Specific Whitelist/Blacklist per IP

https://wiki.zimbra.com/wiki/Specific_Whitelist/Blacklist_per_IP

 

Purpose

With ZCS 8.5 and later, it is possible to maintain an IP blacklist for connections to Postfix. This is useful in DoS and targeted spam attack scenarios.

Many clients use RBLs to block spammers from flooding their MTAs with spam. Unfortunately, perfectly valid sites occasionally end up on these lists. With ZCS 8.5 and later, it is possible to create an on-disk database map that allows the client to whitelist specific blacklisted IPs so that emails from those IPs still get delivered.

Resolution

Whitelist Edit /opt/zimbra/conf/postfix_rbl_override. Add IP address(es) SPACE OK to the file, one IP address per line:

1.2.3.4 OK

Run the postmap to save and apply the changes in Postfix:

postmap /opt/zimbra/conf/postfix_rbl_override

Run the zmprov to apply the changes to the Zimbra Collaboration Server:

zmprov mcf +zimbraMtaRestriction 'check_client_access lmdb:/opt/zimbra/conf/postfix_rbl_override'

postmap will need to be rerun on the file any time an IP address is added or removed.

Blacklist Edit /opt/zimbra/conf/postfix_blacklist. Add IP address SPACE REJECT to the file, one IP address per line:

1.2.3.4 REJECT

Run the postmap to save and apply the changes in Postfix:

postmap /opt/zimbra/conf/postfix_blacklist

Run the zmprov to apply the changes to the Zimbra Collaboration Server:

zmprov mcf +zimbraMtaRestriction 'check_client_access lmdb:/opt/zimbra/conf/postfix_blacklist'

postmap will need to be rerun on the file anytime an IP address is added or removed.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s