how to block all mails coming from that particular email address.

[ArcaneMagus]

That will work. There is a script that runs that will update config files to implement changes in their respective .in files. This is run on startup automatically. If you want to do this without shutting down the server you can dig around and find out what script updates this and then restart the service you were working on the config file for... however it is much easier to simply put your changes in the .in file and then restart the entire Zimbra service.

[nskmdu]

hi Jbrabander

yes you are correct.

[Jbrabander]

I got a chance to restart Zimbra finally. I verified that the blacklisted items I added to the salocal.cf.in did in fact copy over to the salocal.cf file. I guess we'll wait and see what happens now!

Say, does anyone know...if an item hits the blacklist, does that make a note in a log file anywhere? If so, which log?

[frankman]

Quote:

Originally Posted by Jbrabander

Say, does anyone know...if an item hits the blacklist, does that make a note in a log file anywhere? If so, which log?

Check your /var/log/zimbra.log.


The solution of editting of the salocal.cf file sets spamassassin to blacklist email addresses.

A better solution is where the email for particular email addresses can get rejected at the postfix level, so it doesn't have to go through the other stuff (spamassassin, amavis, etc.) and saves on memory and cpu usage. Here is my improved solution:

Step 1: Edit main.cf

Quote:

su - zimbra
cd /opt/zimbra/postfix/conf
vi main.cf

Step 2: Modify the "smtpd_recipient_restrictions". Don't edit /opt/zimbra/postfix/conf/main.cf because it gets overwritten.. Add "check_recipient_access hash:<path and file name>" option for the blacklisted destination addresses to /opt/zimbra/conf/postfix_recipient_restrictions.cf:

Quote:

vi postfix_recipient_restrictions.cf

Quote:

reject_non_fqdn_recipient
permit_sasl_authenticated
permit_mynetworks
reject_unauth_destination
reject_unlisted_recipient
%%contains VAR:zimbraMtaRestriction reject_invalid_hostname%%
%%contains VAR:zimbraMtaRestriction reject_non_fqdn_hostname%%
%%contains VAR:zimbraMtaRestriction reject_non_fqdn_sender%%
%%contains VAR:zimbraMtaRestriction reject_unknown_client%%
%%contains VAR:zimbraMtaRestriction reject_unknown_hostname%%
%%contains VAR:zimbraMtaRestriction reject_unknown_sender_domain%%
%%contains VAR:zimbraMtaRestriction reject_rbl_client dnsbl.njabl.org%%
%%contains VAR:zimbraMtaRestriction reject_rbl_client cbl.abuseat.org%%
%%contains VAR:zimbraMtaRestriction reject_rbl_client bl.spamcop.net%%
%%contains VAR:zimbraMtaRestriction reject_rbl_client sbl.spamhaus.org%%
%%contains VAR:zimbraMtaRestriction reject_rbl_client xbl.spamhaus.org%%
%%contains VAR:zimbraMtaRestriction reject_rbl_client sbl-xbl.spamhaus.org%%
%%contains VAR:zimbraMtaRestriction reject_rbl_client relays.mail-abuse.org%%
check_recipient_access hash:/opt/zimbra/postfix/conf/blacklist_clients
permit

Step 3: Create the blacklist for email to reject with the email destinations listed:

Quote:

vi /opt/zimbra/postfix/conf/blacklist_clients

Note: The blacklist_clients (can be named anything, just keep it consistent with what you put in main.cf) contains: (my domain info replaced with example.com)

Quote:

003430512.17852337897892@example.com REJECT
083452399.53934348038498@example.com REJECT
08mawexample.combec@example.com REJECT
243453136.90234232423415@example.com REJECT
alanrqh@example.com REJECT
avptrm@example.com REJECT
brzsls@example.com REJECT
cybglv@example.com REJECT
dimoj@example.com REJECT
... etc.

Step 4: Then create the postfix db:

Quote:

postmap /opt/zimbra/postfix/conf/blacklist_clients

That's it. No restart needed. Zimbra (Postfix) took it pretty much immediately. Emails to those destinations will be rejected and dropped. Per /var/log/zimbra.log (my domain info removed):

Quote:

Feb 8 23:32:16 power postfix/smtpd[2530]: NOQUEUE: reject: RCPT from unknown[91.151.82.113]: 554 5.7.1 <eebec@example.com>: Recipient address rejected: Access denied; from=<whatever@doesntmatter.com> to=<eebec@example.com> proto=SMTP helo=<net91-151-82-ip113.gigabit.web.tr>

Someone could add that solution to Improving Anti-spam system - Zimbra :: Wiki wiki. I tried to, but could not. I created an account in the wiki and after that, Main Page - Zimbra :: Wiki just comes up as a blank page.

I like this solution much better. No spamassassin and no amavis used, so less memory and cpu used and is much faster to reject it. I have a legacy catch-all account which I still need. There are 60 non-existent addresses that the spammers target making up ~99% (pulled number out of the air, but that feels about right) of the spam I receive.

[ArcaneMagus]

Quote:

Originally Posted by frankman

Quote:

frankman it looks like you are trying to block invalid local accounts, in other words accounts that don't exist...postfix already does this for you before a message gets to any further processing so from what I can see your blocklist is already done automatically...
Here is an example of a mail to an invalid account being rejected:

Quote:

Feb 2 11:04:57 email postfix/smtpd[1130]: NOQUEUE: reject: RCPT from mail1.kmpsgroupmail.com[216.17.37.142]: 550 5.1.1 <FJROJAS@example.com>: Recipient address rejected: example.com; from=<bounce_41276790-146973@kmpsgroupbounce.com> to=<FJROJAS@example.com> proto=ESMTP helo=<mail1.kmpsgroupmail.com>

[frankman]

Quote:

Originally Posted by ArcaneMagus

frankman it looks like you are trying to block invalid local accounts, in other words accounts that don't exist...postfix already does this for you before a message gets to any further processing so from what I can see your blocklist is already done automatically...

Thanks for the reply!

I should have mentioned (like in another thread), but because of legacy reasons, I have a catch-all account and am in the process of getting rid of it.

Since the vast majority of the spam I get are repeatedly addressed to those ~60 addresses for the past few years, the above solution works for me... for now.

[Blinkiz]

Thank you frankman for the solution above.
Just wanted to let everyone know how this can be done with Zimbra 6.0.6+

All commands below is run as the zimbra user

Edit /opt/zimbra/conf/postfix_recipient_restrictions.cf and add this just before the permit line:

Code:

check_recipient_access hash:/opt/zimbra/conf/blacklist_clients

I make no guarantee that this will stick. Zimbra will probably just replace this one if you make changes in your zimbra admin gui. If someone know a better place to put this line, post a reply.

Then create /opt/zimbra/conf/blacklist_clients and put every address you want to block on it's own row. If you want the sender to know about your block, use REJECT. If not, use DISCARD.

Code:

libtorrent@mydomain.com DISCARD
registerflywhois@mydomain.com REJECT

Finally run postmap:

Code:

postmap /opt/zimbra/conf/blacklist_clients

Oh, you probably need to do a "postfix reload" after you have edited postfix_recipient_restrictions.cf.

[Blinkiz]

My above trick to blacklist some email addresses, does not work as of Zimbra 7.0.0. Suggestions?