https://wiki.zimbra.com/api.php?action=feedcontributions&user=Daniel+Siminiuk&feedformat=atomZimbra :: Tech Center - User contributions [en]2024-03-29T15:53:50ZUser contributionsMediaWiki 1.39.0https://wiki.zimbra.com/index.php?title=Domain_level_blocking_of_users&diff=59301Domain level blocking of users2015-05-17T15:59:50Z<p>Daniel Siminiuk: Fixed mismatched key and non-aligning file paths to the db file.</p>
<hr />
<div>{{ZC}}{{Article Infobox|{{admin}}|{{ZCS 8.6}}|{{ZCS 8.5}}|{{ZCS 8.0}}|{{ZCS 7.0}}|}}<br />
Below mentioned are the steps to "REJECT" an external email address from sending mail to the users of the Zimbra Domain.<br />
<br />
See also https://bugzilla.zimbra.com/show_bug.cgi?id=96958<br />
<br />
The same results can also be achieved using Amavis via [http://wiki.zimbra.com/index.php?title=Improving_Anti-spam_system#Implementing_Whitelist.2FBlacklist blacklisting].<br />
<br />
1. Set smtpd_sender_restrictions as appropriate for the version of ZCS<br />
ZCS 7:<br />
zmlocalconfig -e postfix_smtpd_sender_restrictions="hash:/opt/zimbra/postfix/conf/postfix_reject_sender"<br />
<br />
ZCS 8.0:<br />
Add "client_sender_access hash:/opt/zimbra/postfix/conf/postfix_reject_sender" as the first line of '''/opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf'''<br />
<br />
ZCS 8.5 and 8.6:<br />
Create the postmap database as defined below<br />
Modify '''/opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf''', by adding this as the second line of the file:<br />
%%contains VAR:zimbraMtaSmtpdSenderRestrictions check_sender_access lmdb:/opt/zimbra/postfix/conf/postfix_reject_sender%%<br />
<br />
Then execute:<br />
zmprov ms <zmhostname> +zimbraMtaSmtpdSenderRestrictions "check_sender_access lmdb:/opt/zimbra/postfix/conf/postfix_reject_sender"<br />
<br />
2. Create file /opt/zimbra/postfix/conf/postfix_reject_sender with the list of email addresses and domains to be rejected in the below format:<br />
user@domain.com REJECT<br />
domainX.com REJECT<br />
<br />
3. postmap it and restart postfix<br />
/opt/zimbra/postfix/sbin/postmap /opt/zimbra/postfix/conf/postfix_reject_sender<br />
zmmtactl stop && zmmtactl start<br />
<br />
Check the Postfix configuration with <br />
postconf | grep smtpd_sender_restrictions<br />
<br />
You'll be able to see the changes show up in <tt>/opt/zimbra/log/zmconfigd.log</tt> .<br />
<br />
Reject messages will be logged in <tt>/var/log/zimbra.log</tt> ; format looks like this:<br />
<br />
[date / hostname] postfix/smtpd[####] NOQUEUE: reject: RCPT from [remote mta]: 554 5.7.1 <senders-email@DOMAIN>:<br />
Sender address rejected: Access denied: from=<senders-email@DOMAIN> to=<local-zimbra-user@domain> proto=ESMTP helo=<remote mta><br />
<br />
The sender will receive a returned email declaring the rejection.<br />
<br />
{{Article Footer|ZCS 8.5, ZCS 8.0, ZCS 7.0|03/21/2013}}<br />
<br />
[[Category:Administration]]<br />
[[Category:MTA]]</div>Daniel Siminiuk