Revision as of 01:47, 16 February 2018 by King0770 (talk | contribs) (Avoid ID constraints)

|ZCS 8.7 Article ZCS 8.7 |ZCS 9.0 Article ZCS 9.0

Scenario I

You have one or two accounts you want to prevent from sending messages to other internal accounts, but still receive messages.

Use cbpolicyd

Create a internal_restrict group, and a Access Control name called DenySendAccess.

sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "policies" VALUES(NULL,'Restrict_Internal',0,'Restrict_Internal',0);"

sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "policy_members" VALUES(NULL,6,'%internal_restrict','%internal_domains','',0);"

sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "policy_groups" VALUES(NULL,'internal_restrict',0,'internal_restrict');"

sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "access_control" VALUES(NULL,6,'DenySendAccess','REJECT','REJECT','',0);"

This should work as well if you need to prevent the user from sending messages to any accounts.

sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "policy_members" VALUES(NULL,6,'%internal_restrict','any','',0);"

Now it's time to add a couple of internal accounts to prevent sending messages.

sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "policy_group_members" VALUES(NULL,3,'',0,'Restrict Rick');"

sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "policy_group_members" VALUES(NULL,3,'',0,'Restrict John');"

Scenario II

Restrict users to certain domain, as per
Another cbpolicyd solution

sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "policies" VALUES(7,'Local_Only',0,'Local_Only',0);"

sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "policy_members" VALUES(8,7,'%internal_domains','!%internal_domains','',0);"

sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "access_control" VALUES(3,7,'LocalSendAccess','REJECT','REJECT','',0);"

Scenario III

Quota Policy, contributed by Karl Buchner

As an example, lets say your Company decides the policy for all traffic (not going through the bulk MTAs) is sending a maximum of 10 messages every 10 minutes (600 seconds), and receiving a maximum of 5 messages in 10 minutes (600 seconds).

sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "policies" VALUES('Zimbra CBPolicyd Policies', 0, 'Zimbra CBPolicyd Policies');"

sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "policy_members" VALUES(6, 'any', 'any');"

sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "quotas" VALUES (6, 'Sender:user@domain','Sender:user@domain', 600, 'DEFER', 'Deferring: Too many messages from sender in last 10 minutes');"

sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "quotas" VALUES (6, 'Recipient:@domain', 'Recipient:@domain', 600, 'REJECT');"

sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "quotas_limits" VALUES(3, 'MessageCount', 10);"

sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb "INSERT INTO "quotas_limits" VALUES(4, 'MessageCount', 5);"

Note: this assumes you have enabled cbpolicyd and immediately inject these contents, because they are based on the default policies, policy_members, quotas, quota_limits existing already, occupying certain IDs.

Jump to: navigation, search