https://wiki.zimbra.com/wiki/Specific_W ... ist_per_IP
The use case is: You have reject_unknown_helo_hostname or reject_invalid_helo_hostname or reject_non_fqdn_helo_hostname enabled, but you need to white list some domains because your customer or someone your company does business with does not have a proper DNS entry for the server or the HELO server name on their server is set incorrectly or to a host name that is not Internet DNS resolvable.
This is listed at the top of /opt/zimbra/conf/zmconfigd/smtpd_recipient_restrictions.cf, so no need to change anything. Changing files in /opt/zimbra/conf/zmconfigd doesn't seem to be supported anyways, as those changes will be lost on upgrade.
Code: Select all
%%contains VAR:zimbraMtaRestriction check_client_access lmdb:/opt/zimbra/conf/postfix_blacklist%%
Code: Select all
$ nano /opt/zimbra/conf/postfix_blacklist
$ Add domains like so:
agooddomain.com OK
abadspammingdomain.com REJECT
yourclientsdomainthatisgettingblockedbecausetheirHELOisnotresolvable.com OK
Then postmap the file, add the restriction to zimbra with zmprov, and restart postfix
Code: Select all
$ /opt/zimbra/postfix/sbin/postmap /opt/zimbra/conf/postfix_blacklist
$ zmprov mcf +zimbraMtaRestriction 'check_client_access lmdb:/opt/zimbra/conf/postfix_blacklist'
$ zmmtactl stop && zmmtactl start
==
THE OLD METHOD LISTED IN THE WIKI DOES NOT WORK FOR 8.7
Also to note. I have found that this method does not work for whitelisting:
https://wiki.zimbra.com/wiki/Domain_lev ... g_of_users
Even if you put domain.com OK in /opt/zimbra/postfix/conf/postfix_reject_sender because /opt/zimbra/postfix/conf/postfix_reject_sender is not by default listed in /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf. Even when you add it manually, which is no longer supported in 8.6, it doesn't work anyway.