On one of our third-party services, the script that sends out reports to users broke down. As a result, spam was sent to users mailboxes. When I blocked the mailbox used for sending reports, spam did not stop being sent until the mailing script itself was disabled. The script was able to send mail via blocked account.
The log contains information about authorization refusal.
May 29 06:25:38 mail saslauthd: auth_zimbra: firstname.lastname@example.org auth failed: authentication failed for [email@example.com]
May 29 06:25:38 mail saslauthd: do_auth : auth failure: [firstname.lastname@example.org] [service=smtp] [realm=domain.com] [mech=zimbra] [reason=Unknown]
May 29 06:25:38 mail postfix/smtpd: warning: unknown[xxx.xxx.xxx.xx1]: SASL login authentication failed: authentication failure
But the sending occurred
As I understand it, the mail has been sent because the sender node belongs to the internal LAN address (MYNETWORKS RULE)
May 29 06:25:37 mail postfix/postscreen: CONNECT from [xxx.xxx.xxx.xx1]:63627 to [xxx.xxx.xxx.xx2]:25
May 29 06:25:37 mail postfix/postscreen: WHITELISTED [xxx.xxx.xxx.xx1]:63627
It turns out that any unauthorized node can send spam if it is connected from "MYNETWORK" subnet?
How can I prevent sending from unauthorized users?
smtpd_sender_restrictions = check_sender_access regexp:/opt/zimbra/common/conf/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, permit_tls_clientcerts, check_sender_access regexp:/opt/zimbra/common/conf/tag_as_foreig
As I understand it rule "permit_mynetworks" will be processed earlier than the rule "permit_sasl_authenticated". How to change the processing order? Will it be enough to just edit it manually /opt/zimbra/common/conf ?
Discuss your pilot or production implementation with other Zimbra admins or our engineers.
1 post • Page 1 of 1
Who is online
Users browsing this forum: No registered users and 21 guests