Seems to be a funny thing to protect user from sending email to certain domain but in some case it would be possible. As far as I know, there is various reason why this approach applied in a real situation. I’ve met with an IT guys here in Indonesia which applied the restriction because their employee most likely used mail activity for unrelated workÂ
The restriction will be working by separated and identified restricted user. as an example, vavai could sending an email for various domain while zezevavai could sending an email for local domain only. We could also add another domain for exception, e.g : allowed sending an email for local domain and some pre-defined domain (sister company, a group of company, etc).
How to applied the restriction ?
- Opening console (ALT+F2, konsole on KDE)
- Log on as Zimbra root user (su – zimbra)
- EditÂ /opt/zimbra/conf/postfix_recipient_restrictions.cf and add following restriction :
- Edit “/opt/zimbra/conf/zmmta.cf” and add following line :
POSTCONF smtpd_restriction_classes local_only POSTCONF local_only FILE postfix_check_recipient_access.cf
- Create a new file “/opt/zimbra/conf/postfix_check_recipient_access.cf” and addÂ :
check_recipient_access hash:/opt/zimbra/postfix/conf/local_domains, reject
- Create a new file “/opt/zimbra/postfix/conf/restricted_senders” and add restricted user with the pre-defined format :
- Create a new file “/opt/zimbra/postfix/conf/local_domains” and list all the domains where “restricted users” allowed to sent mails. Please follow this syntax :
namadomain.com OK anotherdomain.com OK
- Run the update configuration command :
postmap /opt/zimbra/postfix/conf/restricted_senders postmap /opt/zimbra/postfix/conf/local_domains zmmtactl stop zmmtactl start
After applying these setting, all of restricted user will have limited access for sending an email and they will allowed to sending an email for certain domain only as listed on file “/opt/zimbra/postfix/conf/local_domains”
- These setting will must be re-written after upgrading Zimbra
- To restore restricted user access so they could sending for various domain, pleaseÂ : Remove any added configuration on zmmta.cf and make sure that the restriction setting will applied to blank account. Run this command : postconf -e smtpd_restriction_classes=” and zmmtactl reload to restore the setting.