Zimbra

jptech · #1 (**permalink**) 06-29-2007, 09:39 AM

I'm trying in vain to stop the tens of thousands of emails being pumped into my server, which should not have an open relay.

I need to disable the open relay.

jholder · #2 (**permalink**) 06-29-2007, 10:11 AM

Open relay is off by default.
1) Can you provide the /var/log/zimbra.log to prove that open relay is open?
2) Have you done an open relay test?

jptech · #3 (**permalink**) 06-29-2007, 10:29 AM

Quote:

Originally Posted by jholder

Open relay is off by default.
1) Can you provide the /var/log/zimbra.log to prove that open relay is open?
2) Have you done an open relay test?

1) logging doesn't work unless I reboot!
2) 35,000 emails from yahoo.tw prove the relay is open!

HOW DO I DISABLE IT!

[SHOT]http://www.powerslife.net/james/spam-in-queue.jpg[/SHOT]

dijichi2 · #4 (**permalink**) 06-29-2007, 10:39 AM

Quote:

2) 35,000 emails from yahoo.tw prove the relay is open!

HOW DO I DISABLE IT!

NO IT DOESNT!

Post logs to prove your zimbra install is relaying externally.

jptech · #5 (**permalink**) 06-29-2007, 10:48 AM

I don't have logs because the logger doesn't work.

no one seems to want to help me in acutally disabling the open relay.

I don't need to argue over whether it's open or not.

I need to close it.

jholder · #6 (**permalink**) 06-29-2007, 10:58 AM

Calm down.

Your supposition is incorrect. If we had open relay on by default, then we would have noticed.

Now, if someone is using a username and password on your network, that they got a hold of, then it's possible someone is using your e-mail server as a relay.

Unless you provide the /var/log/zimbra.log, we won't be able to help you.

(PS quit typing in all caps.)

jholder · #7 (**permalink**) 06-29-2007, 11:02 AM

Looks to me like someone has outlook, and their machine is infected. What's 192.168.0.1?

jptech · #8 (**permalink**) 06-29-2007, 11:04 AM

192.168.0.1 is the firewall.

it uses ip masquerading to provide access to the MTA.

it's not in the postfix 'mynetworks' declaration

I had to remove the masq to disable internet access to the MTA before the spam would stop!

jholder · #9 (**permalink**) 06-29-2007, 11:07 AM

Can you pvt me your domain name so I can run some tests?

It may be that Open Relay got turned on. . .I'm not saying it's not on. You SS looks like it is.

But it is off by default.

jholder · #10 (**permalink**) 06-29-2007, 11:18 AM

jptech is correct.
His server is being used as an open relay.

To ensure that we aren't shipping it that way, I tested 4.5.4, 4.5.5, and 4.5.6
None have this feature on by default.

Zimbra

Downloads

Product Information

Toolbox

Why Join?