Force SMTP Authentication when sender in domain

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
ldelana77
Posts: 3
Joined: Thu Sep 13, 2018 11:30 am

Force SMTP Authentication when sender in domain

Postby ldelana77 » Thu Sep 13, 2018 12:26 pm

I need to block email that come from port 25 ( SMTP ) when they suppose a sender address that exists in my domain. I received spam email to my domain users requesting bitcon etc...

Surprisingly by default Zimbra doesn't require authentication for email incoming at SMTP when the sender is one of the configured zimbra domain.
For example if I know one email address of your domain I can send email to this account Inbox to itself or other users in the domain.

To test this is easy, suppose mail.example.com your domain and victim@example.com is the known email by attacker/spammer:

telnet example.com 25
HELO example.com
MAIL FROM:<victim@example.com>
RCPT TO:<victim@example.com>
DATA
Account hacked

.

Now you can send email to admin@example.com from victim@example.com as well.

I would to force authentication through 465 port and block incoming SMTP request when sender is one of domain @example.com.

How to do that ?
thanks


ldelana77
Posts: 3
Joined: Thu Sep 13, 2018 11:30 am

Re: Force SMTP Authentication when sender in domain

Postby ldelana77 » Sat Sep 15, 2018 10:45 pm

Found from the following Zimbra wiki ( https://wiki.zimbra.com/wiki/Enforcing_ ... ername_8.5 ) ; I would suggest to insert some words such as "force smtp auth" because I didn't find it at first from follow search ( https://wiki.zimbra.com/index.php?searc ... +smtp+auth )

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 25 guests