Restricting Users to Send Emails Locally and Externally

We, sometimes, need to block users to send emails both the internal and external destinations. For example, you are running an email account for receiving CVs only. However, you don’t have to reply them from this account. All the feedback email is maintained from another account. In that case, you may block the user to send emails. It will not impact in email receiving status.

Please follow below guideline to achieve our goal.

Goal: Restricting users to send emails to all internal and external domains.

 

Resolution:

Step 1: Open the file smtpd_sender_restrictions.cf and add the below line at the top.

root@mail:~# vim /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf

%%contains VAR:zimbraMtaSmtpdSenderRestrictions check_sender_access lmdb:/opt/zimbra/common/conf/restricted_senders%%

 

Step 2: Execute the below line as Zimbra user.

zimbra@mail:~$ zmprov ms `zmhostname` +zimbraMtaSmtpdSenderRestrictions "check_sender_access lmdb:/opt/zimbra/common/conf/restricted_senders"

 

Step 3: Open the file zmconfigd.cf and add below line before “RESTART MTA”.

root@mail:~# vim /opt/zimbra/conf/zmconfigd.cf

POSTCONF    smtpd_restriction_classes  local_only

POSTCONF    local_only  FILE  postfix_check_recipient_access.cf

 

Step 4: Create a new file as postfix_check_recipient_access.cf and add the below line.

root@mail:~# touch /opt/zimbra/conf/postfix_check_recipient_access.cf

root@mail:~# vim /opt/zimbra/conf/postfix_check_recipient_access.cf

check_recipient_access lmdb:/opt/zimbra/common/conf/local_domains, reject

 

Step 5: Create a file named restricted_senders and enter the blocked user list as below.

root@mail:~# touch /opt/zimbra/common/conf/restricted_senders

root@mail:~# vim /opt/zimbra/common/conf/restricted_senders

blockeduser@domain.com            local_only

 

Step 6: Create another file named local_domain and keep this file empty.

root@mail:~# touch /opt/zimbra/common/conf/local_domains

As we keep this file empty, restricted users can not send emails towards external, internal domains as well as self.

 

Step 7: Provide necessary permissions and ownerships to the created files.

root@mail:~# chown zimbra:zimbra /opt/zimbra/conf/postfix_check_recipient_access.cf

root@mail:~# chmod 644 /opt/zimbra/conf/postfix_check_recipient_access.cf

root@mail:~# chown :zimbra /opt/zimbra/common/conf/restricted_senders

root@mail:~# chmod 775 /opt/zimbra/common/conf/restricted_senders

root@mail:~# chown :zimbra /opt/zimbra/common/conf/local_domains

root@mail:~# chmod 775 /opt/zimbra/common/conf/local_domains

 

Step 8: Create the database and update it for the newly created files as a Zimbra user.

zimbra@mail:~$ postmap /opt/zimbra/common/conf/restricted_senders

zimbra@mail:~$ postmap /opt/zimbra/common/conf/local_domains

zimbra@mail:~$ zmmtactl stop

zimbra@mail:~$ zmmtactl start

 

Comments

Post a Comment

Popular posts from this blog

Install a Comodo/Sectigo Domain Validation SSL certificate in Zimbra

Objective:  Install a Comodo/Sectigo Domain Validation (DV) SSL certificate in Zimbra. We usually get the below four files from Sectigo in the certificate bundle. The file name may vary depending on the certificate type 1.     yourdomain.com.crt - main certificate 2.     AAACertificateServices.crt – Root Certificate 3.     USERTrustRSAAAACA.crt – Intermediate Certificate - 1 4.     SectigoRSADomainValidationSecureServerCA.crt - Intermediate Certificate - 2 Step 1:  We shall create two files as below. commercial_ca.crt (includes root certificate and two intermediate certificates) commercial.crt (includes main certificate, root certificate and two intermediate certificates) Step 2:  Login to Zimbra server, move to directory /opt/zimbra/ssl/zimbra/commercial and create two files as below. root@mail:~# cd /opt/zimbra/ssl/zimbra/commercial/ root@mail:/opt/zimbra/ssl/zimbra/comme...
Read more

Adding DKIM record (1024 bit) in Zimbra

Image
Email security is very important now a days. We always look for inbound email security. However, it is very much important to enhance security for outbound emails too for successful email delivery to the recipient inbox. DomainKeys Identified Mail (DKIM) provides an organization to take responsibility for a message that is in transit. The sending server reputation is responsible for successful email delivery. DKIM provides the message is not being altered in the transmission of message till delivery of it. Technically DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication. In some cases, we have generate 1024 bit DKIM key due to old Zimbra version or lack of support 2048 bit key in DNS servers. The below steps should be performed to achieve the goal of publishing 1024 bit DKIM key. Generate DKIM Key: DKIM signing is done at the domain level, including alias domains. Setting up signing consists of two p...
Read more

Recipient Limit of a Message in Zimbra

Image
We received some complaints from one of our customers regarding problem of sending email, especially rate limit, to Gmail. After some diagnosis, we found that the users keep 70-80 email addresses in TO/CC/BCC. In order to restrict users to send emails on such accounts at a time, we implemented a policy. After executing this policy, users shall not be able to add more than 10 email addresses in a message. root@mail:~# su – zimbra Check the current limit: zimbra@mail:~$ postconf | grep smtpd_recipient_limit  smtpd_recipient_limit = 1000     ##This is the default recipient limit zimbra@mail:~$ postconf -e 'smtpd_recipient_limit = 10'   It will restrict the recipient limit to 10. You may adjust the number based on your scenario. To apply settings. zimbra@mail:~$ postfix reload After applying this settings, you will get an error while sending a message greater than the threshold value (in this case: 10). It is also t...
Read more