1 (edited by slimwoogi 2012-05-24 08:55:27)

Topic: cluebringer doesn't support global blacklist?

Hi~ Zhang. First thanks for your efforts.
We set up IRedmail(0.8.0 LDAP backend) on Ubuntu 12.04 server(no iReadAdmin-Pro).
Everything is cool.
But we need to apply some black & white list globally.
So, I modified iRedAPD config file like belows.

/opt/iredapd/etc/iredapd.ini
##################################################################################
...
[ldap]
# For ldap backend only.
# LDAP server setting.
# Uri must starts with ldap:// or ldaps:// (TLS/SSL).
#
# Tip: You can get binddn, bindpw from /etc/postfix/ldap_*.cf.
#
uri = ldap://127.0.0.1:389
binddn = cn=vmail,dc=xxx,dc=com
bindpw = DsjqxwYE0YmqDk2U0Tuw6lexixgo9X
basedn = o=domains,dc=xxx,dc=com

# Enabled plugins.
#   - Plugin name is file name which placed under 'src/plugins/' directory.
#   - Plugin names MUST be seperated by comma.
#
# Available plugins:
#   * ldap_domain_wblist: per-domain white/blacklist support.
#       Note: If you want to enable this plugin, it's better to make it the
#             first one in enabled plugin list.
#   * ldap_maillist_access_policy: mail list deliver restrictions.
#   * block_amavisd_blacklisted_senders: per-user white/blacklist support.
plugins =ldap_domain_wblist, ldap_maillist_access_policy, block_amavisd_blacklisted_senders
....

####################################################################################


And add new attribute "domainBlacklistSender"  on our openLDAPServer.

When I debug 'mail.log' file I can find this works as I expected.

Is this OK?

I was thought global black&whitelist should be configured on cluebringer or amavis.

And I wonder the position of iRedAPD on message flow. I mean when IRedAPD engaged.
(sorry but i'm new on mail server world big_smile)

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: cluebringer doesn't support global blacklist?

Dear slimwoogi,

The iRedAPD plugin "ldap_domain_wblist" is used for per-domain white/blacklist.
It's recommended to use global white/blacklist provided by Cluebringer. Reference: http://www.policyd.org/content/greylisting

Also, you can access httpS://your_server/cluebringer/ to access to built-in Cluebringer admin panel. Make sure you can access it in Apache config file /etc/apache2/conf.d/cluebringer.conf:

    Order allow, deny
    allow from 127.0.0.1
    #allow from all

3

Re: cluebringer doesn't support global blacklist?

Thanks for your kindness.very helpful reply. big_smile