King0770-Notes-Prevent-Accounts-From-Sending-To-External-Domains-With-CBPOLICYD
This is an simple example of how-to restrict your users from sending messages to external domains.
See my article if you are interested in using cbpolicyd's webui, see https://wiki.zimbra.com/wiki/King0770-Notes-Enable-webui-for-cbpolicyd-Unsupported
Create Policy Called RestrictAccount
Add Account as a Member to the RestrictAccount
Add Internal Domain Policy Group
Add Domain as a Member to the Internal Domain
Create Access Control List linking to the RestrictAccount Policy
Enabled the zimbraCBPolicydAccessControlEnabled Setting
Enable cbpolicyd (run from the zimbra-MTA)
-------------------------------------------
zmprov ms `zmhostname` +zimbraServiceEnabled cbpolicyd <<==note the use of the plus sign character
zmprov ms `zmhostname` zimbraCBPolicydAccessControlEnabled TRUE
zmprov mcf zimbraCBPolicydAccessControlEnabled TRUE
zmconfigdctl restart
zmmtactl restart
zmcbpolicydctl restart
Disable cbpolicyd
------------------
zmprov ms `zmhostname` -zimbraServiceEnabled cbpolicyd <<==note the use of the minus character
zmconfigdctl restart
zmmtactl restart
zmcbpolicydctl stop
Things To Know
Add the following to Zimbra's crontab
00 3 * * * /opt/zimbra/common/bin/cbpadmin --config=/opt/zimbra/conf/cbpolicyd.conf --cleanup
- You will need to re-add the cbpadmin command back into zimbra's crontab after each upgrade
- When you test, pay extra close attention to the /opt/zimbra/log/cbpolicyd.log & /var/log/zimbra.log in the next few days
- cbpolicyd's backend is sqlite3, which has it's own limitations. there is an RFE to change cbpolicyd's backend from sqlite3 to mysql (not available yet).
More articles written by me, https://wiki.zimbra.com/wiki/King0770-Notes