Difference between revisions of "Ajcody-MTA-Postfix-Topics"

m (Missing main.cf Error)
m
 
(22 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{Unsupported}}{| width="100%" border="0"
+
{{BC|Zeta Alliance}}                         <!-- Note, this will also add [[Category: Zeta Alliance]] to bottom of wiki page. -->
| bgcolor="orange" | [[Image:Attention.png]] - This article is NOT official Zimbra documentation. It is a user contribution and may include unsupported customizations, references, suggestions, or information.
+
__FORCETOC__                              <!-- Will force a TOC regards of size of article. __NOTOC__ if no TOC is wanted. -->
|}
+
<div class="col-md-12 ibox-content">
 +
= Ajcody MTA Postfix Topics=            <!-- Normally will reflect page title. Is listed at very top of page. -->
 +
{{KB|{{ZETA}}|{{ZCS 8.5}}|{{ZCS 8.0}}|{{ZCS 7.0}}|}}            <!-- Can only handle 3 ZCS versions. -->
 +
{{WIP}}                                                <!-- For pages that are "work in progress". -->
 +
 
  
 
==Postfix - MTA==
 
==Postfix - MTA==
Line 15: Line 19:
 
===MTA Mail Flow - Birds-eye Overview===
 
===MTA Mail Flow - Birds-eye Overview===
  
The following references are very good reads to familiarize yourself with in regards to postfix.
+
Moved to [[Postfix-Amavisd_Mail_Flow_-_Birds-eye_Overview_-_MTA]]
  
* http://www.onlamp.com/pub/a/onlamp/2004/01/22/postfix.html
+
===Understanding /var/log/zimbra.log And Postfix Log Events===
* http://www.linuxjournal.com/article/9454 [5 pages]
 
* https://help.ubuntu.com/community/PostfixBasicSetupHowto [nice flowcharts]
 
* http://www.postfix.org/OVERVIEW.html
 
* http://www.postfix.org/smtpd.8.html
 
* http://www.postfix.org/QSHAPE_README.html - "Postfix Bottleneck Analysis"
 
** This explains how the postfix queues work, a must read.
 
*** http://www.postfix.org/QSHAPE_README.html#queues
 
* Also look at [[Ajcody-MTA-Postfix-Topics#Getting_Some_Initial_Summary_Data]] since having this date or reports on hand might make the following above more meaningful.
 
  
Below is my initial attempt to show the flow within ZCS.
+
Moved to: [[Understanding_zimbra.log_And_Postfix_Log_Events_-_MTA]]
  
<pre>
+
====Postfix Queue ID vs. message-id====
Incoming mail > smtp port 25
 
  
> netstat -plnt | grep ":25 "
+
Moved to: [[Postfix_Queue_ID_vs._message-id_-_MTA]]
tcp  0  0 0.0.0.0:25      0.0.0.0:*  LISTEN      -
 
## smtp port 25 is because 'mta is enabled'
 
  
> zmprov gs `zmhostname` zimbraServiceEnabled | grep mta
+
====Authentication Log Events====
zimbraServiceEnabled: mta
 
  
Postfix's "Incoming Queue"
+
Moved to [[Understanding_And_Troubleshooting_Authentication_Log_Events]]
/opt/zimbra/data/postfix/spool/incoming/
 
  
Postfix's "Active Queue"
+
=====IMAP And Authenticated SMTP [SSL] Example=====
/opt/zimbra/data/postfix/spool/active/
 
  
su - zimbra
+
Moved to [[Understanding_And_Troubleshooting_Authentication_Log_Events#IMAP_And_Authenticated_SMTP_.5BSSL.5D_Example]]
$ sudo /opt/zimbra/libexec/zmqstat
 
hold=0
 
corrupt=0
 
deferred=0
 
active=0
 
incoming=0
 
  
Is amavisd enabled?
+
======IMAP Test Via Telnet And Logging Events Of It - Proxy Included======
zcs721:/opt/zimbra/postfix/conf # diff main.cf /tmp/before/postfix/conf/main.cf
 
< content_filter =  
 
> content_filter = smtp-amavis:[127.0.0.1]:10024
 
  
Then messages goto port 10024
+
Moved to [[Understanding_And_Troubleshooting_Authentication_Log_Events#IMAP_Test_Via_Telnet_And_Logging_Events_Of_It_-_Proxy_Included]]
zimbra@zcs721:~> netstat -plnt | grep 10024
 
tcp        0      0 127.0.0.1:10024    0.0.0.0:*  LISTEN    2583/amavisd (ch8-a
 
  
Three things amavisd is enabled for:
+
======IMAP Login Via Openssl - LOGIN TLS - Proxy Included======
  
1. spamassassin
+
Moved to [[Understanding_And_Troubleshooting_Authentication_Log_Events#IMAP_Login_Via_Openssl_-_LOGIN_TLS_-_Proxy_Included]]
zmprov ms `zmhostname` +zimbraServiceEnabled antispam
 
  
/opt/zimbra/conf> diff amavisd.conf /tmp/before/amavisd.conf
+
===Network Tracing Between A Remote Host And A ZCS MTA===
  
<  @bypass_spam_checks_maps  = (1);  # uncomment to DISABLE anti-spam code
+
Moved to [[Network_Tracing_Between_A_Remote_Host_And_A_ZCS_MTA]]
> # @bypass_spam_checks_maps  = (1);  # uncomment to DISABLE anti-spam code
 
  
2. clamav
+
===Finding Messages - zmmsgtrace===
zmprov ms `zmhostname` +zimbraServiceEnabled antivirus
 
  
/opt/zimbra/conf> diff amavisd.conf /tmp/before/amavisd.conf
+
See the following for details [for 7.1.1+]:
<  @bypass_virus_checks_maps = (1);  # uncomment to DISABLE anti-virus code
+
* zmmsgtrace replacement
> # @bypass_virus_checks_maps = (1);  # uncomment to DISABLE anti-virus code
+
** http://bugzilla.zimbra.com/show_bug.cgi?id=41078
  
3. archiving
+
Documentation at [[CLI_zmmsgtrace]] . Note, if you get command not found as the zimbra user, try /opt/zimbra/libexec/zmmsgtrace instead.
zmprov ms `zmhostname` +zimbraServiceEnabled archiving
 
  
/opt/zimbra/conf> diff amavisd.conf /tmp/before/amavisd.conf
+
===How To Increase SMTP Debug Logging - MTA===
< $archive_quarantine_method = 'smtp:[127.0.0.1]:10025';
 
> #$archive_quarantine_method = 'smtp:[127.0.0.1]:10025';
 
  
zimbra@zcs721:~/postfix/conf> netstat -plnt | grep 1002
+
Moved to [[How_To_Increase_SMTP_Debug_Logging_-_MTA]]
tcp        0      0 127.0.0.1:10024    0.0.0.0:*    LISTEN      13779/amavisd (mast
 
tcp        0      0 127.0.0.1:10025    0.0.0.0:*    LISTEN     
 
  
Once the amavis related items are checked, the message goes back to postfix's
+
===Simple Troubleshooting For SMTP Via Telnet, Openssl===
active queue via port 10025 and will get delivered to the mailstore via lmtp/port 7025
 
  
> netstat -plnt | grep 7025
+
Moved to [[Simple_Troubleshooting_For_SMTP_Via_Telnet_And_Openssl]]
tcp        0      0 0.0.0.0:7025            0.0.0.0:*              LISTEN      - 
 
  
You can see how the ports are configured in /opt/zimbra/postfix/conf in the master.cf & master.cf.in
+
====First - Understanding Your Authentication Requirements In ZCS====
files. Port 10025 [always configured] and 10024 [only configured if amavis is enabled]
 
are setup there also.
 
  
</pre>
+
Moved to [[Simple_Troubleshooting_For_SMTP_Via_Telnet_And_Openssl#First_-_Understanding_Your_Authentication_Requirements_In_ZCS]]
  
===Understanding /var/log/zimbra.log And Postfix Log Events===
+
====Second - Encoding Username And Passwords For AUTH Sequence====
  
Ref:
+
Moved to [[Simple_Troubleshooting_For_SMTP_Via_Telnet_And_Openssl#Second_-_Encoding_Username_And_Passwords_For_AUTH_Sequence]]
* http://www.onlamp.com/pub/a/onlamp/2004/01/22/postfix.html
 
* https://wiki.kolab.org/What_is_happening_to_my_emails_where_are_their._Search_your_postfix_log_to_find_them
 
  
To see some of the basic warning:
+
====For ESMTP Auth is LOGIN - Example====
  
$ egrep '(reject|warning|error|fatal|panic):' /var/log/zimbra.log
+
Moved to [[Simple_Troubleshooting_For_SMTP_Via_Telnet_And_Openssl#For_ESMTP_Auth_is_LOGIN_-_Example]]
  
Log events follow this basic pattern:
+
====For ESMTP Auth is Plain - Example====
<pre>
 
Description
 
    || Date & Time  || Hostname || Postfix component id || Message
 
Example    
 
      Dec 31 11:34:21  testserver    postfix/smtpd[1677]:  connect from mail.example.com[192.168.100.45]
 
</pre>
 
The process ID is in the square brackets.
 
  
====Postfix Queue ID vs. message-id====
+
Moved to [[Simple_Troubleshooting_For_SMTP_Via_Telnet_And_Openssl#For_ESMTP_Auth_is_Plain_-_Example]]
  
* '''Note, postfix queue ID is NOT message-id.'''
+
====For TLS/SSL - Example====
* '''''For the examples below, the ZCS server being used has an ip address of 10.137.27.32 .'''''
 
  
A message-id is assigned by the MUA or postfix if the message doesn't have one. The message-id is in the header of the email. The postfix queue ID is NOT in the header of the emails. An email header will also have the original emails message-id if it's an reply.
+
Moved to [[Simple_Troubleshooting_For_SMTP_Via_Telnet_And_Openssl#For_TLS.2FSSL_-_Example]]
  
<pre>
+
=====Testing Against Port 465=====
Date: Tue, 4 Jun 2013 06:43:55 -0700 (PDT)
 
From: Adam Cody 2 <ajcody2@zcs723.EXAMPLE.com>
 
To: Adam Cody <ajcody@zcs723.EXAMPLE.com>
 
###  COMMENT START - Below are the two message-id's
 
###  The message-id is noted the /var/log/zimbra.log log events
 
###  Example will be shown farther down
 
Message-ID: <315186059.60.1370353435012.JavaMail.root@zcs723.EXAMPLE.com>
 
In-Reply-To: <692082388.59.1370352733069.JavaMail.root@zcs723.EXAMPLE.com>
 
###  End Of COMMENT
 
Subject: Re: test email
 
MIME-Version: 1.0
 
Content-Type: text/plain; charset=utf-8
 
Content-Transfer-Encoding: 7bit
 
X-Originating-IP: [10.16.XX.XX]
 
X-Mailer: Zimbra 7.2.3_GA_2872 (ZimbraWebClient - [unknown] (Win)/0.0)
 
  
reply back
+
Moved to [[Simple_Troubleshooting_For_SMTP_Via_Telnet_And_Openssl#Testing_Against_Port_465]]
  
----- Original Message -----
+
====To Confirm An Auth User Can't Send With Another FROM Address====
From: "Adam Cody" <ajcody@zcs723.EXAMPLE.com>
 
To: "Adam Cody 2" <ajcody2@zcs723.EXAMPLE.com>
 
Sent: Tuesday, June 4, 2013 9:32:13 AM
 
Subject: test email
 
</pre>
 
  
When a message enters the Postfix system [incoming or outgoing] it is immediately assigned a queue ID. Postfix/ZCS will most likely have a message leave the postfix queue for other processing: amavis, filters, etc. This will cause the message to get a new queue ID's. This can also happen if you were to requeue your messages by doing something like: postsuper -r . You will need to note the '''message-id and ALL queue ID's''' to get the complete picture of what was happening for a particular email. For the example below, I first did a search for the message-id [found by looking at the header, ZWC > Sent box > View Original on email I sent] in /var/log/zimbra.log.
+
Moved to [[Simple_Troubleshooting_For_SMTP_Via_Telnet_And_Openssl#To_Confirm_An_Auth_User_Can.27t_Send_With_Another_FROM_Address]]
  
egrep "692082388.59.1370352733069.JavaMail.root" /var/log/zimbra.log
+
===Adding A New MTA Server===
  
This output then gave me the associated postfix queue ID's, there were two unique ones. I then did another search using all three variables:
+
Basic instructions can be found here:
 +
* http://www.zimbra.com/docs/ne/latest/multi_server_install/toc.html
 +
** See "Installing Zimbra MTA on a Server"
  
<pre>
+
Additional instructions needed beyond the above will follow as I hear about them.
        QueueID      QueueID          MessageID
 
egrep "59E261E78D1|C6CAA1E78D2|692082388.59.1370352733069.JavaMail.root" /var/log/zimbra.log
 
</pre>
 
  
Below is the return to find the full log event in /var/log/zimbra.log for this one email.
+
===Load Balancing For SMTP - Out Bound Mail===
  
<pre>
+
Currently, '''5.x code''', you have the following options:
Jun  4 06:32:14 zcs723 postfix/smtpd[16290]:
 
  59E261E78D1: client=zcs723.EXAMPLE.com[10.137.27.32]
 
Jun  4 06:32:14 zcs723 postfix/cleanup[16293]:
 
  59E261E78D1: message-id=<692082388.59.1370352733069.JavaMail.root@zcs723.EXAMPLE.com>
 
Jun  4 06:32:14 zcs723 postfix/qmgr[7864]:
 
  59E261E78D1: from=<ajcody@zcs723.EXAMPLE.com>, size=673, nrcpt=1 (queue active)
 
Jun  4 06:32:44 zcs723 postfix/smtpd[16310]:
 
  C6CAA1E78D2: client=localhost[127.0.0.1]
 
Jun  4 06:32:44 zcs723 postfix/cleanup[16293]:
 
  C6CAA1E78D2: message-id=<692082388.59.1370352733069.JavaMail.root@zcs723.EXAMPLE.com>
 
Jun  4 06:32:44 zcs723 postfix/qmgr[7864]:
 
  C6CAA1E78D2: from=<ajcody@zcs723.EXAMPLE.com>, size=1361, nrcpt=1 (queue active)
 
Jun  4 06:32:44 zcs723 amavis[19662]: (19662-02)
 
  FWD via SMTP: <ajcody@zcs723.EXAMPLE.com> -> <ajcody2@zcs723.EXAMPLE.com>,
 
  BODY=7BIT 250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as C6CAA1E78D2
 
Jun  4 06:32:45 zcs723 postfix/lmtp[16311]: C6CAA1E78D2: to=<ajcody2@zcs723.EXAMPLE.com>,
 
  relay=zcs723.EXAMPLE.com[10.137.27.32]:7025, delay=0.85, delays=0.11/0.01/0.39/0.34,
 
  dsn=2.1.5, status=sent (250 2.1.5 Delivery OK)
 
Jun  4 06:32:45 zcs723 postfix/qmgr[7864]: C6CAA1E78D2: removed
 
Jun  4 06:32:46 zcs723 amavis[19662]: (19662-02)
 
  Passed CLEAN, MYNETS LOCAL [10.137.27.32] [10.137.27.32]
 
  <ajcody@zcs723.EXAMPLE.com> -> <ajcody2@zcs723.EXAMPLE.com>,
 
  Message-ID: <692082388.59.1370352733069.JavaMail.root@zcs723.EXAMPLE.com>,
 
  mail_id: GGpaucYR0-4J, Hits: -1.106, size: 673, queued_as: C6CAA1E78D2, 28828 ms
 
Jun  4 06:32:46 zcs723 postfix/smtp[16294]: 59E261E78D1: to=<ajcody2@zcs723.EXAMPLE.com>,
 
  relay=127.0.0.1[127.0.0.1]:10024, delay=32, delays=0.16/0.09/5.3/26, dsn=2.0.0,
 
  status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as C6CAA1E78D2)
 
Jun  4 06:32:46 zcs723 postfix/qmgr[7864]: 59E261E78D1: removed
 
</pre>
 
  
And the reply to the above message is shown below. [Note, both accounts are on the same ZCS system]:
+
* Configure zimbraMtaRelayHost and zimbraSmtpHostname [[Ajcody-Server-Topics#Using_Different_SMTP_Server_For_Webclient_.28ZWC.29.2C_Mobiles.2C_And_ZCO|zimbraSmtpHostname Details]] to:
  
<pre>
+
** An external load balancing device that will then split the traffic behind it
Jun  4 06:43:56 zcs723 postfix/cleanup[20443]:
+
** Setup a round-robin A record situation in your DNS for the external mta's you'll be using.
  EFD1D1E78D1: message-id=<315186059.60.1370353435012.JavaMail.root@zcs723.us.zimbralab.com>
 
Jun  4 06:44:28 zcs723 postfix/cleanup[20443]:
 
  C0E171E78D2: message-id=<315186059.60.1370353435012.JavaMail.root@zcs723.us.zimbralab.com>
 
Jun  4 06:44:29 zcs723 amavis[19663]: (19663-02)
 
  Passed CLEAN, MYNETS LOCAL [10.137.27.32] [10.137.27.32]
 
  <ajcody2@zcs723.us.zimbralab.com> -> <ajcody@zcs723.us.zimbralab.com>,
 
  Message-ID: <315186059.60.1370353435012.JavaMail.root@zcs723.us.zimbralab.com>,
 
  mail_id: 0XbLSIeuewz3, Hits: -1.106, size: 969, queued_as: C0E171E78D2, 31775 ms
 
</pre>
 
  
When using any of the postfix commands to view/manipulate messages, they will be using the queueID that the message currently has. For example, mailq output looks like this:
+
In, '''GNR/6.x''', you are able to add multiple targets to the variables and we'll have some degree of "balancing" between them.
  
<pre>
+
* "allow list for zimbraSmtpHostname"
[root@zcs723 ~]# /opt/zimbra/postfix/sbin/mailq
+
** http://bugzilla.zimbra.com/show_bug.cgi?id=10695
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
+
* "make zimbraSmtpHostname fault tolerant"
C12E6246BC      514 Tue Mar 26 08:00:35  root
+
** http://bugzilla.zimbra.com/show_bug.cgi?id=36173
                                        zimbra
 
  
C7F00246A8      517 Tue Mar 26 07:00:24  root
+
===User Alias Mapping And Mail Transport with Postfix & LDAP===
                                        zimbra
 
  
9A2D124693      530 Mon Apr 15 19:04:20  root
+
See [[User_Alias_Mapping_and_Mail_Transport_with_Postfix_%26_LDAP]]
                                        zimbra
 
</pre>
 
  
To view a message that is still in the postfix queues/spool, you can use the postcat command with the -q option [-q (access queue)].
+
====Multiple LDAP Servers?====
  
postcat -q C12E6246BC | more
+
Completed RFE:
  
====Authentication Log Events====
+
* "mta should be able to take a list of LDAP servers to take advantage of replicas."
 +
** http://bugzilla.zimbra.com/show_bug.cgi?id=9353
 +
*** zmmtainit to allow for multiple command line options that will set the URL. Grab the contents of the ldap_url localconfig variable.
  
=====IMAP And Authenticated SMTP [SSL] Example=====
+
From :
  
* '''''For the examples below, the ZCS server being used has an ip address of 10.137.27.32 .'''''
+
* http://www.postfix.org/ldap_table.5.html
* '''Note, I included the client IP address [10.16.245.217] of the IMAP client and also the -C2 flag for egrep to show 2 lines proceeding and after the match for ip and username. I also trimmed the output using the time I did the initial IMAP setup and used the -F option for grep because of the : character. [ | grep -F 'Jun  4 08:4' ] '''
 
 
 
Using the test account above, ajcody@ , I configured it to use IMAP [Use SSL option] and authenticated SMTP [SSL and "password" option] with Apple's Mail.App. My initially login creates these authentication events below.
 
 
 
First, to give you a general impression what logs will hold information on a username and the ip address the client is connection from. The -l option for grep/egrep will just list the files names that have a math to the search.
 
  
 
<pre>
 
<pre>
[root@zcs723 log]# egrep -l 'ajcody|10.16.245.217' /opt/zimbra/log/*
+
        server_host (default: localhost)
/opt/zimbra/log/2013_05_31.trace.log  << Because of my ZWC login session
+
              The name of the host running the LDAP server, e.g.
/opt/zimbra/log/2013_06_04.trace.log << Because of my ZWC login session
 
/opt/zimbra/log/access_log.2013-05-31 << Because of my ZWC login session
 
/opt/zimbra/log/access_log.2013-06-04 << Because of my ZWC login session
 
/opt/zimbra/log/audit.log
 
/opt/zimbra/log/mailbox.log
 
  
[root@zcs723 log]# egrep -l 'ajcody|10.16.245.217' /var/log/*
+
                  server_host = ldap.example.com
## Removed not related matches because I've sshd into the server
 
/var/log/maillog
 
/var/log/maillog-20130602
 
/var/log/messages
 
/var/log/messages-20130602
 
/var/log/zimbra.log
 
</pre>
 
  
Now to see what the events are. In the /opt/zimbra/log/audit.log file we have:
+
              Depending  on the LDAP client library you're using,
 +
              it should be possible to specify  multiple  servers
 +
              here,  with the library trying them in order should
 +
              the first one fail. It should also be  possible  to
 +
              give  each  server  in  the list  a different port
 +
              (overriding server_port below), by naming them like
  
<pre>
+
                  server_host = ldap.example.com:1444
# grep egrep -C2 'ajcody|10.16.245.217' /opt/zimbra/log/audit.log | grep -F 'Jun  4 08:4'
 
    [cut out prior events]
 
2013-06-04 08:43:01,943 INFO  [ImapServer-1] [ip=10.16.245.217;ua=Mac OS X Mail/6.2 (1499);]
 
  security - cmd=Auth; account=ajcody@zcs723.EXAMPLE.com; protocol=imap;
 
2013-06-04 08:43:04,031 INFO  [ImapServer-2] [ip=10.16.245.217;ua=Mac OS X Mail/6.2 (1499);]
 
  security - cmd=Auth; account=ajcody@zcs723.EXAMPLE.com; protocol=imap;
 
2013-06-04 08:43:07,078 INFO  [ImapServer-3] [ip=10.16.245.217;ua=Mac OS X Mail/6.2 (1499);]
 
  security - cmd=Auth; account=ajcody@zcs723.EXAMPLE.com; protocol=imap;
 
2013-06-04 08:43:09,437 INFO  [ImapServer-4] [ip=10.16.245.217;ua=Mac OS X Mail/6.2 (1499);]
 
  security - cmd=Auth; account=ajcody@zcs723.EXAMPLE.com; protocol=imap;
 
2013-06-04 08:43:11,645 INFO  [ImapServer-5] [ip=10.16.245.217;ua=Mac OS X Mail/6.2 (1499);]
 
  security - cmd=Auth; account=ajcody@zcs723.EXAMPLE.com; protocol=imap;
 
</pre>
 
  
And in the /var/log/zimbra.log :
+
              With OpenLDAP, a (list of) LDAP URLs can be used to
 +
              specify both the hostname(s) and the port(s):
  
<pre>
+
                  server_host = ldap://ldap.example.com:1444
[root@zcs723 log]# egrep -C2 'ajcody|10.16.245.217' zimbra.log | grep -F 'Jun  4 08:4'
+
                              ldap://ldap2.example.com:1444
    [cut out prior events]
 
Jun  4 08:42:07 zcs723 zmmailboxdmgr[1389]: status requested
 
Jun  4 08:42:07 zcs723 zmmailboxdmgr[1389]: status OK
 
Jun  4 08:42:27 zcs723 postfix/smtpd[1487]: connect from unknown[10.16.245.217]
 
Jun  4 08:42:28 zcs723 postfix/smtpd[1487]: setting up TLS connection from unknown[10.16.245.217]
 
Jun  4 08:42:30 zcs723 postfix/smtpd[1487]: SSL_accept error from unknown[10.16.245.217]: -1
 
Jun  4 08:42:30 zcs723 postfix/smtpd[1487]: lost connection after STARTTLS from unknown[10.16.245.217]
 
Jun  4 08:42:30 zcs723 postfix/smtpd[1487]: disconnect from unknown[10.16.245.217]
 
Jun  4 08:42:30 zcs723 postfix/smtpd[1487]: connect from unknown[10.16.245.217]
 
Jun  4 08:42:31 zcs723 postfix/smtpd[1487]: setting up TLS connection from unknown[10.16.245.217]
 
Jun  4 08:42:31 zcs723 postfix/smtpd[1487]: Anonymous TLS connection established from unknown[10.16.245.217]:
 
  TLSv1 with cipher AES128-SHA (128/128 bits)
 
Jun  4 08:42:32 zcs723 postfix/smtpd[1497]: connect from unknown[10.16.245.217]
 
Jun  4 08:42:32 zcs723 postfix/smtpd[1497]: setting up TLS connection from unknown[10.16.245.217]
 
Jun  4 08:42:32 zcs723 postfix/smtpd[1497]: Anonymous TLS connection established from unknown[10.16.245.217]:
 
  TLSv1 with cipher AES128-SHA (128/128 bits)
 
--
 
Jun  4 08:42:33 zcs723 saslauthd[8077]: auth_zimbra: ajcody auth OK
 
Jun  4 08:42:34 zcs723 postfix/smtpd[1497]: disconnect from unknown[10.16.245.217]
 
Jun  4 08:42:34 zcs723 postfix/smtpd[1487]: lost connection after EHLO from unknown[10.16.245.217]
 
Jun  4 08:42:34 zcs723 postfix/smtpd[1487]: disconnect from unknown[10.16.245.217]
 
Jun  4 08:43:01 zcs723 zmmailboxdmgr[1583]: status requested
 
Jun  4 08:43:01 zcs723 zmmailboxdmgr[1583]: status OK
 
--
 
Jun  4 08:45:08 zcs723 zmmailboxdmgr[2353]: status requested
 
Jun  4 08:45:08 zcs723 zmmailboxdmgr[2353]: status OK
 
Jun  4 08:45:54 zcs723 postfix/anvil[1489]: statistics: max connection rate 3/60s for
 
  (smtp:10.16.245.217) at Jun  4 08:42:32
 
Jun  4 08:45:54 zcs723 postfix/anvil[1489]: statistics: max connection count 2 for
 
  (smtp:10.16.245.217) at Jun  4 08:42:32
 
Jun  4 08:45:54 zcs723 postfix/anvil[1489]: statistics: max cache size 1 at Jun  4 08:42:27
 
Jun  4 08:46:07 zcs723 zmmailboxdmgr[2706]: status requested
 
</pre>
 
  
In the /opt/zimbra/log/mailbox.log :
+
              All LDAP URLs accepted by the OpenLDAP library  are
 +
              supported,  including  connections over UNIX domain
 +
              sockets, and LDAP SSL (the last one  provided  that
 +
              OpenLDAP was compiled with support for SSL):
  
<pre>
+
                  server_host = ldapi://%2Fsome%2Fpath
[root@zcs723 log]# egrep -C2 'ajcody|10.16.245.217' mailbox.log | grep -F 'Jun 4 08:4'
+
                              ldaps://ldap.example.com:636
 +
 
 +
**my note**
 +
This thread - http://archives.neohapsis.com/archives/postfix/2004-09/1763.html
 +
give me the impression they made a mistake in modifying the help file on this
 +
  and they dropped the use/need of the command:
  
2013-06-04 08:43:00,343 INFO  [ImapServer-1] [] imap - [10.16.245.217] connected
+
   server_host = ldap://ldap.example.com:1444, ldap://ldap2.example.com:1444
2013-06-04 08:43:01,999 INFO  [ImapServer-1] [name=ajcody@zcs723.EXAMPLE.com;ip=10.16.245.217;
 
  ua=Mac OS X Mail/6.2 (1499);] imap - user ajcody@zcs723.EXAMPLE.com authenticated, mechanism=PLAIN [TLS]
 
2013-06-04 08:43:02,640 INFO  [ImapServer-2] [] imap - [10.16.245.217] connected
 
2013-06-04 08:43:04,031 INFO  [ImapServer-2] [name=ajcody@zcs723.EXAMPLE.com;
 
  ip=10.16.245.217;ua=Mac OS X Mail/6.2 (1499);]
 
  imap - user ajcody@zcs723.EXAMPLE.com authenticated, mechanism=PLAIN [TLS]
 
2013-06-04 08:43:04,721 WARN  [ImapServer-2] [name=ajcody@zcs723.EXAMPLE.com;
 
   ip=10.16.245.217;ua=Mac OS X Mail/6.2 (1499);]
 
  ConfigurationFactory - No configuration found. Configuring ehcache from ehcache-failsafe.xml 
 
  found in the classpath:
 
  jar:file:/opt/zimbra/jetty-6.1.22.z6/webapps/service/WEB-INF/lib/ehcache-core-2.5.1.jar!/ehcache-failsafe.xml
 
2013-06-04 08:43:05,010 WARN  [ImapServer-2] [name=ajcody@zcs723.EXAMPLE.com;
 
  ip=10.16.245.217;ua=Mac OS X Mail/6.2 (1499);]
 
  ConfigurationFactory - No configuration found. Configuring ehcache from ehcache-failsafe.xml 
 
  found in the classpath:
 
  jar:file:/opt/zimbra/jetty-6.1.22.z6/webapps/service/WEB-INF/lib/ehcache-core-2.5.1.jar!/ehcache-failsafe.xml
 
2013-06-04 08:43:05,420 INFO  [ImapServer-2] [name=ajcody@zcs723.EXAMPLE.com;
 
  ip=10.16.245.217;ua=Mac OS X Mail/6.2 (1499);]
 
  imap - selected folder INBOX
 
2013-06-04 08:43:05,922 INFO  [ImapServer-3] [] imap - [10.16.245.217] connected
 
2013-06-04 08:43:07,390 INFO  [ImapServer-3] [name=ajcody@zcs723.EXAMPLE.com;
 
  ip=10.16.245.217;ua=Mac OS X Mail/6.2 (1499);]
 
  imap - user ajcody@zcs723.EXAMPLE.com authenticated, mechanism=PLAIN [TLS]
 
2013-06-04 08:43:08,220 INFO  [ImapServer-4] [] imap - [10.16.245.217] connected
 
2013-06-04 08:43:09,437 INFO  [ImapServer-4] [name=ajcody@zcs723.EXAMPLE.com;
 
  ip=10.16.245.217;ua=Mac OS X Mail/6.2 (1499);]
 
  imap - user ajcody@zcs723.EXAMPLE.com authenticated, mechanism=PLAIN [TLS]
 
2013-06-04 08:43:10,395 INFO  [ImapServer-1] [] imap - dropping connection for user
 
  ajcody@zcs723.EXAMPLE.com (server-initiated)
 
2013-06-04 08:43:10,395 INFO  [ImapServer-1] [] ProtocolHandler - Handler exiting normally
 
2013-06-04 08:43:10,447 INFO  [ImapServer-5] [] imap - [10.16.245.217] connected
 
2013-06-04 08:43:11,645 INFO  [ImapServer-5] [name=ajcody@zcs723.EXAMPLE.com;
 
  ip=10.16.245.217;ua=Mac OS X Mail/6.2 (1499);]
 
  imap - user ajcody@zcs723.EXAMPLE.com authenticated, mechanism=PLAIN [TLS]
 
2013-06-04 08:43:12,521 INFO  [ImapServer-3] [name=ajcody@zcs723.EXAMPLE.com;
 
  ip=10.16.245.217;ua=Mac OS X Mail/6.2 (1499);] imap - selected folder Contacts
 
2013-06-04 08:43:12,685 INFO  [ImapServer-4] [name=ajcody@zcs723.EXAMPLE.com;
 
  ip=10.16.245.217;ua=Mac OS X Mail/6.2 (1499);] imap - selected folder Emailed Contacts
 
2013-06-04 08:43:13,813 INFO  [ImapServer-3] [name=ajcody@zcs723.EXAMPLE.com;
 
  ip=10.16.245.217;ua=Mac OS X Mail/6.2 (1499);] imap - selected folder Junk
 
2013-06-04 08:43:13,971 INFO  [ImapServer-5] [name=ajcody@zcs723.EXAMPLE.com;
 
  ip=10.16.245.217;ua=Mac OS X Mail/6.2 (1499);] imap - selected folder Sent
 
2013-06-04 08:43:15,614 INFO  [ImapServer-3] [name=ajcody@zcs723.EXAMPLE.com;
 
  ip=10.16.245.217;ua=Mac OS X Mail/6.2 (1499);] imap - selected folder Trash
 
2013-06-04 08:43:16,694 INFO  [ImapServer-4] [name=ajcody@zcs723.EXAMPLE.com;mid=15;
 
  ip=10.16.245.217;ua=Mac OS X Mail/6.2 (1499);] imap - selected folder Chats
 
2013-06-04 08:43:17,211 INFO  [ImapServer-3] [name=ajcody@zcs723.EXAMPLE.com;
 
  ip=10.16.245.217;ua=Mac OS X Mail/6.2 (1499);] imap - selected folder Emailed Contacts
 
2013-06-04 08:43:17,344 INFO  [ImapServer-2] [name=ajcody@zcs723.EXAMPLE.com;mid=15;
 
  ip=10.16.245.217;ua=Mac OS X Mail/6.2 (1499);] imap - selected folder Drafts
 
2013-06-04 08:43:17,358 INFO  [ImapServer-3] [name=ajcody@zcs723.EXAMPLE.com;mid=15;
 
  ip=10.16.245.217;ua=Mac OS X Mail/6.2 (1499);] imap - selected folder INBOX
 
2013-06-04 08:43:17,840 INFO  [ImapServer-4] [name=ajcody@zcs723.EXAMPLE.com;
 
  ip=10.16.245.217;ua=Mac OS X Mail/6.2 (1499);] imap - selected folder Emailed Contacts
 
2013-06-04 08:44:00,813 INFO  [MailboxPurge] [name=ajcody@zcs723.EXAMPLE.com;mid=15;]
 
  purge - Purging messages.
 
2013-06-04 08:44:41,428 INFO  [btpool0-28://zcs723.EXAMPLE.com/service/soap/NoOpRequest]
 
  [name=ajcody2@zcs723.EXAMPLE.com;mid=16;ip=10.16.245.217;ua=ZimbraWebClient - [unknown] (Win)/0.0;]
 
  soap - NoOpRequest elapsed=0
 
2013-06-04 08:45:00,818 INFO  [MailboxPurge] [name=ajcody2@zcs723.EXAMPLE.com;mid=16;]
 
  purge - Purging messages.
 
 
</pre>
 
</pre>
  
The /var/log/messages and /var/log/maillog had the same events:
+
Just a small note on where var shows up:
  
 
<pre>
 
<pre>
[root@zcs723 log]# egrep -C2 'ajcody|10.16.245.217' /var/log/messages | grep -F 'Jun  4 08:42'
+
[root@mail3 conf]# pwd
Jun  4 08:42:07 zcs723 zmmailboxdmgr[1389]: status requested
+
/opt/zimbra/conf
Jun  4 08:42:07 zcs723 zmmailboxdmgr[1389]: status OK
+
[root@mail3 conf]# grep server_host *
Jun  4 08:42:27 zcs723 postfix/smtpd[1487]: connect from unknown[10.16.245.217]
+
amavisd.conf.in:$myhostname = '@@zimbra_server_hostname@@'; # must be a fully-qualified domain name!
Jun  4 08:42:28 zcs723 postfix/smtpd[1487]: setting up TLS connection from unknown[10.16.245.217]
+
ldap-scm.cf:server_host = ldap://mail3.zimbra.DOMAIN.com:389
Jun 4 08:42:30 zcs723 postfix/smtpd[1487]: SSL_accept error from unknown[10.16.245.217]: -1
+
ldap-transport.cf:server_host = ldap://mail3.zimbra.DOMAIN.com:389
Jun  4 08:42:30 zcs723 postfix/smtpd[1487]: lost connection after STARTTLS from unknown[10.16.245.217]
+
ldap-vad.cf:server_host = ldap://mail3.zimbra.DOMAIN.com:389
Jun  4 08:42:30 zcs723 postfix/smtpd[1487]: disconnect from unknown[10.16.245.217]
+
ldap-vam.cf:server_host = ldap://mail3.zimbra.DOMAIN.com:389
Jun  4 08:42:30 zcs723 postfix/smtpd[1487]: connect from unknown[10.16.245.217]
+
ldap-vmd.cf:server_host = ldap://mail3.zimbra.DOMAIN.com:389
Jun  4 08:42:31 zcs723 postfix/smtpd[1487]: setting up TLS connection from unknown[10.16.245.217]
+
ldap-vmm.cf:server_host = ldap://mail3.zimbra.DOMAIN.com:389
Jun  4 08:42:31 zcs723 postfix/smtpd[1487]: Anonymous TLS connection established
+
localconfig.xml<key name="zimbra_server_hostname">
  from unknown[10.16.245.217]: TLSv1 with cipher AES128-SHA (128/128 bits)
+
zmmta.cf: LOCAL zimbra_server_hostname
Jun  4 08:42:32 zcs723 postfix/smtpd[1497]: connect from unknown[10.16.245.217]
+
zmmta.cf: POSTCONF myhostname LOCAL zimbra_server_hostname
Jun  4 08:42:32 zcs723 postfix/smtpd[1497]: setting up TLS connection from unknown[10.16.245.217]
 
Jun  4 08:42:32 zcs723 postfix/smtpd[1497]: Anonymous TLS connection established
 
  from unknown[10.16.245.217]: TLSv1 with cipher AES128-SHA (128/128 bits)
 
Jun  4 08:42:34 zcs723 postfix/smtpd[1497]: disconnect from unknown[10.16.245.217]
 
Jun  4 08:42:34 zcs723 postfix/smtpd[1487]: lost connection after EHLO from unknown[10.16.245.217]
 
Jun  4 08:42:34 zcs723 postfix/smtpd[1487]: disconnect from unknown[10.16.245.217]
 
Jun  4 08:45:54 zcs723 postfix/anvil[1489]: statistics: max connection rate 3/60s
 
  for (smtp:10.16.245.217) at Jun  4 08:42:32
 
Jun  4 08:45:54 zcs723 postfix/anvil[1489]: statistics: max connection count 2
 
  for (smtp:10.16.245.217) at Jun  4 08:42:32
 
Jun  4 08:45:54 zcs723 postfix/anvil[1489]: statistics: max cache size 1 at Jun  4 08:42:27
 
 
 
[root@zcs723 log]# egrep -C2 'ajcody|10.16.245.217' /var/log/maillog | grep -F 'Jun  4 08:42'
 
Jun  4 08:42:07 zcs723 zmmailboxdmgr[1389]: status requested
 
Jun  4 08:42:07 zcs723 zmmailboxdmgr[1389]: status OK
 
Jun  4 08:42:27 zcs723 postfix/smtpd[1487]: connect from unknown[10.16.245.217]
 
Jun  4 08:42:28 zcs723 postfix/smtpd[1487]: setting up TLS connection from unknown[10.16.245.217]
 
Jun  4 08:42:30 zcs723 postfix/smtpd[1487]: SSL_accept error from unknown[10.16.245.217]: -1
 
Jun  4 08:42:30 zcs723 postfix/smtpd[1487]: lost connection after STARTTLS from unknown[10.16.245.217]
 
Jun  4 08:42:30 zcs723 postfix/smtpd[1487]: disconnect from unknown[10.16.245.217]
 
Jun  4 08:42:30 zcs723 postfix/smtpd[1487]: connect from unknown[10.16.245.217]
 
Jun  4 08:42:31 zcs723 postfix/smtpd[1487]: setting up TLS connection from unknown[10.16.245.217]
 
Jun  4 08:42:31 zcs723 postfix/smtpd[1487]: Anonymous TLS connection established
 
  from unknown[10.16.245.217]: TLSv1 with cipher AES128-SHA (128/128 bits)
 
Jun  4 08:42:32 zcs723 postfix/smtpd[1497]: connect from unknown[10.16.245.217]
 
Jun  4 08:42:32 zcs723 postfix/smtpd[1497]: setting up TLS connection from unknown[10.16.245.217]
 
Jun  4 08:42:32 zcs723 postfix/smtpd[1497]: Anonymous TLS connection established
 
  from unknown[10.16.245.217]: TLSv1 with cipher AES128-SHA (128/128 bits)
 
Jun  4 08:42:34 zcs723 postfix/smtpd[1497]: disconnect from unknown[10.16.245.217]
 
Jun  4 08:42:34 zcs723 postfix/smtpd[1487]: lost connection after EHLO from unknown[10.16.245.217]
 
Jun  4 08:42:34 zcs723 postfix/smtpd[1487]: disconnect from unknown[10.16.245.217]
 
Jun 4 08:45:54 zcs723 postfix/anvil[1489]: statistics: max connection rate 3/60s
 
  for (smtp:10.16.245.217) at Jun  4 08:42:32
 
Jun  4 08:45:54 zcs723 postfix/anvil[1489]: statistics: max connection count 2
 
  for (smtp:10.16.245.217) at Jun  4 08:42:32
 
Jun  4 08:45:54 zcs723 postfix/anvil[1489]: statistics: max cache size 1 at Jun  4 08:42:27
 
 
</pre>
 
</pre>
  
======IMAP Test Via Telnet And Logging Events Of It - Proxy Included======
+
References:
  
<pre>
+
* http://archives.neohapsis.com/archives/postfix/2000-04/0200.html
  
### TELNET FROM CLIENT ###
+
===Traditional Aliases Use - /etc/aliases Type Lookups===
# telnet zcs806.DOMAIN.com 143
 
Trying 192.168.27.36...
 
Connected to zcs806.DOMAIN.com.
 
Escape character is '^]'.
 
* OK IMAP4 ready
 
01 LOGIN proxylogtest@zcs806.DOMAIN.com [REPLACE WITH ACCT PASSWORD]
 
01 OK [CAPABILITY IMAP4rev1 ACL BINARY CATENATE CHILDREN CONDSTORE ENABLE ESEARCH ESORT
 
I18NLEVEL=1 ID IDLE LIST-EXTENDED LIST-STATUS LITERAL+ LOGIN-REFERRALS MULTIAPPEND
 
NAMESPACE QRESYNC QUOTA RIGHTS=ektx SASL-IR SEARCHRES SORT THREAD=ORDEREDSUBJECT
 
UIDPLUS UNSELECT WITHIN XLIST] LOGIN completed
 
01 logout
 
  
### LOGS ON ZCS SERVER ###
+
Moved to [[Traditional_Aliases_Use_-_/etc/aliases_Type_Lookups]]
  
[zimbra@zcs806 log]$ egrep "192\.168\.27\.37|proxylogtest" *
+
===Allowing Accounts To Change The From Address===
  
nginx.log:2014/02/28 09:32:16 [info] 25611#0: *2595 client 192.168.27.37 connected to 0.0.0.0:143
+
Please see:
nginx.log:2014/02/28 09:32:38 [info] 25611#0: *2595 client logged in, client: 192.168.27.37,
 
      server: 0.0.0.0:143, login: "proxylogtest@zcs806.DOMAIN.com", upstream: 192.168.27.36:7993
 
      (192.168.27.37:45080-192.168.27.36:143) <=> (192.168.27.36:53326-192.168.27.36:7993)
 
  
audit.log:2014-02-28 09:32:35,532 INFO  [ImapSSLServer-13] [ip=192.168.27.36;oip=192.168.27.37;
+
* [http://www.zimbra.com/forums/installation/18171-solved-setting-up-email-response-aliases-non-system-domains.html#post92121 Changing The From Field]
      via=192.168.27.36(nginx/1.2.0-zimbra);ua=Zimbra/8.0.6_GA_5922;] security - cmd=Auth;
 
      account=proxylogtest@zcs806.DOMAIN.com; protocol=imap;
 
  
mailbox.log:2014-02-28 09:32:35,527 INFO  [ImapSSLServer-13] [ip=192.168.27.36;oip=192.168.27.37; 
+
====Related BUG/RFE's====
      via=192.168.27.36(nginx/1.2.0-zimbra);ua=Zimbra/8.0.6_GA_5922;] imap - ID elapsed=8
 
mailbox.log:2014-02-28 09:32:35,743 INFO  [ImapSSLServer-13] [ip=192.168.27.36;oip=192.168.27.37;
 
      via=192.168.27.36(nginx/1.2.0-zimbra);ua=Zimbra/8.0.6_GA_5922;] mailbox - Creating database
 
      mboxgroup50
 
mailbox.log:2014-02-28 09:32:37,986 INFO  [ImapSSLServer-13] [ip=192.168.27.36;oip=192.168.27.37;
 
      via=192.168.27.36(nginx/1.2.0-zimbra);ua=Zimbra/8.0.6_GA_5922;] mailbox -
 
      Creating mailbox with id 50 and group id 50 for proxylogtest@zcs806.DOMAIN.com.
 
mailbox.log:2014-02-28 09:32:37,986 INFO  [ImapSSLServer-13] [ip=192.168.27.36;oip=192.168.27.37;
 
      via=192.168.27.36(nginx/1.2.0-zimbra);ua=Zimbra/8.0.6_GA_5922;] cache - initializing folder
 
      and tag caches for mailbox 50
 
mailbox.log:2014-02-28 09:32:37,987 INFO  [ImapSSLServer-13] [ip=192.168.27.36;oip=192.168.27.37;
 
      via=192.168.27.36(nginx/1.2.0-zimbra);ua=Zimbra/8.0.6_GA_5922;] mailop - adding folder ROOT:
 
      id=11, parentId=11.
 
mailbox.log:2014-02-28 09:32:38,010 INFO  [ImapSSLServer-13] [ip=192.168.27.36;oip=192.168.27.37;
 
      via=192.168.27.36(nginx/1.2.0-zimbra);ua=Zimbra/8.0.6_GA_5922;] mailop - adding folder Tags:
 
      id=8, parentId=11.
 
mailbox.log:2014-02-28 09:32:38,011 INFO  [ImapSSLServer-13] [ip=192.168.27.36;oip=192.168.27.37;
 
      via=192.168.27.36(nginx/1.2.0-zimbra);ua=Zimbra/8.0.6_GA_5922;] mailop - adding folder
 
      Conversations: id=9, parentId=11.
 
mailbox.log:2014-02-28 09:32:38,011 INFO  [ImapSSLServer-13] [ip=192.168.27.36;oip=192.168.27.37;
 
      via=192.168.27.36(nginx/1.2.0-zimbra);ua=Zimbra/8.0.6_GA_5922;] mailop - adding folder
 
      Comments: id=17, parentId=11.
 
mailbox.log:2014-02-28 09:32:38,012 INFO  [ImapSSLServer-13] [ip=192.168.27.36;oip=192.168.27.37;
 
      via=192.168.27.36(nginx/1.2.0-zimbra);ua=Zimbra/8.0.6_GA_5922;] mailop - adding folder
 
      USER_ROOT: id=1, parentId=11.
 
mailbox.log:2014-02-28 09:32:38,012 INFO  [ImapSSLServer-13] [ip=192.168.27.36;oip=192.168.27.37;
 
      via=192.168.27.36(nginx/1.2.0-zimbra);ua=Zimbra/8.0.6_GA_5922;] mailop - adding folder Inbox:
 
      id=2, parentId=1.
 
mailbox.log:2014-02-28 09:32:38,013 INFO  [ImapSSLServer-13] [ip=192.168.27.36;oip=192.168.27.37;
 
      via=192.168.27.36(nginx/1.2.0-zimbra);ua=Zimbra/8.0.6_GA_5922;] mailop - adding folder Trash:
 
      id=3, parentId=1.
 
mailbox.log:2014-02-28 09:32:38,013 INFO  [ImapSSLServer-13] [ip=192.168.27.36;oip=192.168.27.37;
 
      via=192.168.27.36(nginx/1.2.0-zimbra);ua=Zimbra/8.0.6_GA_5922;] mailop - adding folder Junk:
 
      id=4, parentId=1.
 
mailbox.log:2014-02-28 09:32:38,014 INFO  [ImapSSLServer-13] [ip=192.168.27.36;oip=192.168.27.37;
 
      via=192.168.27.36(nginx/1.2.0-zimbra);ua=Zimbra/8.0.6_GA_5922;] mailop - adding folder Sent:
 
      id=5, parentId=1.
 
mailbox.log:2014-02-28 09:32:38,014 INFO  [ImapSSLServer-13] [ip=192.168.27.36;oip=192.168.27.37;
 
      via=192.168.27.36(nginx/1.2.0-zimbra);ua=Zimbra/8.0.6_GA_5922;] mailop - adding folder Drafts:
 
      id=6, parentId=1.
 
mailbox.log:2014-02-28 09:32:38,015 INFO  [ImapSSLServer-13] [ip=192.168.27.36;oip=192.168.27.37;
 
      via=192.168.27.36(nginx/1.2.0-zimbra);ua=Zimbra/8.0.6_GA_5922;] mailop - adding folder Contacts:
 
      id=7, parentId=1.
 
mailbox.log:2014-02-28 09:32:38,023 INFO  [ImapSSLServer-13] [ip=192.168.27.36;oip=192.168.27.37;
 
      via=192.168.27.36(nginx/1.2.0-zimbra);ua=Zimbra/8.0.6_GA_5922;] mailop - adding folder Calendar:
 
      id=10, parentId=1.
 
mailbox.log:2014-02-28 09:32:38,023 INFO  [ImapSSLServer-13] [ip=192.168.27.36;oip=192.168.27.37;
 
      via=192.168.27.36(nginx/1.2.0-zimbra);ua=Zimbra/8.0.6_GA_5922;] mailop - adding folder Tasks:
 
      id=15, parentId=1.
 
mailbox.log:2014-02-28 09:32:38,024 INFO  [ImapSSLServer-13] [ip=192.168.27.36;oip=192.168.27.37;
 
      via=192.168.27.36(nginx/1.2.0-zimbra);ua=Zimbra/8.0.6_GA_5922;] mailop - adding folder
 
      Emailed Contacts: id=13, parentId=1.
 
mailbox.log:2014-02-28 09:32:38,024 INFO  [ImapSSLServer-13] [ip=192.168.27.36;oip=192.168.27.37;
 
      via=192.168.27.36(nginx/1.2.0-zimbra);ua=Zimbra/8.0.6_GA_5922;] mailop - adding folder
 
      Chats: id=14, parentId=1.
 
mailbox.log:2014-02-28 09:32:38,025 INFO  [ImapSSLServer-13] [ip=192.168.27.36;oip=192.168.27.37;
 
      via=192.168.27.36(nginx/1.2.0-zimbra);ua=Zimbra/8.0.6_GA_5922;] mailop - adding folder
 
      Briefcase: id=16, parentId=1.
 
mailbox.log:2014-02-28 09:32:38,038 INFO  [Index-8] [name=proxylogtest@zcs806.DOMAIN.com;mid=50;]
 
      index - Batch complete processed=0,failed=0,elapsed=1 (0.00 items/sec)
 
mailbox.log:2014-02-28 09:32:38,071 INFO  [ImapSSLServer-13] [ip=192.168.27.36;oip=192.168.27.37;
 
      via=192.168.27.36(nginx/1.2.0-zimbra);ua=Zimbra/8.0.6_GA_5922;] index - OpenLuceneIndex
 
      impl=NIOFSDirectory,dir=/opt/zimbra/index/0/50/index/0
 
mailbox.log:2014-02-28 09:32:38,071 INFO  [ImapSSLServer-13] [ip=192.168.27.36;oip=192.168.27.37;
 
      via=192.168.27.36(nginx/1.2.0-zimbra);ua=Zimbra/8.0.6_GA_5922;] mbxmgr - Mailbox 50
 
      account 0028aab0-3d17-4c51-aad8-da7500247079 CREATED
 
mailbox.log:2014-02-28 09:32:38,079 INFO  [ImapSSLServer-13] [name=proxylogtest@zcs806.DOMAIN.com;
 
      ip=192.168.27.36;oip=192.168.27.37;via=192.168.27.36(nginx/1.2.0-zimbra);ua=Zimbra/8.0.6_GA_5922;]
 
      imap - user proxylogtest@zcs806.DOMAIN.com authenticated, mechanism=LOGIN [TLS]
 
mailbox.log:2014-02-28 09:32:38,079 INFO  [ImapSSLServer-13] [name=proxylogtest@zcs806.DOMAIN.com;
 
      ip=192.168.27.36;oip=192.168.27.37;via=192.168.27.36(nginx/1.2.0-zimbra);ua=Zimbra/8.0.6_GA_5922;]
 
      imap - LOGIN elapsed=2550
 
mailbox.log:2014-02-28 09:32:46,258 WARN  [ImapSSLServer-16] [name=proxylogtest@zcs806.DOMAIN.com;
 
      ip=192.168.27.36;oip=192.168.27.37;via=192.168.27.36(nginx/1.2.0-zimbra);ua=Zimbra/8.0.6_GA_5922;]
 
      imap - BAD parse error: command not implemented
 
mailbox.log:2014-02-28 09:32:46,258 INFO  [ImapSSLServer-16] [name=proxylogtest@zcs806.DOMAIN.com;
 
      ip=192.168.27.36;oip=192.168.27.37;via=192.168.27.36(nginx/1.2.0-zimbra);ua=Zimbra/8.0.6_GA_5922;]
 
      imap - EXIT elapsed=1
 
mailbox.log:2014-02-28 09:32:48,648 WARN  [ImapSSLServer-13] [name=proxylogtest@zcs806.DOMAIN.com;
 
      ip=192.168.27.36;oip=192.168.27.37;via=192.168.27.36(nginx/1.2.0-zimbra);ua=Zimbra/8.0.6_GA_5922;]
 
      imap - BAD parse error: command not implemented
 
mailbox.log:2014-02-28 09:32:48,648 INFO  [ImapSSLServer-13] [name=proxylogtest@zcs806.DOMAIN.com;
 
      ip=192.168.27.36;oip=192.168.27.37;via=192.168.27.36(nginx/1.2.0-zimbra);ua=Zimbra/8.0.6_GA_5922;]
 
      imap - QUIT elapsed=1
 
</pre>
 
  
======IMAP Login Via Openssl - LOGIN TLS - Proxy Included======
+
* Identities: Auto verify user settable from address [marked as dup of 29974]
 +
** http://bugzilla.zimbra.com/show_bug.cgi?id=12094
 +
* persona/external account from field address verification
 +
** http://bugzilla.zimbra.com/show_bug.cgi?id=29974
 +
* ZCO Support for zimbraAllowAnyFromAddress
 +
** http://bugzilla.zimbra.com/show_bug.cgi?id=31278
  
You would run from the CLI:
+
===Creating A Domain Alias===
  
<pre> openssl s_client -crlf -connect zcs806.DOMAIN.com:993</pre>
+
Please see [[ManagingDomains#Creating_a_Domain_Alias]]
  
Once it shows  "* OK IMAP4 ready" you'll be able to give the login command:
+
===Relay Domain Forwarding===
  
<pre>tag login proxylogtest@zcs806.DOMAIN.com PASSWORD</pre>
+
Please see [[ManagingDomains#Relaying.2FDomain_Forwarding]]
  
Another good example of this is at [http://delog.wordpress.com/2011/05/10/access-imap-server-from-the-command-line-using-openssl/ Access IMAP server from the command line using OpenSSL]
+
===Domain Catchall===
  
The log events for this are:
+
Please see [[ManagingDomains#Domain_Catchall]]
  
<pre>
+
===Rewriting From Address For Outbound Email===
$ egrep "192\.168\.27\.37|proxylogtest" * | grep "28 10"
 
  
audit.log:2014-02-28 10:37:51,207 INFO  [ImapSSLServer-13] [ip=192.168.27.36;oip=192.168.27.37;
+
Please see [[ManagingDomains#Domain_Masquerading]]
    via=192.168.27.36(nginx/1.2.0-zimbra); ua=Zimbra/8.0.6_GA_5922;] security - cmd=Auth;
 
    account=proxylogtest@zcs806.DOMAIN.com; protocol=imap;
 
  
mailbox.log:2014-02-28 10:37:51,204 INFO  [ImapSSLServer-13] [ip=192.168.27.36;oip=192.168.27.37;
+
===Rewrite Recipient Address For Incoming Email===
    via=192.168.27.36(nginx/1.2.0-zimbra); ua=Zimbra/8.0.6_GA_5922;] imap - ID elapsed=1
 
mailbox.log:2014-02-28 10:37:51,207 INFO  [ImapSSLServer-13] [name=proxylogtest@zcs806.DOMAIN.com;
 
    ip=192.168.27.36;oip=192.168.27.37; via=192.168.27.36(nginx/1.2.0-zimbra);ua=Zimbra/8.0.6_GA_5922;]
 
    imap - user proxylogtest@zcs806.DOMAIN.com authenticated, mechanism=LOGIN [TLS]
 
mailbox.log:2014-02-28 10:37:51,207 INFO  [ImapSSLServer-13] [name=proxylogtest@zcs806.DOMAIN.com;
 
    ip=192.168.27.36;oip=192.168.27.37; via=192.168.27.36(nginx/1.2.0-zimbra);ua=Zimbra/8.0.6_GA_5922;]
 
    imap - LOGIN elapsed=2
 
mailbox.log:2014-02-28 10:38:10,132 INFO  [ImapSSLServer-13] [name=proxylogtest@zcs806.DOMAIN.com;
 
    ip=192.168.27.36;oip=192.168.27.37; via=192.168.27.36(nginx/1.2.0-zimbra);ua=Zimbra/8.0.6_GA_5922;]
 
    imap - LIST elapsed=12
 
  
nginx.log:2014/02/28 10:32:01 [info] 25609#0: *2602 client 192.168.27.37 connected to 0.0.0.0:993
+
There is a way to rewrite the incoming mail, but it's not a standard Zimbra feature. You can implement it as a configuration change in Postfix. Here's what you do:
nginx.log:2014/02/28 10:37:07 [info] 25609#0: *2603 client 192.168.27.37 connected to 0.0.0.0:993
 
nginx.log:2014/02/28 10:37:51 [info] 25609#0: *2603 client logged in, client: 192.168.27.37, server: 0.0.0.0:993,
 
    login: "proxylogtest@zcs806.DOMAIN.com", upstream: 192.168.27.36:7993
 
    (192.168.27.37:41009-192.168.27.36:993) <=> (192.168.27.36:53613-192.168.27.36:7993)
 
</pre>
 
  
===Network Tracing Between A Remote Host And A ZCS MTA===
+
# Create a file in /opt/zimbra/conf named 'postfix_recipientmap'. 
 +
#* The format is a single line that reads something like: @alias.domain.com @domain.com
 +
# Run 'postmap postfix_recipientmap' in the conf directory.
 +
# Run "postconf -e recipient_canonical_maps=hash:/opt/zimbra/conf/postfix_recipientmap".
 +
# Run 'postfix reload'.
  
How to network trace between a remote host and a ZCS MTA. You can run the following on the MTA to get the trace:
+
This will cause postfix to map any incoming mail with a recipient of '@alias.domain.com' to '@domain.com'. You will need to re-apply this postconf change after upgrades, though the postfix_recipientmap file should survive.
  
<pre> tcpdump -w /root/tcpdump1.cap -s 15000 port 25 and host <Sending_host_IP> </pre>
+
===Automatic BCC===
  
===zmmsgtrace===
+
====Option 1 - Via Postfix Customization====
  
See the following for details [for 7.1.1+]:
+
From the postfix website:
* zmmsgtrace replacement
 
** http://bugzilla.zimbra.com/show_bug.cgi?id=41078
 
  
===How To Get SMTP Debug Logging===
+
*always_bcc = address
 +
** Deliver a copy of all mail to the specified address. In Postfix versions before 2.1, this feature is implemented by smtpd(8), qmqpd(8), or pickup(8).
 +
* sender_bcc_maps = type:table
 +
** Search the specified "type:table" lookup table with the envelope sender address for an automatic BCC address. This feature is available in Postfix 2.1 and later.
 +
* recipient_bcc_maps = type:table
 +
** Search the specified "type:table" lookup table with the envelope recipient address for an automatic BCC address. This feature is available in Postfix 2.1 and later.
 +
* Note: automatic BCC recipients are produced only for new mail. To avoid mailer loops, automatic BCC recipients are not generated for mail that Postfix forwards internally, nor for mail that Postfix generates itself.
  
You can obtain this by modifying the master.cf.in which is located at /opt/zimbra/postfix/conf . 
+
Please see the following:
Go to the smtpd line and at the end of the line add -vv
 
  
<pre> smtp      inet  n      -       n      -       -       smtpd -vv</pre>
+
* A very nice forum post on the subject from our very own mmorse
 +
** http://www.zimbra.com/forums/administrators/28606-master-incoming-outgoing-archive.html#post134490
 +
* Postfix workaround
 +
** http://www.postfix.com/ADDRESS_REWRITING_README.html#auto_bcc
 +
* "User defined auto bcc"
 +
** http://bugzilla.zimbra.com/show_bug.cgi?id=15306
 +
* "Next rev of (mail) identities preferences management (server side)"
 +
** http://bugzilla.zimbra.com/show_bug.cgi?id=17320
  
restart the mta by running the following
+
====Option 2 - Via ZCS Legal Intercept====
  
<pre> zmmtactl restart</pre>
+
Generally used for [[Ajcody-User-Management-Topics#Managing_Legal_Requests_for_Information|Managing Legal Requests for Information]]
  
===Simple Troubleshooting For SMTP Via Telnet, Openssl===
+
Description:
 +
:: The ZCS legal intercept feature is used to obtain copies of email messages that are sent, received, or saved as drafts from targeted accounts and send these message to a designated “shadow” email address. Legal Intercept can be configured to send the complete content of the message or to send only the header information. When a targeted account sends, receives, or saves a draft message, an intercept message is automatically created to forward copies of the messages as attachments to the specified email address.
  
====First - Understanding Your Authentication Requirements In ZCS====
+
Please see:
 +
* http://www.zimbra.com/docs/ne/latest/administration_guide/managing_other_zcs_features.8.1.html
 +
* http://wiki.zimbra.com/index.php?title=Legal_Intercept
 +
* http://bugzilla.zimbra.com/show_bug.cgi?id=17539
 +
 
 +
====Option 3 - Zimbra's Archiving And Discovery====
 +
 
 +
See [[Ajcody-Notes-Archive-Discovery]] concerning A&D setup and options.
 +
 
 +
===Limiting Or Increasing Number Of Recipents / Messages===
  
In the admin console, under the MTA tab, you see two options:
+
====Mailing Lists - Distribution Lists====
  
* Enable Authentication
+
Please see [[Ajcody-MailingLists-And-Mailman#Problems_Resolving_Virtual_Aliases_For_Members_Of_Large_Distribution_Lists]]
** Attribute Name = zimbraMtaSaslAuthEnable  [yes or no]
 
*** zmprov gacf zimbraMtaSaslAuthEnable or zmprov gs `zmhostname` zimbraMtaSaslAuthEnable
 
** Description = Value for postconf : smtpd_sasl_auth_enable = yes
 
* TLS Authentication Only
 
** Attribute Name = zimbraMtaTlsAuthOnly [TRUE or FALSE]
 
*** zmprov gacf zimbraMtaTlsAuthOnly or zmprov gs `zmhostname` zimbraMtaTlsAuthOnly
 
** Description Value for postconf : smtpd_tls_auth_only = yes
 
  
A good reference to understanding exactly what these options mean and do is the [http://www.postfix.org/SASL_README.html SASL_READ] at the postfix.org site. I'll include the highlights below.
+
====Policy Daemon====
  
When you do the telnet test below and issue the EHLO state, you'll see a return that states [example]:
+
If you want to restrict messages per hour, you can look into Policy Daemon:
  
<pre>
+
* http://wiki.zimbra.com/wiki/Postfix_Policyd
esx2:~ ajcody$ telnet zcs723.EXAMPLE.com 25
+
* http://wiki.zimbra.com/wiki/How-to_for_cbpolicyd
Trying 10.137.27.32...
+
* http://www.policyd.org/features.html
Connected to zcs723.EXAMPLE.com.
+
 
Escape character is '^]'.
+
Beta release in ZCS 7 , see:
220 zcs723.EXAMPLE.com ESMTP Postfix
 
helo myworkstation
 
250 zcs723.EXAMPLE.com
 
ehlo myworkstation
 
250-zcs723.EXAMPLE.com
 
250-PIPELINING
 
250-SIZE 10240000
 
250-VRFY
 
250-ETRN
 
250-STARTTLS
 
250-AUTH LOGIN PLAIN
 
250-AUTH=LOGIN PLAIN
 
250-ENHANCEDSTATUSCODES
 
250-8BITMIME
 
250 DSN
 
</pre>
 
  
When you check, "Enable Authentication" [remember its specific to SASL] in the admin console and reload postfix you will then see the AUTH line when you do the telnet test above and AUTH will say LOGIN and PLAIN. AUTH supports a number of different types of protocols:  PLAIN LOGIN DIGEST-MD5 CRAM-MD5 GSSAPI. Zimbra only supports the use of LOGIN and PLAIN though.
+
* "make support for postfix-policyd easier"
 +
** http://bugzilla.zimbra.com/show_bug.cgi?id=8791
  
What is LOGIN and PLAIN and the difference?
+
====Postfix====
  
<pre>
+
Also, there are some default postfix parameters set to control sending a message to x amount recipientsThe parameters you will need to look at are smtpd_recipient_limit & smtpd_recipient_overshoot_limit, these have a default value of 1000.
--enable-login  You wish to support the Outlook Express
 
                  5.x client, which uses the non-standard,  
 
                  undocumented LOGIN protocol.  Passwords
 
                  are passed over the wire in the clear.
 
                  This is disabled by default.
 
  --disable-plain  Do not use the PLAIN protocol, which
 
                  sends the password in plaintext.  This
 
                  is enabled by default and should only
 
                  be used for testing unless you are  
 
                  encrypting the session via TLS, IPsec,
 
                  or other mechanism.
 
</pre>
 
  
So, the above might be alarming. The postfix SASL_README gives us some context though, '''''"Plaintext mechanisms (PLAIN, LOGIN) send credentials unencrypted. This information should be protected by an additional security layer such as a TLS-encrypted SMTP session (see: [http://www.postfix.org/TLS_README.html TLS_README])."''''' Also note, both PLAIN and LOGIN use BASE64 encoding of the username and password but those strings can be ran through a mime-decoder to discover what they are. You see this in my telnet examples below.
+
Postfix defines these parameters as:
  
The other variable/options for the '''"Postfix SMTP Server policy - SASL mechanism properties"''' you will need to know about are:
+
* smtpd_recipient_limit: The maximum number of recipients that the Postfix SMTP server accepts per message delivery request.
 +
* smtpd_recipient_overshoot_limit: The number of recipients that a remote SMTP client can send in excess of the limit specified with $smtpd_recipient_limit, before the Postfix SMTP server increments the per-session error count for each excess recipient.
  
* /opt/zimbra/postfix/conf/main.cf
+
From the command line you can change the default values.
** smtpd_sasl_security_options =
 
** smtpd_sasl_tls_security_options = [note, this can reuse smtpd_sasl_security_options with $smtpd_sasl_security_options]
 
*** noanonymous Don't use mechanisms that permit anonymous authentication.
 
**** Always set at least the noanonymous option. Otherwise, the Postfix SMTP server can give strangers the same authorization as a properly-authenticated client.
 
*** noplaintext Don't use mechanisms that transmit unencrypted username and password information.
 
*** nodictionary Don't use mechanisms that are vulnerable to dictionary attacks.
 
*** forward_secrecy Require forward secrecy between sessions (breaking one session does not break earlier sessions).
 
*** mutual_auth Use only mechanisms that authenticate both the client and the server to each other.  
 
  
'''Mail relay authorization options to know are:''' [http://www.postfix.org/SASL_README.html [From the SASL_READ]] With permit_sasl_authenticated the Postfix SMTP server can allow SASL-authenticated SMTP clients to send mail to remote destinations. Examples:
+
su - zimbra
<pre>
+
postconf -e smtpd_recipient_limit=<new value>
    # With Postfix 2.10 and later, the mail relay policy is
+
postconf -e smtpd_recipient_overshoot_limit=<new value>
    # preferably specified under smtpd_relay_restrictions.
+
postfix reload
    /opt/zimbra/postfix/conf/main.cf:
 
        smtpd_relay_restrictions =
 
    permit_mynetworks
 
    permit_sasl_authenticated
 
    reject_unauth_destination
 
  
    # Older configurations combine relay control and spam control under
+
====Bugs RFE's For Customers To Get Behind====
    # smtpd_recipient_restrictions. To use this example with Postfix ≥
 
    # 2.10 specify "smtpd_relay_restrictions=".
 
    /opt/zimbra/postfix/conf/main.cf:
 
        smtpd_recipient_restrictions =
 
    permit_mynetworks
 
    permit_sasl_authenticated
 
    reject_unauth_destination
 
    ...other rules...
 
</pre>
 
  
'''Envelope sender address authorization options:'''  [http://www.postfix.org/SASL_README.html [From the SASL_READ]] By default an SMTP client may specify any envelope sender address in the MAIL FROM command. That is because the Postfix SMTP server only knows the remote SMTP client hostname and IP address, but not the user who controls the remote SMTP client.
+
I'm wondering if policyd gives one the control everyone is looking for? I've not used it myself.
  
This changes the moment an SMTP client uses SASL authentication. Now, the Postfix SMTP server knows who the sender is. Given a table of envelope sender addresses and SASL login names, the Postfix SMTP server can decide if the SASL authenticated client is allowed to use a particular envelope sender address:
+
Policyd References:
<pre>
+
* http://www.policyd.org/tiki-index.php?page=Documentation
    /opt/zimbra/postfix/conf/main.cf:
+
* http://www.policyd.org/tiki-index.php?page=Quotas&structure=Documentation
        virtual_mailbox_maps = proxy:ldap:/opt/zimbra/conf/ldap-vmm.cf
+
* http://www.policyd.org/tiki-index.php?page=Accounting&structure=Documentation
        smtpd_sender_login_maps = $virtual_mailbox_maps
+
* http://www.policyd.org/tiki-index.php?page=Policies%20%26%20Groups&structure=Documentation
 +
* http://wiki.zimbra.com/index.php?title=Postfix_Policyd
  
        smtpd_recipient_restrictions =
+
There's other additions [add-on's] one can get for policyd.
            ...
 
            reject_sender_login_mismatch
 
    permit_sasl_authenticated
 
            ...
 
</pre>
 
The controlled_envelope_senders table specifies the binding between a sender envelope address and the SASL login names that own that address [see above, ZCS will have in main.cf a line showing virtual_mailbox_maps = proxy:ldap:/opt/zimbra/conf/ldap-vmm.cf]:
 
<pre>
 
    /opt/zimbra/conf/ldap-vmm.cf
 
        server_host = ldap://zcs723.EXAMPLE.com:389
 
        server_port = 389
 
        search_base =
 
        query_filter = (&(zimbraMailDeliveryAddress=%s)(zimbraMailStatus=enabled))
 
        result_attribute = zimbraMailDeliveryAddress
 
        version = 3
 
        start_tls = yes
 
        tls_ca_cert_dir = /opt/zimbra/conf/ca
 
        bind = yes
 
        bind_dn = uid=zmpostfix,cn=appaccts,cn=zimbra
 
        bind_pw = XXXXXXXXXXX
 
        timeout = 30
 
</pre>
 
  
A default postfix install [non-ZCS] might have something like:
+
We have this RFE in regards to policyd support:
<pre>
 
    /etc/postfix/controlled_envelope_senders
 
        # envelope sender          owners (SASL login names)
 
        john@example.com            john@example.com
 
        helpdesk@example.com        john@example.com, mary@example.com
 
        postmaster                  admin@example.com
 
        @example.net                barney, fred, john@example.com, mary@example.com
 
</pre>
 
With this, the reject_sender_login_mismatch restriction above will reject the sender address in the MAIL FROM command if smtpd_sender_login_maps does not specify the SMTP client's login name as an owner of that address.
 
  
See also reject_authenticated_sender_login_mismatch and reject_unauthenticated_sender_login_mismatch for additional control over the SASL login name and the envelope sender.
+
* "make support for postfix-policyd easier"
 +
** http://bugzilla.zimbra.com/show_bug.cgi?id=8791
 +
*** Target Milestone currently for Helix release [ http://pm.zimbra.com ]
 +
 +
Other related rfe/bugs, specially to push variables into admin web console:
  
====Second - Encoding Username And Passwords For AUTH Sequence====
+
* "rate limit amount of mail sent via web client"
 
+
** http://bugzilla.zimbra.com/show_bug.cgi?id=22300
Here is an example of getting the base64 encoding for a username and also how to check if the encoding was correct. This might expose how special characters threw off the encoding.
+
*** *Target Milestone currently for Helix release
 
+
* "mta "advanced" tab"
<pre>
+
** http://bugzilla.zimbra.com/show_bug.cgi?id=14645
[USERNAME EXAMPLE - If you use the domainname, you'll have to \ the @]
+
*** Target Milestone currently for Helix release
# perl -MMIME::Base64 -le 'print encode_base64("ajcody\@zcs723.EXAMPLE.com");'
+
* "Option to IP Blocking through UI"
    YWpjb2R5QHpjczcyMy5FWEFNUExFLmNvbQ==
+
** http://bugzilla.zimbra.com/show_bug.cgi?id=19240
# perl -MMIME::Base64 -le 'print decode_base64("YWpjb2R5QHpjczcyMy5FWEFNUExFLmNvbQ==");'
+
*** Target Milestone currently for Helix release
    ajcody@zcs723.EXAMPLE.com
+
* "Mail policies and access control for sending to distribution lists"
 
+
** http://bugzilla.zimbra.com/show_bug.cgi?id=9620
[PASSWORD EXAMPLE]
+
*** Target Milestone currently for GunsNRoses
# perl -MMIME::Base64 -le 'print encode_base64("MySimplePa33");'
 
    TXlTaW1wbGVQYTMz
 
# perl -MMIME::Base64 -le 'print decode_base64("TXlTaW1wbGVQYTMz");'
 
    MySimplePa33
 
  
[USERNAME And PASSWORD - For Auth PLAIN. The \000 is for a space .]
+
===Controlling SMTPD Client Connections===
# perl -MMIME::Base64 -le 'print encode_base64("ajcody\@zcs723.EXAMPLE.com\000MySimplePa33");'
 
    YWpjb2R5QHpjczcyMy5FWEFNUExFLmNvbQBNeVNpbXBsZVBhMzM=
 
# perl -MMIME::Base64 -le 'print decode_base64("YWpjb2R5QHpjczcyMy5FWEFNUExFLmNvbQBNeVNpbXBsZVBhMzM=");'
 
    ajcody@zcs723.EXAMPLE.comMySimplePa33
 
</pre>
 
  
====For ESMTP Auth is LOGIN - Example====
+
Mmorse did a good write up on these variables in the forum:
  
If you are using TLS you will need to encrypt your username & password before transiting it.
+
* http://www.zimbra.com/forums/administrators/13591-solved-limit-max-recipriants.html#post69582
  
For Auth is LOGIN you'll need to get the login encoding as described above. When AUTH is Login, it requires username and password to be separate :
+
Postfix Resources At Their Site (All Clients/Connections):
 +
* [http://www.postfix.org/TUNING_README.html#conn_limit Measures against clients that make too many connections]
 +
* [http://www.postfix.org/anvil.8.html  anvil - Postfix session count and request rate control]
 +
* [http://www.postfix.org/postconf.5.html#anvil_rate_time_unit anvil_rate_time_unit - The time unit over which client connection rates and other rates are calculated.]
 +
* [http://www.postfix.org/postconf.5.html#smtpd_client_connection_count_limit smtpd_client_connection_count_limit - How many simultaneous connections any client is allowed to make to this service. ]
 +
* [http://www.postfix.org/postconf.5.html#smtpd_client_message_rate_limit smtpd_client_message_rate_limit - The maximal number of message delivery requests that any client is allowed to make to this service per time unit, regardless of whether or not Postfix actually accepts those messages.]
 +
* [http://www.postfix.org/postconf.5.html#smtpd_client_recipient_rate_limit smtpd_client_recipient_rate_limit - The maximal number of recipient addresses that any client is allowed to send to this service per time unit, regardless of whether or not Postfix actually accepts those recipients.]
 +
* [http://www.postfix.org/postconf.5.html#smtpd_client_connection_rate_limit smtpd_client_connection_rate_limit - The maximal number of connection attempts any client is allowed to make to this service per time unit.]
 +
 
 +
Postfix Resources At Their Site (Exceptions To Clients/Connections Or Single Source):
 +
* [http://www.postfix.org/postconf.5.html#smtpd_client_event_limit_exceptions smtpd_client_event_limit_exceptions - Clients that are excluded from connection count, connection rate, or SMTP request rate restrictions.]
  
For example [I've mangled the hash below by the way]:
+
===Restrictions===
  
perl -MMIME::Base64 -e 'print encode_base64("ajcody\@zcs723.EXAMPLE.com");'
+
Besides using external mailing list software, [[Ajcody-MailingLists-And-Mailman#Mailman_-_Mailing_List_Manager|Mailman]] or [[Ajcody-MailingLists-And-Mailman#Sympa_-_Mailing_List_Manager|Sympa]], here's some other topical items in regards to restrictions.
  YYYYYYY5QHpjczcyMy51cy56aW1icmFsYWIuY29t
 
perl -MMIME::Base64 -e 'print encode_base64("Somepasswd");'
 
  YYYYYYYkMW0=
 
  
The working example now using telnet:
+
Some user contributed articles:
  
<pre>
+
* [[RestrictPostfixRecipients]]
esx2:~ ajcody$ telnet zcs723.EXAMPLE.com 25
+
* [[Restrict_sending_to_certain_domains]]
Trying 10.137.27.32...
+
* [[Restrict_users_to_certain_domain]]
Connected to zcs723.EXAMPLE.com.
+
* [http://www.zimbra.com/forums/administrators/15041-guide-postifx-how-multiple-access-lists-protected-distribution-lists.html Forum Post: GUIDE: Postifx: HOW TO: Multiple access lists for protected Distribution-lists]
Escape character is '^]'.
+
 
220 zcs723.EXAMPLE.com ESMTP Postfix
+
Some Postfix references:
helo myworkstation
+
 
250 zcs723.EXAMPLE.com
+
* http://www.postfix.org/RESTRICTION_CLASS_README.html#internal
ehlo myworkstation
+
* http://www.postfix.org/SMTPD_POLICY_README.html
250-zcs723.EXAMPLE.com
+
 
250-PIPELINING
+
Some RFE's related to mta based restrictions [targets are based upon today - July 21, 2010]:
250-SIZE 10240000
+
 
250-VRFY
+
* "Dynamic distribution lists - Internal Directory"
250-ETRN
+
** http://bugzilla.zimbra.com/show_bug.cgi?id=3884
250-STARTTLS
+
* "per-domain send restriction" - Not Committed
250-AUTH LOGIN PLAIN
+
** http://bugzilla.zimbra.com/show_bug.cgi?id=5595
250-AUTH=LOGIN PLAIN
+
*** These are marked as dup's of the above:
250-ENHANCEDSTATUSCODES
+
**** "disable outbound e-mail for one user"
250-8BITMIME
+
***** http://bugzilla.zimbra.com/show_bug.cgi?id=34654
250 DSN
+
**** "Add an facility to detemine internal relay users in admin"
AUTH LOGIN
+
***** http://bugzilla.zimbra.com/show_bug.cgi?id=33255
334 VXNlcm5hbWU6
+
* "policy for who can send to a distribution lists" - Helix
YYYYYYY5QHpjczcyMy51cy56aW1icmFsYWIuY29t
+
** http://bugzilla.zimbra.com/show_bug.cgi?id=9620
334 UGFzc3dvcmQ6
+
*** RFE 9620 is also a blocker for the following RFE:
YYYYYYYkMW0=
+
**** "milter to check if sender can send to a distribution list"
235 2.7.0 Authentication successful
+
***** http://bugzilla.zimbra.com/show_bug.cgi?id=46311
mail from: <ajcody@zcs723.EXAMPLE.com>
+
*** These are marked as dup's of the above:
250 2.1.0 Ok
+
**** "Ability to Specify Mail Policy"
rcpt to: <ajcody2@zcs723.EXAMPLE.com>
+
***** http://bugzilla.zimbra.com/show_bug.cgi?id=5555
250 2.1.5 Ok
+
**** "domain level filters rules"
data
+
***** http://bugzilla.zimbra.com/show_bug.cgi?id=6128
354 End data with <CR><LF>.<CR><LF>
+
**** "Distribution List Restrictions"
From: Adam <ajcody@zcs723.EXAMPLE.com>
+
***** http://bugzilla.zimbra.com/show_bug.cgi?id=7104
To: Adam 2 <ajcody2@zcs723.EXAMPLE.com>
+
**** "Feature request - Mail Policies"
Subject: Test ESMTP Auth LOGIN
+
***** http://bugzilla.zimbra.com/show_bug.cgi?id=9328
testing
+
**** "limit  "send from"  to certain domains"
.
+
***** http://bugzilla.zimbra.com/show_bug.cgi?id=12038
250 2.0.0 Ok: queued as 361C11E78D1
+
**** "'Internal email only' options in admin control panel"
quit
+
***** http://bugzilla.zimbra.com/show_bug.cgi?id=16671
221 2.0.0 Bye
+
**** "Access control for free busy and resources (ie permission to invite)"
Connection closed by foreign host.
+
***** http://bugzilla.zimbra.com/show_bug.cgi?id=22913
</pre>
+
**** "RFE: Admin GUI: Restrict the use of Distribution List among users."
 +
***** http://bugzilla.zimbra.com/show_bug.cgi?id=29305
 +
* "Implement smtpd_sender_restrictions"
 +
** http://bugzilla.zimbra.com/show_bug.cgi?id=15808
 +
* "How to restrict a user to only send via zwc"
 +
** http://bugzilla.zimbra.com/show_bug.cgi?id=16623
 +
* "enable configuration of  "smtpd_sender_restriction""
 +
** http://bugzilla.zimbra.com/show_bug.cgi?id=22363
  
====For ESMTP Auth is Plain - Example====
+
===Spam Control And Related Issues===
  
If you are using TLS you will need to encrypt your username & password before transiting it.
+
====High Over View Steps Of What To Do====
  
When AUTH is PLAIN, the username and password will be in the same encoding. For example [I've mangled the hash below by the way]:
+
* '''Step 1:''' Confirm your not an open relay and double check your postfix $mynetworks variable.
 
+
** [[ZimbraMtaMyNetworks|ZimbraMtaMyNetworks And Postfix mynetworks]]
perl -MMIME::Base64 -e 'print encode_base64("\000ajcody\@zcs723.EXAMPLE.com\000mypassword");'  
+
** [[Ajcody-MTA-Postfix-Topics#Open_Relay_Check|Open Relay Check]]
  AGFqY29keUB6Y3M3MjMXXXXXXXXXXXXXXXXXX5MzkzMWQxbQ==
+
* '''Step 2:''' Stop or put on-hold mail queue.
 
+
** Put all messages into HOLD queue:
The working example now using telnet:
+
*** Get a report of your current mailq [can be useful if you clean out the queue later but need to identify what external mail hosts are now denying you and who you'll need to contact about getting removed from their denial list]
 
+
**** Example: /opt/zimbra/postfix/sbin/mailq > /tmp/zimbra_mailq_report.txt
<pre>
+
*** /opt/zimbra/postfix/sbin/postsuper -h ALL
esx2:~ ajcody$ telnet zcs723.EXAMPLE.com 25
+
** Or put all messages match compromised account into HOLD queue:
Trying 10.137.27.32...
+
*** /opt/zimbra/postfix/sbin/mailq | grep user_compromised@domain | awk '{ print $1 }' | tr -d '!*' | /opt/zimbra/postfix/sbin/postsuper -h -
Connected to zcs723.EXAMPLE.com.
+
**** Note, this is an example - you might with the grep grab more than the compromised account with the match.
Escape character is '^]'.
+
** See whole section - [[Ajcody-MTA-Postfix-Topics#Managing_Postfix_Queue| Managing The Postfix Queue]]
220 zcs723.EXAMPLE.com ESMTP Postfix
+
* '''Step 3:''' Check your mail log [On ZCS servers running MTA services] - /var/log/zimbra.log
helo myworkstation
+
** [[Ajcody-MTA-Postfix-Topics#Understanding_.2Fvar.2Flog.2Fzimbra.log_And_Postfix_Log_Events| Understanding the zimbra.log file and Postfix log events.]] , see subsection about queue ID and message ID also.
250 zcs723.EXAMPLE.com
+
** [[Ajcody-MTA-Postfix-Topics#Who.27s_My_Spammer.3F| Who's My Spammer?]]
ehlo myworkstation
+
* '''Step 4:''' Identify compromised account authenticating SMTP AUTH connection or block ip address where emails are coming from at firewall.
250-zcs723.EXAMPLE.com
+
** [[Ajcody-MTA-Postfix-Topics#Who.27s_My_Spammer.3F| Who's My Spammer?]]
250-PIPELINING
+
** Continue to monitor compromised account and block ip addresses:
250-SIZE 10240000
+
*** tail -f /var/log/zimbra.log | grep username | grep sasl
250-VRFY
+
**** Jun  8 18:14:10 mail postfix/smtpd[15794]: 004358EEB16: client=unknown[XXXX.236.197.216], sasl_method=LOGIN, sasl_username=username@domain
250-ETRN
+
* '''Step 5:''' Disable the exploited email account, expire auth session, etc.
250-STARTTLS
+
** [[Ajcody-User-Management-Topics#Resetting_A_User.27s_Account_From_CLI| Resetting Or Expiring User Auth]]
250-AUTH LOGIN PLAIN
+
** '''Note''' - Restarting the mta services will be important once you reset the password/s or lock the account. It's required to ensure the active connections will be closed and any existing auth tokens no longer are valid. See:
250-AUTH=LOGIN PLAIN
+
*** Force currently active SMTP authenticated sessions to be renegotiated when locking an account
250-ENHANCEDSTATUSCODES
+
**** https://bugzilla.zimbra.com/show_bug.cgi?id=80299
250-8BITMIME
+
* '''Step 6:''' Move the mail queue or delete the spam email
250 DSN
+
** See whole section - [[Ajcody-MTA-Postfix-Topics#Managing_Postfix_Queue| Managing The Postfix Queue]]
AUTH PLAIN AGFqY29keUB6Y3M3MjMXXXXXXXXXXXXXXXXXX5MzkzMWQxbQ==
+
* '''Step 7:''' Release Mail queue
235 2.7.0 Authentication successful
 
mail from: <ajcody@zcs723.EXAMPLE.com>
 
250 2.1.0 Ok
 
rcpt to: <ajcody2@zcs723.EXAMPLE.com>
 
250 2.1.5 Ok
 
data
 
354 End data with <CR><LF>.<CR><LF>
 
From: Adam <ajcody@zcs723.EXAMPLE.com>
 
To: Adam 2 <ajcody2@zcs723.EXAMPLE.com>
 
Subject: Test ESMTP Auth PLAIN
 
testing
 
.
 
250 2.0.0 Ok: queued as 804E01E78D1
 
quit
 
221 2.0.0 Bye
 
Connection closed by foreign host.
 
</pre>
 
  
====For TLS/SSL - Example====
+
====Who's My Spammer?====
  
Basic telnet does not support SSL or TLS, so you have to use openssl or stunnel to make your connection to the smtp server. To connect to a server using TLS/SSL run something like this:
+
=====Getting Some Initial Summary Data=====
  
openssl s_client -starttls smtp -crlf -connect zcs723.EXAMPLE.com:25
+
======zmdialyreport======
  
Now you can run one of the above telnet sessions like you had before. You will most likely still need to log in.
+
First, some notable bug/RFE's in regards to the zmdailyreport:
  
Default zimbra [[Ports|ports]] to be aware of and test:
+
* RFE - add explanations to Daily mail report / pflogsumm.pl output
 +
** https://bugzilla.zimbra.com/show_bug.cgi?id=86630
 +
* Daily mail report shows incorrect output because pflogsumm.pl doubles the result
 +
** https://bugzilla.zimbra.com/show_bug.cgi?id=84444
 +
* Descriptions of mta_counts numbers vs daily reports and other msg stats
 +
** https://bugzilla.zimbra.com/show_bug.cgi?id=79632
  
* port 25
+
You can first get some summary data by doing the following:
** smtp [mta] - incoming mail to postfix
 
* port 465
 
** smtps [mta] - incoming mail to postfix over ssl '''(Outlook only)'''
 
* port 587
 
** smtp [mta] - Mail '''submission port''' over tls
 
* "RFC 3207 specifies only the well-known port 25 and the "Submission port," which is TCP port 587, for the STARTTLS command, the precursor for an encrypted SMTP session using TLS. It makes no mention of the unofficial port 465." [http://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol SMTP on Wikipedia]
 
  
An example login is below :
+
<pre>
 +
[zimbra@zcs806 ~]$ /opt/zimbra/libexec/zmdailyreport
  
<pre>
+
Grand Totals
esx2:~ ajcody$ openssl s_client -starttls smtp -crlf -connect zcs723.EXAMPLE.com:25
+
------------
 +
messages
  
CONNECTED(00000003)
+
      7  received
depth=0 /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=zcs723.EXAMPLE.com
+
    11  delivered
verify error:num=20:unable to get local issuer certificate
+
      0   forwarded
verify return:1
+
      0   deferred
depth=0 /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=zcs723.EXAMPLE.com
+
      bounced
verify error:num=27:certificate not trusted
+
      3   rejected (21%)
verify return:1
+
      0   reject warnings
depth=0 /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=zcs723.EXAMPLE.com
+
      0   held
verify error:num=21:unable to verify the first certificate
+
      0   discarded (0%)
verify return:1
 
---
 
Certificate chain
 
0 s:/C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=zcs723.EXAMPLE.com
 
  i:/C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=zcs723.EXAMPLE.com
 
---
 
Server certificate
 
-----BEGIN CERTIFICATE-----
 
MIICsjCCAhugAwIBAgIFE2MYV2EwDQYJKoZIhvcNAQEFBQAwgZUxCzAJBgNVBAYT
 
[cut]
 
LrFtuUlX6mb5Uq8dx8D25QWqsyeDXA==
 
-----END CERTIFICATE-----
 
subject=/C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=zcs723.EXAMPLE.com
 
issuer=/C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=zcs723.EXAMPLE.com
 
---
 
No client certificate CA names sent
 
---
 
SSL handshake has read 1528 bytes and written 360 bytes
 
---
 
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
 
Server public key is 1024 bit
 
Secure Renegotiation IS supported
 
Compression: NONE
 
Expansion: NONE
 
SSL-Session:
 
    Protocol  : TLSv1
 
    Cipher    : DHE-RSA-AES256-SHA
 
    Session-ID: 06F03A7C2AB0EA3E97cut7CD4A4A6166D551B
 
    Session-ID-ctx:
 
    Master-Key: 1A2FF452C3E09F9D7B2DECEcutFB67158960BA6
 
    Key-Arg   : None
 
    Start Time: 1370375286
 
    Timeout   : 300 (sec)
 
    Verify return code: 21 (unable to verify the first certificate)
 
---
 
250 DSN
 
helo myworkstation
 
250 zcs723.EXAMPLE.com
 
ehlo myworkstation
 
250-zcs723.EXAMPLE.com
 
250-PIPELINING
 
250-SIZE 10240000
 
250-VRFY
 
250-ETRN
 
250-AUTH LOGIN PLAIN
 
250-AUTH=LOGIN PLAIN
 
250-ENHANCEDSTATUSCODES
 
250-8BITMIME
 
250 DSN
 
AUTH LOGIN
 
334 VXNlcm5hbWU6
 
YYYYYYY5QHpjczcyMy51cy56aW1icmFsYWIuY29t
 
334 UGFzc3dvcmQ6
 
YYYYYYYkMW0=
 
235 2.7.0 Authentication successful
 
mail from:<ajcody@zcs723.EXAMPLE.com>
 
250 2.1.0 Ok
 
rcpt to: <ajcody2@zcs723.EXAMPLE.com>
 
250 2.1.5 Ok
 
data
 
354 End data with <CR><LF>.<CR><LF>
 
From: Adam <ajcody@zcs723.EXAMPLE.com>
 
To: Adam 2 <ajcody2@zcs723.EXAMPLE.com>
 
Subject: Test Auth LOGIN TLS Example
 
test
 
.
 
250 2.0.0 Ok: queued as BA68B1E78D1
 
quit
 
221 2.0.0 Bye
 
closed
 
</pre>
 
  
=====Testing Against Port 465=====
+
  2780  bytes received
 
+
  10914  bytes delivered
References on Port 465:
+
      2  senders
 
+
      1  sending hosts/domains
* http://wiki.zimbra.com/wiki/Mail_client_Configuration#SMTP_over_SSL_port_465
+
      1  recipients
 +
      1  recipient hosts/domains
  
<pre>
 
$ openssl s_client -crlf -connect zcs723.EXAMPLE.com:465
 
  
CONNECTED(00000003)
+
Per-Hour Traffic Summary
 
+
    time          received  delivered  deferred    bounced    rejected
[cut of repeated data above]
+
    --------------------------------------------------------------------
 
+
    0000-0100          0          0          0          0          0
---
+
    0100-0200          1          3          0          0          0
250 DSN
+
    0200-0300          0          0          0          0          0
helo myworkstation
+
    0300-0400          0          0          0          0          0
250 zcs723.EXAMPLE.com
+
    0400-0500          0          0          0          0          0
ehlo myworkstation
+
    0500-0600          0          0          0          0          0
250-zcs723.EXAMPLE.com
+
    0600-0700          0          0          0          0          0
250-PIPELINING
+
    0700-0800          1          0          0          0          2
250-SIZE 8388608
+
    0800-0900          1          0          0          0          0
250-VRFY
+
    0900-1000          0          0          0          0          1
250-ETRN
+
    1000-1100          0          0          0          0          0
250-AUTH PLAIN LOGIN
+
    1100-1200          0          0          0          0          0
250-AUTH=PLAIN LOGIN
+
    1200-1300          4          8          0          0          0
250-ENHANCEDSTATUSCODES
+
    1300-1400          0          0          0          0          0
250-8BITMIME
+
    1400-1500          0          0          0          0          0
250 DSN
+
    1500-1600          0          0          0          0          0
AUTH PLAIN [cut - emailaddress/password string goes here]
+
    1600-1700          0          0          0          0          0
 +
    1700-1800          0          0          0          0          0
 +
    1800-1900          0          0          0          0          0
 +
    1900-2000          0          0          0          0          0
 +
    2000-2100          0          0          0          0          0
 +
    2100-2200          0          0          0          0          0
 +
    2200-2300          0          0          0          0          0
 +
    2300-2400          0          0          0          0          0
 +
 
 +
Host/Domain Summary: Message Delivery (top 50)
 +
sent cnt  bytes  defers  avg dly max dly host/domain
 +
-------- -------  -------  ------- ------- -----------
 +
    11    10914        0    7.4 s  24.0 s  zcs806.DOMAIN.com
  
!!! note - you get the auth plain string by doing [don't remove the \000 parts]:
+
Host/Domain Summary: Messages Received (top 50)
!!! perl -MMIME::Base64 -e 'print encode_base64("\000user\@mdomain.com\000your_password");'
+
msg cnt  bytes  host/domain
 +
-------- -------  -----------
 +
      5    2780  zcs806.DOMAIN.com
  
235 2.7.0 Authentication successful
+
top 50 Senders by message count
mail from:<ajcody@zcs723.EXAMPLE.com>
+
-------------------------------
250 2.1.0 Ok
+
      4  zimbra@zcs806.DOMAIN.com
rcpt to: <ajcody2@zcs723.EXAMPLE.com>
+
      1   admin@zcs806.DOMAIN.com
250 2.1.5 Ok
+
 
data
+
top 50 Recipients by message count
354 End data with <CR><LF>.<CR><LF>
+
----------------------------------
From: Adam <ajcody@zcs723.EXAMPLE.com>
+
    11  admin@zcs806.DOMAIN.com
To: Adam 2 <ajcody2@zcs723.EXAMPLE.com>
 
Subject: Test Auth LOGIN TLS Example
 
test
 
.
 
250 2.0.0 Ok: queued as BA68B1E78D1
 
quit
 
221 2.0.0 Bye
 
closed
 
</pre>
 
  
Example of logs events in /var/log/zimbra.log on the mta server [different test from the one above]:
+
top 50 Senders by message size
 +
------------------------------
 +
  1974  zimbra@zcs806.DOMAIN.com
 +
    806  admin@zcs806.DOMAIN.com
  
<pre>
+
top 50 Recipients by message size
Jun  7 08:28:52 zcs806 postfix/smtps/smtpd[8151]: connect from unknown[10.X.X.110]
+
---------------------------------
Jun  7 08:28:52 zcs806 postfix/smtps/smtpd[8151]: Anonymous TLS connection established
+
  10914  admin@zcs806.DOMAIN.com
  from unknown[10.1X.X.110]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
 
Jun  7 08:31:53 zcs806 saslauthd[3317]: zmauth: authenticating against elected url
 
  https://zcs806.us.DOMAIN.com:7071/service/admin/soap/' ...
 
Jun  7 08:31:53 zcs806 saslauthd[3317]: zmpost: url='https://zcs806.us.DOMAIN.com:7071/
 
  service/admin/soap/' returned buffer->data='<soap:Envelope xmlns:soap="
 
  http://www.w3.org/2003/05/soap-envelope"><soap:Header><context xmlns="urn:zimbra">
 
  <change token="75599"/></context></soap:Header><soap:Body><AuthResponse
 
  xmlns="urn:zimbraAccount"><authToken>0_b47233e5e226eb1c0519cd9c35da2fc198f[cut]272
 
  613b</authToken><lifetime>172800000</lifetime><skin>serenity</skin></AuthResponse>
 
  </soap:Body></soap:Envelope>', hti->error=''
 
Jun  7 08:31:53 zcs806 saslauthd[3317]: auth_zimbra: admin@zcs806.us.DOMAIN.com auth OK
 
Jun  7 08:32:47 zcs806 postfix/smtps/smtpd[8151]: 0279C3434: client=unknown[10.X.X.110],
 
  sasl_method=PLAIN, sasl_username=admin@zcs806.us.DOMAIN.com
 
Jun  7 08:33:32 zcs806 postfix/qmgr[3484]: 0279C3434: from=<admin@zcs806.us.DOMAIN.com>,
 
  size=400, nrcpt=1 (queue active)
 
Jun  7 08:33:33 zcs806 postfix/dkimmilter/smtpd[9661]: connect from localhost[127.0.0.1]
 
Jun  7 08:33:33 zcs806 postfix/dkimmilter/smtpd[9661]: Anonymous TLS connection established
 
  from localhost[127.0.0.1]: TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)
 
Jun  7 08:33:33 zcs806 postfix/dkimmilter/smtpd[9661]: 0F798344C: client=localhost[127.0.0.1]
 
Jun  7 08:33:33 zcs806 postfix/cleanup[9638]: 0F798344C: message-id=<20140607153247.0279C3434@DOMAIN.com>
 
Jun  7 08:33:33 zcs806 postfix/smtp[9660]: 0279C3434: to=<test@zcs806.us.DOMAIN.com>,
 
  relay=127.0.0.1[127.0.0.1]:10030, delay=63, delays=63/0.06/0.07/0.07, dsn=2.0.0, status=sent
 
  (250 2.0.0 Ok: queued as 0F798344C)
 
Jun  7 08:33:33 zcs806 postfix/dkimmilter/smtpd[9661]: disconnect from localhost[127.0.0.1]
 
Jun  7 08:33:33 zcs806 postfix/qmgr[3484]: 0F798344C: from=<admin@zcs806.us.DOMAIN.com>,
 
  size=627, nrcpt=1 (queue active)
 
Jun  7 08:33:33 zcs806 postfix/qmgr[3484]: 0279C3434: removed
 
Jun  7 08:33:38 zcs806 postfix/smtps/smtpd[8151]: disconnect from unknown[10.X.X.110]
 
</pre>
 
  
====To Confirm An Auth User Can't Send With Another FROM Address====
+
message deferral detail: none
  
The below example is using an auth has for ajcody@zcs723.EXAMPLE.com .
+
message bounce detail (by relay): none
  
<pre>
+
message reject detail
esx2:~ ajcody$ telnet zcs723.EXAMPLE.com 25
+
---------------------
Trying 10.137.27.32...
+
  MAIL
Connected to zcs723.EXAMPLE.com.
+
    5.3.4 Message size exceeds fixed limit (total: 3)
Escape character is '^]'.
+
          3  domain-ext.com
220 zcs723.EXAMPLE.com ESMTP Postfix
 
helo myworkstation
 
250 zcs723.EXAMPLE.com
 
ehlo myworkstation
 
250-zcs723.EXAMPLE.com
 
250-PIPELINING
 
250-SIZE 10240000
 
250-VRFY
 
250-ETRN
 
250-STARTTLS
 
250-AUTH LOGIN PLAIN
 
250-AUTH=LOGIN PLAIN
 
250-ENHANCEDSTATUSCODES
 
250-8BITMIME
 
250 DSN
 
AUTH PLAIN AGFqY29[cut]bQA5MzkzMWQxbQ==
 
235 2.7.0 Authentication successful
 
mail from: <admin@zcs723.EXAMPLE.com>
 
250 2.1.0 Ok
 
rcpt to: <ajcody2@zcs723.EXAMPLE.com>     
 
553 5.7.1 <admin@zcs723.EXAMPLE.com>: Sender address rejected: not owned by user ajcody@zcs723.EXAMPLE.com
 
</pre>
 
  
Notice how this is different when I'm telnet'ing from the server [localhost] back to itself.
+
message reject warning detail: none
  
<pre>
+
message hold detail: none
[root@zcs723 ~]# telnet localhost 25
 
Trying ::1...
 
telnet: connect to address ::1: Connection refused
 
Trying 127.0.0.1...
 
Connected to localhost.
 
Escape character is '^]'.
 
220 zcs723.EXAMPLE.com ESMTP Postfix
 
helo myworkstation
 
250 zcs723.EXAMPLE.com
 
ehlo myworkstation
 
250-zcs723.EXAMPLE.com
 
250-PIPELINING
 
250-SIZE 10240000
 
250-VRFY
 
250-ETRN
 
250-STARTTLS
 
250-AUTH LOGIN PLAIN
 
250-AUTH=LOGIN PLAIN
 
250-ENHANCEDSTATUSCODES
 
250-8BITMIME
 
250 DSN
 
AUTH PLAIN AGFqY29kAAAAAAAAAAAAAAAAAAAAAAAmNvbQA5MzkzMWQxbQ==
 
235 2.7.0 Authentication successful
 
mail from: <admin@zcs723.EXAMPLE.com>
 
250 2.1.0 Ok
 
rcpt to: <ajcody2@zcs723.EXAMPLE.com>
 
250 2.1.5 Ok
 
Subject: Test mynetwork bypasses From match to AUTH
 
221 2.7.0 Error: I can break rules, too. Goodbye.
 
Connection closed by foreign host.
 
</pre>
 
  
===Adding A New MTA Server===
+
message discard detail: none
  
Basic instructions can be found here:
+
smtp delivery failures: none
* http://www.zimbra.com/docs/ne/latest/multi_server_install/toc.html
 
** See "Installing Zimbra MTA on a Server"
 
  
Additional instructions needed beyond the above will follow as I hear about them.
+
Warnings
 +
--------
 +
  sendmail (total: 3)
 +
        1  or the command is run from a set-uid root process
 +
        1  the Postfix sendmail command has set-uid root file permissions
 +
        1  the Postfix sendmail command must be installed without set-uid ...
 +
  smtpd (total: 1)
 +
        1  7A735345A: queue file size limit exceeded
  
===Load Balancing For SMTP - Out Bound Mail===
+
Fatal Errors: none
  
Currently, '''5.x code''', you have the following options:
+
Panics: none
  
* Configure zimbraMtaRelayHost and zimbraSmtpHostname [[Ajcody-Server-Topics#Using_Different_SMTP_Server_For_Webclient_.28ZWC.29.2C_Mobiles.2C_And_ZCO|zimbraSmtpHostname Details]] to:
+
Master daemon messages: none
 +
</pre>
  
** An external load balancing device that will then split the traffic behind it
+
======client_usage_report.py======
** Setup a round-robin A record situation in your DNS for the external mta's you'll be using.
 
  
In, '''GNR/6.x''', you are able to add multiple targets to the variables and we'll have some degree of "balancing" between them.
+
This will give some stats on your mail activity. Note, there are some issue with this script double reporting mail counts etc, but it's useful to identify the top 50 for activity.
  
* "allow list for zimbraSmtpHostname"
+
<pre>
** http://bugzilla.zimbra.com/show_bug.cgi?id=10695
+
[zimbra@zcs806 ~]$ /opt/zimbra/libexec/client_usage_report.py
* "make zimbraSmtpHostname fault tolerant"
+
Reading /opt/zimbra/log/access_log.2014-04-17 ..
** http://bugzilla.zimbra.com/show_bug.cgi?id=36173
+
Reading /opt/zimbra/log/access_log.2014-04-18 ..
 +
Reading /opt/zimbra/log/access_log.2014-04-19 ..
 +
Reading /opt/zimbra/log/access_log.2014-04-20 ..
 +
Reading /opt/zimbra/log/access_log.2014-04-21 ..
 +
Reading /opt/zimbra/log/access_log.2014-04-22 ..
 +
Reading /opt/zimbra/log/access_log.2014-04-23 ..
 +
Writing /opt/zimbra/zmstat/client_usage_report_2014-04-24.csv ..
 +
</pre>
  
===User Alias Mapping And Mail Transport with Postfix & LDAP===
+
Then review the file it will create , it will give :  "user_agent","client_IP","req_count"
  
See [[User_Alias_Mapping_and_Mail_Transport_with_Postfix_%26_LDAP]]
+
<pre>
 +
[zimbra@zcs806 ~]$ cat /opt/zimbra/zmstat/client_usage_report_2014-04-24.csv
 +
"user_agent","client_IP","req_count"
 +
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:28.0) Gecko/20100101 Firefox/28.0","192.168.1.166","14"
 +
"Mozilla/5.0 (Windows NT 6.2; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0","192.168.1.166","93"
 +
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0","192.168.1.174","6"
 +
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:28.0) Gecko/20100101 Firefox/28.0","192.168.1.166","71"
 +
</pre>
  
====Multiple LDAP Servers?====
+
======qshape======
  
Completed RFE:
+
You can also look at the results of [[http://www.postfix.org/qshape.1.html qshape]] - the default is the active queue. For more on qshape, see [[http://www.postfix.org/QSHAPE_README.html Postfix Qshape Readme]] .
  
* "mta should be able to take a list of LDAP servers to take advantage of replicas."
+
<pre>
** http://bugzilla.zimbra.com/show_bug.cgi?id=9353
+
qshape deferred
*** zmmtainit to allow for multiple command line options that will set the URL. Grab the contents of the ldap_url localconfig variable.
+
              T  5 10 20 40 80 160 320 640 1280 1280+
 +
        TOTAL 12  0  0  0  0  0  0  0  0    0    12
 +
    gmail.com  9  0  0  0  0  0  0  0  0    0    9
 +
    yahoo.com 3  0  0  0  0  0  0  0  0    0    3
 +
</pre>
  
From :
+
======3rd Party Log Reports - postfix-logwatch and amavis-logwatch======
  
* http://www.postfix.org/ldap_table.5.html
+
Created RFE for us to include these in ZCS:
  
<pre>
+
* Include postfix-logwatch_and_amavis-logwatch
        server_host (default: localhost)
+
** https://bugzilla.zimbra.com/show_bug.cgi?id=89450
              The name of the host running the LDAP server,  e.g.
 
  
                  server_host = ldap.example.com
+
You can download them from http://logreporters.sourceforge.net/ . It's a fairly simply install, download and then extract - cd into extracted directory and as root type :
  
              Depending on the LDAP client library you're using,
+
  make install-standalone
              it should be possible to specify  multiple  servers
 
              here,  with the library trying them in order should
 
              the first one fail. It should also be  possible  to
 
              give  each  server  in  the  list  a different port
 
              (overriding server_port below), by naming them like
 
  
                  server_host = ldap.example.com:1444
+
They will install to /usr/local/bin/amavis-logwatch & postfix-logwatch . The config files are in /usr/local/etc/amavis-logwatch.conf & postfix-logwatch.conf . Here's an example of the output.
  
              With OpenLDAP, a (list of) LDAP URLs can be used to
+
/usr/local/bin/amavis-logwatch output example:
              specify both the hostname(s) and the port(s):
 
  
                  server_host = ldap://ldap.example.com:1444
+
<pre>
                              ldap://ldap2.example.com:1444
+
[root@zcs806 amavis-logwatch-1.51.02]# /usr/local/bin/amavis-logwatch /var/log/zimbra.log
 +
****** Summary *************************************************************************************
  
              All LDAP URLs accepted by the OpenLDAP library are
+
      4  Total messages scanned ------------------ 100.00%
              supported, including  connections over UNIX domain
+
  1.926K Total bytes scanned                          1,972
              sockets, and LDAP SSL (the last one  provided  that
+
========  ==================================================
              OpenLDAP was compiled with support for SSL):
 
  
                  server_host = ldapi://%2Fsome%2Fpath
+
      4  Passed ----------------------------------  100.00%
                              ldaps://ldap.example.com:636
+
      4    Clean passed                            100.00%
 +
========  ==================================================
  
**my note**
+
      4  Ham ------------------------------------- 100.00%
This thread - http://archives.neohapsis.com/archives/postfix/2004-09/1763.html
+
      4    Clean passed                            100.00%
give me the impression they made a mistake in modifying the help file on this
+
========  ==================================================
and they dropped the use/need of the command:
 
  
  server_host = ldap://ldap.example.com:1444, ldap://ldap2.example.com:1444
 
</pre>
 
  
Just a small note on where var shows up:
+
==================================================================================
 +
Spam Score Percentiles        0%      50%      90%      95%      98%      100%
 +
----------------------------------------------------------------------------------
 +
Score Ham (4)            -1.900    -1.900    -1.900    -1.900    -1.900    -1.900
 +
==================================================================================
  
<pre>
+
======================================================================================================
[root@mail3 conf]# pwd
+
Spam Score Frequency      <= -10    <= -5      <= 0      <= 5    <= 10    <= 20    <= 30      > 30
/opt/zimbra/conf
+
------------------------------------------------------------------------------------------------------
[root@mail3 conf]# grep server_host *
+
Hits (4)                      0        0        4        0        0        0        0        0
amavisd.conf.in:$myhostname = '@@zimbra_server_hostname@@';  # must be a fully-qualified domain name!
+
Percent of Hits            0.00%    0.00%  100.00%    0.00%    0.00%    0.00%    0.00%    0.00%
ldap-scm.cf:server_host = ldap://mail3.zimbra.DOMAIN.com:389
+
======================================================================================================
ldap-transport.cf:server_host = ldap://mail3.zimbra.DOMAIN.com:389
 
ldap-vad.cf:server_host = ldap://mail3.zimbra.DOMAIN.com:389
 
ldap-vam.cf:server_host = ldap://mail3.zimbra.DOMAIN.com:389
 
ldap-vmd.cf:server_host = ldap://mail3.zimbra.DOMAIN.com:389
 
ldap-vmm.cf:server_host = ldap://mail3.zimbra.DOMAIN.com:389
 
localconfig.xml:  <key name="zimbra_server_hostname">
 
zmmta.cf: LOCAL zimbra_server_hostname
 
zmmta.cf: POSTCONF myhostname LOCAL zimbra_server_hostname
 
 
</pre>
 
</pre>
  
References:
+
/usr/local/bin/postfix-logwatch output example:
  
* http://archives.neohapsis.com/archives/postfix/2000-04/0200.html
+
<pre>
 +
[root@zcs806 amavis-logwatch-1.51.02]# /usr/local/bin/postfix-logwatch /var/log/zimbra.log
  
===Traditional Aliases Use - /etc/aliases type lookups===
+
****** Summary *************************************************************************************
  
Filed this RFE:
+
      1  *Warning: Queue file size limit exceeded
* "Support traditional email aliases via aliases file or ldap - admin console view"
+
 
** http://bugzilla.zimbra.com/show_bug.cgi?id=33642
+
  6.512K  Bytes accepted                              6,668
*** Aliases use without being tied into authentication methods or consuming a license file.
+
  1.928K  Bytes sent via SMTP                          1,974
 +
  4.584K  Bytes sent via LMTP                          4,694
 +
========  ==================================================
  
===Allowing Accounts To Change The From Address===
+
      10  Accepted                                    76.92%
 +
      3  Rejected                                    23.08%
 +
--------  --------------------------------------------------
 +
      13  Total                                      100.00%
 +
========  ==================================================
  
Please see:
+
      3  5xx Reject message size                    100.00%
 +
--------  --------------------------------------------------
 +
      3  Total 5xx Rejects                          100.00%
 +
========  ==================================================
  
* [http://www.zimbra.com/forums/installation/18171-solved-setting-up-email-response-aliases-non-system-domains.html#post92121 Changing The From Field]
+
      10  Connections
 +
      10  Disconnections
 +
      8  Removed from queue
 +
      4  Sent via SMTP
 +
      4  Sent via LMTP
 +
      4  Filtered
  
====Related BUG/RFE's====
+
****** Detail (10) *********************************************************************************
  
* Identities: Auto verify user settable from address [marked as dup of 29974]
+
      3  5xx Reject message size -----------------------------------------------------------------
** http://bugzilla.zimbra.com/show_bug.cgi?id=12094
+
      3      192.168.1.166    remote.domain.com
* persona/external account from field address verification
+
      3        *unavailable
** http://bugzilla.zimbra.com/show_bug.cgi?id=29974
+
      3            *unavailable
* ZCO Support for zimbraAllowAnyFromAddress
 
** http://bugzilla.zimbra.com/show_bug.cgi?id=31278
 
  
===Creating A Domain Alias===
+
      4  Sent via SMTP ---------------------------------------------------------------------------
 +
      4      zcs806.DOMAIN.com
  
Please see [[ManagingDomains#Creating_a_Domain_Alias]]
+
      4  Sent via LMTP ---------------------------------------------------------------------------
 +
      4      zcs806.DOMAIN.com
  
===Relay Domain Forwarding===
+
      4  Filtered --------------------------------------------------------------------------------
 
+
      2      smtp-amavis:[127.0.0.1]:10024
Please see [[ManagingDomains#Relaying.2FDomain_Forwarding]]
+
      2        Sender address
 
+
      1            admin@zcs806.DOMAIN.com
===Domain Catchall===
+
      1              admin@zcs806.DOMAIN.com
 
+
      1                  192.168.1.166    remote.domain.com
Please see [[ManagingDomains#Domain_Catchall]]
+
      1            user@DOMAIN.com
 
+
      1              admin@zcs806.DOMAIN.com
===Rewriting From Address For Outbound Email===
+
      1                  192.168.1.184    remote2.domain.com
 +
      2      smtp-amavis:[127.0.0.1]:10026
 +
      2        Sender address
 +
      1            admin@zcs806.DOMAIN.com
 +
      1              admin@zcs806.DOMAIN.com
 +
      1                  192.168.1.166    remote.domain.com
 +
      1            user@DOMAIN.com
 +
      1              admin@zcs806.DOMAIN.com
 +
      1                  192.168.1.184    remote2.domain.com
  
Please see [[ManagingDomains#Domain_Masquerading]]
+
=== Delivery Delays Percentiles ============================================================
 +
                    0%      25%      50%      75%      90%      95%      98%      100%
 +
--------------------------------------------------------------------------------------------
 +
Before qmgr      0.04      0.09      0.11      0.11      0.23      0.35      0.43      0.48
 +
In qmgr          0.00      0.00      0.01      0.01      0.04      0.07      0.08      0.09
 +
Conn setup        0.00      0.01      0.29      1.30      2.05      2.23      2.33      2.40
 +
Transmission      0.10      2.81      4.85      9.60    21.00    21.00    21.00    21.00
 +
Total            0.20      2.91      5.20    11.00    23.30    23.65    23.86    24.00
 +
============================================================================================
 +
</pre>
  
===Rewrite Recipient Address For Incoming Email===
+
'''Note''' - First, look at the options each command has using the -h output. You might want to use --full when doing an investigation and also include a wildcard - /var/log/zimbra.lo* to take in all the log data. For example:
  
There is a way to rewrite the incoming mail, but it's not a standard Zimbra feature. You can implement it as a configuration change in Postfix.  Here's what you do:
+
<pre>
 +
[zimbra@zcs806 ~]$ /usr/local/bin/postfix-logwatch --full /var/log/zimbra.lo*
 +
****** Summary *************************************************************************************
  
# Create a file in /opt/zimbra/conf named 'postfix_recipientmap'. 
+
      9  *Fatal:   General fatal
#* The format is a single line that reads something like: @alias.domain.com @domain.com
+
      1  *Warning: Queue file size limit exceeded
# Run 'postmap postfix_recipientmap' in the conf directory.
+
      21  Miscellaneous warnings
# Run "postconf -e recipient_canonical_maps=hash:/opt/zimbra/conf/postfix_recipientmap".
 
# Run 'postfix reload'.
 
  
This will cause postfix to map any incoming mail with a recipient of '@alias.domain.com' to '@domain.com'You will need to re-apply this postconf change after upgrades, though the postfix_recipientmap file should survive.
+
710.888K  Bytes accepted                            727,949
 +
193.036K  Bytes sent via SMTP                        197,669
 +
520.114K Bytes sent via LMTP                        532,597
 +
========  ==================================================
  
===Automatic BCC===
+
    1041  Accepted                                    99.71%
 +
      3  Rejected                                    0.29%
 +
--------  --------------------------------------------------
 +
    1044  Total                                      100.00%
 +
========  ==================================================
  
====Option 1 - Via Postfix Customization====
+
      3  5xx Reject message size                    100.00%
 +
--------  --------------------------------------------------
 +
      3  Total 5xx Rejects                          100.00%
 +
========  ==================================================
  
From the postfix website:
+
      65  Connections
 
+
      65  Disconnections
*always_bcc = address
+
    1041  Removed from queue
** Deliver a copy of all mail to the specified address. In Postfix versions before 2.1, this feature is implemented by smtpd(8), qmqpd(8), or pickup(8).
+
    523  Sent via SMTP
* sender_bcc_maps = type:table
+
    517  Sent via LMTP
** Search the specified "type:table" lookup table with the envelope sender address for an automatic BCC address. This feature is available in Postfix 2.1 and later.
+
      2   Bounced (local)
* recipient_bcc_maps = type:table
+
      1  Bounced (remote)
** Search the specified "type:table" lookup table with the envelope recipient address for an automatic BCC address. This feature is available in Postfix 2.1 and later.
+
      9  Filtered
* Note: automatic BCC recipients are produced only for new mail. To avoid mailer loops, automatic BCC recipients are not generated for mail that Postfix forwards internally, nor for mail that Postfix generates itself.
+
      2   Notifications sent
  
Please see the following:
+
      4  Timeouts (inbound)
 +
      1  PIX workaround enabled
  
* A very nice forum post on the subject from our very own mmorse
+
****** Detail (10) *********************************************************************************
** http://www.zimbra.com/forums/administrators/28606-master-incoming-outgoing-archive.html#post134490
 
* Postfix workaround
 
** http://www.postfix.com/ADDRESS_REWRITING_README.html#auto_bcc
 
* "User defined auto bcc"
 
** http://bugzilla.zimbra.com/show_bug.cgi?id=15306
 
* "Next rev of (mail) identities preferences management (server side)"
 
** http://bugzilla.zimbra.com/show_bug.cgi?id=17320
 
  
====Option 2 - Via ZCS Legal Intercept====
+
      9  *Fatal:  General fatal -----------------------------------------------------------------
 +
      3      Queue report unavailable - mail system is down
 +
      3      Usage: sendmail [options]
 +
      2     The Postfix mail system is not running
 +
      1      Usage: send-mail [options]
  
Generally used for [[Ajcody-User-Management-Topics#Managing_Legal_Requests_for_Information|Managing Legal Requests for Information]]
+
      21  Miscellaneous warnings ------------------------------------------------------------------
 +
      7      or the command is run from a set-uid root process
 +
      7      the Postfix sendmail command has set-uid root file permissions
 +
      7      the Postfix sendmail command must be installed without set-uid root file permissions
  
Description:
+
      3  5xx Reject message size -----------------------------------------------------------------
:: The ZCS legal intercept feature is used to obtain copies of email messages that are sent, received, or saved as drafts from targeted accounts and send these message to a designated “shadow” email address. Legal Intercept can be configured to send the complete content of the message or to send only the header information. When a targeted account sends, receives, or saves a draft message, an intercept message is automatically created to forward copies of the messages as attachments to the specified email address.
+
      3      10.X.X.166    fence.DOMAIN.com
 +
      3        *unavailable
 +
      3            *unavailable
  
Please see:
+
    523  Sent via SMTP ---------------------------------------------------------------------------
* http://www.zimbra.com/docs/ne/latest/administration_guide/managing_other_zcs_features.8.1.html
+
    507      86.lab
* http://wiki.zimbra.com/index.php?title=Legal_Intercept
+
      15      zcs806.DOMAIN.com
* http://bugzilla.zimbra.com/show_bug.cgi?id=17539
+
      1      domaina.com
  
====Option 3 - Zimbra's Archiving And Discovery====
+
    517  Sent via LMTP ---------------------------------------------------------------------------
 +
    507      86.lab
 +
      10      zcs806.DOMAIN.com
  
See [[Ajcody-Notes-Archive-Discovery]] concerning A&D setup and options.
+
      2  Bounced (local) -------------------------------------------------------------------------
 
+
      2      5.0.0: Permanent failure: Other/Undefined status: Other undefined status
===Limiting Or Increasing Number Of Recipents / Messages===
+
      2        zcs806.DOMAIN.com
 +
      2            Zcs806.DOMAIN.com
 +
      1              subject:test
 +
      1              zimbra
  
====Mailing Lists - Distribution Lists====
+
      1  Bounced (remote) ------------------------------------------------------------------------
 +
      1      5.0.0: Permanent failure: Other/Undefined status: Other undefined status
 +
      1        domain.com
 +
      1            user
 +
      1              64.X.X.28      sentry.DOMAIN.com
 +
      1                  505 5.0.0 Unknown recipient: RCPT TO
  
Please see [[Ajcody-MailingLists-And-Mailman#Problems_Resolving_Virtual_Aliases_For_Members_Of_Large_Distribution_Lists]]
+
      9  Filtered --------------------------------------------------------------------------------
 
+
      7      smtp-amavis:[127.0.0.1]:10026
====Policy Daemon====
+
      7        Sender address
 
+
      3            admin@zcs806.DOMAIN.com
If you want to restrict messages per hour,  you can look into Policy Daemon:
+
      3              admin@zcs806.DOMAIN.com
 
+
      2                  10.X.X.36    zcs806.DOMAIN.com
* http://wiki.zimbra.com/wiki/Postfix_Policyd
+
      1                  10.X.X.166    gatewayXX.DOMAIN.com
* http://wiki.zimbra.com/wiki/How-to_for_cbpolicyd
+
      2            zimbra@zcs806.DOMAIN.com
* http://www.policyd.org/features.html
+
      2              admin@zcs806.DOMAIN.com
 +
      2                  10.X.X.36    zcs806.DOMAIN.com
 +
      1            ajcody@DOMAIN.com
 +
      1              admin@zcs806.DOMAIN.com
 +
      1                  10.X.X.184    edgeXX.DOMAIN.com
 +
      1            san5@zcs806.DOMAIN.com
 +
      1              b@zcs806.DOMAIN.com
 +
      1                  10.X.X.36    zcs806.DOMAIN.com
 +
      2      smtp-amavis:[127.0.0.1]:10024
 +
      2        Sender address
 +
      1            admin@zcs806.DOMAIN.com
 +
      1              admin@zcs806.DOMAIN.com
 +
      1                  10.X.X.166    gatewayXX.DOMAIN.com
 +
      1            ajcody@DOMAIN.com
 +
      1              admin@zcs806.DOMAIN.com
 +
      1                  10.X.X.184    edgeXX.DOMAIN.com
  
Beta release in ZCS 7 , see:
+
      2  Notifications sent ----------------------------------------------------------------------
 +
      2      Non-delivery
 +
      2        sender
  
* "make support for postfix-policyd easier"
+
      4  Timeouts (inbound) ----------------------------------------------------------------------
** http://bugzilla.zimbra.com/show_bug.cgi?id=8791
+
      4      After END-OF-MESSAGE
  
====Postfix====
+
      1  PIX workaround enabled ------------------------------------------------------------------
 +
      1      disable_esmtp delay_dotcrlf
 +
      1        64.X.X.28      sentry.DOMAIN.com
  
Also, there are some default postfix parameters set to control sending a message to x amount recipients. The parameters you will need to look at are smtpd_recipient_limit & smtpd_recipient_overshoot_limit, these have a default value of 1000.
+
=== Delivery Delays Percentiles ============================================================
 +
                    0%      25%      50%      75%      90%      95%      98%      100%
 +
--------------------------------------------------------------------------------------------
 +
Before qmgr      0.01      0.03      0.06      0.14      0.27      0.34      0.48      2.60
 +
In qmgr          0.00      0.00      0.08    117.50    193.00    216.00    231.48    246.00
 +
Conn setup        0.00      0.00      0.00      0.00      0.02      0.04      0.22    20.00
 +
Transmission      0.05      0.09      3.60      9.80    10.00    10.00    11.00    160.00
 +
Total            0.07      0.13      3.80    129.00    203.00    226.00    241.64    259.00
 +
============================================================================================
 +
</pre>
  
Postfix defines these parameters as:
+
======zmaccts======
  
* smtpd_recipient_limit: The maximum number of recipients that the Postfix SMTP server accepts per message delivery request.
+
One way to note accounts that are actively logging in vs. those that aren't, can help shrink the number of accounts you might want to investigate or monitor. [example below, I cut out a lot of the accounts]
* smtpd_recipient_overshoot_limit: The number of recipients that a remote SMTP client can send in excess of the limit specified with $smtpd_recipient_limit, before the Postfix SMTP server increments the per-session error count for each excess recipient.
 
  
From the command line you can change the default values.
+
<pre>
 +
          account                          status            created      last logon
 +
------------------------------------  -----------    ---------------  ---------------
 +
zcstest001@zcs806.DOMAIN.com                active      01/20/14 18:47  03/02/14 21:11
 +
zcstest002@zcs806.DOMAIN.com                active      01/30/14 01:48  02/19/14 00:07
 +
admin-20140415@zcs806.DOMAIN.com            active      04/15/14 14:42            never
 +
archtest-prod-20140402@zcs806.DOMAIN        active      04/02/14 07:42            never
  
  su - zimbra
+
          account                          status            created      last logon
postconf -e smtpd_recipient_limit=<new value>
+
------------------------------------  -----------    --------------- ---------------
postconf -e smtpd_recipient_overshoot_limit=<new value>
+
bruce@test1.lab                            active      02/22/14 09:32            never
postfix reload
+
test.cal@test1.lab                          active      04/06/14 05:35  04/06/14 05:35
 +
test200@test1.lab                          active      04/12/14 00:50            never
  
====Bugs RFE's For Customers To Get Behind====
+
                                domain summary
  
I'm wondering if policyd gives one the control everyone is looking for? I've not used it myself.
+
    domain                  active    closed    locked    maintenance    total
 +
-----------------------  --------  --------  --------  -------------  --------
 +
test1.lab                        3        0        0              0        3
 +
test2.com                        2        0        0              0        2
 +
angad.com                        2        0        0              0        2
 +
test.test                        3        0        0              0        3
 +
test.DOMAIN.com                  6        0        0              0        6
 +
zcs806.DOMAIN.com              58        0        0              0        58
 +
zcs806.DOMAIN.com                2        0        0              0        2
 +
</pre>
  
Policyd References:
+
=====By Authentication Attempts=====
* http://www.policyd.org/tiki-index.php?page=Documentation
 
* http://www.policyd.org/tiki-index.php?page=Quotas&structure=Documentation
 
* http://www.policyd.org/tiki-index.php?page=Accounting&structure=Documentation
 
* http://www.policyd.org/tiki-index.php?page=Policies%20%26%20Groups&structure=Documentation
 
* http://wiki.zimbra.com/index.php?title=Postfix_Policyd
 
  
There's other additions [add-on's] one can get for policyd.
+
A fast way to see who is doing a lot of authentications, which normally happens when a spammer has compromised an account with a weak password, is to do:
  
We have this RFE in regards to policyd support:
+
<pre>
 
+
# cat /var/log/zimbra.log | sed -n 's/.*sasl_username=//p' | sort | uniq -c | sort -n
* "make support for postfix-policyd easier"
+
      1 Auser@domain.com
** http://bugzilla.zimbra.com/show_bug.cgi?id=8791
+
      3 Buser@domain.com
*** Target Milestone currently for Helix release [ http://pm.zimbra.com ]
+
      4 Cuser@domain.com
+
      5 Duser@domain.com
Other related rfe/bugs, specially to push variables into admin web console:
+
    36 SPAMMER@domain.com
 +
</pre>
  
* "rate limit amount of mail sent via web client"
+
'''Note - This might take a long time, if so - try pruning it down'''
** http://bugzilla.zimbra.com/show_bug.cgi?id=22300
 
*** *Target Milestone currently for Helix release
 
* "mta "advanced" tab"
 
** http://bugzilla.zimbra.com/show_bug.cgi?id=14645
 
*** Target Milestone currently for Helix release
 
* "Option to IP Blocking through UI"
 
** http://bugzilla.zimbra.com/show_bug.cgi?id=19240
 
*** Target Milestone currently for Helix release
 
* "Mail policies and access control for sending to distribution lists"
 
** http://bugzilla.zimbra.com/show_bug.cgi?id=9620
 
*** Target Milestone currently for GunsNRoses
 
  
===Controlling SMTPD Client Connections===
+
Example:
 
+
<pre>
Mmorse did a good write up on these variables in the forum:
+
# cat /var/log/zimbra.log | grep sasl_username > /tmp/zimbra_sasl_username.txt
 +
# cat /tmp/zimbra_sasl_username.txt | sed -n 's/.*sasl_username=//p' | sort | uniq -c | sort -n
 +
      1 Auser@domain.com
 +
      3 Buser@domain.com
 +
      4 Cuser@domain.com
 +
      5 Duser@domain.com
 +
    36 SPAMMER@domain.com
 +
</pre>
  
* http://www.zimbra.com/forums/administrators/13591-solved-limit-max-recipriants.html#post69582
+
The full log event will look like this:
 +
<pre>
 +
zimbra1 postfix/smtpd[29431]: B28914D5978: client=xxxxx.server.com[w.x.y.z], sasl_method=LOGIN, sasl_username=user
 +
zimbra1 postfix/cleanup[5522]: B28914D5978: message-id=<20090420154255.B28914D5978@zimbraserver.com>
 +
zimbra1 postfix/qmgr[20690]: B28914D5978: from=<spam@spam.com>, size=6026, nrcpt=10 (queue active)
 +
zimbra1 postfix/cleanup[3983]: 2BA56465D28: message-id=<20090420154255.B28914D5978@zimbraserver.com>
 +
</pre>
  
Postfix Resources At Their Site (All Clients/Connections):
+
Against your older logs, you could:
* [http://www.postfix.org/TUNING_README.html#conn_limit Measures against clients that make too many connections]
 
* [http://www.postfix.org/anvil.8.html  anvil - Postfix session count and request rate control]
 
* [http://www.postfix.org/postconf.5.html#anvil_rate_time_unit anvil_rate_time_unit - The time unit over which client connection rates and other rates are calculated.]
 
* [http://www.postfix.org/postconf.5.html#smtpd_client_connection_count_limit smtpd_client_connection_count_limit - How many simultaneous connections any client is allowed to make to this service. ]
 
* [http://www.postfix.org/postconf.5.html#smtpd_client_message_rate_limit smtpd_client_message_rate_limit - The maximal number of message delivery requests that any client is allowed to make to this service per time unit, regardless of whether or not Postfix actually accepts those messages.]
 
* [http://www.postfix.org/postconf.5.html#smtpd_client_recipient_rate_limit smtpd_client_recipient_rate_limit - The maximal number of recipient addresses that any client is allowed to send to this service per time unit, regardless of whether or not Postfix actually accepts those recipients.]
 
* [http://www.postfix.org/postconf.5.html#smtpd_client_connection_rate_limit smtpd_client_connection_rate_limit - The maximal number of connection attempts any client is allowed to make to this service per time unit.]
 
  
Postfix Resources At Their Site (Exceptions To Clients/Connections Or Single Source):
+
<pre>
* [http://www.postfix.org/postconf.5.html#smtpd_client_event_limit_exceptions smtpd_client_event_limit_exceptions - Clients that are excluded from connection count, connection rate, or SMTP request rate restrictions.]
+
# zcat /var/log/zimbra.log* | sed -n 's/.*sasl_username=//p' | sort | uniq -c | sort -n
 +
</pre>
  
===Restrictions===
+
And you can look at the specific information for the user in question with:
  
Besides using external mailing list software, [[Ajcody-MailingLists-And-Mailman#Mailman_-_Mailing_List_Manager|Mailman]] or [[Ajcody-MailingLists-And-Mailman#Sympa_-_Mailing_List_Manager|Sympa]], here's some other topical items in regards to restrictions.
+
<pre>
 +
# grep -C2 "sasl_username=SPAMMER@domain.com" /var/log/zimbra.log
 +
</pre>
  
Some user contributed articles:
+
Or if searching against the older logs:
  
* [[RestrictPostfixRecipients]]
+
<pre>
* [[Restrict_sending_to_certain_domains]]
+
# zgrep -C2 "sasl_username=SPAMMER@domain.com" /var/log/zimbra.log*
* [[Restrict_users_to_certain_domain]]
+
</pre>
* [http://www.zimbra.com/forums/administrators/15041-guide-postifx-how-multiple-access-lists-protected-distribution-lists.html Forum Post: GUIDE: Postifx: HOW TO: Multiple access lists for protected Distribution-lists]
 
  
Some Postfix references:
+
If you want to check on a specific message ID, do:
  
* http://www.postfix.org/RESTRICTION_CLASS_README.html#internal
+
<pre>
* http://www.postfix.org/SMTPD_POLICY_README.html
+
grep 9DF7520804A /var/log/zimbra.log*
 +
</pre>
  
Some RFE's related to mta based restrictions [targets are based upon today - July 21, 2010]:
+
For older message logs:
  
* "Dynamic distribution lists - Internal Directory"
+
<pre>
** http://bugzilla.zimbra.com/show_bug.cgi?id=3884
+
zgrep 9DF7520804A /var/log/zimbra.log*
* "per-domain send restriction" - Not Committed
+
</pre>
** http://bugzilla.zimbra.com/show_bug.cgi?id=5595
+
 
*** These are marked as dup's of the above:
+
To read/view the message in the queue:
**** "disable outbound e-mail for one user"
+
 
***** http://bugzilla.zimbra.com/show_bug.cgi?id=34654
+
/opt/zimbra/postfix/sbin/postcat -q 9DF7520804A
**** "Add an facility to detemine internal relay users in admin"
+
 
***** http://bugzilla.zimbra.com/show_bug.cgi?id=33255
+
One would then normally lock/change password on the one account showing the most activity. Grep'ing the /var/log/zimbra.log with the username in question will also show the ip address being used, this can be blocked with your firewall.
* "policy for who can send to a distribution lists" - Helix
+
 
** http://bugzilla.zimbra.com/show_bug.cgi?id=9620
+
To be alerted of a compromised account and have it lock automatically see below. Slightly modified from this reference : http://www.zimbra.com/forums/administrators/62613-identify-compromised-accounts.html#post278732 :
*** RFE 9620 is also a blocker for the following RFE:
+
 
**** "milter to check if sender can send to a distribution list"
+
<pre>
***** http://bugzilla.zimbra.com/show_bug.cgi?id=46311
+
 
*** These are marked as dup's of the above:
+
#!/bin/bash
**** "Ability to Specify Mail Policy"
+
# checks log file and gets a count of authentications sent per minute, per user
***** http://bugzilla.zimbra.com/show_bug.cgi?id=5555
+
# and if the count exceeds the maxmails value the user's account is locked.
**** "domain level filters rules"
+
 
***** http://bugzilla.zimbra.com/show_bug.cgi?id=6128
+
logfile="/var/log/zimbra.log"
**** "Distribution List Restrictions"
+
maxmails="10"
***** http://bugzilla.zimbra.com/show_bug.cgi?id=7104
+
mydomain="example.com"
**** "Feature request - Mail Policies"
+
support="<postmaster-userid>@$mydomain"
***** http://bugzilla.zimbra.com/show_bug.cgi?id=9328
+
accounts="/tmp/active_accounts"
**** "limit  "send from"  to certain domains"
 
***** http://bugzilla.zimbra.com/show_bug.cgi?id=12038
 
**** "'Internal email only' options in admin control panel"
 
***** http://bugzilla.zimbra.com/show_bug.cgi?id=16671
 
**** "Access control for free busy and resources (ie permission to invite)"
 
***** http://bugzilla.zimbra.com/show_bug.cgi?id=22913
 
**** "RFE: Admin GUI: Restrict the use of Distribution List among users."
 
***** http://bugzilla.zimbra.com/show_bug.cgi?id=29305
 
* "Implement smtpd_sender_restrictions"
 
** http://bugzilla.zimbra.com/show_bug.cgi?id=15808
 
* "How to restrict a user to only send via zwc"
 
** http://bugzilla.zimbra.com/show_bug.cgi?id=16623
 
* "enable configuration of  "smtpd_sender_restriction""
 
** http://bugzilla.zimbra.com/show_bug.cgi?id=22363
 
  
===Spam Control And Related Issues===
+
su zimbra -c "/opt/zimbra/bin/zmaccts" | grep "@" | grep active | awk '{print $1}' > $accounts
  
====High Over View Steps Of What To Do====
+
zgrep -i "auth ok" $logfile | sed 's/  / /g' | awk -F"[ :]" '{print $3":"$4,$11;}' | uniq -c | sort -n | \
 +
while read line
 +
do
 +
    count=`echo ${line} | cut -d' ' -f 1`
 +
    userid=`echo ${line} | cut -d' ' -f 3`
 +
    timestamp=`echo ${line} | cut -d' ' -f 2`
 +
    active=`grep "$userid@$mydomain" $accounts`
  
* '''Step 1:''' Confirm your not an open relay and double check your postfix $mynetworks variable.
+
    if [ "$count" -gt "$maxmails" ] && [ "$active" == "$userid@$mydomain" ]; then
** [[ZimbraMtaMyNetworks|ZimbraMtaMyNetworks And Postfix mynetworks]]
+
        echo "Maximum email rate exceeded, $userid@$mydomain will be locked"
** [[Ajcody-MTA-Postfix-Topics#Open_Relay_Check|Open Relay Check]]
+
        su zimbra -c "/opt/zimbra/bin/zmprov ma $userid@$mydomain zimbraAccountStatus locked"
* '''Step 2:''' Stop or put on-hold mail queue.
+
        subject="$userid account locked due to excessive connections"
** Put all messages into HOLD queue:
+
        # Email text/message
*** Get a report of your current mailq [can be useful if you clean out the queue later but need to identify what external mail hosts are now denying you and who you'll need to contact about getting removed from their denial list]
+
        message="/tmp/emailmessage.txt"
**** Example: /opt/zimbra/postfix/sbin/mailq > /tmp/zimbra_mailq_report.txt
+
        echo "$userid account has been locked as there were $count connections made at"> $message
*** /opt/zimbra/postfix/sbin/postsuper -h ALL
+
        echo "$timestamp. Please have the user change their password, and check for phishing" >>$message
** Or put all messages match compromised account into HOLD queue:
+
        echo "emails if possible." >>$message
*** /opt/zimbra/postfix/sbin/mailq | grep user_compromised@domain | awk '{ print $1 }' | tr -d '!*' | /opt/zimbra/postfix/sbin/postsuper -h -
+
        # send an email using /bin/mail
**** Note, this is an example - you might with the grep grab more than the compromised account with the match.
+
        /usr/bin/mail -s "$subject" "$support" < $message
** See whole section - [[Ajcody-MTA-Postfix-Topics#Managing_Postfix_Queue| Managing The Postfix Queue]]
+
        rm -f $message
* '''Step 3:''' Check your mail log [On ZCS servers running MTA services] - /var/log/zimbra.log
 
** [[Ajcody-MTA-Postfix-Topics#Understanding_.2Fvar.2Flog.2Fzimbra.log_And_Postfix_Log_Events| Understanding the zimbra.log file and Postfix log events.]] , see subsection about queue ID and message ID also.
 
** [[Ajcody-MTA-Postfix-Topics#Who.27s_My_Spammer.3F| Who's My Spammer?]]
 
* '''Step 4:''' Identify compromised account authenticating SMTP AUTH connection or block ip address where emails are coming from at firewall.
 
** [[Ajcody-MTA-Postfix-Topics#Who.27s_My_Spammer.3F| Who's My Spammer?]]
 
** Continue to monitor compromised account and block ip addresses:
 
*** tail -f /var/log/zimbra.log | grep username | grep sasl
 
**** Jun  8 18:14:10 mail postfix/smtpd[15794]: 004358EEB16: client=unknown[XXXX.236.197.216], sasl_method=LOGIN, sasl_username=username@domain
 
* '''Step 5:''' Disable the exploited email account, expire auth session, etc.
 
** [[Ajcody-User-Management-Topics#Resetting_A_User.27s_Account_From_CLI| Resetting Or Expiring User Auth]]
 
** '''Note''' - Restarting the mta services will be important once you reset the password/s or lock the account. It's required to ensure the active connections will be closed and any existing auth tokens no longer are valid. See:
 
*** Force currently active SMTP authenticated sessions to be renegotiated when locking an account
 
**** https://bugzilla.zimbra.com/show_bug.cgi?id=80299
 
* '''Step 6:''' Move the mail queue or delete the spam email
 
** See whole section - [[Ajcody-MTA-Postfix-Topics#Managing_Postfix_Queue| Managing The Postfix Queue]]
 
* '''Step 7:''' Release Mail queue
 
  
====Who's My Spammer?====
+
        #update list of active accounts
 +
        su zimbra -c "/opt/zimbra/bin/zmaccts" | grep "@" | grep active | awk '{print $1}' > $accounts
 +
    fi
 +
done
  
=====Getting Some Initial Summary Data=====
+
rm -f $accounts
  
======zmdialyreport======
+
</pre>
  
First, some notable bug/RFE's in regards to the zmdailyreport:
+
Then run it as a cron job.  The frequency will depend on the number of accounts you're managing.
  
* RFE - add explanations to Daily mail report / pflogsumm.pl output
+
<pre>
** https://bugzilla.zimbra.com/show_bug.cgi?id=86630
+
* * * * * /opt/zimbra/find_spammer.sh
* Daily mail report shows incorrect output because pflogsumm.pl doubles the result
+
</pre>
** https://bugzilla.zimbra.com/show_bug.cgi?id=84444
+
 
* Descriptions of mta_counts numbers vs daily reports and other msg stats
+
=====By Connecting IP - Useful For Blocking IP At Firewall=====
** https://bugzilla.zimbra.com/show_bug.cgi?id=79632
 
  
You can first get some summary data by doing the following:
+
See also the following:
  
<pre>
+
* http://wiki.zimbra.com/wiki/Log_Files#Logging_the_Originating_IP
[zimbra@zcs806 ~]$ /opt/zimbra/libexec/zmdailyreport
 
  
Grand Totals
+
To find the originating IP address of where the emails are coming from:
------------
 
messages
 
  
      7  received
+
grep 'connect from' /var/log/zimbra.log | sed 's/.*connect from.*\[\(.[^]]*\)\]/\1/g' | sort | uniq -c | sort -nr | head
    11  delivered
 
      0  forwarded
 
      0  deferred
 
      0  bounced
 
      3  rejected (21%)
 
      0  reject warnings
 
      0  held
 
      0  discarded (0%)
 
  
  2780  bytes received
+
To check your older logs [example output below]:
  10914  bytes delivered
+
 
      2  senders
+
<pre>
      1   sending hosts/domains
+
zgrep 'connect from' /var/log/zimbra.log* | sed 's/.*connect from.*\[\(.[^]]*\)\]/\1/g' | sort | uniq -c | sort -nr | head
      1   recipients
+
    36 10.137.xx.34
      1  recipient hosts/domains
+
    34 127.0.0.1
 +
</pre>
 +
 
 +
=====Open Relay Check=====
 +
 
 +
You should also confirm you aren't an open relay.
  
 +
<pre>
 +
$ host -t mx DOMAIN.com
 +
DOMAIN.com mail is handled by 10 mail.DOMAIN.com.
  
Per-Hour Traffic Summary
+
$ telnet mail.DOMAIN.com 25
    time          received  delivered  deferred    bounced    rejected
+
Trying 184.###.##.## ...
    --------------------------------------------------------------------
+
Connected to mail.DOMAIN.com.
    0000-0100          0          0          0          0          0
+
Escape character is '^]'.
    0100-0200          1          3          0          0          0
+
220 mail.DOMAIN.com ESMTP Postfix
    0200-0300          0          0          0          0          0
+
helo support.test
    0300-0400          0          0          0          0          0
+
250 mail.DOMAIN.com
    0400-0500          0          0          0          0          0
+
mail from:<SPAMMER@domain.com>
    0500-0600          0          0          0          0          0
+
250 2.1.0 Ok
    0600-0700          0          0          0          0          0
+
rcpt to:<TEST@DOMAIN.COM>
    0700-0800          1         0         0          0          2
+
554 5.7.1 <TEST@DOMAIN.COM>: Relay access denied
    0800-0900          1          0          0          0          0
 
    0900-1000          0          0          0          0          1
 
    1000-1100          0          0          0          0          0
 
    1100-1200          0          0          0          0          0
 
    1200-1300          4          8          0          0          0
 
    1300-1400          0          0          0          0          0
 
    1400-1500          0          0          0          0          0
 
    1500-1600          0          0          0          0          0
 
    1600-1700          0          0          0          0          0
 
    1700-1800          0          0          0          0          0
 
    1800-1900          0          0          0          0          0
 
    1900-2000          0          0          0          0          0
 
    2000-2100          0          0          0          0          0
 
    2100-2200          0          0          0          0          0
 
    2200-2300          0          0          0          0          0
 
    2300-2400          0          0          0          0          0
 
  
Host/Domain Summary: Message Delivery (top 50)
+
rcpt to:<SPAMMER@domain.com>
  sent cnt  bytes  defers  avg dly max dly host/domain
+
554 5.7.1 Service unavailable; Client host [71.XXX.XX.XX] blocked
-------- -------  -------  ------- ------- -----------
+
  using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=71.202.XX.XX
    11    10914        0     7.4 s  24.0 s  zcs806.DOMAIN.com
+
quit
 +
221 2.0.0 Bye
 +
Connection closed by foreign host.
 +
</pre>
  
Host/Domain Summary: Messages Received (top 50)
+
=====Telnet Test To Confirm/Show Authentication Required For SMTP/Port 25=====
msg cnt  bytes  host/domain
 
-------- -------  -----------
 
      5    2780  zcs806.DOMAIN.com
 
  
top 50 Senders by message count
+
This is an example:
-------------------------------
 
      4  zimbra@zcs806.DOMAIN.com
 
      1  admin@zcs806.DOMAIN.com
 
  
top 50 Recipients by message count
+
<pre>
----------------------------------
+
esx2:~ ajcody$ telnet zcs723.EXAMPLE.com 25
    11  admin@zcs806.DOMAIN.com
 
  
top 50 Senders by message size
+
Trying 10.137.27.32...
------------------------------
+
Connected to zcs723.EXAMPLE.com.
  1974   zimbra@zcs806.DOMAIN.com
+
Escape character is '^]'.
    806   admin@zcs806.DOMAIN.com
+
220 zcs723.EXAMPLE.com ESMTP Postfix
 +
helo zcs723.EXAMPLE.com   << I typed
 +
250 zcs723.EXAMPLE.com
 +
mail from:ajcody@zcs723.EXAMPLE.com   << I typed
 +
250 2.1.0 Ok
 +
rcpt to:ajcody2@zcs723.EXAMPLE.com   << I typed
 +
553 5.7.1 <ajcody@zcs723.EXAMPLE.com>: Sender address rejected: not logged in
 +
</pre>
  
top 50 Recipients by message size
+
But note - if you do this from the ZCS server or a server that is within the ip range or has it's specific ip listed in the mynetworks, you will not get this authentication requirement.
---------------------------------
 
  10914  admin@zcs806.DOMAIN.com
 
  
message deferral detail: none
+
<pre>
 
+
[root@zcs723 ~]# telnet localhost 25
message bounce detail (by relay): none
+
Trying ::1...
 
+
telnet: connect to address ::1: Connection refused
message reject detail
+
Trying 127.0.0.1...
---------------------
+
Connected to localhost.
  MAIL
+
Escape character is '^]'.
    5.3.4 Message size exceeds fixed limit (total: 3)
+
220 zcs723.EXAMPLE.com ESMTP Postfix
          3  domain-ext.com
+
helo myworkstation
 
+
250 zcs723.EXAMPLE.com
message reject warning detail: none
+
ehlo myworkstation
 
+
250-zcs723.EXAMPLE.com
message hold detail: none
+
250-PIPELINING
 
+
250-SIZE 10240000
message discard detail: none
+
250-VRFY
 
+
250-ETRN
smtp delivery failures: none
+
250-STARTTLS
 
+
250-AUTH LOGIN PLAIN
Warnings
+
250-AUTH=LOGIN PLAIN
--------
+
250-ENHANCEDSTATUSCODES
  sendmail (total: 3)
+
250-8BITMIME
        1  or the command is run from a set-uid root process
+
250 DSN
        1  the Postfix sendmail command has set-uid root file permissions
+
mail from:<ajcody@zcs723.EXAMPLE.com>
        1  the Postfix sendmail command must be installed without set-uid ...
+
250 2.1.0 Ok
  smtpd (total: 1)
+
rcpt to: <ajcody2@zcs723.EXAMPLE.com>
        1  7A735345A: queue file size limit exceeded
+
250 2.1.5 Ok
 +
data
 +
354 End data with <CR><LF>.<CR><LF>
 +
From: Adam <ajcody@zcs723.EXAMPLE.com>
 +
To: Adam 2 <ajcody2@zcs723.EXAMPLE.com>
 +
Subject: From Localhost - NOT Auth
 +
test
 +
.
 +
250 2.0.0 Ok: queued as 8B19E1E78D1
 +
quit
 +
221 2.0.0 Bye
 +
Connection closed by foreign host.
 +
</pre>
  
Fatal Errors: none
+
====Resources====
  
Panics: none
+
A list of resources you'll find useful:
  
Master daemon messages: none
+
* [[Zimbra_MTA#Anti-Spam_Training_Filters]]
</pre>
+
* [[CLI_zmtrainsa]]
 +
* [[Improving_Anti-spam_system]]
 +
* [[Postfix_Policyd]]
 +
* [[IP_Address_whitelisting]]
 +
* [[Spam_training]]
 +
*  Restrict by user
 +
** [[RestrictPostfixRecipients]]
 +
* Restrict by ip addresses and sender and other items:
 +
** [http://www.postfix.org/RESTRICTION_CLASS_README.html Postfix - Restriction Class Readme]
 +
*** Note, from the readme:
 +
**** "What follows is based on the SMTP client IP address, and therefore is subject to IP spoofing."
 +
**** "What follows is based on the sender SMTP envelope address, and therefore is subject to SMTP sender spoofing."
  
======client_usage_report.py======
+
Wiki articles that have been assigned to the anit-spam category:
 +
 
 +
* [http://wiki.zimbra.com/index.php?title=Category:Anti-spam Category:Anti-spam]
 +
 
 +
Down to the end-user:
 +
 
 +
* [[Cool_User_Spam_Filters]]
 +
* [http://www.zimbra.com/community/end_user_guide_and_how_to.html End-User Guide And How-To]
  
This will give some stats on your mail activity. Note, there are some issue with this script double reporting mail counts etc, but it's useful to identify the top 50 for activity.
+
=====External Relay Test Pages=====
  
 +
* http://www.checkor.com/
 +
** Note - this test is in regards to the From spoofing spammers sometimes do for DL's.
 +
** Also, for the test - make an account/DL on your system for test1@[your domain] . Otherwise you'll just error about account not existing.
 
<pre>
 
<pre>
[zimbra@zcs806 ~]$ /opt/zimbra/libexec/client_usage_report.py
+
RSET
Reading /opt/zimbra/log/access_log.2014-04-17 ..
+
250 2.0.0 Ok
Reading /opt/zimbra/log/access_log.2014-04-18 ..
+
MAIL FROM: spam@mail59.DOMAIN.com
Reading /opt/zimbra/log/access_log.2014-04-19 ..
+
250 2.1.0 Ok
Reading /opt/zimbra/log/access_log.2014-04-20 ..
+
RCPT TO: test1@mail59.DOMAIN.com
Reading /opt/zimbra/log/access_log.2014-04-21 ..
+
Test Failed, 250 2.1.5 Ok
Reading /opt/zimbra/log/access_log.2014-04-22 ..
 
Reading /opt/zimbra/log/access_log.2014-04-23 ..
 
Writing /opt/zimbra/zmstat/client_usage_report_2014-04-24.csv ..
 
 
</pre>
 
</pre>
  
Then review the file it will create , it will give : "user_agent","client_IP","req_count"
+
* http://www.mailradar.com/openrelay/
  
<pre>
+
====Blocking MAIL FROM - smtpd_sender_restrictions - Default Is Empty====
[zimbra@zcs806 ~]$ cat /opt/zimbra/zmstat/client_usage_report_2014-04-24.csv
 
"user_agent","client_IP","req_count"
 
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:28.0) Gecko/20100101 Firefox/28.0","192.168.1.166","14"
 
"Mozilla/5.0 (Windows NT 6.2; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0","192.168.1.166","93"
 
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0","192.168.1.174","6"
 
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:28.0) Gecko/20100101 Firefox/28.0","192.168.1.166","71"
 
</pre>
 
  
======qshape======
+
=====External References=====
  
You can also look at the results of [[http://www.postfix.org/qshape.1.html qshape]] - the default is the active queue. For more on qshape, see [[http://www.postfix.org/QSHAPE_README.html Postfix Qshape Readme]] .
+
* External Sources
 
+
** Postfix
<pre>
+
*** [http://www.postfix.org/postconf.5.html#smtpd_sender_restrictions Postfix On smtpd_sender_restrictions]
qshape deferred
+
** Milter
              T  5 10 20 40 80 160 320 640 1280 1280+
+
*** [http://www.postfix.org/MILTER_README.html#limitations Postfix's Milter Readme - Limitations]
        TOTAL 12  0  0  0  0  0  0  0  0    0    12
+
**** [http://puszcza.gnu.org.ua/software/mailfromd/ Mailfromd]
    gmail.com  9  0  0  0  0  0  0  0  0    0    9
+
***** [http://puszcza.gnu.org.ua/software/mailfromd/manual/html_section/SAV.html#SEC7 Mailfromd - Sender Address Verification]
    yahoo.com 3  0  0  0  0  0  0  0  0    0    3
+
** [http://www.symantec.com/connect/articles/anti-spam-solutions-and-security Anti-Spam Solutions and Security]
</pre>
 
  
======3rd Party Log Reports - postfix-logwatch and amavis-logwatch======
+
=====Zimbra References And Bugs & RFE's=====
  
Created RFE for us to include these in ZCS:
+
* Zimbra Related Soures
 
+
** "policy for who can send to a distribution lists"
* Include postfix-logwatch_and_amavis-logwatch
+
*** https://bugzilla.zimbra.com/show_bug.cgi?id=9620
** https://bugzilla.zimbra.com/show_bug.cgi?id=89450
+
**** '''Note - This will not stop spammers from mailing into your DL's by way of forged Mail From and guessing your DL address in the To'''
 
+
** "support smtpd_sender_login_maps for smtp auth"
You can download them from http://logreporters.sourceforge.net/ . It's a fairly simply install, download and then extract - cd into extracted directory and as root type :
+
*** http://bugzilla.zimbra.com/show_bug.cgi?id=11258
 
+
** "Implement smtpd_sender_restrictions"
  make install-standalone
+
*** http://bugzilla.zimbra.com/show_bug.cgi?id=15808
 +
** "milter to check if sender can send to a distribution list"
 +
*** https://bugzilla.zimbra.com/show_bug.cgi?id=46311
 +
**** Dependent upon bug 9620
 +
** Zimbra Forum Post on using smtpd_sender_restrictions options
 +
*** [http://www.zimbra.com/forums/administrators/28770-how-enforce-sasl_username-address.html How to enforce sasl_username=FROM ADDRESS"
 +
** Another Zimbra Forum Post on using smtpd_sender_restrictions options
 +
*** [http://www.zimbra.com/forums/administrators/39095-need-urgent-help-spamming-issue.html Need urgent help on spamming issue]
  
They will install to /usr/local/bin/amavis-logwatch & postfix-logwatch . The config files are in /usr/local/etc/amavis-logwatch.conf & postfix-logwatch.conf . Here's an example of the output.
+
=====Protecting DL's From Spammers - Forging Mail From=====
  
/usr/local/bin/amavis-logwatch output example:
+
======First Recommendation - As Given By Dev's From Critical Meeting Notes======
  
<pre>
+
----
[root@zcs806 amavis-logwatch-1.51.02]# /usr/local/bin/amavis-logwatch /var/log/zimbra.log
 
****** Summary *************************************************************************************
 
  
      4  Total messages scanned ------------------  100.00%
+
* Enabled SASL/SMTP Authentication
  1.926K  Total bytes scanned                          1,972
+
** Ref: http://wiki.zimbra.com/index.php?title=SMTP_Auth_Problems
========  ==================================================
+
* Implement how-to as described in :
 
+
** Permitted Senders: [[RestrictPostfixRecipients]]
      4  Passed ----------------------------------  100.00%
+
*** '''Note: You'll see on the above page a reference to the spoof hole.'''
      4    Clean passed                            100.00%
+
**** '''''"This method can be spoofed by forging the MAIL FROM: header (so mail appears to originate from within the domain), so it isn't foolproof, but it works for basic needs."'''''
========  ==================================================
+
*** '''Note: You'll also modify the instructions as above with addition details provided below.'''
 +
* Force authentication for local-domain senders:
 +
** modify the main.cf to have the following:
 +
*** smtpd_sender_restrictions = check_sender_access hash:/path/to/file
 +
** Then for the /path/to/file that you used in the mail.cf for smtpd_sender_restrictions, you'll have a line like:
 +
*** example.com            permit_sasl_authenticated, reject
  
      4  Ham -------------------------------------  100.00%
+
======Second Recommendation - Unpredictable DL name or Non-routing Domain======
      4    Clean passed                            100.00%
 
========  ==================================================
 
  
 +
----
  
==================================================================================
+
Do not use predictable DL names. Instead of using everyone@company.com , use something like everyone-[random-string]@company.com .
Spam Score Percentiles        0%      50%      90%      95%      98%      100%
 
----------------------------------------------------------------------------------
 
