Trying to blacklist email addresses or domains, but it's not working.

[ianw1974]

Hi,
Have been following this page
http://wiki.zimbra.com/wiki/Rejecting_f ... _addresses
but it's not helping.  Previously I used to edit /opt/zimbra/conf/postfix_recipient_restrictions and add a line as such:
check_sender_access hash:/opt/zimbra/conf/postfix_sender_checks
in this file, I would put something like this:
somedomain.com REJECT
then I would never receive such emails.  According to the above link, it is to go in /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf but it doesn't work.  I then get an error and cannot send/receive any emails whatsoever.  Even if I put in smtpd_recipient_restrictions.cf the result is the same.
How can I now block domains, because I'm continually getting the emails, irrespective of sending it constantly to the spam folder.  And I've already edited sausers.cf to deal with higher scoring of spam etc.
I want to be able to blacklist the domain manually.

[jorgedlcruz]

Hi ianw1974,

Let us know the result of zmcontrol -v



Best regards

[ianw1974]

I've reverted the configuration, because the error was something along the lines of server configuration error 451 or something like this. All services were running fine. It just wouldn't send/receive.



So I think the documentation isn't correct on the wiki, because it doesn't allow for the above to be done like it worked previously.

[jorgedlcruz]

Hi ianw1974, let us know the result of zmcontrol -v and we can point you in te best directions depends of the version that you are running.



Best regards

[arnisraido]

Hi! I have really similar problem.

I am trying to Whitelist specific IP addresses, because they are listed in Sorbs: "...Currently Sending Spam See: http://www.sorbs.net/lookup.shtml?..."
I am sure about this IP, and I need to "whitelist it".

Using this wiki http://wiki.zimbra.com/wiki/Improving_A ... _and_later

1) Added IPs in file /opt/zimbra/conf/postfix_rbl_override

e.g.

10.11.12.13 OK
10.11.12.14 OK
10.11.12.15 OK


2) Run postmap /opt/zimbra/conf/postfix_rbl_override
3) Added 3 news lines in /opt/zimbra/conf/zmconfigd/smtpd_recipient_restrictions.cf
like this:

 
%%contains VAR:zimbraMtaRestriction check_client_access lmdb:/opt/zimbra/conf/postfix_blacklist%%
%%contains VAR:zimbraServiceEnabled cbpolicyd^ check_policy_service inet:localhost:%%zimbraCBPolicydBindPort%%%%
reject_non_fqdn_recipient
permit_sasl_authenticated
permit_mynetworks
reject_unlisted_recipient
reject_unauth_destination <---- NEW LINE
check_client_access hash:/opt/zimbra/conf/postfix_rbl_override <---- NEW LINE
check_recipient_access hash:/opt/zimbra/conf/postfix_rbl_override <---- NEW LINE
%%exact VAR:zimbraMtaRestriction reject_invalid_helo_hostname%%
%%exact VAR:zimbraMtaRestriction reject_non_fqdn_helo_hostname%%
%%exact VAR:z...
 

4) restarted zmmtactl restart

And now - I get "Server configuration error" in mail log:


NOQUEUE: reject: RCPT from [...]
Client host rejected: Server configuration error;




My server:
zmcontrol -v
Release 8.5.1.GA.3056.UBUNTU12.64 UBUNTU12_64 FOSS edition.

[ianw1974]

Release 8.6.0.GA.1153.UBUNTU12.64 UBUNTU12_64 FOSS edition.

[phoenix]

[quote user="arnisraido"]I have really similar problem.[/quote]Yes but it's not the same and you should have started a new thread for your question
[quote user="arnisraido"]zmcontrol -v
Release 8.5.1.GA.3056.UBUNTU12.64 UBUNTU12_64 FOSS edition.[/quote]From 8.5.x onwards ZCS uses the LMDB database not hash, have you tried that?

[ianw1974]

I'm using:



Release 8.6.0.GA.1153.UBUNTU12.64 UBUNTU12_64 FOSS edition.



so would be helpful to be able to enable the whitelist/blacklist like it was listed in the wiki article. Because at present, not matter what I try I can't get it working.

[phoenix]

The article to which you've linked in your original post isn't about blacklisting or whitelisting it's for 'Rejecting false "mail from" addresses' (and that article has been superseded) , is that really the article you tried? Perhaps this article would be more appropriate?

[ianw1974]

Irrespective of the name of the article, be it rejecting false mails or whatever, the procedure is the same whether it is for this, or for whitelisting, or blacklisting.



In normal postfix you would configure main.cf with something like this:



smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/sender_checks



# Reject

somedomain.com REJECT



# Blacklist

somedomain.com DISCARD



# Whitelist

somedomain.com OK



of course, the smtpd_recipient_restrictions has other fields of which I have omitted, but normally after the check_sender_access I would have RBL lists for use to reject, and so on. The list is ran in order, so you'd never put check_sender_access after the RBL, as you wouldn't be able to whitelist someone in this instance if the RBL rejects them.



This could also be using in smtpd_sender_restrictions. However, if you apply the same principles with Zimbra irrelevant if it's 8.5.x or 8.6.x, the end result is the same in 451 server configuration error.



Considering that Zimbra uses smtpd_recipient_restrictions.cf and smtpd_sender_restrictions.cf - providing that the order is applied in the same respects that you would normally do with standalone postfix - it should work, and not throw up a 451 server configuration error. The syntax was perfectly fine - this is something unique with Zimbra which is stopping this from working.



When I did this previously with previous versions of Zimbra it was enough to edit /opt/zimbra/conf/postfix_recipient_restrictions.cf and add the line I required. Then restart and all worked perfectly fine. In later versions, it seems that this particular file is no longer referenced, and the ability to use this functionality is now lost.



Perhaps in Zimbra 8.x it works differently and should be placed elsewhere? However the wiki does not have this information, and the article in my original post doesn't work.