Restrict users to certain domain: Difference between revisions
No edit summary |
|||
(5 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
{{Unsupported}} | {{BC|Community Sandbox}} | ||
__FORCETOC__ | |||
<div class="col-md-12 ibox-content"> | |||
=Restrict users to certain domain= | |||
{{KB|{{Unsupported}}|{{ZCS 8.6}}|{{ZCS 8.0}}|}} | |||
{{WIP}} | |||
This document describes how to restrict a list of users for sending emails to limited domains. Other users can send mails anywhere. | This document describes how to restrict a list of users for sending emails to limited domains. Other users can send mails anywhere. | ||
Line 5: | Line 10: | ||
=Restricting users to send mails to certain domains= | =Restricting users to send mails to certain domains= | ||
'''Change all "hash" lines to "lmdb" in 8.5+ versions.''' | |||
1. Enter following in the file “/opt/zimbra/conf/postfix_recipient_restrictions.cf”. Make sure it is entered at the top of the file. | 1. Enter following in the file “/opt/zimbra/conf/postfix_recipient_restrictions.cf”. Make sure it is entered at the top of the file. | ||
Line 13: | Line 20: | ||
''check_sender_access hash:/opt/zimbra/postfix/conf/restricted_senders'' | ''check_sender_access hash:/opt/zimbra/postfix/conf/restricted_senders'' | ||
Note: This line should be added after the reject_non_fqdn_recipient line | Note: This line should be added after the reject_non_fqdn_recipient line<br> | ||
Note: ZCS 8.5 and later use lmdb databases, not hash databases | |||
2. Enter following in "/opt/zimbra/conf/zmmta.cf" | 2. Enter following in "/opt/zimbra/conf/zmmta.cf" | ||
Line 34: | Line 42: | ||
''vi /opt/zimbra/postfix/conf/restricted_senders'' | ''vi /opt/zimbra/postfix/conf/restricted_senders'' | ||
''user@yourdomain.com local_only'' | ''user@yourdomain.com local_only'' | ||
'''Note:''' If you would like to restrict all users of a domain, enter the domainname instead of email ids. For example: | |||
''yourdomain.com local_only'' | |||
5. Create a file "/opt/zimbra/postfix/conf/local_domains" and list all the domains where "restricted users" allowed to sent mails. Please follow this syntax: | 5. Create a file "/opt/zimbra/postfix/conf/local_domains" and list all the domains where "restricted users" allowed to sent mails. Please follow this syntax: | ||
Line 59: | Line 71: | ||
=Related Articles= | =Related Articles= | ||
https://wiki.zimbra.com/wiki/King0770-Notes-Ultra-Restrictive-Sending-And-Receiving#Scenario_II | |||
*[[Restrict_sending_to_certain_domains]] | *[[Restrict_sending_to_certain_domains]] | ||
Latest revision as of 21:14, 15 February 2018
Restrict users to certain domain
This document describes how to restrict a list of users for sending emails to limited domains. Other users can send mails anywhere.
All steps I am doing here as Zimbra user. These steps are verified on ZCS 7.x or older. For ZCS8, looks for specific steps inline.
Restricting users to send mails to certain domains
Change all "hash" lines to "lmdb" in 8.5+ versions.
1. Enter following in the file “/opt/zimbra/conf/postfix_recipient_restrictions.cf”. Make sure it is entered at the top of the file.
ZCS 8.x: Enter in file /opt/zimbra/conf/zmconfigd/smtpd_recipient_restrictions.cf
vi /opt/zimbra/conf/postfix_recipient_restrictions.cf check_sender_access hash:/opt/zimbra/postfix/conf/restricted_senders
Note: This line should be added after the reject_non_fqdn_recipient line
Note: ZCS 8.5 and later use lmdb databases, not hash databases
2. Enter following in "/opt/zimbra/conf/zmmta.cf"
ZCS 8.x: Enter in file /opt/zimbra/conf/zmconfigd.cf
vi /opt/zimbra/conf/zmmta.cf Find the section labeled SECTION mta and enter the following two lines directly below POSTCONF smtpd_restriction_classes local_only POSTCONF local_only FILE postfix_check_recipient_access.cf
3. Create a file "/opt/zimbra/conf/postfix_check_recipient_access.cf"
vi /opt/zimbra/conf/postfix_check_recipient_access.cf check_recipient_access hash:/opt/zimbra/postfix/conf/local_domains, reject
4. Create a file "/opt/zimbra/postfix/conf/restricted_senders" and list all the users, whom you want to restrict. Follow this syntax:
vi /opt/zimbra/postfix/conf/restricted_senders user@yourdomain.com local_only
Note: If you would like to restrict all users of a domain, enter the domainname instead of email ids. For example:
yourdomain.com local_only
5. Create a file "/opt/zimbra/postfix/conf/local_domains" and list all the domains where "restricted users" allowed to sent mails. Please follow this syntax:
vi /opt/zimbra/postfix/conf/local_domains yourdomain.com OK otheralloweddomain.com OK
6. Run following commands:
postmap /opt/zimbra/postfix/conf/restricted_senders postmap /opt/zimbra/postfix/conf/local_domains zmmtactl stop zmmtactl start
After these settings, all the users listed in "/opt/zimbra/postfix/conf/restricted_senders" are restricted to send mails only to domain which are defined in "/opt/zimbra/postfix/conf/local_domains", other are fully allowed to send mails anywhere. These settings will not survive Zimbra upgrades, please make sure that you backup of all these settings while performing upgrades.
Important Note if you need to undo this configuration
Remove the two lines that were added to the zmmta.cf file. Make sure the Postfix setting smtpd_restriction_classes has nothing set.
postconf -e smtpd_restriction_classes=' '
zmmtactl reload
Related Articles
https://wiki.zimbra.com/wiki/King0770-Notes-Ultra-Restrictive-Sending-And-Receiving#Scenario_II