Hi all!
I have a very peculiar problem and cannot trace its origin so I am searching for help and advice.
I read all post I found without finding a real solution.

If you telnet my zimbra Open Source Edtition Server from outside its lan and try to send an email to the outside word you get correctly "Relay access denied".

But if you do the same thing and use a @domain_in_my_organization as a sender you can send email to the whole word without any auth.

This is my actual Trusted MTA settings 127.0.0.0/8 ZIMBRA_SERVER_IP/32 .

I tried all with telnet:

Correct behavior:

ehlo spesso
250-mydomain
250-PIPELINING
250-SIZE 31457280
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM: test@test.com
250 2.1.0 Ok
RCPT TO: outsideuser@outs
554 5.7.1 <outsideuser@outsidedomain.com>: Relay access denied
quit
221 2.0.0 Bye

Strange and dangerous behavior:

ehlo spesso
250-mydomain
250-PIPELINING
250-SIZE 31457280
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM: randomchars@domain_in_my_organization.com
250 2.1.0 Ok
RCPT TO: some_user@all_over_the_word.com
250 2.1.5 Ok
DATA
End data with <CR><LF>.<CR><LF>
test
.
250 2.0.0 Ok: queued as 416891B30021
quit
221 2.0.0 Bye

Thanks!