1

Topic: accessPolicy functionality for mailList class in LDAP IRedMail backend

Hello!
I've successfully configured iRedAdmin server with LDAP backend, but

I have a problem with accessPolicy attribute in LDAP Groups.

I found that this attribute can have following states: open, domain, member, owner (open, domain, allowedOnly, memberOnly in some different version of iredmail.schema).
This is defined in the descritption of accessPolicy attribute:

attributetype ( 1.3.6.1.4.1.32349.1.2.3.1 NAME 'accessPolicy'
    DESC 'Mail list access policy: open, domain, member, owner'
    EQUALITY caseIgnoreIA5Match
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
    SINGLE-VALUE )

Unfortunately none of this possibilities work as I hoped to.

The problem is that everybody can send an e-mail to default group address all@example-domain.com and every member of this group will receive it.
This opens an access for SPAMers to my domain.
I would like to have all@example-domain.com address only available for admin.

Does anyone know the solution?
Thanks
Zibi

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: accessPolicy functionality for mailList class in LDAP IRedMail backend

This attribute is only used to store access policy, not do real access control. You have to find out mail list access policy control program yourself.

3

Re: accessPolicy functionality for mailList class in LDAP IRedMail backend

You can use mlapd for mail list access policy control, but you have to configure it and hack it yourself:
http://code.google.com/p/mlapd/

4

Re: accessPolicy functionality for mailList class in LDAP IRedMail backend

Thanks, but...
I set accountStatus=disabled for the group e-mail all@my-domain.com just as temporary solution but it doesn't work either.
Despite accountStatus=disabled all members received e-mails.

Zibi

5

Re: accessPolicy functionality for mailList class in LDAP IRedMail backend

May I somehow configure ldap*.cf postfix files to adjust this?

Zibi

6

Re: accessPolicy functionality for mailList class in LDAP IRedMail backend

No. You have to use mail list access policy control to restrict this due to mail list implementation in iRedMail.

Reference: http://www.iredmail.org/forum/topic60-w … 90610.html

7 (edited by Zibi 2009-11-02 17:50:01)

Re: accessPolicy functionality for mailList class in LDAP IRedMail backend

Right now I want to disable all@my-domain.com group:

dn: mail=all@my-domain.com,ou=Groups,domainName=my-domain.com,o=domains,dc=my-domain,dc=com
objectClass: mailList
cn: All users
mail: all@my-domain.com
hasMember: yes
enabledService: mail
enabledService: deliver
accountStatus: desabled

But it doesn't work.
I read link you posted but I can't see a solution there sad

Thanks for further help
Zibi

8

Re: accessPolicy functionality for mailList class in LDAP IRedMail backend

You can use mlapd for mail list access control:
http://code.google.com/p/mlapd/

Or, don't assign mail users to all@.