Restricting Users

In this example, emails send from user@domain.com will be trapped and sent to user_trapped@domain2.com. We are using check_sender_access to achieve this.

- Enter following in the file /opt/zimbra/conf/postfix_recipient_restrictions.cf Make sure it is entered at the top of the file.

vi /opt/zimbra/conf/postfix_recipient_restrictions.cf

Zimbra 8.5 or above:

check_sender_access lmdb:/opt/zimbra/postfix/conf/restricted_senders

Zimbra 8.0.9 or earlier:

check_sender_access hash:/opt/zimbra/postfix/conf/restricted_senders

- Create a file /opt/zimbra/postfix/conf/restricted_senders and list all the users, whose emails you want to redirect.

cat /opt/zimbra/postfix/conf/restricted_senders user@domain.com REDIRECT user_trapped@domain2.com user2@domain.com REDIRECT user2_trapped@zbc.com ...

- Create the hash and restart postfix.

postmap /opt/zimbra/postfix/conf/restricted_senders zmmtactl restart

How to restrict outgoing email as well as external web access for certain users?

Restricting users to send mails to certain domains

1. Enter following in the file “/opt/zimbra/conf/postfix_recipient_restrictions.cf”. Make sure it is entered at the top of the file.

ZCS 8.x: Enter in file /opt/zimbra/conf/zmconfigd/smtpd_recipient_restrictions.cf

vi /opt/zimbra/conf/postfix_recipient_restrictions.cfcheck_sender_access hash:/opt/zimbra/postfix/conf/restricted_senders

Note: This line should be added after the reject_non_fqdn_recipient line

Note: ZCS 8.5 and later use lmdb databases, not hash databases

2. Enter following in “/opt/zimbra/conf/zmmta.cf”

ZCS 8.x: Enter in file /opt/zimbra/conf/zmconfigd.cf

vi /opt/zimbra/conf/zmmta.cfFind the section labeled SECTION mta and enter the following two lines directly belowPOSTCONF smtpd_restriction_classes local_onlyPOSTCONF local_only FILE postfix_check_recipient_access.cf

3. Create a file “/opt/zimbra/conf/postfix_check_recipient_access.cf”

vi /opt/zimbra/conf/postfix_check_recipient_access.cfcheck_recipient_access hash:/opt/zimbra/postfix/conf/local_domains, reject

4. Create a file “/opt/zimbra/postfix/conf/restricted_senders” and list all the users, whom you want to restrict. Follow this syntax:

vi /opt/zimbra/postfix/conf/restricted_sendersuser@yourdomain.com local_only

5. Create a file “/opt/zimbra/postfix/conf/local_domains” and list all the domains where “restricted users” allowed to sent mails. Please follow this syntax:

vi /opt/zimbra/postfix/conf/local_domainsyourdomain.com OK otheralloweddomain.com OK

6. Run following commands:

postmap /opt/zimbra/postfix/conf/restricted_senderspostmap /opt/zimbra/postfix/conf/local_domains zmmtactl stop zmmtactl start

After these settings, all the users listed in “/opt/zimbra/postfix/conf/restricted_senders” are restricted to send mails only to domain which are defined in “/opt/zimbra/postfix/conf/local_domains”, other are fully allowed to send mails anywhere. These settings will not survive Zimbra upgrades, please make sure that you backup of all these settings while performing upgrades.

Redirection based on sender address

##########################

Restricting Users from Sending Mails to External Domains

As mentioned earlier, this method is based on command line. We begin this process by modifying the config file called /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf. Inside this file, we add the following line at the top:

check_sender_access lmdb:/opt/zimbra/postfix/conf/restricted_senders

Next, let’s modify another config file (/opt/zimbra/conf/zmconfigd.cf), in which we define a class representing users who can only send internal mails. While modifying this file, we need to add following lines withing SECTION mta just before RESTART mta.

POSTCONF smtpd_restriction_classes local_only

POSTCONF local_only FILE postfix_check_recipient_access.cf

[zimbra@mail ~]# vi /opt/zimbra/conf/postfix_check_recipient_access.cf

check_recipient_access lmdb:/opt/zimbra/postfix/conf/local_domains, reject

Now, we need to create two files: one for local users and other for local domains.

