Hi
could you please help me i’m using Zimbra
Release 8.8.9.GA.3019.UBUNTU16.64 UBUNTU16_64 FOSS edition, Patch 8.8.9_P4.
using telnet the smtp server allows me to use a fake “from” to send mails to the domain configured in zimbra.
Maybe someone have an idea how to fix this behavior?
Thanks
telnet mail.example.com 25
Trying XX.XX.XX.XX...
Connected to mail.example.com.
Escape character is '^]'.
220 ******************************
helo mail
250 mail.example.com
mail from:test@exampleNO.com
250 2.1.0 Ok
rcpt to:test@example.com
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
.
250 2.0.0 Ok: queued as BE7816695E2
mynetworks = 127.0.0.0/8 10.200.4.4/32 for nat
zmprov gacf zimbraMtaSmtpdSenderRestrictions
zimbraMtaSmtpdSenderRestrictions: reject_authenticated_sender_login_mismatch
zmprov gacf zimbraMtaSmtpdRejectUnlistedRecipient
zimbraMtaSmtpdRejectUnlistedRecipient: yes
zmprov gacf zimbraMtaSmtpdRejectUnlistedSender
zimbraMtaSmtpdRejectUnlistedSender: yes
zmprov gcf zimbraMtaSmtpdSenderLoginMaps
zimbraMtaSmtpdSenderLoginMaps: proxy:ldap:/opt/zimbra/conf/ldap-slm.cf
smtp_sender_restrictions.cf
%%exact VAR:zimbraMtaSmtpdSenderRestrictions reject_authenticated_sender_login_mismatch%%
%%contains VAR:zimbraMtaSmtpdSenderRestrictions check_sender_access lmdb:/opt/zimbra/conf/postfix_reject_sender%%
%%contains VAR:zimbraServiceEnabled cbpolicyd^ check_policy_service inet:localhost:%%zimbraCBPolicydBindPort%%%%
%%contains VAR:zimbraServiceEnabled amavis^ check_sender_access regexp:/opt/zimbra/common/conf/tag_as_originating.re%%
permit_mynetworks
reject_sender_login_mismatch
permit_sasl_authenticated
reject_unlisted_sender
reject_authenticated_sender_login_mismatch
permit_tls_clientcerts
%%contains VAR:zimbraServiceEnabled amavis^ check_sender_access regexp:/opt/zimbra/common/conf/tag_as_foreign.re%%
Rejecting false mail from addresses
- fferraro87
- Advanced member
- Posts: 99
- Joined: Thu Apr 28, 2016 8:58 am
Re: Rejecting false mail from addresses
maybe you can use cpolicyd please see https://wiki.zimbra.com/wiki/How-to_for_cbpolicyd
and configure accesscontrol in order to send email only from selected domain
and configure accesscontrol in order to send email only from selected domain
- pup_seba
- Outstanding Member
- Posts: 687
- Joined: Sat Sep 13, 2014 2:43 am
- Location: Tarragona - Spain
- Contact:
Re: Rejecting false mail from addresses
It is curious to see how a question and an answer referring to this subject, do not reference this wiki https://wiki.zimbra.com/wiki/Rejecting_ ... _addresses
edit:
Just got in front of the computer and now I see what the question was and why my previous link is not the thing you need. I think that what you are looking for is a pretty basic postfix verification named "reject_unknown_sender_domain" I don't remember how it is called in zimbra but I do remember that is a configuration you could change directly from the webUI under MTA configuration.
edit:
Just got in front of the computer and now I see what the question was and why my previous link is not the thing you need. I think that what you are looking for is a pretty basic postfix verification named "reject_unknown_sender_domain" I don't remember how it is called in zimbra but I do remember that is a configuration you could change directly from the webUI under MTA configuration.
Re: Rejecting false mail from addresses
Settings for these articles from the wiki were carried out, but unfortunately it did not help.
https://wiki.zimbra.com/wiki/Rejecting_ ... _addresses
https://wiki.zimbra.com/wiki/Enforcing_ ... ername_8.5
Does anyone have the opportunity to check the connection on your telnet server as in my example?
https://wiki.zimbra.com/wiki/Rejecting_ ... _addresses
https://wiki.zimbra.com/wiki/Enforcing_ ... ername_8.5
Does anyone have the opportunity to check the connection on your telnet server as in my example?
- pup_seba
- Outstanding Member
- Posts: 687
- Joined: Sat Sep 13, 2014 2:43 am
- Location: Tarragona - Spain
- Contact:
Re: Rejecting false mail from addresses
The reason why those seetings don't work, is the reason of my "edit" in my previous comment.
I'll say it clear here, you need to enable under "global config > mta", the configuration named reject_unknown_sender_domain. Save the changes and give it a minute for changes to take effect.
I'll say it clear here, you need to enable under "global config > mta", the configuration named reject_unknown_sender_domain. Save the changes and give it a minute for changes to take effect.
Re: Rejecting false mail from addresses
pup_seba wrote:The reason why those seetings don't work, is the reason of my "edit" in my previous comment.
I'll say it clear here, you need to enable under "global config > mta", the configuration named reject_unknown_sender_domain. Save the changes and give it a minute for changes to take effect.
All perfectly. thank you, you helped a lot