Results 1 to 9 of 9

Thread: Strange Behavior

  1. #1
    Join Date
    Jul 2009
    Posts
    32
    Rep Power
    6

    Default Strange Behavior

    Let me explain my scenario.

    Zimbra Test Set up.
    Release 5.0.18_GA_3011.SuSEES10_20090707174207 SuSEES10 FOSS edition

    2 days back i installed this new zimbra for testing purposes.
    Everything is installed as default.
    My Trusted Networks for the domain are
    mynetworks = 127.0.0.0/8 A.B.C.0/24

    For e.g. A.B.C is my subnet for zimbra server like 192.168.1.1
    so everything in 192.168.1.0-254 is accepted by default.

    Now the problem is
    1. I can send mails using outlook or telnet without any authentication even when those subnets are out of my trusted subnets.

    For e.g. if 192.168.1.0/24 is trusted, i can send mail from 192.168.2.[0-254] or something like that.

    I understand that, either there should be authentication [which isin't happening] or it should be in my trusted networks [which too isin't there]

    Can you please tell me, how am i able to send mails from other untrusted subnets.
    [Web UI is supposed to work from everywhere, which is fine, I am concerned about my POP/telnet conversations.]
    Am i missing something here
    Thanks in advance.

  2. #2
    Join Date
    Feb 2007
    Location
    Portland, OR
    Posts
    1,147
    Rep Power
    10

    Default

    Well that depends on what you mean by "send mails".

    Are you saying that you can relay messages through the Zimbra server to other servers? For example a client on 192.168.2.x sending a message to user1@gmail.com to the Zimbra server and then having the Zimbra server forward that on? This is the expected behavior for machines in the trusted network. (Which is why putting the entire subnet of your network into the MTA trusted network is generally a very bad idea).

    However if you are saying that a machine can send a message to user1@yourZimbraDomain.com then that is the expected behavior... if it didn't work like that your Zimbra server would never be able to receive messages.

  3. #3
    Join Date
    Jul 2009
    Posts
    32
    Rep Power
    6

    Default

    1. Mail to user1@gmail.com from 192.168.2.x - Yes
    But i haven't added the network in my Trusted Networks. Still i am able to send mails.

    2.If i can send mail to user1@mydomain.com - Yes
    I agree thats the way, any mail server is expected to work, but shouldn't it Ask for SMTP AUTH ?

  4. #4
    Join Date
    Feb 2007
    Location
    Portland, OR
    Posts
    1,147
    Rep Power
    10

    Default

    How are the 192.168.1.0/24 and 192.168.2.0/24 networks linked? Do they have a router between them?

    Also I'm sure you have probably checked this, but Global Settings -> MTA tab -> Enable Authentication is checked right?

  5. #5
    Join Date
    Jul 2009
    Posts
    32
    Rep Power
    6

    Default

    Yes, I have setup my Trusted networks properly. The problem is, i have just set up my localhost & the other network in my trusted networks. But the problems is even other subnets are able to send mail without authentication.

    For e.g.
    if i have added 192.168.1.0/24, then i am able to send mail from all other subnets like 192.168.2.0/24 or 192.168.3.9/24.
    Yes, The authentication is working on SMTP.
    Isin't there a way to force it ?
    I mean only the SMTP Auth login is allowed, not the mail relaying without asking for any passwords?

  6. #6
    Join Date
    Feb 2007
    Location
    Portland, OR
    Posts
    1,147
    Rep Power
    10

    Default

    I moved the only post with new(ish) info to this thread and deleted your posts in this thread: http://www.zimbra.com/forums/adminis...th-zimbra.html

    Posting your issue with duplicate (and partially conflicting) information helps nobody.


    You still haven't answered my question as to how the other subnets get their traffic to the server. Is their souce IP in the logs on the server showing as their original IP address, or do you have a router in between these networks that is in the MTA trusted network... and showing as the source address?

  7. #7
    Join Date
    Jul 2009
    Posts
    32
    Rep Power
    6

    Default

    Yes, there is a L3 switch in between, which interconnects all subnets. In the source IP, Yes, i get the original IP of the machine and not any of the trusted network.
    My basic question still remains, i am saying its authenticating, if i start the EHLO session and then auth login, but if i simply start a HELO session, it doesn't ask for any authentication and lets me to send mail
    Thank you

  8. #8
    Join Date
    Jul 2009
    Posts
    32
    Rep Power
    6

    Default

    Enable Authentication checkbox is checked on both places
    1. Global Settings
    2. Server Settings

    but zmprov gs mailx.watever.com | grep zimbraMtaTls
    zimbraMtaTlsAuthOnly: FALSE
    Last edited by atevewr; 12-15-2009 at 01:06 PM.

  9. #9
    Join Date
    Jul 2009
    Posts
    32
    Rep Power
    6

    Default

    I hope this can put my problem in better perspective
    This is what my postfix/conf/main.cf reads for client restriction

    smtpd_client_restrictions = reject_unauth_pipelining

    In postfix, i can specify something like
    # Allow connections from trusted networks only.
    smtpd_client_restrictions = permit_mynetworks, reject

    I do not know where does Zimbra puts client restrictions, I have been told, that Zimbra accepts whatsoever is in the mynetworks(UI or the modifyServer), but where does it explicitly allows permission for mynetworks.

    PS: This is client restrictions, not recipient restrictions

Similar Threads

  1. Replies: 1
    Last Post: 03-25-2011, 02:10 PM
  2. Strange behavior on search
    By jonathanv81 in forum Zimbra Connector for Outlook
    Replies: 6
    Last Post: 02-12-2009, 01:26 AM
  3. Strange Zimlet behavior
    By JoshuaPrismon in forum Zimlets
    Replies: 1
    Last Post: 07-23-2007, 10:26 AM
  4. Network edition - strange behavior
    By goetzi in forum Installation
    Replies: 6
    Last Post: 11-16-2005, 03:08 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •