I need to block email that come from port 25 ( SMTP ) when they suppose a sender address that exists in my domain. I received spam email to my domain users requesting bitcon etc...
Surprisingly by default Zimbra doesn't require authentication for email incoming at SMTP when the sender is one of the configured zimbra domain.
For example if I know one email address of your domain I can send email to this account Inbox to itself or other users in the domain.
To test this is easy, suppose mail.example.com your domain and firstname.lastname@example.org is the known email by attacker/spammer:
telnet example.com 25
Now you can send email to email@example.com from firstname.lastname@example.org as well.
I would to force authentication through 465 port and block incoming SMTP request when sender is one of domain @example.com.
How to do that ?
- Zimbra Collaboration 8.6 Patch 9 now available (includes fix for CVE-2017-8802). Read the announcement.
- Zimbra Collaboration 8.8.7 + Zimbra Connector for Outlook 8.8.7 are available.. Read the announcement.
- Are you a Zimbra Developer? You can find some interesting stuff in our Official GitHub: https://github.com/Zimbra and check the Community Projects too: https://github.com/Zimbra-Community/
Discuss your pilot or production implementation with other Zimbra admins or our engineers.
2 posts • Page 1 of 1
Found from the following Zimbra wiki ( https://wiki.zimbra.com/wiki/Enforcing_ ... ername_8.5 ) ; I would suggest to insert some words such as "force smtp auth" because I didn't find it at first from follow search ( https://wiki.zimbra.com/index.php?searc ... +smtp+auth )
Who is online
Users browsing this forum: No registered users and 13 guests