Tips
---
Cannot Access Webmail Zimbra 8.8 from IP Address
zmprov md worldcm.net zimbraVirtualHostname mail.worldcm.net zimbraVirtualIPAddress 192.168.1.11 libexec/zmproxyconfgen zmproxyctl restart
Restrict SASL Login/Access
# Open smtpd_sender_restrictions.cf
su - zimbra vi /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf
Add check_sasl_access lmdb:/opt/zimbra/conf/sasl_access above permit_sasl_authenticated. Please see example below
permit_mynetworks check_sasl_access lmdb:/opt/zimbra/conf/sasl_access permit_sasl_authenticated
# Save and create sasl_access
vi /opt/zimbra/conf/sasl_access
please fill it as follows
user1 REJECT Sorry, you cannot use SMTP for now user1@imanudin.net REJECT Sorry, you cannot use SMTP for now
Note : You can change REJECT with HOLD or DISCARD. If using REJECT, all email from that user will be rejected and user getting error “Sorry, you cannot use SMTP for now”
# Save and postmap
postmap /opt/zimbra/conf/sasl_access
Below is an example when users getting restricted SASL access
saslauthd[31326]: auth_zimbra: user1@imanudin.net auth OK mail postfix/smtps/smtpd[11549]: NOQUEUE: filter: RCPT from subs30-116-206-xx-xx.three.co.id[116.206.xx.xx]: <user1@imanudin.net>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<user1@imanudin.net> to=<user1@imanudin.net> proto=ESMTP helo= mail postfix/smtps/smtpd[11549]: NOQUEUE: reject: RCPT from subs30-116-206-xx-xx.three.co.id[116.206.xx.xx]: 554 5.7.1 <user1@imanudin.net>: SASL login name rejected: Sorry, you cannot use SMTP for now; from=<user1@imanudin.net> to=<user1@imanudin.net> proto=ESMTP
Script Notify Expired Password on Zimbra
cd /srv/ wget -c https://raw.githubusercontent.com/imanudin11/script/master/cek-expire-password-zimbra.sh chmod +x cek-expire-password-zimbra.sh bash cek-expire-password-zimbra.sh
Note : The script have policy 90 days password expired. Please change and adjust with your environment.
How To Enable PTR/Reverse DNS Lookup for Incoming Email
su - zimbra zmprov mcf +zimbraMtaRestriction "reject_unknown_client_hostname"
Please wait few minutes until Zimbra Postfix reload. Or you can also reloading Postfix manually
List top sender address emails in zimbra
How to List top sender address emails in zimbra from command line. From MTA zimbra I will run command to list 6 sender address email Zimbra.
The command as below:
$ cat /var/log/zimbra.log | awk -F 'from=<' '{print $2}' | awk -F'>' '{print $1}' | sed '/^$/d' | sort | uniq -c | sort -nk1 -r | sed -n '1,6p'
Note:
sed '/^$/d' : To delete only blank lines
sed -n '1,6p' : To print 1 line to 6 line.
awk -F 'from=<' '{print $2}' | awk -F'>' '{print $1}' : To print the email of sender address
Zimbra Enable PTR/Reverse DNS lookup Incoming Email
Step 1: Enable zimbraMtaRestriction as command below
su - zimbra
zmprov mcf +zimbraMtaRestriction "reject_unknown_client_hostname"
Step 2: zimbra postfix reload
postfix reload
How to check accounts that are not active in zimbra
In this tutorial, How to check accounts that are not active in zimbra. You can check the vaule zimbraLastLogonTimestamp by account in Zimbra. Zimbra latest version here
Script from Zimbra blog
#!/bin/bash
echo "Username Total Quota Usage Server Last Login Time"
zmaccts | grep closed | grep @ | awk '{ print $1 }' | while read ACCOUNT
do
QUOTA_TOTAL=`zmprov ga ${ACCOUNT} | grep "zimbraMailQuota" | cut -d ":" -f2`
QUOTA_USAGE=`zmmailbox -z -m ${ACCOUNT} gms`
HOSTED_ON=`zmprov ga ${ACCOUNT} | grep zimbraMailHost | awk -F: '{ print $2 }'`
LAST_ON=`zmprov ga ${ACCOUNT} | grep zimbraLastLogonTimestamp: | awk -F: '{ print $2 }' `
echo "${ACCOUNT} ${QUOTA_TOTAL} ${QUOTA_USAGE} ${HOSTED_ON} ${LAST_ON} "
done
Or check the command below
zmprov ga account | grep zimbraLastLogonTimeStamp
You can check other methods? The comment below. Thank you!
Zimbra Error 450 4.7.1 sender reject
In this tutorial, How to solve problem "zimbra Error 450 4.7.1 sender reject" on Zimbra MTA.
Zimbra Error 450 4.7.1 sender reject as below
Feb 10 16:16:33 sd-15xxx postfix/smtpd[1832]: NOQUEUE: reject: RCPT from
unknown[x.x.x.x]: 450 4.7.1 Client host rejected: cannot find your hostname,
[x.x.x.x]; from=<someone@sender.com> to=<someone_email@mydomain.com>
proto=ESMTP helo=<smtp_sender.com>
You can check step by step to solve problem as error above
Step 1: Check smtpd_sender_restrictions on zimbra MTA.
[zimbra@your_mta ~]$ postconf | grep "smtpd_sender_restrictions"
Checking reject_unknown_sender_domain,reject_unknown_client_hostname,reject_invalid_helo_hostname is correct your environment
Step 2: Check server port 10031 on zimbra cbpolicy.
tailf /opt/zimbra/log/cbpolicy.log
To check the database have lock? sometime due to cbpolicy.
You can solve problem anything else? share your error Zimbra Error 450 4.7.1 sender reject comment below
Zimbra blacklist email based via subject
Create file chandu.cf in SpamAssassin folder as root
vi /opt/zimbra/data/spamassassin/rules/chandu.cf
The content as below
header SPAM_BANNED Subject =~ /new girls beautiful photo/i
describe SPAM_BANNED Subject contains me new photo
score SPAM_BANNED 40.0
Save and give owner user and group zimbra
chown zimbra:zimbra /opt/zimbra/data/spamassassin/rules/chandu.cf
Restarting zmamavisdctl service
su - zimbra -c "zmamavisdctl restart"
Zimbra Client host rejected Access denied
In this tutorial, How to solved problem "Zimbra Client host rejected Access denied".
Zimbra client host rejected Access denied error log
Dec 19 01:21:28 mail postfix/amavisd/smtpd[5106]: NOQUEUE: reject: CONNECT from unknown[192.168.1.113]: 554 5.7.1 <unknown[192.168.1.113]>: Client host rejected: Access denied; proto=SMTP
Dec 19 01:21:28 mail postfix/amavisd/smtpd[5106]: lost connection after CONNECT from unknown[192.168.1.113]
Dec 19 01:21:28 mail postfix/amavisd/smtpd[5106]: disconnect from unknown[192.168.1.113]
Allow the network "192.168.1.0/24" of client host for zimbraMtaMyNetworks attribute
[zimbra@mail ~]$ zmprov ms `zmhostname` zimbraMtaMyNetworks "127.0.0.0/8 192.168.1.0/24 [::1]/128 [fe80::]/64"
The change "smtpd_client_restrictions" and "smtpd_relay_restrictions" with content below
[zimbra@mail ~]$ /opt/zimbra/postfix/conf/master.cf.in
The edit master.cf.in file with content below
%%uncomment SERVICE:opendkim%% -o content_filter=scan:[%%zimbraLocalBindAddress%%]:10030
-o smtpd_etrn_restrictions=reject
-o smtpd_sasl_auth_enable=%%zimbraMtaSaslAuthEnable%%
-o smtpd_tls_security_level=%%zimbraMtaTlsSecurityLevel%%
-o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o smtpd_data_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o syslog_name=postfix/submission
-o milter_macro_daemon_name=ORIGINATING
"Postfix only allow whitelisted Recipient Domain".
We test environment with user data. To minimize the risk of sending to unwanted email recipients.
Mail Server
Step 1: Add line into main.cf file as below
smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recipient_domains, reject
Note: Warring /etc/postfix/recipient_domains, reject , Allow receive email in recipient_domain, and REJECT All domain not in whitelisted domain.
Step 2: To create recipient domain is the whitelist file
mycompany.com OK
mail.huuphan.com OK
Note: only two domain mycompany.com and mail.huuphan.com receive mail
Step 3: To generate hash file:
$ sudo postmap /etc/postfix/recipient_domains
Step 4: To restart postfix service
$ sudo /etc/init.d/postfix restart
Now to try sending an email to a another domain not in whitelist.
You will find error something like that as below:
NOQUEUE: reject: RCPT from …: 554 5.7.1 <HuuPV@gmail.com>: Recipient address rejected: Access denied
Lock and Unlock zimbra account from command line
Lock and Unlock zimbra account
Step 1: Checking status account huupv02@mail.huuphan.com as below:
$ zmprov ga huupv02mail.huuphan.com | grep zimbraAccountStatus
The display as below:
Another command to check status account with zmaccts as below:
Step 2: To Lock zimbra account huupv02@mail.huuphan.com
$ zmprov ma huupv02@mail.huuphan.com zimbraAccountStatus locked
The display as picture below:
To check account status after locked
Step 3: To Unlock zimbra account huupv02@mail.huuphan.com
$ zmprov ma huupv02@mail.huuphan.com zimbraAccountStatus active
The display as picture below:
Conclusion
---