King0770-Notes-Prevent-Accounts-From-Sending-To-External-Domains-With-CBPOLICYD

Revision as of 22:29, 10 March 2020 by King0770 (talk | contribs) (Things To Know)

This is an simple example of how-to restrict your users from sending messages to external domains.

Create Policy Called RestrictAccount

Image: 900 pixels

Add Account as a Member to the RestrictAccount

Image: 900 pixels

Add Internal Domain Policy Group

Image: 900 pixels

Add Domain as a Member to the Internal Domain

Image: 900 pixels

Create Access Control List linking to the RestrictAccount Policy

Image: 900 pixels

Enabled the zimbraCBPolicydAccessControlEnabled Setting

Enable cbpolicyd (run from the zimbra-MTA)
-------------------------------------------

zmprov ms `zmhostname` +zimbraServiceEnabled cbpolicyd   <<==note the use of the plus sign character

zmprov ms `zmhostname` zimbraCBPolicydAccessControlEnabled TRUE

zmprov mcf zimbraCBPolicydAccessControlEnabled TRUE

zmconfigdctl restart

zmmtactl restart

zmcbpolicydctl restart


Disable cbpolicyd
------------------
zmprov ms `zmhostname` -zimbraServiceEnabled cbpolicyd  <<==note the use of the minus character

zmconfigdctl restart

zmmtactl restart

zmcbpolicydctl stop

Things To Know

Add the following to Zimbra's crontab

00 3 * * * /opt/zimbra/common/bin/cbpadmin --config=/opt/zimbra/conf/cbpolicyd.conf  --cleanup
  • You will need to re-add the cbpadmin command back into zimbra's crontab after each upgrade
  • When you test, pay extra close attention to the /opt/zimbra/log/cbpolicyd.log & /var/log/zimbra.log in the next few days
  • cbpolicyd's backend is sqlite3, which has it's own limitations. there is an RFE to change cbpolicyd's backend from sqlite3 to mysql (not available yet).



More articles written by me, https://wiki.zimbra.com/wiki/King0770-Notes

Jump to: navigation, search