rejecting messages by recepient address

[bsb]

I'm looking for a (preferably) clean way within ZCS to deny delivery of mail to certain addresses within the domains I administer.

For example, in my personal domain, I use my "main" address as a wildcard for the domain and give individual sites that want an email address something specific to the site. That way, if one of them "loses" my address to a spammer, I can just "shut off" the address.

In my pre-Zimbra sendmail days, I did this using the "access" hash table. However, when I try to enable that in procmail on my ZCS server, it does not seem to have any effect.

Any ideas would be greatly appreciated! (I'm getting sick of getting buried in email to addresses I shut off years ago...)

[anand]

Just set zimbraMailStatus attribute on the account to "disabled".

I tested by creating an account like this:

Code:

zmprov ca nomailaddr@domain password zimbraMailStatus disabled

Make sure that password for the account is obscure enough.

RCPT TO: will be rejected with a 550.

[dillera]

hi:

What command did you use for the wildcard? I want to do the same thing, which with sendmail and virtusertable I used to point all email traffic that wasn't for a specific address to a catch all addressL

@mydomain.com admin@mydomain.com

I'm wondering how to do that in zimbra.

[anand]

Adding the wildcard address would negate the undesirable address having mail status disabled. argh. This time let me give you an example I tested. Let me rephrase your problem:

example.com - is your domain

me@example.com - is your account

friend@example.com - your friend's account in your domain

bad@example.com - address that you want rejected

me-store1@example.com - not an account, but by "catch all" means mail is redirected to me@example.com

Here are the provisioning steps in Zimbra:

Code:

zmprov cd example.com
zmprov ca me@example.com test123 zimbraMailCatchAllAddress @example.com
zmprov ca friend@example.com test123

Setting zimbraMailCatchAllAddress on the account causes that account to receive mail for any address on that domain that is not otherwise an account or distribution list or alias. I have to insert my 2c on catch all addresses here - they are usually a very bad and spammers start sending you email to your message-id strings - which look like email addresses (I speak from personal experience) - but hey, to each his own.

Also "test123" in the example above is a password, so please substitute.

Now for the part about rejecting mail to bad@example.com. Here is what you need to do (we are thinking of better ways to do this, but for now...):

- Edit /opt/zimbra/conf/postfix_recipient_restrictions.cf

- Add this line to it:

Code:

check_recipient_access hash:/opt/zimbra/conf/rejected_addresses

- Note that this access check line should definitely be very early - above permit_sasl_authenticated and permit_mynetworks - so even authenticated or local clients can not email this address.

- Edit the text file /opt/zimbra/conf/rejected_addresses and add the following line to it:

Code:

dance@example.com       REJECT I hate spammers

- Run this command to create the needed hash db file:

Code:

postmap /opt/zimbra/conf/rejected_addresses

- postfix stop; postfix start

You should be all set. Test it.

[bsb]

Thank you for your help, the (final) suggestion worked perfectly.

I agree that the catch all is probably a bad idea--it's a relic of my initial domain setup, before I hosted it myself, where it was handled that way by default. That made me get lazy, and then I wound up with several dozen addresses that I'd never remember if I tried to make it go away. The catch all doesn't exist on the newer domains.