Results 1 to 9 of 9

Thread: GUIDE: Postifx: HOW TO: Multiple access lists for protected Distribution-lists

Threaded View

  1. #1
    gtdaqua Guest

    Default GUIDE: Postifx: HOW TO: Multiple access lists for protected Distribution-lists

    I have just implemented Zimbra 5 in my company. Its great. One problem I encountered was there are multiple distribution lists with different groups having access to it.

    For e.g. Sales users alone should send email to Sales distribution list. Others cant. Likewise, Accounts users can send to Accounts distribution list.

    I found this wiki
    on Zimbra Wiki page.

    - but this talks about several distribution lists but with SINGLE set of users having access to it. I researched the net and have found easy ways for GRANULAR control:

    Here is how you do it. Lets take Sales and Accounts for with respective rights. Execute the commands as 'zimbra' user. Use sudo where necessary.

    *******
    Create a file called sales-senders: "/opt/zimbra/postfix/conf/sales-senders"
    This file has sales group who can send to sales@domain.com. The content shoud be like this (add emails as necessary):
    Code:
    user1@domain.com		OK
    user2@domain.com		OK
    Create a 2nd file: "/opt/zimbra/postfix/conf/accounts-senders"
    This file has accounts group which can send to accounts@domain.com. The content shoud be like this (add emails as necessary):
    Code:
    user3@domain.com		OK
    user4@domain.com		OK
    Create the access-list file: "/opt/zimbra/postfix/conf/protected_recipients"
    This is the access-list file defining who can send to particular lists. Add the following content: (add as necessary)

    Code:
    accounts@domain.com		accounts-senders-list
    sales@domain.com		  sales-senders-list
    Create a script file to update and execute the access-list: "/opt/zimbra/postfix/conf/update-sec-list"
    Code:
    #!/bin/bash
    
    echo "rebuild authorised sales-list senders..."
    postmap /opt/zimbra/postfix/conf/sales-senders
    
    echo "rebuild authorised accounts-list senders..."
    postmap /opt/zimbra/postfix/conf/accounts-senders
    
    echo "REBUILD protected_recipeints..."
    postmap /opt/zimbra/postfix/conf/protected_recipients
    Now, update the main configuration file: "/opt/zimbra/postfix/conf/main.cf"
    Here you are actually restricting access by groups you defined.
    And add the following code in the last section.

    Code:
    sales-senders-list = check_sender_access hash:/opt/zimbra/postfix/conf/sales-senders, reject
    accounts-senders-list = check_sender_access hash:/opt/zimbra/postfix/conf/accounts-senders, reject
    
    smtpd_restriction_classes = sales-senders-list, accounts-list
    Now, edit this file: "/opt/zimbra/conf/postfix_recipient_restrictions.cf"
    Add the following line the FIRST LINE of the file above all else
    Code:
    hash:/opt/zimbra/postfix/conf/protected_recipients
    Now reload postfix from the command line.

    Code:
    postfix reload
    That's it! You are done. Now sales cant send to accounts and vice versa. You can create as many access-lists you want.

    Thanks to Zimbra and the Postfix group for making such features possible.
    Last edited by gtdaqua; 02-07-2008 at 01:09 AM. Reason: typo.

Similar Threads

  1. Nested distribution lists
    By Britt in forum Administrators
    Replies: 6
    Last Post: 05-10-2013, 05:01 AM
  2. Replies: 4
    Last Post: 01-29-2008, 08:43 PM
  3. More about distribution lists
    By peng1can in forum Administrators
    Replies: 3
    Last Post: 12-17-2007, 07:33 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •