I am in the middle of evaluating Zimbra OSE to replace the existing MS Exchange Server.

I found out that the open relay protection behavior is different between Zimbra and MS Exchange.

Testing was done using simple telnet to port 25 of the server (eg. "telnet mailserver.mydomain.com 25").

I have set in Zimbra's MTA to only allowed itself to relay email (x.x.x.0/32).

My domain is "mydomain.com"

Using telnet (on the zimbra server terminal screen), I did the following simulation:

Scenario 1:
- mail from: friend@yahoo.com
- rcpt to: me@mydomain.com
result: Zimbra accept the scenario (this is normal behavior for all mail server)

Scenario 2:
- mail from: friend@yahoo.com
- rcpt to: someone@gmail.com
result: Zimbra accept the scenario, this is not accepted by MS Exchange because exchange said that the rcpt to is not a valid domain (cannot relayed) --> this is open relay.

Scenario 3:
- mail from: me@mydomain.com
- rcpt to: friend@yahoo.com
result: Zimbra accept the scenario, this is not accepted by MS Exchange because exchange said that the rcpt to is not a valid domain (cannot relayed) --> this is open relay.

I am questioning scenario 2 and 3, why is Zimbra allow that?

I want this open relay protection behavior from Zimbra is the same as MS Exchange behavior, how to confgure it in Zimbra to not allow scenario 2 and 3?

Could someone explain this? I need to replace my old MS Exchange with Zimbra, but if I cannot solve this open relay problem then I cannot move to Zimbra as well.

Thanks in advance.

Regards,
Benny.