Today’s lesson: Zimbra.
- You have a NAT’ed environment…
- You’re installing Zimbra…
- You get slammed with 6 million plus SPAM messages flowing through your server overnight (despite following all best practices and ensuring you’re not an open relay)…
- Ignore Zimbra’s instructions that all your interfaces need to be in the “trusted networks” list.
- Use this command to override the admin interface rules:
zmprov ms zimbra.example.com zimbraMtaMyNetworks '127.0.0.0/8'
(Include any private networks that need access, too.)
- Tail the logs and enjoy all those “Relay access denied” messages.
This boils down to Zimbra not specifying that when you set up split-horizon DNS, you potentially open up your MTA to abuse right out of the box.