Enforcing a match between the FROM address and the sasl username for zimbra 8.0.6

1346mohd.fathalbab · Post by **1346mohd.fathalbab** » Sun Aug 31, 2014 8:34 am

i need help urgent because i can get the rigth configuration for this isse
i have zimbra 8.0.6 / platform is redhat 6 and i need to Enforcing a match between the FROM address and the sasl username - its critical issue because the user can send email with different email address or different domain after authentication .

jorgedelacruz.es · Post by **jorgedelacruz.es** » Sun Aug 31, 2014 2:35 pm

Hi mohd.fathalbab,

I have a friends of Cuba that wrote step by step how to implement this, I hope that helps you, spanish content but very easy to follow (or translate):

ValidaciÃƒÂ³n del remitente ? Zimbra
Best regards

1346mohd.fathalbab · Post by **1346mohd.fathalbab** » Mon Sep 01, 2014 12:18 am

Hello jorgedelacruz.es ;
thanks for your replay , i will test this configuration in zimbra 8.0.6 and update you Asap.
Regards,
Mohammed Fath Albab

imanudin11 · Post by **imanudin11** » Mon Sep 01, 2014 2:17 am

Hi Mohammed Fath Albab,
I have been write simple script in bahasa Indonesia to implement what you ask. You can get this script at this link http://goo.gl/4xJ61K. You just press enter until finish. If you need manual guidance, you can visit this link : Zimbra Improvement : Restricted Sender/Sender Must Login on Zimbra 8 | Spirit Of Change

1346mohd.fathalbab · Post by **1346mohd.fathalbab** » Mon Sep 01, 2014 3:40 am

Hello jorgedelacruz.es ;
i need your help to explain the last step in the configuration , i tried to translate to English but it is not clear , where i can do it this configuration?
Finalmente en el fichero postfix_sender_restrictions.cf agregamos al inicio reject_authenticated_sender_login_mismatch:

check_recipient_access hash:/opt/zimbra/postfix/conf/nacionales_cu

reject_authenticated_sender_login_mismatch

reject_non_fqdn_recipient

permit_sasl_authenticated

permit_mynetworks

check_sender_access hash:/opt/zimbra/postfix/conf/auth_smtp

reject_unauth_destination

reject_unlisted_recipient

%%contains VAR:zimbraMtaRestriction reject_invalid_hostname%%

%%contains VAR:zimbraMtaRestriction reject_non_fqdn_hostname%%

%%contains VAR:zimbraMtaRestriction reject_non_fqdn_sender%%

%%contains VAR:zimbraMtaRestriction reject_unknown_client%%

%%contains VAR:zimbraMtaRestriction reject_unknown_hostname%%

%%contains VAR:zimbraMtaRestriction reject_unknown_sender_domain%%

%%explode reject_rbl_client VAR:zimbraMtaRestrictionRBLs%%

%%contains VAR:zimbraMtaRestriction check_policy_service unix:private/policy%%

permit

Nota: Los ficheros nacionales_cu y auth_smtp son propios de mi configuraciÃƒÂ³n, uno tiene que ver con el acceso a las cuentas internacionales y el otro con la autenticaciÃƒÂ³n smtp respectivamente

Reiniciamos el servicio de mta de zimbra

jorgedelacruz.es · Post by **jorgedelacruz.es** » Mon Sep 01, 2014 3:48 am

Hi mohd.fathalbab,

You need to add in the top to the file postfix_sender_restrictions.cf the following command reject_authenticated_sender_login_mismatch, so in the end your file will looks like:

