This should maybe be titled 'Lessons from running a SMTP mail server' as it's not so much Zimbra that's been the issue, but fighting spammers. I'm not doing anything fancy, I only have a single VM running the free edition of Zimbra with not many mailboxes, the trouble is that any presence on TCP/25 on the Internet will have the same issues - getting you mails delivered, while not getting overwhelmed by spam being received.
With only a few mailboxes the former should be easy, except that out of the box my setup wasn't secure enough to prevent tons of spam email being relayed - no I wasn't an open relay, but I hadn't rejected unlisted senders, which means someone sent a bunch of stuff 'from' my domain, which I wanted Zimbra to relay (due to system emails from vCenter / NetApp etc.) I turned that off:
Receiving email should be a breeze too, except once I'd tightened the spam scoring to reduce spam to a manageable trickle, false positives crept in too.
In /opt/zimbra/data/spamassassin/ there are several configuration files, I found it useful to whitelist several domains from which I regularly receive mail, adding them to localrules.cf, though I found that they still got rejected sometimes. I fixed that by changing the score for whitelisted domains in ../rules/50_scores.cf though these aren't supposed to be modified so be warned that an upgrade may well overwrite my changes.
After making changes you need to restart Zimbra, or at least 'zmamavisdctl restart' (as Zimbra user)
Other things that have been useful to me have been around collecting data from the command line, using zmprov to grab stuff out of the DB that I can then look at /pipe to a file:
zmprov -l gaa - lists all accounts
zmprov gadl - lists all distribution lists
zmprov gdl mailinglist@example.com | grep zimbraMailForwardingAddress: | awk {'print $2'} - lists members of a distribution list
for i in `zmprov -l gaa` ; do zmprov ga $i zimbraMailAlias ; done - lists aliases
With only a few mailboxes the former should be easy, except that out of the box my setup wasn't secure enough to prevent tons of spam email being relayed - no I wasn't an open relay, but I hadn't rejected unlisted senders, which means someone sent a bunch of stuff 'from' my domain, which I wanted Zimbra to relay (due to system emails from vCenter / NetApp etc.) I turned that off:
zmprov mcf zimbraMtaSmtpdRejectUnlistedRecipient yes
zmprov mcf zimbraMtaSmtpdRejectUnlistedSender yes
zmmtactl restart
zmconfigdctl restart
Receiving email should be a breeze too, except once I'd tightened the spam scoring to reduce spam to a manageable trickle, false positives crept in too.
In /opt/zimbra/data/spamassassin/ there are several configuration files, I found it useful to whitelist several domains from which I regularly receive mail, adding them to localrules.cf, though I found that they still got rejected sometimes. I fixed that by changing the score for whitelisted domains in ../rules/50_scores.cf though these aren't supposed to be modified so be warned that an upgrade may well overwrite my changes.
After making changes you need to restart Zimbra, or at least 'zmamavisdctl restart' (as Zimbra user)
Other things that have been useful to me have been around collecting data from the command line, using zmprov to grab stuff out of the DB that I can then look at /pipe to a file:
zmprov -l gaa - lists all accounts
zmprov gadl - lists all distribution lists
zmprov gdl mailinglist@example.com | grep zimbraMailForwardingAddress: | awk {'print $2'} - lists members of a distribution list
for i in `zmprov -l gaa` ; do zmprov ga $i zimbraMailAlias ; done - lists aliases
