Ajcody-How-To-Setup-sendAsDistList-Right-And-Persona-For-A-Distribution-List
Article Information |
---|
This article applies to the following ZCS versions. |
How To Setup A sendAsDistList Right and Persona For Internal Users
The following How-to only applies to ZCS 8 and greater
Actual How To Setup A sendAsDistList Right and Persona For Internal Users Home Page
Please see: Ajcody-How-To-Setup-sendAsDistList-Right-And-Persona-For-Internal-Users
Changes In ZCS8+ For zimbraAllowFromAddress and Persona's
Prior to ZCS 8, one would use the zimbraAllowFromAddress variable to allow one user the means to send as another user. This variable in ZCS 8+ only applies when setting the variable for external users now, it no longer allows internal users or distribution lists [DL's]. If you try to add an internal user or DL to zimbraAllowFromAddress, you'll see an error like:
zmprov ma 11@test.com zimbraAllowFromAddress 12@test.com ERROR: service.INVALID_REQUEST (invalid request: zimbraAllowFromAddress may not contain an internal account: 12@test.com)
With ZCS 8.0 and above, there is an upgrade script that will migrate internal users and DL's that are set in zimbraAllowFromAddress to become sendAs rights and also within the zimbraPrefAllowAddressForDelegatedSender variables. This is mentioned in the Release Notes and in the following bug:
- "zimbraAllowFromAddress pref should exclude internal accounts"
- http://bugzilla.zimbra.com/show_bug.cgi?id=66387
- Please see Release Notes about doing this upgrade via the command : zmldapupgrade -b 66387
- Any internal account or distribution list address listed in zimbraAllowFromAddress attribute is converted to a grant of sendAs (for account) or sendAsDistList (for DL) right from the named account or DL. The address is added to the zimbraPrefAllowAddressForDelegatedSender attribute of the granting account/DL.
- http://bugzilla.zimbra.com/show_bug.cgi?id=66387
Warning - Must Reload Browsers To See Changes When Changing Rights
When you make changes that effects the rights the account has, they will not automatically show up in the user's ZWC session. You must reload the browser session - either by doing a logout/login or by "refreshing" the browser. Refreshing the browser might require it's "Refresh" that it offers or by clicking in the URL field and hitting enter.
Creating Initial Test Accounts
Login as the zimbra user:
su - zimbra
Create Three Test Accounts. Note, not all of these test account might be used for this particular wiki how-to :
[zimbra@]$ zmprov ca 1-sendas@test.com STRONG_PASSWORD 9c16e165-09f0-4155-92e6-59df3a9f4609 [zimbra@]$ zmprov ca 2-sendas@test.com STRONG_PASSWORD 8690ce69-d2e0-4ab0-83e8-040f88c290c3 [zimbra@]$ zmprov ca 3-sendOnBehalfOf@test.com STRONG_PASSWORD deceeb15-ca0c-4868-9a6f-2f208ac36708
Create Initial Distribution List [DL] For sendAs Testing
Create A DL:
[zimbra@]$ zmprov cdl dl-sendas@test.com 8f337d75-74d0-4491-bb53-8e4a2c220423
Add Our Three Test Users To the DL:
[zimbra@]$ zmprov adlm dl-sendas@test.com 1-sendas@test.com 2-sendas@test.com 3-sendonbehalfof@test.com
Review the current DL configuration:
[zimbra@zcs804 ~]$ zmprov gdl dl-sendas@test.com # distributionList dl-sendas@test.com memberCount=2 mail: dl-sendas@test.com objectClass: zimbraDistributionList objectClass: zimbraMailRecipient uid: dl-sendas zimbraCreateTimestamp: 20131123155642Z zimbraId: 52ff50a5-12f6-4093-93ce-88f6f9c20153 zimbraMailAlias: dl-sendas@test.com zimbraMailForwardingAddress: 1-sendas@test.com zimbraMailForwardingAddress: 2-sendas@test.com zimbraMailHost: zcs804.DOMAIN.com zimbraMailStatus: enabled members 1-sendas@test.com 2-sendas@test.com 3-sendonbehalfof@test.com
Create Initial Distribution List [DL] For A Group To Add To The First DL For Testing And Three Group User Accounts
Create A DL but include the options at the end, " zimbraMailStatus disabled", since we are just using this DL for group management and not as an email DL:
[zimbra@]$ zmprov cdl dl-group@test.com zimbraMailStatus disabled c8223902-b6a8-46e6-8056-0c89b7a146b5
Let's create three user accounts that are just used for this DL group for our examples where we are using the object type of group:
[zimbra@zcs804 ~]$ zmprov ca dl-group-user1@test.com STRONG_PASSWORD 808f0133-7f11-4f40-8eed-23f4a6e74e37 [zimbra@zcs804 ~]$ zmprov ca dl-group-user2@test.com STRONG_PASSWORD 057e1d0c-8898-47a7-a2e6-1f8d73fd923a [zimbra@zcs804 ~]$ zmprov ca dl-group-user3@test.com STRONG_PASSWORD 7ff80bcc-7b8b-4db4-a906-f0a85ff9da9b
Add Our Three Test Users To the DL:
[zimbra@]$ zmprov adlm dl-group@test.com dl-group-user1@test.com dl-group-user2@test.com dl-group-user3@test.com
Review the current DL configuration:
[zimbra@zcs804 ~]$ zmprov gdl dl-group@test.com # distributionList dl-group@test.com memberCount=3 mail: dl-group@test.com objectClass: zimbraDistributionList objectClass: zimbraMailRecipient uid: dl-group zimbraCreateTimestamp: 20131123225736Z zimbraId: c8223902-b6a8-46e6-8056-0c89b7a146b5 zimbraMailAlias: dl-group@test.com zimbraMailForwardingAddress: dl-group-user1@test.com zimbraMailForwardingAddress: dl-group-user2@test.com zimbraMailForwardingAddress: dl-group-user3@test.com zimbraMailHost: zcs804.us.zimbralab.com zimbraMailStatus: disabled members dl-group-user1@test.com dl-group-user2@test.com dl-group-user3@test.com
Granting The sendAsDistList Right Can Be A User, Group, Domain, All Users, Or All Users Both Internal And External To SendAs The DL Account
This how-to can also be done for different objects besides a single user, the usr variable used throughout. He is brief examples using all the various variable options:
- Granting for individual user - usr:
[zimbra@]$ zmprov grr dl dl-sendas@test.com usr 1-sendas@test.com sendAsDistList
- Granting for a group - grp :
[zimbra@]$ zmprov grr dl dl-sendas@test.com grp dl-group@test.com sendAsDistList
If you have followed the how-to so far and setup the accounts, dl's, and groups as instructed and you ran the above two commands you'll see the following set for the dl-sendas@test.com DL now:
$ zmprov gdl dl-sendas@test.com | grep sendAsDistList zimbraACE: 55a3d686-bd61-4608-a4a3-0027f5aee6ff usr sendAsDistList zimbraACE: c8223902-b6a8-46e6-8056-0c89b7a146b5 grp sendAsDistList
zimbraACE uses the zimbraId of the account/object. This should match the zimbraId for 1-sendas@test.com and dl-group@test.com when you created them.
Other variable options are:
- Granting for a domain - dom :
[zimbra@]$ zmprov grr dl dl-sendas@test.com dom test.com sendAsDistList
- Granting for all users [internal] - all :
[zimbra@]$ zmprov grr dl dl-sendas@test.com all sendAsDistList
- Granting for all users [both internal and external] - pub :
[zimbra@]$ zmprov grr dl dl-sendas@test.com pub sendAsDistList
Checking And Confirming Our Group DL Grant To sendAsDistList For Our Email DL
If you have been doing the example setups so far, you should be able to confirm that your grants are correct by doing:
[zimbra@]$ zmprov ckr dl dl-sendas@test.com dl-group-user1@test.com sendAsDistList ALLOWED Via: target type : dl target : dl-sendas@test.com grantee type : grp grantee : dl-group@test.com right : sendAsDistList
To confirm those not in the group, use an email below that you have not granted the sendAsDistList for:
[zimbra@]$ zmprov ckr dl dl-sendas@test.com admin@test.com sendAsDistList DENIED
Granting The sendAsDistList Right For One User To SendAs The DL Account
To grant a user [1-sendas@test.com] to send an email where the To field will be the DL email address [dl-sendas@test.com]:
[zimbra@]$ zmprov grr dl dl-sendas@test.com usr 1-sendas@test.com sendAsDistList
Review the DL configuration to confirm:
[zimbra@]$ zmprov gdl dl-sendas@test.com # distributionList dl-sendas@test.com memberCount=2 mail: dl-sendas@test.com objectClass: zimbraDistributionList objectClass: zimbraMailRecipient uid: dl-sendas zimbraACE: 55a3d686-bd61-4608-a4a3-0027f5aee6ff usr sendAsDistList zimbraCreateTimestamp: 20131123155642Z zimbraId: 52ff50a5-12f6-4093-93ce-88f6f9c20153 zimbraMailAlias: dl-sendas@test.com zimbraMailForwardingAddress: 1-sendas@test.com zimbraMailForwardingAddress: 2-sendas@test.com zimbraMailHost: zcs804.DOMAIN.com zimbraMailStatus: enabled members 1-sendas@test.com 2-sendas@test.com
Notice that there is now a zibraACE line that wasn't there when you initially setup the DL. The zimbraACE uses the zimbraId of the user being granted the right - in this case, the sendAsDistList right. You can confirm the zimbraId matches the user email that we granted the right to by doing:
[zimbra@]$ zmprov ga 55a3d686-bd61-4608-a4a3-0027f5aee6ff mail # name 1-sendas@test.com mail: 1-sendas@test.com mail: 1-sendas-alias@test.com
And after reloading the ZWC browser session of the user [1-sendas@test.com] you should see the option for the DL [dl-sendas@test.com] in the From drop down when you compose a new email.
Configuring The Primary User Account To Use The DL As A Persona
One can setup a Persona for the DL now also like you would for a user alias.
Possible Bug - Note, you might not have the option to adjust the Reply-To option to be the DL. This bug was true even after reloading the browser and also including the DL address in its zimbraPrefAllowAddressForDelegatedSender variable. The issue exposed here might just be that we don't populate the Reply-To drop down options with DL choices.
Set zimbraPrefAllowAddressForDelegatedSender in the DL configuration to include the DL address explicitly:
[zimbra@]$ zmprov mdl dl-sendas@test.com +zimbraPrefAllowAddressForDelegatedSender dl-sendas@test.com
Confirm the zimbraPrefAllowAddressForDelegatedSender was set:
[zimbra@]$ $ zmprov gdl dl-sendas@test.com zimbraPrefAllowAddressForDelegatedSender # distributionList dl-sendas@test.com memberCount=2 zimbraPrefAllowAddressForDelegatedSender: dl-sendas@test.com members 1-sendas@test.com 2-sendas@test.com
Notice in the above screen shot I did not have the DL as an option from the drop down in the Reply-To section but I was able to manually type in the address there and it stayed when I saved the persona.
I sent two messages to see the behavior of this Reply-To situation and the difference between using the DL persona and if we just sent a message with the non-persona DL from the drop down box of the From field.
Screenshot of the received message sending via the persona DL, the message I sent also has a screen shot of the compose window of the message.
Screenshot of the received message sending via the non-persona DL via the From drop down box, the message I sent also has a screen shot of the compose window of the message.
Even if this is a bug, it doesn't seem to effect the functionality though. For the non-persona DL message I sent, a reply to that message still goes back to the DL [dl-sendas@test.com].
Granting The sendAsDistList Right To 1-sendas@ For An Alias Of A Distribution List - dl-sendas-alias@test.com
Create a DL alias:
[zimbra@]$ zmprov adla dl-sendas@test.com dl-sendas-alias@test.com
Our current DL's properties so far in our how-to here will show:
[zimbra@zcs804 ~]$ zmprov gdl dl-sendas@test.com # distributionList dl-sendas@test.com memberCount=2 mail: dl-sendas@test.com mail: dl-sendas-alias@test.com objectClass: zimbraDistributionList objectClass: zimbraMailRecipient uid: dl-sendas zimbraACE: 55a3d686-bd61-4608-a4a3-0027f5aee6ff usr sendAsDistList zimbraCreateTimestamp: 20131123155642Z zimbraId: 52ff50a5-12f6-4093-93ce-88f6f9c20153 zimbraMailAlias: dl-sendas@test.com zimbraMailAlias: dl-sendas-alias@test.com zimbraMailForwardingAddress: 1-sendas@test.com zimbraMailForwardingAddress: 2-sendas@test.com zimbraMailHost: zcs804.DOMAIN.com zimbraMailStatus: enabled zimbraPrefAllowAddressForDelegatedSender: dl-sendas@test.com members 1-sendas@test.com 2-sendas@test.com
You'll notice the alias added in the line: mail: dl-sendas-alias@test.com .
Note also, that our prior steps in this how-to already :
- Added 1-sendas@ to have sendAsDistList right for the DL.
zmprov grr dl dl-sendas@test.com usr 1-sendas@test.com sendAsDistList
- This shows the zimbraId of the 1-sendas@ user:
- zimbraACE: 55a3d686-bd61-4608-a4a3-0027f5aee6ff usr sendAsDistList
- Added the zimbraPrefAllowAddressForDelegatedSender: dl-sendas@test.com value
zmprov mdl dl-sendas@test.com +zimbraPrefAllowAddressForDelegatedSender dl-sendas@test.com
Let's add the DL alias to the zimbraPrefAllowAddressForDelegatedSender variable:
[zimbra@]$ zmprov mdl dl-sendas@test.com +zimbraPrefAllowAddressForDelegatedSender dl-sendas-alias@test.com
Let's confirm both dl-sendas@test.com and dl-sendas-alias@test.com are true for zimbraPrefAllowAddressForDelegatedSender :
[zimbra@]$ zmprov gdl dl-sendas@test.com zimbraPrefAllowAddressForDelegatedSender # distributionList dl-sendas@test.com memberCount=2 zimbraPrefAllowAddressForDelegatedSender: dl-sendas@test.com zimbraPrefAllowAddressForDelegatedSender: dl-sendas-alias@test.com members 1-sendas@test.com 2-sendas@test.com
Login to ZWC with the 1-sendas@test.com account or reload its current browser session and confirm you can use both dl-sendas@test.com and dl-sendas-alias@test.com.
Note - in the screenshot above we had already setup a persona also for the DL use, it's the extra line there in the screen shot.
Only Seeing The Alias dl-sendas-alias@ For dl-sendas@ As An Option For 1-sendas@
Then you didn't not include all the addresses needed for the zimbraPrefAllowAddressForDelegatedSender value in the DL properties. You probably see something like:
[zimbra@]$ zmprov gdl dl-sendas@test.com zimbraPrefAllowAddressForDelegatedSender # distributionList dl-sendas@test.com memberCount=2 zimbraPrefAllowAddressForDelegatedSender: dl-sendas-alias@test.com members 1-sendas@test.com 2-sendas@test.com
And in the primary address for the DL to the zimbraPrefAllowAddressForDelegatedSender value. Remember to use the + sign.
[zimbra@]$ zmprov mdl dl-sendas@test.com +zimbraPrefAllowAddressForDelegatedSender dl-sendas@test.com
Let's confirm both dl-sendas@test.com and dl-sendas-alias@test.com are true for zimbraPrefAllowAddressForDelegatedSender :
[zimbra@]$ zmprov gdl dl-sendas@test.com zimbraPrefAllowAddressForDelegatedSender # distributionList dl-sendas@test.com memberCount=2 zimbraPrefAllowAddressForDelegatedSender: dl-sendas@test.com zimbraPrefAllowAddressForDelegatedSender: dl-sendas-alias@test.com members 1-sendas@test.com 2-sendas@test.com
Login to ZWC with the 1-sendas@test.com account or reload its current browser session and confirm you can use both dl-sendas@test.com and dl-sendas-alias@test.com.