Zimbra 8.8: Block all sent mail except whitelist.

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
brucealeg
Advanced member
Advanced member
Posts: 51
Joined: Fri Sep 12, 2014 10:29 pm

Zimbra 8.8: Block all sent mail except whitelist.

Post by brucealeg »

Hi,
I'm currently moving from Zimbra 5.0.2 to Zimbra 8.8 and am quickly working through the great changes that have come over the years. I need some help with blocking sent mail except for those address's I've white listed.

What I am trying to achieve. We use Zimbra for HR inquires and not for person to person communication. The Zimbra server is on a private domain with no access to the internet, just our internal mail servers. I block mail from being sent to ANY address except a list of 20 approved HR addresses.

On 5.0.2 this was done through postfix using prmitted_senders and protected_recipients along with the correlating settings changes to main.cf etc.

I've read several 8.x + articles on doing like things with 8.x. I have not been able to find a winning solution for my problem. I was hoping someone here could help get me in the right direction.

So far this article is the closest I've come, but it didn't get me there.

------------------------------------------------------------------------

Zimbra 8 Restriction for Postfix Senders/Recipient step by step
07 Apr

We can change the below line on zmconfigd.cf for postfix restrictions

[zimbra@mail conf]$ vi /opt/zimbra/conf/zmconfigd.cf

POSTCONF smtpd_recipient_restrictions FILE zmconfigd/smtpd_recipient_restrictions.cf
change to POSTCONF smtpd_recipient_restrictions FILE zmconfigd/postfix_recipient_restrictions.cf

zmlocalconfig -e postfix_smtpd_reject_unlisted_recipient=yes

Copy a smtpd_recipient_restrictions.cf to postfix_recipient_restrictions.cf

[zimbra@mail conf]$ cp smtpd_recipient_restrictions.cf postfix_recipient_restrictions.cf

Edit the postfix_recipient_restrictions.cf file and add the below line

[zimbra@mail conf]$ vi postfix_recipient_restrictions.cf

%%contains VAR:zimbraServiceEnabled cbpolicyd, check_policy_service inet:localhost:@@cbpolicyd_bind_port@@%%
check_recipient_access lmdb:/opt/zimbra/postfix/conf/protected_recipients

Restart the zimbra configuration file..

[zimbra@mail conf]$ zmconfigdctl restart

Create the protected_recipients file and add the user sender list

[zimbra@mail conf]$ vi protected_recipients

block_id@example.com permitted_sender_list
block_id1@example.com permitted_sender_list1

Create the permitted_sender file and add the permitted sender user accounts list

[zimbra@mail conf]$ vi permitted_senders

allow_id@example.com ok
allow_id1@example.com ok
allow_id2@example.com ok
allow_id3@example.com ok

Create a update_protected_recipients file for execute the permitted sender list and protected recipient list

[zimbra@mail conf]$ vi update_protected_recipients

#!/bin/bash

echo “rebuild_permitted_recipients..”
postmap /opt/zimbra/postfix/conf/protected_recipients

echo “rebuild permitted_senders..”
postmap /opt/zimbra/postfix/conf/permitted_senders

echo “rebuild permitted_senders..”
postmap /opt/zimbra/postfix/conf/permitted_senders1

[zimbra@mail conf]$ chmod 755 update_protected_recipients
[zimbra@mail conf]$ /opt/zimbra/postfix/conf/update_protected_recipients

Edit the main.cf and add the following line in bottom..

[zimbra@mail conf]$ vi main.cf
permitted_senders_list = check_recipient_access hash:/opt/zimbra/postfix/conf/permitted_senders, reject
permitted_senders_list1= check_recipient_access hash:/opt/zimbra/postfix/conf/permitted_senders1, reject

smtpd_restriction_classes = permitted_senders_list , permitted_senders_list1

[zimbra@mail conf]$ postfix reload

----------------------------------------------------------------------------------------------------

I tried the above and I can still send mail to anyone.

Any guidance is much appreciated.

Bruce
User avatar
zimico
Outstanding Member
Outstanding Member
Posts: 225
Joined: Mon Nov 14, 2016 8:03 am
Location: Vietnam
ZCS/ZD Version: 8.8.15 P3
Contact:

Re: Zimbra 8.8: Block all sent mail except whitelist.

Post by zimico »

Hi. Could you try cbpolicyd with access control feature?
Regards.
brucealeg
Advanced member
Advanced member
Posts: 51
Joined: Fri Sep 12, 2014 10:29 pm

Re: Zimbra 8.8: Block all sent mail except whitelist.

Post by brucealeg »

How would you set that up?
User avatar
zimico
Outstanding Member
Outstanding Member
Posts: 225
Joined: Mon Nov 14, 2016 8:03 am
Location: Vietnam
ZCS/ZD Version: 8.8.15 P3
Contact:

Re: Zimbra 8.8: Block all sent mail except whitelist.

Post by zimico »

Hi,

You can refer to this as an example: https://www.sysadminsdecuba.com/2017/12 ... cbpolicyd/

Regards,
Minh.
Post Reply