Page 4 of 6 FirstFirst ... 23456 LastLast
Results 31 to 40 of 55

Thread: 8.0.2 Community Edition - no longer allows SMTP auth users send email - RBL blocked

  1. #31
    dvirt is offline Intermediate Member
    Join Date
    Oct 2012
    Posts
    20
    Rep Power
    2

    Exclamation

    Quote Originally Posted by thunder04 View Post
    This seems to be a decent temporary fix, but I am still interested in configuring Zimbra so that

    Code:
    permit_sasl_authenticated
    and

    Code:
    amavis_originating_bypass_sa = true
    Do what they are supposed to do!
    +1

    I found this thread after posting my bug:

    https://bugzilla.zimbra.com/show_bug.cgi?id=79415

    which, unfortunately, got reclassified as an "enhancement". I disagree, but have no ability to change it back.

    If you're interested, lend your voice(s) there as well. THanks!

  2. #32
    quanah is offline Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,265
    Rep Power
    10

    Default

    Quote Originally Posted by thunder04 View Post
    Code:
    zimbra@cottontail:~/conf$ zmprov gacf | grep MtaRestriction
    zimbraMtaRestriction: reject_non_fqdn_sender
    zimbraMtaRestriction: reject_unknown_sender_domain
    zimbraMtaRestriction: reject_rbl_client b.barracudacentral.org
    zimbraMtaRestriction: reject_rbl_client sbl.spamhaus.org
    zimbraMtaRestriction: reject_rbl_client xbl.spamhaus.org
    zimbraMtaRestriction: reject_rbl_client dbl.spamhaus.org
    zimbraMtaRestriction: reject_rbl_client cbl.abuseat.org
    zimbraMtaRestriction: reject_rbl_client psbl.surriel.com
    I wanted to note, this is not the correct way to set RBL's in ZCS.

    RBLs have their own attribute, zimbraMtaRestrictionRBLs

    You simply set that to the RBL you want to use, like

    zmprov ms <...> +zimbraMtaRestrictionRBLs dbl.spamhaus.org

    They should *not* be in zimbraMtaRestriction.

    --Quanah
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  3. #33
    dvirt is offline Intermediate Member
    Join Date
    Oct 2012
    Posts
    20
    Rep Power
    2

    Default

    Quote Originally Posted by quanah View Post
    I wanted to note, this is not the correct way to set RBL's in ZCS.

    RBLs have their own attribute, zimbraMtaRestrictionRBLs

    You simply set that to the RBL you want to use, like

    zmprov ms <...> +zimbraMtaRestrictionRBLs dbl.spamhaus.org

    They should *not* be in zimbraMtaRestriction.

    --Quanah
    I'd guess people are just following the instructions at:

    "Configuring and Monitoring Postfix DNSBL"
    https://wiki.zimbra.com/wiki/Configu..._Postfix_DNSBL

    which specifically states to use:
    Code:
     zmprov mcf zimbraMtaRestriction [RBL type]
    and makes no mention of:
    Code:
      zimbraMtaRestrictionRBLs
    fyi:

    Code:
    zimbra@test:~$ zmcontrol -v
    Release 8.0.2.GA.5569.UBUNTU12.64 UBUNTU12_64 FOSS edition.
    zimbra@test:~$ zmprov gacf | grep -i zimbraMtaRestrictionRBL
    zimbra@test:~$ zmprov gs `zmhostname` | grep -i zimbraMtaRestrictionRBL
    zimbra@test:~$ zmlocalconfig | grep -i zimbraMtaRestrictionRBL
    zimbra@test:~$
    Last edited by dvirt; 01-08-2013 at 05:14 PM.

  4. #34
    magneticinduction is offline Active Member
    Join Date
    Apr 2009
    Posts
    27
    Rep Power
    6

    Default

    When I add RBLs I just use the web interface. This auth bug exists in that manner as well.

