Hi all,
I've got a server hosting 700+ accounts here, a majority of the users are clerical type people.
It seems that a few have had their usernames and passwords compromised (probably by using the same details on another site), and spammers have been using the accounts to, well, spam.
Now the users don't have IMAP or POP access enabled in their features, but zimbra is still allowing external connections to authenticate and send mail. The users will ONLY use the zimbra webmail to send e-mails.
Does anyone know how to stop this behaviour (apart from educating users, as we all know how that goes with a large user base).
Thanks.
Zimbra version - Release 8.6.0_GA_1153.SLES11_64_20141215151129 SLES11_64 FOSS edition, Patch 8.6.0_P14.
Disallow external authentication via port 25
Re: Disallow external authentication via port 25
Change the passwords and enforce strong passwords in the admin ui for your users.
Re: Disallow external authentication via port 25
Same situation (and actually very similar background 
) solved by adding -o smtpd_sasl_auth_enable=no to the smtpd line in /opt/zimbra/common/conf/master.cf.in. Resulting modified block should look like this:
This will disallow auth on port 25, so you can force your users to auth on port 465 or 587. As most spammers will use port 25 you will mitigate (not solve!) your issue.
In our situation we also geofenced smtps/imaps/pop3s, in order to even lower exposure.
Solution from here
) solved by adding -o smtpd_sasl_auth_enable=no to the smtpd line in /opt/zimbra/common/conf/master.cf.in. Resulting modified block should look like this:Code: Select all
smtpd pass - - n - - smtpd
-o smtpd_tls_security_level=%%zimbraMtaTlsSecurityLevel%%
-o smtpd_sasl_auth_enable=no
In our situation we also geofenced smtps/imaps/pop3s, in order to even lower exposure.
Solution from here