King0770-Notes-Prevent-Accounts-From-Sending-To-External-Domains-With-CBPOLICYD: Difference between revisions
No edit summary |
No edit summary |
||
Line 54: | Line 54: | ||
* When you test, pay extra close attention to the /opt/zimbra/log/cbpolicyd.log & /var/log/zimbra.log in the next few days<br> | * When you test, pay extra close attention to the /opt/zimbra/log/cbpolicyd.log & /var/log/zimbra.log in the next few days<br> | ||
* cbpolicyd's backend is sqlite3, which has it's own limitations. there is an RFE to change cbpolicyd's backend from sqlite3 to mysql (not available yet).<br> | * cbpolicyd's backend is sqlite3, which has it's own limitations. there is an RFE to change cbpolicyd's backend from sqlite3 to mysql (not available yet).<br> | ||
==Raw Code if you want to copy & paste and import and edit== | |||
Revision as of 22:36, 10 March 2020
This is an simple example of how-to restrict your users from sending messages to external domains.
See my article if you are interested in using cbpolicyd's webui, see https://wiki.zimbra.com/wiki/King0770-Notes-Enable-webui-for-cbpolicyd-Unsupported
Create Policy Called RestrictAccount
Add Account as a Member to the RestrictAccount
Add Internal Domain Policy Group
Add Domain as a Member to the Internal Domain
Create Access Control List linking to the RestrictAccount Policy
Enabled the zimbraCBPolicydAccessControlEnabled Setting
Enable cbpolicyd (run from the zimbra-MTA)
-------------------------------------------
zmprov ms `zmhostname` +zimbraServiceEnabled cbpolicyd <<==note the use of the plus sign character
zmprov ms `zmhostname` zimbraCBPolicydAccessControlEnabled TRUE
zmprov mcf zimbraCBPolicydAccessControlEnabled TRUE
zmconfigdctl restart
zmmtactl restart
zmcbpolicydctl restart
Disable cbpolicyd
------------------
zmprov ms `zmhostname` -zimbraServiceEnabled cbpolicyd <<==note the use of the minus character
zmconfigdctl restart
zmmtactl restart
zmcbpolicydctl stop
Things To Know
Add the following to Zimbra's crontab
00 3 * * * /opt/zimbra/common/bin/cbpadmin --config=/opt/zimbra/conf/cbpolicyd.conf --cleanup
- You will need to re-add the cbpadmin command back into zimbra's crontab after each upgrade
- When you test, pay extra close attention to the /opt/zimbra/log/cbpolicyd.log & /var/log/zimbra.log in the next few days
- cbpolicyd's backend is sqlite3, which has it's own limitations. there is an RFE to change cbpolicyd's backend from sqlite3 to mysql (not available yet).
Raw Code if you want to copy & paste and import and edit
More articles written by me, https://wiki.zimbra.com/wiki/King0770-Notes