Global Disclaimer in Zimbra Change Zimbra lmtp to other Servers Zimbra Postgrey Integration Monitoring incoming and outgoing mail in Zimbra Zimbra ldap as PDC How to renew Zimbra certificate after 365 days Zimbra ldap backup / restore Syncing Zimbra with Gmail imap Authenticated Smtp Relay in Zimbra Restricting users to send mails in Zimbra Global Disclaimer in Zimbra '''Altermime''' * 1) Download altermime from http://www.pldaniels.com/altermime/ * 2) Compile make (note: on some 64-bit systems, like CentOS 64-bit, there are problems compiling the source. For me the quick&dirty solution is to edit the Makefile end erase the "-Werror" option.) * 3) Install altermime cp altermime /usr/bin/ chown root.root /usr/bin/altermime chmod 755 /usr/bin/altermime * 4) Add a "filter" user useradd -r -c "Postfix Filters" -d /var/spool/filter filter * 5) Create a filter directory mkdir /var/spool/filter chown filter.filter /var/spool/filter chmod 750 /var/spool/filter '''Postfix''' * 6) Backup you master.cf file cp /opt/zimbra/postfix/conf/master.cf /opt/zimbra/postfix/conf/master.cf.orig * 6.A) For zimbra >6 Backup your master.cf.in file cp /opt/zimbra/postfix/conf/master.cf.in /opt/zimbra/postfix/conf/master.cf.in.orig * 7) Modify /opt/zimbra/postfix/conf/master.cf (/opt/zimbra/postfix/conf/master.cf.in for version > 5.0.10) '''su - zimbra''' vim /opt/zimbra/postfix/conf/master.cf.in modify line smtp inet n - n - - smtpd to smtp inet n - n - - smtpd '''-o content_filter=dfilt:''' Add a line at the bottom of /opt/zimbra/postfix/conf/master.cf (/opt/zimbra/postfix/conf/master.cf.in for version > 5.0.10) dfilt unix - n n - - pipe flags=Rq user=filter argv=/opt/zimbra/postfix/conf/disclaimer -f ${sender} -- ${recipient} Note: flags come in the next line * 8) Create a disclaimer file in /opt/zimbra/postfix/conf/disclaimer.txt and disclaimer.html Note: disclaimer files will have to be edited by '''root''' [root@mail conf]# chmod 644 disclaimer.txt [root@mail conf]# chmod 644 disclaimer.html [root@mail conf]# chown root.postfix disclaimer.txt [root@mail conf]# chown root.postfix disclaimer.html For example: /opt/zimbra/postfix/conf/disclaimer.txt _____________________________________________________________________ This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. Company X, Suite# 1, Street, City, Country, www.company.com /opt/zimbra/postfix/conf/disclaimer.html _____________________________________________________________________

This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager. Please note that any views or opinions presented in this email are solely
those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for
the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.

Company X, Suite# 1, Street, City, Country, www.company.com
* 9) Create disclaimer script in /opt/zimbra/postfix/conf/disclaimer #!/bin/sh INSPECT_DIR=/var/spool/filter SENDMAIL=/opt/zimbra/postfix/sbin/sendmail FOLDER_DISCLAIMER=/opt/zimbra/postfix/conf # Exit codes from EX_TEMPFAIL=75 EX_UNAVAILABLE=69 # Clean up when done or when aborting. trap "rm -f in.$$" 0 1 2 3 15 # Start processing. cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; } TEXT_DISCLAIMER=`grep "[a|A-z|Z]" ${FOLDER_DISCLAIMER}/disclaimer.txt | grep -v "_" | tail -2 | head -1` cat > in.$$ || { echo Cannot save mail to file; exit $EX_TEMPFAIL; } nohup grep "${TEXT_DISCLAIMER}" in.$$ > /dev/null 2>&1 if [ ! "$?" = 0 ]; then /usr/bin/altermime --input=in.$$ --disclaimer=${FOLDER_DISCLAIMER}/disclaimer.txt --disclaimer-html=${FOLDER_DISCLAIMER}/disclaimer.html --xheader="X-Copyrighted-Material: Please visit http://www.company.com/privacy.htm" || { echo Message content rejected; exit $EX_UNAVAILABLE; } fi $SENDMAIL -i "$@" < in.$$ exit $? * 10) Set permissions chgrp filter /opt/zimbra/postfix/conf/disclaimer chmod 750 /opt/zimbra/postfix/conf/disclaimer * 11) Restart Zimbra postfix su - zimbra zmmtactl stop zmmtactl start For queries support@efensys.com Efensys Technologies Posted 6 days ago by Efensys Team 0 Add a comment NOV 28 Change zimbra's lmtp to other server 1. Create corresponding accounts on the Zimbra system for all the accounts that will live on the secondary system. Note that bar@example.com is not migrating, and lives on the secondary. $ zmprov ca bar@example.com 2. Configure mail routing for this account so email flows to the secondary system for this account: $ zmprov ma bar@example.com zimbraMailTransport smtp:mail.example.com:25 Note that we are not using any catch all (akin to “luser_relay”) tricks here. Primary needs to be authoritative, and if it forwards unknown accounts, then we would have a mail loop. 3. Change your MX record so mail from the internet flows into the Zimbra MTA first. (This is the last step! You will bounce mail if you make this change before configuring the entire system and testing that mail flow is working as desired.) When you are ready to move a user from the old system to the new system just run this command (where zimbra.example.com is the name of your Zimbra server): $ zmprov ma bar@example.com zimbraMailTransport lmtp:zimbra.example.com:7025 For queries support@efensys.com Efensys Technologies Posted 6 days ago by Efensys Team 0 Add a comment NOV 28 Zimbra Postgrey Integration '''INSTALLATION''' get the rpmforge.repo in yum.repos.d yum install postgrey --nogpgcheck ps ax | grep postgrey vim /etc/init.d/postgrey # OPTIONS="--unix=$SOCKET" OPTIONS="--whitelist-clients=/etc/postfix/postgrey_whitelist_clients --whitelist-recipients=/etc/postfix/postgrey_whitelist_recipients --inet=10023 --unix=$SOCKET" vim /opt/zimbra/conf/postfix_recipient_restrictions.cf # add below line above any lines starting with %% check_policy_service inet:127.0.0.1:10023 /etc/init.d/postgrey start /sbin/chkconfig postgrey on '''NOTES''' The sender from local network will not be greyisted. But any outside network sender will be greylisted for 5 min (default) For queries support@efensys.com Efensys Technologies Posted 6 days ago by Efensys Team 0 Add a comment NOV 28 Monitoring Incoming and Outgoing mails Edit main.cf [root@map007]# vim /opt/zimbra/postfix/conf/main.cf Add following line to get a bcc copy to your email id when some one send a mail :- sender_bcc_maps = hash:/opt/zimbra/conf/sender_bcc Add following line to get a bcc copy to your email id when some one receive a mail :- recipient_bcc_maps = hash:/opt/zimbra/conf/recipient_bcc Create two files in /opt/zimbra/conf directory touch /opt/zimbra/conf/sender_bcc touch /opt/zimbra/conf/recipient_bcc chown zimbra.zimbra /opt/zimbra/conf/sender_bcc chown zimbra.zimbra /opt/zimbra/conf/recipient_bcc Edit these files and add entry like this :- support@efensys.com sandeep@efensys.com After this I will get in/out mail’s copy of support@efensys.com email account to sandeep@efensys.com email id. As zimbra user, run following commands :- su - zimbra postmap /opt/zimbra/conf/sender_bcc postmap /opt/zimbra/conf/recipient_bcc postfix reload For queries support@efensys.com Efensys Technologies Posted 6 days ago by Efensys Team 0 Add a comment NOV 28 Zimbra LDAP as PDC - with Clients on Fedora / Ubuntu '''Part 1''' 1. zmlocalconfig -s zimbra_ldap_password 2. Installing custom ldap schema 6.0 (http://wiki.zimbra.com/wiki/Installing_custom_ldap_schema_6.0) ls /opt/zimbra/data/ldap/config/cn\=config/cn\=schema ldap stop Killing slapd with pid 3261 done. cp /opt/zimbra/openldap/etc/openldap/schema/nis.ldif /opt/zimbra/data/ldap/config/cn\=config/cn\=schema/cn\=\{10\}nis.ldif cd /opt/zimbra/data/ldap/config/cn\=config/cn=\schema vim cn\=\{10\}nis.ldif Then modify it so that the following lines are changed from: dn: cn=nis,cn=schema,cn=config objectClass: olcSchemaConfig cn: nis to dn: cn={10}nis objectClass: olcSchemaConfig cn: {10}nis Then chmod 600 cn\=\{10\}nis.ldif ldap start 3. Converting and installing schema with the new LDIF format (http://wiki.zimbra.com/wiki/Installing_custom_ldap_schema_6.0) NOTE: skipped because in the first cut we dont want samba working 4. Adding custom LDAP Indices (http://wiki.zimbra.com/wiki/Adding_ldap_indices_6.0) ldapmodify -x -H ldapi:/// -D cn=config -W enter ldap_root_password from step 1 NOTE: it will show as if command is hung but its not... continue with the commands below dn: olcDatabase={2}hdb,cn=config changetype:modify add: olcDbIndex olcDbIndex: uidNumber eq olcDbIndex: gidNumber eq olcDbIndex: memberUid eq Press Control-D to finish the modification. gives this as return message... modifying entry "olcDatabase={2}hdb,cn=config" 5. restart Zimbra services and make sure that they started successfully 6. Now you will need to create two new users for the local posix and samba processes to use to access the information from the LDAP server: /opt/zimbra/openldap/sbin/slappasswd -s zimbra {SSHA}Z4RLASlTryx7f8dUa0og+9zuILmxuTKE /opt/zimbra/openldap/sbin/slappasswd -s zimbratoo {SSHA}9tDXLLvtGWRXQYxhBsptMy+NfTUc5lbR vim /tmp/posixusers.ldif dn: uid=zmposix,cn=appaccts,cn=zimbra uid: zmposix objectClass: zimbraAccount objectClass: organizationalPerson cn: zmposix sn: zmposix zimbraAccountStatus: active zimbraIsSystemResource: TRUE zimbraId: 59BC2282-98CC-11DE-9492-C023E3CEB16B description: The zimbra posix account userPassword: {SSHA}Z4RLASlTryx7f8dUa0og+9zuILmxuTKE dn: uid=zmposixroot,cn=appaccts,cn=zimbra uid: zmposixroot objectClass: zimbraAccount objectClass: organizationalPerson cn: zmposixroot sn: zmposixroot zimbraAccountStatus: active zimbraIsSystemResource: TRUE zimbraId: 6ED47B38-98CC-11DE-AAC1-9F159BA35B33 description: The zimbra posix root account userPassword: {SSHA}9tDXLLvtGWRXQYxhBsptMy+NfTUc5lbR Note: Change userpassword with the one generated above. Now add these two new users to the LDAP master... ldapadd -f /tmp/posixusers.ldif -x -H ldapi:/// -D cn=config -W Enter LDAP Password: adding new entry "uid=zmposix,cn=appaccts,cn=zimbra" adding new entry "uid=zmposixroot,cn=appaccts,cn=zimbra" You need to adjust the LDAP acls so that these new users can read the data necessary from the LDAP server... Be sure to replace dc=efensys,dc=com with your actual domain. vim /tmp/acl.ldif dn: olcDatabase={2}hdb,cn=config changetype:modify delete: olcAccess olcAccess: {9} - add: olcAccess olcAccess: {9}to attrs=entry by dn.children="cn=admins,cn=zimbra" write by dn.exact="uid=zmposixroot,cn=appaccts,cn=zimbra" write by * read dn: olcDatabase={2}hdb,cn=config changetype:modify add: olcAccess olcAccess: {10}to dn.subtree="dc=efensys,dc=com" by dn.children="cn=admins,cn=zimbra" write by dn.exact="uid=zmposixroot,cn=appaccts,cn=zimbra" write by dn.exact="uid=zmposix,cn=appaccts,cn=zimbra" read by * none olcAccess: {11}to dn.subtree="ou=machines,dc=efensys,dc=com" by dn.children="cn=admins,cn=zimbra" write by dn.exact="uid=zmposixroot,cn=appaccts,cn=zimbra" write by dn.exact="uid=zmposix,cn=appaccts,cn=zimbra" read by * none olcAccess: {12}to dn.subtree="ou=groups,dc=efensys,dc=com" by dn.children="cn=admins,cn=zimbra" write by dn.exact="uid=zmposixroot,cn=appaccts,cn=zimbra" write by dn.exact="uid=zmposix,cn=appaccts,cn=zimbra" read by * none olcAccess: {13}to dn.subtree="ou=people,dc=efensys,dc=com" by dn.children="cn=admins,cn=zimbra" write by dn.exact="uid=zmposixroot,cn=appaccts,cn=zimbra" write by dn.exact="uid=zmposix,cn=appaccts,cn=zimbra" read by * none Now apply this ACL modification to the LDAP server: ldapmodify -f /tmp/acl.ldif -x -H ldapi:/// -D cn=config -W Enter LDAP Password: modifying entry "olcDatabase={2}hdb,cn=config" modifying entry "olcDatabase={2}hdb,cn=config" Run the following zmprov commands as user zimbra: (note we are not running sambaSamAccount thing yet) zmprov mcf +zimbraAccountExtraObjectClass posixAccount #zmprov mcf +zimbraAccountExtraObjectClass sambaSamAccount '''Part 2''' su mkdir -p /home/sysadmin/zimlets/ cp /opt/zimbra/zimlets-admin-extra/zimbra_posixaccount.zip /home/sysadmin/zimlets/zimbra_posixaccount cd /home/sysadmin/zimlets/ unzip zimbra_posixaccount.zip mv *.xml *.js *.properties zimbra_posixaccount cd zimbra_posixaccount vim config_template.xml zip zimbra_posixaccount *.* mv zimbra_posixaccount.zip /opt/zimbra/zimlets-admin-extra/zimbra_posixaccount.zip chown zimbra:zimbra /opt/zimbra/zimlets-admin-extra/zimbra_posixaccount.zip chmod 664 zimbra_posixaccount.zip Exit and get back as zimbra user scp /opt/zimbra/zimlets-admin-extra/zimbra_posixaccount.zip root@200.0.100.73:/home/asaik/Desktop/ https://200.0.100.200:7071/ and using admin extensions.. undeloy and deploy the new zip file '''Fedora 13 client machine 200.0.100.73''' vim /etc/hosts add 200.0.100.200 email.efensys.com yum install sssd monit Backup current files cp /etc/pam.d/fingerprint-auth-ac /home/asaik/Desktop/toputinalfresco/mybackupfiles/ cp /etc/pam.d/gdm-password /home/asaik/Desktop/toputinalfresco/mybackupfiles/ cp /etc/pam.d/system-auth-ac /home/asaik/Desktop/toputinalfresco/mybackupfiles/ cp /etc/nsswitch.conf /home/asaik/Desktop/toputinalfresco/mybackupfiles/ cp /etc/sssd/sssd.conf /home/asaik/Desktop/toputinalfresco/mybackupfiles/ cp /etc/monit.conf /home/asaik/Desktop/toputinalfresco/mybackupfiles/ Move the latest files cp /home/asaik/Desktop/toputinalfresco/sssd/fingerprint-auth-ac /etc/pam.d/ cp /home/asaik/Desktop/toputinalfresco/sssd/gdm-password /etc/pam.d/ cp /home/asaik/Desktop/toputinalfresco/sssd/system-auth-ac /etc/pam.d/ cp /home/asaik/Desktop/toputinalfresco/sssd/nsswitch.conf /etc/ cp /home/asaik/Desktop/toputinalfresco/sssd/sssd.conf /etc/sssd/ cp /home/asaik/Desktop/toputinalfresco/sssd/monit.conf /etc/ vim /etc/ldap.secret add content as "zimbratoo" Modify /etc/ldap.conf appropriately Note the TLS_CACERT /home/asaik/Desktop/ca.pem entry Visit https://200.0.100.200:7071/zimbraAdmin/ and then in firefox browser security lock and view the certificate and then export it to /home/asaik/Desktop/ca.pem Modify /etc/sssd/sssd.conf appropriately To add posixAccount attributes to the previously established users (before ldap schema change) you can run command: zmprov ma kaustubh@efensys.com +objectClass posixAccount uidNumber 10102 gidNumber 10102 homeDirectory /home/kaustubh loginShell /bin/bash Log-in the system using kaustubh/ NOTE: NO NEED TO MAKE ANY USER ENTRY IN /etc/passwd NOTE: also make sure that the network connection is set to start automatically and is available to all users of the system NOTE: make sure chkconfig sssd on and chkconfig monit on and reboot the machine Following files are available in efensys alfresco: ca.pem gdm-password ldap.secret nsswitch.conf system-auth-ac fingerprint-auth-ac ldap.conf monit.conf sssd.conf '''Part 3''' '''Ubuntu 10.04 Client Machine 200.0.100.91''' '''U1'''. sudo -s '''U2'''. Edit /etc/nsswitch.conf file. Replace these two lines: passwd: compat group: compat with these lines: passwd: files sss shadow: files ldap group: files sss '''U3'''. using synaptic package manager install sssd and 3 libraries chkconfig monit '''U4'''. Correctly copy or modify the following files common-account, common-auth, common-password, common-session Just changed pam_ldap to pam_sss and did bit more in common-sesion. Unlike in fedora in common-session the skel=/etc/skel umask=0077 is important These files are available in efensys alfresco: under /Efensys/Technical/zimbraaspdc/ubuntu_10_04_desktop '''U5'''. paste the correct sssd.conf and monit.conf vim /etc/default/monit change startup to 1 in /etc/default/monit mv /etc/monit.conf /etc/monit/monitrc NOTE: in monit.conf change "/sbin/service" to only "service" '''U6'''. chkconfig monit on chkconfig sssd on fails ... ignore... '''U7'''. NOTE: also make sure that the network connection is set to start automatically and is available to all users of the system NOTE: make sure chkconfig sssd on and chkconfig monit on and reboot the machine NOTE: vim /etc/hosts and add entry 200.0.100.200 email.efensys.com NOTE: the ca.pem entry in sssd.conf needs to be checked and also the same should be available on every desktop '''Part 4''' '''Quick Note on having centralized homeDirectory''' nfs depends on rpcbind... rpcbind should start before nfs if any problem... ''/etc/init.d/rpcbind start'' or restart and then ''service nfs restart'' also on client ''service autofs restart''... Log into zimbra as admin and change the homedirectory to /net/200.0.100.84/home/kaustubh for say kaustubh@efensys.com account Now when kaustubh logs in to his fedora desktop, he would get the desktop of /net/200.0.100.84/home/kaustubh/Desktop and not the local /home/kaustubh Posted 6 days ago by Efensys Team 0 Add a comment NOV 28 How to renew certificate after 365 days Error you get ... Unable to determine enabled services from ldap. Enabled services read from cache. Service list may be inaccurate. Starting logger...Failed. Starting logswatch...ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed) zimbra logger service is not enabled! failed. '''Solution is:''' as su - zimbra zmcontrol stop as root cd /opt/zimbra/bin ./zmcertmgr createcrt -new -days 365 ./zmcertmgr deploycrt self ./zmcertmgr viewdeployedcrt cd /opt/zimbra/libexec ./zmfixperms Posted 6 days ago by Efensys Team 0 Add a comment NOV 28 Zimbra ldap backup /restore '''To backup LDAP data:''' mkdir /ldapbackup As root, type chown zimbra.zimbra /ldapbackup As zimbra user, type /opt/zimbra/libexec/zmslapcat /ldapbackup As root, take backup of /opt/zimbra/data/ldap/hdb/db/DB_CONFIG '''To restore the LDAP data.''' ''' Prepare the server and install ZCS.''' * The ZCS installation on the new server must be configured exactly as the ZCS configuration on the original server. * You go through the complete menu driven installation process, making changes to the configuration setting to match the settings on the original server. * Follow the directions in the ZCS single server installation guide to install ZCS. * Make sure that you configure the same domain, hostname, passwords as on the old server. * Make sure DNS is configured for the domain. ''' During ZCS install, the following settings must be changed to match the original server settings:''' * Zimbra LDAP Server - For Domain to create - identify the same default domain as on the original server. * Zimbra Mailbox Server - An administrator's account is automatically created. * Make sure that the account name for Admin user to create is the same name as on the original server. * Set the admin password. * Change the Spam training user and the Non-spam (HAM) training user account names to be the same as the spam account names on the original server. * Global Document Account - Change the Global Document Account name to be the same account name as on the original server. * Change any other settings on the new server to match the configuration on the original server. ZCS is installed. To continue: * Stop the ZCS services, type zmcontrol stop. Restore the LDAP data to the 64-bit server. As zimbra, type a. rm -rf /opt/zimbra/data/ldap/hdb/* b. If this is an ldap master with replicas: rm -rf /opt/zimbra/data/ldap/accesslog/* c. mkdir -p /opt/zimbra/data/ldap/hdb/db /opt/zimbra/data/ldap/hdb/logs d. If this is an ldap master with replicas: mkdir -p /opt/zimbra/data/ldap/accesslog/db /opt/zimbra/data/accesslog/logs e. Copy the file /opt/zimbra/data/ldap/hdb/db/DB_CONFIG from old server to /opt/zimbra/data/ldap/hdb/db on the new server. Note: If this file does not exist, or is empty, creating it may improve ldap performance. f. Type chown -R zimbra:zimbra /opt/zimbra/data/ldap g. Copy from the old server to the new server the /ldapbackup/ldap.bak file. h. Type /opt/zimbra/openldap/sbin/slapadd -q -b "" -F /opt/zimbra/data/ldap/config -cv -l /ldapbackup/ldap.bak k. Start the ZCS services, type zmcontrol start. For queries support@efensys.com Efensys Technologies Posted 6 days ago by Efensys Team 0 Add a comment NOV 28 Syncing Zimbra with Gmail (imap) For downloading mails, for each user write a shell script with the below contents ---- while [ 1 ] do while ! imapsync --buffersize 18192000 --nofoldersizes --nosyncacls --subscribe --syncinternaldates --noauthmd5 --host1 imap.gmail.com --user1 niraj@efensys.com --password1 xxx --host2 200.0.100.200 --user2 niraj@efensys.com --password2 xxxx -authuser2 adm@efensys.com --authmech2 PLAIN --ssl1 --ssl2 --skipsize --allowsizemismatch --useheader 'Message-ID' --regextrans2 "s/\[Gmail\]\/Sent Mail/Sent/" --exclude "\[Gmail\]/All Mail" --exclude "\[Gmail \]/Trash" --exclude "\[Gmail\]/Spam"; do echo imapsync not complete done sleep 1 done ---- For routing local mails through google - for each user do the following zmprov ma kaustubh@efensys.com zimbraMailTransport smtp:smtp.gmail.com:587 * '''NOTE''' -authuser2 adm@efensys.com --authmech2 PLAIN and password2 is of admin You may authenticate as one user (typically an admin user), but be authorized as someone else, which means you don’t need to know every user’s personal password. Specify --authuser1 "admuser" to enable this on host1. In this case, --authmech1 PLAIN will be used by default since it is the only way to go for now. So don’t use --authmech1 SOMETHING with --authuser1 "admuser", it will not work. Same behavior with the --authuser2 option For queries support@efensys.com Efensys Technologies Posted 6 days ago by Efensys Team 0 Add a comment NOV 28 SMTP Relay (authenticated way) User as '''zimbra''' do the following For '''sender dependent authentication''' Entries in '''/opt/zimbra/conf/relayhost_map''' #per sender provider niraj@efensys.com [smtp.gmail.com]:587 kaustubh@efensys.com [smtp.gmail.com]:587 sandeep.sawant@efensys.com [smtp.gmail.com]:587 Entries in '''/opt/zimbra/conf/relay_password''' kaustubh@efensys.com kaustubh@efensys.com:password niraj@efensys.com niraj@efensys.com:password sandeep.sawant@efensys.com sandeep.sawant@efensys.com:password Then execute the following steps postconf -e smtp_sender_dependent_authentication=yes postconf -e sender_dependent_relayhost_maps=hash:/opt/zimbra/conf/relayhost_map postconf -e smtp_sasl_auth_enable=yes postconf -e smtp_sasl_password_maps=hash:/opt/zimbra/conf/relay_password postmap /opt/zimbra/conf/relayhost_map postmap /opt/zimbra/conf/relay_password postconf -e smtp_cname_overrides_servername=no postconf -e smtp_use_tls=yes postconf -e smtp_sasl_security_options=noanonymous postfix reload For '''single user authentication''' '''/opt/zimbra/conf/relayhost_map''' not needed Entries in '''/opt/zimbra/conf/relay_password''' kaustubh@efensys.com:password Then execute the following steps postconf -e smtp_sasl_auth_enable=yes postconf -e smtp_sasl_password_maps=hash:/opt/zimbra/conf/relay_password postmap /opt/zimbra/conf/relay_password postconf -e smtp_cname_overrides_servername=no postconf -e smtp_use_tls=yes postconf -e smtp_sasl_security_options=noanonymous postfix reload Set the smtp relay entry to '''smtp.gmail.com''' port is '''587''' in Zimbra admin console MTA settings ''' Persistence across Zimbra restarts''' In my experience with ZCS 6.0.2 the postconf commands did not stick across restarts which resulted in mail getting queued up or bounced for many hours before I noticed. After much frustration and Googling I discovered the answer is to use zmlocalconfig either instead of or in addition to postconf. Postconf & postfix reload will apply the settings immediately but not persist across restarts. zmlocalconfig requires a full Zimbra restart using 'zmcontrol stop' and 'zmcontrol start' or 'service zimbra restart'. zmlocalconfig -e postfix_smtp_sasl_password_maps=hash:/opt/zimbra/conf/relay_password zmlocalconfig -e postfix_smtp_sasl_security_options=noanonymous zmlocalconfig -e postfix_smtp_use_tls=yes zmlocalconfig -e postfix_smtp_cname_overrides_servername=no With the above settings in addition to the settings in #Enabling SMTP authentication I am able to keep settings across restarts. Keeps my users happy and my sanity intact. For queries write to support@efensys.com Efensys Technologies Posted 6 days ago by Efensys Team 0 Add a comment NOV 28 Restricting users to send mails to certain domains This document describes how to restrict a list of users for sending emails to limited domains. Other users can send mails anywhere. Everything I am doing here as Zimbra user. Restricting users to send mails to certain domains 1. Enter following in the file “/opt/zimbra/conf/postfix_recipient_restrictions.cf”. Make sure it is entered at the top of the file. vi /opt/zimbra/conf/postfix_recipient_restrictions.cf check_sender_access hash:/opt/zimbra/postfix/conf/restricted_senders 2. Enter following in "/opt/zimbra/conf/zmmta.cf" vi /opt/zimbra/conf/zmmta.cf POSTCONF smtpd_restriction_classes local_only POSTCONF local_only FILE postfix_check_recipient_access.cf 3. Create a file "/opt/zimbra/conf/postfix_check_recipient_access.cf" vi /opt/zimbra/conf/postfix_check_recipient_access.cf check_recipient_access hash:/opt/zimbra/postfix/conf/local_domains, reject 4. Create a file "/opt/zimbra/postfix/conf/restricted_senders" and list all the users, whom you want to restrict. Follow this syntax: vi /opt/zimbra/postfix/conf/restricted_senders user@yourdomain.com local_only 5. Create a file "/opt/zimbra/postfix/conf/local_domains" and list all the domains where "restricted users" allowed to sent mails. Please follow this syntax: vi /opt/zimbra/postfix/conf/local_domains yourdomain.com OK otheralloweddomain.com OK 6. Run following commands: postmap /opt/zimbra/postfix/conf/restricted_senders postmap /opt/zimbra/postfix/conf/local_domains zmmtactl stop zmmtactl start After these settings, all the users listed in "/opt/zimbra/postfix/conf/restricted_senders" are restricted to send mails only to domain which are defined in "/opt/zimbra/postfix/conf/local_domains", other are fully allowed to send mails anywhere. These settings will not survive Zimbra upgrades, please make sure that you backup of all these settings while performing upgrades. Important Note if you need to undo this configuration Remove the two lines that were added to the zmmta.cf file. Make sure the Postfix setting smtpd_restriction_classes has nothing set. postconf -e smtpd_restriction_classes=' ' zmmtactl reload For any queries write to support@efensys.com Efensys Technologies Posted 6 days ago by Efensys Team