Results 1 to 7 of 7

Thread: [SOLVED] SMTP Auth not working

  1. #1
    alapierre is offline Active Member
    Join Date
    Oct 2009
    Posts
    29
    Rep Power
    5

    Default [SOLVED] SMTP Auth not working

    I have my Zimbra install setup to authenticate for SMTP, but it doesn't appear to be actually enforcing anything. I setup my AOL account in Thunderbird, then added my Zimbra server as the outgoing SMTP and it went through fine.
    My Auth settings are

    zimbraMtaAuthEnabled: TRUE
    zimbraMtaAuthHost: ******
    zimbraMtaAuthTarget: TRUE
    zimbraMtaAuthURL: http://*******:80/service/soap/
    zimbraMtaTlsAuthOnly: FALSE

    Version: Release 5.0.9_GA_2533.RHEL4_64_20080814162041 RHEL4_64 FOSS edition

    I've checked to make sure my server isn't an open relay, and it passes all the tests. Any idea what's going on? Thanks

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,504
    Rep Power
    57

    Default

    Quote Originally Posted by alapierre View Post
    I have my Zimbra install setup to authenticate for SMTP, but it doesn't appear to be actually enforcing anything. I setup my AOL account in Thunderbird, then added my Zimbra server as the outgoing SMTP and it went through fine.
    That would hardly be surprising as, I guess, you sent the message from a machine on your local LAN and they don't need authentication if they're in the Trusted Networks. Sending mail through port 25 from a client is incorrect and you should use Port 587 (the correct Submission port) which does require authentication.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    alapierre is offline Active Member
    Join Date
    Oct 2009
    Posts
    29
    Rep Power
    5

    Default

    Ok, I'm able to do the same thing from my home, are you saying it's because my Zimbra server accepts Port 25 which doesn't require authentication? If so, how do I disable port 25 on my Zimbra server? Thanks for your help

  4. #4
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,504
    Rep Power
    57

    Default

    Quote Originally Posted by alapierre View Post
    Ok, I'm able to do the same thing from my home, are you saying it's because my Zimbra server accepts Port 25 which doesn't require authentication? If so, how do I disable port 25 on my Zimbra server? Thanks for your help
    Why do you want to disable port 25, that's how mail servers communicate with each other and if you disable it you won't be receiving any mail at all.

    The point I made earlier is that you will be able to connect to your mail server from anywhere on the internet on port 25 to send mail to your own domain but you won't be able to send mail anywhere else unless you've modified Zimbra to do that.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    alapierre is offline Active Member
    Join Date
    Oct 2009
    Posts
    29
    Rep Power
    5

    Default

    Ok, let me explain why I think I'm having problems. I've been looking through my mail logs, and there are a bunch of strange things that make me think somebody has been able to use my server to send mail through it, or at least attempt to. I'm also a little paranoid right now because last month one of our account credentials was compromised, and the user account was used to send out tons of spam which resulted in our server being put on a lot of block lists. So I'm still trying to get the effects of that fixed. Anything even remotely strange makes me worried now...here is some of the log.

