37 thoughts on - How To Improvement Sender Must Login/Enforcing a Match Between From Address and sasl username On Zimbra 8.5

  • Hi ,

    I am using Zimbra 8.6 and i couldnt find check_sender_access lmdb:/opt/zimbra/conf/ldap-restricrelay.cf that you showed up at the last step, Can you share the configuration of that file?


  • This article ;How To Improvement Sender Must Login/Enforcing a Match Between From Address and sasl username On Zimbra 8.5
    I found out where I went wrong.Thanks for your helping and responding as well.

    Best Regards.

  • Hi,

    I have versión 8.5, I did just that but not working.
    zmprov mcf zimbraMtaSmtpdSenderLoginMaps proxy:ldap:/opt/zimbra/conf/ldap-slm.cf +zimbraMtaSmtpdSenderRestrictions reject_authenticated_sender_login_mismatch

    any idea?

      • i do all the steps multiple time but no effect , i also sure that my ip is not in trusted network .
        i am using zimbra 8.6.0.
        any idea?!!

        • Hi,

          Please post the result from the following command for debug :

          su - zimbra
          zmprov gs `zmhostname` | grep -i mynetwork
          zmprov gcf zimbraMtaSmtpdSenderLoginMaps
          zmprov gcf zimbraMtaSmtpdSenderRestrictions
          cat /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf
  • bro

    kalau kek gini kenapa ya
    Jun 24 01:58:35 zimbra postfix/amavisd/smtpd[2178]: error: open database /opt/zimbra/conf/slm-exceptions-db.lmdb: No such file or directory

  • if you please can help me how to publish mail server with zimbra on centos 7 to the internet and adding ssl cert

  • I ran these commands, but it does not seem to have any effect. How can reverse these changes and do a fresh run. I tried zmprov mcf -zimbraMtaSmtpdSenderRestrictions but it did not work.

    • Hi Srini,

      Please make sure you not run/test from trusted IP. If you want to reverse, please run the following command

      su - zimbra
      zmprov mcf zimbraMtaSmtpdSenderLoginMaps "" -zimbraMtaSmtpdSenderRestrictions reject_authenticated_sender_login_mismatch
  • Hi!
    I have two problems with the mta configuration maybe you can help me. After did the following:

    zmprov mcf zimbraMtaSmtpdSenderLoginMaps proxy:ldap:/opt/zimbra/conf/ldap-slm.cf +zimbraMtaSmtpdSenderRestrictions reject_authenticated_sender_login_mismatch

    vi /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf
    permit_mynetworks, reject_sender_login_mismatch

    zmprov mcf zimbraMtaSmtpdRejectUnlistedRecipient yes
    zmprov mcf zimbraMtaSmtpdRejectUnlistedSender yes
    zmmtactl restart
    zmconfigdctl restart

    I’m unable to send mails using webmail. Using imap/smtp works perfectly

    And using telnet the smtp server allows me to use a fake “from” to send mails to the domain configured in zimbra.

    Thanks in advance

  • Hi Iman, could you please help me with the message “Error in service network” when a user try to login at zimbra web client? Thanks in advance

  • Is it possible to create an exception for a specific domain?

    For example;
    We have done:
    “open file /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf and add reject_sender_login_mismatch after permit_mynetworks”
    ..and it rejects all SASL users with mismatched email addresses

    We would for domainA.com to not be rejected when SASL user does not match email address

    Is this possible?

  • I ran the following command:

    su – zimbra
    zmprov mcf zimbraMtaSmtpdSenderLoginMaps “” -zimbraMtaSmtpdSenderRestrictions reject_authenticated_sender_login_mismatch

    And now logging is not working for our zimbra server.

    • Hello,

      If you want to disable improvement, please try perform command twice

      zmprov mcf zimbraMtaSmtpdSenderLoginMaps ""
      zmprov mcf -zimbraMtaSmtpdSenderRestrictions reject_authenticated_sender_login_mismatch
  • Thanks for the quick reply!

    I thought that command was related to the issue I’m having with not getting any logs and all of the services being in red status on the admin gui, but it seems like the sqlite db got erased somehow. Would you happen to know of a way to recreate it on zimbra 8.6?

    I tried the steps in this article under “Reinitializing Logger Database From Scratch”, but it didn’t work: https://wiki.zimbra.com/wiki/Ajcody-Server-Topics

    Thank you so much for your help, I really appreciate it.

  • Hi Iman,

    Unfortunately, that doesn’t fix the problem on my system.
    If I run zmsyslogsetup and zmloggerinit, a db folder gets created under the /op/zimbra/logger/ directory, but the logger.sqlitedb file has no tables in it. I believe my logs stopped working after I tried to remove the improvement in this thread using: zmprov mcf zimbraMtaSmtpdSenderLoginMaps proxy:ldap:/opt/zimbra/conf/ldap-slm.cf -zimbraMtaSmtpdSenderRestrictions. It could also just be a coincidence that the logs stopped working around the same time, I’m not sure what’s wrong.

  • Hello thanks for the tutorial. When I use the telnet method, it’s rejected as you’ve showed. However, when I use the mail command and set the From field accordingly, the emails are sent!!

    echo “Test message” | mail -s “Testing” -a “From:test@example.com” -t test@example.com

    What is the sure way to ensure that emails which have the same to/from fields are rejected by the server?

    • Hello David,

      If you mean OS on my laptop, i am using ElementaryOS. If you mean OS on my server, i am using CentOS or Ubuntu and especially SUSE 🙂

  • Hi Iman,
    I’m test successful from your instruction. But I have 1 problem to discuss: When using thunderbird, I don’t change email address in account settings, beside that when I write new email, I choose customize From address and change to anything, the email send successful anyway. How can we prevent that?

  • Hi Iman,

    Thank for your post.
    Do you know how to authorize a user so that it can send mail on behalf of all domain accounts ?.

    Thanks again