Reject unlisted domain is one of many method to improve anti spam on email server, especially Zimbra mail server. On Zimbra, we can setup any IP address to listed as trusted network. IP address listed on trusted network, can sending email without authentication or prompt asking. In other words, listed ip address on trusted network can sending email with any domain, although is not listed on Zimbra.
If you have email server with domain example.com, email server should be sending email to outside with example.com domain, if not, then it should be rejected. This article, will describe step by step how to reject unlisted domain on Zimbra with Policyd. Assuming you have install and enable Policyd. If not, you can following this article to enable it : http://imanudin.net/2014/09/08/how-to-install-policyd-on-zimbra-8-5/
Access Policyd WebUI via browser http://zimbraserver:7780/webui/index.php. Make sure your Zimbra service apache have been running
Select Policies | Groups. Select action and add groups. given name list_domain. On comment, you can empty or filled with comment. Select a group that has been made. On action, select members and fill with your domain. See the following example. make sure disabled status is no at groups or members groups
Select Policies | Main. Add new policy and give name or information like the following picture. Then submit query
select new policy have been made and select members on action. Add member and fill on source/destination with group that has previously been made. See the following picture
above configuration is explain source and destination is not from members listed on group. Select Access Control | Configure. Add new ACL and give name or information like this :
Name : Reject Unlisted DomainLink to policy : Reject Unlisted Domain (New policy has previously been made)Verdict : RejectData : Sorry, you are not authorized to sending email
See the following picture. Then submit query
Make sure disabled status is no of all configuration has been made. Enable policyd accesscontrol and restart policyd service
1.
su
- zimbra
2.
zmprov ms `zmhostname` zimbraCBPolicydAccessControlEnabled TRUE
3.
zmcbpolicydctl restart
Please try to sending email use telnet on Zimbra mail server itself. it is the example result of above configuration
mail:~ # telnet localhost 25Trying 127.0.0.1...Escape character is '^]'.Connected to localhost.ehlo mail220 mail.xxxxxxx.xxx ESMTP Postfix 250-mail.xxxxxxx.xxx250-STARTTLS250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRNmail from:ahmad@gmail.com250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN250 2.1.0 Okrcpt to:ahmad@yahoo.com554 5.7.1 <ahmad@gmail.com>: Sender address rejected: Sorry, you are not authorized to sending email
Good luck and hopefully useful
Blogger Comment
Facebook Comment