Powered by Blogger.

Improving Anti Spam : Reject Unlisted Domain On Zimbra 8.5

Reject unlisted domain is one of many method to improve anti spam on email server, especially Zimbra mail server. On Zimbra, we can setup any IP address to listed as trusted network. IP address listed on trusted network, can sending email without authentication or prompt asking. In other words, listed ip address on trusted network can sending email with any domain, although is not listed on Zimbra.

If you have email server with domain example.com, email server should be sending email to outside with example.com domain, if not, then it should be rejected. This article, will describe step by step how to reject unlisted domain on Zimbra with Policyd. Assuming you have install and enable Policyd. If not, you can following this article to enable it : http://imanudin.net/2014/09/08/how-to-install-policyd-on-zimbra-8-5/
Access Policyd WebUI via browser http://zimbraserver:7780/webui/index.php. Make sure your Zimbra service apache have been running
Select Policies | Groups. Select action and add groups. given name list_domain. On comment, you can empty or filled with comment. Select a group that has been made. On action, select members and fill with your domain. See the following example. make sure disabled status is no at groups or members groups
policyd-groups
Select Policies | Main. Add new policy and give name or information like the following picture. Then submit query

policyd-reject-unlisted-domain
select new policy have been made and select members on action. Add member and fill on source/destination with group that has previously been made. See the following picture
policyd-reject-member
above configuration is explain source and destination is not from members listed on group. Select Access Control | Configure. Add new ACL and give name or information like this :
Name : Reject Unlisted Domain
Link to policy : Reject Unlisted Domain (New policy has previously been made)
Verdict : Reject
Data : Sorry, you are not authorized to sending email
See the following picture. Then submit query
policyd-acl
Make sure disabled status is no of all configuration has been made. Enable policyd accesscontrol and restart policyd service
1.su - zimbra
2.zmprov ms `zmhostname` zimbraCBPolicydAccessControlEnabled TRUE
3.zmcbpolicydctl restart
Please try to sending email use telnet on Zimbra mail server itself. it is the example result of above configuration
mail:~ # telnet localhost 25
Trying 127.0.0.1...
Escape character is '^]'.
Connected to localhost.
ehlo mail
220 mail.xxxxxxx.xxx ESMTP Postfix 250-mail.xxxxxxx.xxx
250-STARTTLS
250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN
mail from:ahmad@gmail.com
250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN
250 2.1.0 Ok
rcpt to:ahmad@yahoo.com
554 5.7.1 <ahmad@gmail.com>: Sender address rejected: Sorry, you are not authorized to sending email
Good luck and hopefully useful 😀
    Blogger Comment
    Facebook Comment