Hello Kingcu,
as far as I know it's not possible to restrict web access directly from Zimbra, while restricting outgoing emails is pretty easy by customizing Postfix's configuration:
[al commands must be ran as 'root']
1 - Create a file called "postfix_restricted_senders" in /opt/zimbra/conf/
2 - Populate the file using the following syntax (one entry per line):
Code:
restricted_user1@domain.tld insider_only
restricted_user2@domain.tld insider_only
restricted_user3@domain.tld insider_only
3 - Use postmap to prepare the .db file that postfix will use:
Code:
/opt/zimbra/postfix/sbin/postmap /opt/zimbra/conf/postfix_restricted_senders
4 - Insert the following Keys in "/opt/zimbra/conf/localconfig.xml"
Code:
<key name="postfix_insider_only">
<value>check_recipient_access hash:/opt/zimbra/conf/postfix_local_domains,reject</value>
</key>
<key name="postfix_smtpd_restriction_classes">
<value>insider_only</value>
</key>
5 - Insert the following lines in "/opt/zimbra/conf/zmmta.cf" in the "MTA" section just before the "RESTART mta" line [In Zimbra 8+ edit the zmconfigd.cf file instead]
Code:
POSTCONF smtpd_restriction_classes LOCAL postfix_smtpd_restriction_classes
POSTCONF insider_only LOCAL postfix_insider_only
6 - Create the /opt/zimbra/conf/postfix_local_domains file listing all your domains.
Code:
mylocaldomain.com OK
myseconddomain.com OK
7- Postmap the file running:
Code:
/opt/zimbra/postfix/sbin/postmap /opt/zimbra/conf/postfix_local_domains
8 - Finally, add the following line in "/opt/zimbra/conf/postfix_recipient_restrictions.cf" (after the "reject_non_fqdn_recipient" line)
Code:
check_sender_access hash:/opt/zimbra/conf/postfix_restricted_senders
9 - The MTA should restart itself after step 8, check your logs and restart it manually if it doesn't restart automatically.
To add new restricted senders edit the "/opt/zimbra/conf/postfix_restricted_senders" file and execute the command in step 3 to finalize the changes.
Remember that this procedure must be applied again after each Zimbra update (only need to repeat steps 4,5 and 6)
As usual, try this configuration on a test environment before applying it in production 
Hope this helps,
Cine
Bookmarks