ZIMBRA SMTP AUTH problem

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
uxbod
Ambassador
Ambassador
Posts: 7811
Joined: Fri Sep 12, 2014 10:21 pm

ZIMBRA SMTP AUTH problem

Postby uxbod » Mon Jul 20, 2009 9:50 am

are you sending the email from the server or off your LAN via a workstation ?


User avatar
siomon.liu
Advanced member
Advanced member
Posts: 68
Joined: Sat Sep 13, 2014 12:22 am
ZCS/ZD Version: Release 8.7.3_GA_1750.RHEL7_64_2017

ZIMBRA SMTP AUTH problem

Postby siomon.liu » Mon Jul 20, 2009 10:00 am

[quote user="uxbod"]are you sending the email from the server or off your LAN via a workstation ?[/QUOTE]
zimbra server is on internet!
i use my pc in my home or my office,anywhere.


and i also send mail to the account of same domain without auth.


now
my server is same domain send without auth,our domain to other domain only with auth.


for example
admin@test.zimbra.com to test@test.zimbra.com without auth.
it is very dangerous.
i want send mail only with auth.


How to setup the configure?
Pls help to solve.

Appreciate for your help.
thorng
Posts: 46
Joined: Sat Sep 13, 2014 12:21 am

ZIMBRA SMTP AUTH problem

Postby thorng » Mon Jul 20, 2009 1:44 pm

Something for people who are following the thread.

* Include physical interface does not make it an open relay. notice the mask is limited to only the server itself. This is for internal routing (av/spam) not necessary using the loopback interface. It is required. *
Now the solution. There is nothing wrong.

You are testing it wrong. the Recipient address has to be an external email adderss. This is due to the fact you need to able to receive email for your domain without authentication. SMTP behave no differently talking to another SMTP server or an SMTP client.

But authentication become required if it is to "relay" an message outside of its receiving domain.
One other thing. When you make the change for the "MTA Trusted Networks" you may need to restart services for the new network to take effect.
User avatar
siomon.liu
Advanced member
Advanced member
Posts: 68
Joined: Sat Sep 13, 2014 12:22 am
ZCS/ZD Version: Release 8.7.3_GA_1750.RHEL7_64_2017

ZIMBRA SMTP AUTH problem

Postby siomon.liu » Mon Jul 20, 2009 5:25 pm

[quote user="thorng"]Something for people who are following the thread.

* Include physical interface does not make it an open relay. notice the mask is limited to only the server itself. This is for internal routing (av/spam) not necessary using the loopback interface. It is required. *
Now the solution. There is nothing wrong.

You are testing it wrong. the Recipient address has to be an external email adderss. This is due to the fact you need to able to receive email for your domain without authentication. SMTP behave no differently talking to another SMTP server or an SMTP client.

But authentication become required if it is to "relay" an message outside of its receiving domain.
One other thing. When you make the change for the "MTA Trusted Networks" you may need to restart services for the new network to take effect.[/QUOTE]
after setup,i reboot my zimbra server.
now test
*@test.zimbra.com to hotmail,yahoo,gmail,anywhere only with auth.
but *@test.zimbra.com to *@test.zimbra.com without autn.


Pls help to solve.:confused:
thorng
Posts: 46
Joined: Sat Sep 13, 2014 12:21 am

ZIMBRA SMTP AUTH problem

Postby thorng » Mon Jul 20, 2009 9:09 pm

This behavior is by design. There is nothing to fix. If authentication is required, then you won't be able to received any emails from other domains.
It's possible to configure postfix to change this behavior by changing the smtpd_sender_restrictions but I don't have the details on how to do this.
The Only time you want do this is you are using the server to send email only and received only from predefined partners defined in the trused networks. Such server is not used for Internet facing.
rockman
Posts: 3
Joined: Sat Sep 13, 2014 12:34 am

ZIMBRA SMTP AUTH problem

Postby rockman » Tue Jul 21, 2009 8:26 am

Can Cyrus-SASL do any good?
rockman
Posts: 3
Joined: Sat Sep 13, 2014 12:34 am

ZIMBRA SMTP AUTH problem

Postby rockman » Sun Aug 02, 2009 10:49 pm

Hi Zimbra Pros,
Our mailing system is going live shortly. But we are a bit worried as the SMTP auth issue is still there. Can we block unauthorized connection from remote telnet with certain configuration on iptables? If positive, how to do that?
Please help.
TIA
adeelarifbhatti
Advanced member
Advanced member
Posts: 182
Joined: Sat Sep 13, 2014 12:06 am

ZIMBRA SMTP AUTH problem

Postby adeelarifbhatti » Mon Aug 03, 2009 12:30 am

Hi all,

didn't really go through the whole forum, but the auth issue while delivering email can be solved using the following configurations.



465 inet n - n - - smtpd

-o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes

-o smtpd_client_restrictions=permit_sasl_authenticated,reject
##############

Please make sure that this lines are added or uncommented in the master.conf.in file.


After restarting I am sure there isn't going to be any issue with auth before delivering email. And definatly the auth is going to be on port 465.

THIS WILL 100% SOLVES THE AUTH ISSUE.
Regards

Adeel
13546dalmate
Outstanding Member
Outstanding Member
Posts: 360
Joined: Fri Sep 12, 2014 11:59 pm

ZIMBRA SMTP AUTH problem

Postby 13546dalmate » Thu Aug 06, 2009 2:23 am

Maybe I have answer for all.

In Admin console, you must uncheck in "TLS authentication only" to enable "AUTH= PLAIN LOGIN" in smtp

If you want to force people who is in your local network must authenticated before can use smtp service you can configure in Postfix.To do that, you must modify in MTA Trusted Network:

-if your server has ip:10.2.22.48==> you can modify to 10.2.22.48/32==>so if user telnet from your local network they are notified to authenticate before send mail.

Sorry about my English if it's too unintelligible. If you want to know more detail you can send mail to me: dalmate@zing.vn.
premoddev
Advanced member
Advanced member
Posts: 93
Joined: Fri Sep 12, 2014 10:19 pm

ZIMBRA SMTP AUTH problem

Postby premoddev » Fri Aug 07, 2009 1:28 pm

Not understanding why you want authentication for sending emails. SMTP authentication doesn't means authenticate before sending each mails. It is using for protect your server from being an Open Relay. SASL authentication normally working on port 465 for users who want to relay mail to other domains.
If you enable authentication on port 25 , not any other servers (domains) will be able to send mails to your Server. bcz it wont allow to connect on port 25 without authentication.

Return to “Administrators”

Who is online

Users browsing this forum: Bing [Bot] and 15 guests