« previous next »
Pages: [1]

Author Topic: Zentyal 3.0 SMTP do not require authentification  (Read 1636 times)

droug

  • Zen Apprentice
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Zentyal 3.0 SMTP do not require authentification
« on: March 15, 2013, 08:26:40 pm »
Hi, all.

Zentyal 3.0
Installed Mail service and Zarafa.
"Relay policy" list is empty.

Issue: users in localnet can send emails through 25 port without authentification.
How I can fix it? SMTP must require login and password.

Thx.
Logged

christian

  • Guest
Re: Zentyal 3.0 SMTP do not require authentification
« Reply #1 on: March 15, 2013, 11:50:19 pm »
Quote from: droug on March 15, 2013, 08:26:40 pm
How I can fix it? SMTP must require login and password.

I suppose you mean:
"I would like SMTP to require authentication"
which is a perfectly acceptable policy BTW but for sure not a must for all. e.g. I don't want it  ;) at least until some additional feature like masquerading are implemented.
Logged

otoh

  • Zen Apprentice
  • *
  • Posts: 34
  • Karma: +1/-0
    • View Profile
Re: Zentyal 3.0 SMTP do not require authentification
« Reply #2 on: March 17, 2013, 12:56:34 pm »
Quote from: droug on March 15, 2013, 08:26:40 pm
Issue: users in localnet can send emails through 25 port without authentification.
How I can fix it? SMTP must require login and password.

Thx.

I'm just setting up a Zentyal server and am looking at the same thing. Did you try sending mail to an external address, or to an internal one, ie one that the server accepts mail for?

I found that mail to external addresses requires authentication as you would expect. However, for internal addresses, it is not actually relaying, so it will naturally accept it.

But now I have a related query. I would like to allow relaying ONLY via SSL. This is because I want authenticated users outside my network to be able to use my server for relay; but Zentyal only seems to support plaintext password authentication so I need it to be secure.

Of course I cannot just disable regular SMTP since I will receive no mail from other servers! But with regular SMTP open, it also lets authenticated users relay by it. Any ideas?
Logged

otoh

  • Zen Apprentice
  • *
  • Posts: 34
  • Karma: +1/-0
    • View Profile
Re: Zentyal 3.0 SMTP do not require authentification
« Reply #3 on: March 19, 2013, 05:29:31 pm »
Quote from: otoh on March 17, 2013, 12:56:34 pm
But now I have a related query. I would like to allow relaying ONLY via SSL. This is because I want authenticated users outside my network to be able to use my server for relay; but Zentyal only seems to support plaintext password authentication so I need it to be secure.

Of course I cannot just disable regular SMTP since I will receive no mail from other servers! But with regular SMTP open, it also lets authenticated users relay by it. Any ideas?

I finally found an answer to this; on the postfix docs http://www.postfix.org/TLS_README.html. In:

Code: [Select]
/usr/share/zentyal/stubs/mail/main.cf.mas
Add:

Code: [Select]
smtpd_tls_auth_only = yes
And restart mail service (usual cavets about losing this if the module is updated). This seems to do what I'm after - still accept incoming unsecured mail submissions, but allow relay from registered users only via TLS. HTH somebody :)
Logged
Pages: [1]
« previous next »