rejecting messages by recepient address
I'm looking for a (preferably) clean way within ZCS to deny delivery of mail to certain addresses within the domains I administer.
For example, in my personal domain, I use my "main" address as a wildcard for the domain and give individual sites that want an email address something specific to the site. That way, if one of them "loses" my address to a spammer, I can just "shut off" the address.
In my pre-Zimbra sendmail days, I did this using the "access" hash table. However, when I try to enable that in procmail on my ZCS server, it does not seem to have any effect.
Any ideas would be greatly appreciated! (I'm getting sick of getting buried in email to addresses I shut off years ago...)
scratch what I said earlier
Adding the wildcard address would negate the undesirable address having mail status disabled. argh. This time let me give you an example I tested. :) Let me rephrase your problem:
example.com - is your domain
firstname.lastname@example.org - is your account
email@example.com - your friend's account in your domain
firstname.lastname@example.org - address that you want rejected
email@example.com - not an account, but by "catch all" means mail is redirected to firstname.lastname@example.org
Here are the provisioning steps in Zimbra:
Setting zimbraMailCatchAllAddress on the account causes that account to receive mail for any address on that domain that is not otherwise an account or distribution list or alias. I have to insert my 2c on catch all addresses here - they are usually a very bad and spammers start sending you email to your message-id strings - which look like email addresses (I speak from personal experience) - but hey, to each his own.
zmprov cd example.com
zmprov ca email@example.com test123 zimbraMailCatchAllAddress @example.com
zmprov ca firstname.lastname@example.org test123
Also "test123" in the example above is a password, so please substitute.
Now for the part about rejecting mail to email@example.com. Here is what you need to do (we are thinking of better ways to do this, but for now...):
- Edit /opt/zimbra/conf/postfix_recipient_restrictions.cf
- Add this line to it:
- Note that this access check line should definitely be very early - above permit_sasl_authenticated and permit_mynetworks - so even authenticated or local clients can not email this address.
- Edit the text file /opt/zimbra/conf/rejected_addresses and add the following line to it:
- Run this command to create the needed hash db file:
firstname.lastname@example.org REJECT I hate spammers
- postfix stop; postfix start
You should be all set. Test it.