Results 1 to 5 of 5

Thread: First Zimbra Installation - How to block open relay

  1. #1
    Join Date
    Jul 2012
    Location
    Sassari, Italy
    Posts
    4
    Rep Power
    3

    Question First Zimbra Installation - How to block open relay

    Hi this is my first post and my first Zimbra installation, here is my zmcontrol -v information:

    Release 7.2.0_GA_2669.RHEL6_64_20120410002025 CentOS6_64 FOSS edition


    Zimbra host is a virtual machine, Xen domain is an OpenSUSE 12.1 server I use for named, svn, apache, mysql, aoe, ftp, etc so, as we know zimbra needs custom configuration, I preferred to install to a vm so my OpenSUSE server config wouldn't be touched.

    I configured dnsmasq for split DNS config as there is port 25tcp nat from the firewall.

    After installation I correctly configured mail domains and mail is working ok, BUT postfix is acting as an open relay.

    In zimbra web admin I configured an empty string as Trusted MTA Networks but I can see in postfix main.cf there still are the previous values (127.0.0.0/8 and my local ip subnet).

    What could I do to correct this trouble?

    Thanks in advance for your support.

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by kaioh84 View Post
    After installation I correctly configured mail domains and mail is working ok, BUT postfix is acting as an open relay.
    Zimbra by default is not an open relay so you must have changed something to cause it to be an open relay, tell us what changes you made (and why) and reverse those changes.

    Quote Originally Posted by kaioh84 View Post
    What could I do to correct this trouble?
    I'd suggest you read some of the many threads (and the solutions) on this topic.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Join Date
    Jul 2012
    Location
    Sassari, Italy
    Posts
    4
    Rep Power
    3

    Default

    I'm asking for help because it's a couple of weeks I'm reinstalling zimbra after tweaking settings as seen on this forum with horrible results, so I'd like to be careful before hand-modifying conf files.

    I only created two new domains and accounts through web interface and the server was already acting as open relay.
    In the global mta settings i checked: reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_non_fqdn_sender, reject_unknown_client_hostname, reject_unknown_helo_hostname, reject_unknown_sender_domain.
    In the rbls I added this lines (as suggested in the admin guide): dnsbl.njabl.org, cbl.abuseat.org, bl.spamcop.net, dnsbl.sorbs.net, sbl.spamhaus.org, relays.mail-abuse.org

    It now seems spam volume got smaller but if I check with open relay tool it still says is enabled.

    I'm looking in the admin guide if I lost some setting but I can't find anything.

    Is there any postfix setting (in zimbra conf files) to block any sender but my domains?
    After disabling open realy I think I'll ban spam ips from firewall.

  4. #4
    Join Date
    Jul 2012
    Location
    Sassari, Italy
    Posts
    4
    Rep Power
    3

    Default

    SOLVED

    After some intense thinking and lot of research I identified the problem. I think that this config suggestion should be underlined and pointed out in this forum, as I guess is a very common and wide problem.

    When you don't have a dedicated public IP for you zimbra installation, you must first setup a spli DNS config, then you must change MTATrustedNetworks as following: 127.0.0.0/8 your_ip/32

    This way every external connection (not for loopback interface) will be not anymore processed as trusted.

    Solution found here: http://www.zimbra.com/forums/adminis...a-problem.html

    Thank you very much to everybody! Zimbra rocks and I'm finally happy to be a zimbra user, hope this post could help somebody solving spam problems.

  5. #5
    Join Date
    Jul 2012
    Location
    Sassari, Italy
    Posts
    4
    Rep Power
    3

    Default

    Yes, I realized about this NAT problem in the time I've seen zimbra log files. We're waiting for the new router (they said me it's a mid-level cisco), so we should solve this problem in a few days

Similar Threads

  1. Zimbra as a relay host - some ISPs seems to block our mails
    By X-Dimension in forum Administrators
    Replies: 3
    Last Post: 02-13-2010, 01:14 AM
  2. [SOLVED] Open Relay --> Zimbra OSE vs MS Exchange
    By benny_0924 in forum Administrators
    Replies: 8
    Last Post: 09-15-2009, 09:45 PM
  3. Security issues, block relay to local addresses
    By alpa in forum Administrators
    Replies: 5
    Last Post: 05-04-2009, 11:36 AM
  4. Zimbra being an open relay?
    By gkra in forum Installation
    Replies: 6
    Last Post: 06-29-2007, 11:59 AM
  5. Zimbra acts as open relay by default?
    By lilwong in forum Administrators
    Replies: 2
    Last Post: 06-21-2006, 10:09 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •