Domain level blocking of users: Difference between revisions
m (Protected "Domain level blocking of users" ([edit=sysop] (indefinite) [move=sysop] (indefinite))) |
No edit summary |
||
Line 1: | Line 1: | ||
{{ | {{BC|Certified}} | ||
__FORCETOC__ | |||
<div class="col-md-12 ibox-content"> | |||
=Domain level blocking of users= | |||
{{KB|{{ZC}}|{{ZCS 8.6}}|{{ZCS 8.5}}|{{ZCS 8.0}}|}} | |||
Below mentioned are the steps to "REJECT" an external email address from sending mail to the users of the Zimbra Domain. | Below mentioned are the steps to "REJECT" an external email address from sending mail to the users of the Zimbra Domain. | ||
Line 6: | Line 11: | ||
The same results can also be achieved using Amavis via [http://wiki.zimbra.com/index.php?title=Improving_Anti-spam_system#Implementing_Whitelist.2FBlacklist blacklisting]. | The same results can also be achieved using Amavis via [http://wiki.zimbra.com/index.php?title=Improving_Anti-spam_system#Implementing_Whitelist.2FBlacklist blacklisting]. | ||
*Set smtpd_sender_restrictions as appropriate for the version of ZCS | |||
** ZCS 7: | |||
zmlocalconfig -e postfix_smtpd_sender_restrictions="hash:/opt/zimbra/postfix/conf/postfix_reject_sender" | zmlocalconfig -e postfix_smtpd_sender_restrictions="hash:/opt/zimbra/postfix/conf/postfix_reject_sender" | ||
** ZCS 8.0: | |||
Add "client_sender_access hash:/opt/zimbra/postfix/conf/postfix_reject_sender" as the first line of '''/opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf''' | Add "client_sender_access hash:/opt/zimbra/postfix/conf/postfix_reject_sender" as the first line of '''/opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf''' | ||
** ZCS 8.5 and 8.6: | |||
Create the postmap database as defined below | |||
Modify '''/opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf''', by adding this as the second line of the file: | |||
%%contains VAR:zimbraMtaSmtpdSenderRestrictions check_sender_access lmdb:/opt/zimbra/postfix/conf/postfix_reject_sender%% | %%contains VAR:zimbraMtaSmtpdSenderRestrictions check_sender_access lmdb:/opt/zimbra/postfix/conf/postfix_reject_sender%% | ||
Line 21: | Line 26: | ||
zmprov ms <zmhostname> +zimbraMtaSmtpdSenderRestrictions "check_sender_access lmdb:/opt/zimbra/postfix/conf/postfix_reject_sender" | zmprov ms <zmhostname> +zimbraMtaSmtpdSenderRestrictions "check_sender_access lmdb:/opt/zimbra/postfix/conf/postfix_reject_sender" | ||
* Create file /opt/zimbra/postfix/conf/postfix_reject_sender with the list of email addresses and domains to be rejected in the below format: | |||
user@domain.com REJECT | user@domain.com REJECT | ||
domainX.com REJECT | domainX.com REJECT | ||
* postmap it and restart postfix | |||
/opt/zimbra/postfix/sbin/postmap /opt/zimbra/postfix/conf/postfix_reject_sender | /opt/zimbra/postfix/sbin/postmap /opt/zimbra/postfix/conf/postfix_reject_sender | ||
zmmtactl stop && zmmtactl start | zmmtactl stop && zmmtactl start | ||
Line 35: | Line 40: | ||
Reject messages will be logged in <tt>/var/log/zimbra.log</tt> ; format looks like this: | Reject messages will be logged in <tt>/var/log/zimbra.log</tt> ; format looks like this: | ||
[date / hostname] postfix/smtpd[####] NOQUEUE: reject: RCPT from [remote mta]: 554 5.7.1 <senders-email@DOMAIN>: | [date / hostname] postfix/smtpd[####] NOQUEUE: reject: RCPT from [remote mta]: 554 5.7.1 <senders-email@DOMAIN>: | ||
Sender address rejected: Access denied: from=<senders-email@DOMAIN> to=<local-zimbra-user@domain> proto=ESMTP helo=<remote mta> | Sender address rejected: Access denied: from=<senders-email@DOMAIN> to=<local-zimbra-user@domain> proto=ESMTP helo=<remote mta> |
Revision as of 23:35, 7 December 2015
Domain level blocking of users
Below mentioned are the steps to "REJECT" an external email address from sending mail to the users of the Zimbra Domain.
See also https://bugzilla.zimbra.com/show_bug.cgi?id=96958
The same results can also be achieved using Amavis via blacklisting.
- Set smtpd_sender_restrictions as appropriate for the version of ZCS
- ZCS 7:
zmlocalconfig -e postfix_smtpd_sender_restrictions="hash:/opt/zimbra/postfix/conf/postfix_reject_sender"
- ZCS 8.0:
Add "client_sender_access hash:/opt/zimbra/postfix/conf/postfix_reject_sender" as the first line of /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf
- ZCS 8.5 and 8.6:
Create the postmap database as defined below Modify /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf, by adding this as the second line of the file:
%%contains VAR:zimbraMtaSmtpdSenderRestrictions check_sender_access lmdb:/opt/zimbra/postfix/conf/postfix_reject_sender%% Then execute: zmprov ms <zmhostname> +zimbraMtaSmtpdSenderRestrictions "check_sender_access lmdb:/opt/zimbra/postfix/conf/postfix_reject_sender"
- Create file /opt/zimbra/postfix/conf/postfix_reject_sender with the list of email addresses and domains to be rejected in the below format:
user@domain.com REJECT domainX.com REJECT
- postmap it and restart postfix
/opt/zimbra/postfix/sbin/postmap /opt/zimbra/postfix/conf/postfix_reject_sender zmmtactl stop && zmmtactl start
Check the Postfix configuration with postconf | grep smtpd_sender_restrictions
You'll be able to see the changes show up in /opt/zimbra/log/zmconfigd.log .
Reject messages will be logged in /var/log/zimbra.log ; format looks like this:
[date / hostname] postfix/smtpd[####] NOQUEUE: reject: RCPT from [remote mta]: 554 5.7.1 <senders-email@DOMAIN>: Sender address rejected: Access denied: from=<senders-email@DOMAIN> to=<local-zimbra-user@domain> proto=ESMTP helo=<remote mta>
The sender will receive a returned email declaring the rejection.