serious sasl username bug on 8.8.7

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
lvhannan
Posts: 18
Joined: Fri Apr 28, 2017 2:02 am

serious sasl username bug on 8.8.7

Post by lvhannan »

i find a serious problem about sender mismatch .for examplem, my domain is lv.com. i telnet my mail server using a fake user aa@yahoo.com send a email to my local domain user hannan@lv.com, it can success without any authentication. this will put our mail server in big risk. when i use old version zimbra8.6 i follow this article
https://wiki.zimbra.com/wiki/Enforcing_ ... strictions this article successful solve this
fake user problem, but when i upgrade to zimbra8.8.7, this method does not work any more, i do the same configuration as article, but when i test ,i still can use fake user
send email to my local domain user without any authentication.


i belive many user has suffer same problem. is there any solution to solve this on zimbra8.8.7?
User avatar
DualBoot
Elite member
Elite member
Posts: 1326
Joined: Mon Apr 18, 2016 8:18 pm
Location: France - Earth
ZCS/ZD Version: ZCS FLOSS - 8.8.15 Mutli servers
Contact:

Re: serious sasl username bug on 8.8.7

Post by DualBoot »

If you use in the field "mail from" aa@yahoo.com , it is normal.
Post Reply