Results 1 to 5 of 5

Thread: Unable to force auth on smtp, server transformed as spam relay after 2 days online

  1. #1
     is offline Intermediate Member
    Join Date
    Aug 2009
    Posts
    16
    Rep Power
    5

    Question Unable to force auth on smtp, server transformed as spam relay after 2 days online

    Hello,

    here is my little story (background) : I am a user a Zimbra since the v5, and my current server is on the latest v6. Because of old hardware, I didn't upgrade, but everything worked really well.

    Now that I have invested in a new server, I tried v8 (8.0.4_GA_5737.FOSS) as a fresh new install (no upgrade).
    As I have 2 domains, the old server is on 1 domain, and the new one on the second domain, I will do an alias later.

    But now, here is the problem : within the last 2 days, it seems that spammers have found the new server, and I was stuck with a mail queue of 350000+ mails.

    After searching a little, it seems that auth on smtp was not mandatory (tested on MX Lookup Tool - Check your DNS MX Records online - MxToolbox on both servers, old one is good, new one is said to be an open relay).

    This was my network setting :

    zmprov gas -v | grep MyNetwork
    -> zimbraMtaMyNetworks: 127.0.0.0/8 192.168.0.0/24 [somes ipv6 settings was here too]

    to make stop the mess, now it is setup like that :
    zimbraMtaMyNetworks: 127.0.0.0/8 192.168.0.2/24

    The problem is that now, I can't send email throught the new server from everywhere.

    The auth settings are setup like that :

    zmprov getServer xxxxx.me | grep Auth
    zimbraMtaAuthEnabled: TRUE
    zimbraMtaAuthHost: xxxxx.me
    zimbraMtaAuthTarget: TRUE
    zimbraMtaAuthURL: https://xxxxx.me:443/service/soap/
    zimbraMtaSaslAuthEnable: yes
    zimbraMtaTlsAuthOnly: TRUE
    zimbraShareNotificationMtaAuthRequired: FALSE


    I have a question : is it normal that zimbraMtaSaslAuthEnable changed from TRUE / FALSE setting to yes / no ??


    I don't really know why the new server don't enforce the use of auth on smtp, but it is a big problem for me, as now my ip is banned.

    Can someone please help me.

    Best regards.

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,505
    Rep Power
    57

    Default

    Quote Originally Posted by iX View Post
    After searching a little, it seems that auth on smtp was not mandatory
    If you're talking about port 25 then implementing that will stop you from receiving email.

    Quote Originally Posted by iX View Post
    (tested on MX Lookup Tool - Check your DNS MX Records online - MxToolbox on both servers, old one is good, new one is said to be an open relay).
    If that's the case then you have either done something to make Zimbra an open relay or there's something wrong with your LAN configuration - a default install of Zimbra is not an open relay.

    Quote Originally Posted by iX View Post
    zmprov gas -v | grep MyNetwork
    -> zimbraMtaMyNetworks: 127.0.0.0/8 192.168.0.0/24 [somes ipv6 settings was here too]
    That's the default and allows all machines on your LAN to send mail without authentication.

    Quote Originally Posted by iX View Post
    to make stop the mess, now it is setup like that :
    zimbraMtaMyNetworks: 127.0.0.0/8 192.168.0.2/24
    You've entered an incorrect value for the LAN IP & Subnet, what are you trying to do with this change?

    Quote Originally Posted by iX View Post
    The problem is that now, I can't send email throught the new server from everywhere.
    How are you actually trying to send mail? Are you using port 25 or the correct submission port 587?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
     is offline Intermediate Member
    Join Date
    Aug 2009
    Posts
    16
    Rep Power
    5

    Default

    Quote Originally Posted by phoenix View Post
    You've entered an incorrect value for the LAN IP & Subnet, what are you trying to do with this change?
    It was a quick fix to make it stop the problem. I know that it is not the way to do it.

    But I thnik I found the problem, maybe you can confirm that for me.

    Both servers are behind a router, ports for the old one are routed directly on the local ip of the server, but for the new one, ports are routed on a server that is iptable to forward everything to zimbra, so everything is seen as comming from the local network.


    I will change the way ports are routed for the new zimbra.

    Will come back to tell if it was that.

    Thanks.

  4. #4
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,505
    Rep Power
    57

    Default

    Quote Originally Posted by iX View Post
    Both servers are behind a router, ports for the old one are routed directly on the local ip of the server, but for the new one, ports are routed on a server that is iptable to forward everything to zimbra, so everything is seen as comming from the local network.
    Yes, that will make it an open relay.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
     is offline Intermediate Member
    Join Date
    Aug 2009
    Posts
    16
    Rep Power
    5

    Default

    Quote Originally Posted by phoenix View Post
    Yes, that will make it an open relay.
    I can confirm that now ! Great no problem, everything works like expected, thanks for all !

    Best regards.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 6
    Last Post: 06-04-2013, 09:26 AM
  2. force Webmail user to send email with "smtp auth"
    By bonadio in forum Developers
    Replies: 11
    Last Post: 01-26-2012, 10:26 AM
  3. SMTP auth for relay
    By garyo in forum Administrators
    Replies: 2
    Last Post: 01-17-2011, 08:27 AM
  4. force smtp auth zimbra
    By sandeepdas in forum Administrators
    Replies: 12
    Last Post: 10-30-2009, 07:34 PM
  5. [SOLVED] Force AUTH SMTP For Local/External Networks
    By the_griz in forum Administrators
    Replies: 1
    Last Post: 09-19-2008, 01:40 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •