Revision as of 09:50, 12 January 2016

Enabling and administering the Zimbra milter

KB 20524	Last updated on 2016-01-12	Last updated by Frederic Maussion	0.00 (0 votes)	Verified in: ZCS 8.6 ZCS 8.5 ZCS 8.0 ZCS 7.0
- This article is a Community contribution and may include unsupported customizations.

KB 20524	Last updated on 2016-01-12
0.00 (0 votes)
- This article is a Community contribution and may include unsupported customizations.

- This article is a Work in Progress, and may be unfinished or missing sections.

Getting Started

The Zimbra milter allows for the regulation of distribution list senders on a Global or server level. When the milter server is enabled, only users who have been granted (with steps below) explicit sending permissions will be allowed.

Enabling the Milter Server

Note that the Milter server should only be enabled on servers running the MTA.

Global: Home > Configure > Global Settings > MTA > Milter Server

Server: Home > Configure > Servers > Select Desired Server > MTA > Milter Server

Alternatively using the CLI:

su - zimbra
zmprov modifyConfig zimbraMilterServerEnabled TRUE

For a specific server (say mail.zimbra.lab):

zmprov modifyServer mail.zimbra.lab zimbraMilterServerEnabled TRUE

The above steps will ensure that milter will be automatically started via "zmcontrol start"

To start the milter manually:

zmmilterctl start

To check the status of the milter:

zmmilterctl status

The following will provide examples for granting sender permissions on the CLI:

User - grants a user sending permissions to a distribution list

zmprov grr dl distributionlist@zimbra.lab usr user@zimbra.lab sendToDistList

Group (distribution list) - grants a group sending rights to distribution list

zmprov grr dl distributionlist@zimbra.lab grp groupdl@zimbra.lab sendToDistList

All Entities - allows all entities on the server to send to a distribution list

zmprov grr dl distributionlist@zimbra.lab all sendToDistList

Domain - grant all users on a domain sending rights

zmprov grr dl distributionlist@zimbra.lab dom zimbra.lab sendToDistList

Public - grant all users both internal/external sending rights

zmprov grr dl distributionlist@zimbra.lab pub sendToDistList

After granting or revoking rights for the milter, you must reaload the configuration for the changes to take effect.

zmmtactl reload

Verifying permissions for an entity

Checking a single user or entity:

zmprov ckr dl distributionlist@zimbra.lab userorentity@zimbra.lab sendToDistList
ALLOWED

Viewing granted permissions for the distribution list:

1) Get the users Zimbra ID:

zmprov ga user@zimbra.lab |grep -i "zimbraid: "

2) Check the permissions on the distribution list:

zmprov gdl distributionlist@zimbra.lab |less

3) Find the 'zimbraACE' entries and compare the users' id:

zimbraACE: [zimbraId of user] usr sendToDistList

For example;

zimbraACE: c524877c-e0a6-4255-bb1b-d02b35cc2dd5 dom sendToDistList
zimbraACE: 99999999-9999-9999-9999-999999999999 pub sendToDistList

Modifying and revoking grants

If you want to remove or modify permissions, you'll need to use 'zmprov rvr' instead of 'zmprov grr'.

Example of removing sendToDistList permissions for a user:

zmprov rvr dl distributionlist@zimbra.lab usr user@zimbra.lab sendToDistList

After granting or revoking rights for the milter, you must reaload the configuration for the changes to take effect.

zmmtactl reload

Troubleshooting the Zimbra milter

Verify the milters settings:

zmmilterctl status 
Milter server is running.

Verified Against: ZCS 7.0	Date Created: ZCS 8.0, ZCS 8.5, ZCS 8.6
Article ID: https://wiki.zimbra.com/index.php?title=Enabling_and_administering_the_Zimbra_milter	Date Modified: 2016-01-12

Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Other help Resources

User Help Page »
Official Forums »
Zimbra Documentation Page »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

@@ Line 3: / Line 3: @@
 <div class="col-md-12 ibox-content">
 =Enabling and administering the Zimbra milter=
-{{KB|{{Unsupported}}|{{ZCS 8.0}}|{{ZCS 7.0}}|}}
+{{KB|{{Unsupported}}|{{ZCS 8.6}}|{{ZCS 8.5}}|{{ZCS 8.0}}|{{ZCS 7.0}}|}}
 {{WIP}}
 ==Getting Started==
@@ Line 13: / Line 13: @@
 '''''Note that the Milter server should only be enabled on servers running the MTA.'''''
-      Global: Home > Configure > Global Settings > MTA > Milter Server
+ Global: Home > Configure > Global Settings > MTA > Milter Server
-      Server: Home > Configure > Servers > Select Desired Server > MTA > Milter Server
+ Server: Home > Configure > Servers > Select Desired Server > MTA > Milter Server
 *Alternatively using the CLI:
-         # su - zimbra
-         $ zmprov modifyConfig zimbraMilterServerEnabled TRUE
-For a specific server (say eg.example.com):
+ su - zimbra
+ zmprov modifyConfig zimbraMilterServerEnabled TRUE
-         $ zmprov modifyServer eg.example.com zimbraMilterServerEnabled TRUE
+For a specific server (say mail.zimbra.lab):
+ zmprov modifyServer mail.zimbra.lab zimbraMilterServerEnabled TRUE
 The above steps will ensure that milter will be automatically started via "zmcontrol start"
 To start the milter manually:
-         $ zmmilterctl start
+ zmmilterctl start
 To check the status of the milter:
-         $ zmmilterctl status
+ zmmilterctl status
 Usage: zmmilterctl start|stop|restart|reload|refresh|status
-*The following will provide examples for granting sender permissions on the CLI:
+The following will provide examples for granting sender permissions on the CLI:
 *User - grants a user sending permissions to a distribution list
-         $ zmprov grr dl distributionlist@domain.com usr user@domain.com sendToDistList
+ zmprov grr dl distributionlist@zimbra.lab usr user@zimbra.lab sendToDistList
 *Group (distribution list) - grants a group sending rights to distribution list
-         $ zmprov grr dl distributionlist@domain.com grp groupdl@domain.com sendToDistList
+ zmprov grr dl distributionlist@zimbra.lab grp groupdl@zimbra.lab sendToDistList
 *All Entities - allows all entities on the server to send to a distribution list
-         $ zmprov grr dl distributionlist@domain.com all sendToDistList
+ zmprov grr dl distributionlist@zimbra.lab all sendToDistList
 *Domain - grant all users on a domain sending rights
-         $ zmprov grr dl distributionlist@domain.com dom domain.com sendToDistList
+ zmprov grr dl distributionlist@zimbra.lab dom zimbra.lab sendToDistList
 *Public - grant all users both internal/external sending rights
-         $ zmprov grr dl distributionlist@domain.com pub sendToDistList
+ zmprov grr dl distributionlist@zimbra.lab pub sendToDistList
 *After granting or revoking rights for the milter, you must reaload the configuration for the changes to take effect.
-           $ zmmtactl reload
+ zmmtactl reload
 ==Verifying permissions for an entity==
@@ Line 67: / Line 69: @@
 *Checking a single user or entity:
-         $ zmprov ckr dl distributionlist@domain.com userorentity@domain.com sendToDistList
+ zmprov ckr dl distributionlist@zimbra.lab userorentity@zimbra.lab sendToDistList
-         ALLOWED
+ ALLOWED
 *Viewing granted permissions for the distribution list:
@@ Line 74: / Line 76: @@
 ) Get the users Zimbra ID:
-          $ zmprov ga user@domain.com |grep -i "zimbraid: "
+ zmprov ga user@zimbra.lab |grep -i "zimbraid: "
 ) Check the permissions on the distribution list:
-          $ zmprov gdl distributionlist@domain.com |less
+ zmprov gdl distributionlist@zimbra.lab |less
 ) Find the 'zimbraACE' entries and compare the users' id:
-          zimbraACE: [zimbraId of user] usr sendToDistList
+ zimbraACE: [zimbraId of user] usr sendToDistList
-          For example;
-          zimbraACE: c524877c-e0a6-4255-bb1b-d02b35cc2dd5 dom sendToDistList
+For example;
-          zimbraACE: 99999999-9999-9999-9999-999999999999 pub sendToDistList
+ zimbraACE: c524877c-e0a6-4255-bb1b-d02b35cc2dd5 dom sendToDistList
+ zimbraACE: 99999999-9999-9999-9999-999999999999 pub sendToDistList
 ==Modifying and revoking grants==
-*If you want to remove or modify permissions, you'll need to use 'zmprov rvr' instead of 'zmprov grr'.
+If you want to remove or modify permissions, you'll need to use 'zmprov rvr' instead of 'zmprov grr'.
 *Example of removing sendToDistList permissions for a user:
-           $ zmprov rvr dl distributionlist@domain.com usr user@domain.com sendToDistList
+ zmprov rvr dl distributionlist@zimbra.lab usr user@zimbra.lab sendToDistList
 *After granting or revoking rights for the milter, you must reaload the configuration for the changes to take effect.
-           $ zmmtactl reload
+ zmmtactl reload
 ==Troubleshooting the Zimbra milter==
@@ Line 103: / Line 106: @@
 *Verify the milters settings:
-          $ zmmilterctl status
+ zmmilterctl status
-          ''Milter server is running.''
+ ''Milter server is running.''
-          $ zmmilterctl status
-Additional information to be posted
-{{Article Footer|Zimbra Collaboration Suite 8 | 2013}}
+{{Article Footer|ZCS 7.0 | ZCS 8.0, ZCS 8.5, ZCS 8.6| 2013}}

Enabling and administering the Zimbra milter: Difference between revisions

Revision as of 09:50, 12 January 2016

Contents

Enabling and administering the Zimbra milter

Getting Started

Enabling the Milter Server

Verifying permissions for an entity

Modifying and revoking grants

Troubleshooting the Zimbra milter

Products

Support

Learn

Community