Domain level blocking of users

Domain level blocking of users

   KB 2689        Last updated on 03/6/2016  




0.00
(0 votes)
Article-check.png  - This is certified documentation and is protected for editing by Zimbra Employees & Moderators only.

Below mentioned are the steps to "REJECT" an external email address from sending mail to the users of the Zimbra Domain.

See also https://bugzilla.zimbra.com/show_bug.cgi?id=96958

The same results can also be achieved using Amavis via blacklisting.

Set smtpd_sender_restrictions as appropriate for the version of ZCS

ZCS 7

zmlocalconfig -e postfix_smtpd_sender_restrictions="check_sender_access hash:/opt/zimbra/postfix/conf/postfix_reject_sender"

ZCS 8.0

Add "check_sender_access hash:/opt/zimbra/postfix/conf/postfix_reject_sender" as the first line of /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf

ZCS 8.5 and 8.6

Create the postmap database as defined below Modify /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf, by adding this as the second line of the file:

%%contains VAR:zimbraMtaSmtpdSenderRestrictions check_sender_access lmdb:/opt/zimbra/postfix/conf/postfix_reject_sender%%

Then execute:

zmprov ms <zmhostname> +zimbraMtaSmtpdSenderRestrictions "check_sender_access lmdb:/opt/zimbra/postfix/conf/postfix_reject_sender"
  • Create file /opt/zimbra/postfix/conf/postfix_reject_sender with the list of email addresses and domains to be rejected in the below format:
  user@domain.com REJECT
  domainX.com REJECT
  • postmap it and restart postfix
 /opt/zimbra/postfix/sbin/postmap /opt/zimbra/postfix/conf/postfix_reject_sender
 zmmtactl stop && zmmtactl start

Check the Postfix configuration with postconf | grep smtpd_sender_restrictions

You'll be able to see the changes show up in /opt/zimbra/log/zmconfigd.log .

Reject messages will be logged in /var/log/zimbra.log ; format looks like this:

[date / hostname] postfix/smtpd[####] NOQUEUE: reject: RCPT from [remote mta]: 554 5.7.1 <senders-email@DOMAIN>:
Sender address rejected: Access denied: from=<senders-email@DOMAIN> to=<local-zimbra-user@domain> proto=ESMTP helo=<remote mta>

The sender will receive a returned email declaring the rejection.

Verified Against: ZCS 8.5, ZCS 8.0, ZCS 7.0 Date Created: 03/21/2013
Article ID: https://wiki.zimbra.com/index.php?title=Domain_level_blocking_of_users Date Modified: 03/6/2016



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search