Whitelist user/IP/domain in zimbra 8.7.11 open source

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
hikauz
Posts: 6
Joined: Thu Oct 19, 2017 12:45 pm

Whitelist user/IP/domain in zimbra 8.7.11 open source

Post by hikauz »

Hi People,

I have setup zimbra 8.7.1 on centos 7.3
Restricted all protocols and DNS checks for MTA relay.

Unfortunatly, users says some legal people can't send email to them, for example from state.gov domain.
Also, our web-server can't send email to zimbra

Code: Select all

 zmcontrol -v
 Release 8.7.11_GA_1854.RHEL7_64_20170531151956 RHEL7_64 FOSS edition.
 

Code: Select all

zmprov gcf zimbraMtaRestriction
zimbraMtaRestriction: reject_invalid_helo_hostname
zimbraMtaRestriction: reject_non_fqdn_helo_hostname
zimbraMtaRestriction: reject_non_fqdn_sender
zimbraMtaRestriction: reject_unknown_client_hostname
zimbraMtaRestriction: reject_unknown_helo_hostname
zimbraMtaRestriction: reject_unknown_sender_domain
zimbraMtaRestriction: reject_rbl_client zen.spamhaus.org
zimbraMtaRestriction: reject_rhsbl_client dbl.spamhaus.org
zimbraMtaRestriction: reject_rhsbl_reverse_client dbl.spamhaus.org
zimbraMtaRestriction: reject_rhsbl_sender dbl.spamhaus.org
zimbraMtaRestriction: check_client_access lmdb:/opt/zimbra/conf/postfix_rbl_override

zimbraMtaRestriction: check_recipient_access lmdb:/opt/zimbra/conf/postfix_recipient_access
I followed instruction from New Features in Zimbra Collaboration 8.5 and Anti-spam Strategies articles with no success

Is it possible to whitelist email user/IP/domain without disabling all zimbraMtaRestriction???

I need whitelist some user/IP/domain regardless all other checks (spam, av, postscreen, MTA and others).

Code: Select all

Here's log 
3 17:56:51 post postfix/postscreen[32165]: CONNECT from [91.212.89.78]:44496 to [172.30.30.179]:25
Oct 23 17:56:51 post postfix/postscreen[32165]: PASS OLD [91.212.89.78]:44496
Oct 23 17:56:51 post postfix/smtpd[32166]: warning: hostname 91.212.89.78.ip.uzinfocom.uz does not resolve to address 91.212.89.78: Name or service not known
Oct 23 17:56:51 post postfix/smtpd[32166]: connect from unknown[91.212.89.78]
Oct 23 17:56:51 post postfix/smtpd[32166]: NOQUEUE: filter: RCPT from unknown[91.212.89.78]: <apache@www.mfa.uz>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<apache@www.mfa.uz> to=<sms@mfa.uz> proto=ESMTP helo=<www.mfa.uz>
Oct 23 17:56:51 post postfix/smtpd[32166]: NOQUEUE: filter: RCPT from unknown[91.212.89.78]: <apache@www.mfa.uz>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10024; from=<apache@www.mfa.uz> to=<sms@mfa.uz> proto=ESMTP helo=<www.mfa.uz>
Oct 23 17:56:51 post postfix/smtpd[32166]: NOQUEUE: reject: RCPT from unknown[91.212.89.78]: 450 4.7.25 Client host rejected: cannot find your hostname, [91.212.89.78]; from=<apache@www.mfa.uz> to=<sms@mfa.uz> proto=ESMTP helo=<www.mfa.uz>
Oct 23 17:56:51 post postfix/smtpd[32166]: disconnect from unknown[91.212.89.78] ehlo=1 mail=1 rcpt=0/1 data=0/1 rset=1 quit=1 commands=4/6
Oct 23 17:57:11 post postfix/postscreen[32165]: CONNECT from [213.230.96.176]:50436 to [172.30.30.179]:25
Oct 23 17:57:11 post postfix/postscreen[32165]: PASS OLD [213.230.96.176]:50436
Oct 23 17:57:12 post postfix/smtpd[32166]: warning: hostname 176.64.uzpak.uz does not resolve to address 213.230.96.176: Name or service not known
Oct 23 17:57:12 post postfix/smtpd[32166]: connect from unknown[213.230.96.176]
Oct 23 17:57:12 post postfix/smtpd[32166]: NOQUEUE: filter: RCPT from unknown[213.230.96.176]: <eso.sadullaev@uzbekenergo.uz>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<eso.sadullaev@uzbekenergo.uz> to=<n.kuvondikov@mfa.uz> proto=ESMTP helo=<mail.uzbekenergo.uz>
Oct 23 17:57:12 post postfix/smtpd[32166]: NOQUEUE: filter: RCPT from unknown[213.230.96.176]: <eso.sadullaev@uzbekenergo.uz>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10024; from=<eso.sadullaev@uzbekenergo.uz> to=<n.kuvondikov@mfa.uz> proto=ESMTP helo=<mail.uzbekenergo.uz>
Oct 23 17:57:12 post postfix/smtpd[32166]: NOQUEUE: reject: RCPT from unknown[213.230.96.176]: 450 4.7.25 Client host rejected: cannot find your hostname, [213.230.96.176]; from=<eso.sadullaev@uzbekenergo.uz> to=<n.kuvondikov@mfa.uz> proto=ESMTP helo=<mail.uzbekenergo.uz>
Oct 23 17:57:12 post postfix/smtpd[32166]: disconnect from unknown[213.230.96.176] ehlo=1 mail=1 rcpt=0/1 data=0/1 rset=1 quit=1 commands=4/6

alwaysk2
Posts: 9
Joined: Fri Nov 18, 2016 10:25 am

Re: Whitelist user/IP/domain in zimbra 8.7.11 open source

Post by alwaysk2 »

Yes, follow this article:
Once all setup you can add rejected domain name in allowed list and postmap it. I am using it since long and it is working fine.
Post Reply