Results 1 to 10 of 20

Thread: Security Bug in Zimbra?

Hybrid View

  1. #1
    Join Date
    Oct 2006
    Posts
    16
    Rep Power
    8

    Default Threat of Mass Mailing Softwares

    Hello all.
    I am concerned about Mass Mailing softwares like Mail Boy 2004 to send unsolicited messages to my Zimbra mail server.
    The default SMTP Authentication configuration does not seem to be eneough to stop such a software.
    Is there anything which can be done to mitigate this threat?

    Thanks.
    Last edited by generic31; 01-08-2007 at 05:58 AM.

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Zimbra is not an open relay and without any information about the subnet he was using or the content of your mynetworks or your logs it's impossible to say what the problem is. You can test it yourself with some of the online tests available. I'm sure Zimbra would be very interested to hear your experience if he's really been able to relay through your server. Some very large companies use Zimbra and I'd be very surprised if this description you've given was possible.

    What do you mean by "....act as Open Relay even when explicitly configured against it.", have you made some changes to ZImbra?

    Why did the Zimbra server crash? What's in the logs?

    As you've already been in touch with Zimbra sales, have you mentioned this problem to them?

    PS Why did you remove the rest of your post?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    How about a description of the settings used in MailBoy 2004 and I'll try it for you.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  4. #4
    Join Date
    Oct 2006
    Posts
    16
    Rep Power
    8

    Default

    Thanks for your response. Actually, MailBoy 2004 can act as an independent SMTP server and hence it need not 'relay' the mails through some other Mail Server.
    So in my case, my friend actually contacted the SMTP server directly- and he was located in a 'foreign' subnet - and delivered the mail to my mail account without using my server as a 'relay'. I realized this while testing Mail Boy and hence I edited the previous post.

    Now, the problem is that any Mass Mailer software like Mail Boy can be used to SEND mails to my server. Zimbra does not seem to check the validity of such rogue servers- if that is possible. Is there any way of disallowing such behaviour in Zimbra?

    Thanks.

  5. #5
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Well, the problem is that you friends server isn't a rogue server unless he's on a blacklist.

    If he were a genuine spammer then you'd know where the spam came from and you could have it blacklisted and/or report him to his ISP. If he was relaying mail through your system then the same thing would apply, he'd soon get blacklisted. In any of those scenario the anti-spam system in zimbra would catch them, plus you'd need to have RBLs activated.

    What you've done as a test is to allow another mail server to connect to you and send you mail, that's the normal function of a mail server and is not a test for relaying.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  6. #6
    Join Date
    Oct 2006
    Posts
    16
    Rep Power
    8

    Default Interesting results on further tests

    After doing further tests, I came up with something very interesting:

    There are two domains to which my Zimbra server sends mails directly to their Mail Servers- ‘cse.domain.net’ and ‘domain.net’.
    My domain is ‘security.domain.net’.

    Used the following settings in Mail Boy from a system in a FOREIGN network ( the network is not mentioned in the Postfix mynetworks parameter)

    Use external SMTP server to deliver the results-
    SMTP Server: Internal IP of my Zimbra server Port: 25


    Note that only the ‘Use external SMTP server to deliver the messages’ is selected and that the SMTP server Authentication username and Password is not specified.

    When trying to RELAY mails to standard internet domains like gmail, yahoo and rediff, I did receive a relay access denied message in the Zimbra logs and the mails did not go through. So far, good. This is the expected behaviour for relay attempts.

    But interestingly, with the same settings, I was able to RELAY the mails to the domains which I have configured to send mails directly (cse.domain.net and domain.net) even though a valid username and password was not specified in the ‘This SMTP server requires Authentication’ section.

    Hence, the anti-relay properties of Zimbra did not work on the domains for which Zimbra has been configured to deliver e-mails directly on their Mail Servers.

    I believe, this setup should not have worked until a valid username and password is specified for SMTP authentication.

    Any ideas?

    Thanks.

Similar Threads

  1. QUE Failure
    By tbullock in forum Administrators
    Replies: 31
    Last Post: 07-30-2008, 12:17 PM
  2. zmtlsctl give LDAP error
    By sourcehound in forum Administrators
    Replies: 5
    Last Post: 03-11-2007, 03:48 PM
  3. Replies: 16
    Last Post: 09-07-2006, 06:39 AM
  4. Logger
    By jholder in forum Installation
    Replies: 24
    Last Post: 03-31-2006, 10:50 AM
  5. port 7071 not listening OS X install
    By leeimber in forum Installation
    Replies: 7
    Last Post: 03-21-2006, 09:47 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •