Results 1 to 9 of 9

Thread: GUIDE: Postifx: HOW TO: Multiple access lists for protected Distribution-lists

  1. #1
    gtdaqua Guest

    Default GUIDE: Postifx: HOW TO: Multiple access lists for protected Distribution-lists

    I have just implemented Zimbra 5 in my company. Its great. One problem I encountered was there are multiple distribution lists with different groups having access to it.

    For e.g. Sales users alone should send email to Sales distribution list. Others cant. Likewise, Accounts users can send to Accounts distribution list.

    I found this wiki
    on Zimbra Wiki page.

    - but this talks about several distribution lists but with SINGLE set of users having access to it. I researched the net and have found easy ways for GRANULAR control:

    Here is how you do it. Lets take Sales and Accounts for with respective rights. Execute the commands as 'zimbra' user. Use sudo where necessary.

    *******
    Create a file called sales-senders: "/opt/zimbra/postfix/conf/sales-senders"
    This file has sales group who can send to sales@domain.com. The content shoud be like this (add emails as necessary):
    Code:
    user1@domain.com		OK
    user2@domain.com		OK
    Create a 2nd file: "/opt/zimbra/postfix/conf/accounts-senders"
    This file has accounts group which can send to accounts@domain.com. The content shoud be like this (add emails as necessary):
    Code:
    user3@domain.com		OK
    user4@domain.com		OK
    Create the access-list file: "/opt/zimbra/postfix/conf/protected_recipients"
    This is the access-list file defining who can send to particular lists. Add the following content: (add as necessary)

    Code:
    accounts@domain.com		accounts-senders-list
    sales@domain.com		  sales-senders-list
    Create a script file to update and execute the access-list: "/opt/zimbra/postfix/conf/update-sec-list"
    Code:
    #!/bin/bash
    
    echo "rebuild authorised sales-list senders..."
    postmap /opt/zimbra/postfix/conf/sales-senders
    
    echo "rebuild authorised accounts-list senders..."
    postmap /opt/zimbra/postfix/conf/accounts-senders
    
    echo "REBUILD protected_recipeints..."
    postmap /opt/zimbra/postfix/conf/protected_recipients
    Now, update the main configuration file: "/opt/zimbra/postfix/conf/main.cf"
    Here you are actually restricting access by groups you defined.
    And add the following code in the last section.

    Code:
    sales-senders-list = check_sender_access hash:/opt/zimbra/postfix/conf/sales-senders, reject
    accounts-senders-list = check_sender_access hash:/opt/zimbra/postfix/conf/accounts-senders, reject
    
    smtpd_restriction_classes = sales-senders-list, accounts-list
    Now, edit this file: "/opt/zimbra/conf/postfix_recipient_restrictions.cf"
    Add the following line the FIRST LINE of the file above all else
    Code:
    hash:/opt/zimbra/postfix/conf/protected_recipients
    Now reload postfix from the command line.

    Code:
    postfix reload
    That's it! You are done. Now sales cant send to accounts and vice versa. You can create as many access-lists you want.

    Thanks to Zimbra and the Postfix group for making such features possible.
    Last edited by gtdaqua; 02-07-2008 at 01:09 AM. Reason: typo.

  2. #2
    echoadisan is offline Member
    Join Date
    Jan 2008
    Location
    jakarta indonesia
    Posts
    14
    Rep Power
    7

    Default

    better if zimbra has builtin this feature by default

  3. #3
    gtdaqua Guest

    Default

    hmm...yeah! it should appear in the WebUI. I think there is a vote going on in bugzilla or somewhere - hope it comes in the next major update. But for now, this guide shud be good enough.

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,568
    Rep Power
    57

    Default

    Quote Originally Posted by echoadisan View Post
    better if zimbra has builtin this feature by default
    Search bugzilla and vote for anything you find on this topic.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    PeterH is offline Senior Member
    Join Date
    Oct 2005
    Location
    Netherlands
    Posts
    55
    Rep Power
    9

    Default

    Still a very nice manual that suits it's purpose for many use-cases:
    propose to make it sticky or promote to the wiki
    cheers,
    Peter
    Using ZCS Network-edition 5.0.16 on Ubuntu 6.06.2 LTS and 8.04 LTS

  6. #6
    gtdaqua Guest

    Default

    promoting to the wiki would be awesome! reachability will be high.

    thanks!

  7. #7
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,568
    Rep Power
    57

    Default

    Quote Originally Posted by gtdaqua View Post
    promoting to the wiki would be awesome! reachability will be high.
    The wiki is a community resource i.e. you can edit the wiki yourself and put this artice in there if you create an account.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  8. #8
    echoadisan is offline Member
    Join Date
    Jan 2008
    Location
    jakarta indonesia
    Posts
    14
    Rep Power
    7

  9. #9
    kmanickam is offline Intermediate Member
    Join Date
    Jun 2009
    Posts
    17
    Rep Power
    6

    Default

    Hi

    I am new to Zimbra Postfix I tried your above steps after refers the mail systems SMTP not responding

    Some one help me out

    THanks
    Manickam

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Nested distribution lists
    By Britt in forum Administrators
    Replies: 6
    Last Post: 05-10-2013, 04:01 AM
  2. Replies: 4
    Last Post: 01-29-2008, 08:43 PM
  3. More about distribution lists
    By peng1can in forum Administrators
    Replies: 3
    Last Post: 12-17-2007, 07:33 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •