Postfix tips

---

block incoming users or domains

reate a file called /opt/zimbra/common/conf/postfix_reject_sender with the list of email addresses and domains to be rejected in the below format:

user@domain.com REJECT domainX.com REJECT

As Zimbra user, execute the zimbraMtaSmtpdSenderRestrictions command:

zmprov ms 'yourzimbraservername' +zimbraMtaSmtpdSenderRestrictions "check_sender_access lmdb:/opt/zimbra/common/conf/postfix_reject_sender"

Then we will need to postmap it:

/opt/zimbra/common/sbin/postmap /opt/zimbra/common/conf/postfix_reject_sender

We can wait around 60 seconds until the Zimbra MTA pick up the changes, or force the changes with a restart to the MTA services with:

zmmtactl restart

-------------

Rejecting Emails at SMTP Level

If a sender is blacklisted using salocal.cf.in, postfix will accept the email and reject the emails when it reaches at amavisd scan. Admins prefer to block emails at SMTP level, so that emails will not even processed by postfix. This can be done using sender_access in smtpd_recipient_restrictions.

1. Create /opt/zimbra/postfix/conf/sender_access file with users/domains you want to reject.

user@domain.com REJECT *@domain2.com REJECT

2. Add following as 2nd line in /opt/zimbra/conf/postfix_recipient_restrictions.cf file.

check_sender_access hash:/opt/zimbra/postfix/conf/sender_access

3. Create hash and restart postfix

postmap /opt/zimbra/postfix/conf/sender_access postfix stop postfix start

Check /var/log/zimbra.log when you receive emails from blocked addresses. It will rejected with error 554 "Sender address rejected".

redirect email incoming users or domains

In this example, emails send from user@domain.com will be trapped and sent to user_trapped@domain2.com. We are using check_sender_access to achieve this.

- Enter following in the file /opt/zimbra/conf/postfix_recipient_restrictions.cf Make sure it is entered at the top of the file.

vi /opt/zimbra/conf/postfix_recipient_restrictions.cf

Zimbra 8.5 or above:

check_sender_access lmdb:/opt/zimbra/postfix/conf/restricted_senders

Zimbra 8.0.9 or earlier:

check_sender_access hash:/opt/zimbra/postfix/conf/restricted_senders

- Create a file /opt/zimbra/postfix/conf/restricted_senders and list all the users, whose emails you want to redirect.

cat /opt/zimbra/postfix/conf/restricted_senders user@domain.com REDIRECT user_trapped@domain2.com user2@domain.com REDIRECT user2_trapped@zbc.com ...

- Create the hash and restart postfix.

postmap /opt/zimbra/postfix/conf/restricted_senders zmmtactl restart

Test

Login as user@domain.com and try sending email to any address. It will be redirected to user_trapped@domain2.com account and the log entry should look like this in /var/log/zimbra.log

Apr 12 10:08:34 mta postfix/smtpd[521]: NOQUEUE: redirect: RCPT from domain.com[xx.xx.xx.xx]: <user@domain.com>: Sender address triggers REDIRECT user_trapped@domain2.com; from=<user@domain.com> to=<realrecipient@domain.com> proto=ESMTP

Sender BCC Maps

In this example, we need a copy of all emails sent FROM user@domain.com to bccuser@domain.com user. I am using sender_bcc_maps.

- Enter following line at the end of file /opt/zimbra/postfix/main.cf file.

Zimbra 8.5 or above:

sender_bcc_maps = lmdb:/opt/zimbra/postfix/conf/sender_bcc recipient_bcc_maps = lmdb:/opt/zimbra/postfix/conf/recipient_bcc

Zimbra 8.0.9 or earlier:

sender_bcc_maps = hash:/opt/zimbra/postfix/conf/sender_bcc recipient_bcc_maps = hash:/opt/zimbra/postfix/conf/recipient_bcc

- Create a file /opt/zimbra/postfix/sender_bcc and add the sender address and forward address in following format. You can enter a list of users.

cat /opt/zimbra/postfix/sender_bcc user@domain.com bccuser@domain.com

- Create the hash and reload the MTA.

postmap /opt/zimbra/postfix/conf/sender_bcc postmap /opt/zimbra/postfix/conf/recipient_bcc zmmtactl restart

Test

Send an email from user@domain.com and check the logs in zimbra.log. You should see two send entries, one for user@domain.com and other for bccuser@domain.com

Relay Tips Based on User/Domain Receiver on Zimbra

# Create transport for domain receiver that would be relay

view source

su - zimbra

vi /opt/zimbra/postfix/conf/transportfile

Fill with the following example

domain1.com :[relay.example.com] domain2.com :[relay.example.com] user1@domain3.com :[relay.example.com]

The above example, every sending email to domain1.com and domain2.com or user1@domain3.com, will be relay to relay.example.com. If your relay server using port such as 465, 587 or another port, you can change like this [relay.example.com]:587

# Postmap Transport

view sourceprint?

postmap /opt/zimbra/postfix/conf/transportfile

# Adding Transport table

view sourceprint?

zmprov ms mail.example.com zimbraMtaTransportMaps "lmdb:/opt/zimbra/postfix/conf/transportfile,proxy:ldap:/opt/zimbra/conf/ldap-transport.cf"

Change mail.example.com with your hostname of email server. Or you can using `zmhostname` for independently

# Restart Zimbra Services

view source

zmcontrol restart

Please try to sending email. Every sending email to domain1.com and domain2.com or user1@domain3.com, email server will be relay to relay.example.com. if sending email to another domain, email server will directly without relay to relay server

---