Page 1 of 1

Restricted Sender/Sender Must Login on Zimbra 8.7

Posted: Mon May 29, 2017 6:13 am
by fathianf
Hi. I have upgraded from zimbra 8.0.7 on centos 6.5 to zimbra 8.7.1 on centos 7. I already had auth login over telnet on port 25 but after upgrade I have lost this useful feature. so I searched on this topic again and I did the following steps and finally I got "Temporary failure login" and nobody could send mail to us.
su - zimbra
zmprov mcf zimbraMtaSmtpdSenderLoginMaps proxy:ldap:/opt/zimbra/conf/ldap-slm.cf +zimbraMtaSmtpdSenderRestrictions reject_authenticated_sender_login_mismatch
vi /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf
Added reject_sender_login_mismatch after permit_mynetworks so as follows:
Permit_mynetworks, reject_sender_login_mismatch
postfix reload
Please let me know what else should I do as our mail security is in danger and spammer can use our email addresses to send fake email to ourselves.

Re: Restricted Sender/Sender Must Login on Zimbra 8.7

Posted: Mon May 29, 2017 6:25 am
by phoenix
fathianf wrote:Please let me know what else should I do as our mail security is in danger and spammer can use our email addresses to send fake email to ourselves.
Port 25 on a mail server should be open and have no restrictions on it otherwise you'll continue to have problems receiving email. If you have a spam 'proble' then you need to adddress that with some of the ant-spam tools already supplied in ZCS. Take a look at using Postscreen, some of the wiki articles and forum threads on how to improve the ability of your server to deal with the spam.

Re: Restricted Sender/Sender Must Login on Zimbra 8.7

Posted: Mon May 29, 2017 9:54 am
by iomarmochtar
fathianf wrote:Hi. I have upgraded from zimbra 8.0.7 on centos 6.5 to zimbra 8.7.1 on centos 7. I already had auth login over telnet on port 25 but after upgrade I have lost this useful feature. so I searched on this topic again and I did the following steps and finally I got "Temporary failure login" and nobody could send mail to us.
su - zimbra
zmprov mcf zimbraMtaSmtpdSenderLoginMaps proxy:ldap:/opt/zimbra/conf/ldap-slm.cf +zimbraMtaSmtpdSenderRestrictions reject_authenticated_sender_login_mismatch
vi /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf
Added reject_sender_login_mismatch after permit_mynetworks so as follows:
Permit_mynetworks, reject_sender_login_mismatch
postfix reload
Please let me know what else should I do as our mail security is in danger and spammer can use our email addresses to send fake email to ourselves.


Did you mean by "forbid unauthenticated user using internal domain" ? if so then it should be included by default in zimbra installation

check_sender_access lmdb:/opt/zimbra/conf/domainrestrict

you may strictly filter trusted network IP(s) because it can send email as internal domain (through port 25) without authentication.

Code: Select all

zmprov gacf zimbraMtaMyNetworks


or

Code: Select all

zmprov gs `zmhostname` zimbraMtaMyNetworks

Re: Restricted Sender/Sender Must Login on Zimbra 8.7

Posted: Mon May 07, 2018 7:33 am
by lvhannan2
i have the exactly same problem too, when i use zimbra8.6 everthing is fine, but after upgrade to zimbra8.8.7, this prevent fake sender configuration does not work.

Re: Restricted Sender/Sender Must Login on Zimbra 8.7

Posted: Tue May 08, 2018 1:02 pm
by daniele.antolini
lvhannan2 wrote:i have the exactly same problem too, when i use zimbra8.6 everthing is fine, but after upgrade to zimbra8.8.7, this prevent fake sender configuration does not work.


I've the same issue on Zimbra 8.7.11

Re: Restricted Sender/Sender Must Login on Zimbra 8.7

Posted: Tue Feb 26, 2019 9:27 am
by buiphezzz
Zimbra Improvement : Restricted Sender/Sender Must Login on Zimbra 8 : https://www.vavai.net/2014/02/zimbra-improvement-restricted-sendersender-must-login-on-zimbra-8/
P/S: If version 8.8.11 => remove line "POSTCONF smtpd_sender_login_maps FILE zmconfigd/smtpd_sender_login_maps.cf" on /opt/zimbra/conf/zmconfigd.cf
[zimbra@mailsrv-zbr ~]$ zmcontrol -v
Release 8.8.11_GA_3737.RHEL7_64_20181207111719 RHEL7_64 FOSS edition, Patch 8.8.11_P2.