In zimbra SMTP service (postfix) an auhenticated user can easily send email using customized header, one of them is From which can be replaced as anything.
i've tried following this wiki https://wiki.zimbra.com/wiki/Enforcing_ ... ername_8.5 but not solve the issue.
You can test/reproduce this issue by using "Customize From Address" in Thunderbird or by using this python script. (adjust the variables with your environment).
Code: Select all
import smtplib
username = 'user_test@mail.lab'
password = 'test123'
fake_from = 'admin@mail.lab'
orig_from = username
to_addr = 'omar@mail.lab'
server = '192.168.113.75'
subject = "Testing fake from"
mail_content = "This email originally from %s"%orig_from
mail_header = """Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: %s
From: %s
To: %s
%s
"""%(subject, fake_from, to_addr, mail_content)
server = smtplib.SMTP('%s:587'%server)
server.starttls()
server.login(username,password)
server.sendmail(orig_from, to_addr, mail_header)
server.quit()
python reproduce.py
after searching in zimbra bugzilla there is no update since several months https://bugzilla.zimbra.com/show_bug.cgi?id=108036
if you have any solution of this bug (?) really appreciate