[QUOTE]reject_authenticated_sender_login_mismatch

reject_non_fqdn_recipient

permit_sasl_authenticated

permit_mynetworks

check_sender_access hash:/opt/zimbra/postfix/conf/auth_smtp

reject_unauth_destination

reject_unlisted_recipient

%%contains VAR:zimbraMtaRestriction reject_invalid_hostname%%

%%contains VAR:zimbraMtaRestriction reject_non_fqdn_hostname%%

%%contains VAR:zimbraMtaRestriction reject_non_fqdn_sender%%

%%contains VAR:zimbraMtaRestriction reject_unknown_client%%

%%contains VAR:zimbraMtaRestriction reject_unknown_hostname%%

%%contains VAR:zimbraMtaRestriction reject_unknown_sender_domain%%

%%explode reject_rbl_client VAR:zimbraMtaRestrictionRBLs%%

%%contains VAR:zimbraMtaRestriction check_policy_service unix:private/policy%%

permit[/QUOTE]
Then do a zmcontrol restart

Best regards

1346mohd.fathalbab · Post by **1346mohd.fathalbab** » Mon Sep 01, 2014 10:34 am

i can't recive any email from outside domain , i van send only .
need help for Note: The files are auth_smtp nacionales_cu and my own settings, one has to do with access to international accounts and the other with smtp authentication respectively

[quote user="jorgedelacruz.es"]Hi mohd.fathalbab,

You need to add in the top to the file postfix_sender_restrictions.cf the following command reject_authenticated_sender_login_mismatch, so in the end your file will looks like:

Then do a zmcontrol restart

Best regards[/QUOTE]

jorgedelacruz.es · Post by **jorgedelacruz.es** » Mon Sep 01, 2014 1:15 pm

Hi mohd.fathalbab,

The guy with this words are telling you that he implement something customize for him environment in nacionales_cu and auth_smtp, nothing else :

[QUOTE]Nota: Los ficheros nacionales_cu y auth_smtp son propios de mi configuraciÃƒÂ³n, uno tiene que ver con el acceso a las cuentas internacionales y el otro con la autenticaciÃƒÂ³n smtp respectivamente[/QUOTE]
Did you follow all the steps? And do the final restart?
Do you have a backup of the files that you edited?
Best regards

1346mohd.fathalbab · Post by **1346mohd.fathalbab** » Mon Sep 01, 2014 2:31 pm

HI Jorgedelarcruz;
thanks for you support and i would like to inform this configration is working fine and already working with zimbra 8.0.6 / redhat 6

the last step config should delete the below 2 line in red.
check_recipient_access hash:/opt/zimbra/postfix/conf/nacionales_cu

reject_authenticated_sender_login_mismatch

reject_non_fqdn_recipient

permit_sasl_authenticated

permit_mynetworks

check_sender_access hash:/opt/zimbra/postfix/conf/auth_smtp

reject_unauth_destination

reject_unlisted_recipient

%%contains VAR:zimbraMtaRestriction reject_invalid_hostname%%

%%contains VAR:zimbraMtaRestriction reject_non_fqdn_hostname%%

%%contains VAR:zimbraMtaRestriction reject_non_fqdn_sender%%

%%contains VAR:zimbraMtaRestriction reject_unknown_client%%

%%contains VAR:zimbraMtaRestriction reject_unknown_hostname%%

%%contains VAR:zimbraMtaRestriction reject_unknown_sender_domain%%

%%explode reject_rbl_client VAR:zimbraMtaRestrictionRBLs%%

%%contains VAR:zimbraMtaRestriction check_policy_service unixrivate/policy%%

permit

[quote user="jorgedelacruz.es"]Hi mohd.fathalbab,

The guy with this words are telling you that he implement something customize for him environment in nacionales_cu and auth_smtp, nothing else :

Did you follow all the steps? And do the final restart?
Do you have a backup of the files that you edited?
Best regards[/QUOTE]

1346mohd.fathalbab · Post by **1346mohd.fathalbab** » Mon Sep 01, 2014 2:36 pm

Hi Ahmed;

i tested this configuration since long time but its not working with zimbra 8.0.6 , the below config link is the right one for zimbra 8.0.6 .

ValidaciÃƒÂ³n del remitente ? Zimbra[quote user="imanudin11"]Hi Mohammed Fath Albab,

ed manual guidance, you can visit this link : Zimbra Improvement : Restricted Sender/Sender Must Login on Zimbra 8 | Spirit Of Change[/QUOTE]