Zimbra Tips : Restricted User to Sending Email for Certain Domain Only

Written by Masim "Vavai" Sugianto Linux, Mail Server, OpenSUSE, Server, Zimbra Nov 2, 2008 964 views Print This Post Print This Post

zimbra logoSeems to be a funny thing to protect user from sending email to certain domain but in some case it would be possible. As far as I know, there is various reason why this approach applied in a real situation. I’ve met with an IT guys here in Indonesia which applied the restriction because their employee most likely used mail activity for unrelated work  -D

The restriction will be working by separated and identified restricted user. as an example, vavai could sending an email for various domain while zezevavai could sending an email for local domain only. We could also add another domain for exception, e.g : allowed sending an email for local domain and some pre-defined domain (sister company, a group of company, etc).

How to applied the restriction ?

  1. Opening console (ALT+F2, konsole on KDE)
  2. Log on as Zimbra root user (su – zimbra)
  3. Edit  /opt/zimbra/conf/postfix_recipient_restrictions.cf and add following restriction : 
    check_sender_access hash:/opt/zimbra/postfix/conf/restricted_senders
  4. Edit “/opt/zimbra/conf/zmmta.cf” and add following line : 
    POSTCONF    smtpd_restriction_classes      local_only
POSTCONF    local_only           FILE postfix_check_recipient_access.cf
  5. Create a new file “/opt/zimbra/conf/postfix_check_recipient_access.cf” and add  : 
    check_recipient_access hash:/opt/zimbra/postfix/conf/local_domains, reject
  6. Create a new file “/opt/zimbra/postfix/conf/restricted_senders” and add restricted user with the pre-defined format : 
    user@namadomain.com            local_only
  7. Create a new file “/opt/zimbra/postfix/conf/local_domains” and list all the domains where “restricted users” allowed to sent mails. Please follow this syntax : 
    namadomain.com           OK
anotherdomain.com      OK
  8. Run the update configuration command : 
    postmap /opt/zimbra/postfix/conf/restricted_senders
postmap /opt/zimbra/postfix/conf/local_domains
zmmtactl stop
zmmtactl start

After applying these setting, all of restricted user will have limited access for sending an email and they will allowed to sending an email for certain domain only as listed on file “/opt/zimbra/postfix/conf/local_domains”

Note :

  1. These setting will must be re-written after upgrading Zimbra
  2. To restore restricted user access so they could sending for various domain, please  : Remove any added configuration on zmmta.cf and make sure that the restriction setting will applied to blank account. Run this command : postconf -e smtpd_restriction_classes=” and zmmtactl reload to restore the setting.

Related Entries

1 Response for “Zimbra Tips : Restricted User to Sending Email for Certain Domain Only”

  1. paarack says:
    October 6, 2009 at 8:17 pm

    Hi i followed your instruction, but i got this error.

    NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 451 4.3.5 Server configuration error;

Leave a Reply

Recent Posts

About Vavai

Masim Vavai Sugianto Masim Vavai Sugianto, Indonesian, male, 32 years old, born and live in Bekasi-West Java, a small town near Jakarta – main city of Indonesia – since 17 May 1976. Founder of Indonesian openSUSE and Zimbra Community, an adventure, travelling and book lover.



I live in a tropical country, Indonesia that only has two seasons, dry season and rainy season. I love the dry season with bright sunshine and rare rain…There is a joke about the seasons in Indonesia. Indonesia is known as a country with so many season, ie : durian season, mango season, married season and much more...



ContactI'm currently working as an IT support for a small company based on Jakarta. My career has led me to specialize in Sysadmin, networking and software implementation with current focus on Linux and open source area. I have experience on MRP, ERP, Gemba Kaizen, Just in Time, Six Sigma and TQC/TQM. Please use my contact page if you wish to contact me.
Log in - BlogNews Theme by Gabfire themes