Difference between revisions of "Domain level blocking of users"

(Domain blocking of users)
(ZCS 8.7 and later)
 
(32 intermediate revisions by 8 users not shown)
Line 1: Line 1:
Below mentioned are the steps to "REJECT" an external email address from sending mail to the users of the Zimbra Domain.  
+
{{BC|Certified}}
 +
__FORCETOC__
 +
<div class="col-md-12 ibox-content">
 +
=Domain level blocking of users=
 +
{{KB|{{ZC}}|{{ZCS 8.8}}|{{ZCS 8.7}}|{{ZCS 8.6}}|}}
  
The same results can also be achieved via [http://wiki.zimbra.com/index.php?title=Improving_Anti-spam_system#Implementing_Whitelist.2FBlacklist link blacklisting].
+
==ZCS 8.7 and later==
 +
* Create file /opt/zimbra/common/conf/postfix_reject_sender with the list of email addresses and domains to be rejected in the below format:
 +
  user@domain.com REJECT
 +
  domainX.com REJECT
  
1. Edit /opt/zimbra/conf/zmmta.cf
+
* execute the zimbraMtaSmtpdSenderRestrictions
  Add this line below (smtpd_recipient_restrictions)
+
zmprov ms 'yourzimbraservername' +zimbraMtaSmtpdSenderRestrictions "check_sender_access lmdb:/opt/zimbra/conf/postfix_reject_sender"
        POSTCONF smtpd_sender_restrictions FILE postfix_sender_restrictions
 
  
2. Create file /opt/zimbra/conf/postfix_sender_restrictions with the below line:
+
* postmap it
  hash:/opt/zimbra/postfix/conf/reject
+
/opt/zimbra/common/sbin/postmap /opt/zimbra/conf/postfix_reject_sender
  
3. Create file /opt/zimbra/postfix/conf/reject with the list of email address to be rejected in the below format:
+
Below mentioned are the steps to "REJECT" an external email address from sending mail to the users of the Zimbra Domain.
  user@domain.com    REJECT
 
  
4. postmap /opt/zimbra/postfix/conf/reject
+
See also https://bugzilla.zimbra.com/show_bug.cgi?id=96958
  
5. zmmtactl stop ; zmmtactl start
+
The same results can also be achieved using Amavis via [http://wiki.zimbra.com/index.php?title=Improving_Anti-spam_system#Implementing_Whitelist.2FBlacklist blacklisting].
  
Please note that this change will not survive an upgrade and you will have to redo these after the upgrade.
+
Set smtpd_sender_restrictions as appropriate for the version of ZCS
 +
 
 +
==ZCS 8.5 and 8.6==
 +
Create the postmap database as defined below
 +
Modify '''/opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf''', by adding this as the second line of the file:
 +
%%contains VAR:zimbraMtaSmtpdSenderRestrictions check_sender_access lmdb:/opt/zimbra/postfix/conf/postfix_reject_sender%%
 +
 +
Then execute:
 +
zmprov ms <zmhostname> +zimbraMtaSmtpdSenderRestrictions "check_sender_access lmdb:/opt/zimbra/postfix/conf/postfix_reject_sender"
 +
 
 +
* Create file /opt/zimbra/postfix/conf/postfix_reject_sender with the list of email addresses and domains to be rejected in the below format:
 +
  user@domain.com REJECT
 +
  domainX.com REJECT
 +
 
 +
* postmap it and restart postfix
 +
  /opt/zimbra/postfix/sbin/postmap /opt/zimbra/postfix/conf/postfix_reject_sender
 +
  zmmtactl stop && zmmtactl start
 +
 
 +
==ZCS 8.0==
 +
Add "check_sender_access hash:/opt/zimbra/postfix/conf/postfix_reject_sender" as the first line of '''/opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf'''
 +
 
 +
==ZCS 7==
 +
zmlocalconfig -e postfix_smtpd_sender_restrictions="check_sender_access hash:/opt/zimbra/postfix/conf/postfix_reject_sender"
 +
 
 +
== Verification ==
 +
Check the Postfix configuration with
 +
postconf | grep smtpd_sender_restrictions
 +
 
 +
You'll be able to see the changes show up in <tt>/opt/zimbra/log/zmconfigd.log</tt> .
 +
 
 +
Reject messages will be logged in <tt>/var/log/zimbra.log</tt> ; format looks like this:
 +
[date / hostname] postfix/smtpd[####] NOQUEUE: reject: RCPT from [remote mta]: 554 5.7.1 <senders-email@DOMAIN>:
 +
Sender address rejected: Access denied: from=<senders-email@DOMAIN> to=<local-zimbra-user@domain> proto=ESMTP helo=<remote mta>
 +
 
 +
The sender will receive a returned email declaring the rejection.
 +
 
 +
{{Article Footer|ZCS8.7, ZCS 8.6, ZCS 8.0, ZCS 7.0|03/21/2013}}
 +
 
 +
[[Category:Administration]]
 +
[[Category:MTA]]

Latest revision as of 21:56, 7 August 2018

Domain level blocking of users

   KB 2689        Last updated on 2018-08-7  




0.00
(0 votes)

ZCS 8.7 and later

  • Create file /opt/zimbra/common/conf/postfix_reject_sender with the list of email addresses and domains to be rejected in the below format:
  user@domain.com REJECT
  domainX.com REJECT
  • execute the zimbraMtaSmtpdSenderRestrictions
zmprov ms 'yourzimbraservername' +zimbraMtaSmtpdSenderRestrictions "check_sender_access lmdb:/opt/zimbra/conf/postfix_reject_sender"
  • postmap it
/opt/zimbra/common/sbin/postmap /opt/zimbra/conf/postfix_reject_sender

Below mentioned are the steps to "REJECT" an external email address from sending mail to the users of the Zimbra Domain.

See also https://bugzilla.zimbra.com/show_bug.cgi?id=96958

The same results can also be achieved using Amavis via blacklisting.

Set smtpd_sender_restrictions as appropriate for the version of ZCS

ZCS 8.5 and 8.6

Create the postmap database as defined below Modify /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf, by adding this as the second line of the file:

%%contains VAR:zimbraMtaSmtpdSenderRestrictions check_sender_access lmdb:/opt/zimbra/postfix/conf/postfix_reject_sender%%

Then execute:

zmprov ms <zmhostname> +zimbraMtaSmtpdSenderRestrictions "check_sender_access lmdb:/opt/zimbra/postfix/conf/postfix_reject_sender"
  • Create file /opt/zimbra/postfix/conf/postfix_reject_sender with the list of email addresses and domains to be rejected in the below format:
  user@domain.com REJECT
  domainX.com REJECT
  • postmap it and restart postfix
 /opt/zimbra/postfix/sbin/postmap /opt/zimbra/postfix/conf/postfix_reject_sender
 zmmtactl stop && zmmtactl start

ZCS 8.0

Add "check_sender_access hash:/opt/zimbra/postfix/conf/postfix_reject_sender" as the first line of /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf

ZCS 7

zmlocalconfig -e postfix_smtpd_sender_restrictions="check_sender_access hash:/opt/zimbra/postfix/conf/postfix_reject_sender"

Verification

Check the Postfix configuration with postconf | grep smtpd_sender_restrictions

You'll be able to see the changes show up in /opt/zimbra/log/zmconfigd.log .

Reject messages will be logged in /var/log/zimbra.log ; format looks like this:

[date / hostname] postfix/smtpd[####] NOQUEUE: reject: RCPT from [remote mta]: 554 5.7.1 <senders-email@DOMAIN>:
Sender address rejected: Access denied: from=<senders-email@DOMAIN> to=<local-zimbra-user@domain> proto=ESMTP helo=<remote mta>

The sender will receive a returned email declaring the rejection.

Verified Against: ZCS8.7, ZCS 8.6, ZCS 8.0, ZCS 7.0 Date Created: 03/21/2013
Article ID: https://wiki.zimbra.com/index.php?title=Domain_level_blocking_of_users Date Modified: 2018-08-07



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search