Score Ham (4)            -1.900    -1.900    -1.900    -1.900    -1.900    -1.900
 
==================================================================================
 
  
======================================================================================================
+
Another option is to use a non-routing domain - company.local - and setup your DL's there. You'll want to configure your main domain to be able to query the GAL of this domain.
Spam Score Frequency      <= -10    <= -5      <= 0      <= 5    <= 10    <= 20    <= 30      > 30
 
------------------------------------------------------------------------------------------------------
 
Hits (4)                      0        0        4        0        0        0        0        0
 
Percent of Hits            0.00%    0.00%  100.00%    0.00%    0.00%    0.00%    0.00%    0.00%
 
======================================================================================================
 
</pre>
 
  
/usr/local/bin/postfix-logwatch output example:
+
To see the existing setting:
  
<pre>
+
zmprov gd [domainname] zimbraGalLdapSearchBase
[root@zcs806 amavis-logwatch-1.51.02]# /usr/local/bin/postfix-logwatch /var/log/zimbra.log
+
 
 +
To change the variable for the domain:
  
****** Summary *************************************************************************************
+
zmprov md [domainname] zimbraGalInternalSearchBase ROOT
  
      1  *Warning: Queue file size limit exceeded
+
======Third Recommendation - Using smtpd_sender_restrictions======
  
  6.512K  Bytes accepted                              6,668
+
----
  1.928K  Bytes sent via SMTP                          1,974
 
  4.584K  Bytes sent via LMTP                          4,694
 
========  ==================================================
 
  
      10  Accepted                                    76.92%
+
:::'''Work In Progress. I'm testing this now. Please don't attempt until this line is removed.'''
      3  Rejected                                    23.08%
 
--------  --------------------------------------------------
 
      13  Total                                      100.00%
 
========  ==================================================
 
  
      3  5xx Reject message size                    100.00%
+
Update: See the following:
--------  --------------------------------------------------
+
* "Enforcing a match between the FROM Address and sasl_username in Zimbra Collaboration Server (2011281)"
      3  Total 5xx Rejects                          100.00%
+
** http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2011281
========  ==================================================
 
  
      10  Connections
+
This should work if your "clients" are using ZWC, ZCO, or ActiveSync mobile devices. If you are using IMAP/POP + STMP thick clients, you'll most likely have to enable smtp authentication [sasl] and use the reject_authenticated_sender_login_mismatch variable instead.
      10  Disconnections
+
 
      8  Removed from queue
+
postconf -e smtpd_sender_restrictions=reject_sender_login_mismatch
      4  Sent via SMTP
+
postfix reload
      4  Sent via LMTP
+
 
      4  Filtered
+
This option is described as: 
  
****** Detail (10) *********************************************************************************
+
:'''''reject_sender_login_mismatch'''''
 +
:: ''Reject the request when $smtpd_sender_login_maps  specifies an owner for the MAIL FROM address, but the client is not (SASL) logged in as that MAIL FROM address owner; or when the client is (SASL) logged in, but the client login name doesn't own the MAIL FROM address according to $smtpd_sender_login_maps.''  [http://www.postfix.org/postconf.5.html#smtpd_sender_restrictions Man page]
  
      3  5xx Reject message size -----------------------------------------------------------------
+
====Some Other SMTP Sending Restrictions====
      3      192.168.1.166    remote.domain.com
 
      3        *unavailable
 
      3            *unavailable
 
  
      4  Sent via SMTP ---------------------------------------------------------------------------
+
=====Blocking Incoming From Domain And By User=====
      4      zcs806.DOMAIN.com
 
  
      4  Sent via LMTP ---------------------------------------------------------------------------
+
See the following:
      4      zcs806.DOMAIN.com
 
  
      4  Filtered --------------------------------------------------------------------------------
+
* [[Domain_level_blocking_of_users]]
      2      smtp-amavis:[127.0.0.1]:10024
+
* [[Improving_Anti-spam_system#Implementing_Whitelist.2FBlacklist]]
      2        Sender address
+
 
      1            admin@zcs806.DOMAIN.com
+
=====check_client_access=====
      1              admin@zcs806.DOMAIN.com
 
      1                  192.168.1.166    remote.domain.com
 
      1            user@DOMAIN.com
 
      1              admin@zcs806.DOMAIN.com
 
      1                  192.168.1.184    remote2.domain.com
 
      2      smtp-amavis:[127.0.0.1]:10026
 
      2        Sender address
 
      1            admin@zcs806.DOMAIN.com
 
      1              admin@zcs806.DOMAIN.com
 
      1                  192.168.1.166    remote.domain.com
 
      1            user@DOMAIN.com
 
      1              admin@zcs806.DOMAIN.com
 
      1                  192.168.1.184    remote2.domain.com
 
  
=== Delivery Delays Percentiles ============================================================
+
The smtpd_client_restrictions parameter restricts what clients this system accepts SMTP connections from. The default behavior is to allow SMTP connections from any client. This is discussed under [http://www.postfix.org/spam.html Spam Controls] on the Postfix site.
                    0%      25%      50%      75%      90%      95%      98%      100%
 
--------------------------------------------------------------------------------------------
 
Before qmgr      0.04      0.09      0.11      0.11      0.23      0.35      0.43      0.48
 
In qmgr          0.00      0.00      0.01      0.01      0.04      0.07      0.08      0.09
 
Conn setup        0.00      0.01      0.29      1.30      2.05      2.23      2.33      2.40
 
Transmission      0.10      2.81      4.85      9.60    21.00    21.00    21.00    21.00
 
Total            0.20      2.91      5.20    11.00    23.30    23.65    23.86    24.00
 
============================================================================================
 
</pre>
 
  
'''Note''' - First, look at the options each command has using the -h output. You might want to use --full when doing an investigation and also include a wildcard - /var/log/zimbra.lo* to take in all the log data. For example:
+
Example:
  
<pre>
+
check_client_access regexp:/etc/postfix/access_sender_client_server,
[zimbra@zcs806 ~]$ /usr/local/bin/postfix-logwatch --full /var/log/zimbra.lo*
+
 
****** Summary *************************************************************************************
+
Example:
  
      9  *Fatal:   General fatal
+
check_sender_access regexp:/etc/postfix/access_sender_toplevel
      1  *Warning: Queue file size limit exceeded
 
      21  Miscellaneous warnings
 
  
710.888K  Bytes accepted                            727,949
+
=====smtpd_reject_unlisted_sender=====
193.036K  Bytes sent via SMTP                        197,669
 
520.114K  Bytes sent via LMTP                        532,597
 
========  ==================================================
 
  
    1041  Accepted                                    99.71%
+
Details can be found on the [http://www.postfix.org/postconf.5.html#smtpd_reject_unlisted_recipient mail.cf] Postfix page.
      3  Rejected                                    0.29%
 
--------  --------------------------------------------------
 
    1044  Total                                      100.00%
 
========  ==================================================
 
  
      3  5xx Reject message size                    100.00%
+
Example:
--------  --------------------------------------------------
 
      3  Total 5xx Rejects                          100.00%
 
========  ==================================================
 
  
      65  Connections
+
smtpd_reject_unlisted_sender = yes
      65  Disconnections
 
    1041  Removed from queue
 
    523  Sent via SMTP
 
    517  Sent via LMTP
 
      2  Bounced (local)
 
      1  Bounced (remote)
 
      9  Filtered
 
      2  Notifications sent
 
  
      4  Timeouts (inbound)
+
Possible Bug:
      1  PIX workaround enabled
+
 +
http://bugzilla.zimbra.com/show_bug.cgi?id=24889
  
****** Detail (10) *********************************************************************************
+
====What's Your SPF Records Say, When Getting "does not designate 74.x.x.x as permitted sender Errors"====
  
      9  *Fatal:  General fatal -----------------------------------------------------------------
+
This is most likely related to the SPF records for your domain and what the header content of the sending email states as it's Mail From. For example, this is from the header of an email that was "received":
      3      Queue report unavailable - mail system is down
 
      3      Usage: sendmail [options]
 
      2      The Postfix mail system is not running
 
      1      Usage: send-mail [options]
 
  
      21  Miscellaneous warnings ------------------------------------------------------------------
+
<pre>
      7      or the command is run from a set-uid root process
+
Received: from mail.XYZ-FAKE.com (mailhost.XYZ-FAKE.com [74.X.X.244]) by mta01.ABC-FAKE.com with ESMTP id
      7      the Postfix sendmail command has set-uid root file permissions
+
Cft0mO3fjlFGQjTA for <support@ABC-FAKE.com>; Tue, 21 Apr 2009 05:14:13 -0700 (PDT)
      7      the Postfix sendmail command must be installed without set-uid root file permissions
+
X-Barracuda-Envelope-From: testuser@XYZ-FAKE.com
 
+
Received-SPF: pass (mta01.ABC-FAKE.com: domain of testuser@XYZ-FAKE.com designates 74.X.X.244 as permitted sender)
      3  5xx Reject message size -----------------------------------------------------------------
+
receiver=mta01.ABC-FAKE.com; client_ip=74.X.X.244; envelope-from=testuser@XYZ-FAKE.com;
      3      10.X.X.166    fence.DOMAIN.com
+
</pre>
      3        *unavailable
+
 
      3            *unavailable
+
To see what this check was done against, do the following below. I'll trim the output and adjust the information used to protect the innocent. Also, notice how a DNS "alias" might cause an issue here? :
  
    523  Sent via SMTP ---------------------------------------------------------------------------
+
<pre>
    507      86.lab
 
      15      zcs806.DOMAIN.com
 
      1      domaina.com
 
  
    517  Sent via LMTP ---------------------------------------------------------------------------
+
$ host 74.X.X.244
    507      86.lab
+
244.X.X.74.in-addr.arpa domain name pointer mailhost.XYZ-FAKE.com.
      10      zcs806.DOMAIN.com
 
  
      2  Bounced (local) -------------------------------------------------------------------------
+
$ host mailhost.XYZ-FAKE.com
      2      5.0.0: Permanent failure: Other/Undefined status: Other undefined status
+
mailhost.XYZ-FAKE.com has address 74.X.X.244
      2        zcs806.DOMAIN.com
 
      2            Zcs806.DOMAIN.com
 
      1              subject:test
 
      1              zimbra
 
  
      1  Bounced (remote) ------------------------------------------------------------------------
+
$ host mail.XYZ-FAKE.com
      1      5.0.0: Permanent failure: Other/Undefined status: Other undefined status
+
mail.XYZ-FAKE.com is an alias for mailhost.XYZ-FAKE.com.
      1        domain.com
+
mailhost.XYZ-FAKE.com has address 74.X.X.244
      1            user
+
 
      1              64.X.X.28      sentry.DOMAIN.com
+
$ dig XYZ-FAKE.com MX
      1                  505 5.0.0 Unknown recipient: RCPT TO
+
 
 +
;; QUESTION SECTION:
 +
;XYZ-FAKE.com. IN MX
 +
 
 +
;; ANSWER SECTION:
 +
XYZ-FAKE.com. 3600 IN MX 22 serverA.DNS-FAKE.com.
 +
XYZ-FAKE.com. 3600 IN MX 11 serverB.DNS-FAKE.com.
 +
 
 +
$ dig XYZ-FAKE.com TXT
  
      9  Filtered --------------------------------------------------------------------------------
+
;; QUESTION SECTION:
      7      smtp-amavis:[127.0.0.1]:10026
+
;XYZ-FAKE.com. IN TXT
      7        Sender address
 
      3            admin@zcs806.DOMAIN.com
 
      3              admin@zcs806.DOMAIN.com
 
      2                  10.X.X.36    zcs806.DOMAIN.com
 
      1                  10.X.X.166    gatewayXX.DOMAIN.com
 
      2            zimbra@zcs806.DOMAIN.com
 
      2              admin@zcs806.DOMAIN.com
 
      2                  10.X.X.36    zcs806.DOMAIN.com
 
      1            ajcody@DOMAIN.com
 
      1              admin@zcs806.DOMAIN.com
 
      1                  10.X.X.184    edgeXX.DOMAIN.com
 
      1            san5@zcs806.DOMAIN.com
 
      1              b@zcs806.DOMAIN.com
 
      1                  10.X.X.36    zcs806.DOMAIN.com
 
      2      smtp-amavis:[127.0.0.1]:10024
 
      2        Sender address
 
      1            admin@zcs806.DOMAIN.com
 
      1              admin@zcs806.DOMAIN.com
 
      1                  10.X.X.166    gatewayXX.DOMAIN.com
 
      1            ajcody@DOMAIN.com
 
      1              admin@zcs806.DOMAIN.com
 
      1                  10.X.X.184    edgeXX.DOMAIN.com
 
  
      2  Notifications sent ----------------------------------------------------------------------
+
;; ANSWER SECTION:
      2      Non-delivery
+
XYZ-FAKE.com. 3600 IN TXT "v=spf1 a:mail.XYZ-FAKE.com ~all"
      2        sender
 
  
      4  Timeouts (inbound) ----------------------------------------------------------------------
+
</pre>
      4      After END-OF-MESSAGE
 
  
      1  PIX workaround enabled ------------------------------------------------------------------
+
See the following for more information:
      1      disable_esmtp delay_dotcrlf
 
      1        64.X.X.28      sentry.DOMAIN.com
 
  
=== Delivery Delays Percentiles ============================================================
+
* http://www.openspf.org/
                    0%      25%      50%      75%      90%      95%      98%      100%
+
* http://www.schlitt.net/spf/spf_classic/draft-schlitt-spf-classic-02.html#publishing
--------------------------------------------------------------------------------------------
+
** All of the 3.x section.
Before qmgr      0.01      0.03      0.06      0.14      0.27      0.34      0.48      2.60
 
In qmgr          0.00      0.00      0.08    117.50    193.00    216.00    231.48    246.00
 
Conn setup        0.00      0.00      0.00      0.00      0.02     0.04      0.22    20.00
 
Transmission      0.05      0.09      3.60      9.80    10.00    10.00    11.00    160.00
 
Total            0.07      0.13      3.80    129.00    203.00    226.00    241.64    259.00
 
============================================================================================
 
</pre>
 
  
======zmaccts======
+
===Using Different SMTP Server For Webclient (ZWC), Mobiles, And ZCO===
  
One way to note accounts that are actively logging in vs. those that aren't, can help shrink the number of accounts you might want to investigate or monitor. [example below, I cut out a lot of the  accounts]
+
====Note Of Caution About Using External MTAs====
  
<pre>
+
Using non-zimbra MTA's can cause some options in zimbra to not function anymore - since it no longer has zimbra's mta services available.  
          account                          status            created      last logon
 
------------------------------------  -----------    ---------------  ---------------
 
zcstest001@zcs806.DOMAIN.com                active      01/20/14 18:47  03/02/14 21:11
 
zcstest002@zcs806.DOMAIN.com                active      01/30/14 01:48  02/19/14 00:07
 
admin-20140415@zcs806.DOMAIN.com            active      04/15/14 14:42            never
 
archtest-prod-20140402@zcs806.DOMAIN        active      04/02/14 07:42            never
 
  
          account                          status            created      last logon
+
=====Zimbra Mail Forwarding Possibly Will Not Work - Turn Off User Option To Set MailForwarding=====
------------------------------------  -----------    ---------------  ---------------
 
bruce@test1.lab                            active      02/22/14 09:32            never
 
test.cal@test1.lab                          active      04/06/14 05:35  04/06/14 05:35
 
test200@test1.lab                          active      04/12/14 00:50            never
 
  
                                domain summary
+
Mail forwarding might no longer work depending on the configuration you setup regarding the use of your external mta's. When this happens you'll most likely want to disable the option for users to set a mail forwarding address in their preferences. This can be done via their COS or USER configuration.
 +
 
 +
* In the admin console, goto the COS configuration the user/s are using and the "Features" tab. Uncheck the option "Allow the user to specify a forwarding address" under Mail Features. It is in the same location under a USERs configuration panel in the admin console.
 +
 
 +
In the CLI, you will see these set as the defaults for the default COS. The admin gui option above only adjusts the zimbraFeatureMailForwardingEnabled variable :
  
    domain                  active    closed    locked    maintenance    total
+
  $ zmprov gc default | grep zimbraFeatureMailForwarding
-----------------------  -------- --------  --------  -------------  --------
+
    zimbraFeatureMailForwardingEnabled: TRUE
test1.lab                        3        0        0              0        3
+
    zimbraFeatureMailForwardingInFiltersEnabled: TRUE
test2.com                        2        0        0              0        2
 
angad.com                        2        0        0              0        2
 
test.test                        3        0        0              0        3
 
test.DOMAIN.com                  6        0        0              0        6
 
zcs806.DOMAIN.com              58        0        0              0        58
 
zcs806.DOMAIN.com                2        0        0              0        2
 
</pre>
 
  
=====By Authentication Attempts=====
+
$ zmprov ga ajcody@`zmhostname` | grep zimbraFeatureMailForwarding
 +
    zimbraFeatureMailForwardingEnabled: TRUE
 +
    zimbraFeatureMailForwardingInFiltersEnabled: TRUE
  
A fast way to see who is doing a lot of authentications, which normally happens when a spammer has compromised an account with a weak password, is to do:
+
More details about them are in the /opt/zimbra/conf/attrs/zimbra-attrs.xml file.
  
 
<pre>
 
<pre>
# cat /var/log/zimbra.log | sed -n 's/.*sasl_username=//p' | sort | uniq -c | sort -n
+
<attr id="342" name="zimbraFeatureMailForwardingEnabled" type="boolean" cardinality="single"
      1 Auser@domain.com
+
optionalIn="account,cos" flags="accountInfo,accountInherited,domainAdminModifiable">
      3 Buser@domain.com
+
  <defaultCOSValue>TRUE</defaultCOSValue>
      4 Cuser@domain.com
+
  <desc>enable end-user mail forwarding features</desc>
      5 Duser@domain.com
+
</attr>
    36 SPAMMER@domain.com
+
 
 +
<attr id="704" name="zimbraFeatureMailForwardingInFiltersEnabled" type="boolean"
 +
cardinality="single" optionalIn="account,cos" flags="accountInfo,accountInherited,
 +
domainAdminModifiable" since="5.0.10">
 +
  <defaultCOSValue>TRUE</defaultCOSValue>
 +
  <desc>enable end-user mail forwarding defined in mail filters features</desc>
 +
</attr>
 
</pre>
 
</pre>
  
'''Note - This might take a long time, if so - try pruning it down'''
+
=====Configure External MTA To Use LDAP Virtual Alias Maps=====
  
Example:
+
Here's the basic info in regards to how Zimbra's mta [postfix/etc] uses Zimbra's LDAP to get the forwarding information:
<pre>
 
# cat /var/log/zimbra.log | grep sasl_username > /tmp/zimbra_sasl_username.txt
 
# cat /tmp/zimbra_sasl_username.txt | sed -n 's/.*sasl_username=//p' | sort | uniq -c | sort -n
 
      1 Auser@domain.com
 
      3 Buser@domain.com
 
      4 Cuser@domain.com
 
      5 Duser@domain.com
 
    36 SPAMMER@domain.com
 
</pre>
 
  
The full log event will look like this:
+
$ grep Forward conf/ldap-*
<pre>
+
conf/ldap-vam.cf:result_attribute =
zimbra1 postfix/smtpd[29431]: B28914D5978: client=xxxxx.server.com[w.x.y.z], sasl_method=LOGIN, sasl_username=user
+
zimbraMailDeliveryAddress,zimbraMailForwardingAddress,
zimbra1 postfix/cleanup[5522]: B28914D5978: message-id=<20090420154255.B28914D5978@zimbraserver.com>
+
zimbraPrefMailForwardingAddress,zimbraMailCatchAllForwardingAddress
zimbra1 postfix/qmgr[20690]: B28914D5978: from=<spam@spam.com>, size=6026, nrcpt=10 (queue active)
 
zimbra1 postfix/cleanup[3983]: 2BA56465D28: message-id=<20090420154255.B28914D5978@zimbraserver.com>
 
</pre>
 
  
Against your older logs, you could:
+
$ postconf |grep vam
 +
virtual_alias_maps = proxy:ldap:/opt/zimbra/conf/ldap-vam.cf
  
<pre>
+
See http://www.postfix.org/postconf.5.html#virtual_alias_maps for more information.
# zcat /var/log/zimbra.log* | sed -n 's/.*sasl_username=//p' | sort | uniq -c | sort -n
 
</pre>
 
  
And you can look at the specific information for the user in question with:
+
====Confirming And Setting zimbraMtaRelayHost And zimbraMtaDnsLookupsEnabled====
  
<pre>
+
First we'll set '''''zimbraMtaRelayHost''''' and '''''zimbraMtaDnsLookupsEnabled''''' variables. These options are also shown in the admin console and can be configured there. These variable alone will not redirect ALL traffic to an external MTA first though. There's alao a variable called zimbraSmtpHostname that is in the global (zmprov gacf) and server (zmprov gs `hostname`) configs - addressed in the section below. It's defaulted value is 'localhost' - at least on a single ZCS configuration.
# grep -C2 "sasl_username=SPAMMER@domain.com" /var/log/zimbra.log
 
</pre>
 
  
Or if searching against the older logs:
+
In situations where you need/want all mail to be processed by, for example, an external non-Zimbra spam filter box you could set this variable to the spam filter servers hostname.
  
<pre>
+
Normally, when zimbraMtaRelayHost is set to a non-zimbra external MTA would disable DNS lookups. If you disable DNS Lookups (under the MTA tab of the admin console, or with zmprov), Zimbra will end up using (according to the postconf man page) the "gethostbyname() system library routine which normally also looks in /etc/hosts" (based on the entries on the "hosts" line in /etc/nsswitch.conf). If you do this but don't also specify an SMTP relay host (typically your ISP's SMTP server), which will take care of checking DNS, you will reverse your ability to send mail: suddenly you can send mail to other users on the Zimbra server, but you can't send to the internet (though you can still receive mail from the internet either way).
# zgrep -C2 "sasl_username=SPAMMER@domain.com" /var/log/zimbra.log*
 
</pre>
 
  
If you want to check on a specific message ID, do:
+
Query Global - `zmhostname` would use the value returned, you can manual type out the servername as well :
  
<pre>
+
zmprov gacf zimbraMtaRelayHost
grep 9DF7520804A /var/log/zimbra.log*
+
zmprov gacf zimbraMtaDnsLookupsEnabled
</pre>
 
  
For older message logs:
+
Query Per Server - `zmhostname` would use the value returned, you can manual type out the servername as well :
  
<pre>
+
zmprov gs `zmhostname` zimbraMtaRelayHost
zgrep 9DF7520804A /var/log/zimbra.log*
+
zmprov gs `zmhostname` zimbraMtaDnsLookupsEnabled
</pre>
 
  
To read/view the message in the queue:
+
Note - if you get errors about doing the query on your non-mailstores like, "ERROR: zclient.IO_ERROR (invoke Connection refused, server: localhost) (cause: java.net.ConnectException Connection refused)" then you might need to adjust this variable. First query it, it's most likely set to localhost
  
  /opt/zimbra/postfix/sbin/postcat -q 9DF7520804A
+
  zmlocalconfig zimbra_zmprov_default_soap_server
  
One would then normally lock/change password on the one account showing the most activity. Grep'ing the /var/log/zimbra.log with the username in question will also show the ip address being used, this can be blocked with your firewall.
+
If you had the error and it was set to localhost, modify it to be one of your mailstores.
  
To be alerted of a compromised account and have it lock automatically see below. Slightly modified from this reference : http://www.zimbra.com/forums/administrators/62613-identify-compromised-accounts.html#post278732 :
+
zmlocalconfig -e zimbra_zmprov_default_soap_server=mailstore.example.com
  
<pre>
+
No restart of anything is needed, the zmprov query should now work.
  
#!/bin/bash
+
Modify Global - `zmhostname` would use the value returned, you can manual type out the servername as well :
# checks log file and gets a count of authentications sent per minute, per user
 
# and if the count exceeds the maxmails value the user's account is locked.
 
  
logfile="/var/log/zimbra.log"
+
zmprov mcf zimbraMtaRelayHost hostname-of-ext-server:PORT
maxmails="10"
+
  ** ex : zmprov mcf zimbraMtaRelayHost primary.YYY.state.XX.us:25
mydomain="example.com"
+
  ** At the end, 25 is the port number for smtp on the targeted system.
support="<postmaster-userid>@$mydomain"
+
  ** Adjust this number if you changed the smtp port.
accounts="/tmp/active_accounts"
+
zmprov mcf zimbraMtaDnsLookupsEnabled FALSE
 +
 
 +
Modify Per Server - `zmhostname` would use the value returned, you can manual type out the servername as well :
 +
 
 +
zmprov ms `zmhostname` zimbraMtaRelayHost hostname-of-ext-server:PORT
 +
  ** ex : zmprov ms `zmhostname` zimbraMtaRelayHost primary.YYY.state.XX.us:25
 +
  ** At the end, 25 is the port number for smtp on the targeted system.
 +
  ** Adjust this number if you changed the smtp port.
 +
zmprov ms `zmhostname` zimbraMtaDnsLookupsEnabled FALSE
  
su zimbra -c "/opt/zimbra/bin/zmaccts" | grep "@" | grep active | awk '{print $1}' > $accounts
+
====Confirming And Setting zimbraSmtpHostname====
  
zgrep -i "auth ok" $logfile | sed 's/  / /g' | awk -F"[ :]" '{print $3":"$4,$11;}' | uniq -c | sort -n | \
+
I'm assuming you already set, '''''zimbraMtaRelayHost''''' and '''''zimbraMtaDnsLookupsEnabled''''' for your needs - see above section. The variable called zimbraSmtpHostname is in the global (zmprov gacf) and server (zmprov gs `hostname`) configs. It's default value is set to 'localhost' - at least on a single ZCS configuration.
while read line
 
do
 
    count=`echo ${line} | cut -d' ' -f 1`
 
    userid=`echo ${line} | cut -d' ' -f 3`
 
    timestamp=`echo ${line} | cut -d' ' -f 2`
 
    active=`grep "$userid@$mydomain" $accounts`
 
  
    if [ "$count" -gt "$maxmails" ] && [ "$active" == "$userid@$mydomain" ]; then
+
In cases where you need/want all mail to be processed by, for example, an external non-Zimbra spam filter box you could set this variable to the spam filter boxes hostname.
        echo "Maximum email rate exceeded, $userid@$mydomain will be locked"
 
        su zimbra -c "/opt/zimbra/bin/zmprov ma $userid@$mydomain zimbraAccountStatus locked"
 
        subject="$userid account locked due to excessive connections"
 
        # Email text/message
 
        message="/tmp/emailmessage.txt"
 
        echo "$userid account has been locked as there were $count connections made at"> $message
 
        echo "$timestamp.  Please have the user change their password, and check for phishing" >>$message
 
        echo "emails if possible." >>$message
 
        # send an email using /bin/mail
 
        /usr/bin/mail -s "$subject" "$support" < $message
 
        rm -f $message
 
  
        #update list of active accounts
+
Query Global - `zmhostname` would use the value returned, you can manual type out the servername as well :
        su zimbra -c "/opt/zimbra/bin/zmaccts" | grep "@" | grep active | awk '{print $1}' > $accounts
 
    fi
 
done
 
  
rm -f $accounts
+
zmprov gacf zimbraSmtpHostname
  
</pre>
+
Query Per Server - `zmhostname` would use the value returned, you can manual type out the servername as well :
  
Then run it as a cron job. The frequency will depend on the number of accounts you're managing.
+
  zmprov gs `zmhostname` zimbraSmtpHostname
  
<pre>
+
Note - if you get errors about doing the query on your non-mailstores like, "ERROR: zclient.IO_ERROR (invoke Connection refused, server: localhost) (cause: java.net.ConnectException Connection refused)" then you might need to adjust this variable. First query it, it's most likely set to localhost
* * * * * /opt/zimbra/find_spammer.sh
 
</pre>
 
  
=====By Connecting IP - Useful For Blocking IP At Firewall=====
+
zmlocalconfig zimbra_zmprov_default_soap_server
  
See also the following:
+
If you had the error and it was set to localhost, modify it to be one of your mailstores.
  
* http://wiki.zimbra.com/wiki/Log_Files#Logging_the_Originating_IP
+
zmlocalconfig -e zimbra_zmprov_default_soap_server=mailstore.example.com
 +
 
 +
No restart of anything is needed, the zmprov query should now work.
  
To find the originating IP address of where the emails are coming from:
+
Modify Global - `zmhostname` would use the value returned, you can manual type out the servername as well :
  
  grep 'connect from' /var/log/zimbra.log | sed 's/.*connect from.*\[\(.[^]]*\)\]/\1/g' | sort | uniq -c | sort -nr | head
+
  zmprov mcf zimbraSmtpHostname hostname-of-ext-server
 +
  ** ex : zmprov mcf zimbraSmtpHostname primary.YYY.state.XX.us
  
To check your older logs [example output below]:
+
Modify Per Server - `zmhostname` would use the value returned, you can manual type out the servername as well :
  
<pre>
+
zmprov ms `zmhostname` zimbraSmtpHostname hostname-of-ext-server
zgrep 'connect from' /var/log/zimbra.log* | sed 's/.*connect from.*\[\(.[^]]*\)\]/\1/g' | sort | uniq -c | sort -nr | head
+
  ** ex : zmprov ms `zmhostname` zimbraSmtpHostname primary.YYY.state.XX.us
    36 10.137.xx.34
 
    34 127.0.0.1
 
</pre>
 
  
=====Open Relay Check=====
+
====External Email Clients Setting A SMTP Server====
  
You should also confirm you aren't an open relay.
+
The above variable, zimbraSmtpHostname, will not alter your third party email clients that are setting the smtp server to your ZCS mta's. Here are your options if you also need to have that traffic to go through another device [mta, spam filter, etc.] prior to local delivery [lmtp] to an internal address.
  
<pre>
+
* Set your clients to use the another devices ip address or hostname that you set for zimbraSmtpHostname.
$ host -t mx DOMAIN.com
 
DOMAIN.com mail is handled by 10 mail.DOMAIN.com.
 
  
$ telnet mail.DOMAIN.com 25
+
If you can't do the above, for whatever reason -- maybe security constraints or issues that might arise being a hosting provider, then see below.
Trying 184.###.##.## ...
 
Connected to mail.DOMAIN.com.
 
Escape character is '^]'.
 
220 mail.DOMAIN.com ESMTP Postfix
 
helo support.test
 
250 mail.DOMAIN.com
 
mail from:<SPAMMER@domain.com>
 
250 2.1.0 Ok
 
rcpt to:<TEST@DOMAIN.COM>
 
554 5.7.1 <TEST@DOMAIN.COM>: Relay access denied
 
  
rcpt to:<SPAMMER@domain.com>
+
# You could investigate the alternation of postfix's content_filter option to place the external device/host [a barracuda for example] within that process. postfix.org has information on this - [http://www.postfix.org/FILTER_README.html Postfix After-Queue Content Filter]. This would be unsupported by Zimbra.
554 5.7.1 Service unavailable; Client host [71.XXX.XX.XX] blocked
+
# Contact Zimbra's Professional Services [PS] team for help.
using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=71.202.XX.XX
+
# Setup another server using a mta of your choice [postfix , sendmail] that the clients can use for the smtp server variable. This "new" mta would then simply relay to the device - a barracuda box for example. The barracuda would then do what it needs to and then forwards the messages to the appropriate servers for delivery. Your ZCS mta's in the case of local delivery that would of normally occurred over lmtp - userA@domainC.com sending to userB@domainC.com .
quit
 
221 2.0.0 Bye
 
Connection closed by foreign host.
 
</pre>
 
  
=====Telnet Test To Confirm/Show Authentication Required For SMTP/Port 25=====
+
===Global Or System Wide Filters===
  
This is an example:
+
There is no "supported" solution for this - depending on the exact circumstances. It's a complex issue because each request for "global filters" tends to be very specific on either what's to be filter, what actions are to be taken, and so forth.
  
<pre>
+
====RFE's Related To Global Filters====
esx2:~ ajcody$ telnet zcs723.EXAMPLE.com 25
 
  
Trying 10.137.27.32...
+
* "Define a default filter rule for spam that users can apply before custom filters"
Connected to zcs723.EXAMPLE.com.
+
** http://bugzilla.zimbra.com/show_bug.cgi?id=12701
Escape character is '^]'.
+
* "admin assignable mail filters"
220 zcs723.EXAMPLE.com ESMTP Postfix
+
** http://bugzilla.zimbra.com/show_bug.cgi?id=35452
helo zcs723.EXAMPLE.com  << I typed
+
 
250 zcs723.EXAMPLE.com
+
====Use The Legal Intercept Method====
mail from:ajcody@zcs723.EXAMPLE.com  << I typed
+
 
250 2.1.0 Ok
+
Depending on the details of your request, using the Legal Intercept options might be useful. You could take the results that goto the LI mailbox and then perform your admin global searches against your mailbox accounts to take the appropriate action.
rcpt to:ajcody2@zcs723.EXAMPLE.com  << I typed
+
 
553 5.7.1 <ajcody@zcs723.EXAMPLE.com>: Sender address rejected: not logged in
+
See [[Legal_Intercept]]
</pre>
+
 
 +
====Sieve Filter Set For Every Account====
  
But note - if you do this from the ZCS server or a server that is within the ip range or has it's specific ip listed in the mynetworks, you will not get this authentication requirement.
+
One could setup a forloop for all of your users and setup a sieve filter. Downside here is the rules are editable by the users and you would have to manage the rules for new accounts going forward.
  
<pre>
+
See [[User_Migration#Migrating_Sieve_Filter_Rules ]] for details.
[root@zcs723 ~]# telnet localhost 25
+
 
Trying ::1...
+
====Double Check The Current Anti-Spam Options====
telnet: connect to address ::1: Connection refused
+
 
Trying 127.0.0.1...
+
Make sure your request can't be solved by the current solutions described in [[Category:Anti-spam]] articles.
Connected to localhost.
+
 
Escape character is '^]'.
+
====Postfix , Amavis Customizations====
220 zcs723.EXAMPLE.com ESMTP Postfix
+
 
helo myworkstation
+
I've seen some posts on the forums that customers found their own workarounds by customizing postfix and amavis. This will most likely result in an unsupported situation. Unfortunately, those forum posts don't also include details that I can share here. Hopefully I can find them going forward and I'll post them here.
250 zcs723.EXAMPLE.com
+
 
ehlo myworkstation
+
===Global Disclaimer Options===
250-zcs723.EXAMPLE.com
+
 
250-PIPELINING
+
Here's the url to review for a "current" possibility:
250-SIZE 10240000
+
 
250-VRFY
+
* http://wiki.zimbra.com/index.php?title=Domain_Disclaimer_Extension_Admin_UI
250-ETRN
+
 
250-STARTTLS
+
And in the notes section there's a comment about multi-servers:
250-AUTH LOGIN PLAIN
+
 
250-AUTH=LOGIN PLAIN
+
* http://wiki.zimbra.com/index.php?title=Talk:Domain_Disclaimer_Extension_Admin_UI
250-ENHANCEDSTATUSCODES
 
250-8BITMIME
 
250 DSN
 
mail from:<ajcody@zcs723.EXAMPLE.com>
 
250 2.1.0 Ok
 
rcpt to: <ajcody2@zcs723.EXAMPLE.com>
 
250 2.1.5 Ok
 
data
 
354 End data with <CR><LF>.<CR><LF>
 
From: Adam <ajcody@zcs723.EXAMPLE.com>
 
To: Adam 2 <ajcody2@zcs723.EXAMPLE.com>
 
Subject: From Localhost - NOT Auth
 
test
 
.
 
250 2.0.0 Ok: queued as 8B19E1E78D1
 
quit
 
221 2.0.0 Bye
 
Connection closed by foreign host.
 
</pre>
 
  
====Resources====
+
Please note though, "This article is a community contribution and may include unsupported customizations." Meaning, it's an unsupported customization, so please take the necessary precautions.
  
A list of resources you'll find useful:
+
In regards to an official and supported way to do this, please review this RFE:
  
* [[Zimbra_MTA#Anti-Spam_Training_Filters]]
+
* http://bugzilla.zimbra.com/show_bug.cgi?id=4720
* [[CLI_zmtrainsa]]
+
 
* [[Improving_Anti-spam_system]]
+
===Quota Issues===
* [[Postfix_Policyd]]
+
 
* [[IP_Address_whitelisting]]
+
====Where To Adjust Message User Gets When They Are Over Quota====
* [[Spam_training]]
+
 
*  Restrict by user
+
Moved to [[How_To_Adjust_The_Over_Quota_Message_The_User_Receives]]
** [[RestrictPostfixRecipients]]
+
 
* Restrict by ip addresses and sender and other items:
+
====See Current User Qoutas====
** [http://www.postfix.org/RESTRICTION_CLASS_README.html Postfix - Restriction Class Readme]
 
*** Note, from the readme:
 
**** "What follows is based on the SMTP client IP address, and therefore is subject to IP spoofing."
 
**** "What follows is based on the sender SMTP envelope address, and therefore is subject to SMTP sender spoofing."
 
  
Wiki articles that have been assigned to the anit-spam category:
+
Moved to [[Getting_All_Users_Quota_Data]]
  
* [http://wiki.zimbra.com/index.php?title=Category:Anti-spam Category:Anti-spam]
+
====Controlling Behavior For Messages Sent To Over Quota Mailbox - LMTP====
  
Down to the end-user:
+
Moved to [[Controlling_Behavior_For_Messages_Sent_To_Over_Quota_Mailbox_-_LMTP]]
  
* [[Cool_User_Spam_Filters]]
+
====Controlling Behavior For Messages Sent To Over Quota Mailbox - SMTP====
* [http://www.zimbra.com/community/end_user_guide_and_how_to.html End-User Guide And How-To]
 
  
=====External Relay Test Pages=====
+
Moved to [[Controlling_Behavior_For_Messages_Sent_To_Over_Quota_Mailbox_-_SMTP]]
  
* http://www.checkor.com/
+
====Message Senders Receive About Mailbox Over Quota====
** Note - this test is in regards to the From spoofing spammers sometimes do for DL's.
+
 
** Also, for the test - make an account/DL on your system for test1@[your domain] . Otherwise you'll just error about account not existing.
+
Moved to [[Message_Senders_Receive_About_Mailbox_Over_Quota]]
<pre>
+
 
RSET
+
====Quota Not Showing In Admin Console - After ZCS Upgrade====
250 2.0.0 Ok
 
MAIL FROM: spam@mail59.DOMAIN.com
 
250 2.1.0 Ok
 
RCPT TO: test1@mail59.DOMAIN.com
 
Test Failed, 250 2.1.5 Ok
 
</pre>
 
  
* http://www.mailradar.com/openrelay/
+
Moved to [[Quota_Not_Showing_In_Admin_Console_-_After_ZCS_Upgrade]]
  
====Blocking MAIL FROM - smtpd_sender_restrictions - Default Is Empty====
+
===Managing Postfix Queue===
  
=====External References=====
+
Moved to [[Managing_The_Postfix_Queues#Managing_The_Postfix_Queues]]
  
* External Sources
+
====Postfix, Amavis, Clamav Spool Directory Paths And Names====
** Postfix
 
*** [http://www.postfix.org/postconf.5.html#smtpd_sender_restrictions Postfix On smtpd_sender_restrictions]
 
** Milter
 
*** [http://www.postfix.org/MILTER_README.html#limitations Postfix's Milter Readme - Limitations]
 
**** [http://puszcza.gnu.org.ua/software/mailfromd/ Mailfromd]
 
***** [http://puszcza.gnu.org.ua/software/mailfromd/manual/html_section/SAV.html#SEC7 Mailfromd - Sender Address Verification]
 
** [http://www.symantec.com/connect/articles/anti-spam-solutions-and-security Anti-Spam Solutions and Security]
 
  
=====Zimbra References And Bugs & RFE's=====
+
Moved to [[Managing_The_Postfix_Queues#Postfix.2C_Amavis.2C_Clamav_Spool_Directory_Paths_And_Names]]
  
* Zimbra Related Soures
+
====Stop And Starting Postfix And Mta====
** "policy for who can send to a distribution lists"
 
*** https://bugzilla.zimbra.com/show_bug.cgi?id=9620
 
**** '''Note - This will not stop spammers from mailing into your DL's by way of forged Mail From and guessing your DL address in the To'''
 
** "support smtpd_sender_login_maps for smtp auth"
 
*** http://bugzilla.zimbra.com/show_bug.cgi?id=11258
 
** "Implement smtpd_sender_restrictions"
 
*** http://bugzilla.zimbra.com/show_bug.cgi?id=15808
 
** "milter to check if sender can send to a distribution list"
 
*** https://bugzilla.zimbra.com/show_bug.cgi?id=46311
 
**** Dependent upon bug 9620
 
** Zimbra Forum Post on using smtpd_sender_restrictions options
 
*** [http://www.zimbra.com/forums/administrators/28770-how-enforce-sasl_username-address.html  How to enforce sasl_username=FROM ADDRESS"
 
** Another Zimbra Forum Post on using smtpd_sender_restrictions options
 
*** [http://www.zimbra.com/forums/administrators/39095-need-urgent-help-spamming-issue.html Need urgent help on spamming issue]
 
  
=====Protecting DL's From Spammers - Forging Mail From=====
+
Moved to [[Managing_The_Postfix_Queues#Stop_And_Starting_Postfix_And_Mta]]
  
======First Recommendation - As Given By Dev's From Critical Meeting Notes======
+
====To See Postfix Queue====
  
----
+
Moved to [[Managing_The_Postfix_Queues#To_See_The_Postfix_Queues]]
  
* Enabled SASL/SMTP Authentication
+
=====Qshape - Print Postfix queue domain and age distribution=====
** Ref: http://wiki.zimbra.com/index.php?title=SMTP_Auth_Problems
 
* Implement how-to as described in :
 
** Permitted Senders: [[RestrictPostfixRecipients]]
 
*** '''Note: You'll see on the above page a reference to the spoof hole.'''
 
**** '''''"This method can be spoofed by forging the MAIL FROM: header (so mail appears to originate from within the domain), so it isn't foolproof, but it works for basic needs."'''''
 
*** '''Note: You'll also modify the instructions as above with addition details provided below.'''
 
* Force authentication for local-domain senders:
 
** modify the main.cf to have the following:
 
*** smtpd_sender_restrictions = check_sender_access hash:/path/to/file
 
** Then for the /path/to/file that you used in the mail.cf for smtpd_sender_restrictions, you'll have a line like:
 
*** example.com            permit_sasl_authenticated, reject
 
  
======Second Recommendation - Unpredictable DL name or Non-routing Domain======
+
Moved to [[Managing_The_Postfix_Queues#Qshape_-_Print_Postfix_queue_domain_and_age_distribution]]
  
----
+
====To View A Message In The Queue====
  
Do not use predictable DL names. Instead of using everyone@company.com , use something like everyone-[random-string]@company.com .
+
Moved to [[Managing_The_Postfix_Queues#To_View_A_Message_In_The_Queue]]
  
Another option is to use a non-routing domain - company.local - and setup your DL's there. You'll want to configure your main domain to be able to query the GAL of this domain.
+
====To Flush Postfix Queue====
  
To see the existing setting:
+
Moved to [[Managing_The_Postfix_Queues#To_Flush_Postfix_Queue]]
  
zmprov gd [domainname] zimbraGalLdapSearchBase
+
====To Requeue Messages In Postfix====
  
To change the variable for the domain:
+
Moved to [[Managing_The_Postfix_Queues#To_Requeue_Messages_In_Postfix]]
  
zmprov md [domainname] zimbraGalInternalSearchBase ROOT
+
====To Put Messages On Hold====
  
======Third Recommendation - Using smtpd_sender_restrictions======
+
Moved to [[Managing_The_Postfix_Queues#To_Put_Messages_On_Hold]]
  
----
+
====To Delete Messages From Queue====
  
:::'''Work In Progress. I'm testing this now. Please don't attempt until this line is removed.'''
+
Moved to [[Managing_The_Postfix_Queues#To_Delete_Messages_From_Queue]]
  
Update: See the following:
+
=====Cautionary Note=====
* "Enforcing a match between the FROM Address and sasl_username in Zimbra Collaboration Server (2011281)"
 
** http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2011281
 
  
This should work if your "clients" are using ZWC, ZCO, or ActiveSync mobile devices. If you are using IMAP/POP + STMP thick clients, you'll most likely have to enable smtp authentication [sasl] and use the reject_authenticated_sender_login_mismatch variable instead.
+
Moved to [[Managing_The_Postfix_Queues#Cautionary_Note]]
  
postconf -e smtpd_sender_restrictions=reject_sender_login_mismatch
+
=====Relevant Sections Of Postsuper Man Page=====
postfix reload
 
  
This option is described as: 
+
Moved to [[Managing_The_Postfix_Queues#Relevant_Sections_Of_Postsuper_Man_Page]]
  
:'''''reject_sender_login_mismatch'''''
+
=====To Delete Single Message From Queue=====
:: ''Reject the request when $smtpd_sender_login_maps  specifies an owner for the MAIL FROM address, but the client is not (SASL) logged in as that MAIL FROM address owner; or when the client is (SASL) logged in, but the client login name doesn't own the MAIL FROM address according to $smtpd_sender_login_maps.''  [http://www.postfix.org/postconf.5.html#smtpd_sender_restrictions Man page]
 
  
====Some Other SMTP Sending Restrictions====
+
Moved to [[Managing_The_Postfix_Queues#To_Delete_Single_Message_From_Queue]]
  
=====Blocking Incoming From Domain And By User=====
+
=====To Delete ALL Messages From Queue=====
 +
 
 +
Moved to [[Managing_The_Postfix_Queues#To_Delete_ALL_Messages_From_Queue]]
  
See the following:
+
======To Delete ALL Messages From The Deferred Queue======
  
* [[Domain_level_blocking_of_users]]
+
Moved to [[Managing_The_Postfix_Queues#To_Delete_ALL_Messages_From_The_Deferred_Queue]]
* [[Improving_Anti-spam_system#Implementing_Whitelist.2FBlacklist]]
 
  
=====check_client_access=====
+
======To Delete ALL Messages From The Hold Queue======
  
The smtpd_client_restrictions parameter restricts what clients this system accepts SMTP connections from. The default behavior is to allow SMTP connections from any client. This is discussed under [http://www.postfix.org/spam.html Spam Controls] on the Postfix site.
+
Moved to [[Managing_The_Postfix_Queues#To_Delete_ALL_Messages_From_The_Hold_Queue]]
  
Example:
+
=====To Delete Many Messages From Queue=====
  
check_client_access regexp:/etc/postfix/access_sender_client_server,
+
Moved to [[Managing_The_Postfix_Queues#To_Delete_Many_Messages_From_Queue]]
  
Example:
+
=====Delete From Queue By Email Address=====
  
check_sender_access regexp:/etc/postfix/access_sender_toplevel
+
Moved to [[Managing_The_Postfix_Queues#Delete_From_Queue_By_Email_Address]]
  
=====smtpd_reject_unlisted_sender=====
+
======From CLI======
  
Details can be found on the [http://www.postfix.org/postconf.5.html#smtpd_reject_unlisted_recipient mail.cf] Postfix page.
+
Moved to [[Managing_The_Postfix_Queues#From_CLI]]
  
Example:
+
======Script To Delete From Queue By Email Address======
  
smtpd_reject_unlisted_sender = yes
+
Moved to [[Managing_The_Postfix_Queues#Script_To_Delete_From_Queue_By_Email_Address]]
  
Possible Bug:
+
======Script To Delete From Queue By Various Variable Targets======
 
http://bugzilla.zimbra.com/show_bug.cgi?id=24889
 
  
====What's Your SPF Records Say, When Getting "does not designate 74.x.x.x as permitted sender Errors"====
+
Moved to [[Managing_The_Postfix_Queues#Script_To_Delete_From_Queue_By_Various_Variable_Targets]]
  
This is most likely related to the SPF records for your domain and what the header content of the sending email states as it's Mail From. For example, this is from the header of an email that was "received":
+
{{Article Footer|Zimbra Collaboration 8.0, 7.0|04/16/2014}}
  
<pre>
+
----
Received: from mail.XYZ-FAKE.com (mailhost.XYZ-FAKE.com [74.X.X.244]) by mta01.ABC-FAKE.com with ESMTP id
 
Cft0mO3fjlFGQjTA for <support@ABC-FAKE.com>; Tue, 21 Apr 2009 05:14:13 -0700 (PDT)
 
X-Barracuda-Envelope-From: testuser@XYZ-FAKE.com
 
Received-SPF: pass (mta01.ABC-FAKE.com: domain of testuser@XYZ-FAKE.com designates 74.X.X.244 as permitted sender)
 
receiver=mta01.ABC-FAKE.com; client_ip=74.X.X.244; envelope-from=testuser@XYZ-FAKE.com;
 
</pre>
 
 
 
To see what this check was done against, do the following below. I'll trim the output and adjust the information used to protect the innocent. Also, notice how a DNS "alias" might cause an issue here? :
 
 
 
<pre>
 
 
 
$ host 74.X.X.244
 
244.X.X.74.in-addr.arpa domain name pointer mailhost.XYZ-FAKE.com.
 
 
 
$ host mailhost.XYZ-FAKE.com
 
mailhost.XYZ-FAKE.com has address 74.X.X.244
 
 
 
$ host mail.XYZ-FAKE.com
 
mail.XYZ-FAKE.com is an alias for mailhost.XYZ-FAKE.com.
 
mailhost.XYZ-FAKE.com has address 74.X.X.244
 
 
 
$ dig XYZ-FAKE.com MX
 
 
 
;; QUESTION SECTION:
 
;XYZ-FAKE.com. IN MX
 
 
 
;; ANSWER SECTION:
 
XYZ-FAKE.com. 3600 IN MX 22 serverA.DNS-FAKE.com.
 
XYZ-FAKE.com. 3600 IN MX 11 serverB.DNS-FAKE.com.
 
 
 
$ dig XYZ-FAKE.com TXT
 
 
 
;; QUESTION SECTION:
 
;XYZ-FAKE.com. IN TXT
 
 
 
;; ANSWER SECTION:
 
XYZ-FAKE.com. 3600 IN TXT "v=spf1 a:mail.XYZ-FAKE.com ~all"
 
 
 
</pre>
 
 
 
See the following for more information:
 
 
 
* http://www.openspf.org/
 
* http://www.schlitt.net/spf/spf_classic/draft-schlitt-spf-classic-02.html#publishing
 
** All of the 3.x section.
 
 
 
===Using Different SMTP Server For Webclient (ZWC), Mobiles, And ZCO===
 
 
 
====Note Of Caution About Using External MTAs====
 
 
 
Using non-zimbra MTA's can cause some options in zimbra to not function anymore - since it no longer has zimbra's mta services available.
 
 
 
=====Zimbra Mail Forwarding Possibly Will Not Work - Turn Off User Option To Set MailForwarding=====
 
 
 
Mail forwarding might no longer work depending on the configuration you setup regarding the use of your external mta's. When this happens you'll most likely want to disable the option for users to set a mail forwarding address in their preferences. This can be done via their COS or USER configuration.
 
 
 
* In the admin console, goto the COS configuration the user/s are using and the "Features" tab. Uncheck the option "Allow the user to specify a forwarding address" under Mail Features. It is in the same location under a USERs configuration panel in the admin console.
 
 
 
In the CLI, you will see these set as the defaults for the default COS. The admin gui option above only adjusts the zimbraFeatureMailForwardingEnabled variable :
 
 
 
$ zmprov gc default | grep zimbraFeatureMailForwarding
 
    zimbraFeatureMailForwardingEnabled: TRUE
 
    zimbraFeatureMailForwardingInFiltersEnabled: TRUE
 
 
 
$ zmprov ga ajcody@`zmhostname` | grep zimbraFeatureMailForwarding
 
    zimbraFeatureMailForwardingEnabled: TRUE
 
    zimbraFeatureMailForwardingInFiltersEnabled: TRUE
 
 
 
More details about them are in the /opt/zimbra/conf/attrs/zimbra-attrs.xml file.
 
 
 
<pre>
 
<attr id="342" name="zimbraFeatureMailForwardingEnabled" type="boolean" cardinality="single"
 
optionalIn="account,cos" flags="accountInfo,accountInherited,domainAdminModifiable">
 
  <defaultCOSValue>TRUE</defaultCOSValue>
 
  <desc>enable end-user mail forwarding features</desc>
 
</attr>
 
 
 
<attr id="704" name="zimbraFeatureMailForwardingInFiltersEnabled" type="boolean"
 
cardinality="single" optionalIn="account,cos" flags="accountInfo,accountInherited,
 
domainAdminModifiable" since="5.0.10">
 
  <defaultCOSValue>TRUE</defaultCOSValue>
 
  <desc>enable end-user mail forwarding defined in mail filters features</desc>
 
</attr>
 
</pre>
 
 
 
=====Configure External MTA To Use LDAP Virtual Alias Maps=====
 
 
 
Here's the basic info in regards to how Zimbra's mta [postfix/etc] uses Zimbra's LDAP to get the forwarding information:
 
 
 
$ grep Forward conf/ldap-*
 
conf/ldap-vam.cf:result_attribute = 
 
zimbraMailDeliveryAddress,zimbraMailForwardingAddress,
 
zimbraPrefMailForwardingAddress,zimbraMailCatchAllForwardingAddress
 
 
 
$ postconf |grep vam
 
virtual_alias_maps = proxy:ldap:/opt/zimbra/conf/ldap-vam.cf
 
 
 
See http://www.postfix.org/postconf.5.html#virtual_alias_maps for more information.
 
 
 
====Confirming And Setting zimbraMtaRelayHost And zimbraMtaDnsLookupsEnabled====
 
 
 
First we'll set '''''zimbraMtaRelayHost''''' and '''''zimbraMtaDnsLookupsEnabled''''' variables. These options are also shown in the admin console and can be configured there. These variable alone will not redirect ALL traffic to an external MTA first though. There's alao a variable called zimbraSmtpHostname that is in the global (zmprov gacf) and server (zmprov gs `hostname`) configs - addressed in the section below. It's defaulted value is 'localhost' - at least on a single ZCS configuration.
 
 
 
In situations where you need/want all mail to be processed by, for example, an external non-Zimbra spam filter box you could set this variable to the spam filter servers hostname.
 
 
 
Normally, when zimbraMtaRelayHost is set to a non-zimbra external MTA would disable DNS lookups. If you disable DNS Lookups (under the MTA tab of the admin console, or with zmprov), Zimbra will end up using (according to the postconf man page) the "gethostbyname() system library routine which normally also looks in /etc/hosts" (based on the entries on the "hosts" line in /etc/nsswitch.conf). If you do this but don't also specify an SMTP relay host (typically your ISP's SMTP server), which will take care of checking DNS, you will reverse your ability to send mail: suddenly you can send mail to other users on the Zimbra server, but you can't send to the internet (though you can still receive mail from the internet either way).
 
 
 
Query Global - `zmhostname` would use the value returned, you can manual type out the servername as well :
 
 
 
zmprov gacf zimbraMtaRelayHost
 
zmprov gacf zimbraMtaDnsLookupsEnabled
 
 
 
Query Per Server - `zmhostname` would use the value returned, you can manual type out the servername as well :
 
 
 
zmprov gs `zmhostname` zimbraMtaRelayHost
 
zmprov gs `zmhostname` zimbraMtaDnsLookupsEnabled
 
 
 
Note - if you get errors about doing the query on your non-mailstores like, "ERROR: zclient.IO_ERROR (invoke Connection refused, server: localhost) (cause: java.net.ConnectException Connection refused)" then you might need to adjust this variable. First query it, it's most likely set to localhost
 
 
 
zmlocalconfig zimbra_zmprov_default_soap_server
 
 
 
If you had the error and it was set to localhost, modify it to be one of your mailstores.
 
 
 
zmlocalconfig -e zimbra_zmprov_default_soap_server=mailstore.example.com
 
 
 
No restart of anything is needed, the zmprov query should now work.
 
 
 
Modify Global - `zmhostname` would use the value returned, you can manual type out the servername as well :
 
 
 
zmprov mcf zimbraMtaRelayHost hostname-of-ext-server:PORT
 
  ** ex : zmprov mcf zimbraMtaRelayHost primary.YYY.state.XX.us:25
 
  ** At the end, 25 is the port number for smtp on the targeted system.
 
  ** Adjust this number if you changed the smtp port.
 
zmprov mcf zimbraMtaDnsLookupsEnabled FALSE
 
 
 
Modify Per Server - `zmhostname` would use the value returned, you can manual type out the servername as well :
 
 
 
zmprov ms `zmhostname` zimbraMtaRelayHost hostname-of-ext-server:PORT
 
  ** ex : zmprov ms `zmhostname` zimbraMtaRelayHost primary.YYY.state.XX.us:25
 
  ** At the end, 25 is the port number for smtp on the targeted system.
 
  ** Adjust this number if you changed the smtp port.
 
zmprov ms `zmhostname` zimbraMtaDnsLookupsEnabled FALSE
 
 
 
====Confirming And Setting zimbraSmtpHostname====
 
 
 
I'm assuming you already set, '''''zimbraMtaRelayHost''''' and '''''zimbraMtaDnsLookupsEnabled''''' for your needs - see above section. The variable called zimbraSmtpHostname is in the global (zmprov gacf) and server (zmprov gs `hostname`) configs. It's default value is set to 'localhost' - at least on a single ZCS configuration.
 
 
 
In cases where you need/want all mail to be processed by, for example, an external non-Zimbra spam filter box you could set this variable to the spam filter boxes hostname.
 
 
 
Query Global - `zmhostname` would use the value returned, you can manual type out the servername as well :
 
 
 
zmprov gacf zimbraSmtpHostname
 
 
 
Query Per Server - `zmhostname` would use the value returned, you can manual type out the servername as well :
 
 
 
zmprov gs `zmhostname` zimbraSmtpHostname
 
 
 
Note - if you get errors about doing the query on your non-mailstores like, "ERROR: zclient.IO_ERROR (invoke Connection refused, server: localhost) (cause: java.net.ConnectException Connection refused)" then you might need to adjust this variable. First query it, it's most likely set to localhost
 
 
 
zmlocalconfig zimbra_zmprov_default_soap_server
 
 
 
If you had the error and it was set to localhost, modify it to be one of your mailstores.
 
 
 
zmlocalconfig -e zimbra_zmprov_default_soap_server=mailstore.example.com
 
 
 
No restart of anything is needed, the zmprov query should now work.
 
 
 
Modify Global - `zmhostname` would use the value returned, you can manual type out the servername as well :
 
 
 
zmprov mcf zimbraSmtpHostname hostname-of-ext-server
 
  ** ex : zmprov mcf zimbraSmtpHostname primary.YYY.state.XX.us
 
 
 
Modify Per Server - `zmhostname` would use the value returned, you can manual type out the servername as well :
 
 
 
zmprov ms `zmhostname` zimbraSmtpHostname hostname-of-ext-server
 
  ** ex : zmprov ms `zmhostname` zimbraSmtpHostname primary.YYY.state.XX.us
 
 
 
====External Email Clients Setting A SMTP Server====
 
 
 
The above variable, zimbraSmtpHostname, will not alter your third party email clients that are setting the smtp server to your ZCS mta's. Here are your options if you also need to have that traffic to go through another device [mta, spam filter, etc.] prior to local delivery [lmtp] to an internal address.
 
 
 
* Set your clients to use the another devices ip address or hostname that you set for zimbraSmtpHostname.
 
 
 
If you can't do the above, for whatever reason -- maybe security constraints or issues that might arise being a hosting provider, then see below.
 
 
 
# You could investigate the alternation of postfix's content_filter option to place the external device/host [a barracuda for example] within that process. postfix.org has information on this - [http://www.postfix.org/FILTER_README.html Postfix After-Queue Content Filter]. This would be unsupported by Zimbra.
 
# Contact Zimbra's Professional Services [PS] team for help.
 
# Setup another server using a mta of your choice [postfix , sendmail] that the clients can use for the smtp server variable. This "new" mta would then simply relay to the device - a barracuda box for example. The barracuda would then do what it needs to and then forwards the messages to the appropriate servers for delivery. Your ZCS mta's in the case of local delivery that would of normally occurred over lmtp - userA@domainC.com sending to userB@domainC.com .
 
 
 
===Global Or System Wide Filters===
 
 
 
There is no "supported" solution for this - depending on the exact circumstances. It's a complex issue because each request for "global filters" tends to be very specific on either what's to be filter, what actions are to be taken, and so forth.
 
 
 
====RFE's Related To Global Filters====
 
 
 
* "Define a default filter rule for spam that users can apply before custom filters"
 
** http://bugzilla.zimbra.com/show_bug.cgi?id=12701
 
* "admin assignable mail filters"
 
** http://bugzilla.zimbra.com/show_bug.cgi?id=35452
 
 
 
====Use The Legal Intercept Method====
 
 
 
Depending on the details of your request, using the Legal Intercept options might be useful. You could take the results that goto the LI mailbox and then perform your admin global searches against your mailbox accounts to take the appropriate action.
 
 
 
See [[Legal_Intercept]]
 
 
 
====Sieve Filter Set For Every Account====
 
 
 
One could setup a forloop for all of your users and setup a sieve filter. Downside here is the rules are editable by the users and you would have to manage the rules for new accounts going forward.
 
 
 
See [[User_Migration#Migrating_Sieve_Filter_Rules ]] for details.
 
 
 
====Double Check The Current Anti-Spam Options====
 
 
 
Make sure your request can't be solved by the current solutions described in [[Category:Anti-spam]] articles.
 
 
 
====Postfix , Amavis Customizations====
 
 
 
I've seen some posts on the forums that customers found their own workarounds by customizing postfix and amavis. This will most likely result in an unsupported situation. Unfortunately, those forum posts don't also include details that I can share here. Hopefully I can find them going forward and I'll post them here.
 
 
 
===Global Disclaimer Options===
 
 
 
Here's the url to review for a "current" possibility:
 
 
 
* http://wiki.zimbra.com/index.php?title=Domain_Disclaimer_Extension_Admin_UI
 
 
 
And in the notes section there's a comment about multi-servers:
 
 
 
* http://wiki.zimbra.com/index.php?title=Talk:Domain_Disclaimer_Extension_Admin_UI
 
 
 
Please note though, "This article is a community contribution and may include unsupported customizations." Meaning, it's an unsupported customization, so please take the necessary precautions.
 
 
 
In regards to an official and supported way to do this, please review this RFE:
 
 
 
* http://bugzilla.zimbra.com/show_bug.cgi?id=4720
 
 
 
===Quota Issues===
 
 
 
====Where To Adjust Message User Gets When They Are Over Quota====
 
 
 
* From the web admin console:
 
** Configuration > Class of Service
 
** Select the COS in question
 
** Then goto the Advanced tab on the right
 
** There's a quota section. The sub-section you want is called:
 
*** "Quota warning message template:"
 
 
 
====See Current User Qoutas====
 
 
 
Please see [[Ajcody-Logging#Getting_All_User_Quota_Data_.28not_zmstat_related_really.29|Getting All User Quota Data (not zmstat related really)]]
 
 
 
====Controlling Behavior For Messages Sent To Over Quota Mailbox - LMTP====
 
 
 
The variable to set for a 452 Temp/Try Again response verses a 552 Permanent Error. This happens over lmtp rather than smtp. For smtp, see below.
 
 
 
zmprov gacf zimbraLmtpPermanentFailureWhenOverQuota
 
 
 
Setting to TRUE will flag it for the 552 response.
 
