Huu Phan | Blog Linux operating system | Linux operating system -Blog Huu Phan | Powered by Blogger.

Explore the world of seamless email management with Zimbra Mail on Linux! Our blog delves into a step-by-step guide on harnessing the potential of Linux commands, providing easy-to-follow how-tos, and unlocking the magic of Bash scripting. Simplify your email administration journey and enhance your skills with our insightful tips and tricks.

zimbra enforce SPF checking for incomming email

In this tutorial, I'm enable and configure spf to check for incommning email with cbpolicyd. By default, the SPF checking module is not enable and there are no SPF policies. zimbra logs with "Sender address rejected: Failed SPF check". How to zimbra enforce spf checking for incomming email as below. I'm running commands as zimbra account ( su - zimbra )

Links to below you maybe likes:
zimbra 8.6 cbpolicyd example
How to install and configure zimbra multi server.
How to restrict to user sending mail on zimbra 8.6.
How to Restrict Sending to Distribution list in zimbra mail.
How to change last login time for all accounts in zimbra ldap.
How to zimbra reject authenticated sender login mismatch.

To check zimbra policyd spf

$ zmprov gs `zmhostname` zimbraCBPolicydCheckSPFEnabled

If zimbra spf checking not enable then, to enable policyd checkspf
$ zmprov ms `zmhostname` zimbraCBPolicydCheckSPFEnabled TRUE

To restart policyd service

$ zmcbpolicydctl restart

To create zimbra-cbpolicyd-spf.sql file

$ vim /opt/zimbra/data/cbpolicyd/db/zimbra-cbpolicyd-spf.sql
The content as below:

INSERT INTO "policies" (ID,Name,Priority,Description) VALUES(12,'CBPolicyd SPF Policies', 20, 'CBPolicyd SPF Policies');
INSERT INTO "policy_members" (ID,PolicyID,Source,Destination) VALUES(13,12, '!%internal_domains', '%internal_domains');
INSERT INTO "checkspf" (ID,PolicyID,Name,UseSPF,RejectFailedSPF,AddSPFHeader,Comment,Disabled) VALUES(6,13,"SPF Policy",1,0,1,"Zimbra CheckSPF Policy",0);

The SPF policy will not reject emails with failed SPF checks. If you reject emails with failed SPF check then change RejectFailedSPF to 1 into zimbra-cbpolicyd-spf.sql file

INSERT INTO "checkspf" (ID,PolicyID,Name,UseSPF,RejectFailedSPF,AddSPFHeader,Comment,Disabled) VALUES(6,13,"SPF Policy",1,1,1,"Zimbra CheckSPF Policy",0);

Import the cbpolicyd policy databases

$ sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb < /opt/zimbra/data/cbpolicyd/db/zimbra-cbpolicyd-spf.sql

To restart policyd service

$ zmcbpolicydctl restart

To check spf polices

sqlite3 /opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb
sqlite> select * from policy_groups;
sqlite> select * from policy_group_members;
sqlite> select * from policies;
sqlite> select * from policy_members;
sqlite> select * from checkspf;
sqlite> .quit

The zimbra logs SPF

$ tailf /var/log/zimbra.log | egrep "Failed SPF check"

Good luck! I hope this useful :)

post new :

Huu Phan | Blog Linux operating system | Huu Phan ~ Zimbra Mail Server,linux,bash script,centos,linux command |


Thanks for reading my blog!


Dear, very useful tutorial...after enabling SPF on Zimbra, do I have to do any adjustment relating to SPF ? Thanks a lot.


Yeh, Thank you reading my blog!
After enabling SPF on zimbra, you can check log SPF
$ tailf /opt/zimbra/log/cbpolicyd.log
$ tailf /var/log/zimbra.log | egrep "Failed SPF check"


when i run sqlite i got the below
Error: near line 2: no such table: policies
Error: near line 3: no such table: policy_members
Error: near line 4: no such table: checkspf


This Blog is protected by