Zimbra is an open-source platform that provides a rich set of features that enable collaboration across and outside an organization. This tool developed by Synacor, Inc. comes in two main editions:
- Free open-source edition.
- Enterprise Edition/Network Edition with a 60-day free trial.
Zimbra collaboration suite offers the following features and benefits to its users:
- Offline mode: This feature allows users to work on emails and other tasks even when not connected to the internet. All the changes made are then synchronized once an internet connection is re-established.
- Prevents spam mail: Zimbra sorts and deletes spam emails using its intelligent spam filters. They help remove unwanted emails as configured by the users.
- Web-Based UI: This allows users to access and manage the Zimbra server easily.
- Unified Framework: It combines all the features of an address book, email, calendar, tasks, file sharing etc. in one platform.
- Two-factor authentication: This feature improves security for your Zimbra setup by providing an additional physical layer for secure logins.
- Document Storage: This is another useful feature provided by Zimbra. It provides users access to storage from anywhere.
- Scalability: Zimbra has the ability to scale which makes it ideal for both small and large businesses.
When deploying Zimbra, you can have a self-hosted or cloud-based deployment. This provides flexibility and more control over the infrastructure.
In our previous guides, we have walked through:
- How to Install Zimbra Collaboration Suite
- How to Migrate emails from Gmail / Google Gsuite to Zimbra
Today, I will show you how to restrict Zimbra Local Domains from Sending Emails to External Domains.
Allow Local Users to Send Emails to External Domians
At times, you may need to communicate with users outside your organization. These users might be from external domains such as Gmail, Yahoo, Outlook etc.
To allow the users to send and receive emails, you need to make the correct DNS configurations. On the ZImbra Admin console, navigate to Global Settings –> MTA –> Enable DNS lookup
Restrict Zimbra Local Domains from Sending Emails to External Domains
You can also restrict the user from sending emails to external domains. Here, there are two methods you can consider:
- Block all users in a Zimbra domain
- Block specific users in a domain
This solution applies to ZCS 8.8.x and Later. First, open the below file:
sudo vim /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf In the opened file, add this line at the top:
%%contains VAR:zimbraMtaSmtpdSenderRestrictions check_sender_access lmdb:/opt/zimbra/common/conf/restricted_senders%%Save the file and switch to the Zimbra user:
sudo su - zimbraNow execute the command:
zmprov ms `zmhostname` +zimbraMtaSmtpdSenderRestrictions "check_sender_access lmdb:/opt/zimbra/common/conf/restricted_senders"Exit the Zimbra user shell
exitAlso, open the below file:
sudo vim /opt/zimbra/conf/zmconfigd.cfIn the file, add the lines before the “RESTART mta” line
......
POSTCONF smtpd_restriction_classes local_only
POSTCONF local_only FILE postfix_check_recipient_access.cf
....
RESTART mtaSave this file and create the below file with the lines added in it:
$ sudo vim /opt/zimbra/conf/postfix_check_recipient_access.cf
check_recipient_access lmdb:/opt/zimbra/common/conf/local_domains, permitNow we need to create the file with the users which you want to restrict from sending emails:
sudo vim /opt/zimbra/common/conf/restricted_sendersIn the file, you can add the specific user or the entire domain as shown:
- Block specific users on your Zimbra domain
user1@your_zimbra_domain.com local_only
user2@your_zimbra_domain.com local_only
....- Block all users in your Zimbra domain
your_zimbra_domain.com local_onlyIn the file, replace the user and domain name correctly.
We need to create another file with the list of domains/emails to which the users have been restricted from sending the emails to:
sudo vim /opt/zimbra/common/conf/local_domainsThis file can contain the specific user address or the entire domain.
- Restrict Entire domain:
YOURDOMAIN.TLD REJECTFor example:
OUTLOOK.COM REJECT- Restrict Specific user on external domain
[email protected] REJECTFor example:
[email protected] REJECTReplace the user and domain correctly then proceed and set permissions for the created files as shown:
sudo chown zimbra:zimbra /opt/zimbra/conf/postfix_check_recipient_access.cf
sudo chmod 644 /opt/zimbra/conf/postfix_check_recipient_access.cf
sudo chown :zimbra /opt/zimbra/common/conf/restricted_senders
sudo chmod 775 /opt/zimbra/common/conf/restricted_senders
sudo chown :zimbra /opt/zimbra/common/conf/local_domains
sudo chmod 775 /opt/zimbra/common/conf/local_domainsTo apply the changes made to Zimbra, you need to run the below commands as the Zimbra user:
sudo su - zimbra
postmap /opt/zimbra/common/conf/restricted_senders
postmap /opt/zimbra/common/conf/local_domainsRestart the service below:
zmmtactl stop
zmmtactl startTest if Restricted Users can send Emails to External Domains
Now we will test if the user(s) restricted can send emails to external domains. For my case, I restricted the outlook.com domain.
If all is okay, you will see this when you try to send mails to the blocked external domain:
The user should be able to send emails to local users:
Verdict
In this guide, we have learnt how to restrict Zimbra Llocal domains from sending emails to external domains. This can be o vital in scenarios whwre you want to forbit users from sending emails to certain external domains. I hope this worked for you too.
See more:
- Install Zimbra Desktop on Ubuntu 18.04 Bionic Beaver
- How To Install MDaemon Email Server on Windows Server
- Deploy Mail Server on Debian 12 with Postfix, Dovecot, MySQL, and RoundCube
- Install Zimbra Zextras Carbonio CE on Ubuntu 20.04
