Docs/Configuration/Zimbra Integration

Zimbra Integration

Configure SecZim to work with Zimbra 8.8.x, 9.x, and 10.x mail servers.

Automatic Configuration

The SecZim installer automatically configures Zimbra integration. To verify the configuration:

su - zimbra -c "postconf | grep check_policy_service"

You should see: check_policy_service inet:127.0.0.1:10035

Manual Configuration

If you need to configure manually, follow these steps:

  1. Configure Policy Service
    su - zimbra -c "zmprov ms $(zmhostname) zimbraMtaSmtpdRecipientRestrictions 'check_policy_service inet:127.0.0.1:10035'"
  2. Reload Postfix
    su - zimbra -c "zmmtactl restart"
  3. Verify Configuration
    su - zimbra -c "postconf | grep smtpd_recipient_restrictions"

Supported Zimbra Versions

  • Zimbra 8.8.x - Fully supported
  • Zimbra 9.x - Fully supported
  • Zimbra 10.x - Fully supported

Testing the Integration

Test that SecZim is receiving policy requests:

echo -e "request=smtpd_access_policy\nprotocol_state=RCPT\nclient_address=1.2.3.4\nsender=test@example.com\nrecipient=user@yourdomain.com\n\n" | nc localhost 10035

You should receive an action=DUNNO or action=OK response.

Troubleshooting

SecZim Not Receiving Requests

  • Verify SecZim daemon is running: systemctl status seczim-daemon
  • Check port is listening: ss -tlnp | grep 10035
  • Review Zimbra MTA logs: tail -f /var/log/zimbra.log

Connection Refused Errors

  • Ensure SecZim is binding to localhost
  • Check firewall settings
  • Restart SecZim services
Tip

After any Zimbra upgrade, verify the SecZim integration is still configured correctly by running the verification commands above.