Setting Restrictions on Sending and Receiving

[csyperski]

I work for a High School District which is considering using Zimbra for 4000 student email accounts, but I am having a problem setting some postfix configs. I have to setup zimbra to restict students so they can send and recieve from the domain in which they belong plus a few white listed domains. I am attempting to modify the
smtpd_recipient_restrictions
to include "check_sender_access hash:/opt/zimbra/postfix/conf/restricted_senders"
but it seems that everything I restart zimbra this setting is reset to
"smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_sender, reject_unauth_destination, permit"

Am I not going to be able to modify this in postfix? Is there a easier way to block sending and recieving to all domains with the exception of a few whitelisted sites. Thanks in advance for any help that you can offer.

[marcmac]

This is one of the postfix config items we manage, so it's rewritten on startup. You'll want to edit the file /opt/zimbra/conf/postfix_recipient_restrictions.cf, which is a template for this config value. I'd add your value directly after permit_mynetworks. Then restart postfix.

The file is one value per line, with some substitution syntax that you don't need to worry about.

WARNING - this will get wiped out on upgrade (the .cf will be overwritten) so keep a copy somewhere.

[csyperski]

Anyone looking to do the same thing, this is what we did


reject_non_fqdn_recipient
permit_sasl_authenticated
hash:/opt/zimbra/postfix/conf/accessFile // add this to /opt/zimbra/conf/postfix_recipient_restrictions.cf
permit_mynetworks
%%contains VAR:zimbraMtaRestriction reject_invalid_hostname%%
%%contains VAR:zimbraMtaRestriction reject_non_fqdn_hostname%%
%%contains VAR:zimbraMtaRestriction reject_non_fqdn_sender%%
%%contains VAR:zimbraMtaRestriction reject_unknown_client%%
%%contains VAR:zimbraMtaRestriction reject_unknown_hostname%%
%%contains VAR:zimbraMtaRestriction reject_unknown_sender_domain%%
%%contains VAR:zimbraMtaRestriction reject_rbl_client dnsbl.njabl.org%%
%%contains VAR:zimbraMtaRestriction reject_rbl_client opm.blitzed.org%%
%%contains VAR:zimbraMtaRestriction reject_rbl_client relays.ordb.org%%
%%contains VAR:zimbraMtaRestriction reject_rbl_client cbl.abuseat.org%%
%%contains VAR:zimbraMtaRestriction reject_rbl_client bl.spamcop.net%%
%%contains VAR:zimbraMtaRestriction reject_rbl_client dnsbl.sorbs.net%%
%%contains VAR:zimbraMtaRestriction reject_rbl_client sbl.spamhaus.org%%
%%contains VAR:zimbraMtaRestriction reject_rbl_client relays.mail-abuse.org%%
reject_unauth_destination
permit




in /opt/zimbra/postfix/conf/main.cf modify to include:
smtpd_client_restrictions = hash:/opt/zimbra/postfix/conf/accessFile, reject_unauth_pipelining
smptd_sender_restrictions = hash:/opt/zimbra/postfix/conf/accessFile

then create
/opt/zimbra/postfix/conf/accessFile
net reject
com reject
org reject
hotmail.com OK // This will reject all email from any .com, .org, or .net domain but allow hotmail.com

remember to compile the /opt/zimbra/postfix/conf/accessFile with postmap.

[nino_ricky]

Hi,

I work with users that only needs to send mails to a specific domain. Example:

user1 only needs to send to domain1.com
user2 needs to send to domain1.com and domain2.com

With this a can control spams and a lot of problems with external mails. Please somebody can help me with this.

Thanks.