that do any ‘deep parsing’ of Received headers, or for anything other than checking IP addresses that hand off to your mailservers.

    So I removed RBL "zen.spamhaus.org" and instead added "sbl.spamhaus.org" and "xbl.spamhaus.org".
    Zimbra on SGH dedicated hosting farm, Slovenia.
    In 2013 we announce new program of low cost SSL server certificates.

  5. #25
    thunder04 is offline Special Member
    Join Date
    Dec 2007
    Location
    Stockton, CA
    Posts
    164
    Rep Power
    7

    Default

    In an attempt to try a variation of your workaround, I added all of the individual Spamhaus blacklists and decided to weed down until I was left with the lists that were not blocking our users from sending mail. I got down to sbl, xbl, and dbl, and it seems that dbl is a very BAD one to add (it's blocking what seems like everything).

    You'd think it's as simple as removing it from the list, right? Wrong. I CANNOT get it to remove. Removing it through the admin web interface doesn't work, and doing

    Code:
    zmprov mcf -reject_rbl_client dbl.spamhaus.org
    As user zimbra returns no error but does not work.

    I am stuck with:

    Code:
    zimbra@cottontail:~/conf$ zmprov gacf | grep MtaRestriction
    zimbraMtaRestriction: reject_non_fqdn_sender
    zimbraMtaRestriction: reject_unknown_sender_domain
    zimbraMtaRestriction: reject_rbl_client b.barracudacentral.org
    zimbraMtaRestriction: reject_rbl_client sbl.spamhaus.org
    zimbraMtaRestriction: reject_rbl_client xbl.spamhaus.org
    zimbraMtaRestriction: reject_rbl_client dbl.spamhaus.org
    zimbraMtaRestriction: reject_rbl_client cbl.abuseat.org
    zimbraMtaRestriction: reject_rbl_client psbl.surriel.com
    Any suggestions?! I'm going to pull my hair out!

  6. #26
    thunder04 is offline Special Member
    Join Date
    Dec 2007
    Location
    Stockton, CA
    Posts
    164
    Rep Power
    7

    Default

    I was being a n00b again and not typing the command correctly.

    Code:
    zmprov mcf -zimbraMtaRestriction "reject_rbl_client dbl.spamhaus.org"
    Seems to have done the trick.

  7. #27
    thunder04 is offline Special Member
    Join Date
    Dec 2007
    Location
    Stockton, CA
    Posts
    164
    Rep Power
    7

    Default

    This seems to be a decent temporary fix, but I am still interested in configuring Zimbra so that

    Code:
    permit_sasl_authenticated
    and

    Code:
    amavis_originating_bypass_sa = true
    Do what they are supposed to do!

  8. #28
    Labsy is offline Elite Member
    Join Date
    Nov 2009
    Location
    Ljubljana, Slovenia
    Posts
    268
    Rep Power
    5

    Default

    @thunder04: My vote for that!
    Zimbra on SGH dedicated hosting farm, Slovenia.
    In 2013 we announce new program of low cost SSL server certificates.

  9. #29
    rouven is offline Junior Member
    Join Date
    Mar 2008
    Posts
    5
    Rep Power
    7

    Default

    Hi,
    same for me here. But i cannot even use the other spamhaus lists, most of my vodafone users beeing blocked. I had to turn off rbl checks for everyone, resulting in a mass wave of spam... Any solution? even temporarly without turning all rbls off?

  10. #30
    thunder04 is offline Special Member
    Join Date
    Dec 2007
    Location
    Stockton, CA
    Posts
    164
    Rep Power
    7

    Default

    Ok, I haven't a CLUE what changed, but suddenly

    Code:
    amavis_originating_bypass_sa = true
    Seems to be working!

    Test message via the Zimbra web interface:

    Code:
    Return-Path: test@mpcsd.org
    Received: from cottontail.mpcsd.org (LHLO cottontail.mpcsd.org) (10.1.1.37)
     by cottontail.mpcsd.org with LMTP; Tue, 8 Jan 2013 10:27:16 -0800 (PST)
    Received: from localhost (localhost.localdomain [127.0.0.1])
    	by cottontail.mpcsd.org (Postfix) with ESMTP id BAAFF13002F8
    	for <ahoppe@mpcsd.org>; Tue,  8 Jan 2013 10:27:16 -0800 (PST)
    X-Virus-Scanned: amavisd-new at mpcsd.org
    Received: from cottontail.mpcsd.org ([127.0.0.1])
    	by localhost (cottontail.mpcsd.org [127.0.0.1]) (amavisd-new, port 10024)
    	with ESMTP id DNxkfSXSUx0T for <ahoppe@mpcsd.org>;
    	Tue,  8 Jan 2013 10:27:16 -0800 (PST)
    Received: from localhost (localhost.localdomain [127.0.0.1])
    	by cottontail.mpcsd.org (Postfix) with ESMTP id 2B0A21300303
    	for <ahoppe@mpcsd.org>; Tue,  8 Jan 2013 10:27:16 -0800 (PST)
    X-Virus-Scanned: amavisd-new at mpcsd.org
    Received: from cottontail.mpcsd.org ([127.0.0.1])
    	by localhost (cottontail.mpcsd.org [127.0.0.1]) (amavisd-new, port 10026)
    	with ESMTP id SIaSa0NTFCEo for <ahoppe@mpcsd.org>;
    	Tue,  8 Jan 2013 10:27:15 -0800 (PST)
    Received: from [10.12.72.233] (unknown [149.20.84.128])
    	(Authenticated sender: test)
    	by cottontail.mpcsd.org (Postfix) with ESMTPSA id CD89713002F8
    	for <ahoppe@mpcsd.org>; Tue,  8 Jan 2013 10:27:15 -0800 (PST)
    Subject: Test Email
    From: Test <test@mpcsd.org>
    Content-Type: text/plain;
    	charset=us-ascii
    X-Mailer: iPhone Mail (10A525)
    Message-Id: <33FE7B72-9929-4173-B106-6B89E1EBC153@mpcsd.org>
    Date: Tue, 8 Jan 2013 10:27:15 -0800
    To: Anthony Hoppe <ahoppe@mpcsd.org>
    Content-Transfer-Encoding: 7bit
    Mime-Version: 1.0 (1.0)
    Test message from my iPhone using the Mail app:

    Code:
    Return-Path: ahoppe@mpcsd.org
    Received: from cottontail.mpcsd.org (LHLO cottontail.mpcsd.org) (10.1.1.37)
     by cottontail.mpcsd.org with LMTP; Tue, 8 Jan 2013 10:35:58 -0800 (PST)
    Received: from localhost (localhost.localdomain [127.0.0.1])
    	by cottontail.mpcsd.org (Postfix) with ESMTP id 217D31300363
    	for <ahoppe@mpcsd.org>; Tue,  8 Jan 2013 10:35:58 -0800 (PST)
    X-Virus-Scanned: amavisd-new at mpcsd.org
    Received: from cottontail.mpcsd.org ([127.0.0.1])
    	by localhost (cottontail.mpcsd.org [127.0.0.1]) (amavisd-new, port 10024)
    	with ESMTP id K7gCIE_-g0PT for <ahoppe@mpcsd.org>;
    	Tue,  8 Jan 2013 10:35:57 -0800 (PST)
    Received: from localhost (localhost.localdomain [127.0.0.1])
    	by cottontail.mpcsd.org (Postfix) with ESMTP id D5E3E130035D
    	for <ahoppe@mpcsd.org>; Tue,  8 Jan 2013 10:35:56 -0800 (PST)
    X-Virus-Scanned: amavisd-new at mpcsd.org
    Received: from cottontail.mpcsd.org ([127.0.0.1])
    	by localhost (cottontail.mpcsd.org [127.0.0.1]) (amavisd-new, port 10026)
    	with ESMTP id X5IyI3diYJb0 for <ahoppe@mpcsd.org>;
    	Tue,  8 Jan 2013 10:35:56 -0800 (PST)
    Received: from [10.79.106.43] (mobile-166-137-185-144.mycingular.net [166.137.185.144])
    	(Authenticated sender: ahoppe)
    	by cottontail.mpcsd.org (Postfix) with ESMTPSA id 7581613002F8
    	for <ahoppe@mpcsd.org>; Tue,  8 Jan 2013 10:35:50 -0800 (PST)
    Subject: Test from iPhone /w Wi-Fi off.
    From: Anthony Hoppe <ahoppe@mpcsd.org>
    Content-Type: text/plain;
    	charset=us-ascii
    X-Mailer: iPhone Mail (10A523)
    Message-Id: <930C8DD6-6BC6-4091-99B4-71078CF02EAE@mpcsd.org>
    Date: Tue, 8 Jan 2013 10:35:35 -0800
    To: ahoppe <ahoppe@mpcsd.org>
    Content-Transfer-Encoding: 7bit
    Mime-Version: 1.0 (1.0)
    Test message from my GMail account to my Zimbra account:

    Code:
    Return-Path: anthony.hoppe@gmail.com
    Received: from cottontail.mpcsd.org (LHLO cottontail.mpcsd.org) (10.1.1.37)
     by cottontail.mpcsd.org with LMTP; Tue, 8 Jan 2013 10:07:36 -0800 (PST)
    Received: from localhost (localhost.localdomain [127.0.0.1])
    	by cottontail.mpcsd.org (Postfix) with ESMTP id 4C82E130000E
    	for <ahoppe@mpcsd.org>; Tue,  8 Jan 2013 10:07:36 -0800 (PST)
    X-Virus-Scanned: amavisd-new at mpcsd.org
    X-Spam-Flag: NO
    X-Spam-Score: -2.009
    X-Spam-Level:
    X-Spam-Status: No, score=-2.009 tagged_above=-10 required=4
    	tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
    	DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001,
    	RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001,
    	T_FSL_HELO_NON_FQDN_2=0.01, T_LONG_HEADER_LINE_80=0.01,
    	T_RCD_RDNS_SERVER=-0.01, T_RCD_RDNS_SERVER_MESSY=-0.01,
    	T_SMF_FROM_GMAIL=0.01] autolearn=ham
    Authentication-Results: cottontail.mpcsd.org (amavisd-new);
    	dkim=pass (2048-bit key) header.d=gmail.com
    Received: from cottontail.mpcsd.org ([127.0.0.1])
    	by localhost (cottontail.mpcsd.org [127.0.0.1]) (amavisd-new, port 10024)
    	with ESMTP id fN8DkOEwR_6m for <ahoppe@mpcsd.org>;
    	Tue,  8 Jan 2013 10:07:35 -0800 (PST)
    Received: from mail-lb0-f179.google.com (mail-lb0-f179.google.com [209.85.217.179])
    	by cottontail.mpcsd.org (Postfix) with ESMTPS id D5B8413001A4
    	for <ahoppe@mpcsd.org>; Tue,  8 Jan 2013 10:07:34 -0800 (PST)
    Received: by mail-lb0-f179.google.com with SMTP id gm13so605431lbb.10
            for <ahoppe@mpcsd.org>; Tue, 08 Jan 2013 10:07:33 -0800 (PST)
    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
            d=gmail.com; s=20120113;
            h=mime-version:date:message-id:subject:from:to:content-type;
            bh=jSBByqofAWw2BofkfKgTWfEtQqdE1zHTfFexXlrrWdM=;
            b=HdN680NVAElBP/MagoE7sYRXCsbydpfE30cnMyDFndfr6/u94yUPra7F9pn/qRfHRy
             U/MUpgtrxt6NzmsSWLzMuhCU6n2cVfUa/D9OdthE9TZQBP7xFSNTfedSAkt27wdrc5J7
             26AW+zTE43wM35oYIBWoo8cmJu4ppDE1ktSpFlSWBiAboglp2ZTfoT3Q7pAhExnIvXyM
             lZkUqqsoV+0B9FmMYSqWn4IWSb+yn3OPZ01pv1mQR0UPf6Eyz08qeY7DRxN+QP2Wa9uY
             UcfOssLwPtkBTI3l12YCqHkW9yHsc1+ihCOnibiYyxshLwZCxbn48ntrLjzL3Uhpkwj2
             gEUQ==
    MIME-Version: 1.0
    Received: by 10.152.125.136 with SMTP id mq8mr62763440lab.41.1357668453051;
     Tue, 08 Jan 2013 10:07:33 -0800 (PST)
    Received: by 10.112.127.230 with HTTP; Tue, 8 Jan 2013 10:07:32 -0800 (PST)
    Date: Tue, 8 Jan 2013 10:07:32 -0800
    Message-ID: <CAKSvKH0wpxVopU7_BHS-GDKUwgOM=df_+AOzsJ+ULc=TjceuSQ@mail.gmail.com>
    Subject: Hi!
    From: Anthony Hoppe <anthony.hoppe@gmail.com>
    To: Me <ahoppe@mpcsd.org>
    Content-Type: multipart/alternative; boundary=f46d042f9756ddec8f04d2cad1fa
    I didn't change anything configuration wise since my last post! I added more RAM to our Zimbra server this morning...could a power cycle simply been the trick?!

    If the Amavis configuration setting is working, does that mean this RBL problem is gone?!

Page 3 of 6 FirstFirst 12345 ... LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. force Webmail user to send email with "smtp auth"
    By bonadio in forum Developers
    Replies: 11
    Last Post: 01-26-2012, 10:26 AM
  2. Send blocked attachments from admin users
    By Houston in forum Administrators
    Replies: 0
    Last Post: 09-20-2010, 10:46 AM
  3. Replies: 1
    Last Post: 10-19-2009, 10:32 PM
  4. Enable SMTP Auth to external users
    By VictorMedina in forum Administrators
    Replies: 1
    Last Post: 05-24-2006, 10:06 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •