Posts

Showing posts with the label Zimbra Mail Server

zimbra enforce SPF checking for incomming email

Image
In this tutorial, I'm enable and configure spf to check for incommning email with cbpolicyd. By default, the SPF checking module is not enable and there are no SPF policies. zimbra logs with "Sender address rejected: Failed SPF check". How to zimbra enforce spf checking for incomming email as below. I'm running commands as zimbra account ( su - zimbra ) Links to below you maybe likes: zimbra 8.6 cbpolicyd example How to install and configure zimbra multi server. How to restrict to user sending mail on zimbra 8.6. How to Restrict Sending to Distribution list in zimbra mail. How to change last login time for all accounts in zimbra ldap. How to zimbra reject authenticated sender login mismatch. To check zimbra policyd spf $ zmprov gs `zmhostname` zimbraCBPolicydCheckSPFEnabled If zimbra spf checking not enable then, to enable policyd checkspf $ zmprov ms `zmhostname` zimbraCBPolicydCheckSPFEnabled TRUE To restart policyd service $ zmcbpolicydctl resta

Zimbra 8.8 releases beta

Zimbra 8.8 the best for mail server. It's useful the feature new! I like it. What is zimbra 8.8 new New Realtime backup : I like it! Now, your backup no data loss and saving on storage space New Mobile Sync New HSM & Volume Management : reduce your current zimbra storage Improved, easy-to-use Delegated Admin Zimbra Drive Zimbra Chat (BETA) Decoupled IMAP Service (BETA) Ephemeral Data Store The waiting zimbra 8.8 offical! Yeah to ready zimbra GA link download zimbra 8.8 How to install zimbra 8.8 on centos 6 step by step !

Whitelist and Blacklist domain in zimbra 8.6

Image
In this  tutorial, How to configure whitelist and blacklist domain in zimbra . To use amavisd.conf.in file before it's configure, To backup file /opt/zimbra/conf/amavisd.conf.in we need to score Positive is Blacklist and Negative score is whitelist. I'm running the commands with account zimbra ( su - zimbra) Links to below you maybe likes: zimbra custom spamassassin rules How to create auto Bcc for Recipient mails for Zimbra 8.6 How to add spam filters on zimbra 8.6 How to create auto Bcc for sender mails for Zimbra 8.6 list accounts that has not logged in for the last x days in zimbra Whitelist and Blacklist domain in zimbra 8.6 To backup amavisd.conf.in file su - zimbra cp /opt/zimbra/conf/amavisd.conf.in /opt/zimbra/conf/amavisd.conf.in.bak How to whitelist domain in zimbra To add whitelist domain or emailID  in amavisd.conf.in file vim /opt/zimbra/conf/amavisd.conf.in The content whitelist domain as below: { # a hash-type lookup table (associative array) &#

zimbra custom spamassassin rules

Image
How to prevent spam on zimbra. To use zimbra spamassassin filter. To backlist and whitelist all email from address or domain. To spam-check mail incoming email to system your email or To spam-check internal mail. To use zimbra 8.6 and later, The commands as below running on zimbra MTA.  Links to below you maybe likes: zimbra custom spamassassin rules How to create auto Bcc for Recipient mails for Zimbra 8.6 How to add spam filters on zimbra 8.6 How to create auto Bcc for sender mails for Zimbra 8.6 list accounts that has not logged in for the last x days in zimbra zimbra custom spamassassin rules Enabling SpamAssassin rule updates su - zimbra zmlocalconfig -e antispam_enable_rule_updates=true zmlocalconfig -e antispam_enable_restarts=true zmlocalconfig -e antispam_enable_rule_compilation=true zmamavisdctl restart zmmtactl restart To check and configure zimbra Spam Subject Tag, zimbra Spam Tag Percent, zimbra Spam Kill Percent attribute. zmprov gcf zimbraSpamSubjectTag

zimbra bounces from spam email

Image
How to block backscatter email on zimbra. How many reasons why bounces from spam email. To run commands as below su - zimbra zmprov mcf zimbraMtaEnableSmtpdPolicyd TRUE zmprov mcf zimbraMtaSmtpdRejectUnlistedRecipient yes zmprov mcf zimbraMtaSmtpdRejectUnlistedSender yes zmprov mcf +zimbraMtaRestriction "check_policy_service unix:private/policy" zmmtactl restart zmconfigdctl restart The solve problem Bounces backscatter from spam email

How to create auto Bcc for Recipient mails for Zimbra 8.6

Image
How to auto copy of all email from [email protected] to [email protected]. Every email recipient of [email protected] from email another, then automation bcc send to [email protected].   How to create auto Bcc for sender mails for Zimbra 8.6 To check "recipient BCC Maps" recipient_bcc_maps on your zimbra 8.6 $ postconf | egrep "recipient_bcc_maps" To configure recipient bbc maps on zimbra 8.6 # su - zimbra $ cd /opt/zimbra/postfix/conf/ To create recipient_bcc $ vim recipient_bcc Input the content as below [email protected] [email protected] To add recipient_bcc_maps in main.cf file $ vim /opt/zimbra/postfix/conf/main.cf To add the following line in below recipient_bcc_maps = lmdb:/opt/zimbra/postfix/conf/recipient_bcc To apply configure recipient_bcc_maps $ postmap /opt/zimbra/postfix/conf/recipient_bcc To restart the zimbra postfix $ postfix reload To check "Recipient BCC Maps" recipi

How to add spam filters on zimbra 8.6

Image
How to add spam filters on zimbra 8.6 Links to below you maybe likes: zimbra custom spamassassin rules How to create auto Bcc for Recipient mails for Zimbra 8.6 How to add spam filters on zimbra 8.6 How to create auto Bcc for sender mails for Zimbra 8.6 list accounts that has not logged in for the last x days in zimbra su - zimbra To check current setting $ zmprov gacf | grep zimbraMtaRestriction To add spam filters on zimbra 8.6 $ zmprov mcf zimbraMtaRestriction reject_invalid_hostname \ zimbraMtaRestriction reject_non_fqdn_hostname \ zimbraMtaRestriction reject_non_fqdn_sender \ zimbraMtaRestriction "reject_rbl_client dnsbl.njabl.org" \ zimbraMtaRestriction "reject_rbl_client cbl.abuseat.org" \ zimbraMtaRestriction "reject_rbl_client bl.spamcop.net" \ zimbraMtaRestriction "reject_rbl_client dnsbl.sorbs.net" \ zimbraMtaRestriction "reject_rbl_client sbl.spamhaus.org" \ zimbraMtaRestriction "reject_rbl_client rela

How to create auto Bcc for sender mails for Zimbra 8.6

Image
How to auto copy of all email from [email protected] to [email protected]. Every email send from [email protected] to email another, then automation bcc to [email protected]. How to create auto Bcc for Recipient mails for Zimbra 8.6 To check "Sender BCC Maps" sender_bcc_maps on your zimbra 8.6 $ postconf | egrep "sender_bcc_maps" The output as below sender_bcc_maps = To configure sender bbc maps on zimbra 8.6 # su - zimbra $ cd /opt/zimbra/postfix/conf/ To create sender_bcc $ vim sender_bcc Input the content as below [email protected] [email protected] To add sender_bcc_maps in main.cf file $ vim /opt/zimbra/postfix/conf/main.cf To add the following line in below sender_bcc_maps = lmdb:/opt/zimbra/postfix/conf/sender_bcc To apply configure sender_bcc_maps $ postmap /opt/zimbra/postfix/conf/sender_bcc To restart the zimbra postfix $ postfix reload To check "Sender BCC Maps" sender_bc

zimbra duplicate emails issue

Image
How to remove zimbra duplicate emails in inbox. some trouble message with double message-id. The resolution enable zimbraMessageIdDedupeCacheSize attribute. The default, zimbra disable zimbraMessageIdDedupeCacheSize attribute. I'm running commands with account zimbra ( su - zimbra ) To find current value zmprov gcf zimbraMessageIdDedupeCacheSize The looks like as below zimbraMessageIdDedupeCacheSize: 3000  The modified value and zimbra mailbox service restart zmprov mcf zimbraMessageIdDedupeCacheSize 0 zmmailboxdctl restart The conclusion The solve problem, "zimbra duplicate message id", "zimbra duplicate emails". The commands use my post, support zimbra mail server version 8.6 8.5 8.0

zimbra DKIM (DomainKeys identified Mail)

Image
zimbra DKIM (Domainkeys identified Mail) include: Private-key insert header of email sending mail server. Public-key updated into DNS public. Links to below you maybe likes: zimbra custom spamassassin rules How to create auto Bcc for Recipient mails for Zimbra 8.6 How to add spam filters on zimbra 8.6 How to create auto Bcc for sender mails for Zimbra 8.6 list accounts that has not logged in for the last x days in zimbra Step 1: To configure zimbra DKIM To add DKIM data into domain not existing DKIM /opt/zimbra/libexec/zmdkimkeyutil -a -d huuphan.com The output as bellow DKIM Data added to LDAP for domain huuphan.com with selector 0E9F133A-9577-11E1-AD0E-2A2FBBAC6BCB  Public key to enter into DNS:  0E9F133A-9577-11E1-AD0E-2A2FBBAC6BCB._domainkey IN TXT "v=DKIM1;=rsa;  p=MIGfMA0GCXXXSSFWwfdfdfEEAA4GNADCBiQKBgQDY5CBg15nZ2vYnRmrNub6Jn6ghQ2DXQbQgOJ/E5IGziUYEuE2OnxkBm1h3jived21uHjpNy0naOZjLj0xLyyjclVy1chrhSbsGAhe8HLXUsdXyfRvNTq8NWLsUnMEsoomtJCJ  /4GSWYU1whOQ9oKZ

zmprov command create account attributes in zimbra

Image
How to zmprov command create account attributes in zimbra. zmprov command creating accounts, aliases, domain, cos, distribute lists and calendar resources. Links to below you maybe likes: zimbra custom spamassassin rules How to create auto Bcc for Recipient mails for Zimbra 8.6 How to add spam filters on zimbra 8.6 How to create auto Bcc for sender mails for Zimbra 8.6 list accounts that has not logged in for the last x days in zimbra Print all attribute names zmprov desc The syntax for modify attributes in zimbra Use + to add an attribute Use - to remove an attribute How to create account with attributes use zmprov command zmprov ca [email protected] 123456789 sn 'huupv' cn 'Huu, Phan Van' displayName 'Huu, Phan Van (IT)' zimbraMailHost mail.huuphan.local Account information     Account email: [email protected]     Password: 123456789     lastName: huupv     fullName: Huu, Phan Van     displayName: Huu, Phan Van (IT

zimbra ldap reset last login time

Image
How to change last login time for all accounts in zimbra ldap. I'm running scripts on zimbra ldap with zimbra account. To use zimbra  8.6 The explain scripts zimbra ldap reset last login time File /tmp/email the contain accounts email, you want change last login time. cat /tmp/email The output as bellow [email protected] [email protected] when you running script, then zimbraLastLogonTimestamp change the last login the current date DATE=$(date +%Y%m%d) The output as bellow 20170726 For example [email protected] with zimbraLastLogonTimestamp : 20170511135742.260Z to changed zimbraLastLogonTimestamp : 20170726000000.000Z My scripts zimbra ldap reset last login time #!/bin/bash #HuuPV rm -f /tmp/account_DN DATE=$(date +%Y%m%d) LDAP_HOST=$(/opt/zimbra/bin/zmlocalconfig ldap_host | cut -d\ '' -f3) LDAP_PASSWORD=$(/opt/zimbra/bin/zmlocalconfig -s zimbra_ldap_password | cut -d\ '' -f3) LDAP_USERDN=$(/opt/zimbra/bin/zmlocalcon

zimbra mail server security fail2ban

Image
zimbra mail server security with fail2ban. How to configure fail2ban for prevent "brute force attack" zimbra 8.6 on centos. How to improve zimbra mail server security with fail2ban . I'm running commands as root account. Links to below you maybe likes: zimbra custom spamassassin rules How to create auto Bcc for Recipient mails for Zimbra 8.6 How to add spam filters on zimbra 8.6 How to create auto Bcc for sender mails for Zimbra 8.6 list accounts that has not logged in for the last x days in zimbra To install fail2ban yum install fail2ban nano To backup file cp /etc/fail2ban/action.d/iptables-allports.conf /etc/fail2ban/action.d/iptables-allports.conf.backup cp /etc/fail2ban/filter.d/zimbra.conf /etc/fail2ban/filter.d/zimbra.conf.backup cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.conf.backup To create zimbra.conf file cat /etc/fail2ban/filter.d/zimbra.conf The content as below # Fail2Ban configuration file # # Author: # # $Revision: 1 $ # [Def

zimbra Qualys A+

Image
How to zimbra A+ in the Qualys SSL Labs Security Test. To help system zimbra security hardening. Let's go labs. in my post,i use zimbra account ( su - zimbra)  Zimbra without Proxy ( zimbra mailbox+zimbra ldap+zimbra MTA) Tune the cipher list ( you to check zimbraSSLExcludeCipherSuites before run command) zmprov mcf +zimbraSSLExcludeCipherSuites TLS_DHE_RSA_WITH_AES_128_CBC_SHA zmprov mcf +zimbraSSLExcludeCipherSuites TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 zmprov mcf +zimbraSSLExcludeCipherSuites TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 zmprov mcf +zimbraSSLExcludeCipherSuites SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA \ +zimbraSSLExcludeCipherSuites SSL_DHE_DSS_WITH_DES_CBC_SHA \ +zimbraSSLExcludeCipherSuites SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA \ +zimbraSSLExcludeCipherSuites SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA \ +zimbraSSLExcludeCipherSuites SSL_DHE_RSA_WITH_DES_CBC_SHA \ +zimbraSSLExcludeCipherSuites SSL_RSA_EXPORT_WITH_DES40_CBC_SHA \ +zimbraSSLExcludeCipherSuites SSL_RS

zimbra reject authenticated sender login mismatch

Image
zimbra reject authenticated sender login mismatch, How To Improvement Sender Must Login/Enforcing a Match Between From Address and sasl username on Zimbra 8.6  To check zimbraMtaSmtpdRejectUnlistedSender and zimbraMtaSmtpdRejectUnlistedRecipient enable on server zimbra mta? zmprov gacf | egrep zimbraMtaSmtpdRejectUnlistedSender zmprov gacf | egrep zimbraMtaSmtpdRejectUnlistedRecipient The output as bellow zimbraMtaSmtpdRejectUnlistedSender: no zimbraMtaSmtpdRejectUnlistedRecipient: no To enabled zimbraMtaSmtpdRejectUnlistedSender and zimbraMtaSmtpdRejectUnlistedRecipient on server zimbra mta zmprov mcf zimbraMtaSmtpdRejectUnlistedRecipient yes zmprov mcf zimbraMtaSmtpdRejectUnlistedSender yes To open file /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf and add reject_sender_login_mismatch after permit_mynetworks permit_mynetworks, reject_sender_login_mismatch To restart zmmtactl zmmtactl restart To test zimbra reject authenticated sender login mismatch

Zimbra error 421-4.7.0 gsmtp

Image
zimbra code error 421-4.7.0 This message does not have authentication information or fails to pass 421-4.7.0 authentication checks Gmail SMTP Error Codes Jun 22 11:17:56 mta postfix/smtp[16523]: B67511C61EE: host gmail-smtp-in.l.google.com[74.125.23.27] said: 421-4.7.0 This message does not have authentication information or fails to pass 421-4.7.0 authentication checks. To best protect our users from spam, the 421-4.7.0 message has been blocked. Please visit 421-4.7.0  https://support.google.com/mail/answer/81126#authentication for more 421 4.7.0 information. f7si5281662plm.92 - gsmtp (in reply to end of DATA command) How to solve problem ( recommend of google) Sign messages with DKIM Publish an SPF record Publish a DMARC policy My opinion just "Sign messages with DKIM and Publish an SPF record" without Publish a DMARC policy. Ref to check DKIM and spf use dig command dig -t txt  C333XXX-11E4-B123-25B12331CXXXA1._domainkey domain-your.com Or ref to check website o

list accounts that has not logged in for the last x days in zimbra

Image
How to list accounts that has not logged in for the last x days in zimbra, list accounts last login time a month ago... after run script,The output /tmp/lastlogin_time syntax file as bellow Account zimbraAccountStatus displayName To use date command a month ago date -d "-1 month" +%Y%m%d The script zimbra_lastlogin.sh name, list accounts last login time a month ago To run script zimbra_lastlogin.s ./zimbra_lastlogin.sh The full script zimbra_lastlogin.sh list accounts that has not logged in for the last x days in zimbra #!/bin/bash #HuuPV author rm -f /tmp/lastlogin_time pastmonth=$(date -d "-1 month" +%Y%m%d) LDAP_HOST=$(/opt/zimbra/bin/zmlocalconfig ldap_host | cut -d\ '' -f3) LDAP_PASSWORD=`/opt/zimbra/bin/zmlocalconfig -s zimbra_ldap_password | cut -d\ '' -f3` LDAP_USERDN=$(/opt/zimbra/bin/zmlocalconfig zimbra_ldap_userdn | cut -d\ '' -f3) LDAPSEARCH="/opt/zimbra/bin/ldapsearch -D "$LDAP_USERDN" -w$LDA

How to setting password policies in Zimbra

Image
How to setting password policies in zimbra? To help your system increase security, password strongest. To get all COS use zmprov command su - zimbra zmprov gac -v | grep Password | sort | uniq To display all attributes as below zimbraFeatureChangePasswordEnabled: TRUE zimbraMobilePolicyAllowSimpleDevicePassword: FALSE zimbraMobilePolicyAlphanumericDevicePasswordRequired: FALSE zimbraMobilePolicyDevicePasswordEnabled: TRUE zimbraMobilePolicyDevicePasswordExpiration: 0 zimbraMobilePolicyDevicePasswordHistory: 8 zimbraMobilePolicyMaxDevicePasswordFailedAttempts: 4 zimbraMobilePolicyMinDevicePasswordComplexCharacters: 0 zimbraMobilePolicyMinDevicePasswordLength: 4 zimbraMobilePolicyPasswordRecoveryEnabled: TRUE zimbraPasswordEnforceHistory: 0 zimbraPasswordLocked: FALSE zimbraPasswordLockoutDuration: 1h zimbraPasswordLockoutEnabled: FALSE zimbraPasswordLockoutFailureLifetime: 1h zimbraPasswordLockoutMaxFailures: 10 zimbraPasswordMaxAge: 0 zimbraPasswordMaxLength:

How to backup and restore for zimbra mailbox

Image
In this tutorial, How to " Backup and restore for zimbra mailbox ". How to backup mailbox for accounts? How to restore mailbox for accounts? The format list_account file as below: [email protected] [email protected] The script backup mailbox for all accounts #!/bin/bash FILE= /tmp/list_account DATE=$(date +"%a") ZMBOX=/opt/zimbra/bin/zmmailbox while read account do      echo "---Generating files from backup $account ---"      $ZMBOX -z -m $account -t 0 getRestURL "//?fmt=zip" > /tmp/$acount.$DATE.zip done < $FILE The script restore mailbox for all accounts #!/bin/bash FILE=/tmp/list_account DATE=$(date +"%a") ZMBOX= /opt/zimbra/bin/zmmailbox while read account do     echo "---Restoring files from backup $account---"     $ZMBOX -z -m $account -t 0 postRestURL "//?fmt=zip&resolve=reset" /tmp/$account.$DATE.zip done < $FILE Note: if you setup multi-server Zimbr

zimbra 8.6 cbpolicyd example

Image
Links to below you maybe likes: How to zimbra enforce spf checking for incomming email How to use cbpolicyd to configure 120 message from sender in last 30s. in order configure in zimbra cbpolicyd policies -->policy_members -->quotas -->quotas_limits To create zimbra-example.sql file BEGIN TRANSACTION; INSERT INTO "policies" (ID,Name,Priority,Description) VALUES(6,'Example CBPolicyd Policies', 0, 'Example CBPolicyd Policies'); INSERT INTO "policy_members" (ID,PolicyID,Source,Destination) VALUES(10,6, 'user@domain', '!%internal_domains'); INSERT INTO "quotas" (ID,PolicyID,Name,Track,Period,Verdict,Data) VALUES (14,10, 'Sender:user@domain','Sender:user@domain', 30, 'REJECT', 'Rejected from CBPolicyd: Too many messages from sender in last 30s'); INSERT INTO "quotas_limits" (ID,QuotasID,Type,CounterLimit) VALUES(16,14, 'MessageCount', 120); COMMIT; To