Domain level blocking of users: Difference between revisions
mNo edit summary |
|||
(29 intermediate revisions by 6 users not shown) | |||
Line 1: | Line 1: | ||
Below mentioned are the steps to "REJECT" an external email address from sending mail to the users of the Zimbra Domain. | {{BC|Certified}} | ||
__FORCETOC__ | |||
<div class="col-md-12 ibox-content"> | |||
=Domain level blocking of users= | |||
{{KB|{{ZC}}|{{ZCS 8.8}}|{{ZCS 8.7}}|{{ZCS 8.6}}|}} | |||
==ZCS 8.7 and later== | |||
* Create file /opt/zimbra/common/conf/postfix_reject_sender with the list of email addresses and domains to be rejected in the below format: | |||
user@domain.com REJECT | |||
domainX.com REJECT | |||
* execute the zimbraMtaSmtpdSenderRestrictions | |||
zmprov ms 'yourzimbraservername' +zimbraMtaSmtpdSenderRestrictions "check_sender_access lmdb:/opt/zimbra/conf/postfix_reject_sender" | |||
* postmap it | |||
/opt/zimbra/common/sbin/postmap /opt/zimbra/conf/postfix_reject_sender | |||
Below mentioned are the steps to "REJECT" an external email address from sending mail to the users of the Zimbra Domain. | |||
See also https://bugzilla.zimbra.com/show_bug.cgi?id=96958 | |||
The same results can also be achieved using Amavis via [http://wiki.zimbra.com/index.php?title=Improving_Anti-spam_system#Implementing_Whitelist.2FBlacklist blacklisting]. | The same results can also be achieved using Amavis via [http://wiki.zimbra.com/index.php?title=Improving_Anti-spam_system#Implementing_Whitelist.2FBlacklist blacklisting]. | ||
Set smtpd_sender_restrictions as appropriate for the version of ZCS | |||
==ZCS 8.5 and 8.6== | |||
Create the postmap database as defined below | |||
Modify '''/opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf''', by adding this as the second line of the file: | |||
%%contains VAR:zimbraMtaSmtpdSenderRestrictions check_sender_access lmdb:/opt/zimbra/postfix/conf/postfix_reject_sender%% | |||
Then execute: | |||
zmprov ms <zmhostname> +zimbraMtaSmtpdSenderRestrictions "check_sender_access lmdb:/opt/zimbra/postfix/conf/postfix_reject_sender" | |||
* Create file /opt/zimbra/postfix/conf/postfix_reject_sender with the list of email addresses and domains to be rejected in the below format: | |||
user@domain.com REJECT | |||
domainX.com REJECT | |||
* postmap it and restart postfix | |||
/opt/zimbra/postfix/sbin/postmap /opt/zimbra/postfix/conf/postfix_reject_sender | |||
zmmtactl stop && zmmtactl start | |||
==ZCS 8.0== | |||
Add "check_sender_access hash:/opt/zimbra/postfix/conf/postfix_reject_sender" as the first line of '''/opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf''' | |||
==ZCS 7== | |||
zmlocalconfig -e postfix_smtpd_sender_restrictions="check_sender_access hash:/opt/zimbra/postfix/conf/postfix_reject_sender" | |||
== Verification == | |||
Check the Postfix configuration with | |||
postconf | grep smtpd_sender_restrictions | |||
You'll be able to see the changes show up in <tt>/opt/zimbra/log/zmconfigd.log</tt> . | |||
Reject messages will be logged in <tt>/var/log/zimbra.log</tt> ; format looks like this: | |||
[date / hostname] postfix/smtpd[####] NOQUEUE: reject: RCPT from [remote mta]: 554 5.7.1 <senders-email@DOMAIN>: | |||
Sender address rejected: Access denied: from=<senders-email@DOMAIN> to=<local-zimbra-user@domain> proto=ESMTP helo=<remote mta> | |||
The sender will receive a returned email declaring the rejection. | |||
{{Article Footer| | {{Article Footer|ZCS8.7, ZCS 8.6, ZCS 8.0, ZCS 7.0|03/21/2013}} | ||
[[Category:Administration]] | [[Category:Administration]] | ||
[[Category:MTA]] |
Latest revision as of 21:56, 7 August 2018
Domain level blocking of users
ZCS 8.7 and later
- Create file /opt/zimbra/common/conf/postfix_reject_sender with the list of email addresses and domains to be rejected in the below format:
user@domain.com REJECT domainX.com REJECT
- execute the zimbraMtaSmtpdSenderRestrictions
zmprov ms 'yourzimbraservername' +zimbraMtaSmtpdSenderRestrictions "check_sender_access lmdb:/opt/zimbra/conf/postfix_reject_sender"
- postmap it
/opt/zimbra/common/sbin/postmap /opt/zimbra/conf/postfix_reject_sender
Below mentioned are the steps to "REJECT" an external email address from sending mail to the users of the Zimbra Domain.
See also https://bugzilla.zimbra.com/show_bug.cgi?id=96958
The same results can also be achieved using Amavis via blacklisting.
Set smtpd_sender_restrictions as appropriate for the version of ZCS
ZCS 8.5 and 8.6
Create the postmap database as defined below Modify /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf, by adding this as the second line of the file:
%%contains VAR:zimbraMtaSmtpdSenderRestrictions check_sender_access lmdb:/opt/zimbra/postfix/conf/postfix_reject_sender%%
Then execute:
zmprov ms <zmhostname> +zimbraMtaSmtpdSenderRestrictions "check_sender_access lmdb:/opt/zimbra/postfix/conf/postfix_reject_sender"
- Create file /opt/zimbra/postfix/conf/postfix_reject_sender with the list of email addresses and domains to be rejected in the below format:
user@domain.com REJECT domainX.com REJECT
- postmap it and restart postfix
/opt/zimbra/postfix/sbin/postmap /opt/zimbra/postfix/conf/postfix_reject_sender zmmtactl stop && zmmtactl start
ZCS 8.0
Add "check_sender_access hash:/opt/zimbra/postfix/conf/postfix_reject_sender" as the first line of /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf
ZCS 7
zmlocalconfig -e postfix_smtpd_sender_restrictions="check_sender_access hash:/opt/zimbra/postfix/conf/postfix_reject_sender"
Verification
Check the Postfix configuration with postconf | grep smtpd_sender_restrictions
You'll be able to see the changes show up in /opt/zimbra/log/zmconfigd.log .
Reject messages will be logged in /var/log/zimbra.log ; format looks like this:
[date / hostname] postfix/smtpd[####] NOQUEUE: reject: RCPT from [remote mta]: 554 5.7.1 <senders-email@DOMAIN>: Sender address rejected: Access denied: from=<senders-email@DOMAIN> to=<local-zimbra-user@domain> proto=ESMTP helo=<remote mta>
The sender will receive a returned email declaring the rejection.