Sharing is a Wonderful Thing

We, sometimes, need to block users to send emails both the internal and external destinations. For example, you are running an email account for receiving CVs only. However, you don’t have to reply them from this account. All the feedback email is maintained from another account. In that case, you may block the user to send emails. It will not impact in email receiving status. Please follow below guideline to achieve our goal. Goal: Restricting users to send emails to all internal and external domains.   Resolution: Step 1: Open the file smtpd_sender_restrictions.cf and add the below line at the top. root@mail:~# vim /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf %%contains VAR:zimbraMtaSmtpdSenderRestrictions check_sender_access lmdb:/opt/zimbra/common/conf/restricted_senders%%   Step 2: Execute the below line as Zimbra user. zimbra@mail:~$ zmprov ms `zmhostname` +zimbraMtaSmtpdSenderRestrictions "check_sender_access lmdb:/opt/zimbra/common/con...

In general, there are multiple administrators who manage the mail server. It is wise to use separate administrative account to access in admin portal. It will help to identify the activities performed by an administrator. This article guides you to create an admin account and to provide administrative privileges on an existing account. Create a new admin account: zimbra@mail:~$ zmprov ca newadmin@domain.com newPassword zimbraIsAdminAccount TRUE It will create an admin account with full privilege. Provide administrative privilege to an existing account: zimbra@mail:~$ zmprov ma olduser@domain.com zimbraIsAdminAccount TRUE To change the password for the olduser: zimbra@mail:~$ zmprov sp olduser@domain.com newpassword

I was working on upgrading Zimbra version. After upgrading the Zimbra package, I found an error like below while checking Zimbra log. Error: Apr 29 21:34:46 hmail postfix/postdrop[24236]: warning: mail_queue_enter: create file maildrop/808948.24236: Permission denied Solution: I solved it by executing below commands. zimbra@mail:~$ postfix stop /postfix-script: stopping the Postfix mail system zimbra@mail:~$ killall postdrop zimbra@mail:~$ postfix start /postfix-script: starting the Postfix mail system   I again checked the Zimbra log and error has been disappeared.

Objective:  Install a Comodo/Sectigo Domain Validation (DV) SSL certificate in Zimbra. We usually get the below four files from Sectigo in the certificate bundle. The file name may vary depending on the certificate type 1.     yourdomain.com.crt - main certificate 2.     AAACertificateServices.crt – Root Certificate 3.     USERTrustRSAAAACA.crt – Intermediate Certificate - 1 4.     SectigoRSADomainValidationSecureServerCA.crt - Intermediate Certificate - 2 Step 1:  We shall create two files as below. commercial_ca.crt (includes root certificate and two intermediate certificates) commercial.crt (includes main certificate, root certificate and two intermediate certificates) Step 2:  Login to Zimbra server, move to directory /opt/zimbra/ssl/zimbra/commercial and create two files as below. root@mail:~# cd /opt/zimbra/ssl/zimbra/commercial/ root@mail:/opt/zimbra/ssl/zimbra/comme...

Email security is very important now a days. We always look for inbound email security. However, it is very much important to enhance security for outbound emails too for successful email delivery to the recipient inbox. DomainKeys Identified Mail (DKIM) provides an organization to take responsibility for a message that is in transit. The sending server reputation is responsible for successful email delivery. DKIM provides the message is not being altered in the transmission of message till delivery of it. Technically DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication. In some cases, we have generate 1024 bit DKIM key due to old Zimbra version or lack of support 2048 bit key in DNS servers. The below steps should be performed to achieve the goal of publishing 1024 bit DKIM key. Generate DKIM Key: DKIM signing is done at the domain level, including alias domains. Setting up signing consists of two p...

Email security is very important now a days. We always look for inbound email security. However, it is very much important to enhance security for outbound emails too for successful email delivery to the recipient inbox. DomainKeys Identified Mail (DKIM) provides an organization to take responsibility for a message that is in transit. The sending server reputation is responsible for successful email delivery. DKIM provides the message is not being altered in the transmission of message till delivery of it. Technically DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication. Good Practices: Configure DKIM for all the sending domain.  Configure 2048 bit DKIM key. Change DKIM key in each year to avoid possible attacks. Generate DKIM Key: DKIM signing is done at the domain level, including alias domains. Setting up signing consists of two parts. I. Generate DKIM data. II. U pdating the DNS server w...

Issue: Recently I got so many complaints from my customers who are having spam emails with the subject "your mailbox is full". They are very much worried about it. In such cases, some of the users click on the link provided on those emails and there account got compromised. Solution: Luckily, Zimbra can block emails by the content from subject of email. Below is the procedure to block emails by using subject. Create a file subjectblock.cf as root user. vim /opt/zimbra/data/spamassassin/rules/subjectblock.cf header           SPAM_BANNED           Subject =~ /your mailbox is full/i describe        SPAM_BANNED         Subject contains your mailbox is full score          SPAM_BANNED          50.0 Note: Above rule created to block emails with the subject "your mailbox is full" where i indicates case...

We received some complaints from one of our customers regarding problem of sending email, especially rate limit, to Gmail. After some diagnosis, we found that the users keep 70-80 email addresses in TO/CC/BCC. In order to restrict users to send emails on such accounts at a time, we implemented a policy. After executing this policy, users shall not be able to add more than 10 email addresses in a message. root@mail:~# su – zimbra Check the current limit: zimbra@mail:~$ postconf | grep smtpd_recipient_limit  smtpd_recipient_limit = 1000     ##This is the default recipient limit zimbra@mail:~$ postconf -e 'smtpd_recipient_limit = 10'   It will restrict the recipient limit to 10. You may adjust the number based on your scenario. To apply settings. zimbra@mail:~$ postfix reload After applying this settings, you will get an error while sending a message greater than the threshold value (in this case: 10). It is also t...

Issue: Recently, we got a request from one of our customers to restrict sending emails to outside domain for some users. They will be able to send emails to their local domain only, but can receive all the emails from outside or local domain. Solution: We can achieve the desired restriction by modifying postfix configuration in Zimbra. The step by step procedure is shown below. Step 1: Open the below file and add the line at the top. zimbra@mail:~$ vim /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf check_sender_access lmdb:/opt/zimbra/common/conf/restricted_senders Step 2: Open the below file and add the lines before RESTART mta vim /opt/zimbra/conf/zmconfigd.cf POSTCONF     smtpd_restriction_classes   local_only POSTCONF     local_only   FILE   postfix_check_recipient_access.cf RESTART mta Step 3: Create a file /opt/zimbra/conf/postfix_check_recipient_access.cf and add the following line. ...