smtp authentication

[phoenix]

No they can't, the user has already authenticated against the server by giving the user name and password to get their email. They are then an Authenticated User and they are allowed to send email to local addresses and to anyone on the internet. Making them give the same password and userid to send mail does not make it more secure.

Zimbra, by default, is not an open relay. Mail servers communicate by contacting each other on port 25, they must remain as un-authenticated so that legitimate users can send you an email and the mail servers can communicate with each other.

I can send you a ton of spam if you like but you won't see it because of the Anti-Virus and Anti-Spam systems included in Zimbra.

[ay4you]

i understand where you are coming from but if the is no authentication for outgoing mails anyone can send a mail relaying through our mail server as his/she smtp server and it will not ask for authentication using any client and he can use our server as the spam server
and this can be done using any smtp client

[phoenix]

Quote:

Originally Posted by ay4you

i understand where you are coming from but if the is no authentication for outgoing mails anyone can send a mail relaying through our mail server as his/she smtp server and it will not ask for authentication

No, they can't. To relay mail through your server the user has to be authenticated and by definition the other mail server is not authenticated because it's provided no userid or password.

Quote:

Originally Posted by ay4you

using any client and he can use our server as the spam server
and this can be done using any smtp client

No, they can't. First of all, there is no such thing as an SMTP client. SMTP is a protocol used by mail servers and mail servers alone. A client (or another mail server) can use a port on your server to deliver mail to you, if it does not authenticate then it will only deliver the mail to you - it does not matter whether it's genuine (that will get to a users mailbox) or spam being relayed to another user - in that case it can't because a) Zimbra (postfix) will not allow it because the other server is not trusted and b) it's provided no authentication.

When one of your users connects to the mail server and enters a userid and password he is then authenticated and belongs to your Trusted Network (you can see what that is in this wiki article). That will allow them to relay mail to anyone - he has already been authenticated and does not need to do it again.

If you are worried about being an open relay do a search for web sites that provide those checks, here's one of many you'll find.

[su_A_ve]

jumping in - I think OP is not understanding correctly what an open relay means...

SMTP on port 25 allows for unauthenticated emails to be sent to your own domain.

An Open relay is such that allows unauthenticated emails to be sent to addresses outside your domain.

If you authenticate on port 25, then you are allowed to relay.

So assume domain.net is your domain.

Anyone can connect to port 25 and send an address to any user @domain.net without authentication.

If someone connects to port 25 and authenticates, then that user can send any email to any address. This is because, once authentication happens, the IP is considered a trusted network.

What OP is interesting in doing (I think) is forcing end users to authenticate. Only feasable way to do it is by using the submission port 587.