Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators
Reload this Page Solution: Whitelist for Postfix if using RBLs

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 04-30-2010, 02:22 AM
Senior Member
  
Posts: 58
Default Solution: Whitelist for Postfix if using RBLs
If you are using RBLs (such as zen.spamhaus.org) to block spam, the whitelist method in the Wiki does not work. This is because the wiki method is for spamassasin not postfix.

Postfix will check incoming messages against the RBL first, and allow/reject accordingly. So if you have a sender listed on a RBL, you need to whitelist them in Postfix.

Using this post: How To Whitelist Hosts/IP Addresses In Postfix | HowtoForge - Linux Howtos and Tutorials

I came up with a method to do this in Zimbra. {commands in italics}

Login and change to zimbra user

vi /opt/zimbra/conf/postfix_rbl_override
list all IP addresses or host names (one per line!) that you want to whitelist:
Code:
1.2.3.4 OK
1.2.3.5 OK
mail.freemailer.tld OK
postmap /opt/zimbra/conf/postfix_rbl_override

vi /opt/zimbra/conf/postfix_recipient_restrictions.cf

under:
reject_unauth_destination
add:
check_client_access hash:/opt/zimbra/conf/postfix_rbl_override

e.g.:
Code:
reject_unauth_destination
check_client_access hash:/opt/zimbra/conf/postfix_rbl_override
reject_unlisted_recipient
zmmtactl restart

Each time you add a new one, you need to do the postmap command then zmmtactl restart

Bertie
Reply With Quote
  #2 (permalink)  
Old 05-01-2010, 11:32 AM
Zimbra Consultant & Moderator
  
Posts: 20,313
Default
Thanks for posting this, would you mind adding it to the wiki as that's a more appropriate place for this kind of article.
__________________
Regards


Bill
Reply With Quote
  #3 (permalink)  
Old 05-01-2010, 04:50 PM
Moderator
  
Posts: 1,432
Default
Thanks from me, too. This will come in handy. Also, I've inserted a cross-reference to this thread in Bug 43956 - RFE: MTA-level whitelisting.
__________________
Elliot Wilen
Berkeley, CA

Don't forget to enter your Zimbra version in your forum profile.
Reply With Quote
  #4 (permalink)  
Old 05-04-2010, 02:34 AM
Senior Member
  
Posts: 58
Default Wiki Updated
Updated to Wiki here: Improving Anti-spam system - Zimbra :: Wiki

Bertie
Reply With Quote
  #5 (permalink)  
Old 05-04-2010, 03:04 AM
Zimbra Consultant & Moderator
  
Posts: 20,313
Default
Quote:
Originally Posted by bertie_uk View Post
Thanks for doing that.
__________________
Regards


Bill
Reply With Quote
  #6 (permalink)  
Old 05-04-2010, 10:48 AM
Elite Member
  
Posts: 281
Default
Quote:
Originally Posted by bertie_uk View Post
under:
reject_unauth_destination
add:
check_client_access hash:/opt/zimbra/conf/postfix_rbl_override

e.g.:
Code:
reject_unauth_destination
check_client_access hash:/opt/zimbra/conf/postfix_rbl_override
reject_unlisted_recipient
You should put the override right above the item you are overriding, and not just anywhere above.

Quote:
Each time you add a new one, you need to do the postmap command then zmmtactl restart
Why the "zmmtactl restart"? Postfix doesn't need to be restarted to pick up changes in a hashed db. Running postmap on the file is enough to alert postfix that there are changes and to reload the db.
__________________
Freddie
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.