From Zimbra :: Wiki

There are several corrections needed in the "Turning On or Off RBLs" section: the section containing "...all the possible restrictions" has both a typo and an omission -- "non_fqdn_hostname", and the last two RBLs are also missing from this list. I might also suggest using sbl-xbl.spamhaus.org instead of just sbl.spamhaus.org. Finally, the text formatting inserted curly quotes, which did not work for me for a cut & paste to the command line. The entire string would then look like:

zmprov mcf zimbraMtaRestriction reject_invalid_hostname zimbraMtaRestriction reject_non_fqdn_hostname zimbraMtaRestriction reject_non_fqdn_sender zimbraMtaRestriction "reject_rbl_client dnsbl.njabl.org" zimbraMtaRestriction "reject_rbl_client bl.spamcop.net" zimbraMtaRestriction "reject_rbl_client dnsbl.sorbs.net" zimbraMtaRestriction "reject_rbl_client zen.spamhaus.org"

Other thoughts on the RBLs section: zen.spamhaus.org is probably the best choice now.

The RBLs section incorrectly states that these zmprov commands turn RBLs on and off in SpamAssassin. They do not (as of 4.5). They apply MTA restrictions to Postfix causing rejection of mail during the SMTP transaction -- bouncing it immediately to the original sender, instead of forwarding it to the recipient marked as spam.

While some domains might prefer this level of restriction, some of the listed RBLs (e.g. SORBS) may be too aggressive for use in this fashion -- bouncing mail from entire major ISPs. This implementation also is likely a violation of RFC2822 since the mta-level restrictions block mail to even "spam lover" accounts like postmaster.

We should beef up the SpamAssassin configuration instructions found elsewhere and include a reference here.

opm.blitzed.org and relays.ordb.org are both no longer active, and cbl.abuseat.org is contained within the zen list. All have been removed from the command line above.

Should document how to turn off encrypted archives blocking

zmprov mcf zimbraVirusBlockEncryptedArchive FALSE