[zimbra@mail ~]# vi /opt/zimbra/postfix/conf/restricted_senders

local.user1@sajjan.com.np local_only

local.user2@sajjan.com.np local_only

[zimbra@mail ~]# vi /opt/zimbra/postfix/conf/local_domains

sajjan.com.np OK

Finally, to implement the changes, we need to map the config files to postifx and then restart the MTA service.

[zimbra@mail ~]# postmap /opt/zimbra/postfix/conf/restricted_senders

[zimbra@mail ~]# postmap /opt/zimbra/postfix/conf/local_domains

[zimbra@mail ~]# zmmtactl restart

This completes this blog post. I hope this is useful. Please let me know of your queries or suggestions in the Comment Section below. Thank you for reading!

How To Block user to send email locally or externally In zimbra

Step 1:

Open file /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf and add the below line at the top.

check_sender_access lmdb:/opt/zimbra/postfix/conf/restricted_senders

Step 2:

Open file /opt/zimbra/conf/zmconfigd.cf and add below lines before “RESTART mta”.

POSTCONF smtpd_restriction_classes local_only

POSTCONF local_only FILE postfix_check_recipient_access.cf

Note: We can find like below

SECTION mta DEPENDS amavis

-----------

RESTART mta

Step 3:

Create a file /opt/zimbra/conf/postfix_check_recipient_access.cf and add the following line.

check_recipient_access lmdb:/opt/zimbra/common/conf/local_domains, reject

Step 4:

Create a file /opt/zimbra/common/conf/restricted_senders and enter the list of users that you want to block. Follow this syntax:

user@yourdomain.com local_only

Step 5:

[zimbra@mail ~]# vi /opt/zimbra/common/conf/local_domains

sajjan.com.np OK

i.e.: Allow User/Domain (user@domain.com OK/domain.com OK)

Step 6:

Set ownership permissions for created files

chown zimbra:zimbra /opt/zimbra/conf/postfix_check_recipient_access.cf

chmod 644 /opt/zimbra/conf/postfix_check_recipient_access.cf

chown :zimbra /opt/zimbra/common/conf/restricted_senders

chmod 775 /opt/zimbra/common/conf/restricted_senders

chown :zimbra /opt/zimbra/common/conf/local_domains

chmod 775 /opt/zimbra/common/conf/local_domains

Step 7:

Run the below commands as Zimbra user.

postmap /opt/zimbra/common/conf/restricted_senders

postmap /opt/zimbra/common/conf/local_domains

zmmtactl stop

zmmtactl start

Block user to send email locally or externally In zimbra

Step 1:

Open file /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf and add the below line at the top.

check_sender_access lmdb:/opt/zimbra/postfix/conf/restricted_senders

Step 2:

Open file /opt/zimbra/conf/zmconfigd.cf and add below lines before “RESTART mta”.

POSTCONF smtpd_restriction_classes local_only

POSTCONF local_only FILE postfix_check_recipient_access.cf

Note: We can find like below

SECTION mta DEPENDS amavis

-----------

RESTART mta

Step 3:

Create a file /opt/zimbra/conf/postfix_check_recipient_access.cf and add the following line.

check_recipient_access lmdb:/opt/zimbra/common/conf/local_domains, reject

Step 4:

Create a file /opt/zimbra/common/conf/restricted_senders and enter the list of users that you want to block. Follow this syntax:

user@yourdomain.com local_only

Step 5:

[zimbra@mail ~]# vi /opt/zimbra/common/conf/local_domains

sajjan.com.np OK

i.e.: Allow User/Domain (user@domain.com OK/domain.com OK)

Step 6:

Set ownership permissions for created files

chown zimbra:zimbra /opt/zimbra/conf/postfix_check_recipient_access.cf

chmod 644 /opt/zimbra/conf/postfix_check_recipient_access.cf

chown :zimbra /opt/zimbra/common/conf/restricted_senders

chmod 775 /opt/zimbra/common/conf/restricted_senders

chown :zimbra /opt/zimbra/common/conf/local_domains

chmod 775 /opt/zimbra/common/conf/local_domains

Step 7:

Run the below commands as Zimbra user.

postmap /opt/zimbra/common/conf/restricted_senders

postmap /opt/zimbra/common/conf/local_domains

zmmtactl stop

zmmtactl start