Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: smtpd_relay_restrictions not working properly

  1. #1
    palash is offline Intermediate Member
    Join Date
    Feb 2012
    Posts
    24
    Rep Power
    3

    Question smtpd_relay_restrictions not working properly

    Hello

    I'm using Release 8.0.2_GA_5569.RHEL6_64_20121210115059 RHEL6_64 FOSS edition. Before 3 month I've updated my system from zimbra 6 to 8.


    Problem is when I mail through telnet to unknow receipient its accepting the mail and that should not be happen if I'm not wrong.
    on RCPT TO: command message should be display "Relay access denied"

    Please check below process of mail sending from telnet
    -------------------------------------------------
    $ telnet mail.example.com 25
    Trying 192.168.3.2...
    Connected to mail.example.com.
    Escape character is '^]'.
    220 mail.example.com ESMTP Postfix
    HELO mail.example.com
    250 mail.example.com
    MAIL FROM: mymailid@ymail.com
    250 2.1.0 Ok
    RCPT TO: mymailid@ymail.com
    250 2.1.5 Ok
    DATA
    354 End data with <CR><LF>.<CR><LF>
    Test Mail
    .
    250 2.0.0 Ok: queued as F39D7B63A60
    ^]quit
    ---------------------------------------------------------------------

    My smtpd_relay_restrictions.cf file

    permit_sasl_authenticated
    permit_mynetworks
    reject_unauth_destination
    reject_unlisted_recipient

    ---------------------------------------------------------------------

    My smtpd_recipient_restrictions.cf

    check_sender_access hash:/opt/zimbra/postfix/conf/restricted_senders
    %%contains VAR:zimbraServiceEnabled cbpolicyd^ check_policy_service inet:localhost:@@cbpolicyd_bind_port@@%%
    reject_non_fqdn_recipient
    permit_sasl_authenticated
    permit_mynetworks
    reject_unlisted_recipient
    %%contains VAR:zimbraMtaRestriction reject_invalid_helo_hostname%%
    %%contains VAR:zimbraMtaRestriction reject_non_fqdn_helo_hostname%%
    %%contains VAR:zimbraMtaRestriction reject_non_fqdn_sender%%
    %%contains VAR:zimbraMtaRestriction reject_unknown_client_hostname%%
    %%contains VAR:zimbraMtaRestriction reject_unknown_reverse_client_hostname%%
    %%contains VAR:zimbraMtaRestriction reject_unknown_helo_hostname%%
    %%contains VAR:zimbraMtaRestriction reject_unknown_sender_domain%%
    %%explode reject_rbl_client VAR:zimbraMtaRestrictionRBLs%%
    %%explode reject_rhsbl_client VAR:zimbraMtaRestrictionRHSBLCs%%
    %%explode reject_rhsbl_reverse_client VAR:zimbraMtaRestrictionRHSBLRCs%%
    %%explode reject_rhsbl_sender VAR:zimbraMtaRestrictionRHSBLSs%%
    %%contains VAR:zimbraMtaRestriction check_policy_service unixrivate/policy%%
    permit


    -------------------------------------------------------------------------------------------------------


    I dont know where I missed.

    Please help me.

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,473
    Rep Power
    56

    Default

    Quote Originally Posted by palash View Post
    I'm using Release 8.0.2_GA_5569.RHEL6_64_20121210115059 RHEL6_64 FOSS edition.
    The first thing you need to do (and I mean now) is backup your server and upgrade to the current ZCS version because of this otherwise you risk losing your server.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    palash is offline Intermediate Member
    Join Date
    Feb 2012
    Posts
    24
    Rep Power
    3

    Default

    Thanks phoenix

    I will do that first asap.

  4. #4
    Klug's Avatar
    Klug is offline Moderator
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,316
    Rep Power
    13

    Default

    Then once you've done the upgrade...
    Check this: https://wiki.zimbra.com/wiki/Improvi...alid_Addresses

  5. #5
    palash is offline Intermediate Member
    Join Date
    Feb 2012
    Posts
    24
    Rep Power
    3

    Default

    Thanks everyone

    I've upgrade my Zimbra version and also got to know what I want. To full fil my requirment I followed this link. But didnt succeded.

    Here I'm pasting my telnet output.

    -------------------------------------------------
    [root@mailtest zmconfigd]# telnet localhost 25
    Trying 127.0.0.1...
    Connected to localhost.
    Escape character is '^]'.
    220 mailtest.aruhat.co.in ESMTP Postfix
    EHLO localhost
    250-mailtest.aruhat.co.in
    250-PIPELINING
    250-SIZE 10240000
    250-VRFY
    250-ETRN
    250-STARTTLS
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250 DSN
    ^]
    telnet> quit
    Connection closed.
    ----------------------------------------------------------------

    Here I need authentication while telneting like this

    250-AUTH PLAIN LOGIN
    250-AUTH=PLAIN LOGIN


    Please help me.

  6. #6
    Klug's Avatar
    Klug is offline Moderator
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,316
    Rep Power
    13

    Default

    What exactly do you want to achieve?

  7. #7
    palash is offline Intermediate Member
    Join Date
    Feb 2012
    Posts
    24
    Rep Power
    3

    Default

    I want to block users to send mail without authentication.............

    ________________________
    telnet result

    palash@fire:~$ telnet smtp.examplecom 25
    Trying 210.211.255.93...
    Connected to smtp.example.com.
    Escape character is '^]'.
    220 efw-1285053592.localdomain ESMTP Postfix
    EHLO ashish@example.com
    250-efw-1285053592.localdomain
    250-PIPELINING
    250-SIZE 40960000
    250-VRFY
    250-ETRN
    250-STARTTLS
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250 DSN
    AUTH LOGIN
    503 5.5.1 Error: authentication not enabled
    I want to enable authentication in telnet



    Reason is that in my organization one of developer used telnet to send thousands of mails from different ID.


    So please help me its going very critical as per security concern
    Last edited by palash; 06-19-2014 at 11:04 AM.

  8. #8
    Klug's Avatar
    Klug is offline Moderator
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,316
    Rep Power
    13

    Default

    Sending mails to internal users doesn't need any authentication (that's the way a mail server works, it accepts mails for its users). That's default.
    Sending mails to outside users needs an authentification as soon as the sender doesn't have an authorized IP. That's default again.

    So what is not OK with the default setup?

  9. #9
    palash is offline Intermediate Member
    Join Date
    Feb 2012
    Posts
    24
    Rep Power
    3

    Default

    As I said earlier no one can send mail without authentication........

    This is good example what I exactly want

    Please look into this and guide me

  10. #10
    Klug's Avatar
    Klug is offline Moderator
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,316
    Rep Power
    13

    Default

    I would not use Zimbra for that but a dedicated MTA (postfix).

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Zimbra 7 - SPF not working properly?
    By mwyrebski in forum Administrators
    Replies: 0
    Last Post: 04-16-2012, 01:15 AM
  2. [SOLVED] Logger not working Properly
    By cluster3 in forum Administrators
    Replies: 12
    Last Post: 03-27-2012, 01:38 PM
  3. zmschedulebackup not working properly
    By wentum in forum Administrators
    Replies: 12
    Last Post: 07-26-2011, 03:25 PM
  4. [SOLVED] NE Backup not working properly?
    By Stergil in forum Administrators
    Replies: 2
    Last Post: 06-19-2008, 11:13 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •