Zimbra Tips : Restricted User to Sending Email for Certain Domain Only

zimbra logoSeems to be a funny thing to protect user from sending email to certain domain but in some case it would be possible. As far as I know, there is various reason why this approach applied in a real situation. I’ve met with an IT guys here in Indonesia which applied the restriction because their employee most likely used mail activity for unrelated work  -D

The restriction will be working by separated and identified restricted user. as an example, vavai could sending an email for various domain while zezevavai could sending an email for local domain only. We could also add another domain for exception, e.g : allowed sending an email for local domain and some pre-defined domain (sister company, a group of company, etc).

How to applied the restriction ?

  1. Opening console (ALT+F2, konsole on KDE)
  2. Log on as Zimbra root user (su – zimbra)
  3. Edit  /opt/zimbra/conf/postfix_recipient_restrictions.cf and add following restriction :
    check_sender_access hash:/opt/zimbra/postfix/conf/restricted_senders
  4. Edit “/opt/zimbra/conf/zmmta.cf” and add following line :
    POSTCONF    smtpd_restriction_classes      local_only
    POSTCONF    local_only           FILE postfix_check_recipient_access.cf
  5. Create a new file “/opt/zimbra/conf/postfix_check_recipient_access.cf” and add  :
    check_recipient_access hash:/opt/zimbra/postfix/conf/local_domains, reject
  6. Create a new file “/opt/zimbra/postfix/conf/restricted_senders” and add restricted user with the pre-defined format :
    user@namadomain.com            local_only
  7. Create a new file “/opt/zimbra/postfix/conf/local_domains” and list all the domains where “restricted users” allowed to sent mails. Please follow this syntax :
    namadomain.com           OK
    anotherdomain.com      OK
  8. Run the update configuration command :
    postmap /opt/zimbra/postfix/conf/restricted_senders
    postmap /opt/zimbra/postfix/conf/local_domains
    zmmtactl stop
    zmmtactl start

After applying these setting, all of restricted user will have limited access for sending an email and they will allowed to sending an email for certain domain only as listed on file “/opt/zimbra/postfix/conf/local_domains”

Note :

  1. These setting will must be re-written after upgrading Zimbra
  2. To restore restricted user access so they could sending for various domain, please  : Remove any added configuration on zmmta.cf and make sure that the restriction setting will applied to blank account. Run this command : postconf -e smtpd_restriction_classes=” and zmmtactl reload to restore the setting.

Latest Comments

  1. paarack October 6, 2009

Leave a Reply