Restrict send/receive to local domain

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
hoomanv
Posts: 13
Joined: Sat Sep 13, 2014 3:26 am
ZCS/ZD Version: 8.7.10

Restrict send/receive to local domain

Post by hoomanv »

Hi,

I have followed the article at https://wiki.zimbra.com/wiki/Restrict_u ... ain_domain and successfully implemented it.
So when user@domain.local attempts to send to other@domain.ext, it will be rejected.
On Zimbra web client the error is:


msg: Invalid address: other@domain.ext. com.zimbra.cs.mailbox.MailSender$SafeSendFailedException: MESSAGE_NOT_DELIVERED; chained exception is: com.zimbra.cs.mailclient.smtp.InvalidRecipientException: RCPT failed: Invalid recipient other@domain.ext: 554 5.7.1 <user@domain.local>: Sender address rejected: Access denied
code: mail.SEND_ABORTED_ADDRESS_FAILURE

This restriction holds up only when using the Zimbra web client. When using an imap/smtp client, user@domain.local will be able to send mail to other@domain.ext using the same MTA server. What is the problem?
Top
hoomanv
Posts: 13
Joined: Sat Sep 13, 2014 3:26 am
ZCS/ZD Version: 8.7.10

Re: Restrict send/receive to local domain

Post by hoomanv »

It seems that MTA behaves differently on port 25 and 587.

On port 25, MTA rejects the recipient address

Code: Select all

220 mail.domain.local ESMTP Postfix
ehlo zimbra
250-mail.domain.local
250-PIPELINING
250-SIZE 10485760
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: user@domain.local
250 2.1.0 Ok
rcpt to: other@domain.ext
554 5.7.1 <other@domain.ext>: Relay access denied
But on port 587 it does not

Code: Select all

250 DSN
ehlo zimbra
250-mail.domain.local
250-PIPELINING
250-SIZE 10485760
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth login
334 VXNlcm5hbWU6
xxxxxxxxxxxxxxxxxxxx
334 UGFzc3dvcmQ6
xxxxxxxxxxxxxxxxxxxx
235 2.7.0 Authentication successful
mail from: user@domain.local
250 2.1.0 Ok
rcpt to: other@domain.ext
250 2.1.5 Ok
Top
hoomanv
Posts: 13
Joined: Sat Sep 13, 2014 3:26 am
ZCS/ZD Version: 8.7.10

Re: Restrict send/receive to local domain

Post by hoomanv »

Any thoughts ???
Top
User avatar
jorgedlcruz
Zimbra Alumni
Zimbra Alumni
Posts: 2782
Joined: Thu May 22, 2014 4:47 pm

Re: Restrict send/receive to local domain

Post by jorgedlcruz »

Hello,
I think that maybe using cbpolicyd you can achieve this, try the next: Best regards
Jorge de la Cruz https://jorgedelacruz.es
Systems Engineer at Veeam Software https://www.veeam.com/
Top
hoomanv
Posts: 13
Joined: Sat Sep 13, 2014 3:26 am
ZCS/ZD Version: 8.7.10

Re: Restrict send/receive to local domain

Post by hoomanv »

This article solved the issue: https://wiki.zimbra.com/wiki/Restrict_s ... in_domains

The key difference between the two articles seems to be around the way check_sender_access is called
One calls it via /opt/zimbra/conf/zmconfigd.cf indirectly
The other calls it via /opt/zimbra/conf/zmconfigd/smtpd_recipient_restrictions.cf directly
Top
Post Reply

Return to “Administrators”