Improving Anti Spam : Reject Unlisted Domain On Zimbra

Posted on by

Reject unlisted domain is one of many method to improve anti spam on email server, especially Zimbra mail server. On Zimbra, we can setup any IP address to listed as trusted network. IP address listed on trusted network, can sending email without authentication or prompt asking. In other words, listed ip address on trusted network can sending email with any domain, although is not listed on Zimbra.

If you have email server with domain example.com, email server should be sending email to outside with example.com domain, if not, then it should be rejected. This article, will describe step by step how to reject unlisted domain on Zimbra with Policyd. Assuming you have install and enable Policyd. If not, you can following this article to enable it : https://pratapsatve.wordpress.com/2016/03/17/how-to-install-policyd-on-zimbra/

Access Policyd WebUI via browser http://zimbraserver:7780/webui/index.php. Make sure your Zimbra service apache have been running

Select Policies | Groups. Select action and add groups. given name list_domain. On comment, you can empty or filled with comment. Select a group that has been made. On action, select members and fill with your domain. See the following example. make sure disabled status is no at groups or members groups

Select Policies | Main. Add new policy and give name or information like the following picture. Then submit query
policyd-reject-unlisted-domain

select new policy have been made and select members on action. Add member and fill on source/destination with group that has previously been made. See the following picture

policyd-reject-member

above configuration is explain source and destination is not from members listed on group. Select Access Control | Configure. Add new ACL and give name or information like this :

Name : Reject Unlisted Domain
Link to policy : Reject Unlisted Domain (New policy has previously been made)
Verdict : Reject
Data : Sorry, you are not authorized to sending email

See the following picture. Then submit query

policyd-acl

Make sure disabled status is no of all configuration has been made. Enable policyd accesscontrol and restart policyd service

su – zimbra
zmprov ms zmhostname zimbraCBPolicydAccessControlEnabled TRUE
zmcbpolicydctl restart

mail:~ # telnet localhost 25
Trying 127.0.0.1…
Connected to localhost.
Escape character is ‘^]’.
220 mail.xxxxxxx.xxx ESMTP Postfix
ehlo mail
250-mail.xxxxxxx.xxx
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:ahmad@gmail.com
250 2.1.0 Ok
rcpt to:ahmad@yahoo.com
554 5.7.1 : Sender address rejected: Sorry, you are not authorized to sending email

Good luck and hopefully useful

Leave a comment