Restricted Sender/Sender Must Login on Zimbra 8.7

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
fathianf
Posts: 29
Joined: Fri Sep 12, 2014 10:33 pm

Restricted Sender/Sender Must Login on Zimbra 8.7

Postby fathianf » Mon May 29, 2017 6:13 am

Hi. I have upgraded from zimbra 8.0.7 on centos 6.5 to zimbra 8.7.1 on centos 7. I already had auth login over telnet on port 25 but after upgrade I have lost this useful feature. so I searched on this topic again and I did the following steps and finally I got "Temporary failure login" and nobody could send mail to us.
su - zimbra
zmprov mcf zimbraMtaSmtpdSenderLoginMaps proxy:ldap:/opt/zimbra/conf/ldap-slm.cf +zimbraMtaSmtpdSenderRestrictions reject_authenticated_sender_login_mismatch
vi /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf
Added reject_sender_login_mismatch after permit_mynetworks so as follows:
Permit_mynetworks, reject_sender_login_mismatch
postfix reload
Please let me know what else should I do as our mail security is in danger and spammer can use our email addresses to send fake email to ourselves.


phoenix
Ambassador
Ambassador
Posts: 26344
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Restricted Sender/Sender Must Login on Zimbra 8.7

Postby phoenix » Mon May 29, 2017 6:25 am

fathianf wrote:Please let me know what else should I do as our mail security is in danger and spammer can use our email addresses to send fake email to ourselves.
Port 25 on a mail server should be open and have no restrictions on it otherwise you'll continue to have problems receiving email. If you have a spam 'proble' then you need to adddress that with some of the ant-spam tools already supplied in ZCS. Take a look at using Postscreen, some of the wiki articles and forum threads on how to improve the ability of your server to deal with the spam.
Regards

Bill

Rspamd: A high performance spamassassin replacement

If you'd like to see this implemented in a future version of ZCS then please vote on Bugzilla entries 97706 & 108168
iomarmochtar
Posts: 41
Joined: Sat Sep 13, 2014 3:54 am
Location: Indonesia
Contact:

Re: Restricted Sender/Sender Must Login on Zimbra 8.7

Postby iomarmochtar » Mon May 29, 2017 9:54 am

fathianf wrote:Hi. I have upgraded from zimbra 8.0.7 on centos 6.5 to zimbra 8.7.1 on centos 7. I already had auth login over telnet on port 25 but after upgrade I have lost this useful feature. so I searched on this topic again and I did the following steps and finally I got "Temporary failure login" and nobody could send mail to us.
su - zimbra
zmprov mcf zimbraMtaSmtpdSenderLoginMaps proxy:ldap:/opt/zimbra/conf/ldap-slm.cf +zimbraMtaSmtpdSenderRestrictions reject_authenticated_sender_login_mismatch
vi /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf
Added reject_sender_login_mismatch after permit_mynetworks so as follows:
Permit_mynetworks, reject_sender_login_mismatch
postfix reload
Please let me know what else should I do as our mail security is in danger and spammer can use our email addresses to send fake email to ourselves.


Did you mean by "forbid unauthenticated user using internal domain" ? if so then it should be included by default in zimbra installation

check_sender_access lmdb:/opt/zimbra/conf/domainrestrict

you may strictly filter trusted network IP(s) because it can send email as internal domain (through port 25) without authentication.

Code: Select all

zmprov gacf zimbraMtaMyNetworks


or

Code: Select all

zmprov gs `zmhostname` zimbraMtaMyNetworks
lvhannan2
Posts: 7
Joined: Wed Apr 11, 2018 8:02 am

Re: Restricted Sender/Sender Must Login on Zimbra 8.7

Postby lvhannan2 » Mon May 07, 2018 7:33 am

i have the exactly same problem too, when i use zimbra8.6 everthing is fine, but after upgrade to zimbra8.8.7, this prevent fake sender configuration does not work.
daniele.antolini
Posts: 35
Joined: Fri Jul 08, 2016 7:41 am

Re: Restricted Sender/Sender Must Login on Zimbra 8.7

Postby daniele.antolini » Tue May 08, 2018 1:02 pm

lvhannan2 wrote:i have the exactly same problem too, when i use zimbra8.6 everthing is fine, but after upgrade to zimbra8.8.7, this prevent fake sender configuration does not work.


I've the same issue on Zimbra 8.7.11
buiphezzz
Posts: 5
Joined: Fri Feb 22, 2019 6:12 am

Re: Restricted Sender/Sender Must Login on Zimbra 8.7

Postby buiphezzz » Tue Feb 26, 2019 9:27 am

Zimbra Improvement : Restricted Sender/Sender Must Login on Zimbra 8 : https://www.vavai.net/2014/02/zimbra-improvement-restricted-sendersender-must-login-on-zimbra-8/
P/S: If version 8.8.11 => remove line "POSTCONF smtpd_sender_login_maps FILE zmconfigd/smtpd_sender_login_maps.cf" on /opt/zimbra/conf/zmconfigd.cf
[zimbra@mailsrv-zbr ~]$ zmcontrol -v
Release 8.8.11_GA_3737.RHEL7_64_20181207111719 RHEL7_64 FOSS edition, Patch 8.8.11_P2.

Return to “Administrators”

Who is online

Users browsing this forum: Majestic-12 [Bot] and 19 guests