Category: Zimbra

To block all emails from a specific domain in Zimbra, run the following commands as user zimbra (su – zimbra).

zmprov md yourdomain.com +amavisBlacklistSender bad-domain.com
zmamavisdctl restart

To block a specific email address, run

zmprov md yourdomain.com +amavisBlacklistSender [email protected]
zmamavisdctl restart

How to unblock

If you have blocked a domain or email address and want to unblock, you can use

-amavisBlacklistSender

Example

zmprov md yourdomain.com -amavisBlacklistSender bad-domain.com
zmamavisdctl restart

Back to zimbra

When you are using the Zimbra mail server behind NAT with Split DNS, you need to disable dnscache service.

To view all enabled/installed services, run

zmprov gs `zmhostname` zimbraServiceEnabled zimbraServiceInstalled

Example

zimbra@mail:~$ zmprov gs `zmhostname` zimbraServiceEnabled zimbraServiceInstalled
# name mail.serverok.in
zimbraServiceEnabled: amavis
zimbraServiceEnabled: antivirus
zimbraServiceEnabled: antispam
zimbraServiceEnabled: opendkim
zimbraServiceEnabled: logger
zimbraServiceEnabled: ldap
zimbraServiceEnabled: mta
zimbraServiceEnabled: dnscache
zimbraServiceEnabled: memcached
zimbraServiceEnabled: snmp
zimbraServiceEnabled: stats
zimbraServiceEnabled: proxy
zimbraServiceEnabled: service
zimbraServiceEnabled: zimbra
zimbraServiceEnabled: zimbraAdmin
zimbraServiceEnabled: zimlet
zimbraServiceEnabled: mailbox
zimbraServiceEnabled: spell
zimbraServiceInstalled: amavis
zimbraServiceInstalled: antivirus
zimbraServiceInstalled: antispam
zimbraServiceInstalled: opendkim
zimbraServiceInstalled: logger
zimbraServiceInstalled: ldap
zimbraServiceInstalled: mta
zimbraServiceInstalled: dnscache
zimbraServiceInstalled: snmp
zimbraServiceInstalled: stats
zimbraServiceInstalled: memcached
zimbraServiceInstalled: proxy
zimbraServiceInstalled: mailbox
zimbraServiceInstalled: spell

zimbra@mail:~$ 

To disable dnscache service, run

zmprov ms `zmhostname` -zimbraServiceEnabled dnscache
zmprov ms `zmhostname` -zimbraServiceInstalled dnscache

Stop dnscache service

zmdnscachectl stop

Stop zimbra

zmcontrol stop

Start Zimbra

zmcontrol start

Back to Zimbra

When you install Zimbra on a server behind NAT, your public IP is not configured in the server, instead, it gets routed to the server using NAT gateway. Zimbra wants the IP address of your MX record present in the server.

To solve this problem, we can use Split DNS. When you check the IP of the MX record from the server, it resolves to the internal IP address of the server. For everyone else, the MX record resolves to the public IP Address of the server.

IMPORTANT: Do not install Zimbra dnscache (unbound) as it listens on port 53, which will cause conflict with Split DNS.

Disable systemd-resolved

On Ubuntu, local DNS resolving is done by systemd-resolved, you need it disabled.

systemctl disable systemd-resolved.service
systemctl stop systemd-resolved
rm -f /etc/resolv.conf
tee /etc/resolv.conf << END
nameserver 127.0.0.1
END

Install dnsmasq

Install dnsmasq with command

apt install dnsmasq -y

Configure dnsmasq

Edit file

vi /etc/dnsmasq.conf

Add

server=8.8.8.8
server=1.1.1.1
domain=aei.gt
mx-host=yourdomain.com,mail.yourdomain.com,5
listen-address=127.0.0.1

Restart dnsmasq

systemctl restart dnsmasq

Edit /etc/hosts file

vi /etc/hosts

Add

YOUR_LOCAL_IP  mail.yourdomain.com mail

Edit /etc/resolv.conf

vi  /etc/resolv.conf

Add

nameserver 127.0.0.1

Remove any other name server entry, do all DNS requests go to dnsmasq.

At this point, if you do a nslookup/dig for MX record, you should see your internal IP address.

Back to Zimbra