Page 1 of 1
Allowing specific internal sender addresses through the MTA without a mailbox
Posted: Wed Jun 13, 2018 3:16 pm
by MightyGorilla
I'll admit this feels like a really dumb question- and there may be a simple term for this concept, but I'm not aware of it, so my searches were fruitless.
We have a pretty common scenario of hardware devices that may periodically send internal notifications to a few administrative email addresses.
I'm not sure what might have been changed in our system (we haven't done an upgrade in a while ZCS8.6.0) but this was allowed previously, and now Zimbra rejects the unknown sender unless we add an account for it.
Is there a suggested way to handle these types of senders?
Thanks,
Travis-
Re: Allowing specific internal sender addresses through the MTA without a mailbox
Posted: Wed Jun 13, 2018 3:23 pm
by MightyGorilla
I see that I can disable zimbraMtaSmtpdRejectUnlistedSender, but it would be nice to only allow certain senders...
Re: Allowing specific internal sender addresses through the MTA without a mailbox
Posted: Wed Jun 13, 2018 5:26 pm
by DavidMerrill
Re: Allowing specific internal sender addresses through the MTA without a mailbox
Posted: Wed Jun 13, 2018 6:28 pm
by MightyGorilla
Thanks David-
Yeah, That's how we've had them setup in Zimbra for many years.
Now, the MTA
seems to still allow the devices to
submit messages, but rejects the messages afterward for having a sender address that doesn't exist on the Zimbra server.
I certainly don't want to create a bunch of mailboxes for "
server-A@mydomain.net" just so that the MTA will allow messages through.
I think I
did do an apt-get upgrade recently, but I didn't expect anything to affect our Zimbra install since it's not installed that way...
Re: Allowing specific internal sender addresses through the MTA without a mailbox
Posted: Thu Jun 14, 2018 12:02 pm
by MightyGorilla
For now, disabling zimbraMtaSmtpdRejectUnlistedSender resolved the problem, but that setting certainly isn't what started the problem, as I'm the only one here that could have changed it, and I didn't.
If anyone has a preferred method for handling these types of senders, I'd love to hear it.
Re: Allowing specific internal sender addresses through the MTA without a mailbox
Posted: Thu Jun 14, 2018 6:06 pm
by L. Mark Stone
MightyGorilla wrote:For now, disabling zimbraMtaSmtpdRejectUnlistedSender resolved the problem, but that setting certainly isn't what started the problem, as I'm the only one here that could have changed it, and I didn't.
If anyone has a preferred method for handling these types of senders, I'd love to hear it.
Still on 8.6?
It's also possible you might be seeing the effects from the Mailsploit phishing/spoofing remediation work (I haven't touched an 8.6 system since early January except to migrate them to 8.8.8...). See
https://bugzilla.zimbra.com/show_bug.cgi?id=108709. Barry deGraff has a nice zimlet for this too:
https://github.com/Zimbra-Community/spo ... ert-zimlet
You can check if zimbraPrefShortEmailAddress is set to FALSE (no Mailsploit):
Code: Select all
zmprov gc <name-of-ClassofService> zimbraPrefShortEmailAddress
For hardware devices on the LAN that are too old or otherwise can't do encrypted SMTP-Auth on Port 587, I'll assign them a static IP address and then add that IP address to zimbraMailTrustedIP.
Hope that helps,
Mark
Re: Allowing specific internal sender addresses through the MTA without a mailbox
Posted: Thu Aug 16, 2018 2:10 pm
by MightyGorilla
Thanks Mark,
I didn't see your post until waaay later. We are still on 8.6 but will upgrade as soon as I get a good chance.
I haven't used zimbraMailTrustedIP before, and I'm not sure how it's different from zimbraMtaMyNetworks.
To add a single machine to zimbraMtaMyNetworks, I have just used its IP with a /32