Results 1 to 6 of 6

Thread: HowTO Get "auto-complete address book" from ZMPROV command

  1. #1
    Join Date
    Apr 2009
    Posts
    61
    Rep Power
    6

    Lightbulb HowTO Get "auto-complete address book" from ZMPROV command

    Hi all,

    i'm working on a Zimbra C.S. 7.0.x and what i'd like to realize is a per-GAL whitelist based on user addressbook. Why to use this? Simple, becouse rbl blocks local delivery for some users that are in customer address book, but last one want to receive email anyway, so I need an easy method (and transparent to customers) that allow messages delivery from whom I've wrote successfully in the past.

    My idea is not quiet easy, but not too difficult. Realize an hash file to be compiled in postmap by postfix that allow per-user whitelisting (based on domain GAL).

    I've searched for zmprov's command that allow GAL research, but not lucky. This one

    zmprov sg <domain> <search>

    do something if associated before to a forcedsync with

    zmgsautil forceSync -a galsync@<domain> -n <data-source>

    but it is dispersive... what I need to find is something like this syntax (ideally, this command doesn't exists indeed)

    zmprov GGAAL (something like: get gal address autocomplete list) <email@domain.xxx>

    aaaa@.......
    bbbb@.......
    cccc@.......

    this could be nice, so simply sending standard output to a file, adding "OK" at the end of each line and postmapping this file and inserting this file in hash before rbl rejecting I could teach postfix to delivery anyway if email address or source in blacklisted into an RBL.

    Can somebody help me to deploy a similar system, or help me to discover a better use of this practice ?

    Best regards all,
    Andrea

  2. #2
    Join Date
    Jul 2007
    Posts
    343
    Rep Power
    8

  3. #3
    Join Date
    Apr 2009
    Posts
    61
    Rep Power
    6

    Default

    Quote Originally Posted by prashant View Post

    Solved this way:

    # THIS SCRIPT MUST BE RUN AS ROOT USER
    #
    # I WORK ON /scripts FOLDER INTO ROOT, CUSTOMIZE IF YOU NEED

    # /opt/zimbra/conf/postfix_recipient_restrictions.cf MUST HAVE A SIMILAR CONFIG , OR WHITELIST WILL BE NOT CONSIDERED AT ALL
    #
    # %%contains VAR:zimbraServiceEnabled cbpolicyd, check_policy_service inet:127.0.0.1:10031%%
    # reject_non_fqdn_recipient
    # reject_invalid_hostname
    # permit_sasl_authenticated
    # permit_mynetworks
    # reject_unauth_destination
    # check_sender_access hash:/opt/zimbra/conf/sender_blacklist <-- HAS TO BE UPPER THAN ...
    # reject_unlisted_recipient
    # %%contains VAR:zimbraMtaRestriction reject_invalid_helo_hostname%%
    # %%contains VAR:zimbraMtaRestriction reject_non_fqdn_helo_hostname%%
    # %%contains VAR:zimbraMtaRestriction reject_non_fqdn_sender%%
    # %%contains VAR:zimbraMtaRestriction reject_unknown_client_hostname%%
    # %%contains VAR:zimbraMtaRestriction reject_unknown_helo_hostname%%
    # %%contains VAR:zimbraMtaRestriction reject_unknown_sender_domain%%
    # %%explode reject_rbl_client VAR:zimbraMtaRestrictionRBLs%% <-- ...THIS ONE
    # %%contains VAR:zimbraMtaRestriction check_policy_service unixrivate/policy%%
    # permit

    # MY CUSTOMER SYNC THUNDERBIRD TO ZIMBRA BY ZINDUS

    ------------------------------------------------------------------------------------------------

    Code:
    #!/bin/bash
    
    # Do a loop to extract my domain email addresses and exclude specials (on this server there is only 1 domain)
    
    for user in $(su - zimbra -c "zmprov -l gaa|
    grep -v spam|
    grep -v ham|
    grep -v virus|
    grep -v galsync|
    grep -v admin|
    sort")
    
    do
    
    
    # Prepare a command file to be inputted to zmprov
    # For each email / user found let me search into "Contacts" and "Emailed Contacts" , my customer use Zindus 
    # to sync Thunderbird with Zimbra, so all my collected email addresses from webmail and merged from Thunderbird 
    # are available to be searched for ....
    
    # I suppose a file located in /scripts/command is available and writable
    
    # TIPS: AFTER "grep -v email" you can add "|grep -v <domain>" , IT IS SENSATE TO THINK THAT YOU'RE NOT SPAMMING FROM LOCALHOST....
    
    echo "zmprov sm $user gru \"/Emailed Contacts\"|awk -F'\"' '{print \$2}'|grep -v email|grep \"@\"|awk NF|sort" >> /scripts/command
    
    echo "zmprov sm $user gru \"/Contacts\"|awk -F'\"' '{print \$2}'|grep -v email|grep \"@\"|awk NF|sort" >> /scripts/command
    
    
    done
    
    # Ok , command file is now ready to be used. Let's run it , and write my output to a file
    
    su - zimbra < command >> /scripts/mylist_ok
    
    # Now that I've my full list to work on, let's prepare it for postmap
    
    cat /scripts/mylist_ok|uniq|sort|awk '{print tolower($0)}'|awk -F'$' '{printf "%-50s%-10s\n",$1,"PERMIT"}'|uniq >> /scripts/ready_to_postmap
    
    # Time to create the postmap hash for postfix
    
    su - zimbra -c "/opt/zimbra/postfix/sbin/postmap hash:/scripts/ready_to_postmap"
    mv /scripts/ready_to_postmap.db /opt/zimbra/conf/sender_blacklist.db
    
    # Restart ZimbraMTA
    
    su - zimbra -c "zmmtactl restart"
    
    
    # HERE WE GO!
    #
    # License: Free to use and modify, just if you use it give me a "Thanks!" , is enough :)
    Last edited by lovelord; 07-05-2013 at 06:05 AM.

  4. #4
    Join Date
    Jul 2007
    Posts
    343
    Rep Power
    8

    Default

    Awesome...
    ~=Prashant=~

  5. #5
    Join Date
    Apr 2009
    Posts
    61
    Rep Power
    6

    Default

    Quote Originally Posted by prashant View Post
    Awesome...
    Proud to be usefull , nowadays I think ZCS is an amazing server/client solutions, but a more reliable spam/blacklisting/whitelisting per user/domain must be improved, especially to work with RBL is hard enough.

    I've found some solutions by scripting utilities (like this one), but everytime we upgrade I'm horrified by casualties, like file rewrite acted by system update.... brrr.....
    Last edited by lovelord; 07-05-2013 at 08:36 AM.

  6. #6
    Join Date
    Apr 2009
    Posts
    61
    Rep Power
    6

    Default

    Ahhh, just another tip:

    You can schedule with crontab a "more complex" script that make a diff from actual whitelist file and the auto-discovered one,
    if some difference exists, remap and restart mta, otherwise just ignore. I've wrote it but it is more deep into my customer system and
    cannot share here. But it is not so difficult at all, just make something like this

    Code:
    me@mySystem:# diff -ruNt original auto_discovered > is_different
    me@mySystem:# patch -fp0 -i original < is_different
    so you can always keep the system clean from spam ... or you can try, at least.

Similar Threads

  1. Replies: 0
    Last Post: 10-12-2011, 01:12 PM
  2. Replies: 0
    Last Post: 10-08-2010, 09:21 AM
  3. Auto Complete with shared Address Book
    By Pacnos in forum General Questions
    Replies: 0
    Last Post: 02-04-2010, 06:27 AM
  4. Replies: 0
    Last Post: 09-18-2009, 03:35 AM
  5. Replies: 0
    Last Post: 01-20-2008, 01:42 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •