Embedded Files
Faruque Ahmed : MCP, MCSA, MCSE, MCTS, MCIT, CCNA, OCA, OCP, GCP
---
Configure whitelist and blacklist Zimbra Amavis Spam filtering
NOQUEUE: Postfix hasn’t assigned a queue-id to this message as of yet.
Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026: This means an email will be filtered through amavis. By default, all sender addresses will be triggered.
Whitelist | Blacklist a domain or email address on Zimbra Amavis
Whitelist | Blacklist a domain or email address on Zimbra Amavis
Create two files that will store the domains and email addresses you wish to whitelist or blacklist.
$ sudo touch /opt/zimbra/conf/{whitelist,blacklist}
All whitelists will be in the file /opt/zimbra/conf/whitelist, the blacklisted will be in the file /opt/zimbra/conf/blacklist. Example
$ cat /opt/zimbra/conf/whitelist
jmutai@example.com example.org
$ cat /opt/zimbra/conf/blacklist
spammer@example.com
Now you need to modify your /opt/zimbra/conf/amavisd.conf.in configuration file have checks on the two files we just added above.
read_hash(%whitelist_sender, '/opt/zimbra/conf/whitelist'); read_hash(%blacklist_sender, '/opt/zimbra/conf/blacklist');
After saving the changes, restart the amavis service.
# su - zimbra -c "zmamavisdctl restart"
You can now retry sending email from a blocked domain/address or whitelisted ones and see if the email is delivered.
Whitelist certain IP ranges on Zimbra Amavis
Whitelist certain IP ranges on Zimbra Amavis
Assuming you trust a network e.g an internal network and would like to bypass checks for these networks, you can configure this on Amavis. First, you need to enable bypass feature which is disabled by default.
$ sudo su - zimbra
$ zmprov mcf zimbraAmavisOriginatingBypassSA TRUE
When it has been enabled, restart the following services related to Amavis.
$ zmantispamctl restart
$ zmantivirusctl restart
$ zmamavisdctl restart
Only then should Amavis bypass SpamAssassin for all messages originating internal trusted networks.
Check the setting for the current list of trusted networks
$ sudo su - zimbra
$ postconf mynetworks
$ zmprov gs `zmhostname` zimbraMtaMyNetworks
To update a list of trusted MTA networks, use the commands:
$ sudo su - zimbra
$ zmprov ms `zmhostname` zimbraMtaMyNetworks '127.0.0.0/8 10.0.0.0/8 192.168.3.0/22'
A point to note is that zmconfigd will automatically restart the MTA processes after this change is made. The zimbraMtaMyNetworks configuration is then included in Amavis in @mynetworks, which causes those IPs to be white-listed.
--
Page updated
Google Sites
Report abuse