HELP: Allow authenticated user to have mismatched from address...

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
0ByteSolutions
Posts: 5
Joined: Mon Oct 15, 2018 3:05 pm

HELP: Allow authenticated user to have mismatched from address...

Post by 0ByteSolutions »

HELP??

I've been getting slammed with spam from local email addresses, to themselves. The logs show:
MAIL FROM: localuser@localdomain.com
RCPT TO: localuser@localdomain.com
...
and the mail would be delivered (without requiring the user to log in first).

I was looking to try and enforce a policy that any inbound mail FROM a local domain/email would require being logged in first...
I.E.: The command 'MAIL FROM: localuser@localdomain.com' would (SHOULD) generate a response of "Must be logged in". So I followed the instructions in:
https://wiki.zimbra.com/wiki/Enforcing_ ... ername_8.5
and it secured the server TOO TIGHTLY.

I need to be able to allow one (or more) users to send mail from ANY email address once they authenticate. I have a large number of backup logs, alerts, etc... that use the same user account to authenticate and send me various status messages and the way I tell them apart is by the different from addresses. Now NONE OF THAT WORKS.

They all get the response: "Sender address rejected: not owned by user..."

I need to UNDO this. HOW??!?!?!?

What I'd like to do is, simply, any inbound mail that claims to be FROM A LOCAL DOMAIN, MUST LOGIN/AUTHENTICATE FIRST. Yet still allow mail TO a local domain and allow senders that ARE authenticated to send as any from email address.

HELP??
User avatar
DualBoot
Elite member
Elite member
Posts: 1326
Joined: Mon Apr 18, 2016 8:18 pm
Location: France - Earth
ZCS/ZD Version: ZCS FLOSS - 8.8.15 Mutli servers
Contact:

Re: HELP: Allow authenticated user to have mismatched from address...

Post by DualBoot »

Hello,

the use of the Exception DB does not work ?

Regards,
0ByteSolutions
Posts: 5
Joined: Mon Oct 15, 2018 3:05 pm

Re: HELP: Allow authenticated user to have mismatched from address...

Post by 0ByteSolutions »

DualBoot:
the use of the Exception DB does not work ?
NO. I have literally DOZENS of various fake "email addresses" (i.e. "user_name@localnetwork.lan", "computer_name@customer.lan", etc...) that they use. It's a "general notify address I setup to receive various status and alert messages from customers. Rather than setup DOZENS of different accounts for each customer I use a couple strategic "user" accounts and have the from address reflect the actual 'device'.

I need away to allow ONLY AUTHENTICATED USERS to change the 'FROM' address, and/or ONLY allow a logged in (authenticated) user set the 'FROM' email to a local domain name.

The way it's being used:
  • I set up an account (call it notify@mydomain.com).
  • I install backup software or disk monitoring software in various customer computers.
  • I set the software to send email via my SMTP server using "notify@mydomain.com" as the user name and the password, but set the "from" address to something that identifies the particular device/user.
    In this manner, I can use a few accounts to receive mail for MANY users/devices.
Before you ask, there are many packages I use that do not allow me to change the SUBJECT or BODY line, so they cannot be used to identify the sender.

Besides, there should be a way to simply deny anyone to use a from address of the hosted domain WITHOUT FIRST AUTHENTICATING.
Post Reply