Restricting user from sending mails to distribution list-
-
- Posts: 46
- Joined: Sat Sep 13, 2014 3:24 am
Restricting user from sending mails to distribution list-
Iam using zimbra 8.6.0 version . I want to control sending mails to the distribution list. So as noted in the wiki ,I started the Milter service by changing the settings in Global -MTA section and in Server -MTA section. Then I restarted the milter control and found it was running.
Accordingly I executed the command zmprov grr dl test@xxx.com usr abc@xxx.com sendToDistList
So, after executing the above command, only the test@xxxx.com user can send mails to the test@xxx.com (distribution list).
But when I tried with different user, any body can send mails to the distribution list. I again verified the status of Milter and it was still working,
The wiki says that after starting the Milter server, only permitted users can send mails to the DL. In my case, it is not working.
Please let me know what is wrong with my installation.
Accordingly I executed the command zmprov grr dl test@xxx.com usr abc@xxx.com sendToDistList
So, after executing the above command, only the test@xxxx.com user can send mails to the test@xxx.com (distribution list).
But when I tried with different user, any body can send mails to the distribution list. I again verified the status of Milter and it was still working,
The wiki says that after starting the Milter server, only permitted users can send mails to the DL. In my case, it is not working.
Please let me know what is wrong with my installation.
Restricting user from sending mails to distribution list-
As you've not given any detailed information on what the problem is, no diagnostic information nor any details of which wiki article you've read it's impossible to tell you what's wrong, the only conclusion I can come to is that you've not followed the instructions correctly. The current wiki article on this subject has details on how to verify the permissions for an entity, have you checked that? I'll also move this thread to the correct forum.
-
- Posts: 46
- Joined: Sat Sep 13, 2014 3:24 am
Restricting user from sending mails to distribution list-
Sorry for publishing in the wrong forum.
I followed the following link.
https://wiki.zimbra.com/wiki/Enabling_a ... bra_milter
But I could not accomplish the task
My doubt is whether I should revoke all user rights after starting the Milter. ?? and then grant rights one by one to the designated user
Please suggest.
I followed the following link.
https://wiki.zimbra.com/wiki/Enabling_a ... bra_milter
But I could not accomplish the task
My doubt is whether I should revoke all user rights after starting the Milter. ?? and then grant rights one by one to the designated user
Please suggest.
-
- Posts: 46
- Joined: Sat Sep 13, 2014 3:24 am
Restricting user from sending mails to distribution list-
Any body, please help me to resolve this.
Thanks in advance
Thanks in advance
Restricting user from sending mails to distribution list-
do zmprov gdl test@xxx.com and check the zimbraACE.
If you have something in there for dom or pub permissions granted, that's your problem.
You should have only one usr permission in there.
If you have something in there for dom or pub permissions granted, that's your problem.
You should have only one usr permission in there.
-
- Outstanding Member
- Posts: 304
- Joined: Sat Sep 13, 2014 2:23 am
- ZCS/ZD Version: Release 8.8.15.GA.3829.UBUNTU16.64
- Contact:
Restricting user from sending mails to distribution list-
Hi,
Please try to use CBPolicyD. This article is example for restrict certain user to sending email to certain users/domains : http://imanudin.net/2014/09/29/how-to-r ... h-policyd/
HTH
Please try to use CBPolicyD. This article is example for restrict certain user to sending email to certain users/domains : http://imanudin.net/2014/09/29/how-to-r ... h-policyd/
HTH
**
Best Regards,
Ahmad Imanudin - Sharing is Beautiful !
Personal Blog [EN] :http://www.imanudin.net
Best Regards,
Ahmad Imanudin - Sharing is Beautiful !
Personal Blog [EN] :http://www.imanudin.net
-
- Posts: 46
- Joined: Sat Sep 13, 2014 3:24 am
Restricting user from sending mails to distribution list-
Solved
Thanks all of you for supporting me.
I followed the fol.lowing link to enable restriction
https://wiki.zimbra.com/wiki/Enabling_a ... bra_milter
Initially the things are not working fine for me. But after one or two days, I found that its working. Its my problem in checking the issue.This will work if we follow the the link exactly.
Thanks once again for your support.
Thanks all of you for supporting me.
I followed the fol.lowing link to enable restriction
https://wiki.zimbra.com/wiki/Enabling_a ... bra_milter
Initially the things are not working fine for me. But after one or two days, I found that its working. Its my problem in checking the issue.This will work if we follow the the link exactly.
Thanks once again for your support.
Re: Restricting user from sending mails to distribution list-
Ran into the same issue with ZCS 8.6, solved it with adding specifically restricting rights using zmprov (which shows up under the ACL section in the web UI):
Normally everyone can send to a mailing list, "zmprov ckr dl list@yourdomain user@somewhere.else sendToDistList" will return "ALLOWED".
As soon as you add a user (zmprov grr dl list@domain usr user@yourdomain sendToDistList), external domains are blocked but not internal ones (user@somewhere.else will return DENIED, but user2@yourdomain will still return ALLOWED, user@yourdomain will also return "ALLOWED Via:" with a couple of lines detailing the specific allow right).
To deny everybody except the specifically allowed users, you need to add a deny right:
$ zmprov grr dl list@yourdomain all -sendToDistList
Note the dash in front of sendToDistList, which is a negation (grants to the all group (both internal/external domains) the negative right to send to this list).
This shows up as "zimbraACE: 00000000-0000-0000-0000-000000000000 all -sendToDistList" in "zmprov gdl list@yourdomain" output. Further zimbraACE lines should be visible which then allow specific users/groups to send.
For the proper syntax and keywords see "zmprov grr help" and "zmprov rvr help". Adding and revoking rights this way doesn't seem to require zmmtactl reload or similar (mail is immediately rejected with a "571 571 Sender is not allowed to email this distribution list", though zmprov ckr dl etc. will still return ALLOWED.
Normally everyone can send to a mailing list, "zmprov ckr dl list@yourdomain user@somewhere.else sendToDistList" will return "ALLOWED".
As soon as you add a user (zmprov grr dl list@domain usr user@yourdomain sendToDistList), external domains are blocked but not internal ones (user@somewhere.else will return DENIED, but user2@yourdomain will still return ALLOWED, user@yourdomain will also return "ALLOWED Via:" with a couple of lines detailing the specific allow right).
To deny everybody except the specifically allowed users, you need to add a deny right:
$ zmprov grr dl list@yourdomain all -sendToDistList
Note the dash in front of sendToDistList, which is a negation (grants to the all group (both internal/external domains) the negative right to send to this list).
This shows up as "zimbraACE: 00000000-0000-0000-0000-000000000000 all -sendToDistList" in "zmprov gdl list@yourdomain" output. Further zimbraACE lines should be visible which then allow specific users/groups to send.
For the proper syntax and keywords see "zmprov grr help" and "zmprov rvr help". Adding and revoking rights this way doesn't seem to require zmmtactl reload or similar (mail is immediately rejected with a "571 571 Sender is not allowed to email this distribution list", though zmprov ckr dl etc. will still return ALLOWED.
Re: Restricting user from sending mails to distribution list-
Update: take note that if your distribution list has members that are distribution lists themselves, the deny rule for the top list propagates and users who are not whitelisted for that will be denied sending to the member list(s) as well. To work around this add an allow all rule to each member list separately.
Re: Restricting user from sending mails to distribution list-
addendum: where I said "all group (both internal/external domains)" I meant "pub", all means all locally defined domain users, pub is both internal and external domain senders, so replace "all" with "pub" if you want distribution lists to be open to the outside.