Difference between revisions of "King0770-Notes-Prevent-Accounts-From-Sending-To-External-Domains-With-CBPOLICYD"
(→Things To Know) |
|||
Line 46: | Line 46: | ||
==Things To Know== | ==Things To Know== | ||
+ | Add the following to Zimbra's crontab<br> | ||
+ | <code><pre> | ||
+ | 00 3 * * * /opt/zimbra/common/bin/cbpadmin --config=/opt/zimbra/conf/cbpolicyd.conf --cleanup | ||
+ | </pre></code> | ||
+ | * You will need to re-add the cbpadmin command back into zimbra's crontab after each upgrade<br> | ||
+ | * When you test, pay extra close attention to the /opt/zimbra/log/cbpolicyd.log & /var/log/zimbra.log in the next few days<br> | ||
+ | * cbpolicyd's backend is sqlite3, which has it's own limitations. there is an RFE to change cbpolicyd's backend from sqlite3 to mysql (not available yet).<br> | ||
Revision as of 22:29, 10 March 2020
This is an simple example of how-to restrict your users from sending messages to external domains.
Contents
- 1 Create Policy Called RestrictAccount
- 2 Add Account as a Member to the RestrictAccount
- 3 Add Internal Domain Policy Group
- 4 Add Domain as a Member to the Internal Domain
- 5 Create Access Control List linking to the RestrictAccount Policy
- 6 Enabled the zimbraCBPolicydAccessControlEnabled Setting
- 7 Things To Know
Create Policy Called RestrictAccount
Add Account as a Member to the RestrictAccount
Add Internal Domain Policy Group
Add Domain as a Member to the Internal Domain
Create Access Control List linking to the RestrictAccount Policy
Enabled the zimbraCBPolicydAccessControlEnabled Setting
Enable cbpolicyd (run from the zimbra-MTA)
-------------------------------------------
zmprov ms `zmhostname` +zimbraServiceEnabled cbpolicyd <<==note the use of the plus sign character
zmprov ms `zmhostname` zimbraCBPolicydAccessControlEnabled TRUE
zmprov mcf zimbraCBPolicydAccessControlEnabled TRUE
zmconfigdctl restart
zmmtactl restart
zmcbpolicydctl restart
Disable cbpolicyd
------------------
zmprov ms `zmhostname` -zimbraServiceEnabled cbpolicyd <<==note the use of the minus character
zmconfigdctl restart
zmmtactl restart
zmcbpolicydctl stop
Things To Know
Add the following to Zimbra's crontab
00 3 * * * /opt/zimbra/common/bin/cbpadmin --config=/opt/zimbra/conf/cbpolicyd.conf --cleanup
- You will need to re-add the cbpadmin command back into zimbra's crontab after each upgrade
- When you test, pay extra close attention to the /opt/zimbra/log/cbpolicyd.log & /var/log/zimbra.log in the next few days
- cbpolicyd's backend is sqlite3, which has it's own limitations. there is an RFE to change cbpolicyd's backend from sqlite3 to mysql (not available yet).
More articles written by me, https://wiki.zimbra.com/wiki/King0770-Notes