  5. #35
    dvirt is offline Intermediate Member
    Join Date
    Oct 2012
    Posts
    20
    Rep Power
    2

    Default

    Quote Originally Posted by magneticinduction View Post
    When I add RBLs I just use the web interface. This auth bug exists in that manner as well.
    given that you've not 'polluted' your setup using other-than-UI, can you check/verify what _your_ setup returns for:

    Code:
    zmprov gacf | grep -i zimbraMtaRestriction
    zmprov gs `zmhostname` | grep -i zimbraMtaRestriction
    zmlocalconfig | grep -i zimbraMtaRestriction
    ?

    update:

    for anyone interested, the bug @

    "SASL Authenticated mail submitted to port 587 from remote (mobile phone) networks is incorrectly checked/rejected by Zimbra Server's DNSBL checks"
    https://bugzilla.zimbra.com/show_bug.cgi?id=79415

    has been re-classified as a P2/Critical bug. I'd guess solutions will flow from there.
    Last edited by dvirt; 01-08-2013 at 06:38 PM.

  6. #36
    magneticinduction is offline Active Member
    Join Date
    Apr 2009
    Posts
    27
    Rep Power
    6

    Default

    Quote Originally Posted by dvirt View Post
    given that you've not 'polluted' your setup using other-than-UI, can you check/verify what _your_ setup returns for:

    Code:
    zmprov gacf | grep -i zimbraMtaRestriction
    zmprov gs `zmhostname` | grep -i zimbraMtaRestriction
    zmlocalconfig | grep -i zimbraMtaRestriction
    ?

    update:

    for anyone interested, the bug @

    "SASL Authenticated mail submitted to port 587 from remote (mobile phone) networks is incorrectly checked/rejected by Zimbra Server's DNSBL checks"
    https://bugzilla.zimbra.com/show_bug.cgi?id=79415

    has been re-classified as a P2/Critical bug. I'd guess solutions will flow from there.

    Code:
    $ zmprov gacf | grep -i zimbraMtaRestriction
    
    zimbraMtaRestriction: reject_non_fqdn_sender
    zimbraMtaRestriction: reject_rbl_client sbl.spamhaus.org
    zimbraMtaRestriction: reject_rbl_client xbl.spamhaus.org
    zimbraMtaRestriction: reject_rbl_client bl.spamcop.net
    Code:
    $ zmprov gs `me.domain.com` | grep -i zimbraMtaRestriction
    me.domain.com: command not found
    I dont think I made a typo up there.

    Code:
    $ zmlocalconfig | grep -i zimbraMtaRestriction
    I got a blank output.

  7. #37
    dvirt is offline Intermediate Member
    Join Date
    Oct 2012
    Posts
    20
    Rep Power
    2

    Default

    Quote Originally Posted by magneticinduction View Post

    Code:
    $ zmprov gs `me.domain.com` | grep -i zimbraMtaRestriction
    me.domain.com: command not found
    I dont think I made a typo up there.
    it's either

    Code:
    zmprov gs `hostname` | grep -i zimbraMtaRestriction
    or

    Code:
    zmprov gs me.domain.com | grep -i zimbraMtaRestriction
    the backticks cause the cmd within to be exec'd

  8. #38
    thunder04 is offline Special Member
    Join Date
    Dec 2007
    Location
    Stockton, CA
    Posts
    164
    Rep Power
    7

    Default

    I was going to report that even though authenticated user mail was not being spam checked any more, it was still being checked against RBLs. However, after reviewing the bug linked above, the fix from Quanah Gibson-Mount seems to have fixed it for me!

