Restricting Users from Sending Mails to External Domains

-
This method is based on command line. We begin this process by modifying the config file called /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf. Inside this file, we add the following line at the top:

    check_sender_access lmdb:/opt/zimbra/postfix/conf/restricted_senders

Next, let’s modify another config file (/opt/zimbra/conf/zmconfigd.cf), in which we define a class representing users who can only send internal mails. While modifying this file, we need to add following lines withing SECTION mta just before RESTART mta.


POSTCONF smtpd_restriction_classes local_only
POSTCONF local_only FILE postfix_check_recipient_access.cf
[zimbra@mail ~]# vi /opt/zimbra/conf/postfix_check_recipient_access.cf
check_recipient_access lmdb:/opt/zimbra/postfix/conf/local_domains, reject


Now, we need to create two files: one for local users and other for local domains.


[zimbra@mail ~]# vi /opt/zimbra/postfix/conf/restricted_senders
local.user1@sajjan.com.np    local_only
local.user2@sajjan.com.np    local_only
[zimbra@mail ~]# vi /opt/zimbra/postfix/conf/local_domains
sajjan.com.np            OK


Finally, to implement the changes, we need to map the config files to postifx and then restart the MTA service.


[zimbra@mail ~]# postmap /opt/zimbra/postfix/conf/restricted_senders
[zimbra@mail ~]# postmap /opt/zimbra/postfix/conf/local_domains
[zimbra@mail ~]# zmmtactl restart


This completes this blog post. I hope this is useful. Please let me know of your queries or suggestions in the Comment Section below. Thank you for reading!


Ref:

https://blog.sajjan.com.np/2016/08/16/restrict-zimbra-user-send-receive-external-mails/

Comments

Post a Comment

Popular posts from this blog

Cambium cnPilot E400/E410/E500 Configuration Tutorial

-
Image
Basic Connectivity:   Router (Broadband/mikrotik |dhcp enabled) >>> E400/E410/E500 + LAPTOP Cambium (Powered ON) [POE port] >>>> LAPTOP [LAN port] Step 1: Open Cambium controller in the browser. Step 2: After entering in to the site click on the Onboard Device option from Home Tab of Left Panel. Step 3: In the Onboard Option, we will get Claim Device option to adopt a Cambium AP. Step 4: Now we will move to the Cambium AP configuration Part. Below are credentials of default login access of cnpilot E400/E410/E500/E410/E500. IP:192.168.0.1 Command Line Access: Username: admin Telnet: Disabled by default Password: admin SSH: Enabled by default (on standard port: 22) ***We can also use dhcp IP to login to the cnpilot E400/E410/E500. We will get login page. Step 5: We can see several TAB on left panel. On the DashBoard Tab, we will get some overall information. Some are useful for the configuration; some are useful for troubleshoo...
Read more

Disabling Zimbra's AntiSpam, Amavis and AntiVirus filtering

-
 Check whether antispam and antivirus service is enabled currently on server using the given command zmprov -l gs <mail.example.com> | egrep -i 'serviceen|servicein'  The above command will list all the services which are currently installed and enabled on the server. Disable the antivirus and antispam services using the given commands zmprov -l ms <mail.example.com> -zimbraServiceEnabled antispam  zmprov -l ms <mail.example.com> -zimbraServiceEnabled amavis zmprov -l ms <mail.example.com> -zimbraServiceEnabled antivirus  Comment the following line in the file /opt/zimbra/postfix/conf/main.cf content_filter = smtp-amavis:[127.0.0.1]:10024  Restart services on server zmcontrol restart  Confirm that the antispam and antivirus services are disabled with the given command zmprov -l gs <mail.example.com> | egrep -i 'serviceen|servicein'  zmcontrol status 
Read more

Error "Unable to retrive Zimbra GPG key for package validation"

-
From the installation log we see: Executing: /tmp/tmp.mSlzRMclVa/gpg.1.sh --keyserver keyserver.ubuntu.com --recv-keys 9BE6ED79 gpg: requesting key 9BE6ED79 from hkp server keyserver.ubuntu.com gpg: keyserver timed out gpg: keyserver receive failed: keyserver error 1. Open port 11371 11371 tcp,udp hkp OpenPGP HTTP Keyserver 2. Force it to use port 80: gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 9BE6ED79 Ref: https://wiki.zimbra.com/wiki/Error_%22Unable_to_retrive_Zimbra_GPG_key_for_package_validation%22
Read more