Restricting Users
In this example, emails send from user@domain.com will be trapped and sent to user_trapped@domain2.com. We are using check_sender_access to achieve this.
Enter following in the file /opt/zimbra/conf/postfix_recipient_restrictions.cf Make sure it is entered at the top of the file.
vi /opt/zimbra/conf/postfix_recipient_restrictions.cf
Zimbra 8.5 or above:
check_sender_access lmdb:/opt/zimbra/postfix/conf/restricted_senders
Zimbra 8.0.9 or earlier:
check_sender_access hash:/opt/zimbra/postfix/conf/restricted_senders
Create a file /opt/zimbra/postfix/conf/restricted_senders and list all the users, whose emails you want to redirect.
cat /opt/zimbra/postfix/conf/restricted_senders user@domain.com REDIRECT user_trapped@domain2.com user2@domain.com REDIRECT user2_trapped@zbc.com ...
Create the hash and restart postfix.
postmap /opt/zimbra/postfix/conf/restricted_senders zmmtactl restart
Restricting users to send mails to certain domains
1. Enter following in the file “/opt/zimbra/conf/postfix_recipient_restrictions.cf”. Make sure it is entered at the top of the file.
ZCS 8.x: Enter in file /opt/zimbra/conf/zmconfigd/smtpd_recipient_restrictions.cf
vi /opt/zimbra/conf/postfix_recipient_restrictions.cfcheck_sender_access hash:/opt/zimbra/postfix/conf/restricted_senders
Note: This line should be added after the reject_non_fqdn_recipient line
Note: ZCS 8.5 and later use lmdb databases, not hash databases
2. Enter following in “/opt/zimbra/conf/zmmta.cf”
ZCS 8.x: Enter in file /opt/zimbra/conf/zmconfigd.cf
vi /opt/zimbra/conf/zmmta.cfFind the section labeled SECTION mta and enter the following two lines directly belowPOSTCONF smtpd_restriction_classes local_onlyPOSTCONF local_only FILE postfix_check_recipient_access.cf
3. Create a file “/opt/zimbra/conf/postfix_check_recipient_access.cf”
vi /opt/zimbra/conf/postfix_check_recipient_access.cfcheck_recipient_access hash:/opt/zimbra/postfix/conf/local_domains, reject
4. Create a file “/opt/zimbra/postfix/conf/restricted_senders” and list all the users, whom you want to restrict. Follow this syntax:
vi /opt/zimbra/postfix/conf/restricted_sendersuser@yourdomain.com local_only
5. Create a file “/opt/zimbra/postfix/conf/local_domains” and list all the domains where “restricted users” allowed to sent mails. Please follow this syntax:
vi /opt/zimbra/postfix/conf/local_domainsyourdomain.com OK otheralloweddomain.com OK
6. Run following commands:
postmap /opt/zimbra/postfix/conf/restricted_senderspostmap /opt/zimbra/postfix/conf/local_domains zmmtactl stop zmmtactl start
After these settings, all the users listed in “/opt/zimbra/postfix/conf/restricted_senders” are restricted to send mails only to domain which are defined in “/opt/zimbra/postfix/conf/local_domains”, other are fully allowed to send mails anywhere. These settings will not survive Zimbra upgrades, please make sure that you backup of all these settings while performing upgrades.
Redirection based on sender address
-
##########################
Restricting Users from Sending Mails to External Domains
As mentioned earlier, this method is based on command line. We begin this process by modifying the config file called /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf. Inside this file, we add the following line at the top:
check_sender_access lmdb:/opt/zimbra/postfix/conf/restricted_senders
Next, let’s modify another config file (/opt/zimbra/conf/zmconfigd.cf), in which we define a class representing users who can only send internal mails. While modifying this file, we need to add following lines withing SECTION mta just before RESTART mta.
POSTCONF smtpd_restriction_classes local_only
POSTCONF local_only FILE postfix_check_recipient_access.cf
[zimbra@mail ~]# vi /opt/zimbra/conf/postfix_check_recipient_access.cf
check_recipient_access lmdb:/opt/zimbra/postfix/conf/local_domains, reject
Now, we need to create two files: one for local users and other for local domains.
[zimbra@mail ~]# vi /opt/zimbra/postfix/conf/restricted_senders
local.user1@sajjan.com.np local_only
local.user2@sajjan.com.np local_only
[zimbra@mail ~]# vi /opt/zimbra/postfix/conf/local_domains
sajjan.com.np OK
Finally, to implement the changes, we need to map the config files to postifx and then restart the MTA service.
[zimbra@mail ~]# postmap /opt/zimbra/postfix/conf/restricted_senders
[zimbra@mail ~]# postmap /opt/zimbra/postfix/conf/local_domains
[zimbra@mail ~]# zmmtactl restart
This completes this blog post. I hope this is useful. Please let me know of your queries or suggestions in the Comment Section below. Thank you for reading!
How To Block user to send email locally or externally In zimbra
Step 1:
Open file /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf and add the below line at the top.
check_sender_access lmdb:/opt/zimbra/postfix/conf/restricted_senders
Step 2:
Open file /opt/zimbra/conf/zmconfigd.cf and add below lines before “RESTART mta”.
POSTCONF smtpd_restriction_classes local_only
POSTCONF local_only FILE postfix_check_recipient_access.cf
Note: We can find like below
SECTION mta DEPENDS amavis
-----------
-----------
-----------
RESTART mta
Step 3:
Create a file /opt/zimbra/conf/postfix_check_recipient_access.cf and add the following line.
check_recipient_access lmdb:/opt/zimbra/common/conf/local_domains, reject
Step 4:
Create a file /opt/zimbra/common/conf/restricted_senders and enter the list of users that you want to block. Follow this syntax:
user@yourdomain.com local_only
Step 5:
[zimbra@mail ~]# vi /opt/zimbra/common/conf/local_domains
sajjan.com.np OK
i.e.: Allow User/Domain (user@domain.com OK/domain.com OK)
Step 6:
Set ownership permissions for created files
chown zimbra:zimbra /opt/zimbra/conf/postfix_check_recipient_access.cf
chmod 644 /opt/zimbra/conf/postfix_check_recipient_access.cf
chown :zimbra /opt/zimbra/common/conf/restricted_senders
chmod 775 /opt/zimbra/common/conf/restricted_senders
chown :zimbra /opt/zimbra/common/conf/local_domains
chmod 775 /opt/zimbra/common/conf/local_domains
Step 7:
Run the below commands as Zimbra user.
postmap /opt/zimbra/common/conf/restricted_senders
postmap /opt/zimbra/common/conf/local_domains
zmmtactl stop
zmmtactl start