King0770-Notes-Ultra-Restrictive-Sending-And-Receiving: Difference between revisions
(Replaced content with "{{Unsupported}}|{{ZCS 8.7}}|{{ZCS 9.0}} {{WIP}}") |
No edit summary |
||
| (21 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
{{Unsupported}}|{{ZCS 8.7}}|{{ZCS 9.0}} | {{Unsupported}}|{{ZCS 8.7}}|{{ZCS 9.0}} | ||
{{WIP}} | {{WIP}} | ||
==Scenario I== | |||
You have one or two accounts you want to prevent from sending messages to other internal accounts, but still receive messages. | |||
Create a <strong>internal_restrict</strong> group, and a <strong>Access Control</strong> name called <strong>DenySendAccess</strong>. | |||
<code><pre> | |||
sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "policies" VALUES(NULL,'Restrict_Internal',0,'Restrict_Internal',0);" | |||
sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "policy_members" VALUES(NULL,6,'%internal_restrict','%internal_domains','',0);" | |||
sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "policy_groups" VALUES(NULL,'internal_restrict',0,'internal_restrict');" | |||
sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "access_control" VALUES(NULL,6,'DenySendAccess','REJECT','REJECT','',0);" | |||
</pre></code> | |||
This should work as well if you need to prevent the user from sending messages to any accounts. | |||
<code><pre> | |||
sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "policy_members" VALUES(NULL,6,'%internal_restrict','any','',0);" | |||
</pre></code> | |||
Now it's time to add a couple of internal accounts to prevent sending messages. <br> | |||
<code><pre> | |||
sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "policy_group_members" VALUES(NULL,3,'rick@example.com.local',0,'Restrict Rick');" | |||
sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "policy_group_members" VALUES(NULL,3,'john@example.com',0,'Restrict John');" | |||
</pre></code> | |||
==Scenario II== | |||
Restrict users to certain domain, as per https://wiki.zimbra.com/wiki/Restrict_users_to_certain_domain <br> | |||
Another cbpolicyd solution | |||
<code><pre> | |||
sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "policies" VALUES(7,'Local_Only',0,'Local_Only',0);" | |||
sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "policy_members" VALUES(8,7,'%internal_domains','!%internal_domains','',0);" | |||
sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "access_control" VALUES(3,7,'LocalSendAccess','REJECT','REJECT','',0);" | |||
</pre></code> | |||
==Scenario III== | |||
Quota Policy, contributed by Karl Buchner <br> | |||
As an example, lets say your Company decides the policy for all traffic (not going through the bulk MTAs) is sending a maximum of 10 messages every 10 minutes (600 seconds), and receiving a maximum of 5 messages in 10 minutes (600 seconds). <br> | |||
<code><pre> | |||
sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "policies" (Name,Priority,Description) VALUES('Zimbra CBPolicyd Policies', 0, 'Zimbra CBPolicyd Policies');" | |||
sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "policy_members" VALUES(6, 'any', 'any');" | |||
sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "quotas" VALUES (6, 'Sender:user@domain','Sender:user@domain', 600, 'DEFER', 'Deferring: Too many messages from sender in last 10 minutes');" | |||
sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "quotas" VALUES (6, 'Recipient:@domain', 'Recipient:@domain', 600, 'REJECT');" | |||
sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "quotas_limits" VALUES(3, 'MessageCount', 10);" | |||
sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "quotas_limits" VALUES(4, 'MessageCount', 5);" | |||
</pre></code> | |||
<strong>Note:</strong> this assumes you have enabled cbpolicyd and immediately inject these contents, because they are based on the default policies, policy_members, quotas, quota_limits existing already, occupying certain IDs. | |||
Latest revision as of 17:20, 6 March 2018
- This article is a Community contribution and may include unsupported customizations.
- This article is a Work in Progress, and may be unfinished or missing sections.
Scenario I
You have one or two accounts you want to prevent from sending messages to other internal accounts, but still receive messages.
Create a internal_restrict group, and a Access Control name called DenySendAccess.
sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "policies" VALUES(NULL,'Restrict_Internal',0,'Restrict_Internal',0);"
sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "policy_members" VALUES(NULL,6,'%internal_restrict','%internal_domains','',0);"
sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "policy_groups" VALUES(NULL,'internal_restrict',0,'internal_restrict');"
sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "access_control" VALUES(NULL,6,'DenySendAccess','REJECT','REJECT','',0);"
This should work as well if you need to prevent the user from sending messages to any accounts.
sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "policy_members" VALUES(NULL,6,'%internal_restrict','any','',0);"
Now it's time to add a couple of internal accounts to prevent sending messages.
sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "policy_group_members" VALUES(NULL,3,'rick@example.com.local',0,'Restrict Rick');"
sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "policy_group_members" VALUES(NULL,3,'john@example.com',0,'Restrict John');"
Scenario II
Restrict users to certain domain, as per https://wiki.zimbra.com/wiki/Restrict_users_to_certain_domain
Another cbpolicyd solution
sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "policies" VALUES(7,'Local_Only',0,'Local_Only',0);"
sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "policy_members" VALUES(8,7,'%internal_domains','!%internal_domains','',0);"
sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "access_control" VALUES(3,7,'LocalSendAccess','REJECT','REJECT','',0);"
Scenario III
Quota Policy, contributed by Karl Buchner
As an example, lets say your Company decides the policy for all traffic (not going through the bulk MTAs) is sending a maximum of 10 messages every 10 minutes (600 seconds), and receiving a maximum of 5 messages in 10 minutes (600 seconds).
sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "policies" (Name,Priority,Description) VALUES('Zimbra CBPolicyd Policies', 0, 'Zimbra CBPolicyd Policies');"
sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "policy_members" VALUES(6, 'any', 'any');"
sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "quotas" VALUES (6, 'Sender:user@domain','Sender:user@domain', 600, 'DEFER', 'Deferring: Too many messages from sender in last 10 minutes');"
sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "quotas" VALUES (6, 'Recipient:@domain', 'Recipient:@domain', 600, 'REJECT');"
sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "quotas_limits" VALUES(3, 'MessageCount', 10);"
sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "quotas_limits" VALUES(4, 'MessageCount', 5);"
Note: this assumes you have enabled cbpolicyd and immediately inject these contents, because they are based on the default policies, policy_members, quotas, quota_limits existing already, occupying certain IDs.
