Domain level blocking of users
From Zimbra :: Wiki
|- This is certified documentation and is protected for editing by Zimbra Employees & Moderators only.|
|This article applies to the following ZCS versions.|
Below mentioned are the steps to "REJECT" an external email address from sending mail to the users of the Zimbra Domain.
The same results can also be achieved using Amavis via blacklisting.
1. Set smtpd_sender_restrictions as appropriate for the version of ZCS
ZCS 7: zmlocalconfig -e postfix_smtpd_sender_restrictions="hash:/opt/zimbra/conf/postfix_reject_sender"
ZCS 8.0: Add "client_sender_access hash:/opt/zimbra/conf/postfix_reject_sender" as the first line of /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf
ZCS 8.5 and 8.6: Create the postmap database as defined below Modify /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf, by adding this as the second line of the file: %%contains VAR:zimbraMtaSmtpdSenderRestrictions check_sender_access lmdb:/opt/zimbra/conf/postfix_reject_sender%% Then execute: zmprov ms <zmhostname> +zimbraMtaSmtpdSenderRestrictions "client_sender_access lmdb:/opt/zimbra/postfix/conf/postfix_reject_sender"
2. Create file /opt/zimbra/conf/postfix_reject_sender with the list of email addresses and domains to be rejected in the below format:
firstname.lastname@example.org REJECT domainX.com REJECT
3. postmap it and restart postfix
postmap /opt/zimbra/conf/postfix_reject_sender zmmtactl stop && zmmtactl start
You'll be able to see the changes show up in /opt/zimbra/log/zmconfigd.log .
Reject messages will be logged in /var/log/zimbra.log ; format looks like this:
[date / hostname] postfix/smtpd[####] NOQUEUE: reject: RCPT from [remote mta]: 554 5.7.1 <senders-email@DOMAIN>: Sender address rejected: Access denied: from=<senders-email@DOMAIN> to=<local-zimbra-user@domain> proto=ESMTP helo=<remote mta>
The sender will receive a returned email declaring the rejection.
|Verified Against: ZCS 8.5, ZCS 8.0, ZCS 7.0||Date Created: 03/21/2013|
|Article ID: http://wiki.zimbra.com/index.php?title=Domain_level_blocking_of_users||Date Modified: 03/5/2015|