Forums
Welcome to Zextras ...
General Info
restricting users t...
 
Notifications
Clear all

[Solved] restricting users to sending emails locally or externally

 
General Info
Last Post by rahul_1 1 month ago
7 Posts
2 Users
0 Reactions
104 Views
RSS
 rahul_1
(@rahul_1)
New Member
Joined: 1 month ago
Posts: 5
Topic starter 03/07/2025 13:19  

Hi Everyone,
I am following the same guide https://community.zextras.com/restrict-carbonio-community-edition-users-to-send-emails-locally-or-externally-carbonio-ce/ to restricting users to sending emails locally or externally but somehow its not working and restricted users and non restricted both are able to send external email, can someone please help me to fix it out


   
Quote
 rahul_1
(@rahul_1)
New Member
Joined: 1 month ago
Posts: 5
Topic starter 03/08/2025 09:47  

@Md. Shariful Islam


   
ReplyQuote
 Md. Shariful Islam
(@sharif)
Reputable Member Admin
Joined: 3 years ago
Posts: 677
03/10/2025 11:12  

@rahul_1 

Hi,

I have modified some configuration. Could you please try again now?

Make sure to check this command output:

carbonio prov gs $(hostname -f)  zimbraMtaSmtpdSenderRestrictions

regards,


   
ReplyQuote
 rahul_1
(@rahul_1)
New Member
Joined: 1 month ago
Posts: 5
Topic starter 03/10/2025 11:47  

Hi,

When I try to run the setup again its shows an error 

zextras@mail:~$ carbonio prov ms mail.xyz.in +zimbraMtaSmtpdSenderRestrictions "check_sender_access lmdb:/opt/zextras/common/conf/restricted_senders"
ERROR: account.INVALID_ATTR_VALUE (invalid attr value: invalid attr value - unable to modify attributes: ldap host=mail.xyz.in:389: attribute 'zimbraMtaSmtpdSenderRestrictions' cannot have multiple values)
zextras@mail:~$

This post was modified 1 month ago by rahul_1

   
ReplyQuote
 rahul_1
(@rahul_1)
New Member
Joined: 1 month ago
Posts: 5
Topic starter 03/10/2025 12:19  

I have tried this command ____zmprov ms mail.xyz.in zimbraMtaSmtpdSenderRestrictions "check_sender_access lmdb:/opt/zextras/common/conf/restricted_senders"

instead of carbonio prov ms mail.xyz.in +zimbraMtaSmtpdSenderRestrictions "check_sender_access,

now sending external emails are blocked to all users allowed and not allowed both 

how to fix and allow some users to send external emails 

This post was modified 1 month ago 3 times by rahul_1

   
ReplyQuote
 Md. Shariful Islam
(@sharif)
Reputable Member Admin
Joined: 3 years ago
Posts: 677
03/11/2025 07:12  

@rahul_1 

Hi,

This particular attribute could only have single value (Cardinality - single/multi), so when ever you use any attribute take a look at it's description which would give you many insights to avoid errors/issues:

root@mail:~# su - zextras -c "carbonio prov desc -a zimbraMtaSmtpdSenderRestrictions"
zimbraMtaSmtpdSenderRestrictions
    Value for postconf smtpd_sender_restrictions

               type : string
              value :
           callback :
          immutable : false
        cardinality : single
         requiredIn :
         optionalIn : globalConfig,server
              flags : serverInherited
           defaults : reject_sender_login_mismatch
                min :
                max :
                 id : 1590
    requiresRestart :
              since : 8.5.0
    deprecatedSince :

root@mail:~#

For your convenience, This is the short summary of the entire process, crosscheck each step and, I believe you would be able to find the issue and fix:

Note: Any typo in the configuration file would affect email transaction and flows.

cat /opt/zextras/conf/zmconfigd/smtpd_sender_restrictions.cf
##Add this line op top of the file
%%contains VAR:zimbraMtaSmtpdSenderRestrictions check_sender_access lmdb:/opt/zextras/common/conf/restricted_senders%%

#Execute this
su - zextras -c 'carbonio prov ms $(hostname -f) +zimbraMtaSmtpdSenderRestrictions "check_sender_access lmdb:/opt/zextras/common/conf/restricted_senders"'

#Check status
su - zextras -c "carbonio prov gs $(hostname -f) zimbraMtaSmtpdSenderRestrictions"

#This should be the output
zimbraMtaSmtpdSenderRestrictions: check_sender_access lmdb:/opt/zextras/common/conf/restricted_senders

cat /opt/zextras/conf/zmconfigd.cf
#Edit this file to add following lines just before the line of RESTART mta in - SECTION mta DEPENDS amavis

POSTCONF    smtpd_restriction_classes  local_only
POSTCONF    local_only  FILE  postfix_check_recipient_access.cf


cat /opt/zextras/conf/postfix_check_recipient_access.cf
#Add this line
check_recipient_access lmdb:/opt/zextras/common/conf/local_domains, reject

#Create prompt for this
cat /opt/zextras/common/conf/restricted_senders
user1@example.com    local_only
user2@example.com    local_only

#Create prompt for this
cat /opt/zextras/common/conf/local_domains

example.com    OK
internal.com   OK

#Execute this
chown zextras:zextras /opt/zextras/conf/postfix_check_recipient_access.cf
chmod 644 /opt/zextras/conf/postfix_check_recipient_access.cf
chown :zextras /opt/zextras/common/conf/restricted_senders
chmod 775 /opt/zextras/common/conf/restricted_senders
chown :zextras /opt/zextras/common/conf/local_domains
chmod 775 /opt/zextras/common/conf/local_domains

#postmap this
su - zextras -c "postmap /opt/zextras/common/conf/restricted_senders"
su - zextras -c "postmap /opt/zextras/common/conf/local_domains"

#Restart zmmtactl
su - zextras -c "zmmtactl restart"

Regards,


   
ReplyQuote
 rahul_1
(@rahul_1)
New Member
Joined: 1 month ago
Posts: 5
Topic starter 03/11/2025 07:50  

Hi Shariful,

After following all the steps the issue is fixed 

Thank you so much for your prompt response 


   
ReplyQuote
Forum Jump:
  Previous Topic
Next Topic