1 (edited by ariarantes 2012-08-15 04:19:55)

Topic: Problem with iRedAdmin-Pro

==== Required information ====
- iRedMail version: 0.8.1
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Linux/BSD distribution name and version: Ubuntu 12.04.1 LTS
- Related log if you're reporting an issue:
====

When access:

https://URL/iredadmin/profile/domain/general/domain.com.br

internal server error

and I can see in /var/log/apache2/error.log:

ProgrammingError: (1146, "Table 'cluebringer.throttle' doesn't exist")

I didn't find the script to create this table and it does not exist!

The tables on cluebringer database:

mysql> show tables;
+---------------------------+
| Tables_in_cluebringer     |
+---------------------------+
| access_control            |
| amavis_rules              |
| checkhelo                 |
| checkhelo_blacklist       |
| checkhelo_tracking        |
| checkhelo_whitelist       |
| checkspf                  |
| greylisting               |
| greylisting_autoblacklist |
| greylisting_autowhitelist |
| greylisting_tracking      |
| greylisting_whitelist     |
| policies                  |
| policy_group_members      |
| policy_groups             |
| policy_members            |
| quotas                    |
| quotas_limits             |
| quotas_tracking           |
| session_tracking          |
+---------------------------+
20 rows in set (0.00 sec)


Regards,

Ari

2

Re: Problem with iRedAdmin-Pro

Dear Ari,

Please disable Policyd integration in iRedAdmin config file (settings.ini), because it doesn't support postfix-cluebringer which shipped in Ubuntu-12.04.

[policyd]
enabled = False
...

Restarting Apache is required after you changed settings.ini, and a logout-relogin is required to disable Policyd integration support.

3

Re: Problem with iRedAdmin-Pro

ZhangHuangbin wrote:

Dear Ari,

Please disable Policyd integration in iRedAdmin config file (settings.ini), because it doesn't support postfix-cluebringer which shipped in Ubuntu-12.04.

[policyd]
enabled = False
...

Restarting Apache is required after you changed settings.ini, and a logout-relogin is required to disable Policyd integration support.

So it's impossible to use the policyd and iredmail with Ubuntu 12.04?

Does it work with CentOS 6.3?

Regards,

Ari

4

Re: Problem with iRedAdmin-Pro

I can confirm everything runs like clockwork on CentOS 6.3.

5

Re: Problem with iRedAdmin-Pro

ariarantes wrote:

So it's impossible to use the policyd and iredmail with Ubuntu 12.04?
Does it work with CentOS 6.3?

As harro.verton (thanks smile) says, Policyd integration works on CentOS 6.3.

6

Re: Problem with iRedAdmin-Pro

Are there any updates to this issue?

We were really looking forward to abilities of policyd, and have iRedMail installed on Ubuntu 12.04, would love to have it work.

Thanks.

7

Re: Problem with iRedAdmin-Pro

This still seems to be a problem with Debian 7 as well.

Disabling it worked, but is there any indiciation of when it will be resolved?

8

Re: Problem with iRedAdmin-Pro

Hi amel,

You can use httpS://your_server/cluebringer/ to manage Cluebringer.

There're some differences between Cluebringer and Policyd-1.8:

*) No per-user or per-domain greylisting control in Cluebringer. You can only restrict sender IP address or IP range.
*) No sender blacklist in Cluebringer. You can blacklist sender with sender IP address/range, sender email address, sender domain.
*) No email address or domain based whitelist in Cluebringer. Only sender IP address.

Addition thoughts:

*) According to Cluebringer source code repository activity, looks like it's not under active development in 2013, and still no stable release of 2.1.x branch:
http://devlabs.linuxassist.net/projects … repository

*) SQL structure in Cluebringer is not as much visualized as Policyd-1.8. Just check their documents, you will find the differences:

- Policyd-1.8: http://policyd.sourceforge.net/readme.html
- Cluebringer: http://wiki.policyd.org/

I personally like SQL structure of Policyd-1.8, it's simple, easy to understand, easy to manage.

*) Not every Linux/BSD distributions ship the latest Cluebringer (2.0.x), of course no 2.1.x too.

Maybe we should achieve some features in iRedAPD? e.g. grey/white/blacklisting, per-user white/blackilst, etc. Let me know your honest opinions.

9

Re: Problem with iRedAdmin-Pro

ZhangHuangbin wrote:

Maybe we should achieve some features in iRedAPD? e.g. grey/white/blacklisting, per-user white/blackilst, etc. Let me know your honest opinions.

That would be nice, especially if it could handle throttling as well.

10

Re: Problem with iRedAdmin-Pro

ZhangHuangbin wrote:

Hi amel,

You can use httpS://your_server/cluebringer/ to manage Cluebringer.

There're some differences between Cluebringer and Policyd-1.8:

*) No per-user or per-domain greylisting control in Cluebringer. You can only restrict sender IP address or IP range.
*) No sender blacklist in Cluebringer. You can blacklist sender with sender IP address/range, sender email address, sender domain.
*) No email address or domain based whitelist in Cluebringer. Only sender IP address.

Addition thoughts:

*) According to Cluebringer source code repository activity, looks like it's not under active development in 2013, and still no stable release of 2.1.x branch:
http://devlabs.linuxassist.net/projects … repository

*) SQL structure in Cluebringer is not as much visualized as Policyd-1.8. Just check their documents, you will find the differences:

- Policyd-1.8: http://policyd.sourceforge.net/readme.html
- Cluebringer: http://wiki.policyd.org/

I personally like SQL structure of Policyd-1.8, it's simple, easy to understand, easy to manage.

*) Not every Linux/BSD distributions ship the latest Cluebringer (2.0.x), of course no 2.1.x too.

Maybe we should achieve some features in iRedAPD? e.g. grey/white/blacklisting, per-user white/blackilst, etc. Let me know your honest opinions.


In order to achieve per domain and mailbox whitelisting etc is there any alternative in Ubuntu 12.04? I'm assuming it's impossible to install the policyd-1.8.

11

Re: Problem with iRedAdmin-Pro

hferreira wrote:

I'm assuming it's impossible to install the policyd-1.8.

After all it's not impossible.

Here it is a quick how to on Ubuntu 12.04. Remember it's one of those do at your own risk kind of things.

First of all install the required dependecies.

apt-get install libmysqlclient-dev

Download the Policyd 1.82 to your server from here:

http://devlabs.linuxassist.net/projects/policyd/files

Unpack the tarball

tar xzvf policyd-1.82.tar.gz

Build and compile

cd policyd-1.82
make build
make install

Create the database

First of all we need to edit the script to make it work in MySQL v5.

cd policyd-1.82 (if not already there)
sed -i 's/TYPE/ENGINE/g' DATABASE.mysql

Then run the script

mysql -u root -p < DATABASE.mysql

Create an user in the policyd DB with the name policyd for example and grant it all priviligies (I did this in phpmyadmin)

Edit the config file and change the parameters you see fit

vim /usr/local/policyd/policyd.conf

I changed:

MYSQLPASS=zzzzzzzz

BINDPORT=10031

DAEMON=1

SYSLOG_FACILITY="LOG_MAIL|LOG_INFO"

CHROOT=/

WHITELISTSENDER=1

WHITELISTDNSNAME=1

AUTO_WHITE_LISTING=0

AUTO_WHITELIST_NUMBER=500

AUTO_WHITELIST_NETBLOCK=0

AUTO_WHITELIST_EXPIRE=7d

BLACKLISTING=1

BLACKLISTDNSNAME=1
  
BLACKLIST_TEMP_REJECT=0

BLACKLIST_NETBLOCK=0

BLACKLIST_REJECTION="Abuse. Go away."

AUTO_BLACK_LISTING=0

AUTO_BLACKLIST_NUMBER=500

AUTO_BLACKLIST_EXPIRE=7d

BLACKLIST_HELO=1

BLACKLISTSENDER=1

HELO_CHECK=1

SPAMTRAPPING=1

SPAMTRAP_REJECTION="Spam trapped"

GREYLIST_X_HEADER=1

TRAINING_MODE=1

TRAINING_POLICY_TIMEOUT=7d

TRIPLET_TIME=5m

OPTINOUT=1

SENDERTHROTTLE=1

SENDER_THROTTLE_SASL=1

SENDER_THROTTLE_HOST=0

QUOTA_EXCEEDED_TEMP_REJECT=1

Pay special attention to the SYSLOG_FACILITY parameter because it originally comes with spaces need to be removed for the deamon to start. The BINDPORT I put the one that Cluebringer uses and switched Cluebringer to the 10032. The whitelist and blacklist have to be enabled in order for them to work. Maybe if Zhang posts here the policyd config file after the iRedMail installation in CentOs it would be safer. I did this by trial and error.

After this edit postfix main.cf and add check_policy_service inet:127.0.0.1:BINDPORT to the smtpd_recipient_restrictions and reload postfix

vim /etc/postfix/main.cf
edit file

Edit the iredadmin settings.ini in order to activate Policyd

vim /usr/share/apache2/iredadmin/settings.ini 

Change the following fields in the [policyd] section

enabled = True

host = 127.0.0.1
port = 3306
db = policyd
user = policyd
passwd = zzzzzzzzzzzzzz

Restart apache2 and reload postfix.

Start the daemon then reload apache2 and reload postfix.

/usr/local/policyd/policyd -c /usr/local/policyd/policyd.conf
/etc/init.d/postfix reload
/etc/init.d/apache2 reload

Logout and login of the Pro interface and you should see the new options. smile