In the ongoing fight against compromised user accounts, I set up cbpolicyd to rate limit outgoing emails from my servers. However, since I never set up a list of local domains, I occasionally get false positives triggered by users either moving many messages to spam (and automatically being forwarded to the spam autolearn address) or sending to local users. Since the list of domains can change often, I wanted a way to populate this list on a schedule.
Devising a Solution
First, I started with the question of how to extract the list of domains from LDAP. To get the ldap password, you have to be logged in as zimbra and run
zmlocalconfig -s | grep ldap. Since ldapsearch outputs in LDIF format, some text sanitization had to be done to leave only the list of domains. The final product of this sanitization resulted in this:
Next, I had to work on getting this list populated into the sqlite database used by cbpolicyd. First I had to locate where this database was stored by looking in /opt/zimbra/conf/cbpolicyd.conf at the [database] parameter. Once I had this located, I needed to check what group ID I was using, so logged in and checked like so:
1 2 3 4 5 6 7
It looks like my policy group ID is 2, so I’ll use that in my scripts.
I created a bash script that first gets the list of domains and redirects the output to a temporary file. Then it deletes any existing policy group members from the internal_domains group, and finally re-populates it with the domains from the ldap list (the domains need to be prefixed by @). In order to avoid any locking issues, I’m shutting down cbpolicyd while I delete and repopulate the domain list. Then I delete the temp file.
The Final Script
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
I have this running in cron daily which should be sufficient for the frequency domains are added and deleted for my servers.