Reject unlisted domain is one of many method to improve anti spam on email server, especially Zimbra mail server. On Zimbra, we can setup any IP address to listed as trusted network. IP address listed on trusted network, can sending email without authentication or prompt asking. In other words, listed ip address on trusted network can sending email with any domain, although is not listed on Zimbra.
If you have email server with domain example.com, email server should be sending email to outside with example.com domain, if not, then it should be rejected. This article, will describe step by step how to reject unlisted domain on Zimbra with Policyd. Assuming you have install and enable Policyd. If not, you can following this article to enable it : http://imanudin.net/2014/09/08/how-to-install-policyd-on-zimbra-8-5/
Access Policyd WebUI via browser http://zimbraserver:7780/webui/index.php. Make sure your Zimbra service apache have been running
Select Policies | Groups. Select action and add groups. given name list_domain. On comment, you can empty or filled with comment. Select a group that has been made. On action, select members and fill with your domain. See the following example. make sure disabled status is no at groups or members groups
Select Policies | Main. Add new policy and give name or information like the following picture. Then submit query
select new policy have been made and select members on action. Add member and fill on source/destination with group that has previously been made. See the following picture
above configuration is explain source and destination is not from members listed on group. Select Access Control | Configure. Add new ACL and give name or information like this :
Name : Reject Unlisted Domain Link to policy : Reject Unlisted Domain (New policy has previously been made) Verdict : Reject Data : Sorry, you are not authorized to sending email
See the following picture. Then submit query
Make sure disabled status is no of all configuration has been made. Enable policyd accesscontrol and restart policyd service
1.
su
- zimbra
2.
zmprov ms `zmhostname` zimbraCBPolicydAccessControlEnabled TRUE
3.
zmcbpolicydctl restart
Please try to sending email use telnet on Zimbra mail server itself. it is the example result of above configuration
mail:~ # telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 mail.xxxxxxx.xxx ESMTP Postfix ehlo mail 250-mail.xxxxxxx.xxx 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN mail from:ahmad@gmail.com 250 2.1.0 Ok rcpt to:ahmad@yahoo.com 554 5.7.1 <ahmad@gmail.com>: Sender address rejected: Sorry, you are not authorized to sending email
Good luck and hopefully useful
Let’s See the Video on Youtube
Blogger Comment
Facebook Comment