Restrict sending to certain domains

Revision as of 01:48, 25 May 2006 by KevinH (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Requirement "users in the domain must be allowed to email only users in the or domains."

Here is how to implement that requirement in postfix. If using this elsewhere, be sure to change the domain name!

After implementing this, the user gets an error dialog in the web UI when trying to email an outside address:

  At least one address is not valid.
  Invalid addresses:

Postfix generates this error message on rcpt to (clearly we are not propogating the exact error up, but not a big deal):

  Sender address rejected: Access denied

Solution is to add a sender restriction, and then define that restriction to be that only some recipients are OK. This has to be done on every MTA box.

a) Populate the sender check table so a recipient restriction is

  applied on senders from the domain.
    cd /opt/zimbra/conf
    echo " restrict_tpmail" > tpmail_senders
    postmap tpmail_senders

b) Populate a table which lists who they are allowed to send to

    cd /opt/zimbra/conf
    echo " OK" > tpmail_recipients
    echo " OK" >> tpmail_recipients
    postmap tpmail_recipients

c) add these three line to postfix

    smtpd_sender_restrictions = check_sender_access hash:/opt/zimbra/conf/tpmail_senders
    smtpd_restriction_classes = restrict_tpmail
    restrict_tpmail = check_recipient_access hash:/opt/zimbra/conf/tpmail_recipients, reject
Jump to: navigation, search