Hi,
I have followed the article at https://wiki.zimbra.com/wiki/Restrict_u ... ain_domain and successfully implemented it.
So when user@domain.local attempts to send to other@domain.ext, it will be rejected.
On Zimbra web client the error is:
msg: Invalid address: other@domain.ext. com.zimbra.cs.mailbox.MailSender$SafeSendFailedException: MESSAGE_NOT_DELIVERED; chained exception is: com.zimbra.cs.mailclient.smtp.InvalidRecipientException: RCPT failed: Invalid recipient other@domain.ext: 554 5.7.1 <user@domain.local>: Sender address rejected: Access denied
code: mail.SEND_ABORTED_ADDRESS_FAILURE
This restriction holds up only when using the Zimbra web client. When using an imap/smtp client, user@domain.local will be able to send mail to other@domain.ext using the same MTA server. What is the problem?
Restrict send/receive to local domain
Re: Restrict send/receive to local domain
It seems that MTA behaves differently on port 25 and 587.
On port 25, MTA rejects the recipient address
But on port 587 it does not
On port 25, MTA rejects the recipient address
Code: Select all
220 mail.domain.local ESMTP Postfix
ehlo zimbra
250-mail.domain.local
250-PIPELINING
250-SIZE 10485760
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: user@domain.local
250 2.1.0 Ok
rcpt to: other@domain.ext
554 5.7.1 <other@domain.ext>: Relay access denied
Code: Select all
250 DSN
ehlo zimbra
250-mail.domain.local
250-PIPELINING
250-SIZE 10485760
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth login
334 VXNlcm5hbWU6
xxxxxxxxxxxxxxxxxxxx
334 UGFzc3dvcmQ6
xxxxxxxxxxxxxxxxxxxx
235 2.7.0 Authentication successful
mail from: user@domain.local
250 2.1.0 Ok
rcpt to: other@domain.ext
250 2.1.5 Ok
Re: Restrict send/receive to local domain
Any thoughts ???
- jorgedlcruz
- Zimbra Alumni
- Posts: 2782
- Joined: Thu May 22, 2014 4:47 pm
Re: Restrict send/receive to local domain
Hello,
I think that maybe using cbpolicyd you can achieve this, try the next: Best regards
I think that maybe using cbpolicyd you can achieve this, try the next: Best regards
Re: Restrict send/receive to local domain
This article solved the issue: https://wiki.zimbra.com/wiki/Restrict_s ... in_domains
The key difference between the two articles seems to be around the way check_sender_access is called
One calls it via /opt/zimbra/conf/zmconfigd.cf indirectly
The other calls it via /opt/zimbra/conf/zmconfigd/smtpd_recipient_restrictions.cf directly
The key difference between the two articles seems to be around the way check_sender_access is called
One calls it via /opt/zimbra/conf/zmconfigd.cf indirectly
The other calls it via /opt/zimbra/conf/zmconfigd/smtpd_recipient_restrictions.cf directly