Hi !
We have security issue about spoofing sender. We want know does it is security issue or we need to more do something additional block spoofing in right way.
What practices recommend Zimbra team or users.
We have case that from user received message as that he havent send itself to himself, from internet/unknown server.
How we can block that someone cant send mail from us to us server?
Info: Release 8.7.11_GA_1854.RHEL6_64_20170531151956 RHEL6_64 FOSS edition, Patch 8.7.11_P7.
Global settings MTA:
Authentification:
Enable authentification |(enabled)
Server has enabled Protocol checks :
Hostname is greeting voilates RFC, |(enabled)
Client must greet with fully qualified hostname,|(enabled)
Sender adress must be fully qualified.|(enabled)
DNS checks:
Client IP adress (reject unknown client hostname) |(not enabled)
Hostname is greeting (reject unknown reverse client hostname) | (not enabled)
Sender domai (reject unknown sender domain)| (enabled)
Client must greet with resolving hostname (reject unknown helo hostname) |(not enabled)
Yes, We use RBL
v=spf1 mx a ptr ip, -all
Log:
Message
Return-Path: user@ourdomain.com
Received: from mail.ourcompany.com (LHLO mail.ourcompany.com) (1.2.3.4) by
mail.ourcompany.com with LMTP; Thu, 30 Jan 2019 09:12:14 +0400 (EET)
Received: from localhost (localhost [127.0.0.1])
by mail.ourcompany.com (Postfix) with ESMTP id 9FD2D18AE19
for <user@ourcompany.com>; Thu, 30 Jan 2019 09:12:14 +0400 (EET)
X-Virus-Scanned: amavisd-new at ourcompany.com
X-Spam-Flag: NO
X-Spam-Score: 3.695
X-Spam-Level: ***
X-Spam-Status: No, score=3.695 required=8 tests=[BAYES_00=-1.9,
DATE_IN_FUTURE_06_12=1.947, DOS_OUTLOOK_TO_MX=2.845, RDNS_NONE=0.793,
T_SPF_TEMPERROR=0.01] autolearn=no autolearn_force=no
Received: from mail.ourcompany.com ([127.0.0.1])
by localhost (mail.ourcompany.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id dCqLmL1fXfYZ for <user@ourcompany.com>;
Thu, 30 Jan 2019 09:12:10 +0400 (EET)
Received: from [4.3.2.1] (unknown [4.3.2.1])
by mail.ourcompany.com (Postfix) with ESMTP id 644B3187DE1
for <user@ourcompany.com>; Thu, 30 Jan 2019 09:12:08 +0400 (EET)
From: <user@ourcompany.com>
To: <user@ourcompany.com>
Subject: Waiting for payment.
Date: 30 Jan 2019 22:01:49 +0700
Message-ID: <002f01d4b977$042c51$6$@ourcompany.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="cp-850"
Content-Transfer-Encoding: 8bit
X-Mailer: Microsoft Outlook 15.0
Thread-Index: Acpl8d8df465ut52pl8d8df==
Content-Language: en-us
Ips, domain is changed.
Thanks!
Security issue about spoofing
General discussion about Zimbra Desktop.
Jump to
- Zimbra Collaboration Server
- ↳ Administrators
- ↳ Installation and Upgrade
- ↳ Migration
- ↳ Virtualization
- ↳ Developers
- ↳ Zimlets
- ↳ Users
- ↳ Zimbra Connector for Outlook
- ↳ Zimbra Connector for Blackberry
- ↳ CalDAV / CardDAV / iSync
- ↳ Zimbra Collaboration 8.8 Beta
- ↳ Mobility
- ↳ Zimbra Talk
- ↳ Universal UI
- ↳ Zimbra Chat
- ↳ Zimbra Drive
- Zimbra Suite Plus
- ↳ Installation and Upgrade
- ↳ Zimbra Admin Plus
- ↳ Zimbra Backup Plus
- ↳ Zimbra HSM Plus
- ↳ Zimbra Mobile Plus
- Zimbra Desktop
- ↳ General Questions
- ↳ Error Reports
- ↳ Installation Help
- ↳ Zimbra Desktop Beta/RC
- General Zimbra
- ↳ General Zimbra Feedback
- ↳ Announcements
- ↳ Community News
- ↳ Zimbra Success Stories
- Portability
- ↳ BSD
- Other
- ↳ /etc
- ↳ International
- ↳ I18N/L10N - Translations
- ↳ Русский язык-фор
- ↳ French
- ↳ Italian
- ↳ German
- ↳ Spanish
- ↳ Scandinavian
- ↳ Portuguese