Difference between revisions of "Restrict users to certain domain"

 
(20 intermediate revisions by 7 users not shown)
Line 1: Line 1:
== '''Restricting users to send mails to certain domains.''' ==
+
{{BC|Community Sandbox}}
 +
__FORCETOC__
 +
<div class="col-md-12 ibox-content">
 +
=Restrict users to certain domain=
 +
{{KB|{{Unsupported}}|{{ZCS 8.6}}|{{ZCS 8.0}}|}}
 +
{{WIP}}
  
 +
This document describes how to restrict a list of users for sending emails to limited domains. Other users can send mails anywhere.
 +
All steps I am doing here as Zimbra user. These steps are verified on ZCS 7.x or older. For ZCS8, looks for specific steps inline.
 +
 +
=Restricting users to send mails to certain domains=
 +
 +
'''Change all "hash" lines to "lmdb" in 8.5+ versions.'''
  
This document describes how to restrict a list of users for sending emails to limited domains. Other users can send mails anywhere.  
+
1. Enter following in the file “/opt/zimbra/conf/postfix_recipient_restrictions.cf”. Make sure it is entered at the top of the file.
Everything I am doing here as Zimbra user.
 
  
'''Enter following in the file /opt/zimbra/conf/postfix_recipient_restrictions.cf”. Make sure it is entered at the top of the file.'''
+
'''ZCS 8.x:''' Enter in file /opt/zimbra/conf/zmconfigd/smtpd_recipient_restrictions.cf
  
 
  ''vi /opt/zimbra/conf/postfix_recipient_restrictions.cf''
 
  ''vi /opt/zimbra/conf/postfix_recipient_restrictions.cf''
 
  ''check_sender_access hash:/opt/zimbra/postfix/conf/restricted_senders''  
 
  ''check_sender_access hash:/opt/zimbra/postfix/conf/restricted_senders''  
  
'''Enter following in "/opt/zimbra/conf/zmmta.cf"'''
+
Note: This line should be added after the reject_non_fqdn_recipient line<br>
 +
Note: ZCS 8.5 and later use lmdb databases, not hash databases
 +
 
 +
2. Enter following in "/opt/zimbra/conf/zmmta.cf"
 +
 
 +
'''ZCS 8.x:''' Enter in file /opt/zimbra/conf/zmconfigd.cf
  
 
  ''vi /opt/zimbra/conf/zmmta.cf''
 
  ''vi /opt/zimbra/conf/zmmta.cf''
 +
''Find the section labeled SECTION mta and enter the following two lines directly below''
 
  ''POSTCONF    smtpd_restriction_classes      local_only''
 
  ''POSTCONF    smtpd_restriction_classes      local_only''
 
  ''POSTCONF    local_only                                FILE  postfix_check_recipient_access.cf''
 
  ''POSTCONF    local_only                                FILE  postfix_check_recipient_access.cf''
  
'''Create a file "/opt/zimbra/conf/postfix_check_recipient_access.cf"'''
+
 
 +
3. Create a file "/opt/zimbra/conf/postfix_check_recipient_access.cf"
  
 
  ''vi /opt/zimbra/conf/postfix_check_recipient_access.cf''
 
  ''vi /opt/zimbra/conf/postfix_check_recipient_access.cf''
 
  ''check_recipient_access hash:/opt/zimbra/postfix/conf/local_domains, reject''
 
  ''check_recipient_access hash:/opt/zimbra/postfix/conf/local_domains, reject''
  
'''Create a file "/opt/zimbra/postfix/conf/restricted_senders" and list all the users, whom you want to restrict. Follow this syntax:'''
+
4. Create a file "/opt/zimbra/postfix/conf/restricted_senders" and list all the users, whom you want to restrict. Follow this syntax:
  
 
  ''vi /opt/zimbra/postfix/conf/restricted_senders''
 
  ''vi /opt/zimbra/postfix/conf/restricted_senders''
 
  ''user@yourdomain.com            local_only''
 
  ''user@yourdomain.com            local_only''
  
'''Create a file "/opt/zimbra/postfix/conf/local_domains" and list all the domains where "restricted users" allowed to sent mails. Please follow this syntax:'''
+
'''Note:''' If you would like to restrict all users of a domain, enter the domainname instead of email ids. For example:
 +
 
 +
''yourdomain.com            local_only''
 +
 
 +
5. Create a file "/opt/zimbra/postfix/conf/local_domains" and list all the domains where "restricted users" allowed to sent mails. Please follow this syntax:
 
      
 
      
 
  ''vi /opt/zimbra/postfix/conf/local_domains''
 
  ''vi /opt/zimbra/postfix/conf/local_domains''
Line 32: Line 53:
 
  ''otheralloweddomain.com      OK''
 
  ''otheralloweddomain.com      OK''
  
'''Run following commands:'''
+
6. Run following commands:
  
 
  ''postmap /opt/zimbra/postfix/conf/restricted_senders''
 
  ''postmap /opt/zimbra/postfix/conf/restricted_senders''
Line 41: Line 62:
 
After these settings, all the users listed in "/opt/zimbra/postfix/conf/restricted_senders" are restricted to send mails only to domain which are defined in "/opt/zimbra/postfix/conf/local_domains", other are fully allowed to send mails anywhere. These settings will not survive Zimbra upgrades, please make sure that you backup of all these settings while performing upgrades.
 
