Results 1 to 7 of 7

Thread: Restriction - "Mail from" & "Rcpt to"

  1. #1
    wcbenyip is offline Senior Member
    Join Date
    Jun 2007
    Location
    Hong Kong
    Posts
    62
    Rep Power
    8

    Default Restriction - "Mail from" & "Rcpt to"

    I have tried the procedures of "Restrict Postfix Recipients" & "Restrict sending to certain domains" from ZimbraWiki to make change in /opt/zimbra/postfix/conf/main.cf ....... however, they could not fit for our requirement...

    Requirement
    1/ ONLY allow the specified senders could initial an email for sending to wherever (i.e. "Mail From")
    2/ Restrict the allowed senders to send mails to allowed recipients ONLY (i.e. "Rcpt To")
    3/ Among the specified senders, only special accounts could send to *anyone* within the allowed recipients

    I would like to address above point 1 & 2, it's OK if point 3 could not be solved anyway~

    ---------------------------------------------------------------------------------------------------------------------------------------------------------
    Referring to the setting of "Restrict Postfix Recipients", it could only control who could sending mails to the specified recipients.... but even the not allowed senders (defined in "permitted_senders") could send mails to unspecified recipients (not defined in "protected_recipients")... it's focusing on the recipients.

    I have successfully restricted who can send mails using the zimbra mail server by adding this line:
    smtpd_sender_restrictions = hash:/opt/zimbra/postfix/conf/permitted_senders, reject
    Remark: Both of the two lines for setting of "permitted_senders_list" & "smtpd_restriction_classes" is disabled without any side effect.

    However, I just cannot control the "rcpt to" behavior...... even I have changed the setting for "smtpd_recipient_restrictions", the line just returned to the original one after restart zimbra !!

    Original line in main.cf
    smtpd_recipient_restrictions = hash:/opt/zimbra/postfix/conf/protected_recipients, reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unlisted_recipient, reject_invalid_hostname, reject_non_fqdn_sender, reject_unauth_destination, permit

    Modified line in main.cf
    smtpd_recipient_restrictions = hash:/opt/zimbra/postfix/conf/protected_recipients, reject

    * I though the reason which could not restrict the "Rcpt To" is because, the default of the original line is set to permit instead of reject.....

    Does anyone know how to do that? And please guide me to the right track, thanks!
    ---------------------------------------------------------------------------------------------------------------------------------------------------------
    p.s. Indeed, we just want to allow some office users with @domainB.com a/c to send mails to retail shop staff with @shop.domainB.com a/c, and only allow them to reply to the office users (no inter-mails between @shop.domainB.com is allowed). As this case is somehow complicated, so we may give up the point 3....

  2. #2
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    How about:
    permitted_senders_list = check_sender_access hash:/opt/zimbra/postfix/conf/permitted_senders, reject
    smtpd_restriction_classes = permitted_senders_list
    Seems your varying a little from these directions:
    RestrictPostfixRecipients - ZimbraWiki
    Last edited by mmorse; 07-03-2007 at 06:44 AM.

  3. #3
    wcbenyip is offline Senior Member
    Join Date
    Jun 2007
    Location
    Hong Kong
    Posts
    62
    Rep Power
    8

    Question

    That's the point~ I have followed your mentioned settings, but it doesn't work or I should say it's not met our requirement. The two lines just taking effect only if you are sending mails to the "protected_recipients", then it will restrict only the "permitted_senders" would be allowed. However, it neither restricts the address on "mail from" nor "rcpt to".... this solution just keep an eye on the protected recipients, but we are concerning 1/ who can send mails using zimbra server & 2/ whom could be the recipients from those specified senders (either from zimbra server or from external domains)

    By setting the line of "smtpd_sender_restrictions = hash:/opt/zimbra/postfix/conf/permitted_senders, reject", I can restrict who can sending mails now; the rest issue is, how can I control / restrict only the permitted addresses on the "rcpt to" ??

    Amendment: Both of the two lines listed below are needed to make it works, otherwise there is a "server configuration" error when sending internal mails within the zimbra server~

    permitted_senders_list = check_sender_access hash:/opt/zimbra/postfix/conf/permitted_senders, reject
    smtpd_restriction_classes = permitted_senders_list

  4. #4
    mmoonshi is offline Junior Member
    Join Date
    Jan 2006
    Location
    Singapore
    Posts
    9
    Rep Power
    9

    Question Protect Distribution List

    Hi,

    Have you found a solution to this? I am trying to implement the same solution and have not found a workable solution yet.

    I have 20+ distribution-list which all the employees can send emails to. However, I also have one distribution list "staff@Company-A.com" that only the management staff can send emails to. How do I protect this list?

    Regards,
    MX

  5. #5
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,569
    Rep Power
    57

    Default

    Quote Originally Posted by mmoonshi View Post
    Hi,

    Have you found a solution to this? I am trying to implement the same solution and have not found a workable solution yet.
    This is rather an old thread to attach your message to. Have you actually tried any of the solutions in this thread? They do actually work.

    RestrictPostfixRecipients - Zimbra :: Wiki
    Restrict users to certain domain - Zimbra :: Wiki
    Restrict sending to certain domains - Zimbra :: Wiki

    It's difficult to answer your question as you give no examples of what you've trie and what the results were.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  6. #6
    mmoonshi is offline Junior Member
    Join Date
    Jan 2006
    Location
    Singapore
    Posts
    9
    Rep Power
    9

    Default

    Quote Originally Posted by phoenix View Post
    This is rather an old thread to attach your message to. Have you actually tried any of the solutions in this thread? They do actually work.

    RestrictPostfixRecipients - Zimbra :: Wiki
    Restrict users to certain domain - Zimbra :: Wiki
    Restrict sending to certain domains - Zimbra :: Wiki

    It's difficult to answer your question as you give no examples of what you've trie and what the results were.
    Hi Bill,

    Basically what I want to do is as follow;

    I have 400+ users in Zimbra NE 5.0.7 with 20+ distribution-lists. Lately, spammers have been spamming the distribution-lists so what I did was to refer to the Wiki at RestrictPostfixRecipients - Zimbra and implement the recommendations and it meets 95% of my requirement.

    What I need to do now is to protect the staff@Domain.com distribution-list so that only a few authorised senders can send email to this list. Here's what I've done;

    1) As user "zimbra" create "/opt/zimbra/postfix/conf/permitted_senders" with the following content;

    localhost OK
    domain.com OK
    mail.domain.com OK
    #
    # Username start with Alphabets A
    abc123@Domain.com OK
    admin@Domain.com OK
    #
    # Username start with Alphabets B
    bcd234@Domain.com OK
    bee123@Dmain.com OK

    2) I then created the "/opt/zimbra/postfix/conf/protected_recipients" file with the following content;

    abc-list@Domain.com permitted_senders_list
    def-list@Domain.com permitted_senders_list

    However, by adding all the staff email id into the "permitted_senders" file, they are able to send emails to the distribution-lists and I am not able to control who can send email to the "staff@Domain.com" distribution-list.

    Any ideas what I could do?

  7. #7
    DFWJim is offline Junior Member
    Join Date
    Feb 2008
    Posts
    5
    Rep Power
    7

    Default

    Actually Phoenix, it does NOT work, at least with ZCS 6.x.

    Following directions to the letter, each time you test this, you get an OK response from the telnet client session. After reading the Postfix page on how to do this, a number of omissions from the article RestrictPostfixRecipients were made clear. I repeated the directions to the letter from the beginning 3 times. Each with failure.

    I did solve this as noted below and have edited the Wiki page RestrictPostfixRecipients with the requirements. It's a small, but important edit in /opt/zimbra/postfix/conf/main.cf. Note, I did not attempt this with 5.x or the 4.x client (the article was written for 4.x originally). This was attempted with 6.0.6 OpenSource Edition and the instructions in the article did not work.

    1) What was key to making this work was an addition of an item in, & the order in which items have to be added to the smtpd_recipient_restrictions line. The addition of "check_recipient_access hash:...." must be the first item in the line. If it is simply "added" at the end of the line it will not work. The Zimbra Wiki article (RestrictPostfixRecipients) indicates to simply add it. I presume this is because the last item in the original line ends with "permit", which permits anything else, thus check_recipient_access is never checked.
    a) The reference that was key to this was found at postfix.org-RESTRICTION_CLASS_README where, in their example, the smtpd_recipient_restrictions edit showed adding an item that was not in the wiki page (check_recipient_access hash:...) in the smtpd_recipient_restrictions directive in main.cf. The example from Postfix shows this first in the directive's line.

    Restricting who can send to an internal distribution-list, etc, from an internal sender or from the internet both:
    The key part of main.cf (requirement bolded):
    smtpd_recipient_restrictions = check_recipient_access hash:/opt/zimbra/postfix/conf/protected_recipients, reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unlisted_recipient, reject_invalid_hostname, reject_non_fqdn_sender, permit



    2) There was a note by someone as to whether or not /opt/zimbra/conf/postfix_recipient_restrictions.cf was required. I did testing and determined the edit is not necessary. This was confirmed by commenting out the line they requested being added to this file.


    Thanks,
    Jim Roland, RHCE
    Last edited by DFWJim; 05-14-2010 at 12:20 PM. Reason: Ammend comments

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •