Greetings!
On one of our third-party services, the script that sends out reports to users broke down. As a result, spam was sent to users mailboxes. When I blocked the mailbox used for sending reports, spam did not stop being sent until the mailing script itself was disabled. The script was able to send mail via blocked account.
The log contains information about authorization refusal.
May 29 06:25:38 mail saslauthd[15664]: auth_zimbra: mailbox@domain.com auth failed: authentication failed for [mailbox@domain.com]
May 29 06:25:38 mail saslauthd[15664]: do_auth : auth failure: [user=mailbox@domain.com] [service=smtp] [realm=domain.com] [mech=zimbra] [reason=Unknown]
May 29 06:25:38 mail postfix/smtpd[26184]: warning: unknown[xxx.xxx.xxx.xx1]: SASL login authentication failed: authentication failure
But the sending occurred
As I understand it, the mail has been sent because the sender node belongs to the internal LAN address (MYNETWORKS RULE)
May 29 06:25:37 mail postfix/postscreen[17173]: CONNECT from [xxx.xxx.xxx.xx1]:63627 to [xxx.xxx.xxx.xx2]:25
May 29 06:25:37 mail postfix/postscreen[17173]: WHITELISTED [xxx.xxx.xxx.xx1]:63627
It turns out that any unauthorized node can send spam if it is connected from "MYNETWORK" subnet?
How can I prevent sending from unauthorized users?
smtpd_sender_restrictions = check_sender_access regexp:/opt/zimbra/common/conf/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, permit_tls_clientcerts, check_sender_access regexp:/opt/zimbra/common/conf/tag_as_foreig
As I understand it rule "permit_mynetworks" will be processed earlier than the rule "permit_sasl_authenticated". How to change the processing order? Will it be enough to just edit it manually /opt/zimbra/common/conf ?
Checking authorization from local nodes
Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Jump to
- Zimbra Collaboration Server
- ↳ Administrators
- ↳ Installation and Upgrade
- ↳ Migration
- ↳ Virtualization
- ↳ Developers
- ↳ Zimlets
- ↳ Users
- ↳ Zimbra Connector for Outlook
- ↳ Zimbra Connector for Blackberry
- ↳ CalDAV / CardDAV / iSync
- ↳ Zimbra Collaboration 8.8 Beta
- ↳ Mobility
- ↳ Zimbra Talk
- ↳ Universal UI
- ↳ Zimbra Chat
- ↳ Zimbra Drive
- Zimbra Suite Plus
- ↳ Installation and Upgrade
- ↳ Zimbra Admin Plus
- ↳ Zimbra Backup Plus
- ↳ Zimbra HSM Plus
- ↳ Zimbra Mobile Plus
- Zimbra Desktop
- ↳ General Questions
- ↳ Error Reports
- ↳ Installation Help
- ↳ Zimbra Desktop Beta/RC
- General Zimbra
- ↳ General Zimbra Feedback
- ↳ Announcements
- ↳ Community News
- ↳ Zimbra Success Stories
- Portability
- ↳ BSD
- Other
- ↳ /etc
- ↳ International
- ↳ I18N/L10N - Translations
- ↳ Русский язык-фор
- ↳ French
- ↳ Italian
- ↳ German
- ↳ Spanish
- ↳ Scandinavian
- ↳ Portuguese