How to blacklist and whitelist Zimbra

    RBL (Realtime Blackhole List) services were the first effective anti-spam tool. They were arranged almost the same way - there is a list of "bad" IP addresses, which are accessed in real time using the DNS protocol. Mail servers using RBL at the time of receiving the next message request a service (or several RBL services) about whether the IP address of the sender of the letter is “bad”, and, based on the RBL response, they either accept or reject the letter. Most server-based mail programs can currently work with RBL services.
    image

    With Zimbra Collaboration Server 8.5 and later, you can maintain a blacklist of IP addresses for connecting to Postfix. This is useful in the case of DOS and targeted spam attack scenarios. Many clients use RBL to block spammers from flooding with their MTA spam. However, this does not always help to solve the problem when your server is already attacked. Starting with Zimbra Collaboration Server 8.5, you can create databases on the disk, which allows you to maintain a specific blacklist of IP addresses.

    Create White List (Whitelist)


    1. Create a postfix_rbl_override file

    root@unix:/# nano /opt/zimbra/conf/postfix_rbl_override

    2. Add trusted IP addresses to the created file. 3. Run the postmap command to save the settings in postfix. We execute this command from the zimbra 4 user. We execute the zmprov command to apply these changes to the Zimbra Collaboration Server. postmap needs to be started every time after change.

    1.2.3.4 OK
    5.6.7.8 OK




    root@unix:/# postmap /opt/zimbra/conf/postfix_rbl_override



    root@unix:/# zmprov mcf +zimbraMtaRestriction 'check_client_access lmdb:/opt/zimbra/conf/postfix_rbl_override'



    Create Blacklist (blackList)


    1. Create a postfix_blacklist file:

    root@unix:/# nano /opt/zimbra/conf/postfix_blacklist

    2. Add blocked IP addresses to the created file. 3. Run the postmap command to save the settings in postfix. We execute this command from the zimbra 4 user. We execute the zmprov command to apply these changes to the Zimbra Collaboration Server. postmap needs to be started every time after change. For all questions related to the Zextras Suite, you can contact the representative of Zextras Katerina Triandafilidi by e-mail katerina@zextras.com

    1.2.3.4 REJECT
    5.6.7.8 REJECT




    root@unix:/# postmap /opt/zimbra/conf/postfix_blacklist



    root@unix:/# zmprov mcf +zimbraMtaRestriction 'check_client_access lmdb:/opt/zimbra/conf/postfix_blacklist'




    Also popular now: