Difference between revisions of "King0770-Notes-Prevent-Accounts-From-Sending-To-External-Domains-With-CBPOLICYD"

(Things To Know)
Line 46: Line 46:
  
 
==Things To Know==
 
==Things To Know==
 +
Add the following to Zimbra's crontab<br>
 +
<code><pre>
 +
00 3 * * * /opt/zimbra/common/bin/cbpadmin --config=/opt/zimbra/conf/cbpolicyd.conf  --cleanup
 +
</pre></code>
 +
* You will need to re-add the cbpadmin command back into zimbra's crontab after each upgrade<br>
 +
* When you test, pay extra close attention to the /opt/zimbra/log/cbpolicyd.log & /var/log/zimbra.log in the next few days<br>
 +
* cbpolicyd's backend is sqlite3, which has it's own limitations. there is an RFE to change cbpolicyd's backend from sqlite3 to mysql (not available yet).<br>
  
  

Revision as of 22:29, 10 March 2020

This is an simple example of how-to restrict your users from sending messages to external domains.

Create Policy Called RestrictAccount

Image: 900 pixels

Add Account as a Member to the RestrictAccount

Image: 900 pixels

Add Internal Domain Policy Group

Image: 900 pixels

Add Domain as a Member to the Internal Domain

Image: 900 pixels

Create Access Control List linking to the RestrictAccount Policy

Image: 900 pixels

Enabled the zimbraCBPolicydAccessControlEnabled Setting

Enable cbpolicyd (run from the zimbra-MTA)
-------------------------------------------

zmprov ms `zmhostname` +zimbraServiceEnabled cbpolicyd   <<==note the use of the plus sign character

zmprov ms `zmhostname` zimbraCBPolicydAccessControlEnabled TRUE

zmprov mcf zimbraCBPolicydAccessControlEnabled TRUE

zmconfigdctl restart

zmmtactl restart

zmcbpolicydctl restart


Disable cbpolicyd
------------------
zmprov ms `zmhostname` -zimbraServiceEnabled cbpolicyd  <<==note the use of the minus character

zmconfigdctl restart

zmmtactl restart

zmcbpolicydctl stop

Things To Know

Add the following to Zimbra's crontab

00 3 * * * /opt/zimbra/common/bin/cbpadmin --config=/opt/zimbra/conf/cbpolicyd.conf  --cleanup
  • You will need to re-add the cbpadmin command back into zimbra's crontab after each upgrade
  • When you test, pay extra close attention to the /opt/zimbra/log/cbpolicyd.log & /var/log/zimbra.log in the next few days
  • cbpolicyd's backend is sqlite3, which has it's own limitations. there is an RFE to change cbpolicyd's backend from sqlite3 to mysql (not available yet).



More articles written by me, https://wiki.zimbra.com/wiki/King0770-Notes

Jump to: navigation, search