Sharing is a Wonderful Thing

Email security is very important now a days. We always look for inbound email security. However, it is very much important to enhance security for outbound emails too for successful email delivery to the recipient inbox. DomainKeys Identified Mail (DKIM) provides an organization to take responsibility for a message that is in transit. The sending server reputation is responsible for successful email delivery. DKIM provides the message is not being altered in the transmission of message till delivery of it. Technically DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication. In some cases, we have generate 1024 bit DKIM key due to old Zimbra version or lack of support 2048 bit key in DNS servers. The below steps should be performed to achieve the goal of publishing 1024 bit DKIM key. Generate DKIM Key: DKIM signing is done at the domain level, including alias domains. Setting up signing consists of two p...

Email security is very important now a days. We always look for inbound email security. However, it is very much important to enhance security for outbound emails too for successful email delivery to the recipient inbox. DomainKeys Identified Mail (DKIM) provides an organization to take responsibility for a message that is in transit. The sending server reputation is responsible for successful email delivery. DKIM provides the message is not being altered in the transmission of message till delivery of it. Technically DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication. Good Practices: Configure DKIM for all the sending domain.  Configure 2048 bit DKIM key. Change DKIM key in each year to avoid possible attacks. Generate DKIM Key: DKIM signing is done at the domain level, including alias domains. Setting up signing consists of two parts. I. Generate DKIM data. II. U pdating the DNS server w...

Issue: Recently I got so many complaints from my customers who are having spam emails with the subject "your mailbox is full". They are very much worried about it. In such cases, some of the users click on the link provided on those emails and there account got compromised. Solution: Luckily, Zimbra can block emails by the content from subject of email. Below is the procedure to block emails by using subject. Create a file subjectblock.cf as root user. vim /opt/zimbra/data/spamassassin/rules/subjectblock.cf header           SPAM_BANNED           Subject =~ /your mailbox is full/i describe        SPAM_BANNED         Subject contains your mailbox is full score          SPAM_BANNED          50.0 Note: Above rule created to block emails with the subject "your mailbox is full" where i indicates case...

We received some complaints from one of our customers regarding problem of sending email, especially rate limit, to Gmail. After some diagnosis, we found that the users keep 70-80 email addresses in TO/CC/BCC. In order to restrict users to send emails on such accounts at a time, we implemented a policy. After executing this policy, users shall not be able to add more than 10 email addresses in a message. root@mail:~# su – zimbra Check the current limit: zimbra@mail:~$ postconf | grep smtpd_recipient_limit  smtpd_recipient_limit = 1000     ##This is the default recipient limit zimbra@mail:~$ postconf -e 'smtpd_recipient_limit = 10'   It will restrict the recipient limit to 10. You may adjust the number based on your scenario. To apply settings. zimbra@mail:~$ postfix reload After applying this settings, you will get an error while sending a message greater than the threshold value (in this case: 10). It is also t...

Issue: Recently, we got a request from one of our customers to restrict sending emails to outside domain for some users. They will be able to send emails to their local domain only, but can receive all the emails from outside or local domain. Solution: We can achieve the desired restriction by modifying postfix configuration in Zimbra. The step by step procedure is shown below. Step 1: Open the below file and add the line at the top. zimbra@mail:~$ vim /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf check_sender_access lmdb:/opt/zimbra/common/conf/restricted_senders Step 2: Open the below file and add the lines before RESTART mta vim /opt/zimbra/conf/zmconfigd.cf POSTCONF     smtpd_restriction_classes   local_only POSTCONF     local_only   FILE   postfix_check_recipient_access.cf RESTART mta Step 3: Create a file /opt/zimbra/conf/postfix_check_recipient_access.cf and add the following line. ...

Issue: Suddenly, one of my cPanel based VPS customers raised an issue. They usually send emails by using PHPMailer in cPanel. An email address was configured to send emails. Recipient should be able to receive emails from that email address. Their server hostname is like vps.domain.com. Sender email address is set like alice@domain.com. While they are sending emails from the system, the recipient are being received the email form alice@vps.domain.com. It creates a problem of sender identity. Moreover, some email system blocked their email due to nonexistence of the domain vps.domain.com.  Solution: We analyzed the issue and came up with a solution forcing the PHPMailer to send emails using designated from address. We added a line in PHPMailer configuration as below. mail($mail_to, $subject, $mail_html, $headers, '-f alice@domain.com') After that we again sent the email and received the email using alice@domain.com.

It is very common to have SSL certificate in website now-a-days. In general, the website is configured to access using http and https both separately. It is a security hole to access such websites using http. For this reason, http to https redirection is required. It can be achievable in some ways. The most popular is using the .htaccess file. Step 1: Login to cPanel Step 2: Go to public_html under file manager. Step 3: Create a .htaccess file if it is already not created. Add below lines. RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] Step 4: Save and close. Now, the website should be redirected from http to https.

Issue: Recently, we got a request from one of our customers to reject outbound emails for a specific user. We initially thought whether it is possible to block outbound emails for a single user. However, G Suite is very powerful and it has some interesting features. We achieved our target by using G Suite content compliance as below.  Solution: Step 1: From admin console go to Apps -> G Suite -> Gmail -> Advanced Settings. Step 2: Under Basic Settings go to Content Compliance and click on Configure. Step 3: Add a rule as per below screenshots to block outbound emails. Step 4: Save the configuration and check email sending/receiving status.

It is a mandatory task to update DNS records for successful email transaction. We often publish G Suite DNS records in wrong way. Here I describe some of the DNS records (MX record, CNAME record and TXT record) for G Suite email. MX Record:  It's a mandatory record for inbound email communication. Name/Host/Alias TTL Record Type Priority Value @ or leave blank 3600 MX 1 ASPMX.L.GOOGLE.COM @ or leave blank 3600 MX 5 ALT1.ASPMX.L.GOOGLE.COM @ or leave blank 3600 MX 5 ALT2.ASPMX.L.GOOGLE.COM @ or leave blank 3600 MX 10 ALT3.ASPMX.L.GOOGLE.COM @ or leave blank 3600 MX 10 ALT4.ASPMX.L.GOOGLE.COM CNAME record:  This record is required if you want to access the webmail using our own domain name. In that case, it is mail.domain.com.  Type Name or Host Value or Address ...