force Webmail user to send email with "smtp auth"

[bonadio]

Hello

We have a custom smtp server that checks several limits
before allowing a user to send an email, this checks is done
based on the user that authenticated on the smtp "smtp-auth"

I would like to force all email sent from the Webmail to go through
this smtp, I found the "MTA webmail" in the server configuration page
with that I can redirect the webmail users to my smtp server, but the
webmail DO NOT authenticate the user.

Any idea on how to do that or implement this?

I looked at the
/ZimbraServer/src/java/com/zimbra/cs/mailbox/MailSender.java
maybe I could change the Transport.send(mm) to do an authenticated send
but I am still missing the user password to authenticate

Thanks for any help

[bonadio]

Any Idea or suggestion ?

[]s

[msozturk]

I need to enable smtp-auth while sending e-mails through zimbra Webmail server.

So far I wasn't successful. Please some1 help.

Regards,

[phoenix]

Quote:

Originally Posted by msozturk

I need to enable smtp-auth while sending e-mails through zimbra Webmail server.

So far I wasn't successful. Please some1 help.

Regards,

What exactly is your problem as this thread is about using webmail. Have you searched through the forums as Authentication problems have been discussed many times.

Which version and release of Zimbra are you using and which operating system? Is this a new install or an upgrade?

[msozturk]

Due to heavy loads of spams caused by the external hosts + internal hosts (due to some trojans or viruses) on my network I rejected everything other than the sasl authenticated users (only if they send email from their logged in username) in the smtpd_sender_restrictions, smtpd_client_restrictions, smtpd_recipient_restrictions.

This move could finish spams. But now the problem comes like, since (till rejecting I didn't know about this) zimbra Webmail does not use user/pass while sending e-mails, my postfix doesn't accept the e-mails from the Webmail either.

Is there a way to enable zimbra's Webmail to use username/password while sending the e-mail? That's bonadio's original question I believe.

Regards,

[zimbra@chronos conf]$ zmcontrol -v


Release 5.0.2_GA_1975.RHEL4_20080130212006 CentOS4 FOSS edition

[phoenix]

Quote:

Originally Posted by msozturk

Is there a way to enable zimbra's Webmail to use username/password while sending the e-mail? That's bonadio's original question I believe.

When a user logs into Zimbra they are an authenticated user, you don't need additional security or any otrher form of Authentication.

Have you tried adding this to your Zimbra configuration: Improving Anti-spam system - Zimbra :: Wiki or any of the other techniques on there for combating spam?

What is your current Kill/Tag percentages, have you tried tweaking them?

As I mentioned above, please add this information to your forum profile:

Quote:

Originally Posted by msozturk

Release 5.0.2_GA_1975.RHEL4_20080130212006 CentOS4 FOSS edition

[msozturk]

Dear Bill,

Even if you authenticate to Webmail, when you try to send the e-mail zimbra does not send the user/pass to the postfix mta agent (port 25). I believe this is the problem.

When you use another client Outlook, or windows Mail, you just choose the option like "My sendmail server requires authentication", and system works.

What I need that option on the webmail. It's nowhere.

My server used to be used for transporting and distributing spams (seeing 15K e-mails in the deferred queue every morning.) and got blocked by Yahoo, Hotmail, Spamhaus etc. Now this problem has been solved. I only allow authenticated users to send e-mails from their e-mail(s) (or aliases). Only missing thing is they cannot use Zimbra Webmail for sending e-mails. Because Zimbra Webmail does not authenticate the user while sending each e-mail.

[phoenix]

Why do you think spammers can (or are) sending email via the Web UI? An authenticated user is one that has a login/password and that would be a web ui user. Those users can send mail wherever they like, it isn't sent through port 25 - they don't need authentication on port 25 (or any other submission port) as it's sent to the MTA via port 7025. Check the System Architecture for details, users that are using the Web UI are not likely to be the source of any spam.

You didn't answer the other questions I've asked you.

[msozturk]

Mr. Bill,

I am not talking about the spam which has been blocked as Junk or being delivered to my users's inbox here. So how are Kill/Tag percentages relevant? I have been victim of a lot of Backscatter spam, and my server has been used by some trojans inside my network to distribute unsolicited e-mails.

To visualize my problem, on any zimbra server please setup your postfix smtpd_sender_restrictions as :
hash:/opt/zimbra/postfix-2.4.3.4z/conf/access
hash:/opt/zimbra/postfix-2.4.3.4z/conf/check_bounce_sender
reject_authenticated_sender_login_mismatch
reject_sender_login_mismatch
permit_sasl_authenticated
reject_unknown_sender_domain
reject_non_fqdn_sender
reject_unauth_pipelining
permit

And try sending an e-mail through zimbra's Webmail. (Please note that I don't have permit_mynetworks in the above.) You will not be able to send the e-mail. You will get the error "Critical, Message not sent; one or more addresses were not accepted."

User might be authenticated user but I believe it's not sasl authenticated. There should be a way to enable sasl authentication through webmail.

Regards,

[msozturk]

And I get the following server log due to above operation:

Code:mail.SEND_ABORTED_ADDRESS_FAILURE Arginvalid, STR, "my_email@hotmail.com")
Feb 19 17:43:07 chronos postfix/smtpd[21050]: NOQUEUE: reject: RCPT from chronos.mycompany.local[10.1.1.17]: 553 5.7.1 <my_login@mycompany.com>: Sender address rejected: not logged in; from=<my_login@mycompany.com> to=<my_email@hotmail.com> proto=ESMTP helo=<chronos.mycompany.local>