Hi. I have upgraded from zimbra 8.0.7 on centos 6.5 to zimbra 8.7.1 on centos 7. I already had auth login over telnet on port 25 but after upgrade I have lost this useful feature. so I searched on this topic again and I did the following steps and finally I got "Temporary failure login" and nobody could send mail to us.
su - zimbra
zmprov mcf zimbraMtaSmtpdSenderLoginMaps proxy:ldap:/opt/zimbra/conf/ldap-slm.cf +zimbraMtaSmtpdSenderRestrictions reject_authenticated_sender_login_mismatch
vi /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf
Added reject_sender_login_mismatch after permit_mynetworks so as follows:
Permit_mynetworks, reject_sender_login_mismatch
postfix reload
Please let me know what else should I do as our mail security is in danger and spammer can use our email addresses to send fake email to ourselves.
Restricted Sender/Sender Must Login on Zimbra 8.7
Re: Restricted Sender/Sender Must Login on Zimbra 8.7
Port 25 on a mail server should be open and have no restrictions on it otherwise you'll continue to have problems receiving email. If you have a spam 'proble' then you need to adddress that with some of the ant-spam tools already supplied in ZCS. Take a look at using Postscreen, some of the wiki articles and forum threads on how to improve the ability of your server to deal with the spam.fathianf wrote:Please let me know what else should I do as our mail security is in danger and spammer can use our email addresses to send fake email to ourselves.
-
- Posts: 41
- Joined: Sat Sep 13, 2014 3:54 am
- Location: Indonesia
- Contact:
Re: Restricted Sender/Sender Must Login on Zimbra 8.7
Did you mean by "forbid unauthenticated user using internal domain" ? if so then it should be included by default in zimbra installationfathianf wrote:Hi. I have upgraded from zimbra 8.0.7 on centos 6.5 to zimbra 8.7.1 on centos 7. I already had auth login over telnet on port 25 but after upgrade I have lost this useful feature. so I searched on this topic again and I did the following steps and finally I got "Temporary failure login" and nobody could send mail to us.
su - zimbra
zmprov mcf zimbraMtaSmtpdSenderLoginMaps proxy:ldap:/opt/zimbra/conf/ldap-slm.cf +zimbraMtaSmtpdSenderRestrictions reject_authenticated_sender_login_mismatch
vi /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf
Added reject_sender_login_mismatch after permit_mynetworks so as follows:
Permit_mynetworks, reject_sender_login_mismatch
postfix reload
Please let me know what else should I do as our mail security is in danger and spammer can use our email addresses to send fake email to ourselves.
check_sender_access lmdb:/opt/zimbra/conf/domainrestrict
you may strictly filter trusted network IP(s) because it can send email as internal domain (through port 25) without authentication.
Code: Select all
zmprov gacf zimbraMtaMyNetworks
Code: Select all
zmprov gs `zmhostname` zimbraMtaMyNetworks
Re: Restricted Sender/Sender Must Login on Zimbra 8.7
i have the exactly same problem too, when i use zimbra8.6 everthing is fine, but after upgrade to zimbra8.8.7, this prevent fake sender configuration does not work.
-
- Posts: 36
- Joined: Fri Jul 08, 2016 7:41 am
Re: Restricted Sender/Sender Must Login on Zimbra 8.7
I've the same issue on Zimbra 8.7.11lvhannan2 wrote:i have the exactly same problem too, when i use zimbra8.6 everthing is fine, but after upgrade to zimbra8.8.7, this prevent fake sender configuration does not work.
Re: Restricted Sender/Sender Must Login on Zimbra 8.7
Zimbra Improvement : Restricted Sender/Sender Must Login on Zimbra 8 : https://www.vavai.net/2014/02/zimbra-im ... -zimbra-8/
P/S: If version 8.8.11 => remove line "POSTCONF smtpd_sender_login_maps FILE zmconfigd/smtpd_sender_login_maps.cf" on /opt/zimbra/conf/zmconfigd.cf
[zimbra@mailsrv-zbr ~]$ zmcontrol -v
Release 8.8.11_GA_3737.RHEL7_64_20181207111719 RHEL7_64 FOSS edition, Patch 8.8.11_P2.
P/S: If version 8.8.11 => remove line "POSTCONF smtpd_sender_login_maps FILE zmconfigd/smtpd_sender_login_maps.cf" on /opt/zimbra/conf/zmconfigd.cf
[zimbra@mailsrv-zbr ~]$ zmcontrol -v
Release 8.8.11_GA_3737.RHEL7_64_20181207111719 RHEL7_64 FOSS edition, Patch 8.8.11_P2.