How to restrict users to send only mail to the local domain in Zimbra

How to restrict users to send only mail to the local domain in Zimbra
1. Open file /opt/zimbra/conf/zmconfigd/smtpd_recipient_restrictions.cf and add this line below reject_non_fqdn_recipient. This is example on my system
permit_sasl_authenticated
check_sender_access lmdb:/opt/zimbra/postfix/conf/restricted_senders
permit_mynetworks
2. Open file /opt/zimbra/conf/zmconfigd.cf and add those lines before RESTART mta. This is example on my system
POSTCONF    smtpd_restriction_classes  local_only
POSTCONF    local_only  FILE  postfix_check_recipient_access.cf
RESTART mta
3. Create a file /opt/zimbra/conf/postfix_check_recipient_access.cf and add the following line. 
check_recipient_access lmdb:/opt/zimbra/postfix/conf/local_domains, reject
4. Create a file "/opt/zimbra/postfix/conf/restricted_senders" and list all the users, whom you want to restrict. Follow this syntax:
user@yourdomain.com            local_only
5. Create a file "/opt/zimbra/postfix/conf/local_domains" and list all the domains where "restricted users" allowed to sent mails. Please follow this syntax:
yourdomain.com              OK 
otheralloweddomain.com      OK
6. Run following commands :
postmap /opt/zimbra/postfix/conf/restricted_senders
postmap /opt/zimbra/postfix/conf/local_domains 
zmmtactl stop 
zmmtactl start
Now, you can test to sending email to allow domain and not allow. If you add another user to /opt/zimbra/postfix/conf/restricted_senders, don't forget to running again point 6. 

Comments

  1. JulioOctober 14, 2019 at 12:54 PM

    This work ok zimbra 8.8.12 FOSS?

    ReplyDelete
  2. Mario GamboaOctober 15, 2019 at 1:52 AM

    Hi Julio yes works also on 8.8.12 just to let you know every time you upgrade zimbra you need to make this process again

    Kind Regards
    Mario Gamboa

    ReplyDelete

Post a Comment

Popular posts from this blog

How to clean all the foreman task and locked task

1.- First make su to postgres user su -s /bin/bash - postgres  2.-Execute psql psql  3.- connect to the foreman database \c foreman;  4.- Delete all the foreman task and foreman task locks delete from foreman_tasks_tasks;  delete from foreman_tasks_locks;  5.- Quit from postgres and exit \q  exit  6. Restart all the services for s in {qpidd,pulp_celerybeat,pulp_ resource_manager,pulp_workers, httpd}; do sudo service $s restart; done  Update in todays foreman you can clean the task using the following command: foreman-rake foreman_tasks:cleanup
Read more

Hardening Script

#!/bin/bash function set_parameter { sed -i -e "s|^$2.*|$2$3|" $1 egrep "^$2*" $1 > /dev/null ||echo "$2$3" >> $1 } #--------------------------------------------------------------------------------------------------------------- function add_line { egrep "^$2" $1 > /dev/null || echo "$2" >> $1 } #--------------------------------------------------------------------------------------------------------------- echo '# This file contains the auditctl rules that are loaded # whenever the audit daemon is started via the initscripts. # The rules are simply the parameters that would be passed # to auditctl. # First rule - delete all -D # Increase the buffers to survive stress events. # Make this bigger for busy systems -b 8192 # Feel free to add below this line. See auditctl man page -a always,exit -F arch=b32 -S adjtimex -S settimeofday -S stime -k timechange ...
Read more