Results 1 to 9 of 9

Thread: How to disable remote relaying?

  1. #1
    Join Date
    Oct 2009
    Location
    www
    Posts
    14
    Rep Power
    6

    Default How to disable remote relaying?

    Hello all,
    sorry, if my question sounds simple. We have zimbra on a server, which is available on public IP (not hard-firewalled, although possible to make). In the past few weeks we were blacklisted several times, but still are unable to find out "why". At this moment I just want to be sure, that we do not allow using our server as "outgoing mail server" (relay) even for our authenticated users. They may be allowed to send email from webmail, but not remotely. Is it possible or is it strongly not suggested? Can it break outlook-plugin functionality?

    Regards,
    Anton.

    P.S.: is it possible to trace source of spam using entries in mysql database "zimbra_logger"? Please advice..

  2. #2
    Join Date
    Jun 2008
    Posts
    594
    Rep Power
    8

    Default

    Trace of spam you can find in your /var/log/zimbra.log file

  3. #3
    Join Date
    Oct 2009
    Location
    www
    Posts
    14
    Rep Power
    6

    Default

    Trace is a good idea, but looks like it happend quite long time ago and zimbra.log is just for few last days. And if tracing - trace for what? How do find out which outgoing emails caused server to become blacklisted?

    One side question - where is mail queue dir? In zimbra admin I can see that we have few emails in the queue and I would love to see at its source..

    Anton.

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by anton.aleksandrov View Post
    sorry, if my question sounds simple. We have zimbra on a server, which is available on public IP (not hard-firewalled, although possible to make). In the past few weeks we were blacklisted several times, but still are unable to find out "why". At this moment I just want to be sure, that we do not allow using our server as "outgoing mail server" (relay) even for our authenticated users. They may be allowed to send email from webmail, but not remotely. Is it possible or is it strongly not suggested? Can it break outlook-plugin functionality?
    Why do you want your authenticated users to not relay mail (that's how mail is delivered), if you're trying to restrict them to specific domains then search the wiki for the word 'restrict'. Zimbra, by default, is not an open realy and if you're concerned about that then use some of the 'open relay' tests available on the web (do a google or yahoo search for them).
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    Join Date
    Oct 2009
    Location
    www
    Posts
    14
    Rep Power
    6

    Default

    Well, I have already got understanding, that outlook users wont be able to send anything, so idea of blocking authenticated relay is out of question now. I will later try to figure out what I can get from logger database - may be I will be able to get users, who sent high number of emails on a specific date, since they all should be authenticated, right?

  6. #6
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    You could use policyd to limit sender based throttling or there's a few more 'tricks' you could use: http://www.zimbra.com/forums/131329-post2.html
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  7. #7
    Join Date
    Oct 2009
    Location
    www
    Posts
    14
    Rep Power
    6

    Default

    Can I benefit from zimbra_logger database in any way?
    I know the date when there was extream number of emails. I grouped records in table "mta" by field "sender" and looked through some of them. Most have status like this:
    (250 2.7.0 Ok, discarded, id=10282-17 - SPAM)
    In this case - was bounce back email sent or was email silently discarded or connection was closed before email reached us? Is there any setting that could make such incoming emails be returned back?
    Table "raw_logs" has grew to 128G, that's why I could not check it..

    Anton.

  8. #8
    Join Date
    Jun 2008
    Posts
    594
    Rep Power
    8

    Default

    > In this case - was bounce back email sent or was email silently discarded or connection was closed before email reached us?

    Bounce back always relate to mails accepted by the system and discarded later after scanning vis amavis. Rather in case where mails were dropped in smtp negotiation should as per my understanding not show up in the database. Those would be best analysed from zimbra.log only.

    On a separate note if you want to have better analysis of zimbra.log, you can use Postfix Monitoring With Mailgraph And pflogsumm | HowtoForge - Linux Howtos and Tutorials. I use the same and it gives detailed report both graphically as well as in text.

  9. #9
    Join Date
    Oct 2009
    Location
    www
    Posts
    14
    Rep Power
    6

    Default

    Thank you, Veronica! So if email appears in database - it was accepted and then bounce email sent back. I think , that is why we may be blacklisted. Is there any way to tweak this behaviour? e.g. send only one bounce back per sender, not send bounce back in case of unaccepted spam?

    Is amavis resposable for spam scanning as well? It would be good not to accept and bounce-back after scanning such emails.. I was analyzing database of the day when we have this peak in received emails and can say - suddenly a lot of different senders were sending to us emails, they were scanned and looks like bounced back..

    P.S.: am I asking too many questions?

Similar Threads

  1. 'Couldn't access Yahoo! Zimbra Desktop server"
    By chirag1 in forum Error Reports
    Replies: 37
    Last Post: 06-12-2011, 05:14 PM
  2. Can no longer start desktop
    By foobaz in forum General Questions
    Replies: 12
    Last Post: 04-02-2010, 04:06 PM
  3. remote location relaying denied...
    By timothyalangorman in forum Migration
    Replies: 0
    Last Post: 08-29-2007, 09:15 AM
  4. Remote debugging info
    By bburtin in forum Developers
    Replies: 3
    Last Post: 10-16-2006, 01:43 PM
  5. Replies: 0
    Last Post: 10-04-2006, 06:09 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •