Results 1 to 5 of 5

Thread: Restrict send and receive mails (problem in restrict receive internet mail)

Hybrid View

  1. #1
    Join Date
    Apr 2012
    Posts
    5
    Rep Power
    3

    Default Restrict send and receive mails (problem in restrict receive internet mail)

    Hi all,
    In my organization have to groups: restricted_rcpts and restricted_senders for send/receive mail from internet/internal, my problem is in the configuration, all accounts receive internet mails. I don't have problems in send restriction.

    My scenario:
    =========
    Server: Release 7.1.2_GA_3268.UBUNTU10_64 UBUNTU10_64 FOSS edition. Integrated Server con Exchange 2007 (GAL) LDAP
    Documentation revised: RestrictPostfixRecipients - Zimbra :: Wiki

    Main.cf
    =====
    mail_owner = postfix
    bounce_notice_recipient = postmaster
    content_filter = smtp-amavis:[127.0.0.1]:10024
    relayhost =
    smtpd_sasl_authenticated_header = no
    broken_sasl_auth_clients = yes
    minimal_backoff_time = 300s
    sender_canonical_maps = proxy:ldap:/opt/zimbra/conf/ldap-scm.cf
    always_add_missing_headers = yes
    smtpd_tls_key_file = /opt/zimbra/conf/smtpd.key
    smtpd_helo_required = yes
    virtual_transport = error
    sendmail_path = /opt/zimbra/postfix/sbin/sendmail
    smtpd_recipient_restrictions = check_recipient_access hash:/opt/zimbra/postfix/conf/restricted_rcpts, check_sender_access hash:/opt/zimbra/postfix/conf/restricted_senders, reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unlisted_recipient, reject_invalid_hostname, reject_non_fqdn_sender, permit
    smtpd_reject_unlisted_recipient = no
    bounce_queue_lifetime = 5d
    local_header_rewrite_clients = permit_mynetworks,permit_sasl_authenticated
    smtpd_data_restrictions = reject_unauth_pipelining
    smtpd_tls_security_level = may
    smtpd_milters =
    smtpd_sender_restrictions =
    lmtp_host_lookup = dns
    delay_warning_time = 0h
    virtual_mailbox_maps = proxy:ldap:/opt/zimbra/conf/ldap-vmm.cf
    queue_run_delay = 300s
    header_checks =
    notify_classes = resource,software
    command_directory = /opt/zimbra/postfix/sbin
    smtpd_client_restrictions = reject_unauth_pipelining
    smtpd_tls_auth_only = yes
    virtual_alias_maps = proxy:ldap:/opt/zimbra/conf/ldap-vam.cf
    mailq_path = /opt/zimbra/postfix/sbin/mailq
    mynetworks = 127.0.0.0/8 172.17.12.0/22 172.16.28.202/32 172.17.23.0/24 172.16.15.82/32 172.27.12.5/32 172.27.12.6/32
    lmtp_connection_cache_time_limit = 4s
    transport_maps = proxy:ldap:/opt/zimbra/conf/ldap-transport.cf
    virtual_alias_domains = proxy:ldap:/opt/zimbra/conf/ldap-vad.cf
    smtpd_sasl_auth_enable = yes
    smtpd_tls_loglevel = 1
    maximal_backoff_time = 4000s
    virtual_mailbox_domains = proxy:ldap:/opt/zimbra/conf/ldap-vmd.cf
    daemon_directory = /opt/zimbra/postfix/libexec
    non_smtpd_milters =
    setgid_group = postdrop
    alias_maps = hash:/etc/aliases
    mydestination = localhost
    myhostname = myhost.com
    message_size_limit = 5242880
    recipient_delimiter =
    in_flow_delay = 1s
    queue_directory = /opt/zimbra/data/postfix/spool
    propagate_unmatched_extensions = canonical
    manpage_directory = /opt/zimbra/postfix/man
    smtpd_tls_cert_file = /opt/zimbra/conf/smtpd.crt
    lmtp_connection_cache_destinations =
    newaliases_path = /opt/zimbra/postfix/sbin/newaliases
    policy_time_limit = 3600
    mailbox_size_limit = 0
    disable_dns_lookups = no
    smtpd_restriction_classes = send_local_only, rcpt_local_only
    local_only = check_recipient_access hash:/opt/zimbra/postfix/conf/local_domains, reject
    send_local_only = check_recipient_access hash:/opt/zimbra/postfix/conf/local_domains, reject
    rcpt_local_only = check_recipient_access hash:/opt/zimbra/postfix/conf/local_domains, reject

    The files local_domains, restricted_senders, restricted_rcpts are postmap command (.db)

    Any ideas

    Thanks
    Cristhian

  2. #2
    Join Date
    Apr 2012
    Posts
    5
    Rep Power
    3

    Default

    In this configuration, the option smtpd_recipient_restrictions = check_recipient_access hash:/opt/zimbra/postfix/conf/restricted_rcpts is not filtered, permit receive all internet messages for all accounts.
    It's a bug?

  3. #3
    Join Date
    Apr 2012
    Posts
    5
    Rep Power
    3

    Default WorkAround

    Workaround (momentally):

    1. rename /opt/zimbra/conf/zmmta.cf to zmmta.cf.old
    2. edit the /opt/zimbra/postfix/conf/main.cf (last rows):

    local_only = check_recipient_access hash:/opt/zimbra/postfix/conf/local_domains, reject
    send_local_only = check_recipient_access hash:/opt/zimbra/postfix/conf/local_domains, reject
    rcpt_local_only = check_sender_access hash:/opt/zimbra/postfix/conf/local_domains, reject
    smtpd_restriction_classes = send_local_only, rcpt_local_only

    3. postfix reload and zmcontrol stop/start

    It's Works!

  4. #4
    Join Date
    Apr 2012
    Posts
    5
    Rep Power
    3

    Default

    I revise the configuration and fix it with zmmta.cf, i follow the next webpage:
    Foro Técnico de Wolverine: Zimbra - Cómo definir políticas de envío/recepción de correo por usuarios

    C ya

  5. #5
    Join Date
    Apr 2012
    Posts
    5
    Rep Power
    3

    Default

    The final solution is:
    1. backup /opt/zimbra/conf & /opt/zimbra/postfix/conf (backup all other modification)
    2. Upgrade Zimbra OpenSource to Release 7.2.0_GA_2669.UBUNTU10_64 UBUNTU10_64 FOSS edition.
    3. Generate a new main.cf with zmmta.cf (follow the wolverine forum notes)
    4. postfix reload

    The finish main.cf:

    mail_owner = postfix
    bounce_notice_recipient = postmaster
    content_filter = smtp-amavis:[127.0.0.1]:10024
    relayhost =
    smtpd_sasl_authenticated_header = no
    broken_sasl_auth_clients = yes
    minimal_backoff_time = 300s
    sender_canonical_maps = proxy:ldap:/opt/zimbra/conf/ldap-scm.cf
    always_add_missing_headers = yes
    smtpd_tls_key_file = /opt/zimbra/conf/smtpd.key
    smtpd_helo_required = yes
    virtual_transport = error
    sendmail_path = /opt/zimbra/postfix/sbin/sendmail
    smtpd_recipient_restrictions = check_recipient_access hash:/opt/zimbra/postfix/conf/restricted_rcpts, check_sender_access hash:/opt/zimbra/postfix/conf/restricted_senders, reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unlisted_recipient, reject_invalid_helo_hostname, reject_non_fqdn_sender, permit
    smtpd_reject_unlisted_recipient = no
    bounce_queue_lifetime = 5d
    local_header_rewrite_clients = permit_mynetworks,permit_sasl_authenticated
    smtpd_data_restrictions = reject_unauth_pipelining
    smtpd_tls_security_level = may
    smtpd_milters =
    smtpd_sender_restrictions =
    lmtp_host_lookup = dns
    delay_warning_time = 0h
    virtual_mailbox_maps = proxy:ldap:/opt/zimbra/conf/ldap-vmm.cf
    queue_run_delay = 300s
    header_checks =
    notify_classes = resource,software
    command_directory = /opt/zimbra/postfix/sbin
    smtpd_client_restrictions = reject_unauth_pipelining
    smtpd_tls_auth_only = yes
    virtual_alias_maps = proxy:ldap:/opt/zimbra/conf/ldap-vam.cf
    mailq_path = /opt/zimbra/postfix/sbin/mailq
    mynetworks = 127.0.0.0/8 172.17.12.0/22 172.16.28.202/32 172.17.23.0/24 172.16.15.82/32 172.27.12.5/32 172.27.12.6/32 [::1]/128
    lmtp_connection_cache_time_limit = 4s
    transport_maps = proxy:ldap:/opt/zimbra/conf/ldap-transport.cf
    virtual_alias_domains = proxy:ldap:/opt/zimbra/conf/ldap-vad.cf
    smtpd_sasl_auth_enable = yes
    smtpd_tls_loglevel = 1
    maximal_backoff_time = 4000s
    virtual_mailbox_domains = proxy:ldap:/opt/zimbra/conf/ldap-vmd.cf
    inet_protocols = ipv4
    daemon_directory = /opt/zimbra/postfix/libexec
    non_smtpd_milters =
    setgid_group = postdrop
    alias_maps = hash:/etc/aliases
    mydestination = localhost
    myhostname = HOSTNAME.COM
    message_size_limit = 8388608
    recipient_delimiter =
    in_flow_delay = 1s
    queue_directory = /opt/zimbra/data/postfix/spool
    propagate_unmatched_extensions = canonical
    manpage_directory = /opt/zimbra/postfix/man
    smtpd_tls_cert_file = /opt/zimbra/conf/smtpd.crt
    lmtp_connection_cache_destinations =
    newaliases_path = /opt/zimbra/postfix/sbin/newaliases
    policy_time_limit = 3600
    mailbox_size_limit = 0
    disable_dns_lookups = no
    send_local_only = check_recipient_access hash:/opt/zimbra/postfix/conf/local_domains, reject
    smtpd_restriction_classes = send_local_only, rcpt_local_only
    rcpt_local_only = check_sender_access hash:/opt/zimbra/postfix/conf/local_domains, reject
    Last edited by cnole; 05-02-2012 at 07:26 AM.

Similar Threads

  1. Renewing certificate failed zimbra 6
    By buddhikeg in forum Administrators
    Replies: 30
    Last Post: 04-28-2012, 07:28 PM
  2. Only Admin can receive and send mails
    By yasanthau in forum Administrators
    Replies: 0
    Last Post: 05-28-2011, 04:23 AM
  3. Problem on receive mail and send mail
    By isacap18 in forum Administrators
    Replies: 1
    Last Post: 01-25-2008, 12:26 PM
  4. Cant Send Mails using outlook 2003
    By gayanj9 in forum Installation
    Replies: 8
    Last Post: 01-01-2008, 04:57 AM
  5. [SOLVED] Send Mail -> YES Receive Mail -> NO
    By AutootuA in forum Installation
    Replies: 12
    Last Post: 08-31-2007, 12:35 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •