Sending emails from non registered hosts
-
- Posts: 18
- Joined: Thu Jul 11, 2019 11:11 am
Sending emails from non registered hosts
Hello,
First of all, thanks for the help.
Currently, I installed a relay system to get better management from my sent emails. One thing I notice is that my zimbra is sending from hosts that are not registered, is there any solution to avoid it?
For example, Host test.com is sending email but is not registered as a domain on my panel.
Best regard´s
Rodrigo.
First of all, thanks for the help.
Currently, I installed a relay system to get better management from my sent emails. One thing I notice is that my zimbra is sending from hosts that are not registered, is there any solution to avoid it?
For example, Host test.com is sending email but is not registered as a domain on my panel.
Best regard´s
Rodrigo.
Re: Sending emails from non registered hosts
I don't really understand what you're describing, it sounds like you're allowing another server to relay through your server - is that correct? If it is then it sounds like you have an open relay, you can check that via one of the (many) sites on the internet that provide this service - I'd suggest you do that first.
-
- Posts: 18
- Joined: Thu Jul 11, 2019 11:11 am
Re: Sending emails from non registered hosts
Sorry for the lack of information.phoenix wrote:I don't really understand what you're describing, it sounds like you're allowing another server to relay through your server - is that correct? If it is then it sounds like you have an open relay, you can check that via one of the (many) sites on the internet that provide this service - I'd suggest you do that first.
I checked against open relay and it's disabled, currently, I hired the mailjet.net service to relay my emails, it's working nicely, but I notice a lot of emails being sent from domains that I don't have registered at my Zimbra. I attached some pictures.
I would like to know who is sending these emails, I tried to stack trace the message but had no success.
Best regard´s
Rodrigo.
- Attachments
-
- Screenshot 2019-10-09 at 14.03.44.png (24.15 KiB) Viewed 3538 times
-
- Screenshot 2019-10-09 at 14.01.12.png (29.93 KiB) Viewed 3538 times
Re: Sending emails from non registered hosts
Let's go back a step, you should always give the version of ZCS that's in use by posting the full output of the following command:
Code: Select all
zmcontrol -v
-
- Posts: 18
- Joined: Thu Jul 11, 2019 11:11 am
Re: Sending emails from non registered hosts
Ok, my version is:phoenix wrote:Let's go back a step, you should always give the version of ZCS that's in use by posting the full output of the following command:
Code: Select all
zmcontrol -v
Code: Select all
Release 8.8.12.GA.3794.UBUNTU14.64 UBUNTU14_64 FOSS edition, Patch 8.8.12_P1 proxy.
Re: Sending emails from non registered hosts
Have you had a look in the Zimbra log to see if any of these addresses appear there? Is it possible you have any compromised accounts? Does your ZimbraMtaMyNetworks contain the correct settings for your installation and nothing extraneous in there?
-
- Posts: 18
- Joined: Thu Jul 11, 2019 11:11 am
Re: Sending emails from non registered hosts
Hello,phoenix wrote:Have you had a look in the Zimbra log to see if any of these addresses appear there? Is it possible you have any compromised accounts? Does your ZimbraMtaMyNetworks contain the correct settings for your installation and nothing extraneous in there?
In my zimbra.log I don't have anything about it, but at my mail.log I have:
Code: Select all
Oct 8 15:30:14 mecmail postfix/cleanup[27520]: A45A269D07: message-id=<40a4de9faedfe8aa3a043a89d367f8d1-29-info@sysfinance.es>
Oct 8 15:30:17 mecmail postfix/cleanup[27520]: 65B7769D56: message-id=<40a4de9faedfe8aa3a043a89d367f8d1-29-info@sysfinance.es>
Oct 8 15:30:18 mecmail postfix/cleanup[27520]: 73FB969D07: message-id=<b982e5d7eddd34ee713be354f3bde8db-29-info@sysfinance.es>
Oct 8 15:30:19 mecmail postfix/cleanup[27520]: 5259369D56: message-id=<b982e5d7eddd34ee713be354f3bde8db-29-info@sysfinance.es>
Thanks.
Re: Sending emails from non registered hosts
The log file "mail.log" that you've mentioned does not exist in a ZCS install, do you men /var/log/zimbra.log? That would have all the details of mail going through your server.rodrigoferra wrote:In my zimbra.log I don't have anything about it, but at my mail.log I have:
It may occur that my postfix is compromised but my Zimbra configuration is ok, is that possible?Code: Select all
Oct 8 15:30:14 mecmail postfix/cleanup[27520]: A45A269D07: message-id=<40a4de9faedfe8aa3a043a89d367f8d1-29-info@sysfinance.es> Oct 8 15:30:17 mecmail postfix/cleanup[27520]: 65B7769D56: message-id=<40a4de9faedfe8aa3a043a89d367f8d1-29-info@sysfinance.es> Oct 8 15:30:18 mecmail postfix/cleanup[27520]: 73FB969D07: message-id=<b982e5d7eddd34ee713be354f3bde8db-29-info@sysfinance.es> Oct 8 15:30:19 mecmail postfix/cleanup[27520]: 5259369D56: message-id=<b982e5d7eddd34ee713be354f3bde8db-29-info@sysfinance.es>
Thanks.
If you look for postfix that's running you should see something like this:
Code: Select all
ps aux | grep postfix
postfix 4737 0.0 0.0 49892 4856 ? S 15:43 0:00 pickup -l -t unix -u
postfix 4738 0.0 0.0 50072 5048 ? S 15:43 0:00 qmgr -l -t unix -u
postfix 6382 0.0 0.0 49900 5200 ? S 15:43 0:00 tlsmgr -l -t unix -u
postfix 6433 0.0 0.0 49896 5080 ? S 15:43 0:00 showq -t unix -u
root 20651 0.0 0.0 112728 2380 pts/0 S+ 16:04 0:00 grep --color=auto postfix
-
- Posts: 18
- Joined: Thu Jul 11, 2019 11:11 am
Re: Sending emails from non registered hosts
Ops, so I think I have a huge problem:
Many connections and others stuffs, my MTA is configured like this:
I think this MTA is making something really bad too.
Thanks again.
Code: Select all
root@mecmail:/var/log# ps aux | grep postfix
postfix 9115 0.0 0.0 142636 8432 ? S 15:27 0:00 smtpd -t pass -u -o stress= -o smtpd_tls_security_level=may -o content_filter=scan:[127.0.0.1]:10030
postfix 11422 0.0 0.0 142516 8468 ? S 15:34 0:00 smtpd -t pass -u -o stress= -o smtpd_tls_security_level=may -o content_filter=scan:[127.0.0.1]:10030
postfix 12760 0.0 0.0 142512 8244 ? S 15:38 0:00 smtpd -n 465 -t inet -u -o stress= -o content_filter=scan:[127.0.0.1]:10030 -o smtpd_sasl_auth_enable=yes -o smtpd_tls_wrappermode=yes -o smtpd_client_restrictions= -o smtpd_data_restrictions= -o smtpd_helo_restrictions= -o smtpd_recipient_restrictions= -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o syslog_name=postfix/smtps -o milter_macro_daemon_name=ORIGINATING
postfix 12761 0.0 0.0 142512 8316 ? S 15:38 0:00 smtpd -n 465 -t inet -u -o stress= -o content_filter=scan:[127.0.0.1]:10030 -o smtpd_sasl_auth_enable=yes -o smtpd_tls_wrappermode=yes -o smtpd_client_restrictions= -o smtpd_data_restrictions= -o smtpd_helo_restrictions= -o smtpd_recipient_restrictions= -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o syslog_name=postfix/smtps -o milter_macro_daemon_name=ORIGINATING
postfix 12762 0.0 0.0 142512 8228 ? S 15:38 0:00 smtpd -n 465 -t inet -u -o stress= -o content_filter=scan:[127.0.0.1]:10030 -o smtpd_sasl_auth_enable=yes -o smtpd_tls_wrappermode=yes -o smtpd_client_restrictions= -o smtpd_data_restrictions= -o smtpd_helo_restrictions= -o smtpd_recipient_restrictions= -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o syslog_name=postfix/smtps -o milter_macro_daemon_name=ORIGINATING
postfix 14248 0.0 0.0 142512 8240 ? S 15:43 0:00 smtpd -n 465 -t inet -u -o stress= -o content_filter=scan:[127.0.0.1]:10030 -o smtpd_sasl_auth_enable=yes -o smtpd_tls_wrappermode=yes -o smtpd_client_restrictions= -o smtpd_data_restrictions= -o smtpd_helo_restrictions= -o smtpd_recipient_restrictions= -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o syslog_name=postfix/smtps -o milter_macro_daemon_name=ORIGINATING
postfix 17071 0.0 0.0 142512 8348 ? S 15:51 0:00 smtpd -n 465 -t inet -u -o stress= -o content_filter=scan:[127.0.0.1]:10030 -o smtpd_sasl_auth_enable=yes -o smtpd_tls_wrappermode=yes -o smtpd_client_restrictions= -o smtpd_data_restrictions= -o smtpd_helo_restrictions= -o smtpd_recipient_restrictions= -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o syslog_name=postfix/smtps -o milter_macro_daemon_name=ORIGINATING
postfix 17072 0.0 0.0 142512 8332 ? S 15:51 0:00 smtpd -n 465 -t inet -u -o stress= -o content_filter=scan:[127.0.0.1]:10030 -o smtpd_sasl_auth_enable=yes -o smtpd_tls_wrappermode=yes -o smtpd_client_restrictions= -o smtpd_data_restrictions= -o smtpd_helo_restrictions= -o smtpd_recipient_restrictions= -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o syslog_name=postfix/smtps -o milter_macro_daemon_name=ORIGINATING
postfix 17079 0.0 0.0 142512 8336 ? S 15:51 0:00 smtpd -n 465 -t inet -u -o stress= -o content_filter=scan:[127.0.0.1]:10030 -o smtpd_sasl_auth_enable=yes -o smtpd_tls_wrappermode=yes -o smtpd_client_restrictions= -o smtpd_data_restrictions= -o smtpd_helo_restrictions= -o smtpd_recipient_restrictions= -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o syslog_name=postfix/smtps -o milter_macro_daemon_name=ORIGINATING
postfix 17081 0.0 0.0 142512 8260 ? S 15:51 0:00 smtpd -n 465 -t inet -u -o stress= -o content_filter=scan:[127.0.0.1]:10030 -o smtpd_sasl_auth_enable=yes -o smtpd_tls_wrappermode=yes -o smtpd_client_restrictions= -o smtpd_data_restrictions= -o smtpd_helo_restrictions= -o smtpd_recipient_restrictions= -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o syslog_name=postfix/smtps -o milter_macro_daemon_name=ORIGINATING
postfix 20919 0.0 0.0 46716 4364 ? S 09:43 0:00 qmgr -l -t unix -u
postfix 20969 0.0 0.0 46664 4720 ? S 09:43 0:01 tlsmgr -l -t unix -u
postfix 20970 0.0 0.0 46656 4396 ? S 09:43 0:02 anvil -l -t unix -u
postfix 21420 0.0 0.0 90688 6240 ? S 16:03 0:00 proxymap -t unix -u
postfix 21429 0.0 0.0 46536 4320 ? S 16:03 0:00 trivial-rewrite -n rewrite -t unix -u
postfix 21819 0.0 0.0 46668 4388 ? S 16:05 0:00 showq -t unix -u
postfix 24592 0.0 0.0 47052 6628 ? S 16:13 0:00 lmtp -t unix -u
postfix 26193 0.0 0.0 46880 5964 ? S 16:18 0:00 lmtp -t unix -u
postfix 26620 0.0 0.0 142384 7940 ? S 16:19 0:00 smtpd -t pass -u -o stress= -o smtpd_tls_security_level=may -o content_filter=scan:[127.0.0.1]:10030
postfix 26621 0.5 0.0 142384 8032 ? S 16:19 0:00 smtpd -t pass -u -o stress= -o smtpd_tls_security_level=may -o content_filter=scan:[127.0.0.1]:10030
root 26641 0.0 0.0 10484 2152 pts/2 S+ 16:19 0:00 grep --color=auto postfix
postfix 26742 0.0 0.0 46536 4292 ? S 14:43 0:00 pickup -l -t unix -u
postfix 32266 0.0 0.0 66036 4536 ? Ss 11:47 0:01 postscreen -l -n smtp -t inet -u
Code: Select all
127.0.0.0/8 [::1]/128 [fe80::]/64 10.142.0.0/20 XX.XXX.X.XX/32
Thanks again.
Re: Sending emails from non registered hosts
It's quite possible you don't have a problem. My apologies for that info I posted about postfix, I can't really understand where I got it - it must be my advancing years and your output is what the command should show.
Can you explain in a bit more detail what the mynetworks entry is showing, are they all your IP addresses?
Can you explain in a bit more detail what the mynetworks entry is showing, are they all your IP addresses?