Zimbra Vulnerability

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
mkalmin
Posts: 1
Joined: Thu Nov 21, 2019 10:48 am

Zimbra Vulnerability

Postby mkalmin » Thu Nov 21, 2019 11:16 am

Добрый день.
Есть проблема с уязвимостью 25 порта zimbra, можно написать с любого адреса на почту зная существующий адрес этого почтового сервера , хотя включена аутентификация 25 порта.



Good day.
There is a problem with vulnerability of port 25 of zimbra, you can write from any address to mail knowing the existing address of this mail server, although authentication of port 25 is enabled.


phoenix
Ambassador
Ambassador
Posts: 26347
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Zimbra Vulnerability

Postby phoenix » Thu Nov 21, 2019 12:12 pm

mkalmin wrote:There is a problem with vulnerability of port 25 of zimbra, you can write from any address to mail knowing the existing address of this mail server,....
That's not a vulnerability, any mail server will accept mail for a domain that it's hosting and that's how your users get their mail. If you think about it and required it to only accept mail from authenticated sources then you would never be able to receive email.
Regards

Bill

Rspamd: A high performance spamassassin replacement

If you'd like to see this implemented in a future version of ZCS then please vote on Bugzilla entries 97706 & 108168

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 10 guests