Enabling and administering the Zimbra milter: Difference between revisions
m (Adding the Web admin part) |
|||
Line 74: | Line 74: | ||
Global: Home > Manage > Distribution List > distributionlist@zimbra.lab > ACL > Add | Global: Home > Manage > Distribution List > distributionlist@zimbra.lab > ACL > Add | ||
[[File:Enabling_and_administering_the_Zimbra_milter_1. | [[File:Enabling_and_administering_the_Zimbra_milter_1.png]] | ||
*Group (distribution list) - grants a group sending rights to distribution list | *Group (distribution list) - grants a group sending rights to distribution list | ||
Line 80: | Line 80: | ||
Global: Home > Manage > Distribution List > distributionlist@zimbra.lab > ACL > Add | Global: Home > Manage > Distribution List > distributionlist@zimbra.lab > ACL > Add | ||
[[File:Enabling_and_administering_the_Zimbra_milter_2. | [[File:Enabling_and_administering_the_Zimbra_milter_2.png]] | ||
*All Entities - allows all entities on the server to send to a distribution list | *All Entities - allows all entities on the server to send to a distribution list | ||
Line 86: | Line 86: | ||
Global: Home > Manage > Distribution List > distributionlist@zimbra.lab > ACL > Add | Global: Home > Manage > Distribution List > distributionlist@zimbra.lab > ACL > Add | ||
[[File:Enabling_and_administering_the_Zimbra_milter_3. | [[File:Enabling_and_administering_the_Zimbra_milter_3.png]] | ||
*Domain - grant all users on a domain sending rights | *Domain - grant all users on a domain sending rights | ||
Line 92: | Line 92: | ||
Global: Home > Manage > Distribution List > distributionlist@zimbra.lab > ACL > Add | Global: Home > Manage > Distribution List > distributionlist@zimbra.lab > ACL > Add | ||
[[File:Enabling_and_administering_the_Zimbra_milter_4. | [[File:Enabling_and_administering_the_Zimbra_milter_4.png]] | ||
*Public - grant all users both internal/external sending rights | *Public - grant all users both internal/external sending rights | ||
Line 98: | Line 98: | ||
Global: Home > Manage > Distribution List > distributionlist@zimbra.lab > ACL > Add | Global: Home > Manage > Distribution List > distributionlist@zimbra.lab > ACL > Add | ||
[[File:Enabling_and_administering_the_Zimbra_milter_5. | [[File:Enabling_and_administering_the_Zimbra_milter_5.png]] | ||
*After granting or revoking rights for the milter, you must reload the configuration for the changes to take effect. | *After granting or revoking rights for the milter, you must reload the configuration for the changes to take effect. |
Revision as of 10:16, 12 January 2016
Enabling and administering the Zimbra milter
Getting Started
The Zimbra milter allows for the regulation of distribution list senders on a Global or server level. When the milter server is enabled, only users who have been granted (with steps below) explicit sending permissions will be allowed.
Enabling the Milter Server
Note that the Milter server should only be enabled on servers running the MTA.
Global: Home > Configure > Global Settings > MTA > Milter Server
Server: Home > Configure > Servers > Select Desired Server > MTA > Milter Server
- Alternatively using the CLI:
su - zimbra zmprov modifyConfig zimbraMilterServerEnabled TRUE
For a specific server (say mail.zimbra.lab):
zmprov modifyServer mail.zimbra.lab zimbraMilterServerEnabled TRUE
The above steps will ensure that milter will be automatically started via "zmcontrol start"
To start the milter manually:
zmmilterctl start
To check the status of the milter:
zmmilterctl status
Usage: zmmilterctl start|stop|restart|reload|refresh|status
Examples using CLI
The following will provide examples for granting sender permissions on the CLI:
- User - grants a user sending permissions to a distribution list
zmprov grr dl distributionlist@zimbra.lab usr user@zimbra.lab sendToDistList
- Group (distribution list) - grants a group sending rights to distribution list
zmprov grr dl distributionlist@zimbra.lab grp groupdl@zimbra.lab sendToDistList
- All Entities - allows all entities on the server to send to a distribution list
zmprov grr dl distributionlist@zimbra.lab all sendToDistList
- Domain - grant all users on a domain sending rights
zmprov grr dl distributionlist@zimbra.lab dom zimbra.lab sendToDistList
- Public - grant all users both internal/external sending rights
zmprov grr dl distributionlist@zimbra.lab pub sendToDistList
- After granting or revoking rights for the milter, you must reaload the configuration for the changes to take effect.
zmmtactl reload
Examples using the admin interface
The following will provide examples for granting sender permissions on the Web Admin:
- User - grants a user sending permissions to a distribution list
Global: Home > Manage > Distribution List > distributionlist@zimbra.lab > ACL > Add
- Group (distribution list) - grants a group sending rights to distribution list
Global: Home > Manage > Distribution List > distributionlist@zimbra.lab > ACL > Add
- All Entities - allows all entities on the server to send to a distribution list
Global: Home > Manage > Distribution List > distributionlist@zimbra.lab > ACL > Add
- Domain - grant all users on a domain sending rights
Global: Home > Manage > Distribution List > distributionlist@zimbra.lab > ACL > Add
- Public - grant all users both internal/external sending rights
Global: Home > Manage > Distribution List > distributionlist@zimbra.lab > ACL > Add
- After granting or revoking rights for the milter, you must reload the configuration for the changes to take effect.
zmmtactl reload
Verifying permissions for an entity
- Checking a single user or entity:
zmprov ckr dl distributionlist@zimbra.lab userorentity@zimbra.lab sendToDistList ALLOWED
- Viewing granted permissions for the distribution list:
1) Get the users Zimbra ID:
zmprov ga user@zimbra.lab |grep -i "zimbraid: "
2) Check the permissions on the distribution list:
zmprov gdl distributionlist@zimbra.lab |less
3) Find the 'zimbraACE' entries and compare the users' id:
zimbraACE: [zimbraId of user] usr sendToDistList
For example;
zimbraACE: c524877c-e0a6-4255-bb1b-d02b35cc2dd5 dom sendToDistList zimbraACE: 99999999-9999-9999-9999-999999999999 pub sendToDistList
Modifying and revoking grants
If you want to remove or modify permissions, you'll need to use 'zmprov rvr' instead of 'zmprov grr'.
- Example of removing sendToDistList permissions for a user (CLI):
zmprov rvr dl distributionlist@zimbra.lab usr user@zimbra.lab sendToDistList
- Example of removing sendToDistList permissions for a user (Web admin):
Global: Home > Manage > Distribution List > distributionlist@zimbra.lab > ACL > Select the ACL > Delete
File:Enabling and administering the Zimbra milter 6.jpg
- After granting or revoking rights for the milter, you must reaload the configuration for the changes to take effect.
zmmtactl reload
Troubleshooting the Zimbra milter
- Verify the milters settings:
zmmilterctl status Milter server is running.