Revision as of 23:35, 7 December 2015

Domain level blocking of users

KB 2689	Last updated on 2015-12-07	Last updated by Jorge de la Cruz	0.00 (0 votes)	Verified in: ZCS 8.6 ZCS 8.5 ZCS 8.0
- This is certified documentation and is protected for editing by Zimbra Employees & Moderators only.

KB 2689	Last updated on 2015-12-7
0.00 (0 votes)
- This is certified documentation and is protected for editing by Zimbra Employees & Moderators only.

Below mentioned are the steps to "REJECT" an external email address from sending mail to the users of the Zimbra Domain.

The same results can also be achieved using Amavis via blacklisting.

Set smtpd_sender_restrictions as appropriate for the version of ZCS
- ZCS 7:

zmlocalconfig -e postfix_smtpd_sender_restrictions="hash:/opt/zimbra/postfix/conf/postfix_reject_sender"

- ZCS 8.0:

Add "client_sender_access hash:/opt/zimbra/postfix/conf/postfix_reject_sender" as the first line of /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf

- ZCS 8.5 and 8.6:

Create the postmap database as defined below Modify /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf, by adding this as the second line of the file:

%%contains VAR:zimbraMtaSmtpdSenderRestrictions check_sender_access lmdb:/opt/zimbra/postfix/conf/postfix_reject_sender%%

Then execute:
zmprov ms <zmhostname> +zimbraMtaSmtpdSenderRestrictions "check_sender_access lmdb:/opt/zimbra/postfix/conf/postfix_reject_sender"

Create file /opt/zimbra/postfix/conf/postfix_reject_sender with the list of email addresses and domains to be rejected in the below format:

  user@domain.com REJECT
  domainX.com REJECT

postmap it and restart postfix

 /opt/zimbra/postfix/sbin/postmap /opt/zimbra/postfix/conf/postfix_reject_sender
 zmmtactl stop && zmmtactl start

Check the Postfix configuration with postconf | grep smtpd_sender_restrictions

You'll be able to see the changes show up in /opt/zimbra/log/zmconfigd.log .

Reject messages will be logged in /var/log/zimbra.log ; format looks like this:

[date / hostname] postfix/smtpd[####] NOQUEUE: reject: RCPT from [remote mta]: 554 5.7.1 <senders-email@DOMAIN>:
Sender address rejected: Access denied: from=<senders-email@DOMAIN> to=<local-zimbra-user@domain> proto=ESMTP helo=<remote mta>

The sender will receive a returned email declaring the rejection.

Verified Against: ZCS 8.5, ZCS 8.0, ZCS 7.0	Date Created: 03/21/2013
Article ID: https://wiki.zimbra.com/index.php?title=Domain_level_blocking_of_users	Date Modified: 2015-12-07

Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Other help Resources

User Help Page »
Official Forums »
Zimbra Documentation Page »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

@@ Line 1: / Line 1: @@
-{{ZC}}{{Article Infobox|{{admin}}|{{ZCS 8.6}}|{{ZCS 8.5}}|{{ZCS 8.0}}|{{ZCS 7.0}}|}}
+{{BC|Certified}}
+__FORCETOC__
+<div class="col-md-12 ibox-content">
+=Domain level blocking of users=
+{{KB|{{ZC}}|{{ZCS 8.6}}|{{ZCS 8.5}}|{{ZCS 8.0}}|}}
 Below mentioned are the steps to "REJECT" an external email address from sending mail to the users of the Zimbra Domain.
@@ Line 6: / Line 11: @@
 The same results can also be achieved using Amavis via [http://wiki.zimbra.com/index.php?title=Improving_Anti-spam_system#Implementing_Whitelist.2FBlacklist blacklisting].
-. Set smtpd_sender_restrictions as appropriate for the version of ZCS
+*Set smtpd_sender_restrictions as appropriate for the version of ZCS
- ZCS 7:
+** ZCS 7:
   zmlocalconfig -e postfix_smtpd_sender_restrictions="hash:/opt/zimbra/postfix/conf/postfix_reject_sender"
- ZCS 8.0:
+** ZCS 8.0:
   Add "client_sender_access hash:/opt/zimbra/postfix/conf/postfix_reject_sender" as the first line of '''/opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf'''
- ZCS 8.5 and 8.6:
+** ZCS 8.5 and 8.6:
- Create the postmap database as defined below
+Create the postmap database as defined below
- Modify '''/opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf''', by adding this as the second line of the file:
+Modify '''/opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf''', by adding this as the second line of the file:
   %%contains VAR:zimbraMtaSmtpdSenderRestrictions check_sender_access lmdb:/opt/zimbra/postfix/conf/postfix_reject_sender%%
@@ Line 21: / Line 26: @@
   zmprov ms <zmhostname> +zimbraMtaSmtpdSenderRestrictions "check_sender_access lmdb:/opt/zimbra/postfix/conf/postfix_reject_sender"
-. Create file /opt/zimbra/postfix/conf/postfix_reject_sender with the list of email addresses and domains to be rejected in the below format:
+* Create file /opt/zimbra/postfix/conf/postfix_reject_sender with the list of email addresses and domains to be rejected in the below format:
     user@domain.com REJECT
     domainX.com REJECT
-. postmap it and restart postfix
+* postmap it and restart postfix
    /opt/zimbra/postfix/sbin/postmap /opt/zimbra/postfix/conf/postfix_reject_sender
    zmmtactl stop && zmmtactl start
@@ Line 35: / Line 40: @@
 Reject messages will be logged in <tt>/var/log/zimbra.log</tt> ; format looks like this:
   [date / hostname] postfix/smtpd[####] NOQUEUE: reject: RCPT from [remote mta]: 554 5.7.1 <senders-email@DOMAIN>:
   Sender address rejected: Access denied: from=<senders-email@DOMAIN> to=<local-zimbra-user@domain> proto=ESMTP helo=<remote mta>

Domain level blocking of users: Difference between revisions

Revision as of 23:35, 7 December 2015

Contents

Domain level blocking of users

Products

Support

Learn

Community