Results 1 to 2 of 2

Thread: Restricting Local Relay

  1. #1
    Join Date
    Jul 2011
    Posts
    1
    Rep Power
    4

    Question Restricting Local Relay

    I've searched the forums, but I apologize if I have missed something obvious. I've seen threads, like http://www.zimbra.com/forums/adminis...cal-relay.html which seek to restrict local relay to authenticated users, but not exactly in my situation.

    I understand a mail server normally needs to allow unauthenticated users to send mail to local mailboxes to facilitate the normal operation of E-mail, but I still wish to restrict local relay to authenticated users, or local network hosts only.

    We have a spam firewall device at the edge of our network that we use to receive E-mail from the internet at large, and it does a fantastic job of filtering spam which in turn reduced the load on the Zimbra server, everyone is happy.

    The only problem is, Zimbra allows any spammer clever enough to waltz right in and bypass the spam filter, if they connect to the zimbra SMTP server directly. Of course they can't relay to the general internet, but they can spam all of our local mailboxes with impunity.

    I know I could restrict access at the network level, and require my legitimate clients to relay through the spam filter as well, but I would prefer leaving the setup as it is, and just requiring Zimbra to enforce authentication for ALL users.

    Is there ANY way in zimbra 6 to have this restriction? I am not opposed to hacking around in the postfix configuration every time I upgrade if that's what it takes.


    Thanks for reading, and doubly so for any assistance you can provide!

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by AWnet View Post
    The only problem is, Zimbra allows any spammer clever enough to waltz right in and bypass the spam filter, if they connect to the zimbra SMTP server directly. Of course they can't relay to the general internet, but they can spam all of our local mailboxes with impunity.
    How do you reckon they're bypassing the spam 'filter'? Do you mean your edge spam filetr or the Zimbra anti-spam system? How can they get to port 25 on the Zimbra server when it's (should be) pointed at your edge spam filter?


    Quote Originally Posted by AWnet View Post
    I know I could restrict access at the network level, and require my legitimate clients to relay through the spam filter as well, but I would prefer leaving the setup as it is, and just requiring Zimbra to enforce authentication for ALL users.
    Your users should be using Port 587 (the correct Submission port) not port 25 for mail delivers, Port 587 requires Authentication.

    Quote Originally Posted by AWnet View Post
    Is there ANY way in zimbra 6 to have this restriction? I am not opposed to hacking around in the postfix configuration every time I upgrade if that's what it takes.!
    You could always remove your LAN subnet from the Trusted Networks and force every local user to authenticate, obviously you'd need to add the IP of your edge spam filter in that setting if you don't want to to authenticate.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

Similar Threads

  1. Local relay
    By rasga in forum Administrators
    Replies: 9
    Last Post: 12-24-2013, 02:39 PM
  2. Relay all mail, local and external?
    By Vimm in forum Administrators
    Replies: 7
    Last Post: 09-09-2011, 01:34 PM
  3. postfix transport maps
    By pheonix1t in forum Administrators
    Replies: 12
    Last Post: 01-17-2009, 10:42 PM
  4. Zimbra fails after working for 2 weeks
    By Linsys in forum Administrators
    Replies: 10
    Last Post: 10-07-2008, 12:42 AM
  5. [SOLVED] Restricting some users to send mail local only
    By arviBhaskar in forum Installation
    Replies: 2
    Last Post: 03-19-2008, 06:04 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •