zimbra enforce SPF checking for incomming email
In this tutorial, I'm enable and configure spf to check for incommning email with cbpolicyd. By default, the SPF checking module is not enable and there are no SPF policies. zimbra logs with "Sender address rejected: Failed SPF check". How to zimbra enforce spf checking for incomming email as below. I'm running commands as zimbra account ( su - zimbra )
Links to below you maybe likes:
zimbra 8.6 cbpolicyd example
How to install and configure zimbra multi server.
How to restrict to user sending mail on zimbra 8.6.
How to Restrict Sending to Distribution list in zimbra mail.
How to change last login time for all accounts in zimbra ldap.
How to zimbra reject authenticated sender login mismatch.
If zimbra spf checking not enable then, to enable policyd checkspf
The SPF policy will not reject emails with failed SPF checks. If you reject emails with failed SPF check then change RejectFailedSPF to 1 into zimbra-cbpolicyd-spf.sql file
Good luck! I hope this useful :)
Links to below you maybe likes:
zimbra 8.6 cbpolicyd example
How to install and configure zimbra multi server.
How to restrict to user sending mail on zimbra 8.6.
How to Restrict Sending to Distribution list in zimbra mail.
How to change last login time for all accounts in zimbra ldap.
How to zimbra reject authenticated sender login mismatch.
To check zimbra policyd spf
$ zmprov gs `zmhostname` zimbraCBPolicydCheckSPFEnabled
If zimbra spf checking not enable then, to enable policyd checkspf
$ zmprov ms `zmhostname` zimbraCBPolicydCheckSPFEnabled TRUE
To restart policyd service
$ zmcbpolicydctl restart
To create zimbra-cbpolicyd-spf.sql file
$ vim /opt/zimbra/data/cbpolicyd/db/zimbra-cbpolicyd-spf.sqlThe content as below:
BEGIN TRANSACTION;
INSERT INTO "policies" (ID,Name,Priority,Description) VALUES(12,'CBPolicyd SPF Policies', 20, 'CBPolicyd SPF Policies');
INSERT INTO "policy_members" (ID,PolicyID,Source,Destination) VALUES(13,12, '!%internal_domains', '%internal_domains');
INSERT INTO "checkspf" (ID,PolicyID,Name,UseSPF,RejectFailedSPF,AddSPFHeader,Comment,Disabled) VALUES(6,13,"SPF Policy",1,0,1,"Zimbra CheckSPF Policy",0);
COMMIT;
The SPF policy will not reject emails with failed SPF checks. If you reject emails with failed SPF check then change RejectFailedSPF to 1 into zimbra-cbpolicyd-spf.sql file
INSERT INTO "checkspf" (ID,PolicyID,Name,UseSPF,RejectFailedSPF,AddSPFHeader,Comment,Disabled) VALUES(6,13,"SPF Policy",1,1,1,"Zimbra CheckSPF Policy",0);
Import the cbpolicyd policy databases
$ sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb < /opt/zimbra/data/cbpolicyd/db/zimbra-cbpolicyd-spf.sql
To restart policyd service
$ zmcbpolicydctl restart
To check spf polices
sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb
sqlite> select * from policy_groups;
sqlite> select * from policy_group_members;
sqlite> select * from policies;
sqlite> select * from policy_members;
sqlite> select * from checkspf;
sqlite> .quit
The zimbra logs SPF
$ tailf /var/log/zimbra.log | egrep "Failed SPF check"
Good luck! I hope this useful :)
good tutorial
ReplyDeleteThanks for reading my blog!
ReplyDeleteDear, very useful tutorial...after enabling SPF on Zimbra, do I have to do any adjustment relating to SPF ? Thanks a lot.
ReplyDeleteYeh, Thank you reading my blog!
ReplyDeleteAfter enabling SPF on zimbra, you can check log SPF
$ tailf /opt/zimbra/log/cbpolicyd.log
$ tailf /var/log/zimbra.log | egrep "Failed SPF check"
when i run sqlite i got the below
ReplyDeleteError: near line 2: no such table: policies
Error: near line 3: no such table: policy_members
Error: near line 4: no such table: checkspf