Enabling and administering the Zimbra milter: Difference between revisions
mNo edit summary |
|||
(3 intermediate revisions by the same user not shown) | |||
Line 4: | Line 4: | ||
=Enabling and administering the Zimbra milter= | =Enabling and administering the Zimbra milter= | ||
{{KB|{{Unsupported}}|{{ZCS 8.6}}|{{ZCS 8.5}}|{{ZCS 8.0}}|{{ZCS 7.0}}|}} | {{KB|{{Unsupported}}|{{ZCS 8.6}}|{{ZCS 8.5}}|{{ZCS 8.0}}|{{ZCS 7.0}}|}} | ||
==Getting Started== | ==Getting Started== | ||
Line 106: | Line 105: | ||
==Verifying permissions for an entity== | ==Verifying permissions for an entity== | ||
*Checking a single user or entity: | *Checking a single user or entity (CLI): | ||
zmprov ckr dl distributionlist@zimbra.lab userorentity@zimbra.lab sendToDistList | zmprov ckr dl distributionlist@zimbra.lab userorentity@zimbra.lab sendToDistList | ||
ALLOWED | ALLOWED | ||
*Viewing granted permissions for the distribution list: | *Checking a domain (Web Admin): | ||
Global: Home > Configure > Domain > zimbra.lab > Click on the gear > Configure Grant | |||
[[File:Enabling_and_administering_the_Zimbra_milter_8.png]] | |||
*Viewing granted permissions for the distribution list (CLI): | |||
1) Get the users Zimbra ID: | 1) Get the users Zimbra ID: | ||
Line 128: | Line 133: | ||
zimbraACE: c524877c-e0a6-4255-bb1b-d02b35cc2dd5 dom sendToDistList | zimbraACE: c524877c-e0a6-4255-bb1b-d02b35cc2dd5 dom sendToDistList | ||
zimbraACE: 99999999-9999-9999-9999-999999999999 pub sendToDistList | zimbraACE: 99999999-9999-9999-9999-999999999999 pub sendToDistList | ||
*Viewing granted permissions for the distribution list (Web Admin): | |||
Global: Home > Manage > Distribution List > distributionlist@zimbra.lab > ACL | |||
[[File:Enabling_and_administering_the_Zimbra_milter_7.png]] | |||
==Modifying and revoking grants== | ==Modifying and revoking grants== | ||
Line 141: | Line 152: | ||
Global: Home > Manage > Distribution List > distributionlist@zimbra.lab > ACL > Select the ACL > Delete | Global: Home > Manage > Distribution List > distributionlist@zimbra.lab > ACL > Select the ACL > Delete | ||
[[File:Enabling_and_administering_the_Zimbra_milter_6. | [[File:Enabling_and_administering_the_Zimbra_milter_6.png]] | ||
*After granting or revoking rights for the milter, you must reaload the configuration for the changes to take effect. | *After granting or revoking rights for the milter, you must reaload the configuration for the changes to take effect. |
Revision as of 10:34, 12 January 2016
Enabling and administering the Zimbra milter
Getting Started
The Zimbra milter allows for the regulation of distribution list senders on a Global or server level. When the milter server is enabled, only users who have been granted (with steps below) explicit sending permissions will be allowed.
Enabling the Milter Server
Note that the Milter server should only be enabled on servers running the MTA.
Global: Home > Configure > Global Settings > MTA > Milter Server
Server: Home > Configure > Servers > Select Desired Server > MTA > Milter Server
- Alternatively using the CLI:
su - zimbra zmprov modifyConfig zimbraMilterServerEnabled TRUE
For a specific server (say mail.zimbra.lab):
zmprov modifyServer mail.zimbra.lab zimbraMilterServerEnabled TRUE
The above steps will ensure that milter will be automatically started via "zmcontrol start"
To start the milter manually:
zmmilterctl start
To check the status of the milter:
zmmilterctl status
Usage: zmmilterctl start|stop|restart|reload|refresh|status
Examples using CLI
The following will provide examples for granting sender permissions on the CLI:
- User - grants a user sending permissions to a distribution list
zmprov grr dl distributionlist@zimbra.lab usr user@zimbra.lab sendToDistList
- Group (distribution list) - grants a group sending rights to distribution list
zmprov grr dl distributionlist@zimbra.lab grp groupdl@zimbra.lab sendToDistList
- All Entities - allows all entities on the server to send to a distribution list
zmprov grr dl distributionlist@zimbra.lab all sendToDistList
- Domain - grant all users on a domain sending rights
zmprov grr dl distributionlist@zimbra.lab dom zimbra.lab sendToDistList
- Public - grant all users both internal/external sending rights
zmprov grr dl distributionlist@zimbra.lab pub sendToDistList
- After granting or revoking rights for the milter, you must reaload the configuration for the changes to take effect.
zmmtactl reload
Examples using the admin interface
The following will provide examples for granting sender permissions on the Web Admin:
- User - grants a user sending permissions to a distribution list
Global: Home > Manage > Distribution List > distributionlist@zimbra.lab > ACL > Add
- Group (distribution list) - grants a group sending rights to distribution list
Global: Home > Manage > Distribution List > distributionlist@zimbra.lab > ACL > Add
- All Entities - allows all entities on the server to send to a distribution list
Global: Home > Manage > Distribution List > distributionlist@zimbra.lab > ACL > Add
- Domain - grant all users on a domain sending rights
Global: Home > Manage > Distribution List > distributionlist@zimbra.lab > ACL > Add
- Public - grant all users both internal/external sending rights
Global: Home > Manage > Distribution List > distributionlist@zimbra.lab > ACL > Add
- After granting or revoking rights for the milter, you must reload the configuration for the changes to take effect.
zmmtactl reload
Verifying permissions for an entity
- Checking a single user or entity (CLI):
zmprov ckr dl distributionlist@zimbra.lab userorentity@zimbra.lab sendToDistList ALLOWED
- Checking a domain (Web Admin):
Global: Home > Configure > Domain > zimbra.lab > Click on the gear > Configure Grant
- Viewing granted permissions for the distribution list (CLI):
1) Get the users Zimbra ID:
zmprov ga user@zimbra.lab |grep -i "zimbraid: "
2) Check the permissions on the distribution list:
zmprov gdl distributionlist@zimbra.lab |less
3) Find the 'zimbraACE' entries and compare the users' id:
zimbraACE: [zimbraId of user] usr sendToDistList
For example;
zimbraACE: c524877c-e0a6-4255-bb1b-d02b35cc2dd5 dom sendToDistList zimbraACE: 99999999-9999-9999-9999-999999999999 pub sendToDistList
- Viewing granted permissions for the distribution list (Web Admin):
Global: Home > Manage > Distribution List > distributionlist@zimbra.lab > ACL
Modifying and revoking grants
If you want to remove or modify permissions, you'll need to use 'zmprov rvr' instead of 'zmprov grr'.
- Example of removing sendToDistList permissions for a user (CLI):
zmprov rvr dl distributionlist@zimbra.lab usr user@zimbra.lab sendToDistList
- Example of removing sendToDistList permissions for a user (Web admin):
Global: Home > Manage > Distribution List > distributionlist@zimbra.lab > ACL > Select the ACL > Delete
- After granting or revoking rights for the milter, you must reaload the configuration for the changes to take effect.
zmmtactl reload
Troubleshooting the Zimbra milter
- Verify the milters settings:
zmmilterctl status Milter server is running.