Zimbra Forums

Zimbra Collaboration & Zimbra Desktop Forums
https://forums.zimbra.org/

Relaying internal root@<machinename> emails

https://forums.zimbra.org/viewtopic.php?t=61515

Page 1 of 1

Relaying internal root@<machinename> emails

Posted: Tue Mar 07, 2017 9:07 am
by ribanezsitu
Hi all,

We have a simple configuration where our Zimbra MTA has an external relayhost configured, with option zimbraMtaDnsLookupsEnabled FALSE, so everything it receives is sent to its relayhost. This is ok and works perfectly. However, there are some internal machines sending mails by crontabs and daemons (the typical 'root@machine.domain.com'), and we want our MTA to stop relaying this emails and, either catch them or discard them.

If we activate zimbraMtaDnsLookupsEnabled to TRUE, we will prevent this, but also Zimbra MTA will stop relaying emails to its relay server and will send them directly to the corresponding MX record found of each domain, so this is not valid.

Also, it is not feasible to create a domain for each machine name...

All our machines are configured to use our Zimbra MTA server as relayhost.

Any idea of how can we prevent this internal emails being relayed to external relay server configured in Zimbra?

Thanks in advance!

Re: Relaying internal root@<machinename> emails

Posted: Wed Mar 08, 2017 2:48 pm
by liverpoolfcfan
Easiest way might be to make sure their delivery address is local. If you edit the crontab on the sending machine/account using

Code: Select all

crontab -e
and add a MAILTO and MAILFROM at the top of the file then these email addresses will be used for the sender and recipient of the cron emails. So, for example if your dmain is mydomain.com - then either create a new account to receive all the reports or direct them to an existing one.

Code: Select all

MAILTO=myreportsaccount@mydomain.com
MAILFROM=myreportsaccount@mydomain.com

*/2 * * * *  /usr/bin/php /usr/share/osticket/api/cron.php

Re: Relaying internal root@<machinename> emails

Posted: Wed Mar 08, 2017 2:52 pm
by liverpoolfcfan
... additionally you can add an alias for root on any of the servers to direct the email to your chosen reports email address.

By editing /etc/aliases
and adding

Code: Select all

root: myreportsaccount@mydomain.com
and then running

Code: Select all

newaliases
after updating the aliases file.

Re: Relaying internal root@<machinename> emails

Posted: Wed Mar 15, 2017 3:19 pm
by ribanezsitu
Thanks for the reply!

Even though we could reconfigure all our servers, the idea is to configure Zimbra to stop all these internal emails.

I've been checking options like:
- Rejecting false "mail from" addresses (https://wiki.zimbra.com/wiki/index.php?curid=20383)
or
- Enforcing a match between FROM address and sasl username (https://wiki.zimbra.com/wiki/Enforcing_ ... ername_8.5)

However, none of them are valid for us since the servers sending those emails are inside our MTA trusted networks.

Isn't any other Zimbra option to reject emails from invalid FROM domains or similar?

Thanks!
R.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited