Creating a send-only user without mailbox

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
S.F.
Posts: 9
Joined: Fri Sep 12, 2014 11:23 pm

Creating a send-only user without mailbox

Postby S.F. » Fri Feb 01, 2013 10:07 am

I'm currently planning a migration from a Postfix+Cyrus server to Zimbra (ZCS 8 NE). In our current setup we have a special user called mailrelay which can authenticate to Postfix in order to send mail, but which does not have a mailbox in Cyrus. This mailrelay user is used by other machines to send mail from Cron jobs und similar tasks through our mail server.
Is it possible to create a similar send-only user in Zimbra? In particular, I'd like for this user to not have a mailbox, so that no one can (accidentally or otherwise) send mail to this user. Also, I'd prefer if this could be done such that it doesn't use up a license.


lytledd
Outstanding Member
Outstanding Member
Posts: 509
Joined: Sat Sep 13, 2014 12:54 am
ZCS/ZD Version: Ubuntu Release 8.8.15.GA.P13 FOSS

Creating a send-only user without mailbox

Postby lytledd » Fri Feb 01, 2013 2:08 pm

Not necessary.
As long as the servers are located within your 'MTA Trusted Networks', then they won't require authentication to send mail.
Doug
S.F.
Posts: 9
Joined: Fri Sep 12, 2014 11:23 pm

Creating a send-only user without mailbox

Postby S.F. » Mon Feb 04, 2013 9:28 am

Okay, but what if some of these servers are on external/public networks which we cannot trust? I don't think I can do without authentication in this case.
speno
Advanced member
Advanced member
Posts: 56
Joined: Sat Sep 13, 2014 1:08 am

Creating a send-only user without mailbox

Postby speno » Mon Feb 04, 2013 9:44 am

[quote user="S.F."]Okay, but what if some of these servers are on external/public networks which we cannot trust? I don't think I can do without authentication in this case.[/QUOTE]
If you want to go down this route, you can edit postfix's mynetworks attribute using the Zimbra server attribute zimbraMtaMyNetworks. You can add the address of specific hosts in there to allow unauthenticated SMTP connections from it to your Zimbra's instance of postfix.
That may be the easiest solution, but I'm sure there are ways to wrangle the config to use actual authentication.
phoenix
Ambassador
Ambassador
Posts: 26699
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Creating a send-only user without mailbox

Postby phoenix » Mon Feb 04, 2013 12:28 pm

[quote user="speno"]If you want to go down this route, you can edit postfix's mynetworks attribute using the Zimbra server attribute zimbraMtaMyNetworks. You can add the address of specific hosts in there to allow unauthenticated SMTP connections from it to your Zimbra's instance of postfix.[/QUOTE]You should never (IMO) add a server to your Trusted Networks that's on a public IP unless you can trust it 100% - if that server gets compromised you have just made yourself a nice open relay.
[quote user="speno"]That may be the easiest solution, but I'm sure there are ways to wrangle the config to use actual authentication.[/QUOTE]Anything relaying through a ZCS server can use the submission Port 587 which will require authentication.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
S.F.
Posts: 9
Joined: Fri Sep 12, 2014 11:23 pm

Creating a send-only user without mailbox

Postby S.F. » Fri Feb 08, 2013 6:59 am

[quote user="10330phoenix"]Anything relaying through a ZCS server can use the submission Port 587 which will require authentication.[/QUOTE]
This is precisely what I want to do. However, this obviously requires authentication credentials, and I do not want to create a full-blown account for this. Is it possible to manually add an entry to the authentication database for this purpose? If so, how?
lytledd
Outstanding Member
Outstanding Member
Posts: 509
Joined: Sat Sep 13, 2014 12:54 am
ZCS/ZD Version: Ubuntu Release 8.8.15.GA.P13 FOSS

Creating a send-only user without mailbox

Postby lytledd » Tue Feb 12, 2013 4:24 am

Use an existing account's credentials, but with the from address like 'reporting@yourdomain.com'. I do this all the time. As long as it's a valid local domain, it'll work just fine. I also use postie for sending, it supports authentication.
Doug

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 11 guests