I had a department head today receive an email from a vendor on his internal (department only) dist list. The list is a dynamic list matching a LDAP property, same as all of other department dist lists.
Prior to v10.0 I could see the rights on the dist lists using zmprov. This no longer seems to be the case. I sent an email to the list from my personal account and it did deliver to everyone in the department. So, I tried to revoke public access through zmprov and an error stating that the pub access was not granted.
zimbra@zimbra:~$ zmprov rvr dl street@greenfieldin.org pub sendToDistList
ERROR: account.NO_SUCH_GRANT (no such grant: [grantee name=null, grantee id=99999999-9999-9999-9999-999999999999, grantee type=pub, right=sendToDistList])
zimbra@zimbra:~$
In prior versions of Zimbra NE I could see the grants, here is an old example of a list that is allowed public access. This zmprov command was run on Zimbra NE 9
zimbra@zimbra2:~$ zmprov gdl parks_rec@greenfieldin.org
# distributionList parks_rec@greenfieldin.org memberCount=4
cn: Parks Rec Online Forms
displayName: Parks Rec Online Forms
mail: parks_rec@greenfieldin.org
objectClass: zimbraDistributionList
objectClass: zimbraMailRecipient
uid: parks_rec
zimbraACE: 27ba1629-4b98-4b3b-8d51-2bac0415b8a5 usr ownDistList
zimbraACE: 99999999-9999-9999-9999-999999999999 pub sendToDistList
zimbraCreateTimestamp: 20190529140505.102Z
zimbraDistributionListSubscriptionPolicy: REJECT
zimbraDistributionListUnsubscriptionPolicy: REJECT
zimbraHideInGal: TRUE
zimbraId: 0d592a28-5a1a-4437-b0cf-386e95acb2ad
zimbraMailAlias: parks_rec@greenfieldin.org
zimbraMailForwardingAddress: xxx@greenfieldin.org
zimbraMailForwardingAddress: xxx@greenfieldin.org
zimbraMailForwardingAddress: xxx@greenfieldin.org
xzimbraMailHost: zimbra.greenfieldin.org
zimbraMailStatus: enabled
Here is that same zmprov command run on 10.1
zimbra@zimbra:~$ zmprov gdl parks_rec@greenfieldin.org
# distributionList parks_rec@greenfieldin.org memberCount=8
mail: parks_rec@greenfieldin.org
objectClass: zimbraDistributionList
objectClass: zimbraMailRecipient
uid: parks_rec
zimbraCreateTimestamp: 20230615173628.587Z
zimbraId: 5cdfc9cb-f4a2-4a05-b3be-dc09089b790c
zimbraMailAlias: parks_rec@greenfieldin.org
zimbraMailForwardingAddress: xxx@greenfieldin.org
zimbraMailForwardingAddress: xxx@greenfieldin.org
zimbraMailForwardingAddress: xxx@greenfieldin.org
zimbraMailHost: zimbra.greenfieldin.org
zimbraMailStatus: enabled
If I try to check the access, zmprov returns an error that the property must be an email address and not "pub".
zimbra@zimbra:~$ zmprov ckr dl street@greenfieldin.org pub sentToDistList
ERROR: service.INVALID_REQUEST (invalid request: must be valid email address: pub)
zimbra@zimbra:~$
Dismayed, I went to the GUI, assigned an owner, went into the owner's account and contacts->distribution list properties, and checked "Only internal users can send to this list". Now, my zimbraACE properties are there.
[size]zimbra@zimbra:~$ zmprov gdl street@greenfieldin.org
# distributionList street@greenfieldin.org memberCount=15
cn: street
dgIdentity: uid=zimbra,cn=admins,cn=zimbra
mail: street@greenfieldin.org
memberURL: ldap:///??sub?(&(objectClass=zimbraAccount)(zimbraCOSId=e00428a1-0c00-11d9-836a-000d93afea2a)(company=Street))
objectClass: groupOfURLs
objectClass: dgIdentityAux
objectClass: zimbraGroup
zimbraACE: cd64ddf6-e6c9-4293-97e5-88f4b94aa103 usr ownDistList
zimbraACE: 00000000-0000-0000-0000-000000000000 all sendToDistList
zimbraCreateTimestamp: 20230721181512.038Z
zimbraId: d167b0e5-5e25-4c30-8d00-16e97d5e8f2f
zimbraIsACLGroup: FALSE
zimbraMailAlias: street@greenfieldin.org
zimbraMailHost: zimbra.greenfieldin.org
zimbraMailStatus: enabled[/size]
Have we lost the ability to work with zimbraACE properties in the command line?
Why is this list allowing public access and I can find no place where that is displayed to me?
