https://wiki.zimbra.com/api.php?action=feedcontributions&user=Wcbenyip&feedformat=atomZimbra :: Tech Center - User contributions [en]2024-03-28T11:41:35ZUser contributionsMediaWiki 1.39.0https://wiki.zimbra.com/index.php?title=Restrict_sending_to_certain_domains&diff=52997Restrict sending to certain domains2013-08-28T08:29:36Z<p>Wcbenyip: </p>
<hr />
<div>{{Unsupported}}<br />
<br />
Requirement "users in the sender.allowed.com domain must be<br />
allowed to email only users in the sender.allowed.com or another.allowed.com<br />
domains."<br />
<br />
Here is how to implement that requirement in postfix. If using this elsewhere,<br />
be sure to change the domain name!<br />
<br />
After implementing this, the sender.allowed.com user gets an error<br />
dialog in the web UI when trying to email an outside address:<br />
<br />
At least one address is not valid.<br />
Invalid addresses: joe@example.com<br />
<br />
Postfix generates this error message on rcpt to (clearly we are not<br />
propogating the exact error up, but not a big deal):<br />
<br />
Sender address rejected: Access denied<br />
<br />
Solution is to add a sender restriction, and then define that<br />
restriction to be that only some recipients are OK. This has to be<br />
done on every MTA box. <br />
<br />
a) Populate the sender check table so a recipient restriction is applied on senders from the domain.<br />
<br />
cd /opt/zimbra/conf<br />
echo "sender.allowed.com restrict_tpmail" > tpmail_senders<br />
postmap tpmail_senders<br />
<br />
b) Populate a table which lists who they are allowed to send to<br />
<br />
cd /opt/zimbra/conf<br />
echo "another.allowed.com OK" > tpmail_recipients<br />
echo "sender.allowed.com OK" >> tpmail_recipients<br />
postmap tpmail_recipients<br />
<br />
'' this step is obsolete in newer zimbras<br />
c) add these three line to postfix main.cf:<br />
<br />
smtpd_sender_restrictions = check_sender_access hash:/opt/zimbra/conf/tpmail_senders<br />
smtpd_restriction_classes = restrict_tpmail<br />
restrict_tpmail = check_recipient_access hash:/opt/zimbra/conf/tpmail_recipients, reject''<br />
<br />
c) newer versions of Zimbra edit main.cf every restart, so its better to modify zmmta.cf. add this lines to zmmta.cf:<br />
<br />
'''Remark: For ZCS 8.x, should edit the file in /opt/zimbra/conf/zmconfigd.cf'''<br />
<br />
POSTCONF smtpd_sender_restrictions FILE postfix_sender_restrictions.cf <br />
POSTCONF smtpd_restriction_classes restrict_tpmail<br />
POSTCONF restrict_tpmail FILE postfix_restrict_tpmail.cf<br />
<br />
after this line:<br />
POSTCONF virtual_transport LOCAL postfix_virtual_transport<br />
<br />
d) create two files with the restriction definition inside:<br />
<br />
cd /opt/zimbra/conf<br />
echo "check_sender_access hash:/opt/zimbra/conf/tpmail_senders" > postfix_sender_restrictions.cf<br />
echo "check_recipient_access hash:/opt/zimbra/conf/tpmail_recipients, reject" >> postfix_restrict_tpmail.cf<br />
<br />
done.<br />
<br />
<br />
=Related Articles=<br />
*[[Restrict_users_to_certain_domain]]<br />
*[[RestrictPostfixRecipients]]<br />
<br />
{{Article Footer|unknown|5/24/2006}}<br />
<br />
[[Category:Administration]]</div>Wcbenyip