Domain level blocking of users: Difference between revisions

No edit summary
 
(16 intermediate revisions by 3 users not shown)
Line 1: Line 1:
{{ZC}}{{Article Infobox|{{admin}}|{{ZCS 8.6}}|{{ZCS 8.5}}|{{ZCS 8.0}}|{{ZCS 7.0}}|}}
{{BC|Certified}}
__FORCETOC__
<div class="col-md-12 ibox-content">
=Domain level blocking of users=
{{KB|{{ZC}}|{{ZCS 8.8}}|{{ZCS 8.7}}|{{ZCS 8.6}}|}}
 
==ZCS 8.7 and later==
* Create file /opt/zimbra/common/conf/postfix_reject_sender with the list of email addresses and domains to be rejected in the below format:
  user@domain.com REJECT
  domainX.com REJECT
 
* execute the zimbraMtaSmtpdSenderRestrictions
zmprov ms 'yourzimbraservername' +zimbraMtaSmtpdSenderRestrictions "check_sender_access lmdb:/opt/zimbra/conf/postfix_reject_sender"
 
* postmap it
/opt/zimbra/common/sbin/postmap /opt/zimbra/conf/postfix_reject_sender
 
Below mentioned are the steps to "REJECT" an external email address from sending mail to the users of the Zimbra Domain.
Below mentioned are the steps to "REJECT" an external email address from sending mail to the users of the Zimbra Domain.


Line 6: Line 22:
The same results can also be achieved using Amavis via [http://wiki.zimbra.com/index.php?title=Improving_Anti-spam_system#Implementing_Whitelist.2FBlacklist blacklisting].
The same results can also be achieved using Amavis via [http://wiki.zimbra.com/index.php?title=Improving_Anti-spam_system#Implementing_Whitelist.2FBlacklist blacklisting].


1. Set smtpd_sender_restrictions as appropriate for the version of ZCS
Set smtpd_sender_restrictions as appropriate for the version of ZCS
ZCS 7:
zmlocalconfig -e postfix_smtpd_sender_restrictions="hash:/opt/zimbra/conf/postfix_reject_sender"


ZCS 8.0:
==ZCS 8.5 and 8.6==
Add "client_sender_access hash:/opt/zimbra/conf/postfix_reject_sender" as the first line of '''/opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf'''
Create the postmap database as defined below
 
Modify '''/opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf''', by adding this as the second line of the file:
ZCS 8.5 and 8.6:
  %%contains VAR:zimbraMtaSmtpdSenderRestrictions check_sender_access lmdb:/opt/zimbra/postfix/conf/postfix_reject_sender%%
Create the postmap database as defined below
Modify '''/opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf''', by adding this as the second line of the file:
  %%contains VAR:zimbraMtaSmtpdSenderRestrictions check_sender_access lmdb:/opt/zimbra/conf/postfix_reject_sender%%
   
   
Then execute:
Then execute:
  zmprov ms <zmhostname> +zimbraMtaSmtpdSenderRestrictions "client_sender_access lmdb:/opt/zimbra/postfix/conf/postfix_reject_sender"
  zmprov ms <zmhostname> +zimbraMtaSmtpdSenderRestrictions "check_sender_access lmdb:/opt/zimbra/postfix/conf/postfix_reject_sender"


2. Create file /opt/zimbra/conf/postfix_reject_sender with the list of email addresses and domains to be rejected in the below format:
* Create file /opt/zimbra/postfix/conf/postfix_reject_sender with the list of email addresses and domains to be rejected in the below format:
   user@domain.com REJECT
   user@domain.com REJECT
   domainX.com REJECT
   domainX.com REJECT


3. postmap it and restart postfix
* postmap it and restart postfix
   postmap /opt/zimbra/conf/postfix_reject_sender
   /opt/zimbra/postfix/sbin/postmap /opt/zimbra/postfix/conf/postfix_reject_sender
   zmmtactl stop && zmmtactl start
   zmmtactl stop && zmmtactl start
==ZCS 8.0==
Add "check_sender_access hash:/opt/zimbra/postfix/conf/postfix_reject_sender" as the first line of '''/opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf'''
==ZCS 7==
zmlocalconfig -e postfix_smtpd_sender_restrictions="check_sender_access hash:/opt/zimbra/postfix/conf/postfix_reject_sender"
== Verification ==
Check the Postfix configuration with
postconf | grep smtpd_sender_restrictions


You'll be able to see the changes show up in <tt>/opt/zimbra/log/zmconfigd.log</tt> .
You'll be able to see the changes show up in <tt>/opt/zimbra/log/zmconfigd.log</tt> .


Reject messages will be logged in <tt>/var/log/zimbra.log</tt> ; format looks like this:
Reject messages will be logged in <tt>/var/log/zimbra.log</tt> ; format looks like this:
  [date / hostname] postfix/smtpd[####] NOQUEUE: reject: RCPT from [remote mta]: 554 5.7.1 <senders-email@DOMAIN>:
  [date / hostname] postfix/smtpd[####] NOQUEUE: reject: RCPT from [remote mta]: 554 5.7.1 <senders-email@DOMAIN>:
  Sender address rejected: Access denied: from=<senders-email@DOMAIN> to=<local-zimbra-user@domain> proto=ESMTP helo=<remote mta>
  Sender address rejected: Access denied: from=<senders-email@DOMAIN> to=<local-zimbra-user@domain> proto=ESMTP helo=<remote mta>
Line 38: Line 58:
The sender will receive a returned email declaring the rejection.
The sender will receive a returned email declaring the rejection.


{{Article Footer|ZCS 8.5, ZCS 8.0, ZCS 7.0|03/21/2013}}
{{Article Footer|ZCS8.7, ZCS 8.6, ZCS 8.0, ZCS 7.0|03/21/2013}}


[[Category:Administration]]
[[Category:Administration]]
[[Category:MTA]]
[[Category:MTA]]

Latest revision as of 21:56, 7 August 2018

Domain level blocking of users

   KB 2689        Last updated on 2018-08-7  




0.00
(0 votes)

ZCS 8.7 and later

  • Create file /opt/zimbra/common/conf/postfix_reject_sender with the list of email addresses and domains to be rejected in the below format:
  user@domain.com REJECT
  domainX.com REJECT
  • execute the zimbraMtaSmtpdSenderRestrictions
zmprov ms 'yourzimbraservername' +zimbraMtaSmtpdSenderRestrictions "check_sender_access lmdb:/opt/zimbra/conf/postfix_reject_sender"
  • postmap it
/opt/zimbra/common/sbin/postmap /opt/zimbra/conf/postfix_reject_sender

Below mentioned are the steps to "REJECT" an external email address from sending mail to the users of the Zimbra Domain.

See also https://bugzilla.zimbra.com/show_bug.cgi?id=96958

The same results can also be achieved using Amavis via blacklisting.

Set smtpd_sender_restrictions as appropriate for the version of ZCS

ZCS 8.5 and 8.6

Create the postmap database as defined below Modify /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf, by adding this as the second line of the file:

%%contains VAR:zimbraMtaSmtpdSenderRestrictions check_sender_access lmdb:/opt/zimbra/postfix/conf/postfix_reject_sender%%

Then execute:

zmprov ms <zmhostname> +zimbraMtaSmtpdSenderRestrictions "check_sender_access lmdb:/opt/zimbra/postfix/conf/postfix_reject_sender"
  • Create file /opt/zimbra/postfix/conf/postfix_reject_sender with the list of email addresses and domains to be rejected in the below format:
  user@domain.com REJECT
  domainX.com REJECT
  • postmap it and restart postfix
 /opt/zimbra/postfix/sbin/postmap /opt/zimbra/postfix/conf/postfix_reject_sender
 zmmtactl stop && zmmtactl start

ZCS 8.0

Add "check_sender_access hash:/opt/zimbra/postfix/conf/postfix_reject_sender" as the first line of /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf

ZCS 7

zmlocalconfig -e postfix_smtpd_sender_restrictions="check_sender_access hash:/opt/zimbra/postfix/conf/postfix_reject_sender"

Verification

Check the Postfix configuration with postconf | grep smtpd_sender_restrictions

You'll be able to see the changes show up in /opt/zimbra/log/zmconfigd.log .

Reject messages will be logged in /var/log/zimbra.log ; format looks like this:

[date / hostname] postfix/smtpd[####] NOQUEUE: reject: RCPT from [remote mta]: 554 5.7.1 <senders-email@DOMAIN>:
Sender address rejected: Access denied: from=<senders-email@DOMAIN> to=<local-zimbra-user@domain> proto=ESMTP helo=<remote mta>

The sender will receive a returned email declaring the rejection.

Verified Against: ZCS8.7, ZCS 8.6, ZCS 8.0, ZCS 7.0 Date Created: 03/21/2013
Article ID: https://wiki.zimbra.com/index.php?title=Domain_level_blocking_of_users Date Modified: 2018-08-07



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search