Tips

---

Cannot Access Webmail Zimbra 8.8 from IP Address

zmprov md worldcm.net zimbraVirtualHostname mail.worldcm.net zimbraVirtualIPAddress 192.168.1.11 libexec/zmproxyconfgen zmproxyctl restart

Restrict SASL Login/Access

# Open smtpd_sender_restrictions.cf

su - zimbra vi /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf

Add check_sasl_access lmdb:/opt/zimbra/conf/sasl_access above permit_sasl_authenticated. Please see example below

permit_mynetworks check_sasl_access lmdb:/opt/zimbra/conf/sasl_access permit_sasl_authenticated

# Save and create sasl_access

vi /opt/zimbra/conf/sasl_access

please fill it as follows

user1 REJECT Sorry, you cannot use SMTP for now user1@imanudin.net REJECT Sorry, you cannot use SMTP for now

Note : You can change REJECT with HOLD or DISCARD. If using REJECT, all email from that user will be rejected and user getting error “Sorry, you cannot use SMTP for now”

# Save and postmap

postmap /opt/zimbra/conf/sasl_access

Below is an example when users getting restricted SASL access

saslauthd[31326]: auth_zimbra: user1@imanudin.net auth OK mail postfix/smtps/smtpd[11549]: NOQUEUE: filter: RCPT from subs30-116-206-xx-xx.three.co.id[116.206.xx.xx]: <user1@imanudin.net>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<user1@imanudin.net> to=<user1@imanudin.net> proto=ESMTP helo= mail postfix/smtps/smtpd[11549]: NOQUEUE: reject: RCPT from subs30-116-206-xx-xx.three.co.id[116.206.xx.xx]: 554 5.7.1 <user1@imanudin.net>: SASL login name rejected: Sorry, you cannot use SMTP for now; from=<user1@imanudin.net> to=<user1@imanudin.net> proto=ESMTP

Script Notify Expired Password on Zimbra

cd /srv/ wget -c https://raw.githubusercontent.com/imanudin11/script/master/cek-expire-password-zimbra.sh chmod +x cek-expire-password-zimbra.sh bash cek-expire-password-zimbra.sh

Note : The script have policy 90 days password expired. Please change and adjust with your environment.

How To Enable PTR/Reverse DNS Lookup for Incoming Email

su - zimbra zmprov mcf +zimbraMtaRestriction "reject_unknown_client_hostname"

Please wait few minutes until Zimbra Postfix reload. Or you can also reloading Postfix manually

List top sender address emails in zimbra

How to List top sender address emails in zimbra from command line. From MTA zimbra I will run command to list 6 sender address email Zimbra.

The command as below:

$ cat /var/log/zimbra.log | awk -F 'from=<' '{print $2}' | awk -F'>' '{print $1}' | sed '/^$/d' | sort | uniq -c | sort -nk1 -r | sed -n '1,6p'

Note:

- sed '/^$/d' : To delete only blank lines
- sed -n '1,6p' : To print 1 line to 6 line.
- awk -F 'from=<' '{print $2}' | awk -F'>' '{print $1}' : To print the email of sender address

Zimbra Enable PTR/Reverse DNS lookup Incoming Email

Step 1: Enable zimbraMtaRestriction as command below

su - zimbra

zmprov mcf +zimbraMtaRestriction "reject_unknown_client_hostname"

Step 2: zimbra postfix reload

postfix reload

How to check accounts that are not active in zimbra

In this tutorial, How to check accounts that are not active in zimbra. You can check the vaule zimbraLastLogonTimestamp by account in Zimbra. Zimbra latest version here

Script from Zimbra blog

#!/bin/bash

echo "Username Total Quota Usage Server Last Login Time"

zmaccts | grep closed | grep @ | awk '{ print $1 }' | while read ACCOUNT

QUOTA_TOTAL=`zmprov ga ${ACCOUNT} | grep "zimbraMailQuota" | cut -d ":" -f2`

QUOTA_USAGE=`zmmailbox -z -m ${ACCOUNT} gms`

HOSTED_ON=`zmprov ga ${ACCOUNT} | grep zimbraMailHost | awk -F: '{ print $2 }'`

LAST_ON=`zmprov ga ${ACCOUNT} | grep zimbraLastLogonTimestamp: | awk -F: '{ print $2 }' `

echo "${ACCOUNT} ${QUOTA_TOTAL} ${QUOTA_USAGE} ${HOSTED_ON} ${LAST_ON} "

done

Or check the command below

zmprov ga account | grep zimbraLastLogonTimeStamp

You can check other methods? The comment below. Thank you!

Zimbra Error 450 4.7.1 sender reject

In this tutorial, How to solve problem "zimbra Error 450 4.7.1 sender reject" on Zimbra MTA.

Zimbra Error 450 4.7.1 sender reject as below

Feb 10 16:16:33 sd-15xxx postfix/smtpd[1832]: NOQUEUE: reject: RCPT from

unknown[x.x.x.x]: 450 4.7.1 Client host rejected: cannot find your hostname,

[x.x.x.x]; from=<someone@sender.com> to=<someone_email@mydomain.com>

proto=ESMTP helo=<smtp_sender.com>

You can check step by step to solve problem as error above

Step 1: Check smtpd_sender_restrictions on zimbra MTA.

[zimbra@your_mta ~]$ postconf | grep "smtpd_sender_restrictions"

Checking reject_unknown_sender_domain,reject_unknown_client_hostname,reject_invalid_helo_hostname is correct your environment

Step 2: Check server port 10031 on zimbra cbpolicy.

tailf /opt/zimbra/log/cbpolicy.log

To check the database have lock? sometime due to cbpolicy.

You can solve problem anything else? share your error Zimbra Error 450 4.7.1 sender reject comment below

Zimbra blacklist email based via subject

Create file chandu.cf in SpamAssassin folder as root

vi /opt/zimbra/data/spamassassin/rules/chandu.cf

The content as below

header SPAM_BANNED Subject =~ /new girls beautiful photo/i

describe SPAM_BANNED Subject contains me new photo

score SPAM_BANNED 40.0

Save and give owner user and group zimbra

chown zimbra:zimbra /opt/zimbra/data/spamassassin/rules/chandu.cf

Restarting zmamavisdctl service

su - zimbra -c "zmamavisdctl restart"

Zimbra Client host rejected Access denied

In this tutorial, How to solved problem "Zimbra Client host rejected Access denied".

Zimbra client host rejected Access denied error log

Dec 19 01:21:28 mail postfix/amavisd/smtpd[5106]: NOQUEUE: reject: CONNECT from unknown[192.168.1.113]: 554 5.7.1 <unknown[192.168.1.113]>: Client host rejected: Access denied; proto=SMTP

Dec 19 01:21:28 mail postfix/amavisd/smtpd[5106]: lost connection after CONNECT from unknown[192.168.1.113]

Dec 19 01:21:28 mail postfix/amavisd/smtpd[5106]: disconnect from unknown[192.168.1.113]

Allow the network "192.168.1.0/24" of client host for zimbraMtaMyNetworks attribute

[zimbra@mail ~]$ zmprov ms `zmhostname` zimbraMtaMyNetworks "127.0.0.0/8 192.168.1.0/24 [::1]/128 [fe80::]/64"

The change "smtpd_client_restrictions" and "smtpd_relay_restrictions" with content below

[zimbra@mail ~]$ /opt/zimbra/postfix/conf/master.cf.in

The edit master.cf.in file with content below

%%uncomment SERVICE:opendkim%% -o content_filter=scan:[%%zimbraLocalBindAddress%%]:10030

-o smtpd_etrn_restrictions=reject

-o smtpd_sasl_auth_enable=%%zimbraMtaSaslAuthEnable%%

-o smtpd_tls_security_level=%%zimbraMtaTlsSecurityLevel%%

-o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject

-o smtpd_data_restrictions=

-o smtpd_helo_restrictions=

-o smtpd_recipient_restrictions=

-o smtpd_relay_restrictions=permit_mynetworks,permit_sasl_authenticated,reject

-o syslog_name=postfix/submission

-o milter_macro_daemon_name=ORIGINATING

"Postfix only allow whitelisted Recipient Domain".

We test environment with user data. To minimize the risk of sending to unwanted email recipients.

Mail Server

HuuPV

Step 1: Add line into main.cf file as below

smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recipient_domains, reject

Note: Warring /etc/postfix/recipient_domains, reject , Allow receive email in recipient_domain, and REJECT All domain not in whitelisted domain.

Step 2: To create recipient domain is the whitelist file

mycompany.com OK

mail.huuphan.com OK

Note: only two domain mycompany.com and mail.huuphan.com receive mail

Step 3: To generate hash file:

$ sudo postmap /etc/postfix/recipient_domains

Step 4: To restart postfix service

$ sudo /etc/init.d/postfix restart

Now to try sending an email to a another domain not in whitelist.

You will find error something like that as below:

NOQUEUE: reject: RCPT from …: 554 5.7.1 <HuuPV@gmail.com>: Recipient address rejected: Access denied

Lock and Unlock zimbra account from command line

Lock and Unlock zimbra account

Step 1: Checking status account huupv02@mail.huuphan.com as below:

$ zmprov ga huupv02mail.huuphan.com | grep zimbraAccountStatus

The display as below:

Another command to check status account with zmaccts as below:

Step 2: To Lock zimbra account huupv02@mail.huuphan.com

$ zmprov ma huupv02@mail.huuphan.com zimbraAccountStatus locked

The display as picture below:

To check account status after locked

Step 3: To Unlock zimbra account huupv02@mail.huuphan.com

$ zmprov ma huupv02@mail.huuphan.com zimbraAccountStatus active

The display as picture below:

Conclusion

---