Zimbra have been release new Zimbra Collaboration Suite version 8.5.0 and have some changes, especially in the Enforcing a match between FROM address and sasl username/Sender Must Login. Zimbra default configuration allows the user to relay emails using a different email address from user to authenticate with smtp. The following is example configuration on Thunderbird
If your password compromised, spammer can use email address with password compromise for authentication smtp and identity email of Thunderbird changed with other email. Otherwise, if you testing use telnet, Zimbra allow send from and to same domain without authentication. This is very dangerous and can used spammer to sending fake mail. The following is example test use telnet
mail:~ # telnet mail.myemailserver.net 25 Trying 103.xxx.xxx.xxx Connected to mail.myemailserver.net. Escape character is '^]'. 220 mail.myemailserver.net ESMTP Postfix ehlo mail 250-mail.myemailserver.net 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN mail from:admin@myemailserver.net 250 2.1.0 Ok rcpt to:admin@myemailserver.net 250 2.1.5 Ok
The results sending email from admin@myemailserver.net to admin@myemailserver.net accepted. The good configuration, email server will asking password for admin@myemailserver.net. If use password and match, email can send to destination, if not use password, email server will deny.
How if i’m trying to send fake mail and use my boss email and sending email to accountant and told for sending money to my card? if email server not improve with sender must login/anti fake mail, Zimbra will accept email from and to with same domain without authentication/password.
How to improve Zimbra using sender must login/anti fake mail?
If using Zimbra 7.0, you can use this guidance http://ahmad.imanudin.com/2013/05/05/improvement-anti-spam-zimbra-restricted-sendersender-must-login-pada-zimbra-7/ in Bahasa Indonesia and if using Zimbra 8.0, you can use this guidance http://ahmad.imanudin.com/2013/10/29/improvement-anti-spam-zimbra-restricted-sendersender-must-login-pada-zimbra-8-dengan-exceptionpengecualian/ uses also Bahasa Indonesia 
.If using Zimbra 8.5, you can following this instruction
.If using Zimbra 8.5, you can following this instruction1.su - zimbra2.zmprov mcf zimbraMtaSmtpdSenderLoginMaps proxy:ldap:/opt/zimbra/conf/ldap-slm.cf +zimbraMtaSmtpdSenderRestrictions reject_authenticated_sender_login_mismatch
Above configuration will not accept the user to relay emails using a different email address from user to authenticate with smtp
open file /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf and add reject_sender_login_mismatchafter permit_mynetworks
permit_mynetworks, reject_sender_login_mismatch
Above configuration will not accept if user not use authentication/password. After a minute, zmconfigd will update the postfix configuration automatically and apply the new rules. The following is example test use telnet after improve configuration sender must login/anti fake mail
ahmad:~ # telnet mail.myemailserver.net 25 Trying 103.xxx.xxx.xxx Connected to mail.myemailserver.net. Escape character is '^]'. 220 mail.myemailserver.net ESMTP Postfix ehlo mail 250-mail.myemailserver.net 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN mail from:admin@myemailserver.net 250 2.1.0 Ok rcpt to:admin@myemailserver.net 553 5.7.1 <admin@myemailserver.net> Sender address rejected: not logged in
The test above rejected with message not logged in.
Let’s see the video on Youtube
Good luck and hopefully useful
Blogger Comment
Facebook Comment