includes anti-SPAM and antivirus technologies such as Postscreen, Spamassasin, Amavis, ClamAV, etc. But sometimes, for legal reasons, etc., we need to block certain senders or even entire domains from sending unsolicited email.
To do this, we will use the tools that come native to Zimbra Collaboration, and with a few simple commands, we can granularly protect our email users. Heres how
Create a file called /opt/zimbra/common/conf/postfix_reject_sender with the list of email addresses and domains to be rejected in the below format:
As Zimbra user, execute the zimbraMtaSmtpdSenderRestrictions command:
We can wait around 60 seconds until the Zimbra MTA pick up the changes, or force the changes with a restart to the MTA services with:
You will see an output similar to this:
If one of the blocked users or domains tries to send us an email, on the zimbra.log you will see something similar to this, (mind the error saying Sender address rejected: Access denied):
Sep 7 14:19:57 mail postfix/postscreen: CONNECT from [126.96.36.199]:32831 to [188.8.131.52]:25 Sep 7 14:20:01 mail zimbramon: 15143:info: 2017-09-07 14:20:01, QUEUE: 0 0 Sep 7 14:20:03 mail postfix/postscreen: PASS NEW [184.108.40.206]:32831 Sep 7 14:20:03 mail postfix/smtpd: connect from m[220.127.116.11] Sep 7 14:20:03 mail postfix/smtpd: Anonymous TLS connection established from mail-wm0-f45.google.com[18.104.22.168]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) Sep 7 14:20:03 mail postfix/smtpd: NOQUEUE: filter: RCPT from mail-wm0-f45.google.com[22.214.171.124]: : Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from= to= proto=ESMTP helo=mail-wm0-f45.google.com Sep 7 14:20:03 mail postfix/smtpd: NOQUEUE: reject: RCPT from mail-wm0-f45.google.com[126.96.36.199]: 554 5.7.1 : Sender address rejected: Access denied; from= to= proto=ESMTP helo=mail-wm0-f45.google.com Sep 7 14:20:03 mail postfix/smtpd: disconnect from mail-wm0-f45.google.com[188.8.131.52] ehlo=2 starttls=1 mail=1 rcpt=0/1 data=0/1 quit=1 commands=5/7
The blocked sender will see the next error:
And thats it for todays How-To. In future blog entries, well show you how to blacklist and whitelist IPs, or a range of IPs.
See how to block incoming users or domains for older Zimbra versions
Download Zimbra Collaboration Open Source
Download Zimbra Collaboration Network Edition
NEW Zimbra Patches: 8.8.9 Patch 1 + 8.8.8 Patch 7 + 8.7.11 Patch 5
NEW Zimbra 8.8.8 Turing Patch 6
NEW Zimbra Patches: 8.8.8 Patch 4 + 8.7.11 Patch 4
zimbra block domainzimbra block userzimbra restrict domainzimbra restrict userzimbra spam
Great. I was posted alternative to block incoming users or domains using bahasa 🙂
Is this working for blocking outgoing emails also, to certain domains or users?
I want to block some internal users from sending email to certain domains or email addreses. Is this possible with Zimbra?
Its possible. You can follow this tutor
i have done with same command on zimbra 8.6 open source edition, but my zimbra stop working, no send no receive from any domain.
For 8.6 is different, and the steps are on the wiki, you can remove it from the next document:
Configuration dont save parameter (Release 8.7.5_GA_1764.RHEL6_64_533 RHEL6_64 FOSS edition.):
[ ~]$ zmprov ms .br +zimbraMtaSmtpdSenderRestrictions check_sender_access lmdb:/opt/zimbra/postfix/conf/postfix_reject_sender
Rewriting configuration filesdone.
/postfix-script: refreshing the Postfix mail system
[ ~]$ postconf grep postfix_reject_sender
There is also a Zimlet that allows users to block/allow senders and domains, that is based on the amavis in Zimbra, its over here:
zimbra can see all log event all user send out or comming mail content on log file ?
Is it still possible with Zimbra 8.7 to specify wildcard entries, like say ? Thanks for the help!
@Luigi, I would say yes! Since this blog post is only 2 months old.
And it can be done with whitelist-blacklist-sender for sure!
If we implemented reject_authenticated_sender_login_mismatch and then we can add check_sender_access lmdb:/opt/zimbra/common/conf/postfix_reject_sender because attribute zimbraMtaSmtpdSenderRestrictions cannot have multiple values. Is it right?
 Source: How to block incoming users or domains Zimbra : Blog 
 Untuk alternatif lainnya dapat mengikuti panduan berikut 
Email (will not be published)(required)
Notify me of follow-up comments by email.
I added a video to [email protected] Whats New in Zimbra 8.8.8
I added a video to [email protected] Novedades en Zimbra Collaboration 8.8.8 Español
I added a video to [email protected] Cosa ce di nuovo in Zimbra Collaboration 8.8.8 Italian
I added a video to [email protected] Was gibts Neues in Zimbra Collaboration 8.8.8 German