Specific Whitelist/Blacklist per IP
 Article Information |
|---|
| This article applies to the following ZCS versions. |
Specific Whitelist/Blacklist per IP
Purpose
With ZCS 8.5 and later, it is possible to maintain an IP blacklist for connections to Postfix. This is useful in DoS and targeted spam attack scenarios.
Many clients use RBLs to block spammers from flooding their MTAs with spam. Unfortunately, perfectly valid sites occasionally end up on these lists. With ZCS 8.5 and later, it is possible to create an on-disk database map that allows the client to whitelist specific blacklisted IPs so that emails from those IPs still get delivered.
Resolution
Whitelist Edit /opt/zimbra/conf/postfix_rbl_override. Add IP address(es) SPACE OK to the file, one IP address per line:
1.2.3.4 OK
Run the postmap to save and apply the changes in Postfix:
postmap /opt/zimbra/conf/postfix_rbl_override
Run the zmprov to apply the changes to the Zimbra Collaboration Server:
zmprov mcf +zimbraMtaRestriction 'check_client_access lmdb:/opt/zimbra/conf/postfix_rbl_override'
postmap will need to be rerun on the file any time an IP address is added or removed.
Blacklist Edit /opt/zimbra/conf/postfix_blacklist. Add IP address SPACE REJECT to the file, one IP address per line:
1.2.3.4 REJECT
Run the postmap to save and apply the changes in Postfix:
postmap /opt/zimbra/conf/postfix_blacklist
Run the zmprov to apply the changes to the Zimbra Collaboration Server:
zmprov mcf +zimbraMtaRestriction 'check_client_access lmdb:/opt/zimbra/conf/postfix_blacklist'
postmap will need to be rerun on the file anytime an IP address is added or removed.
Additional Content
- Link to a Wiki article
