Restrict sending to certain domains

Revision as of 01:48, 25 May 2006 by KevinH (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Requirement "users in the sender.allowed.com domain must be allowed to email only users in the sender.allowed.com or another.allowed.com domains."

Here is how to implement that requirement in postfix. If using this elsewhere, be sure to change the domain name!

After implementing this, the sender.allowed.com user gets an error dialog in the web UI when trying to email an outside address:

  At least one address is not valid.
  Invalid addresses: joe@example.com

Postfix generates this error message on rcpt to (clearly we are not propogating the exact error up, but not a big deal):

  Sender address rejected: Access denied

Solution is to add a sender restriction, and then define that restriction to be that only some recipients are OK. This has to be done on every MTA box.

a) Populate the sender check table so a recipient restriction is

  applied on senders from the domain.
    cd /opt/zimbra/conf
    echo "sender.allowed.com restrict_tpmail" > tpmail_senders
    postmap tpmail_senders

b) Populate a table which lists who they are allowed to send to

    cd /opt/zimbra/conf
    echo "another.allowed.com OK" > tpmail_recipients
    echo "sender.allowed.com OK" >> tpmail_recipients
    postmap tpmail_recipients

c) add these three line to postfix main.cf:

    smtpd_sender_restrictions = check_sender_access hash:/opt/zimbra/conf/tpmail_senders
    smtpd_restriction_classes = restrict_tpmail
    restrict_tpmail = check_recipient_access hash:/opt/zimbra/conf/tpmail_recipients, reject
Jump to: navigation, search