Hello,
here is my little story (background) : I am a user a Zimbra since the v5, and my current server is on the latest v6. Because of old hardware, I didn't upgrade, but everything worked really well.
Now that I have invested in a new server, I tried v8 (8.0.4_GA_5737.FOSS) as a fresh new install (no upgrade).
As I have 2 domains, the old server is on 1 domain, and the new one on the second domain, I will do an alias later.
But now, here is the problem : within the last 2 days, it seems that spammers have found the new server, and I was stuck with a mail queue of 350000+ mails.
After searching a little, it seems that auth on smtp was not mandatory (tested on MX Lookup Tool - Check your DNS MX Records online - MxToolbox on both servers, old one is good, new one is said to be an open relay).
This was my network setting :
zmprov gas -v | grep MyNetwork
-> zimbraMtaMyNetworks: 127.0.0.0/8 192.168.0.0/24 [somes ipv6 settings was here too]
to make stop the mess, now it is setup like that :
zimbraMtaMyNetworks: 127.0.0.0/8 192.168.0.2/24
The problem is that now, I can't send email throught the new server from everywhere.
The auth settings are setup like that :
zmprov getServer xxxxx.me | grep Auth
zimbraMtaAuthEnabled: TRUE
zimbraMtaAuthHost: xxxxx.me
zimbraMtaAuthTarget: TRUE
zimbraMtaAuthURL: https://xxxxx.me:443/service/soap/
zimbraMtaSaslAuthEnable: yes
zimbraMtaTlsAuthOnly: TRUE
zimbraShareNotificationMtaAuthRequired: FALSE
I have a question : is it normal that zimbraMtaSaslAuthEnable changed from TRUE / FALSE setting to yes / no ??
I don't really know why the new server don't enforce the use of auth on smtp, but it is a big problem for me, as now my ip is banned.
Can someone please help me.
Best regards.
Unable to force auth on smtp, server transformed as spam relay after 2 days online
Unable to force auth on smtp, server transformed as spam relay after 2 days online
[quote]After searching a little, it seems that auth on smtp was not mandatory[/QUOTE]If you're talking about port 25 then implementing that will stop you from receiving email.
[quote](tested on MX Lookup Tool - Check your DNS MX Records online - MxToolbox on both servers, old one is good, new one is said to be an open relay).[/QUOTE]If that's the case then you have either done something to make Zimbra an open relay or there's something wrong with your LAN configuration - a default install of Zimbra is not an open relay.
[quote]zmprov gas -v | grep MyNetwork
-> zimbraMtaMyNetworks: 127.0.0.0/8 192.168.0.0/24 [somes ipv6 settings was here too][/QUOTE]That's the default and allows all machines on your LAN to send mail without authentication.
[quote]to make stop the mess, now it is setup like that :
zimbraMtaMyNetworks: 127.0.0.0/8 192.168.0.2/24[/QUOTE]You've entered an incorrect value for the LAN IP & Subnet, what are you trying to do with this change?
[quote]The problem is that now, I can't send email throught the new server from everywhere.[/QUOTE]How are you actually trying to send mail? Are you using port 25 or the correct submission port 587?
[quote](tested on MX Lookup Tool - Check your DNS MX Records online - MxToolbox on both servers, old one is good, new one is said to be an open relay).[/QUOTE]If that's the case then you have either done something to make Zimbra an open relay or there's something wrong with your LAN configuration - a default install of Zimbra is not an open relay.
[quote]zmprov gas -v | grep MyNetwork
-> zimbraMtaMyNetworks: 127.0.0.0/8 192.168.0.0/24 [somes ipv6 settings was here too][/QUOTE]That's the default and allows all machines on your LAN to send mail without authentication.
[quote]to make stop the mess, now it is setup like that :
zimbraMtaMyNetworks: 127.0.0.0/8 192.168.0.2/24[/QUOTE]You've entered an incorrect value for the LAN IP & Subnet, what are you trying to do with this change?
[quote]The problem is that now, I can't send email throught the new server from everywhere.[/QUOTE]How are you actually trying to send mail? Are you using port 25 or the correct submission port 587?
Unable to force auth on smtp, server transformed as spam relay after 2 days online
[quote user="10330phoenix"]You've entered an incorrect value for the LAN IP & Subnet, what are you trying to do with this change?[/QUOTE]
It was a quick fix to make it stop the problem. I know that it is not the way to do it.
But I thnik I found the problem, maybe you can confirm that for me.
Both servers are behind a router, ports for the old one are routed directly on the local ip of the server, but for the new one, ports are routed on a server that is iptable to forward everything to zimbra, so everything is seen as comming from the local network.
I will change the way ports are routed for the new zimbra.
Will come back to tell if it was that.
Thanks.
It was a quick fix to make it stop the problem. I know that it is not the way to do it.
But I thnik I found the problem, maybe you can confirm that for me.
Both servers are behind a router, ports for the old one are routed directly on the local ip of the server, but for the new one, ports are routed on a server that is iptable to forward everything to zimbra, so everything is seen as comming from the local network.
I will change the way ports are routed for the new zimbra.
Will come back to tell if it was that.
Thanks.
Unable to force auth on smtp, server transformed as spam relay after 2 days online
[quote]Both servers are behind a router, ports for the old one are routed directly on the local ip of the server, but for the new one, ports are routed on a server that is iptable to forward everything to zimbra, so everything is seen as comming from the local network.[/QUOTE]Yes, that will make it an open relay.
Unable to force auth on smtp, server transformed as spam relay after 2 days online
[quote user="10330phoenix"]Yes, that will make it an open relay.[/QUOTE]
I can confirm that now ! Great no problem, everything works like expected, thanks for all !
Best regards.
I can confirm that now ! Great no problem, everything works like expected, thanks for all !
Best regards.