Results 1 to 10 of 14

Thread: Seguridad en el smtp

Hybrid View

  1. #1
    Join Date
    Sep 2011
    Posts
    15
    Rep Power
    4

    Exclamation Seguridad en el smtp

    Hola buenas, hemos instalado un servidor zimbra en la empresa, el 7.1.2, todo va bien de momento, salvo por un problema que tenemos en el smtp, no comprueba las credenciales de los usuarios para el correo interno, os cuento.
    Cualquiera, incluso con una cuenta falsa, puede enviar un correo a los usuarios del dominio. Nos gustaría prevenir esta situación, no queremos spammers internos. ¿De que formas podemos evitar esto? ¿hay alguna manera de que el smtp solo admita usuarios registrados en el sistemas.

    Gracias

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by juanluep View Post
    Hola buenas, hemos instalado un servidor zimbra en la empresa, el 7.1.2, todo va bien de momento, salvo por un problema que tenemos en el smtp, no comprueba las credenciales de los usuarios para el correo interno, os cuento.
    Cualquiera, incluso con una cuenta falsa, puede enviar un correo a los usuarios del dominio. Nos gustaría prevenir esta situación, no queremos spammers internos. ¿De que formas podemos evitar esto? ¿hay alguna manera de que el smtp solo admita usuarios registrados en el sistemas.
    You don't need to do anything to the server, your server is not an open relay and spammers won't be able to send mail to your users via the internal network. If you wish to make changes to the anti-spam system then search the forums for the word "backscatter" and have a look at some of the wiki articles on the subject. The question you've asked has already been answered in the forums many times.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Join Date
    Sep 2011
    Posts
    15
    Rep Power
    4

    Default

    pues nosotros tenemos ese problema, he buscado en la documentación y en los foros y no he encontrado respuesta, supongo que sera un problema muy común, pero no he encontrado nada. La configuración del SMPT apenas la hemos tocado y para enviar correos internos no pide usuarios y contraseña. hemos incluso llegado a configurar cuentas falsas desde fuera de nuestra red, con usuarios que no existen, y les deja enviar correos a otros usuarios de nuestro domino sin problema.

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by juanluep View Post
    pues nosotros tenemos ese problema, he buscado en la documentación y en los foros y no he encontrado respuesta, supongo que sera un problema muy común, pero no he encontrado nada. La configuración del SMPT apenas la hemos tocado y para enviar correos internos no pide usuarios y contraseña. hemos incluso llegado a configurar cuentas falsas desde fuera de nuestra red, con usuarios que no existen, y les deja enviar correos a otros usuarios de nuestro domino sin problema.
    Yes, of course you can send email from an internal account but why do you think a spammer is going to set-up an account on your server? This isn't a problem, believe me, you cannot relay mail through your server from an external SMTP connection to any other external account.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    Join Date
    Sep 2011
    Posts
    15
    Rep Power
    4

    Default

    bueno pensamos en virus que infecten ordenadores de nuestra red y aprovechen en SMTP para propagarse. entre otras posibles eventualidades.

  6. #6
    Join Date
    Nov 2011
    Posts
    8
    Rep Power
    4

    Default

    Buenas yo tengo un problema similar y creo que zimbra viene algo flojito en cuanto a seguridad, alguien sabe como se puede segurizar un poco más.

    Gracias.

  7. #7
    Join Date
    Dec 2011
    Posts
    1
    Rep Power
    0

    Default Problemas con SPAM

    Good afternoon,

    I have been using zimbra CE since version 6 and now 7, unfortunately my server is used to send spam with valid user accounts.

    When we checked the user account involved in the zimbra web client, we find that they have changed the firm, the forwarding address, I guess Trojan virus is on the user's computer, but still do not understand how it works, because at times when your computer is off there to send spam.

    Therefore do not understand how is that spam can be sent and if there is how to configure zimbra to stop this from happening.
    Try changing the configuration of postfix with no results.
    Configuring postfix:

    smtpd_sender_restrictions =
    check_client_access hash:/opt/zimbra/postfix/conf/misclientes, permit_mynetworks,
    permit_sasl_authenticated,
    reject_non_fqdn_sender,
    reject_unknown_sender_domain, pcre:/opt/zimbra/postfix/conf/sender_access,
    permit



    smtpd_client_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_rbl_client bl.spamcop.net,
    reject_rbl_client dnsbl.njabl.org,
    reject_rbl_client cbl.abuseat.org,
    reject_rbl_client sbl-xbl.spamhaus.org,
    reject_rbl_client list.dsbl.org,
    permit

    smtpd_recipient_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_non_fqdn_recipient,
    reject_unknown_recipient_domain,
    reject_unauth_destination,
    reject_unlisted_recipient,
    reject_invalid_hostname,
    reject_non_fqdn_hostname,
    reject_non_fqdn_sender,
    reject_unknown_hostname,
    reject_unknown_sender_domain,
    reject_rbl_client bl.spamcop.net,
    reject_rbl_client dnsbl.njabl.org,
    reject_rbl_client cbl.abuseat.org,
    reject_rbl_client sbl-xbl.spamhaus.org,
    reject_rbl_client list.dsbl.org, permit

    contenido de /opt/zimbra/postfix/conf/sender_access
    /@mi\.dominio\.edu$/ 554 No uses mi dominio para enviar correo

    contenido de /opt/zimbra/postfix/conf/misclientes
    mi.dominio.edu misremitentes

    contenido de /opt/zimbra/postfix/conf/misremitentes
    /@(.*\.)?mi\.dominio\.edu$/ OK
    /.*/ 554 La direccion remitente debe ser local

    Already saw that my server is not Open Relay,
    Any suggestions?
    The SPF settings help? as I can do this in zimbra?

    Thank you very much.

  8. #8
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by andresmq View Post
    I have been using zimbra CE since version 6 and now 7, unfortunately my server is used to send spam with valid user accounts.

    When we checked the user account involved in the zimbra web client, we find that they have changed the firm, the forwarding address, I guess Trojan virus is on the user's computer, but still do not understand how it works, because at times when your computer is off there to send spam.

    Therefore do not understand how is that spam can be sent and if there is how to configure zimbra to stop this from happening.
    You most likely have a compromised account, start by taking a look at some of the threads on the subject: site:zimbra.com +"compromised account" - Yahoo! Search Results
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  9. #9
    Join Date
    Sep 2011
    Posts
    5
    Rep Power
    4

    Default

    Especulo que todo el problema se debe a que esos mails provienen de alguna dirección dentro de la red de confianza (fijate en la configuración del servidor o general). En ese caso obviamente el mail va a ser enviado.
    Slds

  10. #10
    Join Date
    Sep 2011
    Posts
    5
    Rep Power
    4

    Default

    Igualmente, dale un vistazo a este post http://www.zimbra.com/forums/adminis...ding-mail.html
    Slds

Similar Threads

  1. Replies: 2
    Last Post: 03-30-2011, 11:32 PM
  2. sms zimlet troubleshooting
    By switchnetworks in forum Zimlets
    Replies: 19
    Last Post: 09-09-2009, 05:37 AM
  3. server dropped connection
    By ferra in forum Installation
    Replies: 20
    Last Post: 10-06-2008, 05:32 PM
  4. need advice on configuring zimbra to work with fax server
    By pheonix1t in forum Administrators
    Replies: 0
    Last Post: 07-11-2007, 08:46 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •