Huu Phan | Blog Linux operating system | Linux operating system -Blog Huu Phan | Powered by Blogger.

Follow by Email

zimbra enforce SPF checking for incomming email

In this tutorial, I'm enable and configure spf to check for incommning email with cbpolicyd. By default, the SPF checking module is not enable and there are no SPF policies. zimbra logs with "Sender address rejected: Failed SPF check". How to zimbra enforce spf checking for incomming email as below. I'm running commands as zimbra account ( su - zimbra )

Links to below you maybe likes:
zimbra 8.6 cbpolicyd example
How to install and configure zimbra multi server.
How to restrict to user sending mail on zimbra 8.6.
How to Restrict Sending to Distribution list in zimbra mail.
How to change last login time for all accounts in zimbra ldap.
How to zimbra reject authenticated sender login mismatch.

To check zimbra policyd spf

$ zmprov gs `zmhostname` zimbraCBPolicydCheckSPFEnabled

If zimbra spf checking not enable then, to enable policyd checkspf
$ zmprov ms `zmhostname` zimbraCBPolicydCheckSPFEnabled TRUE

To restart policyd service

$ zmcbpolicydctl restart

To create zimbra-cbpolicyd-spf.sql file

$ vim /opt/zimbra/data/cbpolicyd/db/zimbra-cbpolicyd-spf.sql
The content as below:

INSERT INTO "policies" (ID,Name,Priority,Description) VALUES(12,'CBPolicyd SPF Policies', 20, 'CBPolicyd SPF Policies');
INSERT INTO "policy_members" (ID,PolicyID,Source,Destination) VALUES(13,12, '!%internal_domains', '%internal_domains');
INSERT INTO "checkspf" (ID,PolicyID,Name,UseSPF,RejectFailedSPF,AddSPFHeader,Comment,Disabled) VALUES(6,13,"SPF Policy",1,0,1,"Zimbra CheckSPF Policy",0);

The SPF policy will not reject emails with failed SPF checks. If you reject emails with failed SPF check then change RejectFailedSPF to 1 into zimbra-cbpolicyd-spf.sql file

INSERT INTO "checkspf" (ID,PolicyID,Name,UseSPF,RejectFailedSPF,AddSPFHeader,Comment,Disabled) VALUES(6,13,"SPF Policy",1,1,1,"Zimbra CheckSPF Policy",0);

Import the cbpolicyd policy databases

$ sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb < /opt/zimbra/data/cbpolicyd/db/zimbra-cbpolicyd-spf.sql

To restart policyd service

$ zmcbpolicydctl restart

To check spf polices

sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb
sqlite> select * from policy_groups;
sqlite> select * from policy_group_members;
sqlite> select * from policies;
sqlite> select * from policy_members;
sqlite> select * from checkspf;
sqlite> .quit

The zimbra logs SPF

$ tailf /var/log/zimbra.log | egrep "Failed SPF check"

Good luck! I hope this useful :)

post new :

Huu Phan | Blog Linux operating system | Huu Phan ~ Zimbra Mail Server,linux,bash script,centos,linux command |