Enabling and administering the Zimbra milter
Article Information |
---|
This article applies to the following ZCS versions. |
Getting Started
The Zimbra milter allows for the regulation of distribution list senders on a Global or server level. When the milter server is enabled, only users who have been granted explicit sending permissions will be allowed.
Enabling the Milter Server
Note that the Milter server should only be enabled on servers running the MTA.
Global: Home > Configure > Global Settings > MTA > Milter Server
Server: Home > Configure > Servers > Select Desired Server > MTA > Milter Server
- Alternatively using the CLI:
# su - zimbra $ zmprov modifyConfig zimbraMilterServerEnabled TRUE
For a specific server (say eg.example.com):
$ zmprov modifyServer eg.example.com zimbraMilterServerEnabled TRUE
The above steps will ensure that milter will be automatically started via "zmcontrol start"
To start the milter manually:
$ zmmilterctl start
To check the status of the milter:
$ zmmilterctl status
Usage: zmmilterctl start|stop|restart|reload|refresh|status
- The following will provide examples for granting sender permissions on the CLI:
- User - grants a user sending permissions to a distribution list
$ zmprov grr dl distributionlist@domain.com usr user@domain.com sendToDistList
- Group (distribution list) - grants a group sending rights to distribution list
$ zmprov grr dl distributionlist@domain.com grp groupdl@domain.com sendToDistList
- All Entities - allows all entities on the server to send to a distribution list
$ zmprov grr dl distributionlist@domain.com all sendToDistList
- Domain - grant all users on a domain sending rights
$ zmprov grr dl distributionlist@domain.com dom domain.com sendToDistList
- Public - grant all users both internal/external sending rights
$ zmprov grr dl distributionlist@domain.com pub sendToDistList
- After granting or revoking rights for the milter, you must reaload the configuration for the changes to take effect.
$ zmmtactl reload
Verifying permissions for an entity
- Checking a single user or entity:
$ zmprov ckr dl distributionlist@domain.com userorentity@domain.com sendToDistList ALLOWED
- Viewing granted permissions for the distribution list:
1) Get the users Zimbra ID:
$ zmprov ga user@domain.com |grep -i "zimbraid: "
2) Check the permissions on the distribution list:
$ zmprov gdl distributionlist@domain.com |less
3) Find the 'zimbraACE' entries and compare the users' id:
zimbraACE: [zimbraId of user] usr sendToDistList For example; zimbraACE: c524877c-e0a6-4255-bb1b-d02b35cc2dd5 dom sendToDistList zimbraACE: 99999999-9999-9999-9999-999999999999 pub sendToDistList
Modifying and revoking grants
- If you want to remove or modify permissions, you'll need to use 'zmprov rvr' instead of 'zmprov grr'.
- Example of removing sendToDistList permissions for a user:
$ zmprov rvr dl distributionlist@domain.com usr user@domain.com sendToDistList
- After granting or revoking rights for the milter, you must reaload the configuration for the changes to take effect.
$ zmmtactl reload
Troubleshooting the Zimbra milter
- Verify the milters settings:
$ zmmilterctl status Milter server is running.
$ zmmilterctl status
Additional information to be posted