Improving Anti Spam : Reject Unlisted Domain On Zimbra 8.5

Home » Zimbra » Improving Anti Spam : Reject Unlisted Domain On Zimbra 8.5
Zimbra 32 Comments

Reject unlisted domain is one of many method to improve anti spam on email server, especially Zimbra mail server. On Zimbra, we can setup any IP address to listed as trusted network. IP address listed on trusted network, can sending email without authentication or prompt asking. In other words, listed ip address on trusted network can sending email with any domain, although is not listed on Zimbra.

If you have email server with domain, email server should be sending email to outside with domain, if not, then it should be rejected. This article, will describe step by step how to reject unlisted domain on Zimbra with Policyd. Assuming you have install and enable Policyd. If not, you can following this article to enable it :

Access Policyd WebUI via browser http://zimbraserver:7780/webui/index.php. Make sure your Zimbra service apache have been running

Select Policies | Groups. Select action and add groups. given name list_domain. On comment, you can empty or filled with comment. Select a group that has been made. On action, select members and fill with your domain. See the following example. make sure disabled status is no at groups or members groups


Select Policies | Main. Add new policy and give name or information like the following picture. Then submit query


select new policy have been made and select members on action. Add member and fill on source/destination with group that has previously been made. See the following picture


above configuration is explain source and destination is not from members listed on group. Select Access Control | Configure. Add new ACL and give name or information like this :

Name : Reject Unlisted Domain
Link to policy : Reject Unlisted Domain (New policy has previously been made)
Verdict : Reject
Data : Sorry, you are not authorized to sending email

See the following picture. Then submit query


Make sure disabled status is no of all configuration has been made. Enable policyd accesscontrol and restart policyd service

su - zimbra
zmprov ms `zmhostname` zimbraCBPolicydAccessControlEnabled TRUE
zmcbpolicydctl restart

Please try to sending email use telnet on Zimbra mail server itself. it is the example result of above configuration

mail:~ # telnet localhost 25
Connected to localhost.
Escape character is '^]'.
220 ESMTP Postfix
ehlo mail
250-SIZE 10240000
250 DSN
250 2.1.0 Ok
554 5.7.1 <>: Sender address rejected: Sorry, you are not authorized to sending email

Good luck and hopefully useful 😀

Let’s See the Video on Youtube

32 thoughts on - Improving Anti Spam : Reject Unlisted Domain On Zimbra 8.5