Page 1 of 2

Restricting user from sending mails to distribution list-

Posted: Thu Jul 23, 2015 9:35 am
by ask2me0077
Iam using zimbra 8.6.0 version . I want to control sending mails to the distribution list. So as noted in the wiki ,I started the Milter service by changing the settings in Global -MTA section and in Server -MTA section. Then I restarted the milter control and found it was running.
Accordingly I executed the command  zmprov grr dl test@xxx.com usr  abc@xxx.com sendToDistList
So, after executing the above command, only the test@xxxx.com user can  send mails to the test@xxx.com  (distribution list).
But when I tried with different user, any body can send mails to the distribution list. I again verified the status of Milter and it was still working,
The wiki says that after starting the Milter server, only permitted users can send mails to the DL. In my case, it is not working.
Please let me know what is wrong with my installation.

Restricting user from sending mails to distribution list-

Posted: Thu Jul 23, 2015 9:49 am
by phoenix
As you've not given any detailed information on what the problem is, no diagnostic information nor any details of which wiki article you've read it's impossible to tell you what's wrong, the only conclusion I can come to is that you've not followed the instructions correctly. The current wiki article on this subject has details on how to verify the permissions for an entity, have you checked that? I'll also move this thread to the correct forum.

Restricting user from sending mails to distribution list-

Posted: Thu Jul 23, 2015 10:02 am
by ask2me0077
Sorry for publishing in the wrong forum.

I followed the following link.
https://wiki.zimbra.com/wiki/Enabling_a ... bra_milter

But I could not accomplish the task

My doubt is whether I should revoke all user rights after starting the Milter. ?? and then grant rights one by one  to the designated user
Please suggest.



Restricting user from sending mails to distribution list-

Posted: Fri Jul 24, 2015 1:29 pm
by ask2me0077
Any body, please help me to resolve this.

Thanks in advance

Restricting user from sending mails to distribution list-

Posted: Mon Jul 27, 2015 9:56 pm
by iamauser
do zmprov gdl test@xxx.com and check the zimbraACE.

If you have something in there for dom or pub permissions granted, that's your problem.

You should have only one usr permission in there.

Restricting user from sending mails to distribution list-

Posted: Tue Jul 28, 2015 4:57 am
by imanudin11
Hi,



Please try to use CBPolicyD. This article is example for restrict certain user to sending email to certain users/domains : http://imanudin.net/2014/09/29/how-to-r ... h-policyd/



HTH

Restricting user from sending mails to distribution list-

Posted: Tue Jul 28, 2015 9:42 am
by ask2me0077
Solved

Thanks all of you for supporting me.

I followed the fol.lowing link to enable restriction

https://wiki.zimbra.com/wiki/Enabling_a ... bra_milter



Initially the things are not working fine for me. But after one or two days, I found that its working. Its my problem in checking the issue.This will work if we follow the the link exactly.

Thanks once again for your support.

Re: Restricting user from sending mails to distribution list-

Posted: Mon Nov 06, 2017 6:41 pm
by Zuser
Ran into the same issue with ZCS 8.6, solved it with adding specifically restricting rights using zmprov (which shows up under the ACL section in the web UI):

Normally everyone can send to a mailing list, "zmprov ckr dl list@yourdomain user@somewhere.else sendToDistList" will return "ALLOWED".
As soon as you add a user (zmprov grr dl list@domain usr user@yourdomain sendToDistList), external domains are blocked but not internal ones (user@somewhere.else will return DENIED, but user2@yourdomain will still return ALLOWED, user@yourdomain will also return "ALLOWED Via:" with a couple of lines detailing the specific allow right).

To deny everybody except the specifically allowed users, you need to add a deny right:
$ zmprov grr dl list@yourdomain all -sendToDistList

Note the dash in front of sendToDistList, which is a negation (grants to the all group (both internal/external domains) the negative right to send to this list).
This shows up as "zimbraACE: 00000000-0000-0000-0000-000000000000 all -sendToDistList" in "zmprov gdl list@yourdomain" output. Further zimbraACE lines should be visible which then allow specific users/groups to send.
For the proper syntax and keywords see "zmprov grr help" and "zmprov rvr help". Adding and revoking rights this way doesn't seem to require zmmtactl reload or similar (mail is immediately rejected with a "571 571 Sender is not allowed to email this distribution list", though zmprov ckr dl etc. will still return ALLOWED.

Re: Restricting user from sending mails to distribution list-

Posted: Fri Nov 10, 2017 9:46 am
by Zuser
Update: take note that if your distribution list has members that are distribution lists themselves, the deny rule for the top list propagates and users who are not whitelisted for that will be denied sending to the member list(s) as well. To work around this add an allow all rule to each member list separately.

Re: Restricting user from sending mails to distribution list-

Posted: Fri Nov 10, 2017 11:50 am
by Zuser
addendum: where I said "all group (both internal/external domains)" I meant "pub", all means all locally defined domain users, pub is both internal and external domain senders, so replace "all" with "pub" if you want distribution lists to be open to the outside.