Dear All,
I just set up a new standalone installation of Carbonio ans it's reacting as OpenRelay through PORT 25
I applied recommanded configuration but still having the same issue and I also think everytime I restart the server all custom configuration are wiped out.
Here's some output.
All this below is Spam
y89@gmail.com> proto=SMTP helo=<User>
Jun 16 07:44:02 mail postfix/smtpd[13287]: 74AD21B08270: filter: RCPT from unknown[10.25.XXX.XXX]: <info@mary.org>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<info@mary.org> to=<shijingjun2002@yahoo.com.cn> proto=SMTP helo=<User>
Jun 16 07:44:02 mail postfix/smtpd[13291]: 621851B08199: filter: RCPT from unknown[10.25.XXX.XXX]: <info@mary.org>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<info@mary.org> to=<shihongwei6688@163.com> proto=SMTP helo=<User>
Jun 16 07:44:02 mail postfix/smtpd[13369]: 6FF431B08254: filter: RCPT from unknown[10.25.XXX.XXX]: <info@mary.org>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<info@mary.org> to=<shiingting2010@hotmail.com> proto=SMTP helo=<User>
Jun 16 07:44:02 mail postfix/smtpd[13287]: 74AD21B08270: filter: RCPT from unknown[10.25.XXX.XXX]: <info@mary.org>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<info@mary.org> to=<shijinglei017527@sohu.com> proto=SMTP helo=<User>
Jun 16 07:44:02 mail postfix/smtpd[13291]: 621851B08199: filter: RCPT from unknown[10.25.XXX.XXX]: <info@mary.org>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<info@mary.org> to=<shihongwu1980@163.com> proto=SMTP helo=<User>
Jun 16 07:44:02 mail postfix/smtpd[13369]: 6FF431B08254: filter: RCPT from unknown[10.25.XXX.XXX]: <info@mary.org>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<info@mary.org> to=<shiit_wtf@hotmail.com> proto=SMTP helo=<User>
Jun 16 07:44:02 mail postfix/smtpd[13287]: 74AD21B08270: filter: RCPT from unknown[10.25.XXX.XXX]: <info@mary.org>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<info@mary.org> to=<shijingnuli@163.com> proto=SMTP helo=<User>
Output of my CLI - I set restriction I restart Postfix and it's Like I did nothing?
zextras@mail:~$ postconf | grep -E "smtpd_recipient_restrictions|smtpd_relay_restrictions" proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps $alias_maps $smtpd_client_restrictions $smtpd_helo_restrictions $smtpd_sender_restrictions $smtpd_relay_restrictions $smtpd_recipient_restrictions $address_verify_sender_dependent_default_transport_maps $address_verify_sender_dependent_relayhost_maps $address_verify_transport_maps $fallback_transport_maps $lmtp_discard_lhlo_keyword_address_maps $lmtp_pix_workaround_maps $lmtp_sasl_password_maps $lmtp_tls_policy_maps $mailbox_command_maps $mailbox_transport_maps $postscreen_discard_ehlo_keyword_address_maps $rbl_reply_maps $sender_dependent_default_transport_maps $sender_dependent_relayhost_maps $smtp_discard_ehlo_keyword_address_maps $smtp_pix_workaround_maps $smtp_sasl_password_maps $smtp_tls_policy_maps $smtpd_discard_ehlo_keyword_address_maps $smtpd_milter_maps $virtual_gid_maps $virtual_uid_maps $local_login_sender_maps $postscreen_reject_footer_maps $smtpd_reject_footer_maps $tls_server_sni_maps $tlsproxy_client_policy_maps $default_delivery_status_filter $lmtp_delivery_status_filter $lmtp_dns_reply_filter $lmtp_reply_filter $local_delivery_status_filter $pipe_delivery_status_filter $postscreen_command_filter $smtp_delivery_status_filter $smtp_dns_reply_filter $smtp_reply_filter $smtpd_command_filter $smtpd_dns_reply_filter $virtual_delivery_status_filter $body_checks $header_checks $lmtp_body_checks $lmtp_header_checks $lmtp_mime_header_checks $lmtp_nested_header_checks $milter_header_checks $mime_header_checks $nested_header_checks $smtp_body_checks $smtp_header_checks $smtp_mime_header_checks $smtp_nested_header_checks smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unlisted_recipient, reject_invalid_helo_hostname, reject_non_fqdn_sender, reject_unknown_sender_domain, permit smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination zextras@mail:~$ zextras@mail:~$ zextras@mail:~$ zextras@mail:~$ postconf -e "smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination" zextras@mail:~$ zextras@mail:~$ zextras@mail:~$ postconf -e "smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination" zextras@mail:~$ zextras@mail:~$ zextras@mail:~$ postfix reload /postfix-script: refreshing the Postfix mail system zextras@mail:~$ zextras@mail:~$ zextras@mail:~$ postconf | grep -E "smtpd_recipient_restrictions|smtpd_relay_restrictions" proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps $alias_maps $smtpd_client_restrictions $smtpd_helo_restrictions $smtpd_sender_restrictions $smtpd_relay_restrictions $smtpd_recipient_restrictions $address_verify_sender_dependent_default_transport_maps $address_verify_sender_dependent_relayhost_maps $address_verify_transport_maps $fallback_transport_maps $lmtp_discard_lhlo_keyword_address_maps $lmtp_pix_workaround_maps $lmtp_sasl_password_maps $lmtp_tls_policy_maps $mailbox_command_maps $mailbox_transport_maps $postscreen_discard_ehlo_keyword_address_maps $rbl_reply_maps $sender_dependent_default_transport_maps $sender_dependent_relayhost_maps $smtp_discard_ehlo_keyword_address_maps $smtp_pix_workaround_maps $smtp_sasl_password_maps $smtp_tls_policy_maps $smtpd_discard_ehlo_keyword_address_maps $smtpd_milter_maps $virtual_gid_maps $virtual_uid_maps $local_login_sender_maps $postscreen_reject_footer_maps $smtpd_reject_footer_maps $tls_server_sni_maps $tlsproxy_client_policy_maps $default_delivery_status_filter $lmtp_delivery_status_filter $lmtp_dns_reply_filter $lmtp_reply_filter $local_delivery_status_filter $pipe_delivery_status_filter $postscreen_command_filter $smtp_delivery_status_filter $smtp_dns_reply_filter $smtp_reply_filter $smtpd_command_filter $smtpd_dns_reply_filter $virtual_delivery_status_filter $body_checks $header_checks $lmtp_body_checks $lmtp_header_checks $lmtp_mime_header_checks $lmtp_nested_header_checks $milter_header_checks $mime_header_checks $nested_header_checks $smtp_body_checks $smtp_header_checks $smtp_mime_header_checks $smtp_nested_header_checks smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination zextras@mail:~$ postfix stop /postfix-script: stopping the Postfix mail system zextras@mail:~$ zextras@mail:~$ zextras@mail:~$ zextras@mail:~$ postfix start /postfix-script: starting the Postfix mail system zextras@mail:~$ zextras@mail:~$ zextras@mail:~$ zextras@mail:~$ zextras@mail:~$ zextras@mail:~$ postconf | grep -E "smtpd_recipient_restrictions|smtpd_relay_restrictions" proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps $alias_maps $smtpd_client_restrictions $smtpd_helo_restrictions $smtpd_sender_restrictions $smtpd_relay_restrictions $smtpd_recipient_restrictions $address_verify_sender_dependent_default_transport_maps $address_verify_sender_dependent_relayhost_maps $address_verify_transport_maps $fallback_transport_maps $lmtp_discard_lhlo_keyword_address_maps $lmtp_pix_workaround_maps $lmtp_sasl_password_maps $lmtp_tls_policy_maps $mailbox_command_maps $mailbox_transport_maps $postscreen_discard_ehlo_keyword_address_maps $rbl_reply_maps $sender_dependent_default_transport_maps $sender_dependent_relayhost_maps $smtp_discard_ehlo_keyword_address_maps $smtp_pix_workaround_maps $smtp_sasl_password_maps $smtp_tls_policy_maps $smtpd_discard_ehlo_keyword_address_maps $smtpd_milter_maps $virtual_gid_maps $virtual_uid_maps $local_login_sender_maps $postscreen_reject_footer_maps $smtpd_reject_footer_maps $tls_server_sni_maps $tlsproxy_client_policy_maps $default_delivery_status_filter $lmtp_delivery_status_filter $lmtp_dns_reply_filter $lmtp_reply_filter $local_delivery_status_filter $pipe_delivery_status_filter $postscreen_command_filter $smtp_delivery_status_filter $smtp_dns_reply_filter $smtp_reply_filter $smtpd_command_filter $smtpd_dns_reply_filter $virtual_delivery_status_filter $body_checks $header_checks $lmtp_body_checks $lmtp_header_checks $lmtp_mime_header_checks $lmtp_nested_header_checks $milter_header_checks $mime_header_checks $nested_header_checks $smtp_body_checks $smtp_header_checks $smtp_mime_header_checks $smtp_nested_header_checks smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unlisted_recipient, reject_invalid_helo_hostname, reject_non_fqdn_sender, reject_unknown_sender_domain, permit smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination zextras@mail:~$
Thanks in advance for your help
More details.
I discovered zmprov and Applied it as well.
Please check the output below
Something seem wrong and I don't now how to proceed yet
zextras@mail:~$ zmprov mcf zimbraMtaMyNetworks '127.0.0.0/8' zextras@mail:~$ zextras@mail:~$ zextras@mail:~$ postconf mynetworks mynetworks = 127.0.0.0/8 [::1]/128 10.25.XXX.XXX/24 zextras@mail:~$ zmprov gacf | grep zimbraMtaMyNetworks zimbraMtaMyNetworks: 127.0.0.0/8 zextras@mail:~$ zmmtactl restart Rewriting configuration files...done. Stopping milter server...done. Starting milter server...done. Stopping saslauthd...done. Starting saslauthd...done. /postfix-script: refreshing the Postfix mail system zextras@mail:~$ zextras@mail:~$ zextras@mail:~$ postconf mynetworks mynetworks = 127.0.0.0/8 [::1]/128 10.25.XXX.XXX/24 zextras@mail:~$ zmprov gacf | grep zimbraMtaMyNetworks zimbraMtaMyNetworks: 127.0.0.0/8 zextras@mail:~$
Hi,
you should keep your server IP only in your mynetworks. For example:
if your server ip is 192.168.10.100/24 then use:
$ carbonio prov ms mail.server-hostname.com zimbraMtaMyNetworks '127.0.0.0/8 192.168.10.100/32' $ postfix reload
Then check with:
$ postconf mynetworks
Notes:
- Never allow large subnets like /24 in your mynetworks.
- Whenever you need to allow an IP use /32 to restrict the allowance to that IP only.
- While using any attributes feel free to read that attribute description to understand the details related to that attribute.
Thanks this input. I'll update my network configs