Results 1 to 5 of 5

Thread: "Semi" Open Relay Problem

  1. #1
    spesso is offline Junior Member
    Join Date
    Apr 2013
    Posts
    5
    Rep Power
    2

    Default "Semi" Open Relay Problem

    Hi all!
    I have a very peculiar problem and cannot trace its origin so I am searching for help and advice.
    I read all post I found without finding a real solution.

    If you telnet my zimbra Open Source Edtition Server from outside its lan and try to send an email to the outside word you get correctly "Relay access denied".

    But if you do the same thing and use a @domain_in_my_organization as a sender you can send email to the whole word without any auth.

    This is my actual Trusted MTA settings 127.0.0.0/8 ZIMBRA_SERVER_IP/32 .

    I tried all with telnet:

    Correct behavior:

    ehlo spesso
    250-mydomain
    250-PIPELINING
    250-SIZE 31457280
    250-VRFY
    250-ETRN
    250-STARTTLS
    250-AUTH LOGIN PLAIN
    250-AUTH=LOGIN PLAIN
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250 DSN
    MAIL FROM: test@test.com
    250 2.1.0 Ok
    RCPT TO: outsideuser@outs
    554 5.7.1 <outsideuser@outsidedomain.com>: Relay access denied
    quit
    221 2.0.0 Bye

    Strange and dangerous behavior:

    ehlo spesso
    250-mydomain
    250-PIPELINING
    250-SIZE 31457280
    250-VRFY
    250-ETRN
    250-STARTTLS
    250-AUTH LOGIN PLAIN
    250-AUTH=LOGIN PLAIN
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250 DSN
    MAIL FROM: randomchars@domain_in_my_organization.com
    250 2.1.0 Ok
    RCPT TO: some_user@all_over_the_word.com
    250 2.1.5 Ok
    DATA
    End data with <CR><LF>.<CR><LF>
    test
    .
    250 2.0.0 Ok: queued as 416891B30021
    quit
    221 2.0.0 Bye

    Thanks!

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    There's no such thing as a 'Semi open relay...', it's either an open relay or it's not. Your server is not an open relay, to understand your test you should read some of the details about the Trusted Networks setting. I'll also move this to the correct forum as it's not a question about installing Zimbra (which is wher you posted).
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    spesso is offline Junior Member
    Join Date
    Apr 2013
    Posts
    5
    Rep Power
    2

    Default

    Thanks Bill for your answer and for moving the post in its correct location.
    Yes, I used "semi" but I know it is incorrect... it was just for getting the idea of the problem.
    Server itself it is not an open relay, OK, but how it is possible that users outside trusted network (I did the telnet from my house, which is not linked in any way to server network) send email to users outside my organization (let's say a Google user) without authentication?

    Perhaps I am missing a bit... but which one?

    Thanks again,

    Best!

  4. #4
    Raunaq's Avatar
    Raunaq is offline Zimbra Employee
    Join Date
    Nov 2012
    Location
    Bangalore
    Posts
    163
    Rep Power
    2

    Default

    Can you check the zimbraMtaRestriction?

  5. #5
    spesso is offline Junior Member
    Join Date
    Apr 2013
    Posts
    5
    Rep Power
    2

    Default

    zmprov gacf | grep zimbraMtaRestriction
    zimbraMtaRestriction: reject_invalid_hostname
    zimbraMtaRestriction: reject_non_fqdn_hostname
    zimbraMtaRestriction: reject_non_fqdn_sender
    zimbraMtaRestriction: reject_unknown_client
    zimbraMtaRestriction: reject_unknown_hostname
    zimbraMtaRestriction: reject_unknown_sender_domain
    zimbraMtaRestriction: check_policy_service inet:127.0.0.1:10031
    zimbraMtaRestriction: reject_rbl_client dnsbl.njabl.org
    zimbraMtaRestriction: reject_rbl_client cbl.abuseat.org
    zimbraMtaRestriction: reject_rbl_client sbl.spamhaus.org

    Thanks!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 3
    Last Post: 03-09-2013, 02:59 PM
  2. Replies: 0
    Last Post: 03-09-2013, 01:52 PM
  3. [SOLVED] Too many &quot;Relay access denied&quot;
    By marsobe in forum Administrators
    Replies: 9
    Last Post: 08-08-2010, 02:25 AM
  4. Replies: 3
    Last Post: 03-29-2010, 03:07 PM
  5. Replies: 0
    Last Post: 01-20-2008, 01:42 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •