2.1.3. Single Server Installation

Extract mzr-<VERSION>.tgz package file:

tar zxvf mzr-<VERSION>.tgz

Move msh-zimbra-rules subdirectory to /opt directory:

sudo mv mzr-<VERSION>/msh-zimbra-rules /opt

Add new msh user and lock it, so nobody could login to this account:

sudo adduser msh -d /opt/msh-zimbra-rules
sudo passwd -l msh

Run install.sh script located in libexec directory:

sudo /opt/msh-zimbra-rules/libexec/install.sh

Now configuration file need to be set, you need your root password and master url to OpenLDAP. Run below command to get password and url:

sudo -u zimbra /opt/zimbra/bin/zmlocalconfig -s ldap_root_password ldap_master_url

You should get results like below, where <YOUR_LDAP_PASSWORD> and ldap://<YOUR_DOMAIN>:389 are values which we need:

ldap_root_password = <YOUR_LDAP_PASSWORD>
ldap_master_url = ldap://<YOUR.DOMAIN>:389

Edit application.properties file located in conf directory (you could use vi, pico or any other text editor):

sudo vi /opt/msh-zimbra-rules/conf/application.properties

Replace YOUR_LDAP_PASSWORD and YOUR_LDAP_URL values with your ldap root password and url (make sure you don’t have any white spaces at the end of password or url):

mzr.ldap.password = YOUR_LDAP_PASSWORD
mzr.ldap.url = YOUR_LDAP_URL

Save changed and exit.

Enable startup scripts and run application services:

sudo ln -s /opt/msh-zimbra-rules/bin/mshzimbrarules /etc/init.d/
sudo systemctl enable mshzimbrarules
sudo systemctl start mshzimbrarules

Create an empty database configuration, run makedb.sh script located in libexec directory:

sudo /opt/msh-zimbra-rules/libexec/makedb.sh

Now configure Zimbra to “pass” messages to our application, switch to zimbra user:

sudo su - zimbra

Edit master.cf.in file (assume that your’re in /opt/zimbra directory):

vi common/conf/master.cf.in

Look for 10025 port with smtpd value in line, it’s probably line 120 but it could differ in your configuration. By default not configured part looks like this:

[%%zimbraLocalBindAddress%%]:10025 inet n  -       n       -       -  smtpd
        -o content_filter=
        -o local_recipient_maps=

Append smtp:[%%zimbraLocalBindAddress%%]:42104 value in -o content_filter= line, like this:

[%%zimbraLocalBindAddress%%]:10025 inet n  -       n       -       -  smtpd
        -o content_filter=smtp:[%%zimbraLocalBindAddress%%]:42104
        -o local_recipient_maps=

Now go to the end of file and append this part:

[%%zimbraLocalBindAddress%%]:42105   inet    n   -   n   -   -   smtpd
        -o content_filter=
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
        -o smtpd_helo_restrictions=
        -o smtpd_client_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_relay_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks=
        -o smtpd_authorized_xforward_hosts=
        -o smtp_address_preference=ipv4

Save changes and exit text editor.

It’s time to enable application milter for Zimbra.


Zimbra 8.6 and later have a bug which overwrite Postfix smtpd_milters parameter with empty value and milter will not work, Bug 97706 can be found on the official Bugzilla. One of workarounds is to enable zimbraMilterServerEnabled even if you not use built-in milter server.

Run below commands (still as zimbra user):

zmprov ms `hostname` zimbraMilterServerEnabled TRUE
zmprov ms `hostname` zimbraMtaSmtpdMilters inet:localhost:42102
zmprov ms `hostname` zimbraMtaNonSmtpdMilters inet:localhost:42102
zmmilterctl start

Reload Zimbra mail transport agent:

zmmtactl reload