Restrict sending to certain domains


Requirement "users in the sender.allowed.com domain must be allowed to email only users in the sender.allowed.com or another.allowed.com domains."

Here is how to implement that requirement in postfix. If using this elsewhere, be sure to change the domain name!

After implementing this, the sender.allowed.com user gets an error dialog in the web UI when trying to email an outside address:

  At least one address is not valid.
  Invalid addresses: joe@example.com

Postfix generates this error message on rcpt to (clearly we are not propogating the exact error up, but not a big deal):

  Sender address rejected: Access denied

Solution is to add a sender restriction, and then define that restriction to be that only some recipients are OK. This has to be done on every MTA box.

a) Populate the sender check table so a recipient restriction is applied on senders from the domain.

    cd /opt/zimbra/conf
    echo "sender.allowed.com restrict_tpmail" > tpmail_senders
    postmap tpmail_senders

b) Populate a table which lists who they are allowed to send to

    cd /opt/zimbra/conf
    echo "another.allowed.com OK" > tpmail_recipients
    echo "sender.allowed.com OK" >> tpmail_recipients
    postmap tpmail_recipients

this step is obsolete in newer zimbras c) add these three line to postfix main.cf:

    smtpd_sender_restrictions = check_sender_access hash:/opt/zimbra/conf/tpmail_senders
    smtpd_restriction_classes = restrict_tpmail
    restrict_tpmail = check_recipient_access hash:/opt/zimbra/conf/tpmail_recipients, reject

c) newer versions of Zimbra edit main.cf every restart, so its better to modify zmmta.cf. add this lines to zmmta.cf:

Remark: For ZCS 8.x, should edit the file in /opt/zimbra/conf/zmconfigd.cf

    POSTCONF smtpd_sender_restrictions          FILE postfix_sender_restrictions.cf 
    POSTCONF smtpd_restriction_classes          restrict_tpmail
    POSTCONF restrict_tpmail                    FILE postfix_restrict_tpmail.cf

after this line:

    POSTCONF virtual_transport                  LOCAL postfix_virtual_transport

d) create two files with the restriction definition inside:

    cd /opt/zimbra/conf
    echo "check_sender_access hash:/opt/zimbra/conf/tpmail_senders" > postfix_sender_restrictions.cf
    echo "check_recipient_access hash:/opt/zimbra/conf/tpmail_recipients, reject" >> postfix_restrict_tpmail.cf

done.


Related Articles

Verified Against: unknown Date Created: 5/24/2006
Article ID: https://wiki.zimbra.com/index.php?title=Restrict_sending_to_certain_domains Date Modified: 2013-08-28



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search