How to restrict sen...
 
Notifications
Clear all

How to restrict sending email other than the allowed domain for specific user or all users?

7 Posts
2 Users
1 Reactions
1,080 Views
(@elias2k1)
Joined: 2 years ago
Posts: 12
Topic starter  

I have installed the latest version of Zextras Carbonio CE in our environment. But there is a requirement for email sending restriction. How can I do that? For example, I have users like user1@example.com and user2@example.com. I want to allow only user1@example.com can send mail to all external domains, but user2@example.com can only send emails to example.com and example2.com but not other external domains. How can I do that in my environment? Please help me as it's an urgent requirement.


   
Quote
(@elias2k1)
Joined: 2 years ago
Posts: 12
Topic starter  

Is there any update? We considerably require this. We are using version 23.3.0. Please help.


   
ReplyQuote
(@elias2k1)
Joined: 2 years ago
Posts: 12
Topic starter  

@sharif Bhai, 

Is there any update on this? I am new at Zextras. And I have been facing some more issues, which I already mentioned.

Regards,

Elias


   
ReplyQuote
(@sharif)
Admin
Joined: 3 years ago
Posts: 593
 
Posted by: @elias2k1

Is there any update on this? I am new at Zextras. And I have been facing some more issues, which I already mentioned.

@elias2k1

Dear Elias Bhai,

As you mentioned that you are using Carbonio CE 23.3.0, 

If example.com and example2.com are on the same server infrastructure then,

user1 & user2 should be able to send emails to example.com and example2.com without any issue.

Also, user1 should be able to send all external emails.

 

To restrict any users from sending emails to any destination, you can follow this link instructions: [Please change zimbra with zextras]

https://wiki.zimbra.com/wiki/Block_user_for_send_email_to_some_external_email

I set following restrictions for user2 and it worked:

zextras@mail:~$ cat /opt/zextras/common/conf/local_domains

example.com                     OK
example2.com                  OK

gmail.com                       REJECT
zextras@mail:~$

 

Now, my user2 can only send emails to example.com or example2.com. But when it tries to send email to gmail.com log shows:

Apr  7 11:25:29 mail postfix/smtpd[68602]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 554 5.7.1 <imsilsa26112@gmail.com>: Recipient address rejected: Access denied; from=<user2@example.com> to=<imsilsa26112@gmail.com> proto=ESMTP helo=<mail.example.com>

 

Currently, our until we fully deploy the CBpolicyD, restricting an user to send external emails can not be done with some single clicks.

 

As you rightly pointed out that it is a useful feature, we plan make the process easier in future releases. 

Therefore please stay tuned with us and share your feedback and opinion.

 

Thanks and regards,

Sharif

 


   
ReplyQuote
(@elias2k1)
Joined: 2 years ago
Posts: 12
Topic starter  

@sharif Bhai, 

Thanks. I will try these steps in my environment. I have some other queries. Please try to answer those as soon as possible. It will help me to resolve some compliance requirements.

Regards,

Elias


   
ReplyQuote
(@elias2k1)
Joined: 2 years ago
Posts: 12
Topic starter  

@sharif Bhai,

It worked if I mentioned the domain I want to reject. But if I use wildcard it doesn't work. As it's not possible to mention all the domain other than the local domains. What is the workaround?

for Example,

Posted by: @sharif

example.com OK

example2.com OK

gmail.com REJECT

The above example worked but the following isn't working:

example.com OK

example2.com OK

*@* REJECT

 

Need your valuable suggestion.

 

Regards,

Elias

This post was modified 2 years ago by elias2k1

   
ReplyQuote
(@elias2k1)
Joined: 2 years ago
Posts: 12
Topic starter  

It worked by modifying the below line of /opt/zextras/conf/postfix_check_recipient_access.cf file:

check_recipient_access lmdb:/opt/zextras/common/conf/local_domains, reject

I modify it from "permit" to "reject" and add only the allowed domains in below file

/opt/zextras/common/conf/local_domains

Thanks and Regards,

Elias

This post was modified 2 years ago by elias2k1

   
ReplyQuote