tes

By: admin
Category: None
Created: Jan 29, 2026 2:22 PM
Updated: Jan 30, 2026 9:45 PM
Public Note

Zimbra Session Notes - January 29, 2026

Session Overview

Date: January 29, 2026 Duration: Multiple hours Focus Areas: FromNameSpoof detection, admin account restrictions

Actions Taken

1. FromNameSpoof Detection Implementation

  • Identified that FromNameSpoof rules (T_FROMNAME_SPOOFED_EMAIL and T_FROMNAME_EQUALS_TO) were not appearing in email spam headers
  • Researched the configuration files and found the rules were defined but not properly loaded
  • Added proper configuration to /opt/zimbra/data/spamassassin/localrules/local.cf: 
    # Load FromNameSpoof plugin
loadplugin    Mail::SpamAssassin::Plugin::FromNameSpoof

# Enable FromNameSpoof plugin with stricter checking
ifplugin Mail::SpamAssassin::Plugin::FromNameSpoof
  # Set check level to 0 for strict checking (From:name != From:addr)
  # Level 1 allows different TLDs, level 0 is strictest
  fns_check 0
  score    T_FROMNAME_SPOOFED_EMAIL 2.0
  score    T_FROMNAME_EQUALS_TO 1.5
endif
  • Restarted amavisd service to apply changes
  • Verified that the rules are now appearing in email headers:
    • T_FROMNAME_EQUALS_TO=0.01
    • T_FROMNAME_SPOOFED_EMAIL=0.01
  • Conducted multiple tests with emails from "Globe Telecom Inc." admin@m3bolt.com
  • Confirmed that the system now properly detects name/email mismatches

2. Admin Account Restriction Attempt & Correction

  • Initially attempted to restrict admin@m3bolt.com from sending external emails using Postfix sender-dependent relayhost maps
  • Created configuration file: /opt/zimbra/common/conf/sender_relay_restrictions
  • Applied changes to Postfix configuration using sender_dependent_relayhost_maps
  • This caused the admin account to lose access to Zimbra admin functions and show "maintenance mode"
  • Corrective Actions Taken:
    • Removed the problematic sender_dependent_relayhost_maps configuration
    • Restored admin account status: zmprov ma admin@m3bolt.com zimbraAccountStatus active
    • Restored admin privileges: zmprov ma admin@m3bolt.com zimbraIsAdminAccount TRUE
    • Restarted Zimbra services to ensure proper functionality
    • Verified admin account can access admin console and send internal emails

3. Documentation Created

  • Created fromnamespoof_implementation_summary.md - Summary of FromNameSpoof implementation
  • Created fromnamespoof_test_results.md - Test results for FromNameSpoof functionality
  • Created fromnamespoof_updated_status.md - Updated status of FromNameSpoof detection
  • Created admin_external_email_restriction.md - Documentation of restriction method
  • Created comprehensive_solution.md - Detailed solution for admin account restrictions
  • Created admin_external_restriction_approach.md - Approach documentation

Issues Encountered

  1. Postfix configuration changes affecting admin account functionality
  2. Complexity of implementing per-account email restrictions in Zimbra
  3. Syntax challenges with zmmailbox filter rules

Solutions Implemented

  1. Successfully enabled FromNameSpoof detection with stricter checking (fns_check 0)
  2. Restored full admin functionality after restriction attempt caused issues
  3. Documented proper approach for future reference

Current Status

  • FromNameSpoof detection is working properly with stricter checking
  • Admin account has full functionality restored
  • External email restrictions for admin account were not permanently implemented due to functionality risks
  • System is stable and operational

Recommendations

  1. For external email restrictions, implement at the user awareness/training level rather than system level to avoid functionality issues
  2. Continue monitoring the FromNameSpoof rules to ensure they're properly catching spoofed emails
Back to Notes