I've got a problem with a brand new Zimbra NE 6.0.4 installation just made (on Ubuntu 8.04 if it matters) for a client. This machine is behind a firewall that NAT 25 port to it.
In the trusted networks, I set "127../8" and "192.../32", so I intented to be able to send emails only in an authentificated tsl/ssl way as this configuration only allows anonymous mails from the machine where zimbra is installed itselfs.
My problem is that some spams can be send via this installation from the other side of the firewall; it seems that the firewall (that cannot be changed) breaks something when it does its natting -> spams arrive in the MTA and in the queue, so it's like they were send from the trusted networks, locally so. Of course, trying to send an anonymous email from the network (that isn't trusted) won't work, as excepted; that's why I arrive to this conclusion (the firewall breaks something when it does natting).
After digging into various files, I found the line
permit_mynetworks (in the file /opt/zimbra/conf/postfix_recipient_restrictions.cf)
and it's corresponding
smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unlisted_recipient, reject_invalid_hostname, reject_non_fqdn_sender, permit (in /opt/zimbra/postfix/conf/main.cf)
And in the same file:
local_header_rewrite_clients = permit_mynetworks,permit_sasl_authenticated
So my question is: what would it be if I delete the line "permit_mynetworks" from postfix_recipient_restrictions.cf and restart? Would all outgoing mail coming from anywhere be rejected unless their sender is registered in the system? Or would it be totally impossible to send any mail at all, even for registered users (as in the queue, originating address is sometimes "amavisd [127.0.0.1]" )?
As this parameter seems to be able to totally break the installation (that already is in production), I'd prefer to have an answer before trying to change this setting.
Thanks in advance for answering