Postfix tips
---
block incoming users or domains
reate a file called /opt/zimbra/common/conf/postfix_reject_sender with the list of email addresses and domains to be rejected in the below format:
user@domain.com REJECT domainX.com REJECT
As Zimbra user, execute the zimbraMtaSmtpdSenderRestrictions command:
zmprov ms 'yourzimbraservername' +zimbraMtaSmtpdSenderRestrictions "check_sender_access lmdb:/opt/zimbra/common/conf/postfix_reject_sender"
Then we will need to postmap it:
/opt/zimbra/common/sbin/postmap /opt/zimbra/common/conf/postfix_reject_sender
We can wait around 60 seconds until the Zimbra MTA pick up the changes, or force the changes with a restart to the MTA services with:
zmmtactl restart
-------------
Rejecting Emails at SMTP Level
If a sender is blacklisted using salocal.cf.in, postfix will accept the email and reject the emails when it reaches at amavisd scan. Admins prefer to block emails at SMTP level, so that emails will not even processed by postfix. This can be done using sender_access in smtpd_recipient_restrictions.
1. Create /opt/zimbra/postfix/conf/sender_access file with users/domains you want to reject.
user@domain.com REJECT *@domain2.com REJECT
2. Add following as 2nd line in /opt/zimbra/conf/postfix_recipient_restrictions.cf file.
check_sender_access hash:/opt/zimbra/postfix/conf/sender_access
3. Create hash and restart postfix
postmap /opt/zimbra/postfix/conf/sender_access postfix stop postfix start
Check /var/log/zimbra.log when you receive emails from blocked addresses. It will rejected with error 554 "Sender address rejected".
redirect email incoming users or domains
In this example, emails send from user@domain.com will be trapped and sent to user_trapped@domain2.com. We are using check_sender_access to achieve this.
Enter following in the file /opt/zimbra/conf/postfix_recipient_restrictions.cf Make sure it is entered at the top of the file.
vi /opt/zimbra/conf/postfix_recipient_restrictions.cf
Zimbra 8.5 or above:
check_sender_access lmdb:/opt/zimbra/postfix/conf/restricted_senders
Zimbra 8.0.9 or earlier:
check_sender_access hash:/opt/zimbra/postfix/conf/restricted_senders
Create a file /opt/zimbra/postfix/conf/restricted_senders and list all the users, whose emails you want to redirect.
cat /opt/zimbra/postfix/conf/restricted_senders user@domain.com REDIRECT user_trapped@domain2.com user2@domain.com REDIRECT user2_trapped@zbc.com ...
Create the hash and restart postfix.
postmap /opt/zimbra/postfix/conf/restricted_senders zmmtactl restart
Test
Login as user@domain.com and try sending email to any address. It will be redirected to user_trapped@domain2.com account and the log entry should look like this in /var/log/zimbra.log
Apr 12 10:08:34 mta postfix/smtpd[521]: NOQUEUE: redirect: RCPT from domain.com[xx.xx.xx.xx]: <user@domain.com>: Sender address triggers REDIRECT user_trapped@domain2.com; from=<user@domain.com> to=<realrecipient@domain.com> proto=ESMTP
Sender BCC Maps
In this example, we need a copy of all emails sent FROM user@domain.com to bccuser@domain.com user. I am using sender_bcc_maps.
Enter following line at the end of file /opt/zimbra/postfix/main.cf file.
Zimbra 8.5 or above:
sender_bcc_maps = lmdb:/opt/zimbra/postfix/conf/sender_bcc recipient_bcc_maps = lmdb:/opt/zimbra/postfix/conf/recipient_bcc
Zimbra 8.0.9 or earlier:
sender_bcc_maps = hash:/opt/zimbra/postfix/conf/sender_bcc recipient_bcc_maps = hash:/opt/zimbra/postfix/conf/recipient_bcc
Create a file /opt/zimbra/postfix/sender_bcc and add the sender address and forward address in following format. You can enter a list of users.
cat /opt/zimbra/postfix/sender_bcc user@domain.com bccuser@domain.com
Create the hash and reload the MTA.
postmap /opt/zimbra/postfix/conf/sender_bcc postmap /opt/zimbra/postfix/conf/recipient_bcc zmmtactl restart
Test
Send an email from user@domain.com and check the logs in zimbra.log. You should see two send entries, one for user@domain.com and other for bccuser@domain.com
Relay Tips Based on User/Domain Receiver on Zimbra
# Create transport for domain receiver that would be relay
2.
Fill with the following example
domain1.com :[relay.example.com] domain2.com :[relay.example.com] user1@domain3.com :[relay.example.com]
The above example, every sending email to domain1.com and domain2.com or user1@domain3.com, will be relay to relay.example.com. If your relay server using port such as 465, 587 or another port, you can change like this [relay.example.com]:587
# Postmap Transport
view sourceprint?
1.
postmap /opt/zimbra/postfix/conf/transportfile
# Adding Transport table
view sourceprint?
1.
zmprov ms mail.example.com zimbraMtaTransportMaps "lmdb:/opt/zimbra/postfix/conf/transportfile,proxy:ldap:/opt/zimbra/conf/ldap-transport.cf"
Change mail.example.com with your hostname of email server. Or you can using `zmhostname` for independently
# Restart Zimbra Services
Please try to sending email. Every sending email to domain1.com and domain2.com or user1@domain3.com, email server will be relay to relay.example.com. if sending email to another domain, email server will directly without relay to relay server
---