Admin Cosole -> Server Settings -> MTA -> MTA Trusted Networks
Remove your local network from here, and place only external IP of zimbra server like this 127.0.0.0/8 192.168.100.10/32.
By default zimbra accept whole network of external interface like trusted network and don't ask authentication
Already did. 127.0.0.0/8 xxx.xxx.xxx.xxx/29.
From what IP addres you try to connect to your server and try to relay message? Mask /29 contains 6 host, maybe you try to relay from one of that 6 hosts?
Outside our /29 using @zimbra.xxx > @zimbra.xxx works too.
(Just for understanding, another company used our zimbra.xxx to send an e-mail from a CIO to CEO asking for resignation...)
If i remove my own /29 from trusted networks? Is that safe? Works?
I think we're talking about different things, relaying entails sending mail outside your domain which hosted on your zimbra. Within the domain - it does not relay.
you needn't remoove whole network, you must leave your external IP of zimbra server and IP of trusted hosts in your network as i told 127.0.0.0/8 192.168.100.10/32 10.10.10.40/32. It's safe and works.If i remove my own /29 from trusted networks? Is that safe? Works?
Trusted networks mean that only those hosts can relay mails throught your server to another domains, it's may be another mail-server (zimbra, exchange etc) or something like a mail-robot.
I removed from trusted networks and tested out of our structure (at datacenter) a 0-day Zimbra installation and local still not require authentication. So, how can i make mandatory authentication for @zimbra.xxx to @zimbra.xxx ?
Last edited by rasga; 02-16-2011 at 03:41 AM.
I think you need to read this http://www.zimbra.com/forums/install...html#post97315 and some other thread on the forum about authentication and relaying to anderstand that zimbra allways accept mails for internal domains without authentication, and ask authentication only for send mesaages to other domains. So, answer to your first post is: "No, it is impossible to have an authentication for local domains"
I was a little bit stupid when answering your question. I told about an external relay, and you asked about internal. Sorry
For anyone visiting this question, I believe that you can configure Zimbra to disallow relaying for the local network, as follows.
First, you might like to make a note of the server's current settings.
If you have never set zimbraMtaMyNetworks, you will probably find that it is configured to allow relaying for the local network (hence the OP's question?).Code:zmprov gs `zmhostname` | grep zimbraMtaMyNetworks
So, if for example your local network is 192.168.1.0, and your server is 192.168.1.1, the above command might return:
zimbraMtaMyNetworks: 127.0.0.0/8 192.168.1.0/24
To disallow relaying for the local network, you can set zimbraMtaMyNetworks to allow relaying only for the Zimbra server itself.
So, using the server IP address (192.168.1.1) from the above example:
Further reading:Code:zmprov ms `zmhostname` zimbraMtaMyNetworks '127.0.0.0/8 192.168.1.1/32' postfix reload
ZimbraMtaMyNetworks - Zimbra :: Wiki