    Quote Originally Posted by Quanah Gibson-Mount
    For 8.0.2, I *believe* the following will fix the issue, but I have no way to
    test:

    cd /opt/zimbra/conf/zmconfigd/
    vi smtpd_recipient_restrictions.cf

    Add the following 2 lines to the start of the file:
    permit_sasl_authenticated
    permit_mynetworks

    zmcontrol stop;zmcontrol start
    In terms of the zimbraMtaRestriction vs zimbraMtaRestrictionRBL, here's what my server returns:

    Code:
    zimbra@cottontail:~$ zmprov gacf | grep -i zimbraMtaRestriction
    zimbraMtaRestriction: reject_non_fqdn_sender
    zimbraMtaRestriction: reject_unknown_sender_domain
    zimbraMtaRestriction: reject_rbl_client b.barracudacentral.org
    zimbraMtaRestriction: reject_rbl_client zen.spamhaus.org
    zimbraMtaRestriction: reject_rbl_client dnsbl.njabl.org
    Code:
    zimbra@cottontail:~$ zmprov gs `zmhostname` | grep -i zimbraMtaRestriction
    zimbra@cottontail:~$
    Code:
    zimbra@cottontail:~$ zmlocalconfig | grep -i zimbraMtaRestriction
    zimbra@cottontail:~$
    We upgraded from 6.0.14 to 8.0.2, which I'm sure makes a difference. We only add/remove RBLs through the admin GUI and rarely (if ever) make config changes via any of the CLI tools. Also, when I make RBL changes post 8.0.2 upgrade, they still seem to apply as "zimbraMtaRestriction: reject_rbl_client xxx". This is just an FYI more than anything else.

  9. #39
    dvirt is offline Intermediate Member
    Join Date
    Oct 2012
    Posts
    20
    Rep Power
    2

    Default

    Quote Originally Posted by thunder04 View Post
    In terms of the zimbraMtaRestriction vs zimbraMtaRestrictionRBL, here's what my server returns:
    ...
    We upgraded from 6.0.14 to 8.0.2, which I'm sure makes a difference. We only add/remove RBLs through the admin GUI and rarely (if ever) make config changes via any of the CLI tools. Also, when I make RBL changes post 8.0.2 upgrade, they still seem to apply as "zimbraMtaRestriction: reject_rbl_client xxx". This is just an FYI more than anything else.
    I clean-installed 8.0.0, and upgraded to 8.0.2.

    So neither you, nor I, nor magneticinduction see and trace of zimbraMtaRestrictionRBL, rather only zimbraMtaRestriction, regardless of how we add the DNSBL -- cmd line or shell.

    Which seems to contradict:

    Quote Originally Posted by quanah View Post
    I wanted to note, this is not the correct way to set RBL's in ZCS.

    RBLs have their own attribute, zimbraMtaRestrictionRBLs

    You simply set that to the RBL you want to use, like

    zmprov ms <...> +zimbraMtaRestrictionRBLs dbl.spamhaus.org

    They should *not* be in zimbraMtaRestriction.
    I'm hoping we can get some clarification & consistent documentation on this.

  10. #40
    quanah is offline Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,265
    Rep Power
    10

    Default

    Quote Originally Posted by dvirt View Post
    I clean-installed 8.0.0, and upgraded to 8.0.2.

    So neither you, nor I, nor magneticinduction see and trace of zimbraMtaRestrictionRBL, rather only zimbraMtaRestriction, regardless of how we add the DNSBL -- cmd line or shell.
    I'm hoping we can get some clarification & consistent documentation on this.
    cd /opt/zimbra/conf/zmconfigd
    grep zimbraMtaRestrictionRBLs smtpd_recipient_restrictions.cf

    The code does not lie. The documentation is clearly wrong, and the Admin console is clearly broken.

    --Quanah
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

Page 4 of 6 FirstFirst ... 23456 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. force Webmail user to send email with "smtp auth"
    By bonadio in forum Developers
    Replies: 11
    Last Post: 01-26-2012, 10:26 AM
  2. Send blocked attachments from admin users
    By Houston in forum Administrators
    Replies: 0
    Last Post: 09-20-2010, 10:46 AM
  3. Replies: 1
    Last Post: 10-19-2009, 10:32 PM
  4. Enable SMTP Auth to external users
    By VictorMedina in forum Administrators
    Replies: 1
    Last Post: 05-24-2006, 10:06 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •