Results 1 to 10 of 10

Thread: Local relay

  1. #1
    Join Date
    Feb 2011
    Posts
    5
    Rep Power
    4

    Default Local relay

    Hi,

    Our Zimbra (open source) is allowing local relay without authentication.

    E.g.:

    1@zimbra.xxx > 2@zimbra.xxx without authentication.

    I want to be mandatory an authentication even local domain.

    How can i modify postfix to have a mandatory authentication?

    Thanks.

  2. #2
    Join Date
    Feb 2011
    Location
    Bishkek, Kyrgyzstan
    Posts
    39
    Rep Power
    4

    Default

    Admin Cosole -> Server Settings -> MTA -> MTA Trusted Networks

    Remove your local network from here, and place only external IP of zimbra server like this 127.0.0.0/8 192.168.100.10/32.

    By default zimbra accept whole network of external interface like trusted network and don't ask authentication

  3. #3
    Join Date
    Feb 2011
    Posts
    5
    Rep Power
    4

    Default

    Already did. 127.0.0.0/8 xxx.xxx.xxx.xxx/29.

    Didnt work.

  4. #4
    Join Date
    Feb 2011
    Location
    Bishkek, Kyrgyzstan
    Posts
    39
    Rep Power
    4

    Default

    From what IP addres you try to connect to your server and try to relay message? Mask /29 contains 6 host, maybe you try to relay from one of that 6 hosts?

  5. #5
    Join Date
    Feb 2011
    Posts
    5
    Rep Power
    4

    Default

    Quote Originally Posted by mavlenko View Post
    From what IP addres you try to connect to your server and try to relay message? Mask /29 contains 6 host, maybe you try to relay from one of that 6 hosts?
    Yeah, we trying from another ip from same /29. But i really want authenticate, even in our /29.

    Outside our /29 using @zimbra.xxx > @zimbra.xxx works too.

    (Just for understanding, another company used our zimbra.xxx to send an e-mail from a CIO to CEO asking for resignation...)

  6. #6
    Join Date
    Feb 2011
    Posts
    5
    Rep Power
    4

    Default

    If i remove my own /29 from trusted networks? Is that safe? Works?

  7. #7
    Join Date
    Feb 2011
    Location
    Bishkek, Kyrgyzstan
    Posts
    39
    Rep Power
    4

    Default

    I think we're talking about different things, relaying entails sending mail outside your domain which hosted on your zimbra. Within the domain - it does not relay.
    If i remove my own /29 from trusted networks? Is that safe? Works?
    you needn't remoove whole network, you must leave your external IP of zimbra server and IP of trusted hosts in your network as i told 127.0.0.0/8 192.168.100.10/32 10.10.10.40/32. It's safe and works.
    Trusted networks mean that only those hosts can relay mails throught your server to another domains, it's may be another mail-server (zimbra, exchange etc) or something like a mail-robot.

  8. #8
    Join Date
    Feb 2011
    Posts
    5
    Rep Power
    4

    Default

    I removed from trusted networks and tested out of our structure (at datacenter) a 0-day Zimbra installation and local still not require authentication. So, how can i make mandatory authentication for @zimbra.xxx to @zimbra.xxx ?

    Thanks!
    Last edited by rasga; 02-16-2011 at 03:41 AM.

  9. #9
    Join Date
    Feb 2011
    Location
    Bishkek, Kyrgyzstan
    Posts
    39
    Rep Power
    4

    Default

    I think you need to read this http://www.zimbra.com/forums/install...html#post97315 and some other thread on the forum about authentication and relaying to anderstand that zimbra allways accept mails for internal domains without authentication, and ask authentication only for send mesaages to other domains. So, answer to your first post is: "No, it is impossible to have an authentication for local domains"
    I was a little bit stupid when answering your question. I told about an external relay, and you asked about internal. Sorry

  10. #10
    Join Date
    Dec 2013
    Posts
    1
    Rep Power
    2

    Default Disallow relaying for the local network

    For anyone visiting this question, I believe that you can configure Zimbra to disallow relaying for the local network, as follows.

    First, you might like to make a note of the server's current settings.
    Code:
    zmprov gs `zmhostname` | grep zimbraMtaMyNetworks
    If you have never set zimbraMtaMyNetworks, you will probably find that it is configured to allow relaying for the local network (hence the OP's question?).

    So, if for example your local network is 192.168.1.0, and your server is 192.168.1.1, the above command might return:

    zimbraMtaMyNetworks: 127.0.0.0/8 192.168.1.0/24

    To disallow relaying for the local network, you can set zimbraMtaMyNetworks to allow relaying only for the Zimbra server itself.
    So, using the server IP address (192.168.1.1) from the above example:

    Code:
    zmprov ms `zmhostname` zimbraMtaMyNetworks '127.0.0.0/8 192.168.1.1/32'
    postfix reload
    Further reading:
    ZimbraMtaMyNetworks - Zimbra :: Wiki

Similar Threads

  1. Relay all mail, local and external?
    By Vimm in forum Administrators
    Replies: 7
    Last Post: 09-09-2011, 02:34 PM
  2. ZD2 vs ZD1: Server vs Local
    By JPP ZoSo in forum General Questions
    Replies: 3
    Last Post: 02-04-2011, 08:58 AM
  3. LDAP Cannot bind on migration to new server
    By neekster in forum Migration
    Replies: 23
    Last Post: 03-09-2009, 03:08 AM
  4. postfix transport maps
    By pheonix1t in forum Administrators
    Replies: 12
    Last Post: 01-17-2009, 11:42 PM
  5. Zimbra fails after working for 2 weeks
    By Linsys in forum Administrators
    Replies: 10
    Last Post: 10-07-2008, 01:42 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •