Huu Phan | Blog Linux operating system | Linux operating system -Blog Huu Phan | www.huuphan.com
huuphan.com. Powered by Blogger.

Effortless Zimbra Mail Management: Unleashing the Power of Linux Commands, How-To, and Bash Scripts

Explore the world of seamless email management with Zimbra Mail on Linux! Our blog delves into a step-by-step guide on harnessing the potential of Linux commands, providing easy-to-follow how-tos, and unlocking the magic of Bash scripting. Simplify your email administration journey and enhance your skills with our insightful tips and tricks.

» » zimbra enforce SPF checking for incomming email

zimbra enforce SPF checking for incomming email

Zimbra Mail Server
5 Comment
In this tutorial, I'm enable and configure spf to check for incommning email with cbpolicyd. By default, the SPF checking module is not enable and there are no SPF policies. zimbra logs with "Sender address rejected: Failed SPF check". How to zimbra enforce spf checking for incomming email as below. I'm running commands as zimbra account ( su - zimbra )


Links to below you maybe likes:
zimbra 8.6 cbpolicyd example
How to install and configure zimbra multi server.
How to restrict to user sending mail on zimbra 8.6.
How to Restrict Sending to Distribution list in zimbra mail.
How to change last login time for all accounts in zimbra ldap.
How to zimbra reject authenticated sender login mismatch.






To check zimbra policyd spf

$ zmprov gs `zmhostname` zimbraCBPolicydCheckSPFEnabled

If zimbra spf checking not enable then, to enable policyd checkspf
$ zmprov ms `zmhostname` zimbraCBPolicydCheckSPFEnabled TRUE

To restart policyd service

$ zmcbpolicydctl restart

To create zimbra-cbpolicyd-spf.sql file

$ vim /opt/zimbra/data/cbpolicyd/db/zimbra-cbpolicyd-spf.sql
The content as below:

BEGIN TRANSACTION;
INSERT INTO "policies" (ID,Name,Priority,Description) VALUES(12,'CBPolicyd SPF Policies', 20, 'CBPolicyd SPF Policies');
INSERT INTO "policy_members" (ID,PolicyID,Source,Destination) VALUES(13,12, '!%internal_domains', '%internal_domains');
INSERT INTO "checkspf" (ID,PolicyID,Name,UseSPF,RejectFailedSPF,AddSPFHeader,Comment,Disabled) VALUES(6,13,"SPF Policy",1,0,1,"Zimbra CheckSPF Policy",0);
COMMIT;

The SPF policy will not reject emails with failed SPF checks. If you reject emails with failed SPF check then change RejectFailedSPF to 1 into zimbra-cbpolicyd-spf.sql file

INSERT INTO "checkspf" (ID,PolicyID,Name,UseSPF,RejectFailedSPF,AddSPFHeader,Comment,Disabled) VALUES(6,13,"SPF Policy",1,1,1,"Zimbra CheckSPF Policy",0);

Import the cbpolicyd policy databases

$ sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb < /opt/zimbra/data/cbpolicyd/db/zimbra-cbpolicyd-spf.sql

To restart policyd service

$ zmcbpolicydctl restart

To check spf polices


sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb
sqlite> select * from policy_groups;
sqlite> select * from policy_group_members;
sqlite> select * from policies;
sqlite> select * from policy_members;
sqlite> select * from checkspf;
sqlite> .quit

The zimbra logs SPF

$ tailf /var/log/zimbra.log | egrep "Failed SPF check"

Good luck! I hope this useful :)

post new :

Huu Phan | Blog Linux operating system | Huu Phan ~ Zimbra Mail Server,linux,bash script,centos,linux command | www.huuphan.com

5 Comments

HuuPV Admin
August 16, 2018 at 8:57 PM delete

Thanks for reading my blog!

Relay
alejandrocabrera
November 29, 2018 at 1:18 AM delete

Dear, very useful tutorial...after enabling SPF on Zimbra, do I have to do any adjustment relating to SPF ? Thanks a lot.

Relay
HuuPV Admin
November 30, 2018 at 7:50 PM delete

Yeh, Thank you reading my blog!
After enabling SPF on zimbra, you can check log SPF
$ tailf /opt/zimbra/log/cbpolicyd.log
$ tailf /var/log/zimbra.log | egrep "Failed SPF check"

Relay
maslak
April 25, 2019 at 8:53 PM delete

when i run sqlite i got the below
Error: near line 2: no such table: policies
Error: near line 3: no such table: policy_members
Error: near line 4: no such table: checkspf

Relay

This Blog is protected by DMCA.com

DMCA.com for Blogger blogs