Results 1 to 8 of 8

Thread: My mail users can replace sender's email address.

  1. #1
    Join Date
    Feb 2009
    Posts
    8
    Rep Power
    6

    Default My mail users can replace sender's email address.

    Hello!

    I have the problem with replace sender's email address. My email users can replace sender's email address (FROM on mail's header.

    This problem gives possibility for send spam or bad messages from some of my other email users.

    Exemple:
    $telnet mail.exemple.com 25
    Trying 172.0.0.1...
    Connected to mail.exemple.com.
    Escape character is '^]'.
    220 mail.exemple.com ESMTP Postfix
    HELO my.exemple.com
    250 mail.exemple.com
    MAIL FROM some_of_the_users@mail.exemple.com
    250 2.1.0 Ok
    RCPT TO:the_target_user@mail.exemple.com
    250 2.1.5 Ok
    DATA
    354 End data with <CR><LF>.<CR><LF>
    The bad message! :P.
    .
    250 2.0.0 Ok: queued as 65040230001
    quit
    221 2.0.0 Bye
    Connection closed by foreign host.

    How can we create security?

  2. #2
    Join Date
    Aug 2009
    Posts
    31
    Rep Power
    6

    Default

    can you post your SMTP_XXX_restriction?

  3. #3
    Join Date
    Feb 2009
    Posts
    8
    Rep Power
    6

    Default

    Is these?

    root@myserver conf]# cat main.cf | grep -e "smtpd_.*_restrictions"
    smtpd_client_restrictions = reject_unauth_pipelining
    smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unlisted_recipient, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_unknown_client, reject_unknown_hostname, reject_unknown_sender_domain, permit
    smtpd_data_restrictions = reject_unauth_pipelining
    smtpd_sender_restrictions = check_sender_access hash:/opt/zimbra/conf/restricted_senders

  4. #4
    Join Date
    Aug 2009
    Posts
    31
    Rep Power
    6

    Default

    i think you must try add smtpd_client_restriction and verify that users must autheticate with SASL before SMTPD_sender_restriction like this:

    smtpd_client_restrictions =
    permit_sasl_authenticated,
    permit_mynetworks,
    reject


    I think with those lines you can fix it

  5. #5
    Join Date
    Feb 2009
    Posts
    8
    Rep Power
    6

    Default

    Where can I add or enable these parameters? I added these parameters in the main.cf. But after I restated my Zimbra server, these parameters were missing.

  6. #6
    Join Date
    Aug 2009
    Posts
    31
    Rep Power
    6

    Default

    Try it on /opt/zimbra/conf/zmmta.conf in mail server configuration.

  7. #7
    Join Date
    Feb 2009
    Posts
    8
    Rep Power
    6

    Default

    We enabled client's auth through TLS and SSL. But authenticated users can replace sender's email address (FROM).

    This method can block the viruses on the client's PС. This is quite well.

    How can we limit the replace sender's email address for our authenticated users?

  8. #8
    Join Date
    Nov 2009
    Posts
    8
    Rep Power
    5

    Default

    I think you could set some restrictions in the Admin UI -> the user account -> preferences -> sending mail

Similar Threads

  1. Replies: 7
    Last Post: 02-03-2011, 07:01 AM
  2. mta to not starting
    By cowanpf in forum Installation
    Replies: 2
    Last Post: 10-05-2009, 05:36 AM
  3. Migration Assistance
    By dwill in forum Administrators
    Replies: 10
    Last Post: 12-02-2008, 08:20 AM
  4. server dropped connection
    By ferra in forum Installation
    Replies: 20
    Last Post: 10-06-2008, 05:32 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •