E.F.A validate users against zimbra
Posted: 06 Mar 2018 00:05
this is to avoid releasing emails to invalid users to your zimbra server and prevent to send emails from an inexistent user (user spoofing)
1) login on to the E.F.A shell
2) change to root user (use your E.F.A web user/password)
3) create an ldap map file
replace with your data:
domain = yourdomain.com
server_host = ip_of_your_zimbra_server
search_base = com (depends on your domain)
bind_dn = zimbra_ldap_password
NOTE1: the search_base is only the extention of the domain, and not the entire domain, this is intentionaly left that way to match all the possibles domains in the zimbra server (most of the time all the domains belong to the same country and use the same extention, if you have domains with different extentions, you have to create a ldap map file for each one (instructions at the end)
NOTE2: to get the zimbra ldap password (bind_pw), log in on the shell of your zimbra mail server as zimbra user and execute
4) edit the /etc/postfix/main.cf and append this parameters
5) restart your postfix service and enjoy.
If you use the same E.F.A to several zimbra servers you have create an ldap map file for each one, replace the corresponding parameters and add to the main.cf in this way.
change to this in /etc/postfix/main.cf
you can test it by sending an email to a nonexistent user on your domain and watch the logs on both zimbra an E.F.A servers (/var/log/messages and /var/log/maillog), only the E.F.A has to report this and you have to get a bounce. (zimbra server don't have to show any movement of that email on the logs.)
1) login on to the E.F.A shell
2) change to root user (use your E.F.A web user/password)
Code: Select all
#sudo su -
Code: Select all
#vim /etc/postfix/ldap_maps_domain.cf
domain = yourdomain.com
server_host = ip_of_your_zimbra_server
search_base = com (depends on your domain)
bind_dn = zimbra_ldap_password
Code: Select all
domain = domain1.cl
server_host = 192.168.1.100
search_base = DC=cl
bind = yes
bind_dn = uid=zimbra,cn=admins,cn=zimbra
bind_pw = miIWB09e
query_filter = (|(mail=%s)(proxyAddresses=smtp:%s))
leaf_result_attribute = mail
version = 3
NOTE2: to get the zimbra ldap password (bind_pw), log in on the shell of your zimbra mail server as zimbra user and execute
Code: Select all
$ zmlocalconfig -s zimbra_ldap_password|awk {'print $3'}
Code: Select all
relay_recipient_maps = ldap:/etc/postfix/ldap_maps_domain.cf
virtual_alias_maps = ldap:/etc/postfix/ldap_maps_domain.cf
virtual_mailbox_maps = ldap:/etc/postfix/ldap_maps_domain.cf
smtpd_sender_login_maps = ldap:/etc/postfix/ldap_maps_domain.cf
Code: Select all
#service postfix restart
Code: Select all
#vim /etc/postfix/ldap_maps_domain2.cf
Code: Select all
dominio = domain2.com
server_host = 192.168.1.200
search_base = DC=com
bind = yes
bind_dn = uid=zimbra,cn=admins,cn=zimbra
bind_pw = mpIWB19y
query_filter = (|(mail=%s)(proxyAddresses=smtp:%s))
leaf_result_attribute = mail
version = 3
Code: Select all
relay_recipient_maps = ldap:/etc/postfix/ldap_maps_domain.cf, ldap:/etc/postfix/ldap_maps_domain2.cf
virtual_alias_maps = ldap:/etc/postfix/ldap_maps_domain.cf, ldap:/etc/postfix/ldap_maps_domain2.cf
virtual_mailbox_maps = ldap:/etc/postfix/ldap_maps_domain.cf, ldap:/etc/postfix/ldap_maps_domain2.cf
smtpd_sender_login_maps = ldap:/etc/postfix/ldap_maps_domain.cf ldap:/etc/postfix/ldap_maps_domain2.cf,
Code: Select all
#service postfix restart