I'll admit this feels like a really dumb question- and there may be a simple term for this concept, but I'm not aware of it, so my searches were fruitless.
We have a pretty common scenario of hardware devices that may periodically send internal notifications to a few administrative email addresses.
I'm not sure what might have been changed in our system (we haven't done an upgrade in a while ZCS8.6.0) but this was allowed previously, and now Zimbra rejects the unknown sender unless we add an account for it.
Is there a suggested way to handle these types of senders?
Thanks,
Travis-
Allowing specific internal sender addresses through the MTA without a mailbox
-
- Posts: 32
- Joined: Fri Sep 12, 2014 11:48 pm
-
- Posts: 32
- Joined: Fri Sep 12, 2014 11:48 pm
Re: Allowing specific internal sender addresses through the MTA without a mailbox
I see that I can disable zimbraMtaSmtpdRejectUnlistedSender, but it would be nice to only allow certain senders...
- DavidMerrill
- Advanced member
- Posts: 126
- Joined: Thu Jul 30, 2015 2:44 pm
- Location: Portland, ME
- ZCS/ZD Version: 8.8.15 P19
- Contact:
Re: Allowing specific internal sender addresses through the MTA without a mailbox
___________________________________
David Merrill - Zimbra Practice Lead
OTELCO Zimbra Hosting, Licensing and Professional Services
Zeta Alliance
David Merrill - Zimbra Practice Lead
OTELCO Zimbra Hosting, Licensing and Professional Services
Zeta Alliance
-
- Posts: 32
- Joined: Fri Sep 12, 2014 11:48 pm
Re: Allowing specific internal sender addresses through the MTA without a mailbox
Thanks David-
Yeah, That's how we've had them setup in Zimbra for many years.
Now, the MTA seems to still allow the devices to submit messages, but rejects the messages afterward for having a sender address that doesn't exist on the Zimbra server.
I certainly don't want to create a bunch of mailboxes for "server-A@mydomain.net" just so that the MTA will allow messages through.
I think I did do an apt-get upgrade recently, but I didn't expect anything to affect our Zimbra install since it's not installed that way...
Yeah, That's how we've had them setup in Zimbra for many years.
Now, the MTA seems to still allow the devices to submit messages, but rejects the messages afterward for having a sender address that doesn't exist on the Zimbra server.
I certainly don't want to create a bunch of mailboxes for "server-A@mydomain.net" just so that the MTA will allow messages through.
I think I did do an apt-get upgrade recently, but I didn't expect anything to affect our Zimbra install since it's not installed that way...
-
- Posts: 32
- Joined: Fri Sep 12, 2014 11:48 pm
Re: Allowing specific internal sender addresses through the MTA without a mailbox
For now, disabling zimbraMtaSmtpdRejectUnlistedSender resolved the problem, but that setting certainly isn't what started the problem, as I'm the only one here that could have changed it, and I didn't.
If anyone has a preferred method for handling these types of senders, I'd love to hear it.
If anyone has a preferred method for handling these types of senders, I'd love to hear it.
- L. Mark Stone
- Ambassador
- Posts: 2802
- Joined: Wed Oct 09, 2013 11:35 am
- Location: Portland, Maine, US
- ZCS/ZD Version: 10.0.7 Network Edition
- Contact:
Re: Allowing specific internal sender addresses through the MTA without a mailbox
Still on 8.6?MightyGorilla wrote:For now, disabling zimbraMtaSmtpdRejectUnlistedSender resolved the problem, but that setting certainly isn't what started the problem, as I'm the only one here that could have changed it, and I didn't.
If anyone has a preferred method for handling these types of senders, I'd love to hear it.
It's also possible you might be seeing the effects from the Mailsploit phishing/spoofing remediation work (I haven't touched an 8.6 system since early January except to migrate them to 8.8.8...). See https://bugzilla.zimbra.com/show_bug.cgi?id=108709. Barry deGraff has a nice zimlet for this too: https://github.com/Zimbra-Community/spo ... ert-zimlet
You can check if zimbraPrefShortEmailAddress is set to FALSE (no Mailsploit):
Code: Select all
zmprov gc <name-of-ClassofService> zimbraPrefShortEmailAddress
Hope that helps,
Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
-
- Posts: 32
- Joined: Fri Sep 12, 2014 11:48 pm
Re: Allowing specific internal sender addresses through the MTA without a mailbox
Thanks Mark,
I didn't see your post until waaay later. We are still on 8.6 but will upgrade as soon as I get a good chance.
I haven't used zimbraMailTrustedIP before, and I'm not sure how it's different from zimbraMtaMyNetworks.
To add a single machine to zimbraMtaMyNetworks, I have just used its IP with a /32
I didn't see your post until waaay later. We are still on 8.6 but will upgrade as soon as I get a good chance.
I haven't used zimbraMailTrustedIP before, and I'm not sure how it's different from zimbraMtaMyNetworks.
To add a single machine to zimbraMtaMyNetworks, I have just used its IP with a /32