 
 
zmprov mcf zimbraLmtpPermanentFailureWhenOverQuota TRUE
 
 
 
References:
 
 
 
* "Configurable treatment for inbound over quota mail"
 
** http://bugzilla.zimbra.com/show_bug.cgi?id=27838
 
* http://www.zimbra.com/forums/administrators/19950-about-postfix-lmtp-quotas.html
 
 
 
====Controlling Behavior For Messages Sent To Over Quota Mailbox - SMTP====
 
 
 
References:
 
 
 
* RFE "quota check during smtp transaction"
 
** http://bugzilla.zimbra.com/show_bug.cgi?id=32592
 
** Currently, Sept 2010, targeted for the IronMaiden release.
 
* http://www.zimbra.com/forums/administrators/19950-about-postfix-lmtp-quotas.html
 
 
 
====Message Senders Receive About Mailbox Over Quota====
 
 
 
File that holds text of message:
 
 
 
/opt/zimbra/postfix/conf/bounce.cf.default
 
 
 
Note, please read the [http://www.postfix.org/bounce.5.html bounce MAN] page before you attempt to edit this file directly.
 
 
 
Also, I haven't been able to confirm the relationship of this above file with the postconf default output:
 
 
 
<pre>
 
[root@mail3 ~]# postconf | grep -i bounce
 
2bounce_notice_recipient = postmaster
 
backwards_bounce_logfile_compatibility = yes
 
bounce_notice_recipient = postmaster
 
bounce_queue_lifetime = 5d
 
bounce_service_name = bounce
 
bounce_size_limit = 50000
 
bounce_template_file =
 
disable_verp_bounces = no
 
double_bounce_sender = double-bounce
 
multi_recipient_bounce_reject_code = 550
 
soft_bounce = no
 
</pre>
 
 
 
To use a bounce.cf file, you'll want to add the file to variable and reload postfix via the zmmtactl script. It looks like zmlocalconfig doesn't currently handle this variable.
 
 
 
cp /opt/zimbra/postfix/conf/bounce.cf.default /opt/zimbra/postfix/conf/bounce.cf
 
postconf -e bounce_template_file="/opt/zimbra/postfix/conf/bounce.cf"
 
zmmtactl reload
 
 
 
Note, this might get lost during upgrades so make a note to yourself about this change.
 
 
 
Another reference : [http://www.howtoforge.com/configure-custom-postfix-bounce-messages Configure Customer Postfix Bounce Messages]
 
 
 
====Quota Not Showing In Admin Console - After ZCS Upgrade====
 
 
 
There might be some server attributes missing. To have the mail quota work properly, zimbraServiceInstalled mailbox must be true.
 
 
 
$zmprov gs `zmhostname` zimbraServiceInstalled
 
 
 
It must contain mailbox for the quota information to be available.
 
 
 
To set the zimbraServiceInstalled to true for "mailbox".
 
 
 
$zmprov ms `zmhostname` +zimbraServiceInstalled mailbox
 
 
 
I would think a zimbra restart would necessary as well for us to see the changes in the quota admin console view.
 
 
 
===Managing Postfix Queue===
 
 
 
====Postfix, Amavis, Clamav Spool Directory Paths And Names====
 
 
 
ls /opt/zimbra/data
 
  amavisd  clamav  dspam  postfix
 
 
 
ls /opt/zimbra/data/postfix/spool/
 
  active  active.old  bounce  corrupt  defer  deferred 
 
  flush  hold  incoming  incoming.old  maildrop  pid 
 
  private  public  saved  trace
 
 
 
====Stop And Starting Postfix And Mta====
 
 
 
To only stop and start postfix:
 
 
 
postfix stop
 
postfix start
 
 
 
To stop and start postfix, amavis, and clam:
 
 
 
zmmtactl stop
 
zmmtactl start
 
 
 
====To See Postfix Queue====
 
 
 
As zimbra using sudo - show a summary of queue count - ~/libexec/zmqstat:
 
<pre>
 
[zimbra@mail37 ~]$ sudo ~/libexec/zmqstat
 
hold=0
 
corrupt=0
 
deferred=0
 
active=0
 
incoming=0
 
</pre>
 
 
 
As zimbra - /opt/zimbra/postfix/sbin/postqueue -p
 
<pre>
 
[zimbra@mail37 ~]$ /opt/zimbra/postfix/sbin/postqueue -p
 
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
 
EC753D0D00*    328 Thu Apr  5 14:34:09  sender@sourcedomainname.local
 
                                        recipient@destinationdomainname.local
 
 
 
-- 0 Kbytes in 1 Request.
 
</pre>
 
 
 
As zimbra - mailq
 
<pre>
 
[zimbra@mail37 ~]$ mailq
 
Mail queue is empty
 
</pre>
 
 
 
=====Qshape - Print Postfix queue domain and age distribution=====
 
 
 
/opt/zimbra/bin/qshape
 
 
 
References:
 
 
 
* http://www.postfix.org/qshape.1.html
 
* http://www.postfix.org/QSHAPE_README.html
 
 
 
Example output:
 
 
 
<pre>
 
$ qshape -s hold | head
 
                        T  5 10 20 40 80 160 320 640 1280 1280+
 
                TOTAL 486  0  0  1  0  0  2  4  20  40  419
 
            yahoo.com  14  0  0  1  0  0  0  0  1    0    12
 
  extremepricecuts.net  13  0  0  0  0  0  0  0  2    0    11
 
        ms35.hinet.net  12  0  0  0  0  0  0  0  0    1    11
 
      winnersdaily.net  12  0  0  0  0  0  0  0  2    0    10
 
          hotmail.com  11  0  0  0  0  0  0  0  0    1    10
 
          worldnet.fr  6  0  0  0  0  0  0  0  0    0    6
 
        ms41.hinet.net  6  0  0  0  0  0  0  0  0    0    6
 
                osn.de  5  0  0  0  0  0  1  0  0    0    4
 
</pre>
 
 
 
====To View A Message In The Queue====
 
 
 
Get the message id and use post cat:
 
 
 
/opt/zimbra/postfix/sbin/postcat -q EC753D0D00
 
 
 
or with more information, include the -v option:
 
 
 
/opt/zimbra/postfix/sbin/postcat -qv EC753D0D00
 
 
 
====To Flush Postfix Queue====
 
 
 
/opt/zimbra/postfix/sbin/postqueue -f
 
 
 
====To Requeue Messages In Postfix====
 
 
 
/opt/zimbra/postfix/sbin/postsuper -r ALL
 
 
 
More explanation from the postsuper man page:
 
 
 
<pre>
 
-r queue_id
 
              Requeue  the  message  with the named queue ID from
 
              the named mail queue(s) (default:  hold,  incoming,
 
              active  and  deferred).  To  requeue multiple mes-
 
              sages, specify multiple -r command-line options.
 
 
 
              Alternatively, if a queue_id of - is specified, the
 
              program reads queue IDs from standard input.
 
 
 
              Specify  "-r  ALL"  to  requeue  all messages. As a
 
              safety measure, the word ALL must be  specified  in
 
              upper case.
 
 
 
              A  requeued message is moved to the maildrop queue,
 
              from where  it  is  copied  by  the  pickup(8)  and
 
              cleanup(8)  daemons  to  a  new queue file. In many
 
              respects its handling differs from that  of  a  new
 
              local submission.
 
 
 
              o      The  message  is  not  subjected  to  the
 
                    smtpd_milters or non_smtpd_milters settings.
 
                    When  mail  has  passed  through an external
 
                    content filter, this would produce incorrect
 
                    results with Milter applications that depend
 
                    on original SMTP connection  state  informa-
 
                    tion.
 
 
 
              o      The  message  is  subjected  again  to  mail
 
                    address rewriting and substitution.  This is
 
                    useful  when rewriting rules or virtual map-
 
                    pings have changed.
 
 
 
                    The  address  rewriting  context  (local  or
 
                    remote)  is the same as when the message was
 
                    received.
 
 
 
              o      The message is subjected to  the  same  con-
 
                    tent_filter  settings  (if  any) as used for
 
                    new local mail submissions.  This is  useful
 
                    when content_filter settings have changed.
 
 
 
              Warning:  Postfix queue IDs are reused.  There is a
 
              very small possibility that  postsuper(1)  requeues
 
              the  wrong  message  file when it is executed while
 
              the Postfix mail system is  running,  but  no  harm
 
              should be done.
 
 
 
              This feature is available in Postfix 1.1 and later.
 
</pre>
 
 
 
====To Put Messages On Hold====
 
 
 
If there’s ‘*’ character next to queue ID , EC753D0D00* , it means that this message is in the active queue e.g. attempts to deliver the messages are made.
 
 
 
If there’s ‘!’ character next to queue ID , EC753D0D00! , it means that this message is put “on hold”.
 
 
 
To put a message on hold:
 
 
 
~# /opt/zimbra/postfix/sbin/postsuper -h EC753D0D00
 
 
 
To put on hold messages from user@domain.com:
 
 
~# /opt/zimbra/postfix/sbin/postqueue -p | awk ‘BEGIN { RS = “” } { if ($7 == “user@domain.com” ) print $1 }’ | tr -d ‘!*’ | postsuper -h -
 
 
 
To put all messages on hold:
 
 
 
~# /opt/zimbra/postfix/sbin/postsuper -h ALL
 
postsuper: Placed on hold: 6 messages
 
 
 
====To Delete Messages From Queue====
 
 
 
=====Cautionary Note=====
 
 
 
::'''Warning, deleting messages from the queue can have a negative consequence of your users. You might need to account for the action and/or confirm your deletion was appropriate. Please try to save the postqueue -p information from the various messages prior to deleting them. This will at least you give you he information to  later justify your actions on why you delete msg#.'''
 
 
 
=====Relevant Sections Of Postsuper Man Page=====
 
 
 
<pre>
 
By  default,  postsuper(1)  performs  the operations requested with the -s and -p
 
command-line options on all Postfix queue directories - this includes the incoming,
 
active and deferred directories with mail files and the bounce, defer, trace and flush
 
directories with log files.
 
 
 
  -d queue_id Delete one message with the named queue ID from the named mail queue(s)
 
    (default: hold, incoming, active and deferred).
 
    If a queue_id of - is specified, the program reads queue IDs from standard input.
 
    For example, to delete all mail with exactly one recipient user@example.com:
 
 
 
              mailq | tail +2 | grep -v '^ *(' | awk  'BEGIN { RS = "" }
 
                  # $7=sender, $8=recipient1, $9=recipient2
 
                  { if ($8 == "user@example.com" && $9 == "")
 
                        print $1 }
 
              ' | tr -d '*!' | postsuper -d -
 
 
 
      Specify "-d ALL" to remove all messages; for example, specify "-d ALL deferred"
 
      to delete all mail in the deferred queue.  As a safety measure, the word ALL must
 
      be specified in upper case.
 
 
 
      Warning: Postfix queue IDs are reused.  There is a very small possibility that
 
      postsuper deletes the wrong message file when it is executed while the Postfix mail
 
      system is delivering mail.
 
 
 
      The scenario is as follows:
 
      1)  The Postfix queue manager deletes the message that postsuper(1) is asked to
 
        delete, because Postfix is finished with the message (it is delivered, or it is
 
        returned to the sender).
 
      2)  New mail arrives, and the new message is given the same queue ID as the message
 
        that postsuper(1) is supposed to delete.  The probability for reusing a deleted
 
        queue ID is about 1 in 2**15 (the number  of  different microsecond values that
 
        the system clock can distinguish within a second).
 
      3)  postsuper(1) deletes the new message, instead of the old message that it should
 
        have deleted.
 
 
 
  -h queue_id Put mail "on hold" so that no attempt is made to deliver it.  Move one
 
    message with the named queue ID from the named mail queue(s) (default: incoming,
 
    active and deferred) to the hold queue.
 
 
 
    If a queue_id of - is specified, the program reads queue IDs from standard input.
 
    Specify "-h ALL" to hold all messages; for example, specify "-h ALL deferred" to hold
 
    all mail in the deferred queue.  As a safety measure, the word ALL must be specified
 
    in upper case.
 
    Note: while mail is "on hold" it will not expire when its time in the queue exceeds
 
    the maximal_queue_lifetime or bounce_queue_lifetime setting. It becomes subject to
 
    expiration after it is released from "hold".
 
 
 
  -H queue_id Release mail that was put "on hold".  Move one message with the named queue
 
    ID from the named mail queue(s) (default: hold) to the deferred queue.
 
 
 
    If a queue_id of - is specified, the program reads queue IDs from standard input.
 
    Note: specify "postsuper -r" to release mail that was kept on hold for a significant
 
    fraction of $maximal_queue_lifetime or $bounce_queue_lifetime, or longer.
 
 
 
    Specify "-H ALL" to release all mail that is "on hold".  As a safety measure, the
 
    word ALL must be specified in upper case.
 
 
 
  -p Purge old temporary files that are left over after system or software crashes.
 
</pre>
 
 
 
=====To Delete Single Message From Queue=====
 
 
 
/opt/zimbra/postfix/sbin/postsuper -d [MSGID From postqueue -p]
 
 
 
=====To Delete ALL Messages From Queue=====
 
 
 
/opt/zimbra/postfix/sbin/postsuper -d ALL
 
 
 
Another way to do this:
 
 
 
mailq | awk '{print $1}' | postsuper -d -
 
 
 
======To Delete ALL Messages From The Deferred Queue======
 
 
 
/opt/zimbra/postfix/sbin/postsuper -d ALL deferred
 
 
 
======To Delete ALL Messages From The Hold Queue======
 
 
 
/opt/zimbra/postfix/sbin/postsuper -d ALL hold
 
 
 
=====To Delete Many Messages From Queue=====
 
 
 
To delete a large number of files one would use:
 
 
 
/opt/zimbra/postfix/sbin/postsuper -d - < filename-with-queue-ids.txt
 
 
 
The filename, filename-with-queue-ids.txt example, would have a listing of id's like:
 
 
 
<pre>
 
3E1C6CAFFFE
 
6B862CC9D76
 
0BC38CC1BC9
 
90628CC6F3C
 
E26B9CC3C62
 
92A35CC943D
 
A84BDBCE15D
 
EA57CB1DF04
 
0F102CC74CB
 
386E8CC4DFF
 
92606CC0BDA
 
0799FC8149A
 
024CFCBD0DE
 
2D30FC47DA0
 
31D85CC6308
 
B8B3FC3DEBC
 
AA4C7C913D0
 
280F5CC8C6C
 
9F341CC8A26
 
93CD1B3B0EC
 
433D0BF3716
 
A1435CB4C38
 
2DB04CC911D
 
56A29CC8819
 
11881C8268C
 
5C050A79851
 
C6739CC4BA5
 
11D3FCC7D09
 
8CBC0B20E0A
 
</pre>
 
 
 
=====Delete From Queue By Email Address=====
 
 
 
'''Note - ''Some of the shell scripting below might fail on messages with particular status ("on delivery" or "on hold") because a "*" or a "!" is appended to the ID of the message.'''''
 
 
 
'''Update''' need to look at adjusting commands below to include something like the following in them :
 
 
tr -d '*!'
 
 
 
 
 
======From CLI======
 
 
 
Change the [ email@address.com ] variable below first.
 
 
 
'''To first see what would be deleted.''' As '''root''':
 
 
 
/opt/zimbra/postfix/sbin/postqueue -p | egrep -v '^ *\(|-Queue ID-' \
 
| awk 'BEGIN { RS = "" } { if ($7 == "email@domain.com") print $1} ' | tr -d '*!'
 
 
 
If you get error about egrep, you might need to use this syntax:
 
 
 
/opt/zimbra/postfix/sbin/postqueue -p | /bin/egrep -v '*\(|-Queue ID-' \
 
| awk 'BEGIN { RS = "" } { if ($7 == "email@address.com") print $1} ' | tr -d '*!'
 
 
 
 
 
'''To now delete, just include the postsuper -d at end''':
 
 
 
/opt/zimbra/postfix/sbin/postqueue -p | egrep -v '^ *\(|-Queue ID-' \
 
| awk 'BEGIN { RS = "" } { if ($7 == "email@domain.com") print $1} ' \
 
| tr -d '*!' | /opt/zimbra/postfix/sbin/postsuper -d -
 
 
 
'''''Older example of what I had; the ''tail +2'' was rhel4 specific'''''
 
 
 
:To first see what would be deleted:
 
 
 
:: <pre>mailq | tail +2 | grep -v '^ *(' | awk  'BEGIN { RS = "" } { if ($8 == "email@address.com" && $9 == "") print $1 } ' | tr -d '*!'</pre>
 
 
 
:To now delete, just include the postsuper -d at end:
 
 
 
:: <pre>mailq | tail +2 | grep -v '^ *(' | awk  'BEGIN { RS = "" } { if ($8 == "email@address.com" && $9 == "") print $1 } ' | tr -d '*!' | postsuper -d -</pre>
 
 
 
======Script To Delete From Queue By Email Address======
 
 
 
::'''Non-Zimbra Script and not QA'd or tested. Path adjusted though for /opt/zimbra/postfix/sbin/*'''
 
 
 
From http://www.ustrem.org/en/articles/postfix-queue-delete-en/
 
 
 
Save on file system, calling it something like - delete-queue-by-email.sh . Give it execute permission. '''Run as root'''. Example usage would be: ./delete-queue-by-email.sh  user-name@domain-test.com
 
 
 
<pre>
 
#!/usr/bin/perl -w
 
#
 
# pfdel - deletes message containing specified address from
 
# Postfix queue. Matches either sender or recipient address.
 
#
 
# Usage: pfdel <email_address>
 
#
 
 
 
use strict;
 
 
 
# Change these paths if necessary.
 
my $LISTQ = "/opt/zimbra/postfix/sbin/postqueue -p";
 
my $POSTSUPER = "/opt/zimbra/postfix/sbin/postsuper";
 
 
 
my $email_addr = "";
 
my $qid = "";
 
my $euid = $>;
 
 
 
if ( @ARGV !=  1 ) {
 
die "Usage: pfdel <email_address>\n";
 
} else {
 
$email_addr = $ARGV[0];
 
}
 
 
 
if ( $euid != 0 ) {
 
        die "You must be root to delete queue files.\n";
 
}
 
 
 
 
 
open(QUEUE, "$LISTQ |") ||
 
  die "Can't get pipe to $LISTQ: $!\n";
 
 
 
my $entry = <QUEUE>; # skip single header line
 
$/ = ""; # Rest of queue entries print on
 
# multiple lines.
 
while ( $entry = <QUEUE> ) {
 
if ( $entry =~ / $email_addr$/m ) {
 
($qid) = split(/\s+/, $entry, 2);
 
$qid =~ s/[\*\!]//;
 
next unless ($qid);
 
 
 
#
 
# Execute postsuper -d with the queue id.
 
# postsuper provides feedback when it deletes
 
# messages. Let its output go through.
 
#
 
if ( system($POSTSUPER, "-d", $qid) != 0 ) {
 
# If postsuper has a problem, bail.
 
die "Error executing $POSTSUPER: error " .
 
  "code " .  ($?/256) . "\n";
 
}
 
}
 
}
 
close(QUEUE);
 
 
 
if (! $qid ) {
 
die "No messages with the address <$email_addr> " .
 
  "found in queue.\n";
 
}
 
 
 
exit 0;
 
</pre>
 
 
 
======Script To Delete From Queue By Various Variable Targets======
 
 
 
::'''Non-Zimbra Script and not QA'd or tested. Path adjusted though for /opt/zimbra/postfix/sbin/*'''
 
 
 
From http://jwcub.wordpress.com/2006/01/20/bulk-delete-from-postfix-queue/
 
 
 
Perl script called “delete-from-mailq”:
 
 
 
<pre>
 
#!/usr/bin/perl
 
 
 
$REGEXP = shift || die “no email-adress given (regexp-style, e.g. bl.*\@yahoo.com)!”;
 
 
 
@data = qx;
 
for (@data) {
 
if (/^(\w+)(\*|\!)?\s/) {
 
$queue_id = $1;
 
}
 
if($queue_id) {
 
if (/$REGEXP/i) {
 
$Q{$queue_id} = 1;
 
$queue_id = “”;
 
}
 
}
 
}
 
 
 
open(POSTSUPER,”|/opt/zimbra/postfix/sbin/postsuper -d -”) || die “couldn’t open postsuper” ;
 
 
 
foreach (keys %Q) {
 
print POSTSUPER “$_\n”;
 
};
 
close(POSTSUPER);
 
</pre>
 
 
 
Save the above script to a file say “delete-queue.pl” in your home directory, and make it excutable:
 
 
 
chmod 755 delete-queue
 
 
 
Usage - '''Run as root''' :
 
 
 
*Delete all queued messages from or to the domain “iamspammer.com”
 
./delete-queue iamspammer.com
 
*Delete all queued messages to specific address “bogususer@mydomain.com”
 
./delete-queue bogususer@mydomain.com
 
*Delete all queued messages that begin with the word “bush” in the e-mail address:
 
./delete-queue bush*\@whateverdomain.com
 
*Delete all queued messages that contain the word “biz” in the e-mail address:
 
./delete-queue biz
 
  
 
[[Category: Community Sandbox]]
 
[[Category: Community Sandbox]]
 +
[[Category: Author:Ajcody]]
 +
[[Category: Zeta Alliance]]

Latest revision as of 19:28, 20 June 2016

Contents

Ajcody MTA Postfix Topics

   KB 2705        Last updated on 2016-06-20  




0.00
(0 votes)
24px ‎  - This is Zeta Alliance Certified Documentation. The content has been tested by the Community.


Postfix - MTA

Actual MTA & Postfix Topics Homepage

Please see Ajcody-MTA-Postfix-Topics

Missing main.cf Error

Moved to Missing_main.cf_Error_-_MTA

MTA Mail Flow - Birds-eye Overview

Moved to Postfix-Amavisd_Mail_Flow_-_Birds-eye_Overview_-_MTA

Understanding /var/log/zimbra.log And Postfix Log Events

Moved to: Understanding_zimbra.log_And_Postfix_Log_Events_-_MTA

Postfix Queue ID vs. message-id

Moved to: Postfix_Queue_ID_vs._message-id_-_MTA

Authentication Log Events

Moved to Understanding_And_Troubleshooting_Authentication_Log_Events

IMAP And Authenticated SMTP [SSL] Example

Moved to Understanding_And_Troubleshooting_Authentication_Log_Events#IMAP_And_Authenticated_SMTP_.5BSSL.5D_Example

IMAP Test Via Telnet And Logging Events Of It - Proxy Included

Moved to Understanding_And_Troubleshooting_Authentication_Log_Events#IMAP_Test_Via_Telnet_And_Logging_Events_Of_It_-_Proxy_Included

IMAP Login Via Openssl - LOGIN TLS - Proxy Included

Moved to Understanding_And_Troubleshooting_Authentication_Log_Events#IMAP_Login_Via_Openssl_-_LOGIN_TLS_-_Proxy_Included

Network Tracing Between A Remote Host And A ZCS MTA

Moved to Network_Tracing_Between_A_Remote_Host_And_A_ZCS_MTA

Finding Messages - zmmsgtrace

See the following for details [for 7.1.1+]:

Documentation at CLI_zmmsgtrace . Note, if you get command not found as the zimbra user, try /opt/zimbra/libexec/zmmsgtrace instead.

How To Increase SMTP Debug Logging - MTA

Moved to How_To_Increase_SMTP_Debug_Logging_-_MTA

Simple Troubleshooting For SMTP Via Telnet, Openssl

Moved to Simple_Troubleshooting_For_SMTP_Via_Telnet_And_Openssl

First - Understanding Your Authentication Requirements In ZCS

Moved to Simple_Troubleshooting_For_SMTP_Via_Telnet_And_Openssl#First_-_Understanding_Your_Authentication_Requirements_In_ZCS

Second - Encoding Username And Passwords For AUTH Sequence

Moved to Simple_Troubleshooting_For_SMTP_Via_Telnet_And_Openssl#Second_-_Encoding_Username_And_Passwords_For_AUTH_Sequence

For ESMTP Auth is LOGIN - Example

Moved to Simple_Troubleshooting_For_SMTP_Via_Telnet_And_Openssl#For_ESMTP_Auth_is_LOGIN_-_Example

For ESMTP Auth is Plain - Example

Moved to Simple_Troubleshooting_For_SMTP_Via_Telnet_And_Openssl#For_ESMTP_Auth_is_Plain_-_Example

For TLS/SSL - Example

Moved to Simple_Troubleshooting_For_SMTP_Via_Telnet_And_Openssl#For_TLS.2FSSL_-_Example

Testing Against Port 465

Moved to Simple_Troubleshooting_For_SMTP_Via_Telnet_And_Openssl#Testing_Against_Port_465

To Confirm An Auth User Can't Send With Another FROM Address

Moved to Simple_Troubleshooting_For_SMTP_Via_Telnet_And_Openssl#To_Confirm_An_Auth_User_Can.27t_Send_With_Another_FROM_Address

Adding A New MTA Server

Basic instructions can be found here:

Additional instructions needed beyond the above will follow as I hear about them.

Load Balancing For SMTP - Out Bound Mail

Currently, 5.x code, you have the following options:

    • An external load balancing device that will then split the traffic behind it
    • Setup a round-robin A record situation in your DNS for the external mta's you'll be using.

In, GNR/6.x, you are able to add multiple targets to the variables and we'll have some degree of "balancing" between them.

User Alias Mapping And Mail Transport with Postfix & LDAP

See User_Alias_Mapping_and_Mail_Transport_with_Postfix_&_LDAP

Multiple LDAP Servers?

Completed RFE:

  • "mta should be able to take a list of LDAP servers to take advantage of replicas."

From :

        server_host (default: localhost)
              The name of the host running the LDAP server,  e.g.

                  server_host = ldap.example.com

              Depending  on the LDAP client library you're using,
              it should be possible to specify  multiple  servers
              here,  with the library trying them in order should
              the first one fail. It should also be  possible  to
              give  each  server  in  the  list  a different port
              (overriding server_port below), by naming them like

                  server_host = ldap.example.com:1444

              With OpenLDAP, a (list of) LDAP URLs can be used to
              specify both the hostname(s) and the port(s):

                  server_host = ldap://ldap.example.com:1444
                              ldap://ldap2.example.com:1444

              All LDAP URLs accepted by the OpenLDAP library  are
              supported,  including  connections over UNIX domain
              sockets, and LDAP SSL (the last one  provided  that
              OpenLDAP was compiled with support for SSL):

                  server_host = ldapi://%2Fsome%2Fpath
                              ldaps://ldap.example.com:636

 **my note**
 This thread - http://archives.neohapsis.com/archives/postfix/2004-09/1763.html
 give me the impression they made a mistake in modifying the help file on this
 and they dropped the use/need of the command:

  server_host = ldap://ldap.example.com:1444, ldap://ldap2.example.com:1444

Just a small note on where var shows up:

[root@mail3 conf]# pwd
/opt/zimbra/conf
[root@mail3 conf]# grep server_host *
amavisd.conf.in:$myhostname = '@@zimbra_server_hostname@@';  # must be a fully-qualified domain name!
ldap-scm.cf:server_host = ldap://mail3.zimbra.DOMAIN.com:389
ldap-transport.cf:server_host = ldap://mail3.zimbra.DOMAIN.com:389
ldap-vad.cf:server_host = ldap://mail3.zimbra.DOMAIN.com:389
ldap-vam.cf:server_host = ldap://mail3.zimbra.DOMAIN.com:389
ldap-vmd.cf:server_host = ldap://mail3.zimbra.DOMAIN.com:389
ldap-vmm.cf:server_host = ldap://mail3.zimbra.DOMAIN.com:389
localconfig.xml:  <key name="zimbra_server_hostname">
zmmta.cf:	LOCAL zimbra_server_hostname
zmmta.cf:	POSTCONF myhostname		LOCAL zimbra_server_hostname

References:

Traditional Aliases Use - /etc/aliases Type Lookups

Moved to Traditional_Aliases_Use_-_/etc/aliases_Type_Lookups

Allowing Accounts To Change The From Address

Please see:

Related BUG/RFE's

Creating A Domain Alias

Please see ManagingDomains#Creating_a_Domain_Alias

Relay Domain Forwarding

Please see ManagingDomains#Relaying.2FDomain_Forwarding

Domain Catchall

Please see ManagingDomains#Domain_Catchall

Rewriting From Address For Outbound Email

Please see ManagingDomains#Domain_Masquerading

Rewrite Recipient Address For Incoming Email

There is a way to rewrite the incoming mail, but it's not a standard Zimbra feature. You can implement it as a configuration change in Postfix. Here's what you do:

  1. Create a file in /opt/zimbra/conf named 'postfix_recipientmap'.
    • The format is a single line that reads something like: @alias.domain.com @domain.com
  2. Run 'postmap postfix_recipientmap' in the conf directory.
  3. Run "postconf -e recipient_canonical_maps=hash:/opt/zimbra/conf/postfix_recipientmap".
  4. Run 'postfix reload'.

This will cause postfix to map any incoming mail with a recipient of '@alias.domain.com' to '@domain.com'. You will need to re-apply this postconf change after upgrades, though the postfix_recipientmap file should survive.

Automatic BCC

Option 1 - Via Postfix Customization

From the postfix website:

  • always_bcc = address
    • Deliver a copy of all mail to the specified address. In Postfix versions before 2.1, this feature is implemented by smtpd(8), qmqpd(8), or pickup(8).
  • sender_bcc_maps = type:table
    • Search the specified "type:table" lookup table with the envelope sender address for an automatic BCC address. This feature is available in Postfix 2.1 and later.
  • recipient_bcc_maps = type:table
    • Search the specified "type:table" lookup table with the envelope recipient address for an automatic BCC address. This feature is available in Postfix 2.1 and later.
  • Note: automatic BCC recipients are produced only for new mail. To avoid mailer loops, automatic BCC recipients are not generated for mail that Postfix forwards internally, nor for mail that Postfix generates itself.

Please see the following:

Option 2 - Via ZCS Legal Intercept

Generally used for Managing Legal Requests for Information

Description:

The ZCS legal intercept feature is used to obtain copies of email messages that are sent, received, or saved as drafts from targeted accounts and send these message to a designated “shadow” email address. Legal Intercept can be configured to send the complete content of the message or to send only the header information. When a targeted account sends, receives, or saves a draft message, an intercept message is automatically created to forward copies of the messages as attachments to the specified email address.

Please see:

Option 3 - Zimbra's Archiving And Discovery

See Ajcody-Notes-Archive-Discovery concerning A&D setup and options.

Limiting Or Increasing Number Of Recipents / Messages

Mailing Lists - Distribution Lists

Please see Ajcody-MailingLists-And-Mailman#Problems_Resolving_Virtual_Aliases_For_Members_Of_Large_Distribution_Lists

Policy Daemon

If you want to restrict messages per hour, you can look into Policy Daemon:

Beta release in ZCS 7 , see:

Postfix

Also, there are some default postfix parameters set to control sending a message to x amount recipients. The parameters you will need to look at are smtpd_recipient_limit & smtpd_recipient_overshoot_limit, these have a default value of 1000.

Postfix defines these parameters as:

  • smtpd_recipient_limit: The maximum number of recipients that the Postfix SMTP server accepts per message delivery request.
  • smtpd_recipient_overshoot_limit: The number of recipients that a remote SMTP client can send in excess of the limit specified with $smtpd_recipient_limit, before the Postfix SMTP server increments the per-session error count for each excess recipient.

From the command line you can change the default values.

su - zimbra
postconf -e smtpd_recipient_limit=<new value>
postconf -e smtpd_recipient_overshoot_limit=<new value>
postfix reload

Bugs RFE's For Customers To Get Behind

I'm wondering if policyd gives one the control everyone is looking for? I've not used it myself.

Policyd References:

There's other additions [add-on's] one can get for policyd.

We have this RFE in regards to policyd support:

Other related rfe/bugs, specially to push variables into admin web console:

Controlling SMTPD Client Connections

Mmorse did a good write up on these variables in the forum:

Postfix Resources At Their Site (All Clients/Connections):

Postfix Resources At Their Site (Exceptions To Clients/Connections Or Single Source):

Restrictions

Besides using external mailing list software, Mailman or Sympa, here's some other topical items in regards to restrictions.

Some user contributed articles:

Some Postfix references:

Some RFE's related to mta based restrictions [targets are based upon today - July 21, 2010]: