Restricted Sender/Sender Must Login on Zimbra 8.7

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
fathianf
Posts: 29
Joined: Fri Sep 12, 2014 10:33 pm

Restricted Sender/Sender Must Login on Zimbra 8.7

Post by fathianf »

Hi. I have upgraded from zimbra 8.0.7 on centos 6.5 to zimbra 8.7.1 on centos 7. I already had auth login over telnet on port 25 but after upgrade I have lost this useful feature. so I searched on this topic again and I did the following steps and finally I got "Temporary failure login" and nobody could send mail to us.
su - zimbra
zmprov mcf zimbraMtaSmtpdSenderLoginMaps proxy:ldap:/opt/zimbra/conf/ldap-slm.cf +zimbraMtaSmtpdSenderRestrictions reject_authenticated_sender_login_mismatch
vi /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf
Added reject_sender_login_mismatch after permit_mynetworks so as follows:
Permit_mynetworks, reject_sender_login_mismatch
postfix reload
Please let me know what else should I do as our mail security is in danger and spammer can use our email addresses to send fake email to ourselves.
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Restricted Sender/Sender Must Login on Zimbra 8.7

Post by phoenix »

fathianf wrote:Please let me know what else should I do as our mail security is in danger and spammer can use our email addresses to send fake email to ourselves.
Port 25 on a mail server should be open and have no restrictions on it otherwise you'll continue to have problems receiving email. If you have a spam 'proble' then you need to adddress that with some of the ant-spam tools already supplied in ZCS. Take a look at using Postscreen, some of the wiki articles and forum threads on how to improve the ability of your server to deal with the spam.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
iomarmochtar
Posts: 41
Joined: Sat Sep 13, 2014 3:54 am
Location: Indonesia
Contact:

Re: Restricted Sender/Sender Must Login on Zimbra 8.7

Post by iomarmochtar »

fathianf wrote:Hi. I have upgraded from zimbra 8.0.7 on centos 6.5 to zimbra 8.7.1 on centos 7. I already had auth login over telnet on port 25 but after upgrade I have lost this useful feature. so I searched on this topic again and I did the following steps and finally I got "Temporary failure login" and nobody could send mail to us.
su - zimbra
zmprov mcf zimbraMtaSmtpdSenderLoginMaps proxy:ldap:/opt/zimbra/conf/ldap-slm.cf +zimbraMtaSmtpdSenderRestrictions reject_authenticated_sender_login_mismatch
vi /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf
Added reject_sender_login_mismatch after permit_mynetworks so as follows:
Permit_mynetworks, reject_sender_login_mismatch
postfix reload
Please let me know what else should I do as our mail security is in danger and spammer can use our email addresses to send fake email to ourselves.
Did you mean by "forbid unauthenticated user using internal domain" ? if so then it should be included by default in zimbra installation

check_sender_access lmdb:/opt/zimbra/conf/domainrestrict

you may strictly filter trusted network IP(s) because it can send email as internal domain (through port 25) without authentication.

Code: Select all

zmprov gacf zimbraMtaMyNetworks
or

Code: Select all

zmprov gs `zmhostname` zimbraMtaMyNetworks
lvhannan2
Posts: 7
Joined: Wed Apr 11, 2018 8:02 am

Re: Restricted Sender/Sender Must Login on Zimbra 8.7

Post by lvhannan2 »

i have the exactly same problem too, when i use zimbra8.6 everthing is fine, but after upgrade to zimbra8.8.7, this prevent fake sender configuration does not work.
daniele.antolini
Posts: 36
Joined: Fri Jul 08, 2016 7:41 am

Re: Restricted Sender/Sender Must Login on Zimbra 8.7

Post by daniele.antolini »

lvhannan2 wrote:i have the exactly same problem too, when i use zimbra8.6 everthing is fine, but after upgrade to zimbra8.8.7, this prevent fake sender configuration does not work.
I've the same issue on Zimbra 8.7.11
buiphezzz
Posts: 5
Joined: Fri Feb 22, 2019 6:12 am

Re: Restricted Sender/Sender Must Login on Zimbra 8.7

Post by buiphezzz »

Zimbra Improvement : Restricted Sender/Sender Must Login on Zimbra 8 : https://www.vavai.net/2014/02/zimbra-im ... -zimbra-8/
P/S: If version 8.8.11 => remove line "POSTCONF smtpd_sender_login_maps FILE zmconfigd/smtpd_sender_login_maps.cf" on /opt/zimbra/conf/zmconfigd.cf
[zimbra@mailsrv-zbr ~]$ zmcontrol -v
Release 8.8.11_GA_3737.RHEL7_64_20181207111719 RHEL7_64 FOSS edition, Patch 8.8.11_P2.
Post Reply