Configuring Zimbra with Sorb SCES

2 years ago
sorb
2 minutes

What Is Zimbra?

Zimbra is the well-known open-source mail server which also provides the commercial license to enhance the customer experience.

Configuring Zimbra with Sorb SCES

Sorb SCES IP could be found on Connection Details.

Whitelisting Sorb SCES IP on RBL

  1. Whitelist Edit /opt/zimbra/conf/postfix_rbl_override. Add IP address(es) SPACE OK to the file, one IP address per line:
    129.126.138.112/28 OK
    36.50.34.0/23 OK
  2. Run the postmap to save and apply the changes in Postfix:
    postmap /opt/zimbra/conf/postfix_rbl_override
  3. Run the zmprov to apply the changes to the Zimbra Collaboration Server:
    zmprov mcf +zimbraMtaRestriction 'check_client_access lmdb:/opt/zimbra/conf/postfix_rbl_override'
  4. postmap will need to be rerun on the file any time an IP address is added or removed.

Disable anti-spam checking of all emails coming from Sorb SCES

  1. Enter following line at the top of: /opt/zimbra/conf/postfix_recipient_restrictions.cf
    check_client_access hash:/opt/zimbra/postfix/conf/amavis_client_whitelist
  2. Create a file: /opt/zimbra/postfix/conf/amavis_client_whitelist
    vi /opt/zimbra/postfix/conf/amavis_client_whitelist
    129.126.138.112/28 FILTER smtp-amavis:[127.0.0.1]:10026
    36.50.34.0/23 FILTER smtp-amavis:[127.0.0.1]:10026
  3. Converting amavis_client_whitelist an ASCII form file into maptype database file:
    /opt/zimbra/postfix/sbin/postmap /opt/zimbra/postfix/conf/amavis_client_whitelist
  4. That will create a Berkeley DB:
    zimbra@zimbra:~$ file /opt/zimbra/postfix/conf/amavis_client_whitelist.db
    /opt/zimbra/postfix/conf/amavis_client_whitelist.db: Berkeley DB (Hash, version 8, native byte-order)
  5. Enter following in /opt/zimbra/conf/amavisd.conf.in:
    $inet_socket_port = [10024, 10026]; # change from original setting
    $interface_policy{'10026'} = 'CLIENTWHITELIST';
    $policy_bank{'CLIENTWHITELIST'} = {
    bypass_spam_checks_maps => [1],
    final_spam_destiny => D_PASS,
    };
  6. Restart postfix and amavisd
    zmmtactl restart && zmamavisdctl restart

Note: The folder path could be /opt/zimbra/common/conf(v8.3) instead of /opt/zimbra/postfix/conf due to the different version of Zimbra.

Alternative: Bypass local network with amavis for all emails coming from Sorb SCES

  1. Confirm that Sorb network is configured as part of the MTA network by running these commands
    • postconf mynetworks
    • zmprov gs zmhostname zimbraMtaMyNetworks
  2. If not, configure MTA networks
    • zmprov ms zmhostname zimbraMtaMyNetworks '127.0.0.0/8 10.0.0.0/8 192.168.0.0/16 129.126.138.112/28 36.50.34.0/23'
  3. Enable bypass
    • zmprov mcf zimbraAmavisOriginatingBypassSA TRUE
  4. Restart the services to apply the configuration
    • zmantispamctl restart
    • zmantivirusctl restart
    • zmamavisdctl restart

Configure Outbound to relay via Sorb SCES

Zimbra Wiki KB

SCES outbound hosts are at here,

smarthost1-sces.sorbsecurity.com
smarthost2-sces.sorbsecurity.com