On one of our third-party services, the script that sends out reports to users broke down. As a result, spam was sent to users mailboxes. When I blocked the mailbox used for sending reports, spam did not stop being sent until the mailing script itself was disabled. The script was able to send mail via blocked account.
The log contains information about authorization refusal.
May 29 06:25:38 mail saslauthd: auth_zimbra: email@example.com auth failed: authentication failed for [firstname.lastname@example.org]
May 29 06:25:38 mail saslauthd: do_auth : auth failure: [email@example.com] [service=smtp] [realm=domain.com] [mech=zimbra] [reason=Unknown]
May 29 06:25:38 mail postfix/smtpd: warning: unknown[xxx.xxx.xxx.xx1]: SASL login authentication failed: authentication failure
But the sending occurred
As I understand it, the mail has been sent because the sender node belongs to the internal LAN address (MYNETWORKS RULE)
May 29 06:25:37 mail postfix/postscreen: CONNECT from [xxx.xxx.xxx.xx1]:63627 to [xxx.xxx.xxx.xx2]:25
May 29 06:25:37 mail postfix/postscreen: WHITELISTED [xxx.xxx.xxx.xx1]:63627
It turns out that any unauthorized node can send spam if it is connected from "MYNETWORK" subnet?
How can I prevent sending from unauthorized users?
smtpd_sender_restrictions = check_sender_access regexp:/opt/zimbra/common/conf/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, permit_tls_clientcerts, check_sender_access regexp:/opt/zimbra/common/conf/tag_as_foreig
As I understand it rule "permit_mynetworks" will be processed earlier than the rule "permit_sasl_authenticated". How to change the processing order? Will it be enough to just edit it manually /opt/zimbra/common/conf ?
- Zimbra Collaboration 9.0.0 now available. Read the release notes.
- Zimbra Collaboration 8.8.15 LTS now available. Read the release notes.
- Are you a Zimbra Developer? You can find some interesting stuff in our Official GitHub, Blog and the Community Github.
- Zimbra is Open Source! Read the FAQ. You can also contribute and build binary from source!
Discuss your pilot or production implementation with other Zimbra admins or our engineers.
1 post • Page 1 of 1
Who is online
Users browsing this forum: No registered users and 15 guests