Restrict sending to certain domains
Requirement "users in the sender.allowed.com domain must be allowed to email only users in the sender.allowed.com or another.allowed.com domains."
Here is how to implement that requirement in postfix. If using this elsewhere, be sure to change the domain name!
After implementing this, the sender.allowed.com user gets an error dialog in the web UI when trying to email an outside address:
At least one address is not valid. Invalid addresses: joe@example.com
Postfix generates this error message on rcpt to (clearly we are not propogating the exact error up, but not a big deal):
Sender address rejected: Access denied
Solution is to add a sender restriction, and then define that restriction to be that only some recipients are OK. This has to be done on every MTA box.
a) Populate the sender check table so a recipient restriction is
applied on senders from the domain.
cd /opt/zimbra/conf echo "sender.allowed.com restrict_tpmail" > tpmail_senders postmap tpmail_senders
b) Populate a table which lists who they are allowed to send to
cd /opt/zimbra/conf echo "another.allowed.com OK" > tpmail_recipients echo "sender.allowed.com OK" >> tpmail_recipients postmap tpmail_recipients
c) add these three line to postfix main.cf:
smtpd_sender_restrictions = check_sender_access hash:/opt/zimbra/conf/tpmail_senders smtpd_restriction_classes = restrict_tpmail restrict_tpmail = check_recipient_access hash:/opt/zimbra/conf/tpmail_recipients, reject