Force smtp auth for domain alias
Posted: Mon Oct 14, 2019 9:19 am
I followed this manual https://wiki.zimbra.com/wiki/Enforcing_ ... ername_8.5
Zimbra 8.8.15_GA_3869 (build 20190917004220)
My config
When i tried to send fake email from my master domain example.com (not domain alias) and this email was blocked with "Sender address rejected: not logged in".
But I can connect from internet to zimbra mail server on 25 port and send fake email from my alias domain user@example-alias.com (alias to example.com) without smtp auth, for example:
1. from admin@example.com to user@example.com - Rejected with "Sender address rejected: not logged in"
2. from admin@example-alias.com to user@example-alias.com - OK
3. from admin@example-alias.com to user@example.com - OK
As a result my users receive messages like this viewtopic.php?p=293648#p293648
How to force smtp auth for domain aliases too?
Zimbra 8.8.15_GA_3869 (build 20190917004220)
My config
Code: Select all
[zimbra@mail ~]$ zmprov gcf zimbraMtaSmtpdRejectUnlistedRecipient
zimbraMtaSmtpdRejectUnlistedRecipient: yes
[zimbra@mail ~]$ zmprov gcf zimbraMtaSmtpdRejectUnlistedSender
zimbraMtaSmtpdRejectUnlistedSender: yes
[zimbra@mail ~]$ zmprov gcf zimbraMtaSmtpdSenderLoginMaps
zimbraMtaSmtpdSenderLoginMaps: proxy:ldap:/opt/zimbra/conf/ldap-slm.cf
[zimbra@mail ~]$ zmprov gcf zimbraMtaSmtpdSenderRestrictions
zimbraMtaSmtpdSenderRestrictions: reject_authenticated_sender_login_mismatch
Code: Select all
[zimbra@mail ~]$ cat /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf
%%exact VAR:zimbraMtaSmtpdSenderRestrictions reject_authenticated_sender_login_mismatch%%
%%contains VAR:zimbraMtaSmtpdSenderRestrictions check_sender_access lmdb:/opt/zimbra/conf/postfix_reject_sender%%
%%contains VAR:zimbraServiceEnabled cbpolicyd^ check_policy_service inet:localhost:%%zimbraCBPolicydBindPort%%%%
%%contains VAR:zimbraServiceEnabled amavis^ check_sender_access regexp:/opt/zimbra/common/conf/tag_as_originating.re%%
permit_mynetworks,reject_sender_login_mismatch
permit_sasl_authenticated
permit_tls_clientcerts
%%contains VAR:zimbraServiceEnabled amavis^ check_sender_access regexp:/opt/zimbra/common/conf/tag_as_foreign.re%%
Code: Select all
[zimbra@mail ~]$ zmprov gs `zmhostname` zimbraMtaMyNetworks
# name mail.example.com
zimbraMtaMyNetworks: !10.1.62.4 127.0.0.0/8 10.1.62.0/24 10.1.63.0/24 172.16.0.0/12 192.168.0.0/16
But I can connect from internet to zimbra mail server on 25 port and send fake email from my alias domain user@example-alias.com (alias to example.com) without smtp auth, for example:
1. from admin@example.com to user@example.com - Rejected with "Sender address rejected: not logged in"
2. from admin@example-alias.com to user@example-alias.com - OK
3. from admin@example-alias.com to user@example.com - OK
As a result my users receive messages like this viewtopic.php?p=293648#p293648
How to force smtp auth for domain aliases too?