Enabling and administering the Zimbra milter

(Redirected from RestrictPostfixRecipients)

Enabling and administering the Zimbra milter

   KB 20524        Last updated on 01/12/2016  




0.00
(0 votes)
 - This article is a Community contribution and may include unsupported customizations.

Getting Started

The Zimbra milter allows for the regulation of distribution list senders on a Global or server level. When the milter server is enabled, only users who have been granted (with steps below) explicit sending permissions will be allowed.

Enabling the Milter Server

Note that the Milter server should only be enabled on servers running the MTA.

Global: Home > Configure > Global Settings > MTA > Milter Server
Server: Home > Configure > Servers > Select Desired Server > MTA > Milter Server 
  • Alternatively using the CLI:
su - zimbra
zmprov modifyConfig zimbraMilterServerEnabled TRUE

For a specific server (say mail.zimbra.lab):

zmprov modifyServer mail.zimbra.lab zimbraMilterServerEnabled TRUE

The above steps will ensure that milter will be automatically started via "zmcontrol start"

To start the milter manually:

zmmilterctl start

To check the status of the milter:

zmmilterctl status 

Usage: zmmilterctl start|stop|restart|reload|refresh|status

Examples using CLI

The following will provide examples for granting sender permissions on the CLI:

  • User - grants a user sending permissions to a distribution list
zmprov grr dl distributionlist@zimbra.lab usr user@zimbra.lab sendToDistList            
  • Group (distribution list) - grants a group sending rights to distribution list
zmprov grr dl distributionlist@zimbra.lab grp groupdl@zimbra.lab sendToDistList
  • All Entities - allows all entities on the server to send to a distribution list
zmprov grr dl distributionlist@zimbra.lab all sendToDistList
  • Domain - grant all users on a domain sending rights
zmprov grr dl distributionlist@zimbra.lab dom zimbra.lab sendToDistList
  • Public - grant all users both internal/external sending rights
zmprov grr dl distributionlist@zimbra.lab pub sendToDistList
  • After granting or revoking rights for the milter, you must reaload the configuration for the changes to take effect.
zmmtactl reload

Examples using the admin interface

The following will provide examples for granting sender permissions on the Web Admin:

  • User - grants a user sending permissions to a distribution list
Global: Home > Manage > Distribution List > distributionlist@zimbra.lab > ACL > Add

Enabling and administering the Zimbra milter 1.png

  • Group (distribution list) - grants a group sending rights to distribution list
Global: Home > Manage > Distribution List > distributionlist@zimbra.lab > ACL > Add

Enabling and administering the Zimbra milter 2.png

  • All Entities - allows all entities on the server to send to a distribution list
Global: Home > Manage > Distribution List > distributionlist@zimbra.lab > ACL > Add

Enabling and administering the Zimbra milter 3.png

  • Domain - grant all users on a domain sending rights
Global: Home > Manage > Distribution List > distributionlist@zimbra.lab > ACL > Add

Enabling and administering the Zimbra milter 4.png

  • Public - grant all users both internal/external sending rights
Global: Home > Manage > Distribution List > distributionlist@zimbra.lab > ACL > Add

Enabling and administering the Zimbra milter 5.png

  • After granting or revoking rights for the milter, you must reload the configuration for the changes to take effect.
zmmtactl reload

Verifying permissions for an entity

  • Checking a single user or entity (CLI):
zmprov ckr dl distributionlist@zimbra.lab userorentity@zimbra.lab sendToDistList
ALLOWED
  • Checking a domain (Web Admin):

Global: Home > Configure > Domain > zimbra.lab > Click on the gear > Configure Grant

Enabling and administering the Zimbra milter 8.png

  • Viewing granted permissions for the distribution list (CLI):

1) Get the users Zimbra ID:

zmprov ga user@zimbra.lab |grep -i "zimbraid: "

2) Check the permissions on the distribution list:

zmprov gdl distributionlist@zimbra.lab |less

3) Find the 'zimbraACE' entries and compare the users' id:

zimbraACE: [zimbraId of user] usr sendToDistList

For example;

zimbraACE: c524877c-e0a6-4255-bb1b-d02b35cc2dd5 dom sendToDistList
zimbraACE: 99999999-9999-9999-9999-999999999999 pub sendToDistList
  • Viewing granted permissions for the distribution list (Web Admin):
Global: Home > Manage > Distribution List > distributionlist@zimbra.lab > ACL

Enabling and administering the Zimbra milter 7.png

Modifying and revoking grants

If you want to remove or modify permissions, you'll need to use 'zmprov rvr' instead of 'zmprov grr'.

  • Example of removing sendToDistList permissions for a user (CLI):
zmprov rvr dl distributionlist@zimbra.lab usr user@zimbra.lab sendToDistList
  • Example of removing sendToDistList permissions for a user (Web admin):
Global: Home > Manage > Distribution List > distributionlist@zimbra.lab > ACL > Select the ACL > Delete

Enabling and administering the Zimbra milter 6.png

  • After granting or revoking rights for the milter, you must reaload the configuration for the changes to take effect.
zmmtactl reload

Troubleshooting the Zimbra milter

  • Verify the milters settings:
zmmilterctl status 
Milter server is running.
Verified Against: ZCS 7.0, ZCS 8.0, ZCS 8.5, ZCS 8.6 Date Created: 2013
Article ID: https://wiki.zimbra.com/index.php?title=Enabling_and_administering_the_Zimbra_milter Date Modified: 01/12/2016



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search