Restriction

Zimbra 8 Restriction for Postfix Senders/Recipient step by step

We can change the below line on zmconfigd.cf for postfix restrictions

[zimbra@mail conf]$ vi /opt/zimbra/conf/zmconfigd.cf

POSTCONF  smtpd_recipient_restrictions  FILE  zmconfigd/smtpd_recipient_restrictions.cf  

change to  POSTCONF  smtpd_recipient_restrictions  FILE  zmconfigd/postfix_recipient_restrictions.cf

POSTCONF smtpd_reject_unlisted_recipient    no

change to POSTCONF smtpd_reject_unlisted_recipient    yes

Copy a smtpd_recipient_restrictions.cf  to postfix_recipient_restrictions.cf

[zimbra@mail conf]$ cp smtpd_recipient_restrictions.cf  postfix_recipient_restrictions.cf

Edit the postfix_recipient_restrictions.cf file and add the below line

[zimbra@mail conf]$ vi  postfix_recipient_restrictions.cf

%%contains VAR:zimbraServiceEnabled cbpolicyd, check_policy_service inet:localhost:@@cbpolicyd_bind_port@@%%

check_recipient_access hash:/opt/zimbra/postfix/conf/protected_recipients

Restart the zimbra configuration file..

[zimbra@mail conf]$ zmconfigdctl restart

Create the protected_recipients file and add the user sender list

[zimbra@mail conf]$ vi protected_recipients

block_id@example.com  permitted_sender_list

block_id1@example.com  permitted_sender_list1

Create the permitted_sender file and add the permitted sender user accounts list

[zimbra@mail conf]$ vi permitted_senders

allow_id@example.com ok

allow_id1@example.com ok

allow_id2@example.com ok

allow_id3@example.com ok

Create a update_protected_recipients file for execute the permitted sender list and protected recipient list

[zimbra@mail conf]$ vi update_protected_recipients

#!/bin/bash

echo “rebuild_permitted_recipients..”

postmap /opt/zimbra/postfix/conf/protected_recipients

echo “rebuild permitted_senders..”

postmap /opt/zimbra/postfix/conf/permitted_senders

echo “rebuild permitted_senders..”

postmap /opt/zimbra/postfix/conf/permitted_senders1

[zimbra@mail conf]$ chmod 755 update_protected_recipients

[zimbra@mail conf]$ /opt/zimbra/postfix/conf/update_protected_recipients

Edit the main.cf and add the following line in bottom..

[zimbra@mail conf]$ vi main.cf

permitted_senders_list = check_recipient_access hash:/opt/zimbra/postfix/conf/permitted_senders, reject

permitted_senders_list1= check_recipient_access hash:/opt/zimbra/postfix/conf/permitted_senders1, reject

smtpd_restriction_classes = permitted_senders_list , permitted_senders_list1 

[zimbra@mail conf]$ postfix reload

Restrict Users to send mail to certain domain in zimbra

In zimbra mailserver you can restrict/allow user to send mail with local user using smtpd_sender_restrictions.

Here is steps of this setup follow the below article

Login to Zimbra User

# su – zimbra

$ cd /opt/zimbra/conf

[zimbra@mail conf]$ echo "user@example.com restrict_tpmail" > tpmail_senders

$cat tpmail_senders

user@example.com restrict_tpmail

Update file

[zimbra@mail conf]$ postmap tpmail_senders

Note: You can add users in this file tpmail_senders who you want to restrict and update.

[zimbra@mail conf]$ cd /opt/zimbra/conf

Find/Get Available domain name

[zimbra@mail conf]$ zmprov -l gad

example.com

[zimbra@mail conf]$ echo  "example.com OK" > tpmail_recipients

Update file

[zimbra@mail conf]$ postmap tpmail_recipients

[zimbra@mail conf]$ cat tpmail_recipients

example.com OK

Note : You can allow more than one domains (xyz.com) in this file tpmail_recipients

Add higlighted/Bold line in file smtpd_sender_restrictions

[zimbra@mail conf]$ vim /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf

%%exact VAR:zimbraMtaSmtpdSenderRestrictions reject_authenticated_sender_login_mismatch%%

%%contains VAR:zimbraServiceEnabled cbpolicyd^ check_policy_service inet:localhost:%%zimbraCBPolicydBindPort%%%%

%%contains VAR:zimbraServiceEnabled amavis^ check_sender_access regexp:/opt/zimbra/postfix/conf/tag_as_originating.re%%

check_sender_access texthash:/opt/zimbra/conf/tpmail_senders

permit_mynetworks, reject_sender_login_mismatch

permit_sasl_authenticated

permit_tls_clientcerts

%%contains VAR:zimbraServiceEnabled amavis^ check_sender_access regexp:/opt/zimbra/postfix/conf/tag_as_foreign.re%%

Go to the Postfix config file and add below parameter 

[zimbra@mail conf]$ vim /opt/zimbra/postfix/conf/main.cf

smtpd_restriction_classes = restrict_tpmail

restrict_tpmail = check_recipient_access texthash:/opt/zimbra/conf/tpmail_recipients, reject

Restart service

[zimbra@mail conf]$ zmmtactl restart

[zimbra@mail conf]$ postfix reload

Note: this document is tested in Zimbra 8.5, 8.6, 8.7

---