Domain level blocking of users
Domain level blocking of users
ZCS 8.7 and later
- Create file /opt/zimbra/common/conf/postfix_reject_sender with the list of email addresses and domains to be rejected in the below format:
user@domain.com REJECT domainX.com REJECT
- execute the zimbraMtaSmtpdSenderRestrictions
zmprov ms 'yourzimbraservername' +zimbraMtaSmtpdSenderRestrictions "check_sender_access lmdb:/opt/zimbra/conf/postfix_reject_sender"
- postmap it
/opt/zimbra/common/sbin/postmap /opt/zimbra/conf/postfix_reject_sender
Below mentioned are the steps to "REJECT" an external email address from sending mail to the users of the Zimbra Domain.
See also https://bugzilla.zimbra.com/show_bug.cgi?id=96958
The same results can also be achieved using Amavis via blacklisting.
Set smtpd_sender_restrictions as appropriate for the version of ZCS
ZCS 8.5 and 8.6
Create the postmap database as defined below Modify /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf, by adding this as the second line of the file:
%%contains VAR:zimbraMtaSmtpdSenderRestrictions check_sender_access lmdb:/opt/zimbra/postfix/conf/postfix_reject_sender%%
Then execute:
zmprov ms <zmhostname> +zimbraMtaSmtpdSenderRestrictions "check_sender_access lmdb:/opt/zimbra/postfix/conf/postfix_reject_sender"
- Create file /opt/zimbra/postfix/conf/postfix_reject_sender with the list of email addresses and domains to be rejected in the below format:
user@domain.com REJECT domainX.com REJECT
- postmap it and restart postfix
/opt/zimbra/postfix/sbin/postmap /opt/zimbra/postfix/conf/postfix_reject_sender zmmtactl stop && zmmtactl start
ZCS 8.0
Add "check_sender_access hash:/opt/zimbra/postfix/conf/postfix_reject_sender" as the first line of /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf
ZCS 7
zmlocalconfig -e postfix_smtpd_sender_restrictions="check_sender_access hash:/opt/zimbra/postfix/conf/postfix_reject_sender"
Verification
Check the Postfix configuration with postconf | grep smtpd_sender_restrictions
You'll be able to see the changes show up in /opt/zimbra/log/zmconfigd.log .
Reject messages will be logged in /var/log/zimbra.log ; format looks like this:
[date / hostname] postfix/smtpd[####] NOQUEUE: reject: RCPT from [remote mta]: 554 5.7.1 <senders-email@DOMAIN>: Sender address rejected: Access denied: from=<senders-email@DOMAIN> to=<local-zimbra-user@domain> proto=ESMTP helo=<remote mta>
The sender will receive a returned email declaring the rejection.