Specific Whitelist/Blacklist per IP: Difference between revisions
No edit summary |
No edit summary |
||
(One intermediate revision by the same user not shown) | |||
Line 1: | Line 1: | ||
{{ | {{BC|Certified}} | ||
__FORCETOC__ | |||
<div class="col-md-12 ibox-content"> | |||
=Specific Whitelist/Blacklist per IP= | =Specific Whitelist/Blacklist per IP= | ||
{{KB|{{ZC}}|{{ZCS 8.6}}|{{ZCS 8.5}}|}} | |||
{{WIP}} | |||
==Purpose== | ==Purpose== | ||
With ZCS 8.5 and later, it is possible to maintain an IP blacklist for connections to Postfix. This is useful in DoS and targeted spam attack scenarios. | With ZCS 8.5 and later, it is possible to maintain an IP blacklist for connections to Postfix. This is useful in DoS and targeted spam attack scenarios. | ||
Line 35: | Line 39: | ||
{{Article Footer|Zimbra Collaboration 8.5, 8.6| | {{Article Footer|Zimbra Collaboration 8.5, 8.6|02/20/2015}} | ||
{{NeedSME|Jeff|Quanah|Jenny}} | {{NeedSME|Jeff|Quanah|Jenny}} |
Latest revision as of 09:40, 13 July 2015
Specific Whitelist/Blacklist per IP
Purpose
With ZCS 8.5 and later, it is possible to maintain an IP blacklist for connections to Postfix. This is useful in DoS and targeted spam attack scenarios.
Many clients use RBLs to block spammers from flooding their MTAs with spam. Unfortunately, perfectly valid sites occasionally end up on these lists. With ZCS 8.5 and later, it is possible to create an on-disk database map that allows the client to whitelist specific blacklisted IPs so that emails from those IPs still get delivered.
Resolution
Whitelist Edit /opt/zimbra/conf/postfix_rbl_override. Add IP address(es) SPACE OK to the file, one IP address per line:
1.2.3.4 OK
Run the postmap to save and apply the changes in Postfix:
postmap /opt/zimbra/conf/postfix_rbl_override
Run the zmprov to apply the changes to the Zimbra Collaboration Server:
zmprov mcf +zimbraMtaRestriction 'check_client_access lmdb:/opt/zimbra/conf/postfix_rbl_override'
postmap will need to be rerun on the file any time an IP address is added or removed.
Blacklist Edit /opt/zimbra/conf/postfix_blacklist. Add IP address SPACE REJECT to the file, one IP address per line:
1.2.3.4 REJECT
Run the postmap to save and apply the changes in Postfix:
postmap /opt/zimbra/conf/postfix_blacklist
Run the zmprov to apply the changes to the Zimbra Collaboration Server:
zmprov mcf +zimbraMtaRestriction 'check_client_access lmdb:/opt/zimbra/conf/postfix_blacklist'
postmap will need to be rerun on the file anytime an IP address is added or removed.
Additional Content
- Link to a Wiki article