Zimbra Security Tip – Block Nested Spoofed “From:” Email Addresses

Zimbra Security Tip – Block Nested Spoofed “From:” Email Addresses

Email is one of the top attack vectors for getting inside an organization, and it is a known fact that we are more likely to open an email that purports to come from someone we know.

The spammers of course know this too, and recently, they have been exploiting it by intentionally creating a kind of “nested” email address.

How this accomplished is a little technical, but it’s increasingly being used to spoof the “From:” portion of an email.

The good news in Zimbra (or any Linux server running the Postfix MTA) is that it’s easy to fix.

One of Zimbra’s Super Star engineers, Rick King, recently published a How-To specifically for implementing this fix within Zimbra. If you are responsible for the security of your company’s Zimbra system, you can find Rick’s tutorial here.

Note that when you do a Zimbra version upgrade (not a Patch), you’ll need to redo Rick’s edit to the /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf file.

Hope that helps,

L. Mark Stone
Mission Critical Email
4 December 2018

The information provided in this blog is intended for informational and educational purposes only. The views expressed herein are those of Mr. Stone personally. The contents of this site are not intended as advice for any purpose and are subject to change without notice. Mission Critical Email makes no warranties of any kind regarding the accuracy or completeness of any information on this site, and we make no representations regarding whether such information is up-to-date or applicable to any particular situation. All copyrights are reserved by Mr. Stone. Any portion of the material on this site may be used for personal or educational purposes provided appropriate attribution is given to Mr. Stone and this blog.