Difference between revisions of "RestrictPostfixRecipients"

(Adding unsupported template and changes to formatting)
Line 1: Line 1:
 +
{{Unsupported}}
 +
 
=Restrict Postfix Recipients=
 
=Restrict Postfix Recipients=
 
* This will show how you can modify postfix to restrict who can send to certain addresses in your domain such as distribution lists like all@mydomain.com
 
* This will show how you can modify postfix to restrict who can send to certain addresses in your domain such as distribution lists like all@mydomain.com
Line 79: Line 81:
  
 
=Additional Resources=
 
=Additional Resources=
 
+
* [[Restrict_sending_to_certain_domains]]
Also:
 
http://wiki.zimbra.com/index.php?title=Restrict_sending_to_certain_domains
 
  
 
{{Article_Footer|unknown|11/3/2006}}
 
{{Article_Footer|unknown|11/3/2006}}
 
[[Category:Configuration]]
 
[[Category:Configuration]]
 
[[Category:MTA]]
 
[[Category:MTA]]

Revision as of 22:30, 1 February 2010


Restrict Postfix Recipients

  • This will show how you can modify postfix to restrict who can send to certain addresses in your domain such as distribution lists like all@mydomain.com
  • These changes will most likely not persist between upgrades! (UPDATE: Just updated to 4.0.4 and the only thing that was wiped out was the change to /opt/zimbra/conf/postfix_recipient_restrictions.cf. Also, permissions on files created in /opt/zimbra/postfix/conf got changed.)
  • This method can be spoofed by forging the MAIL FROM: header (so mail appears to originate from within the domain), so it isn't foolproof, but it works for basic needs.

Steps

  • Create a 'permitted senders' list (as user zimbra) - This is your list of domains and/or users who can email your protected email addresses:
vi /opt/zimbra/postfix/conf/permitted_senders

[paste in contents below editing as required]

localhost               OK
mydomain.com            OK
zimbra.mydomain.com     OK
okuser@externaldom.com  OK
  • Create a 'protected recipients' list (as user zimbra) - This is your list of email addresses that may only receive email from 'permitted senders'
vi /opt/zimbra/postfix/conf/protected_recipients

[paste in contents below editing as required]

test-dist-list@mydomain.com         permitted_senders_list
protected-user@mydomain.com         permitted_senders_list 
  • Create a simple bash script to create postfix DB files (as user zimbra):
vi /opt/zimbra/postfix/conf/update_protected_recipients

[paste in contents below editing as required]

#!/bin/bash
echo "rebuild permitted_senders..."
postmap /opt/zimbra/postfix/conf/permitted_senders
echo "rebuild protected_recipients..."
postmap /opt/zimbra/postfix/conf/protected_recipients
  • Make new script executable, then run it
chmod 755 /opt/zimbra/postfix/conf/update_protected_recipients
/opt/zimbra/postfix/conf/update_protected_recipients
  • You should now see permitted_senders.db and protected_recipients.db in the directory
  • Add necessary settings to /opt/zimbra/postfix/conf/main.cf
vi /opt/zimbra/postfix/conf/main.cf

[add these items to the file - note permitted_senders_list must match value in protected_recipients]

permitted_senders_list = check_sender_access hash:/opt/zimbra/postfix/conf/permitted_senders, reject
smtpd_restriction_classes = permitted_senders_list
 **Note this change to the main.cf won't survive upgrades. Be sure to save a copy of your main.cf file**
  • Now add your new restriction to the top of postfix_recipient_restrictions.cf
vi /opt/zimbra/conf/postfix_recipient_restrictions.cf

[paste this into the first line of the file, above any other settings]

check_recipient_access hash:/opt/zimbra/postfix/conf/protected_recipients
  • Reload postfix to activate settings:
postfix reload

Note 3 from talk: files ownership should be set to root:postfix before reloading postfix. This avoids annoying warning messages in logfile.

Test it out

  • Test your settings via telnet:

Enter command:

telnet zimbra.mydomain.com 25

You will see:

Trying 192.168.1.1...
Connected to zimbra.mydomain.com.
Escape character is '^]'.
220 zimbra.mydomain.com ESMTP Postfix

Enter command:

HELO test.com

You will see:

250 zimbra.mydomain.com

Enter command:

MAIL FROM: jdoe@test.com

You will see:

250 Ok

Enter command:

RCPT TO: test-dist-list@mydomain.com

You will see:

554 <test-dist-list@mydomain.com>: Recipient address rejected: Access denied
QUIT
221 Bye
Connection closed by foreign host.
  • That's it. If you need to protect new distribution lists or emails, or add new senders, just edit and re-run the update script, then reload postfix.

Additional Resources

Verified Against: unknown Date Created: 11/3/2006
Article ID: https://wiki.zimbra.com/index.php?title=RestrictPostfixRecipients Date Modified: 2010-02-01



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search