    Code:
    Jan  3 04:08:57 mail postfix/qmgr[30323]: 918D3C8940A: from=, size=10234, nrcpt=50 (queue active)
    Jan  3 04:08:57 mail postfix/qmgr[30323]: E9FD4C89404: from=, size=10244, nrcpt=50 (queue active)
    Jan  3 04:08:57 mail postfix/qmgr[30323]: EDC63C89324: from=, size=10244, nrcpt=50 (queue active)
    Jan  3 04:08:57 mail postfix/qmgr[30323]: 23B09C885DF: from=, size=10234, nrcpt=50 (queue active)
    Jan  3 04:08:57 mail postfix/qmgr[30323]: 3B5BDC886D7: from=, size=10234, nrcpt=50 (queue active)
    Jan  3 04:08:58 mail postfix/smtp[17340]: 918D3C8940A: to=, relay=none, delay=29902, delays=29901/0.09/1.1/0, dsn=4.4.3, status=def
    erred (Host or domain name not found. Name service error for name=freelinuxemail.com type=MX: Host not found, try again)
    Jan  3 04:09:10 mail postfix/smtpd[16461]: connect from unknown[95.58.20.122]
    Jan  3 04:09:12 mail postfix/smtpd[16461]: C9AE5C88624: client=unknown[95.58.20.122]
    Jan  3 04:09:15 mail postfix/cleanup[16464]: C9AE5C88624: message-id=<006201ca8c86$b586d820$20948860$@com>
    Jan  3 04:09:15 mail postfix/qmgr[30323]: C9AE5C88624: from=, size=5908, nrcpt=3 (queue active)
    Jan  3 04:09:15 mail postfix/smtpd[16461]: disconnect from unknown[95.58.20.122]
    Jan  3 04:09:19 mail postfix/qmgr[30323]: C9AE5C88624: removed
    Jan  3 04:09:27 mail postfix/smtp[17339]: connect to mail.dotstandards.com[216.178.7.253]: Connection timed out (port 25)
    Jan  3 04:09:27 mail postfix/smtp[17341]: connect to mail.dotstandards.com[216.178.7.253]: Connection timed out (port 25)
    Jan  3 04:09:27 mail postfix/smtp[17342]: connect to mail.maildomination.com[216.178.7.253]: Connection timed out (port 25)
    Jan  3 04:09:27 mail postfix/smtp[17343]: connect to mail.mysmtpmail.com[216.178.7.253]: Connection timed out (port 25)
    Jan  3 04:09:27 mail postfix/smtp[17346]: connect to mail.maildomination.com[216.178.7.253]: Connection timed out (port 25)
    Jan  3 04:09:27 mail postfix/smtp[17347]: connect to mail.dotstandards.com[216.178.7.253]: Connection timed out (port 25)
    Jan  3 04:09:27 mail postfix/smtp[17348]: connect to mail.maildomination.com[216.178.7.253]: Connection timed out (port 25)
    Jan  3 04:09:27 mail postfix/smtp[17349]: connect to mail.mysmtpmail.com[216.178.7.253]: Connection timed out (port 25)
    Jan  3 04:09:27 mail postfix/smtp[17345]: connect to alltel.net[166.102.165.202]: Connection timed out (port 25)
    Jan  3 04:09:27 mail postfix/smtp[17339]: E9FD4C89404: to=, relay=none, delay=29824, delays=29794/0.04/30/0, dsn=4.4.1, status=defer
    red (connect to mail.dotstandards.com[216.178.7.253]: Connection timed out)
    Jan  3 04:09:27 mail postfix/smtp[17344]: connect to mail.faithus.com[69.64.155.127]: Connection timed out (port 25)
    Jan  3 04:09:27 mail postfix/smtp[17341]: EDC63C89324: to=, relay=none, delay=30195, delays=30165/0.05/30/0, dsn=4.4.1, status=defer
    red (connect to mail.dotstandards.com[216.178.7.253]: Connection timed out)
    Jan  3 04:09:27 mail postfix/smtp[17347]: 3B5BDC886D7: to=, relay=none, delay=29778, delays=29748/0.06/30/0, dsn=4.4.1, status=defe
    rred (connect to mail.dotstandards.com[216.178.7.253]: Connection timed out)
    All of the "from"s and "to"s are strange addresses. Is it something I shouldn't be worried about?

  6. #6
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,504
    Rep Power
    57

    Default

    Quote Originally Posted by alapierre View Post
    Ok, let me explain why I think I'm having problems. I've been looking through my mail logs, and there are a bunch of strange things that make me think somebody has been able to use my server to send mail through it, or at least attempt to.
    That's normal, that is what spammers try to do when a mail server is an open relay - I'll state it again for the record: by default Zimbra is not configured as an open relay. You can check that with any of the on-line open relay tests availble on the internet.

    Quote Originally Posted by alapierre View Post
    I'm also a little paranoid right now because last month one of our account credentials was compromised, and the user account was used to send out tons of spam which resulted in our server being put on a lot of block lists.
    I understand that this is a worry to you but that problem is a matter of your internal security, you can modify the requirements for more secure passwords in the Admin UI. You should also educate your users on what you're doing and why passwords need to be improved.

    Quote Originally Posted by alapierre View Post
    So I'm still trying to get the effects of that fixed. Anything even remotely strange makes me worried now...here is some of the log.
    At a quick glance there's nothing to worry about in those logs, they will be rejected for various reasons.

    Quote Originally Posted by alapierre View Post
    All of the "from"s and "to"s are strange addresses. Is it something I shouldn't be worried about?
    Not as far as I can see.

    There are several techniques in the wiki article on improving the anti-spam system such as rejecting unlisted recipients that you could implement. Other than that, I'd suggest improving your users password requirements and keeping on the daily mail report and see if anything looks strange or is of concern to you.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  7. #7
    alapierre is offline Active Member
    Join Date
    Oct 2009
    Posts
    29
    Rep Power
    5

    Default

    Thanks for your help Bill. I'll keep an eye on things.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Disable SMTP AUTH
    By arvind510 in forum Administrators
    Replies: 1
    Last Post: 09-29-2008, 07:49 AM
  2. SMTP Auth not working
    By sbriscoe2 in forum Installation
    Replies: 1
    Last Post: 02-11-2008, 12:27 PM
  3. [SOLVED] NE Migration: SMTP AUTH Failure
    By markpr in forum Installation
    Replies: 14
    Last Post: 10-03-2007, 12:51 PM
  4. need advice on configuring zimbra to work with fax server
    By pheonix1t in forum Administrators
    Replies: 0
    Last Post: 07-11-2007, 07:46 PM
  5. SMTP auth not working outside of ZCS's subnet
    By dvb in forum Administrators
    Replies: 3
    Last Post: 02-08-2007, 02:34 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •