King0770-Notes-Whitelist-Spamassassin-MTA

Revision as of 21:01, 29 December 2016 by King0770 (talk | contribs) (Section III - check_client_access by smtpd_recipient_restrictions)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Methods between Spamassassin and MTA Whitelisting

Section I - Whitelist by Spamassassin

Method 1

touch /opt/zimbra/data/spamassassin/localrules/sauser.cf

Edit sauser.cf file, and add the following. 

whitelist_from jsmith@exampledomain.com

zmamavisdctl restart

Alternatively, if you want to whitelist by domain, you can use...

whitelist_from *@exampledomain.com

Method 2

su - zimbra
zmprov md domain.com +amavisWhitelistSender jsmith@exampledomain.com

OR

zmprov md domain.com +amavisWhitelistSender friendlydomain.net

Method 2a

zmprov ma smithj@domain.com +amavisWhitelistSender bwayne@exampledomain.com 

OR

zmprov ma smithj@domain.com +amavisWhitelistSender friendlydomain.net

Section II - Whitelist by MTA

RBL Overide You need to setup an MTA RBL over ride file. As the zimbra user do the following.

1) 
touch /opt/zimbra/conf/postfix_rbl_override

2) Add IP address(es) SPACE OK to the file, one IP address per line, example...

1.2.3.4  OK

3) 
postmap /opt/zimbra/conf/postfix_rbl_override

4)
zmprov mcf +zimbraMtaRestriction "check_client_access lmdb:/opt/zimbra/conf/postfix_rbl_override"

5)
zmmtactl restart

**Note**
After setting up the MTA RBL file, anytime afterwards you need to update the postfix_rbl_override file, you just need to run the postmap command against it; no need to restart the MTA each time the file is updated. 

postmap /opt/zimbra/conf/postfix_rbl_override

Section III - check_sender_access by smtpd_recipient_restrictions

1) Edit the /opt/zimbra/conf/zmconfigd/smtpd_recipient_restrictions.cf file, and add the following line at the top of the file

%%contains VAR:zimbraMtaRestriction check_sender_access lmdb:/opt/zimbra/conf/postfix_whitelist%%

2) Create the /opt/zimbra/conf/postfix_whitelist file with the following (this is an example)

1.2.3.4   OK
6.7.8.9  OK
friendlydomain.com   OK
example.com   OK

3) Run postmap on the /opt/zimbra/conf/postfix_whitelist file

postmap /opt/zimbra/conf/postfix_whitelist

4) Update the globalConfig to pick up the change

zmprov mcf +zimbraMtaRestriction 'check_sender_access lmdb:/opt/zimbra/conf/postfix_whitelist'

5) Restart configd and MTA to pick up the changes

zmconfigdctl restart
zmmtactl restart

6) Verify the changes

zmprov gacf | grep zimbraMtaRestriction

zimbraMtaRestriction: check_client_access lmdb:/opt/zimbra/conf/postfix_whitelist    <<== you should see this line

postconf | grep smtpd_recipient_restrictions

smtpd_recipient_restrictions = check_client_access lmdb:/opt/zimbra/conf/postfix_whitelist   <<== smtpd_recipient_restrictions should contain check_client_access lmdb:/opt/zimbra/conf/postfix_whitelist
Jump to: navigation, search