Enabling and administering the Zimbra milter
Article Information |
---|
This article applies to the following ZCS versions. |
Getting Started
The Zimbra milter allows for the regulation of distribution list senders on a Global or server level. When the milter server is enabled, only users who have been granted explicit sending permissions will be allowed.
Enabling the Milter Server
Global: Home > Configure > Global Settings > MTA > Milter Server
Server: Home > Configure > Servers > Select Desired Server > MTA > Milter Server
- Alternatively using the CLI:
# su - zimbra $ zmprov modifyConfig zimbraMilterServerEnabled TRUE
For a specific server (say eg.example.com):
$ zmprov modifyServer eg.example.com zimbraMilterServerEnabled TRUE
The above steps will ensure that milter will be automatically started via "zmcontrol start"
To start the milter manually:
$ zmmilterctl start
To check the status of the milter:
$ zmmilterctl status
Usage: zmmilterctl start|stop|restart|reload|refresh|status
- The following will provide examples for granting sender permissions on the CLI:
- User - grants a user sending permissions to a distribution list
$ zmprov grr dl distributionlist@domain.com usr user@domain.com sendToDistList
- Group (distribution list) - grants a group sending rights to distribution list
$ zmprov grr dl distributionlist@domain.com grp groupdl@domain.com sendToDistList
- All Entities - allows all entities on the server to send to a distribution list
$ zmprov grr dl distributionlist@domain.com all sendToDistList
- Domain - grant all users on a domain sending rights
$ zmprov grr dl distributionlist@domain.com dom domain.com sendToDistList
- Public - grant all users both internal/external sending rights
$ zmprov grr dl distributionlist@domain.com pub sendToDistList
- After granting or revoking rights for the milter, you must reaload the configuration for the changes to take effect.
$ zmmtactl reload
Verifying permissions for an entity
- Checking a single user or entity:
$ zmprov ckr dl distributionlist@domain.com userorentity@domain.com sendToDistList ALLOWED
- Viewing granted permissions for the distribution list:
1) Get the users Zimbra ID:
$ zmprov ga user@domain.com |grep -i "zimbraid: "
2) Check the permissions on the distribution list:
$ zmprov gdl distributionlist@domain.com |less
3) Find the 'zimbraACE' entries and compare the users' id:
zimbraACE: [zimbraId of user] usr sendToDistList For example; zimbraACE: c524877c-e0a6-4255-bb1b-d02b35cc2dd5 dom sendToDistList zimbraACE: 99999999-9999-9999-9999-999999999999 pub sendToDistList
Modifying and revoking grants
- If you want to remove or modify permissions, you'll need to use 'zmprov rvr' instead of 'zmprov grr'.
- Example of removing sendToDistList permissions for a user:
$ zmprov rvr dl distributionlist@domain.com usr user@domain.com sendToDistList
- After granting or revoking rights for the milter, you must reaload the configuration for the changes to take effect.
$ zmmtactl reload
Troubleshooting the Zimbra milter
- Verify the milters settings:
$ zmmilterctl status Milter server is running.
$ zmmilterctl status
Additional information to be posted