Results 1 to 5 of 5

Thread: Is there a way to block email sends from domains that aren't native to the host?

  1. #1
    Join Date
    May 2007
    Location
    Rhinebeck, NY
    Posts
    62
    Rep Power
    8

    Default Is there a way to block email sends from domains that aren't native to the host?

    I'm trying to combat a spammer that seems to have the ability to send smap through my machine. I'd like to setup Zimbra so that the only emails it's allowed to send, are from our domain (domainx.org) instead of (domainy.com). I have authenication turned on, as well as TLS in the MTA settings for my domain.

    I'm seeing a large increase in small emails going out, where their "From" emails are not from our domain. Is there a way to increase the amount of info being logged to show the username being provided to the SMTP server in zimbra.log?

    Thank you for taking the time to read this, and thank you for any responses...

    Rob
    Last edited by omegainstitute; 09-11-2009 at 10:42 AM. Reason: Added info

  2. #2
    Join Date
    May 2008
    Location
    Sierra Vista, Az
    Posts
    74
    Rep Power
    7

    Default

    Hi, I believe zimbra by default only trusts hosts on your own subnet and anything else can't relay through it unless they are authenticated. There are many websites to test for open relay, Network Tools: DNS,IP,Email is one I believe. Could it be an infected machine on your network perhaps?

  3. #3
    Join Date
    May 2007
    Location
    Rhinebeck, NY
    Posts
    62
    Rep Power
    8

    Default

    I haven't ruled that out. Very well could be an internal machine sending the spam. If I am able to determin the IP of the internal machine I'd go over and throw the machine out the window in a heartbeat..

    I found some spamassasin and postifx changes that I could make to block the machine sending emails from an address that doesn't reside on the machine (http://www.zimbra.com/forums/adminis...a-postfix.html).

    Now comes the tracking down part. Is there a way to increase the amount of info logged?

  4. #4
    Join Date
    May 2008
    Location
    Sierra Vista, Az
    Posts
    74
    Rep Power
    7

    Default

    I don't believe so, If you have the sending address you could search /var/log/zimbra.log for it and it should list the IP somewhere in there. cat /var/log/zimbra.log | grep sendingaddress@domain.com.

  5. #5
    Join Date
    Feb 2007
    Location
    Portland, OR
    Posts
    1,147
    Rep Power
    10

    Default

    Under the default configuration the Zimbra server will accept SMTP connections sending mail to a domain on the server from any computer on the same network, but will deny sending to any domain not on the server. For example:
    Zimbra Server: 10.0.0.2/24 domain company.com
    Client machine 1: 10.0.0.3/24
    Client 1 makes a SMTP connection to the Zimbra server trying to send an email to admin@company.com from user@company.com. The Zimbra server will accept this and queue the message.
    However anything not addressed to a domain on the Zimbra server will give a "554 5.7.1 <asdf@gmail.com>: Relay access denied" message.

    What is likely going on is you have a machine on your network that is infected and just connecting directly to the external email servers. The way to solve this problem is to block all SMTP outbound traffic from any machine that is not your email server.

    Where are you seeing these messages going out? Are you finding them in the Zimbra logs, or from bounce back messages you are getting?

Similar Threads

  1. One account not receving email
    By EnglishDude in forum Administrators
    Replies: 12
    Last Post: 04-30-2010, 07:19 AM
  2. Replies: 20
    Last Post: 03-18-2008, 06:37 AM
  3. upgrade to 4.0.3 antispam does'nt work
    By lucanannipieri in forum Administrators
    Replies: 14
    Last Post: 11-07-2006, 03:56 AM
  4. Restrict email account to zimbra domain(s)
    By sperkins in forum Administrators
    Replies: 3
    Last Post: 09-05-2006, 10:35 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •