Hello, I recently migrated from Zimbra to Carbonio. After resolving some initial issues, everything seemed to be working fine at first, but there are still a couple of things that are not working correctly.
First, I tried disabling the "reject_authenticated_sender_login_mismatch" setting because I have network scanners that send emails and authenticate using account X, but change the "From" address to Y. Since there are many of these devices, I disabled the check through the AdminWeb interface under the MTA section. It appeared to be working at first, but then I noticed that even messages sent via port 587 using the correct authentication and without changing the "From" address started being rejected, as if the "From" did not match the authenticated user. For example:
Apr 17 12:14:36 srv-mail postfix/submission/smtpd[1011099]: NOQUEUE: reject: RCPT from 5.3.168.192.in-addr.arpa[192.168.3.5]: 553 5.7.1 integracao@xxxxx.com: Sender address rejected: not owned by user integracao; from=integracao@xxxxx.com to=user1@xxxx.com proto=ESMTP helo=<srv01.xxxxx.com>
Even after re-enabling the option in AdminWeb and restarting all services, the problem remained. While searching for a solution, I found two forum threads:
https://community.zextras.com/forum/carbonio-general-thread/sender-address-rejected-not-logged-in/
I tried the suggestion from that thread, but it didn’t work. What partially resolved the issue was a solution found in this Zimbra forum:
<a class="" href=" removed link " target="_new" rel="noopener" data-start="1564" data-end="1611"> removed link
The workaround was to remove the "reject_sender_login_mismatch" line from the file removed link Originally, the file had a line like:
permit_mynetworks, reject_sender_login_mismatch
After removing that line and restarting the MTA, sending started working again. However, I find this solution a bit strange and I’m wondering: what is the correct way to handle this situation?
The second issue is that some machines on my internal network are managing to send email via port 25 without authentication, even though they are not included in the "mynetworks" parameter. My current "mynetworks" configuration is:
127.0.0.0/8 192.168.255.0/24 192.168.3.70/32 192.168.3.71/32 192.168.3.72/32 192.168.3.73/32 192.168.3.7/32 192.168.3.9/32 10.10.1.0/24 192.168.3.15/32 192.168.3.59/32 192.168.3.66/32 10.10.1.10/32 192.168.3.240/32 192.168.3.183/32
However, devices with IP addresses like 192.168.3.97 or 192.168.107.5 are still able to send emails without authenticating. Can you help me understand why this is happening and how to prevent it?
Thanks in advance for your help.