Zimbra Vulnerability

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
mkalmin
Posts: 7
Joined: Thu Nov 21, 2019 10:48 am

Zimbra Vulnerability

Postby mkalmin » Thu Nov 21, 2019 11:16 am

Добрый день.
Есть проблема с уязвимостью 25 порта zimbra, можно написать с любого адреса на почту зная существующий адрес этого почтового сервера , хотя включена аутентификация 25 порта.



Good day.
There is a problem with vulnerability of port 25 of zimbra, you can write from any address to mail knowing the existing address of this mail server, although authentication of port 25 is enabled.


phoenix
Ambassador
Ambassador
Posts: 26573
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Zimbra Vulnerability

Postby phoenix » Thu Nov 21, 2019 12:12 pm

mkalmin wrote:There is a problem with vulnerability of port 25 of zimbra, you can write from any address to mail knowing the existing address of this mail server,....
That's not a vulnerability, any mail server will accept mail for a domain that it's hosting and that's how your users get their mail. If you think about it and required it to only accept mail from authenticated sources then you would never be able to receive email.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
mkalmin
Posts: 7
Joined: Thu Nov 21, 2019 10:48 am

Re: Zimbra Vulnerability

Postby mkalmin » Mon Dec 16, 2019 4:44 am

спасибо, за пояснения

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 17 guests