Smtpd recipient restrictions: Difference between revisions
(To allow a user to receive emails specific users/domains. Example: user2@recipient.com will receive emails only from @recipient.com, @example.com and usera@domain.com) |
|||
(One intermediate revision by the same user not shown) | |||
Line 5: | Line 5: | ||
====Requirement==== | ====Requirement==== | ||
: Restrict a user | : Restrict a user, receiving emails from all and allow from mentioned domains/users only. This can be done per user or domain. | ||
====Steps to follow==== | ====Steps to follow==== | ||
Line 55: | Line 55: | ||
: Notes: | : Notes: | ||
:: Run all the commands as Zimbra user (su - zimbra). | :: Run all the commands as Zimbra user (su - zimbra). | ||
:: Take backup of respective files before edit. | :: Take a backup of respective files before the edit. | ||
====Validation==== | |||
: If email got from the unallowed sender | |||
: [zimbra.log] | |||
: <pre>postfix/smtpd[19610]: NOQUEUE: reject: RCPT from unknown[Sender IP address]: 554 5.7.1 <user@recipient.com>: Recipient address rejected: Access denied; from=<user@sender.com> to=<user@recipient.com> proto=ESMTP helo=<Sender hostname></pre> | |||
{{SubmittedBy|Raghu Noti}} | {{SubmittedBy|Raghu Noti}} | ||
{{Article Footer|ZCS 8.8.15, ZCS 9.0|2020-09-27}} | {{Article Footer|ZCS 8.8.15, ZCS 9.0|2020-09-27}} |
Revision as of 10:39, 27 September 2020
Smtpd recipient restrictions
- This article is a Work in Progress, and may be unfinished or missing sections.
Requirement
- Restrict a user, receiving emails from all and allow from mentioned domains/users only. This can be done per user or domain.
Steps to follow
Setp-1
- Edit "/opt/zimbra/conf/zmconfigd/smtpd_recipient_restrictions.cf"
- Add below line right after "%%contains VAR:zimbraServiceEnabled cbpolicyd, check_policy_service inet:localhost:@@cbpolicyd_bind_port@@%%"
check_recipient_access lmdb:/opt/zimbra/conf/protected_recipients
Step-2
- Create empty fille
touch /opt/zimbra/conf/protected_recipients
Step-3
- Add the entry like below to the "/opt/zimbra/conf/protected_recipients", for whom you want to protect.
usera@recipient.com permitted_senders_list
- Notes:
- If the domain (i.e.: recipient.com) mentioned then this rule will apply to all the users of recipient.
- permitted_senders_list is a class name we use this in main.cf file.
Step-4
- Create empty file
touch /opt/zimbra/conf/permitted_senders
Step-5
- Add the entry like below to the "/opt/zimbra/conf/permitted_senders", whom you want to allow to send an email to protected recipients.
user@sender.com ok sender2.com ok
- Notes:
- Add the home domain to accept emails from the same domain(i.e.: recipient.com).
- If a domain mentioned then entire domain will be allowed.
Step-6
- Generate lmdb files for permitted sender & recipients by running below commands.
postmap lmdb:/opt/zimbra/conf/permitted_senders postmap lmdb:/opt/zimbra/conf/protected_recipients
- Note:
- To keep lmdb files updated, postmap should be executed whenever protected sender/recipients modified.
Step-7
- Edit "/opt/zimbra/common/conf/main.cf" and add below lines at the end.
smtpd_restriction_classes = permitted_senders_list permitted_senders_list = check_sender_access lmdb:/opt/zimbra/conf/permitted_senders, reject
Step-8
- Restart Configd, MTA.
zmconfigdctl restart zmmtactl restart
- Notes:
- Run all the commands as Zimbra user (su - zimbra).
- Take a backup of respective files before the edit.
Validation
- If email got from the unallowed sender
- [zimbra.log]
postfix/smtpd[19610]: NOQUEUE: reject: RCPT from unknown[Sender IP address]: 554 5.7.1 <user@recipient.com>: Recipient address rejected: Access denied; from=<user@sender.com> to=<user@recipient.com> proto=ESMTP helo=<Sender hostname>
Submitted by: Raghu Noti |