I read and applied some antispam / antispoofing suggestions from zimbra wiki, but there is a spoofing situation that I can not still block. Here is an example:
Code: Select all
root@remoteserver: telnet zimbraserver.com 25
MAIL FROM: email@example.com
250 2.1.0 Ok
RCPT TO: userA@zimbraserver.com
250 2.1.5 Ok
354 End data with <CR><LF>.<CR><LF>
From: User B <firstname.lastname@example.org>
To: User A <userA@zimbraserver.com>
Subject: Please reply!!!
Reply to me!
User A in his Zimbra webmail sees a mail from "User B", only if he moves his mouse cursor over "User B" label can notice that the email address is "email@example.com" instead of "userA@zimbraserver.com". Even if he replies to the email only "User B" label appears.
So is there a way to enforce a match between MAIL FROM: telnet command and "From:" mail header?