DAve
Prior to v10.0 I could see the rights on the dist lists using zmprov. This no longer seems to be the case. I sent an email to the list from my personal account and it did deliver to everyone in the department. So, I tried to revoke public access through zmprov and an error stating that the pub access was not granted.
zimbra@zimbra:~$ zmprov rvr dl street@greenfieldin.org pub sendToDistList
ERROR: account.NO_SUCH_GRANT (no such grant: [grantee name=null, grantee id=99999999-9999-9999-9999-999999999999, grantee type=pub, right=sendToDistList])
zimbra@zimbra:~$
In prior versions of Zimbra NE I could see the grants, here is an old example of a list that is allowed public access. This zmprov command was run on Zimbra NE 9
zimbra@zimbra2:~$ zmprov gdl parks_rec@greenfieldin.org
# distributionList parks_rec@greenfieldin.org memberCount=4
cn: Parks Rec Online Forms
displayName: Parks Rec Online Forms
mail: parks_rec@greenfieldin.org
objectClass: zimbraDistributionList
objectClass: zimbraMailRecipient
uid: parks_rec
zimbraACE: 27ba1629-4b98-4b3b-8d51-2bac0415b8a5 usr ownDistList
zimbraACE: 99999999-9999-9999-9999-999999999999 pub sendToDistList
zimbraCreateTimestamp: 20190529140505.102Z
zimbraDistributionListSubscriptionPolicy: REJECT
zimbraDistributionListUnsubscriptionPolicy: REJECT
zimbraHideInGal: TRUE
zimbraId: 0d592a28-5a1a-4437-b0cf-386e95acb2ad
zimbraMailAlias: parks_rec@greenfieldin.org
zimbraMailForwardingAddress: xxx@greenfieldin.org
zimbraMailForwardingAddress: xxx@greenfieldin.org
zimbraMailForwardingAddress: xxx@greenfieldin.org
xzimbraMailHost: zimbra.greenfieldin.org
zimbraMailStatus: enabled
Here is that same zmprov command run on 10.1
zimbra@zimbra:~$ zmprov gdl parks_rec@greenfieldin.org
# distributionList parks_rec@greenfieldin.org memberCount=8
mail: parks_rec@greenfieldin.org
objectClass: zimbraDistributionList
objectClass: zimbraMailRecipient
uid: parks_rec
zimbraCreateTimestamp: 20230615173628.587Z
zimbraId: 5cdfc9cb-f4a2-4a05-b3be-dc09089b790c
zimbraMailAlias: parks_rec@greenfieldin.org
zimbraMailForwardingAddress: xxx@greenfieldin.org
zimbraMailForwardingAddress: xxx@greenfieldin.org
zimbraMailForwardingAddress: xxx@greenfieldin.org
zimbraMailHost: zimbra.greenfieldin.org
zimbraMailStatus: enabled
If I try to check the access, zmprov returns an error that the property must be an email address and not "pub".
zimbra@zimbra:~$ zmprov ckr dl street@greenfieldin.org pub sentToDistList
ERROR: service.INVALID_REQUEST (invalid request: must be valid email address: pub)
zimbra@zimbra:~$
Dismayed, I went to the GUI, assigned an owner, went into the owner's account and contacts->distribution list properties, and checked "Only internal users can send to this list". Now, my zimbraACE properties are there.
[size]zimbra@zimbra:~$ zmprov gdl street@greenfieldin.org
# distributionList street@greenfieldin.org memberCount=15
cn: street
dgIdentity: uid=zimbra,cn=admins,cn=zimbra
mail: street@greenfieldin.org
memberURL: ldap:///??sub?(&(objectClass=zimbraAccount)(zimbraCOSId=e00428a1-0c00-11d9-836a-000d93afea2a)(company=Street))
objectClass: groupOfURLs
objectClass: dgIdentityAux
objectClass: zimbraGroup
zimbraACE: cd64ddf6-e6c9-4293-97e5-88f4b94aa103 usr ownDistList
zimbraACE: 00000000-0000-0000-0000-000000000000 all sendToDistList
zimbraCreateTimestamp: 20230721181512.038Z
zimbraId: d167b0e5-5e25-4c30-8d00-16e97d5e8f2f
zimbraIsACLGroup: FALSE
zimbraMailAlias: street@greenfieldin.org
zimbraMailHost: zimbra.greenfieldin.org
zimbraMailStatus: enabled[/size]
Have we lost the ability to work with zimbraACE properties in the command line?
Why is this list allowing public access and I can find no place where that is displayed to me?
DAve
Statistics: Posted by yellowhousejake — Fri Feb 14, 2025 7:05 pm