Zimbra Tips : Restricted User to Sending Email for Certain Domain Only

zimbra logoSeems to be a funny thing to protect user from sending email to certain domain but in some case it would be possible. As far as I know, there is various reason why this approach applied in a real situation. I’ve met with an IT guys here in Indonesia which applied the restriction because their employee most likely used mail activity for unrelated work  -D
The restriction will be working by separated and identified restricted user. as an example, vavai could sending an email for various domain while zezevavai could sending an email for local domain only. We could also add another domain for exception, e.g : allowed sending an email for local domain and some pre-defined domain (sister company, a group of company, etc).
How to applied the restriction ?

  1. Opening console (ALT+F2, konsole on KDE)
  2. Log on as Zimbra root user (su – zimbra)
  3. Edit  /opt/zimbra/conf/postfix_recipient_restrictions.cf and add following restriction :
    [code language=’cpp’]check_sender_access hash:/opt/zimbra/postfix/conf/restricted_senders[/code]
  4. Edit “/opt/zimbra/conf/zmmta.cf” and add following line :
    [code language=’cpp’]POSTCONF smtpd_restriction_classes local_only
    POSTCONF local_only FILE postfix_check_recipient_access.cf[/code]
  5. Create a new file “/opt/zimbra/conf/postfix_check_recipient_access.cf” and add  :
    [code language=’cpp’]check_recipient_access hash:/opt/zimbra/postfix/conf/local_domains, reject[/code]
  6. Create a new file “/opt/zimbra/postfix/conf/restricted_senders” and add restricted user with the pre-defined format :
    [code language=’cpp’]user@namadomain.com local_only[/code]
  7. Create a new file “/opt/zimbra/postfix/conf/local_domains” and list all the domains where “restricted users” allowed to sent mails. Please follow this syntax :
    [code language=’cpp’]namadomain.com OK
    anotherdomain.com OK[/code]
  8. Run the update configuration command :
    [code language=’cpp’]postmap /opt/zimbra/postfix/conf/restricted_senders
    postmap /opt/zimbra/postfix/conf/local_domains
    zmmtactl stop
    zmmtactl start[/code]

After applying these setting, all of restricted user will have limited access for sending an email and they will allowed to sending an email for certain domain only as listed on file “/opt/zimbra/postfix/conf/local_domains”
Note :

  1. These setting will must be re-written after upgrading Zimbra
  2. To restore restricted user access so they could sending for various domain, please  : Remove any added configuration on zmmta.cf and make sure that the restriction setting will applied to blank account. Run this command : postconf -e smtpd_restriction_classes=” and zmmtactl reload to restore the setting.

One thought on “Zimbra Tips : Restricted User to Sending Email for Certain Domain Only

  1. Hi i followed your instruction, but i got this error.
    NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 451 4.3.5 Server configuration error;

Leave a Reply

Your email address will not be published. Required fields are marked *