I have installed the latest version of Zextras Carbonio CE in our environment. But there is a requirement for email sending restriction. How can I do that? For example, I have users like user1@example.com and user2@example.com. I want to allow only user1@example.com can send mail to all external domains, but user2@example.com can only send emails to example.com and example2.com but not other external domains. How can I do that in my environment? Please help me as it's an urgent requirement.
Is there any update? We considerably require this. We are using version 23.3.0. Please help.
@sharif Bhai,
Is there any update on this? I am new at Zextras. And I have been facing some more issues, which I already mentioned.
Regards,
Elias
Is there any update on this? I am new at Zextras. And I have been facing some more issues, which I already mentioned.
Dear Elias Bhai,
As you mentioned that you are using Carbonio CE 23.3.0,
If example.com and example2.com are on the same server infrastructure then,
user1 & user2 should be able to send emails to example.com and example2.com without any issue.
Also, user1 should be able to send all external emails.
To restrict any users from sending emails to any destination, you can follow this link instructions: [Please change zimbra with zextras]
https://wiki.zimbra.com/wiki/Block_user_for_send_email_to_some_external_email
I set following restrictions for user2 and it worked:
zextras@mail:~$ cat /opt/zextras/common/conf/local_domains example.com OK example2.com OK gmail.com REJECT zextras@mail:~$
Now, my user2 can only send emails to example.com or example2.com. But when it tries to send email to gmail.com log shows:
Apr 7 11:25:29 mail postfix/smtpd[68602]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 554 5.7.1 <imsilsa26112@gmail.com>: Recipient address rejected: Access denied; from=<user2@example.com> to=<imsilsa26112@gmail.com> proto=ESMTP helo=<mail.example.com>
Currently, our until we fully deploy the CBpolicyD, restricting an user to send external emails can not be done with some single clicks.
As you rightly pointed out that it is a useful feature, we plan make the process easier in future releases.
Therefore please stay tuned with us and share your feedback and opinion.
Thanks and regards,
Sharif
@sharif Bhai,
Thanks. I will try these steps in my environment. I have some other queries. Please try to answer those as soon as possible. It will help me to resolve some compliance requirements.
Regards,
Elias
@sharif Bhai,
It worked if I mentioned the domain I want to reject. But if I use wildcard it doesn't work. As it's not possible to mention all the domain other than the local domains. What is the workaround?
for Example,
example.com OK
example2.com OK
gmail.com REJECT
The above example worked but the following isn't working:
example.com OK
example2.com OK
*@* REJECT
Need your valuable suggestion.
Regards,
Elias
It worked by modifying the below line of /opt/zextras/conf/postfix_check_recipient_access.cf file:
check_recipient_access lmdb:/opt/zextras/common/conf/local_domains, reject
I modify it from "permit" to "reject" and add only the allowed domains in below file
/opt/zextras/common/conf/local_domains
Thanks and Regards,
Elias