8.0.2 Community Edition - no longer allows SMTP auth users send email - RBL blocked
-
- Posts: 20
- Joined: Sat Sep 13, 2014 2:57 am
8.0.2 Community Edition - no longer allows SMTP auth users send email - RBL blocked
[quote user="17126thunder04"]This seems to be a decent temporary fix, but I am still interested in configuring Zimbra so that
permit_sasl_authenticated
and
amavis_originating_bypass_sa = true
Do what they are supposed to do![/QUOTE]
+1
I found this thread after posting my bug:
which">https://bugzilla.zimbra.com/show_bug.cgi?id=79415
which, unfortunately, got reclassified as an "enhancement". I disagree, but have no ability to change it back.
If you're interested, lend your voice(s) there as well. THanks!
permit_sasl_authenticated
and
amavis_originating_bypass_sa = true
Do what they are supposed to do![/QUOTE]
+1
I found this thread after posting my bug:
which">https://bugzilla.zimbra.com/show_bug.cgi?id=79415
which, unfortunately, got reclassified as an "enhancement". I disagree, but have no ability to change it back.
If you're interested, lend your voice(s) there as well. THanks!
8.0.2 Community Edition - no longer allows SMTP auth users send email - RBL blocked
[quote user="17126thunder04"]
zimbra@cottontail:~/conf$ zmprov gacf | grep MtaRestriction
zimbraMtaRestriction: reject_non_fqdn_sender
zimbraMtaRestriction: reject_unknown_sender_domain
zimbraMtaRestriction: reject_rbl_client b.barracudacentral.org
zimbraMtaRestriction: reject_rbl_client sbl.spamhaus.org
zimbraMtaRestriction: reject_rbl_client xbl.spamhaus.org
zimbraMtaRestriction: reject_rbl_client dbl.spamhaus.org
zimbraMtaRestriction: reject_rbl_client cbl.abuseat.org
zimbraMtaRestriction: reject_rbl_client psbl.surriel.com
[/QUOTE]
I wanted to note, this is not the correct way to set RBL's in ZCS.
RBLs have their own attribute, zimbraMtaRestrictionRBLs
You simply set that to the RBL you want to use, like
zmprov ms +zimbraMtaRestrictionRBLs dbl.spamhaus.org
They should *not* be in zimbraMtaRestriction.
--Quanah
zimbra@cottontail:~/conf$ zmprov gacf | grep MtaRestriction
zimbraMtaRestriction: reject_non_fqdn_sender
zimbraMtaRestriction: reject_unknown_sender_domain
zimbraMtaRestriction: reject_rbl_client b.barracudacentral.org
zimbraMtaRestriction: reject_rbl_client sbl.spamhaus.org
zimbraMtaRestriction: reject_rbl_client xbl.spamhaus.org
zimbraMtaRestriction: reject_rbl_client dbl.spamhaus.org
zimbraMtaRestriction: reject_rbl_client cbl.abuseat.org
zimbraMtaRestriction: reject_rbl_client psbl.surriel.com
[/QUOTE]
I wanted to note, this is not the correct way to set RBL's in ZCS.
RBLs have their own attribute, zimbraMtaRestrictionRBLs
You simply set that to the RBL you want to use, like
zmprov ms +zimbraMtaRestrictionRBLs dbl.spamhaus.org
They should *not* be in zimbraMtaRestriction.
--Quanah
--
Quanah Gibson-Mount
Product Architect, Symas http://www.symas.com/
OpenLDAP Core team http://www.openldap.org/project/
Quanah Gibson-Mount
Product Architect, Symas http://www.symas.com/
OpenLDAP Core team http://www.openldap.org/project/
-
- Posts: 20
- Joined: Sat Sep 13, 2014 2:57 am
8.0.2 Community Edition - no longer allows SMTP auth users send email - RBL blocked
[quote user="quanah"]I wanted to note, this is not the correct way to set RBL's in ZCS.
RBLs have their own attribute, zimbraMtaRestrictionRBLs
You simply set that to the RBL you want to use, like
zmprov ms +zimbraMtaRestrictionRBLs dbl.spamhaus.org
They should *not* be in zimbraMtaRestriction.
--Quanah[/QUOTE]
I'd guess people are just following the instructions at:
"Configuring and Monitoring Postfix DNSBL"
which">https://wiki.zimbra.com/wiki/Configurin ... tfix_DNSBL
which specifically states to use:
zmprov mcf zimbraMtaRestriction [RBL type]
and makes no mention of:
zimbraMtaRestrictionRBLs
fyi:
zimbra@test:~$ zmcontrol -v
Release 8.0.2.GA.5569.UBUNTU12.64 UBUNTU12_64 FOSS edition.
zimbra@test:~$ zmprov gacf | grep -i zimbraMtaRestrictionRBL
zimbra@test:~$ zmprov gs `zmhostname` | grep -i zimbraMtaRestrictionRBL
zimbra@test:~$ zmlocalconfig | grep -i zimbraMtaRestrictionRBL
zimbra@test:~$
RBLs have their own attribute, zimbraMtaRestrictionRBLs
You simply set that to the RBL you want to use, like
zmprov ms +zimbraMtaRestrictionRBLs dbl.spamhaus.org
They should *not* be in zimbraMtaRestriction.
--Quanah[/QUOTE]
I'd guess people are just following the instructions at:
"Configuring and Monitoring Postfix DNSBL"
which">https://wiki.zimbra.com/wiki/Configurin ... tfix_DNSBL
which specifically states to use:
zmprov mcf zimbraMtaRestriction [RBL type]
and makes no mention of:
zimbraMtaRestrictionRBLs
fyi:
zimbra@test:~$ zmcontrol -v
Release 8.0.2.GA.5569.UBUNTU12.64 UBUNTU12_64 FOSS edition.
zimbra@test:~$ zmprov gacf | grep -i zimbraMtaRestrictionRBL
zimbra@test:~$ zmprov gs `zmhostname` | grep -i zimbraMtaRestrictionRBL
zimbra@test:~$ zmlocalconfig | grep -i zimbraMtaRestrictionRBL
zimbra@test:~$
-
- Posts: 27
- Joined: Sat Sep 13, 2014 12:22 am
8.0.2 Community Edition - no longer allows SMTP auth users send email - RBL blocked
When I add RBLs I just use the web interface. This auth bug exists in that manner as well.
-
- Posts: 20
- Joined: Sat Sep 13, 2014 2:57 am
8.0.2 Community Edition - no longer allows SMTP auth users send email - RBL blocked
[quote user="magneticinduction"]When I add RBLs I just use the web interface. This auth bug exists in that manner as well.[/QUOTE]
given that you've not 'polluted' your setup using other-than-UI, can you check/verify what _your_ setup returns for:
zmprov gacf | grep -i zimbraMtaRestriction
zmprov gs `zmhostname` | grep -i zimbraMtaRestriction
zmlocalconfig | grep -i zimbraMtaRestriction
?
update:
for anyone interested, the bug @
"SASL Authenticated mail submitted to port 587 from remote (mobile phone) networks is incorrectly checked/rejected by Zimbra Server's DNSBL checks"
has">https://bugzilla.zimbra.com/show_bug.cgi?id=79415
has been re-classified as a P2/Critical bug. I'd guess solutions will flow from there.
given that you've not 'polluted' your setup using other-than-UI, can you check/verify what _your_ setup returns for:
zmprov gacf | grep -i zimbraMtaRestriction
zmprov gs `zmhostname` | grep -i zimbraMtaRestriction
zmlocalconfig | grep -i zimbraMtaRestriction
?
update:
for anyone interested, the bug @
"SASL Authenticated mail submitted to port 587 from remote (mobile phone) networks is incorrectly checked/rejected by Zimbra Server's DNSBL checks"
has">https://bugzilla.zimbra.com/show_bug.cgi?id=79415
has been re-classified as a P2/Critical bug. I'd guess solutions will flow from there.
-
- Posts: 27
- Joined: Sat Sep 13, 2014 12:22 am
8.0.2 Community Edition - no longer allows SMTP auth users send email - RBL blocked
[quote user="16439dvirt"]given that you've not 'polluted' your setup using other-than-UI, can you check/verify what _your_ setup returns for:
zmprov gacf | grep -i zimbraMtaRestriction
zmprov gs `zmhostname` | grep -i zimbraMtaRestriction
zmlocalconfig | grep -i zimbraMtaRestriction
?
update:
for anyone interested, the bug @
"SASL Authenticated mail submitted to port 587 from remote (mobile phone) networks is incorrectly checked/rejected by Zimbra Server's DNSBL checks"
has">https://bugzilla.zimbra.com/show_bug.cgi?id=79415
has been re-classified as a P2/Critical bug. I'd guess solutions will flow from there.[/QUOTE]
$ zmprov gacf | grep -i zimbraMtaRestriction
zimbraMtaRestriction: reject_non_fqdn_sender
zimbraMtaRestriction: reject_rbl_client sbl.spamhaus.org
zimbraMtaRestriction: reject_rbl_client xbl.spamhaus.org
zimbraMtaRestriction: reject_rbl_client bl.spamcop.net
$ zmprov gs `me.domain.com` | grep -i zimbraMtaRestriction
me.domain.com: command not found
I dont think I made a typo up there.
$ zmlocalconfig | grep -i zimbraMtaRestriction
I got a blank output.
zmprov gacf | grep -i zimbraMtaRestriction
zmprov gs `zmhostname` | grep -i zimbraMtaRestriction
zmlocalconfig | grep -i zimbraMtaRestriction
?
update:
for anyone interested, the bug @
"SASL Authenticated mail submitted to port 587 from remote (mobile phone) networks is incorrectly checked/rejected by Zimbra Server's DNSBL checks"
has">https://bugzilla.zimbra.com/show_bug.cgi?id=79415
has been re-classified as a P2/Critical bug. I'd guess solutions will flow from there.[/QUOTE]
$ zmprov gacf | grep -i zimbraMtaRestriction
zimbraMtaRestriction: reject_non_fqdn_sender
zimbraMtaRestriction: reject_rbl_client sbl.spamhaus.org
zimbraMtaRestriction: reject_rbl_client xbl.spamhaus.org
zimbraMtaRestriction: reject_rbl_client bl.spamcop.net
$ zmprov gs `me.domain.com` | grep -i zimbraMtaRestriction
me.domain.com: command not found
I dont think I made a typo up there.
$ zmlocalconfig | grep -i zimbraMtaRestriction
I got a blank output.
-
- Posts: 20
- Joined: Sat Sep 13, 2014 2:57 am
8.0.2 Community Edition - no longer allows SMTP auth users send email - RBL blocked
[quote user="magneticinduction"]
$ zmprov gs `me.domain.com` | grep -i zimbraMtaRestriction
me.domain.com: command not found
I dont think I made a typo up there.
[/QUOTE]
it's either
zmprov gs `hostname` | grep -i zimbraMtaRestriction
or
zmprov gs me.domain.com | grep -i zimbraMtaRestriction
the backticks cause the cmd within to be exec'd
$ zmprov gs `me.domain.com` | grep -i zimbraMtaRestriction
me.domain.com: command not found
I dont think I made a typo up there.
[/QUOTE]
it's either
zmprov gs `hostname` | grep -i zimbraMtaRestriction
or
zmprov gs me.domain.com | grep -i zimbraMtaRestriction
the backticks cause the cmd within to be exec'd
-
- Advanced member
- Posts: 162
- Joined: Fri Sep 12, 2014 11:14 pm
8.0.2 Community Edition - no longer allows SMTP auth users send email - RBL blocked
I was going to report that even though authenticated user mail was not being spam checked any more, it was still being checked against RBLs. However, after reviewing the bug linked above, the fix from Quanah Gibson-Mount seems to have fixed it for me!
[quote]
For 8.0.2, I *believe* the following will fix the issue, but I have no way to
test:
cd /opt/zimbra/conf/zmconfigd/
vi smtpd_recipient_restrictions.cf
Add the following 2 lines to the start of the file:
permit_sasl_authenticated
permit_mynetworks
zmcontrol stop;zmcontrol start
[/quote]
In terms of the zimbraMtaRestriction vs zimbraMtaRestrictionRBL, here's what my server returns:
zimbra@cottontail:~$ zmprov gacf | grep -i zimbraMtaRestriction
zimbraMtaRestriction: reject_non_fqdn_sender
zimbraMtaRestriction: reject_unknown_sender_domain
zimbraMtaRestriction: reject_rbl_client b.barracudacentral.org
zimbraMtaRestriction: reject_rbl_client zen.spamhaus.org
zimbraMtaRestriction: reject_rbl_client dnsbl.njabl.org
zimbra@cottontail:~$ zmprov gs `zmhostname` | grep -i zimbraMtaRestriction
zimbra@cottontail:~$
zimbra@cottontail:~$ zmlocalconfig | grep -i zimbraMtaRestriction
zimbra@cottontail:~$
We upgraded from 6.0.14 to 8.0.2, which I'm sure makes a difference. We only add/remove RBLs through the admin GUI and rarely (if ever) make config changes via any of the CLI tools. Also, when I make RBL changes post 8.0.2 upgrade, they still seem to apply as "zimbraMtaRestriction: reject_rbl_client xxx". This is just an FYI more than anything else.
[quote]
For 8.0.2, I *believe* the following will fix the issue, but I have no way to
test:
cd /opt/zimbra/conf/zmconfigd/
vi smtpd_recipient_restrictions.cf
Add the following 2 lines to the start of the file:
permit_sasl_authenticated
permit_mynetworks
zmcontrol stop;zmcontrol start
[/quote]
In terms of the zimbraMtaRestriction vs zimbraMtaRestrictionRBL, here's what my server returns:
zimbra@cottontail:~$ zmprov gacf | grep -i zimbraMtaRestriction
zimbraMtaRestriction: reject_non_fqdn_sender
zimbraMtaRestriction: reject_unknown_sender_domain
zimbraMtaRestriction: reject_rbl_client b.barracudacentral.org
zimbraMtaRestriction: reject_rbl_client zen.spamhaus.org
zimbraMtaRestriction: reject_rbl_client dnsbl.njabl.org
zimbra@cottontail:~$ zmprov gs `zmhostname` | grep -i zimbraMtaRestriction
zimbra@cottontail:~$
zimbra@cottontail:~$ zmlocalconfig | grep -i zimbraMtaRestriction
zimbra@cottontail:~$
We upgraded from 6.0.14 to 8.0.2, which I'm sure makes a difference. We only add/remove RBLs through the admin GUI and rarely (if ever) make config changes via any of the CLI tools. Also, when I make RBL changes post 8.0.2 upgrade, they still seem to apply as "zimbraMtaRestriction: reject_rbl_client xxx". This is just an FYI more than anything else.
-
- Posts: 20
- Joined: Sat Sep 13, 2014 2:57 am
8.0.2 Community Edition - no longer allows SMTP auth users send email - RBL blocked
[quote user="17126thunder04"]In terms of the zimbraMtaRestriction vs zimbraMtaRestrictionRBL, here's what my server returns:
...
We upgraded from 6.0.14 to 8.0.2, which I'm sure makes a difference. We only add/remove RBLs through the admin GUI and rarely (if ever) make config changes via any of the CLI tools. Also, when I make RBL changes post 8.0.2 upgrade, they still seem to apply as "zimbraMtaRestriction: reject_rbl_client xxx". This is just an FYI more than anything else.
[/QUOTE]
I clean-installed 8.0.0, and upgraded to 8.0.2.
So neither you, nor I, nor magneticinduction see and trace of zimbraMtaRestrictionRBL, rather only zimbraMtaRestriction, regardless of how we add the DNSBL -- cmd line or shell.
Which seems to contradict:
[quote user="quanah"]I wanted to note, this is not the correct way to set RBL's in ZCS.
RBLs have their own attribute, zimbraMtaRestrictionRBLs
You simply set that to the RBL you want to use, like
zmprov ms +zimbraMtaRestrictionRBLs dbl.spamhaus.org
They should *not* be in zimbraMtaRestriction.
[/QUOTE]
I'm hoping we can get some clarification & consistent documentation on this.
...
We upgraded from 6.0.14 to 8.0.2, which I'm sure makes a difference. We only add/remove RBLs through the admin GUI and rarely (if ever) make config changes via any of the CLI tools. Also, when I make RBL changes post 8.0.2 upgrade, they still seem to apply as "zimbraMtaRestriction: reject_rbl_client xxx". This is just an FYI more than anything else.
[/QUOTE]
I clean-installed 8.0.0, and upgraded to 8.0.2.
So neither you, nor I, nor magneticinduction see and trace of zimbraMtaRestrictionRBL, rather only zimbraMtaRestriction, regardless of how we add the DNSBL -- cmd line or shell.
Which seems to contradict:
[quote user="quanah"]I wanted to note, this is not the correct way to set RBL's in ZCS.
RBLs have their own attribute, zimbraMtaRestrictionRBLs
You simply set that to the RBL you want to use, like
zmprov ms +zimbraMtaRestrictionRBLs dbl.spamhaus.org
They should *not* be in zimbraMtaRestriction.
[/QUOTE]
I'm hoping we can get some clarification & consistent documentation on this.
8.0.2 Community Edition - no longer allows SMTP auth users send email - RBL blocked
[quote user="16439dvirt"]I clean-installed 8.0.0, and upgraded to 8.0.2.
So neither you, nor I, nor magneticinduction see and trace of zimbraMtaRestrictionRBL, rather only zimbraMtaRestriction, regardless of how we add the DNSBL -- cmd line or shell.
I'm hoping we can get some clarification & consistent documentation on this.[/QUOTE]
cd /opt/zimbra/conf/zmconfigd
grep zimbraMtaRestrictionRBLs smtpd_recipient_restrictions.cf
The code does not lie. The documentation is clearly wrong, and the Admin console is clearly broken.
--Quanah
So neither you, nor I, nor magneticinduction see and trace of zimbraMtaRestrictionRBL, rather only zimbraMtaRestriction, regardless of how we add the DNSBL -- cmd line or shell.
I'm hoping we can get some clarification & consistent documentation on this.[/QUOTE]
cd /opt/zimbra/conf/zmconfigd
grep zimbraMtaRestrictionRBLs smtpd_recipient_restrictions.cf
The code does not lie. The documentation is clearly wrong, and the Admin console is clearly broken.
--Quanah
--
Quanah Gibson-Mount
Product Architect, Symas http://www.symas.com/
OpenLDAP Core team http://www.openldap.org/project/
Quanah Gibson-Mount
Product Architect, Symas http://www.symas.com/
OpenLDAP Core team http://www.openldap.org/project/