i am now using zimbra 8.6 . i use ldap authenticate user email account .(https://wiki.zimbra.com/wiki/LDAP_Authentication)
it works fine. To prevent open relay problem , i also configure mta trust networks to only allow local network.(https://wiki.zimbra.com/wiki/ZimbraMtaMyNetworks)
but since last week , i receive many emails that the sender is myself , hannan@abc.com. and both the sender and the receiver are myself . i change my password and the same result. then i have a test find that .even i configure both ldap authentication and mta trust network. I can still easily using smtp to send email without authentication.
for example. there are two user in my domain, a@abc.com, b@abc.com. I use outside network and telnet to my zimbra server, without any authentication, i can use smtp command to fake A@abc.com send to b@abc.com. But i can send to other domain.
this is a very serious debug of zimbra server .can any anyone give some help ?
serious open relay problem with zimbra
-
Klug
- Ambassador
- Posts: 2761
- Joined: Mon Dec 16, 2013 11:35 am
- Location: France - Drôme
- ZCS/ZD Version: All of them
- Contact:
Re: serious open relay problem with zimbra
Hello.
It's not a problem with Zimbra at all.
Take a closed look at the spams (the headers) and you'll see they are not coming from your server but from the internet, with a "fake" sender (sender = recipient).
In the last weeks/months, I've seen more and more of these spams.
Everybody is impacted (people using hosted Zimbra, on-premises Zimbra, on-premises Exchange, Exchange 365, any kind of email servers actually).
In order to stop receiving these emails, you can use SPF (that is broken by design) or DKIM (better) or simply discard/refuse any incoming mail from your own domain (beware of side effects with hosted services).
It's not a problem with Zimbra at all.
Take a closed look at the spams (the headers) and you'll see they are not coming from your server but from the internet, with a "fake" sender (sender = recipient).
In the last weeks/months, I've seen more and more of these spams.
Everybody is impacted (people using hosted Zimbra, on-premises Zimbra, on-premises Exchange, Exchange 365, any kind of email servers actually).
In order to stop receiving these emails, you can use SPF (that is broken by design) or DKIM (better) or simply discard/refuse any incoming mail from your own domain (beware of side effects with hosted services).
Re: serious open relay problem with zimbra
@klug
very appericate your kindly help, can you give me some instruction on deploy spf to prevent this issue,
i have already set spf on dns .The other domain can identify my domain @abc.com from my ip address.
but i have no idea how to use spf policy to identify the others .
thanks a lot.
very appericate your kindly help, can you give me some instruction on deploy spf to prevent this issue,
i have already set spf on dns .The other domain can identify my domain @abc.com from my ip address.
but i have no idea how to use spf policy to identify the others .
thanks a lot.
Re: serious open relay problem with zimbra
There is a wiki article on deploying DKIM, DMARC & SPF, I suggest you read that and/or some of the many internet articles on the subject.
Re: serious open relay problem with zimbra
thanks for the help