Zimbra uses postfix as its MTA. Postifix default configurations have some weakness which we have to modify get optimum performance and fight against spam.
Firstly, postfix has a trusted network [mynetwork] from which users can send mails without verifying their username and password.
Later on if we impose SMTP authentication for sending mails the users the users can still send mails by changing their from address [It is usually happens when a user is compromised]. A reference log is given below for better understanding.
Dec 17 14:17:45 mail postfix/submission/smtpd[8055]: 62B2A7009F9: client=unknown[x.x.x.x], sasl_method=LOGIN, sasl_username=user
Dec 17 14:17:45 mail postfix/qmgr[29613]: 62B2A7009F9: from=<gks@example.com>, size=5705, nrcpt=3 (queue active)
So, we are still in some security holes with our mail server. To be more strict we can match the from address of the user with the username that he uses in SMTP authentication. Let's see how to do that.
Login to Zimbra shell:
su zimbra
Run below command:
zmprov mcf zimbraMtaSmtpdSenderLoginMaps proxy:ldap:/opt/zimbra/conf/ldap-slm.cf +zimbraMtaSmtpdSenderRestrictions reject_authenticated_sender_login_mismatch
Edit the file /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf as below:
permit_mynetworks, reject_sender_login_mismatch
Restart zimbra service [Not required actually because Zimbra will automatically apply this after one miniute]:
zmcontrol restart
Now if one of your accounts is compromised, it is not possible to send SPAM mails using different from address which will help you find out the compromised ID easily.
Firstly, postfix has a trusted network [mynetwork] from which users can send mails without verifying their username and password.
Later on if we impose SMTP authentication for sending mails the users the users can still send mails by changing their from address [It is usually happens when a user is compromised]. A reference log is given below for better understanding.
Dec 17 14:17:45 mail postfix/submission/smtpd[8055]: 62B2A7009F9: client=unknown[x.x.x.x], sasl_method=LOGIN, sasl_username=user
Dec 17 14:17:45 mail postfix/qmgr[29613]: 62B2A7009F9: from=<gks@example.com>, size=5705, nrcpt=3 (queue active)
So, we are still in some security holes with our mail server. To be more strict we can match the from address of the user with the username that he uses in SMTP authentication. Let's see how to do that.
Login to Zimbra shell:
su zimbra
Run below command:
zmprov mcf zimbraMtaSmtpdSenderLoginMaps proxy:ldap:/opt/zimbra/conf/ldap-slm.cf +zimbraMtaSmtpdSenderRestrictions reject_authenticated_sender_login_mismatch
Edit the file /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf as below:
permit_mynetworks, reject_sender_login_mismatch
Restart zimbra service [Not required actually because Zimbra will automatically apply this after one miniute]:
zmcontrol restart
Now if one of your accounts is compromised, it is not possible to send SPAM mails using different from address which will help you find out the compromised ID easily.
