[HowTo] Regulate Di...
Clear all

[Sticky] [HowTo] Regulate Distribution List senders with the new Milter Server in Zimbra 7

1 Posts
1 Users
Posts: 25
Topic starter

Ever since Zimbra release, one of the most requested features has been the possibility to regulate Distribution Lists senders. This guide explains how to do it by using the new Milter server included with Zimbra 7.1+.

What is a Milter
Quote from the Wikipedia page for Milter:

Milter (portmanteau for mail filter) is an extension to the widely used open source mail transfer agents (MTA) Sendmail and Postfix. It allows administrators to add mail filters for filtering spam or viruses very efficiently in the mail-processing chain. In the language of the art, "milter" refers to the protocol and API implementing the service, while "a milter" has come to refer to a filter application that uses milter to provide service.

In Zimbra, the Milter is used for permission control on emails addressed to a Distribution List.

Milter runs as a deamon listening on port 7026 (default, can be changed via zmlocalconfig -e).

Enabling Milter
To enable the Milter server follow this simple steps:

  • Log into the Zimbra Administration Consolle
  • Enter the Server Settings menu from the left-side panel
  • Enter the MTA tab
  • Check the "Enable Milter Server"
  • Enter the Milter Server's IP in the "Milter Server Binding Address" textbox. Use for the local Milter Server (most common choice)
  • Click "Save"

To check if the Milter Server is running, log into the Zimbra server on a root consolle (e.g. ssh) and run the following command:

su - zimbra -c 'zmmilterctl status'

If you have correctly enabled the Milter Server but it fails to start, run an MTA reload with the following command:

su - zimbra -c 'zmmtactl reload'

Configure allowed senders for a distribution list
To allow a user to write to a distribution list, you must grant such user the sendToDistList right for the distribution list.

To do so, use the following command:

zmprov grr dl distributionlist@yourdomain.dom usr user@yourdomain.dom sendToDistList

To check if the rights are correctly granted:

  • Obtain the user's ZimbraID with
    zmprov ga user@yourdomain.dom | grep -i "zimbraid: "

  • Check the distribution list's permissions with
  • zmprov gdl distributionlist@yourdomain.dom | less

If you can see a line in the output of the last command like:

zimbraACE: [zimbraId of the user] usr sendToDistList

then the user is now allowed to write to the distribution list, while all the other users will not be allowed to do so.

Granting rights to other entities
The sendToDistList right can also be granted to entities other than users by changing the parameters of 'zmprov grr'.
This is the syntax to use:

zmprov grr dl distributionlist@yourdomain.dom {grantee-type} [grantee-id|grantee-name]

The {grantee-type} can be:

  • usr => User*
  • grp => Group (distribution list) *
  • all => All entities
  • dom => Domain*
  • pub => Public

The [grantee-id|grantee-name] argument is required only for the grantee-types marked with an (*)

REMEMBER: Once you grant sendToDistList permission on a distribution list NO USERS, except for those who have been specifically granted such right, WILL BE ABLE TO WRITE TO THE MAILING LIST

Final Thoughts:
Distrinution List regulation was a very needed function in Zimbra, and the new Milter Server provides a good way to manage that.
However, it's still a 'dormant' function in Zimbra (no official docs nor a configuration GUI has been released yet), so be careful and try this on a test server before starting to use this new feature in a production server.

Your friendly neighborhood Community Manager,

Posted : 06/15/2011 16:05