Hello,
1. Please use this guidance for enforce SASL : https://wiki.zimbra.com/wiki/Enforcing_ ... ername_8.5
2. Please make sure MTA trusted only listed localhost IP and your Zimbra IP. For example : 127.0.0.0/8 192.168.10.11/32
3. Please try this improvement to prevent another domain sending email from your server : https://imanudin.net/2014/09/11/improvi ... imbra-8-5/
BR,
https://imanudin.net
Enforcing a match between FROM address and sasl username
-
imanudin11
- Outstanding Member
- Posts: 304
- Joined: Sat Sep 13, 2014 2:23 am
- ZCS/ZD Version: Release 8.8.15.GA.3829.UBUNTU16.64
- Contact:
Re: Enforcing a match between FROM address and sasl username
To require that the from address of an email match the sender's username:
Edit the zmmta.cf file, by running this command:
vim /opt/zimbra/conf/zmmta.cf
Find this line:
POSTCONF smtpd_sender_restrictions LOCAL postfix_smtpd_sender_restrictions
Below that line add :
Note: Do not forget to include the tab at the beginning of each line:
POSTCONF smtpd_sender_login_maps FILE postfix_sender_login_maps.cf
In ZCS 8
vim /opt/zimbra/conf/zmconfigd.cf
Find this line:
POSTCONF smtpd_sender_restrictions FILE zmconfigd/smtpd_sender_restrictions.cf
Below that line add :
Note: Do not forget to include the tab at the beginning of each line:
POSTCONF smtpd_sender_login_maps FILE postfix_sender_login_maps.cf
Set sender_restriction : (For ZCS 7 and below)
zmlocalconfig -e postfix_smtpd_sender_restrictions=reject_authenticated_sender_login_mismatch
Set sender_restriction : (For ZCS 8 and above)
Edit - /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf
At the very top add - reject_authenticated_sender_login_mismatch
Create file - postfix_sender_login_maps.cf
vim /opt/zimbra/conf/postfix_sender_login_maps.cf
Add :
hash:/opt/zimbra/conf/exceptions-db ldap:/opt/zimbra/conf/ldap-restricrelay.cf
An exceptions file, allows you to declare a different email sender address that a user can have, as a way of bypassing the restriction. Create the exceptions file, by running this command:
vim /opt/zimbra/conf/exceptions-db
(Optional) Add text to the file, one line per address, where the first word is the email sender address and the second word is the username.
Example: johndoe@otherdomain.com admin
Note: You can leave the file empty.
Edit the zmmta.cf file, by running this command:
vim /opt/zimbra/conf/zmmta.cf
Find this line:
POSTCONF smtpd_sender_restrictions LOCAL postfix_smtpd_sender_restrictions
Below that line add :
Note: Do not forget to include the tab at the beginning of each line:
POSTCONF smtpd_sender_login_maps FILE postfix_sender_login_maps.cf
In ZCS 8
vim /opt/zimbra/conf/zmconfigd.cf
Find this line:
POSTCONF smtpd_sender_restrictions FILE zmconfigd/smtpd_sender_restrictions.cf
Below that line add :
Note: Do not forget to include the tab at the beginning of each line:
POSTCONF smtpd_sender_login_maps FILE postfix_sender_login_maps.cf
Set sender_restriction : (For ZCS 7 and below)
zmlocalconfig -e postfix_smtpd_sender_restrictions=reject_authenticated_sender_login_mismatch
Set sender_restriction : (For ZCS 8 and above)
Edit - /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf
At the very top add - reject_authenticated_sender_login_mismatch
Create file - postfix_sender_login_maps.cf
vim /opt/zimbra/conf/postfix_sender_login_maps.cf
Add :
hash:/opt/zimbra/conf/exceptions-db ldap:/opt/zimbra/conf/ldap-restricrelay.cf
An exceptions file, allows you to declare a different email sender address that a user can have, as a way of bypassing the restriction. Create the exceptions file, by running this command:
vim /opt/zimbra/conf/exceptions-db
(Optional) Add text to the file, one line per address, where the first word is the email sender address and the second word is the username.
Example: johndoe@otherdomain.com admin
Note: You can leave the file empty.