After these settings, all the users listed in "/opt/zimbra/postfix/conf/restricted_senders" are restricted to send mails only to domain which are defined in "/opt/zimbra/postfix/conf/local_domains", other are fully allowed to send mails anywhere. These settings will not survive Zimbra upgrades, please make sure that you backup of all these settings while performing upgrades.
  
'''Important Note if you need to undo this configuration'''
+
= Important Note if you need to undo this configuration =
Remove the two lines that were added to the zmmta.cf file.  
+
 
Make sure the Postfix setting smtpd_restriction_classes has nothing set.  
+
Remove the two lines that were added to the zmmta.cf file. Make sure the Postfix setting smtpd_restriction_classes has nothing set.  
postconf -e smtpd_restriction_classes=''
+
 
zmmtactl reload
+
postconf -e smtpd_restriction_classes=' '
 +
 
 +
zmmtactl reload
 +
 
 +
=Related Articles=
 +
https://wiki.zimbra.com/wiki/King0770-Notes-Ultra-Restrictive-Sending-And-Receiving#Scenario_II
 +
 
 +
*[[Restrict_sending_to_certain_domains]]
 +
 
 +
{{Article Footer|unknown|10/21/2007}}
 +
 
 +
[[Category:Administration]]

Latest revision as of 21:14, 15 February 2018

Restrict users to certain domain

   KB 2265        Last updated on 2018-02-15  




0.00
(0 votes)


This document describes how to restrict a list of users for sending emails to limited domains. Other users can send mails anywhere. All steps I am doing here as Zimbra user. These steps are verified on ZCS 7.x or older. For ZCS8, looks for specific steps inline.

Restricting users to send mails to certain domains

Change all "hash" lines to "lmdb" in 8.5+ versions.

1. Enter following in the file “/opt/zimbra/conf/postfix_recipient_restrictions.cf”. Make sure it is entered at the top of the file.

ZCS 8.x: Enter in file /opt/zimbra/conf/zmconfigd/smtpd_recipient_restrictions.cf

vi /opt/zimbra/conf/postfix_recipient_restrictions.cf
check_sender_access hash:/opt/zimbra/postfix/conf/restricted_senders 

Note: This line should be added after the reject_non_fqdn_recipient line
Note: ZCS 8.5 and later use lmdb databases, not hash databases

2. Enter following in "/opt/zimbra/conf/zmmta.cf"

ZCS 8.x: Enter in file /opt/zimbra/conf/zmconfigd.cf

vi /opt/zimbra/conf/zmmta.cf
Find the section labeled SECTION mta and enter the following two lines directly below
POSTCONF    smtpd_restriction_classes      local_only
POSTCONF    local_only                                 FILE  postfix_check_recipient_access.cf


3. Create a file "/opt/zimbra/conf/postfix_check_recipient_access.cf"

vi /opt/zimbra/conf/postfix_check_recipient_access.cf
check_recipient_access hash:/opt/zimbra/postfix/conf/local_domains, reject

4. Create a file "/opt/zimbra/postfix/conf/restricted_senders" and list all the users, whom you want to restrict. Follow this syntax:

vi /opt/zimbra/postfix/conf/restricted_senders
user@yourdomain.com            local_only

Note: If you would like to restrict all users of a domain, enter the domainname instead of email ids. For example:

yourdomain.com            local_only

5. Create a file "/opt/zimbra/postfix/conf/local_domains" and list all the domains where "restricted users" allowed to sent mails. Please follow this syntax:

vi /opt/zimbra/postfix/conf/local_domains
yourdomain.com                     OK 
otheralloweddomain.com      OK

6. Run following commands:

postmap /opt/zimbra/postfix/conf/restricted_senders
postmap /opt/zimbra/postfix/conf/local_domains 
zmmtactl stop 
zmmtactl start

After these settings, all the users listed in "/opt/zimbra/postfix/conf/restricted_senders" are restricted to send mails only to domain which are defined in "/opt/zimbra/postfix/conf/local_domains", other are fully allowed to send mails anywhere. These settings will not survive Zimbra upgrades, please make sure that you backup of all these settings while performing upgrades.

Important Note if you need to undo this configuration

Remove the two lines that were added to the zmmta.cf file. Make sure the Postfix setting smtpd_restriction_classes has nothing set.

postconf -e smtpd_restriction_classes=' '
zmmtactl reload

Related Articles

https://wiki.zimbra.com/wiki/King0770-Notes-Ultra-Restrictive-Sending-And-Receiving#Scenario_II

Verified Against: unknown Date Created: 10/21/2007
Article ID: https://wiki.zimbra.com/index.php?title=Restrict_users_to_certain_domain Date Modified: 2018-02-15



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search