E.F.A validate users against zimbra

Questions and answers about how to do stuff
Post Reply
froman
Posts: 21
Joined: 29 Aug 2017 03:41

E.F.A validate users against zimbra

Post by froman »

this is to avoid releasing emails to invalid users to your zimbra server and prevent to send emails from an inexistent user (user spoofing)

1) login on to the E.F.A shell

2) change to root user (use your E.F.A web user/password)

Code: Select all

#sudo su -
3) create an ldap map file

Code: Select all

#vim /etc/postfix/ldap_maps_domain.cf
replace with your data:
domain = yourdomain.com
server_host = ip_of_your_zimbra_server
search_base = com (depends on your domain)
bind_dn = zimbra_ldap_password

Code: Select all

domain = domain1.cl
server_host = 192.168.1.100
search_base = DC=cl 
bind = yes
bind_dn = uid=zimbra,cn=admins,cn=zimbra
bind_pw = miIWB09e
query_filter = (|(mail=%s)(proxyAddresses=smtp:%s))
leaf_result_attribute = mail
version = 3
NOTE1: the search_base is only the extention of the domain, and not the entire domain, this is intentionaly left that way to match all the possibles domains in the zimbra server (most of the time all the domains belong to the same country and use the same extention, if you have domains with different extentions, you have to create a ldap map file for each one (instructions at the end)

NOTE2: to get the zimbra ldap password (bind_pw), log in on the shell of your zimbra mail server as zimbra user and execute

Code: Select all

$ zmlocalconfig -s zimbra_ldap_password|awk {'print $3'}
4) edit the /etc/postfix/main.cf and append this parameters

Code: Select all

relay_recipient_maps = ldap:/etc/postfix/ldap_maps_domain.cf
virtual_alias_maps = ldap:/etc/postfix/ldap_maps_domain.cf
virtual_mailbox_maps = ldap:/etc/postfix/ldap_maps_domain.cf
smtpd_sender_login_maps = ldap:/etc/postfix/ldap_maps_domain.cf
5) restart your postfix service and enjoy.

Code: Select all

#service postfix restart
If you use the same E.F.A to several zimbra servers you have create an ldap map file for each one, replace the corresponding parameters and add to the main.cf in this way.

Code: Select all

#vim /etc/postfix/ldap_maps_domain2.cf

Code: Select all

dominio = domain2.com
server_host = 192.168.1.200
search_base = DC=com
bind = yes
bind_dn = uid=zimbra,cn=admins,cn=zimbra
bind_pw = mpIWB19y
query_filter = (|(mail=%s)(proxyAddresses=smtp:%s))
leaf_result_attribute = mail
version = 3
change to this in /etc/postfix/main.cf

Code: Select all

relay_recipient_maps = ldap:/etc/postfix/ldap_maps_domain.cf, ldap:/etc/postfix/ldap_maps_domain2.cf
virtual_alias_maps = ldap:/etc/postfix/ldap_maps_domain.cf, ldap:/etc/postfix/ldap_maps_domain2.cf
virtual_mailbox_maps = ldap:/etc/postfix/ldap_maps_domain.cf, ldap:/etc/postfix/ldap_maps_domain2.cf
smtpd_sender_login_maps = ldap:/etc/postfix/ldap_maps_domain.cf ldap:/etc/postfix/ldap_maps_domain2.cf, 

Code: Select all

#service postfix restart
you can test it by sending an email to a nonexistent user on your domain and watch the logs on both zimbra an E.F.A servers (/var/log/messages and /var/log/maillog), only the E.F.A has to report this and you have to get a bounce. (zimbra server don't have to show any movement of that email on the logs.)
musabr187
Posts: 20
Joined: 24 Sep 2018 06:02

Re: E.F.A validate users against zimbra

Post by musabr187 »

Hi,
I’m running Zimbra 8.6.0 & EFA 3.0.2.5 and it’s not working for me.
Getting the following error in EFA logs -

Code: Select all

warning: dict_ldap_lookup: Search error 34: Invalid DN syntax
warning: ldap:/etc/postfix/ldap_maps_domain.cf lookup error for "test11@example.com"
NOQUEUE: reject: RCPT from xsendersrv.xxx.com[1x.xx.xx.xx]: 451 4.3.0 <test11@example1.com>: Temporary lookup failure; from=<test22@example2.com> to=<test11@example1.com> proto=ESMTP helo=<xsendersrv.xxx.com>
Post Reply