Zimbra Tips : Delivery Restriction to Specific User/Distribution List With PolicyD

Related tutorial :

1. Zimbra Tips : Policyd & Rate-Limit Sending Message Implementation On Zimbra 8
2. Zimbra Tips : Securing PolicyD Web Admin
3. Zimbra Tips : Rate-Limit Sending Message With PolicyD
4. Zimbra Tips : Enabling Accounting Module On PolicyD

On previous tutorial, we’ve done the installation and configuration to restrict email sending per user by using the quota module, enabling accounting module and securing web admin access. Here we will discuss another PolicyD modules to increase Zimbra mail security by using Access Control module. Access control module is used to perform the control of the user/domain rights, such as preventing user from receiving emails, sending emails and others restriction policy.

On the production server, I’m using Access control module to determine which user is allowed to send an email to distribution list. By default, Zimbra distribution list or group list can receive email from anywhere. This can be dangerous because it could be a target  of spam attacks.

Actually, the restriction on the distribution list can be done by doing a little bit of tuning on Postfix configuration. By using PolicyD, those settings can be done easily, considering the presence of Policyd Web Admin for configuration.

EXAMPLE SETTING

List of user/domain that allowed to send email to distribution list :

vivianchow@excellent.co.id
zezevavai@excellent.co.id
vavai.net

Distribution List :

team-support@excellent.co.id
team-sales@excellent.co.id

POLICYD WEB ADMIN CONFIGURATION

Log in to the Web Admin PolicyD  : http://IpAddressZimbra:7780/webui/index.php. if you can not accessing PolicyD web admin, make sure Apache services is running on Zimbra. if apache service status in the stop state, start it by using the following command :

su - zimbra
zmapachectl restart

Once you logged in into web admin, select the Policy menu | Groups and then create a User_Allow group and Distribution_List and tall its members :

Policy Group

User_Allow Group Member

Distribution List Group Member

after all the group and its members is made,, create a Policy for the group. Select the Policies menu | Main then create a rule/policy with the same name distributionlist_allow and distributionlist_deny along with its members

Main Policy

See that on  the above example, Priority is zero (0) and one (1). Priority is influential as well as the MX records in the DNS. The smaller priority means the most preferred usage in policy.

Members of Main distributionlist_allow

Members of distributionlist_deny

The final stage is to control the policies that already been made. Select the Access Control | Configure and create 2 pieces of control like the example below :

Test the policies by  sending an email to distribution list using the banned user and the allowed user and check the result. Good luck and hopely this can be useful