1 (edited by aemaething 2013-03-01 19:16:54)

Topic: disable reject_sender_login_mismatch for only one user

==== Required information ====
- iRedMail version:  0.8.3
- Store mail accounts in which backend LDAP
- Linux/BSD distribution name and version: ubuntu 12.04 LTS
====

Dear ZhangHuangbin,

I have used the support search, but I didn't get the point, yet.

I would like to disable reject_sender_login_mismatch for only one trusted user.
Is it possible to enable this feature by some LDAP setting(s) and/or other trick?


Thanks in advance!

Best,
Achim

2

Re: disable reject_sender_login_mismatch for only one user

As far as i know, this is not supported in Postfix.
The possible solution is implementing this with a Postfix policy server, e.g. iRedAPD (already running on your server).

3

Re: disable reject_sender_login_mismatch for only one user

ZhangHuangbin wrote:

As far as i know, this is not supported in Postfix.
The possible solution is implementing this with a Postfix policy server, e.g. iRedAPD (already running on your server).

OK - so the easiest way will be to write some lines of python and add a plugin to iRedApd?

For example:

def restriction(smtpSessionData, ldapRecipientLdif, logger, **kargs):
    sender = smtpSessionData.get('sender').lower()

    if sender == 'trusted-user@mydomain.com':
        return SMTP_ACTIONS['accept']

    return 'DUNNO'

Would that work?

Best,
Achim

4

Re: disable reject_sender_login_mismatch for only one user

Wow, almost succeeded. It should be like below:

"""Reject sender login mismatch (sender in mail header and SASL username)."""

from libs import SMTP_ACTIONS

def restriction(smtpSessionData, logger, *args, **kargs):
    # The sender appears in 'From:' header.
    sender = smtpSessionData.get('sender').lower()

    # Username used to perform SMTP auth
    sasl_username = smtpSessionData.get('sasl_username', '').lower()

    if sasl_username:    # Is a outgoing email
        # Compare them
        if sender != sasl_username:
            if sasl_username == 'trusted-user@mydomain.com':
                return SMTP_ACTIONS['default']
            else:
                # Reject without reason.
                #return SMTP_ACTIONS['reject']

                # Reject with reason.
                # There must be a space between smtp action and reason text.
                #return SMTP_ACTIONS['reject'] + ' ' + 'Sender login mismatch.'

                # Log message without reject.
                logger.info('Sender login mismatch.')

    return SMTP_ACTIONS['default']

Notes:

*) It's better to test this plugin first. For example, use SMTP_ACTIONS['default'] with some text to make sure it correctly matches. You will find the final action in iRedAPD log file, /var/log/iredapd.log.

*) In upcoming release of iRedAPD, v1.4.0, you have to slightly rewrite this plugin. But don't worry, it's still simple enough.

5

Re: disable reject_sender_login_mismatch for only one user

ZhangHuangbin wrote:

Wow, almost succeeded. It should be like below:
*) It's better to test this plugin first. For example, use SMTP_ACTIONS['default'] with some text to make sure it correctly matches. You will find the final action in iRedAPD log file, /var/log/iredapd.log.

*) In upcoming release of iRedAPD, v1.4.0, you have to slightly rewrite this plugin. But don't worry, it's still simple enough.

Thank you! This looks great!

I added the new plugin to the

/opt/iRedAPD-1.3.8/etc/iredapd.ini

file

...
plugins = ldap_maillist_access_policy, block_amavisd_blacklisted_senders, reject_sender_login_mismatch
...

and it seems to load it:

2013-03-01 14:18:07 INFO Starting iredapd (v1.3.8, ldap). Enabled plugin(s): ldap_maillist_access_policy, block_amavisd_blacklisted_senders, reject_sender_login_mismatch. Listening on 127.0.0.1:7777.

but unfortunately it is not working and probably never called (it does no logging).

Mar  1 14:27:15 mail postfix/smtpd[6275]: connect from xxx1.domain.net[IP HERE]
Mar  1 14:27:15 mail postfix/smtpd[6275]: NOQUEUE: reject: RCPT from xxx1.domain.net[IP HERE]: 553 5.7.1 <want-to-use-email-address@domain.net>: Sender address rejected: not owned by user noreply@domain.net from=<want-to-use-email-address@domain.net> to=<just-a-test@gmail.com> proto=ESMTP helo=<xxx1.domain.net>
Mar  1 14:27:15 mail postfix/smtpd[6275]: lost connection after RCPT from xxx1.domain.net[IP HERE]
Mar  1 14:27:15 mail postfix/smtpd[6275]: disconnect from xxx1.domain.net[IP HERE]

xxx1.domain.net is one of our servers using the iredmail mailserver as a smarthost.

Thank you so much!

Best,
Achim

PS: Maybe this would be a nice feature for upcoming releases, configurable by iredadminpro and/or ldap/mysql backend. smile

6

Re: disable reject_sender_login_mismatch for only one user

Hi Achim,

Sorry about this. I updated the code in my first post, could you please try again?

*) It logs message "Sender login mismatch" (in /var/log/iredapd.log) instead of reject it.
*) Please set "log_level = debug" in /opt/iredapd/etc/iredapd.ini, restart iRedAPD service, and try again. paste related log in /var/log/iredapd.log here to help troubleshooting.

aemaething wrote:

PS: Maybe this would be a nice feature for upcoming releases, configurable by iredadminpro and/or ldap/mysql backend.

Maybe. Let's make it work first. smile

7 (edited by aemaething 2013-03-01 22:36:00)

Re: disable reject_sender_login_mismatch for only one user

ZhangHuangbin wrote:

Hi Achim,

Sorry about this. I updated the code in my first post, could you please try again?

Check!

ZhangHuangbin wrote:

*) It logs message "Sender login mismatch" (in /var/log/iredapd.log) instead of reject it.
*) Please set "log_level = debug" in /opt/iredapd/etc/iredapd.ini, restart iRedAPD service, and try again. paste related log in /var/log/iredapd.log here to help troubleshooting.


Hi,

hm... I can't find any appropriate messages in the /var/log/iredapd.log file.

2013-03-01 15:31:05 INFO Starting iredapd (v1.3.8, ldap). Enabled plugin(s): ldap_maillist_access_policy, block_amavisd_blacklisted_senders, reject_sender_login_mismatch. Listening on 127.0.0.1:7777.
2013-03-01 15:31:05 DEBUG Forking first child.
2013-03-01 15:31:05 DEBUG Creating new session
2013-03-01 15:31:05 DEBUG Forking second child.
2013-03-01 15:31:05 DEBUG Setting umask
2013-03-01 15:31:05 DEBUG Changing working directory to "/"
2013-03-01 15:31:05 DEBUG Redirecting file descriptors

That's all.

Thank you!

Best,
Achim

PS: I also added this line in top of the plugin:

PLUGIN_NAME = 'reject_sender_login_mismatch'

8

Re: disable reject_sender_login_mismatch for only one user

aemaething wrote:

hm... I can't find any appropriate messages in the /var/log/iredapd.log file.

Did you send one more test email? I tested this plugin, and it works for me here.

aemaething wrote:

PS: I also added this line in top of the plugin:

PLUGIN_NAME = 'reject_sender_login_mismatch'

it's not necessary since you don't use it in plugin.

9 (edited by aemaething 2013-03-01 23:01:14)

Re: disable reject_sender_login_mismatch for only one user

ZhangHuangbin wrote:
aemaething wrote:

hm... I can't find any appropriate messages in the /var/log/iredapd.log file.

Did you send one more test email? I tested this plugin, and it works for me here.

Yes, I did. I found  the

ender address rejected: not owned by user noreply@...

message in the /var/log/mail.log file but no entries in /var/log/iredapd.log


Best,
Achim

PS:

I tried:

echo "body" | mail -s "demo" -r <wannabe@domain.net> <external recipient@domain.com>

to test it (all email from this machine is sent by noreply@domain.net due to local postfix configuration.

10

Re: disable reject_sender_login_mismatch for only one user

You have to remove "reject_sender_login_mismatch" in Postfix main.cf, then try again.

- "reject_sender_login_mismatch" in Postfix will apply to all outgoing emails.
- After remove "reject_sender_login_mismatch" in Postfix, we do it in this new plugin.

11

Re: disable reject_sender_login_mismatch for only one user

Ah,

now it works - but for every user. wink

Maybe the checks are performed in the wrong order?

Best,
Achim

12

Re: disable reject_sender_login_mismatch for only one user

*) Could you please paste content of plugin file "sender_login_mismatch.py" here?
*) Please set "log_level = debug" in /opt/iredapd/etc/iredapd.ini, restart iRedAPD service, then try again and paste related log (full log of this testing email) here. We need to check the debug log.

13

Re: disable reject_sender_login_mismatch for only one user

ZhangHuangbin wrote:

*) Could you please paste content of plugin file "sender_login_mismatch.py" here?
*) Please set "log_level = debug" in /opt/iredapd/etc/iredapd.ini, restart iRedAPD service, then try again and paste related log (full log of this testing email) here. We need to check the debug log.


OK.

"""Reject sender login mismatch (sender in mail header and SASL username)."""

from libs import SMTP_ACTIONS

PLUGIN_NAME = 'reject_sender_login_mismatch'

def restriction(smtpSessionData, logger, *args, **kargs):
    # The sender appears in 'From:' header.
    sender = smtpSessionData.get('sender').lower()

    # Username used to perform SMTP auth
    sasl_username = smtpSessionData.get('sasl_username', '').lower()

    if sasl_username:    # Is a outgoing email
        # Compare them
        if sender != sasl_username:
            if sasl_username == 'noreply@domain.net':
                return SMTP_ACTIONS['default']
            else:
                # Reject without reason.
                #return SMTP_ACTIONS['reject']

                # Reject with reason.
                # There must be a space between smtp action and reason text.
                #return SMTP_ACTIONS['reject'] + ' ' + 'Sender login mismatch.'

                # Log message without reject.
                logger.info('Sender login mismatch.')

    return SMTP_ACTIONS['default']

And here you see, it was not the "noreply..." user who sents the mail successfully.

2013-03-01 16:34:54 DEBUG Connect from 127.0.0.1, port 60475.
2013-03-01 16:34:54 DEBUG smtp session: request=smtpd_access_policy
2013-03-01 16:34:54 DEBUG smtp session: protocol_state=RCPT
2013-03-01 16:34:54 DEBUG smtp session: protocol_name=ESMTP
2013-03-01 16:34:54 DEBUG smtp session: client_address=xxx.xxx.xxx.xxx
2013-03-01 16:34:54 DEBUG smtp session: client_name=server_1.domain.net
2013-03-01 16:34:54 DEBUG smtp session: reverse_client_name=server_1.domain.net
2013-03-01 16:34:54 DEBUG smtp session: helo_name=server_1.domain.net
2013-03-01 16:34:54 DEBUG smtp session: sender=<wannabe>@domain.net
2013-03-01 16:34:54 DEBUG smtp session: recipient=<external-recipient>@elsewhere.com
2013-03-01 16:34:54 DEBUG smtp session: recipient_count=0
2013-03-01 16:34:54 DEBUG smtp session: queue_id=
2013-03-01 16:34:54 DEBUG smtp session: instance=1f51.5130ca9e.b061.0
2013-03-01 16:34:54 DEBUG smtp session: size=444
2013-03-01 16:34:54 DEBUG smtp session: etrn_domain=
2013-03-01 16:34:54 DEBUG smtp session: stress=
2013-03-01 16:34:54 DEBUG smtp session: sasl_method=PLAIN
2013-03-01 16:34:54 DEBUG smtp session: sasl_username=bugzilla@domain.net
2013-03-01 16:34:54 DEBUG smtp session: sasl_sender=
2013-03-01 16:34:54 DEBUG smtp session: ccert_subject=
2013-03-01 16:34:54 DEBUG smtp session: ccert_issuer=
2013-03-01 16:34:54 DEBUG smtp session: ccert_fingerprint=
2013-03-01 16:34:54 DEBUG smtp session: ccert_pubkey_fingerprint=
2013-03-01 16:34:54 DEBUG smtp session: encryption_protocol=
2013-03-01 16:34:54 DEBUG smtp session: encryption_cipher=
2013-03-01 16:34:54 DEBUG smtp session: encryption_keysize=0
2013-03-01 16:34:54 DEBUG LDAP connection initialied success.
2013-03-01 16:34:54 DEBUG LDAP bind success.
2013-03-01 16:34:54 DEBUG __get_recipient_dn_ldif (recipient): external-recipient@elsewhere.com
2013-03-01 16:34:54 DEBUG __get_recipient_dn_ldif (ldap query filter): (&(|(mail=external-recipient@elsewhere.com)(shadowAddress=external-recipient@elsewhere.com))(|(objectClass=mailUser)(objectClass=mailList)(objectClass=mailAlias)))
2013-03-01 16:34:54 DEBUG __get_recipient_dn_ldif: Can not find recipient in LDAP server.
2013-03-01 16:34:54 DEBUG Recipient DN or LDIF is None.
2013-03-01 16:34:54 DEBUG Final action: DUNNO.
2013-03-01 16:34:54 INFO [78.47.216.226] <wannabe>@domain.net -> <external-recipient>@elsewhere.com, DUNNO
2013-03-01 16:34:54 DEBUG Connection closed
2013-03-01 16:34:54 DEBUG Close LDAP connection.

14

Re: disable reject_sender_login_mismatch for only one user

i cannot see plugin action in iRedAPD log at all. Do you have this plugin enabled in /opt/iredapd/etc/iredapd.ini?

15

Re: disable reject_sender_login_mismatch for only one user

ZhangHuangbin wrote:

i cannot see plugin action in iRedAPD log at all. Do you have this plugin enabled in /opt/iredapd/etc/iredapd.ini?

Ups, sorry. Shame on me.
Once again:

2013-03-01 17:06:49 INFO Starting iredapd (v1.3.8, ldap). Enabled plugin(s): ldap_maillist_access_policy, block_amavisd_blacklisted_senders, reject_sender_login_mismatch. Listening on 127.0.0.1:7777.
2013-03-01 17:06:49 DEBUG Forking first child.
2013-03-01 17:06:49 DEBUG Creating new session
2013-03-01 17:06:49 DEBUG Forking second child.
2013-03-01 17:06:49 DEBUG Setting umask
2013-03-01 17:06:49 DEBUG Changing working directory to "/"
2013-03-01 17:06:49 DEBUG Redirecting file descriptors
 2013-03-01 17:07:02 DEBUG Connect from 127.0.0.1, port 60621.
2013-03-01 17:07:02 DEBUG smtp session: request=smtpd_access_policy
2013-03-01 17:07:02 DEBUG smtp session: protocol_state=RCPT
2013-03-01 17:07:02 DEBUG smtp session: protocol_name=ESMTP
2013-03-01 17:07:02 DEBUG smtp session: client_address=xxx.xxx.xxx.xxx
2013-03-01 17:07:02 DEBUG smtp session: client_name=server_1.domain.net
2013-03-01 17:07:02 DEBUG smtp session: reverse_client_name=server_1.domain.net
2013-03-01 17:07:02 DEBUG smtp session: helo_name=server_1.domain.net
2013-03-01 17:07:02 DEBUG smtp session: sender=wannabe@domain.net
2013-03-01 17:07:02 DEBUG smtp session: recipient=external-recipient@elsewhere.com
2013-03-01 17:07:02 DEBUG smtp session: recipient_count=0
2013-03-01 17:07:02 DEBUG smtp session: queue_id=
2013-03-01 17:07:02 DEBUG smtp session: instance=2215.5130d226.1d14b.0
2013-03-01 17:07:02 DEBUG smtp session: size=437
2013-03-01 17:07:02 DEBUG smtp session: etrn_domain=
2013-03-01 17:07:02 DEBUG smtp session: stress=
2013-03-01 17:07:02 DEBUG smtp session: sasl_method=PLAIN
2013-03-01 17:07:02 DEBUG smtp session: sasl_username=bugzilla@domain.net
2013-03-01 17:07:02 DEBUG smtp session: sasl_sender=
2013-03-01 17:07:02 DEBUG smtp session: ccert_subject=
2013-03-01 17:07:02 DEBUG smtp session: ccert_issuer=
2013-03-01 17:07:02 DEBUG smtp session: ccert_fingerprint=
2013-03-01 17:07:02 DEBUG smtp session: ccert_pubkey_fingerprint=
2013-03-01 17:07:02 DEBUG smtp session: encryption_protocol=
2013-03-01 17:07:02 DEBUG smtp session: encryption_cipher=
2013-03-01 17:07:02 DEBUG smtp session: encryption_keysize=0
2013-03-01 17:07:02 DEBUG LDAP connection initialied success.
2013-03-01 17:07:02 DEBUG LDAP bind success.
2013-03-01 17:07:02 DEBUG __get_recipient_dn_ldif (recipient): external-recipient@elsewhere.com
2013-03-01 17:07:02 DEBUG __get_recipient_dn_ldif (ldap query filter): (&(|(mail=external-recipient@elsewhere.com)(shadowAddress=external-recipient@elsewhere.com))(|(objectClass=mailUser)(objectClass=mailList)(objectClass=mailAlias)))
2013-03-01 17:07:02 DEBUG __get_recipient_dn_ldif: Can not find recipient in LDAP server.
2013-03-01 17:07:02 DEBUG Recipient DN or LDIF is None.
2013-03-01 17:07:02 DEBUG Final action: DUNNO.
2013-03-01 17:07:02 INFO [78.47.216.226] wannabe@domain.net -> external-recipient@elsewhere.com, DUNNO
2013-03-01 17:07:02 DEBUG Connection closed
2013-03-01 17:07:02 DEBUG Close LDAP connection.

Best,
Achim


PS reject_sender_login_mismatch is still removed on mailservers postfix

16

Re: disable reject_sender_login_mismatch for only one user

Hmm, bug in iRedAPD-1.3.8. Please find below lines in /opt/iredapd/libs/ldaplib.py (about line 209 to 212):

                # Return if recipient account doesn't exist.
                if recipientDn is None or recipientLdif is None:
                    self.logger.debug('Recipient DN or LDIF is None.')
                    return SMTP_ACTIONS['default']

Comment out them by prepending a '#' in each line:

                # Return if recipient account doesn't exist.
                #if recipientDn is None or recipientLdif is None:
                #    self.logger.debug('Recipient DN or LDIF is None.')
                #    return SMTP_ACTIONS['default']

Restart iRedAPD and try again.

P.S. We use two iRedAPD instances in iRedAPD-1.3.8 and earlier versions, one (iredapd.py) for sender restrictions, another one (iredapd-rr.py) for recipient restrictions.This is a stupid (yes, stupid me) design since first release (iRedAPD-1.0, 01/2010), because Postfix already identities each SMTP session states with "protocol_state=" (http://www.postfix.org/SMTPD_POLICY_REA … l#protocol).

Fortunately (actually, shame on me), this was fixed in upcoming release, iRedAPD-1.4.0.

17

Re: disable reject_sender_login_mismatch for only one user

ZhangHuangbin wrote:

Hmm, bug in iRedAPD-1.3.8. Please find below lines in /opt/iredapd/libs/ldaplib.py (about line 209 to 212):

                # Return if recipient account doesn't exist.
                if recipientDn is None or recipientLdif is None:
                    self.logger.debug('Recipient DN or LDIF is None.')
                    return SMTP_ACTIONS['default']

Comment out them by prepending a '#' in each line:

Check!

New log:

2013-03-01 18:45:49 DEBUG Connect from 127.0.0.1, port 60824.
2013-03-01 18:45:49 DEBUG smtp session: request=smtpd_access_policy
2013-03-01 18:45:49 DEBUG smtp session: protocol_state=RCPT
2013-03-01 18:45:49 DEBUG smtp session: protocol_name=ESMTP
2013-03-01 18:45:49 DEBUG smtp session: client_address=xxx.xxx.xxx.xxx
2013-03-01 18:45:49 DEBUG smtp session: client_name=server_1.domain.net
2013-03-01 18:45:49 DEBUG smtp session: reverse_client_name=server_1.domain.net
2013-03-01 18:45:49 DEBUG smtp session: helo_name=server_1.domain.net
2013-03-01 18:45:49 DEBUG smtp session: sender=wannabe@domain.net
2013-03-01 18:45:49 DEBUG smtp session: recipient=recipient@domainx.net
2013-03-01 18:45:49 DEBUG smtp session: recipient_count=0
2013-03-01 18:45:49 DEBUG smtp session: queue_id=
2013-03-01 18:45:49 DEBUG smtp session: instance=255f.5130e94d.2c6b5.0
2013-03-01 18:45:49 DEBUG smtp session: size=437
2013-03-01 18:45:49 DEBUG smtp session: etrn_domain=
2013-03-01 18:45:49 DEBUG smtp session: stress=
2013-03-01 18:45:49 DEBUG smtp session: sasl_method=PLAIN
2013-03-01 18:45:49 DEBUG smtp session: sasl_username=bugzilla@domain.net
2013-03-01 18:45:49 DEBUG smtp session: sasl_sender=
2013-03-01 18:45:49 DEBUG smtp session: ccert_subject=
2013-03-01 18:45:49 DEBUG smtp session: ccert_issuer=
2013-03-01 18:45:49 DEBUG smtp session: ccert_fingerprint=
2013-03-01 18:45:49 DEBUG smtp session: ccert_pubkey_fingerprint=
2013-03-01 18:45:49 DEBUG smtp session: encryption_protocol=
2013-03-01 18:45:49 DEBUG smtp session: encryption_cipher=
2013-03-01 18:45:49 DEBUG smtp session: encryption_keysize=0
2013-03-01 18:45:49 DEBUG LDAP connection initialied success.
2013-03-01 18:45:49 DEBUG LDAP bind success.
2013-03-01 18:45:49 DEBUG __get_recipient_dn_ldif (recipient): recipient@domainx.net
2013-03-01 18:45:49 DEBUG __get_recipient_dn_ldif (ldap query filter): (&(|(mail=recipient@domainx.net)(shadowAddress=recipient@domainx.net))(|(objectClass=mailUser)(objectClass=mailList)(objectClass=mailAlias)))
2013-03-01 18:45:49 DEBUG __get_recipient_dn_ldif: Can not find recipient in LDAP server.
2013-03-01 18:45:49 DEBUG Apply plugin (ldap_maillist_access_policy).
2013-03-01 18:45:49 DEBUG Error while apply plugin (<module 'ldap_maillist_access_policy' from '/opt/iredapd/src/plugins/ldap_maillist_access_policy.pyc'>): 'NoneType' object has no attribute '__getitem__'
2013-03-01 18:45:49 DEBUG Apply plugin (block_amavisd_blacklisted_senders).
2013-03-01 18:45:49 DEBUG Error while apply plugin (<module 'block_amavisd_blacklisted_senders' from '/opt/iredapd/src/plugins/block_amavisd_blacklisted_senders.pyc'>): 'NoneType' object has no attribute 'get'
2013-03-01 18:45:49 DEBUG Apply plugin (reject_sender_login_mismatch).
2013-03-01 18:45:49 INFO Sender login mismatch.
2013-03-01 18:45:49 DEBUG Response from plugin (reject_sender_login_mismatch): DUNNO
2013-03-01 18:45:49 DEBUG Final action: None.
2013-03-01 18:45:49 INFO [78.47.216.226] wannabe@domain.net -> recipient@domainx.net, DUNNO
2013-03-01 18:45:49 DEBUG Connection closed
2013-03-01 18:45:49 DEBUG Close LDAP connection.

Now there is an error inside the python stuff.
On top: It is still possible to "cheat" sender address by any user.


ZhangHuangbin wrote:

... this was fixed in upcoming release, iRedAPD-1.4.0.

Can't wait to see it!! smile

18

Re: disable reject_sender_login_mismatch for only one user

Maybe, it'll be easier to wait for release 1.4.0?

No problem for us. smile

Best,
Achim

19

Re: disable reject_sender_login_mismatch for only one user

Oh, iRedAPD-1.4.0 is ready for your use, the upcoming iRedMail-0.8.4 ships it.
Get it here: https://bitbucket.org/zhb/iredapd/

Note: Config file is now a Python file, not ini format.

20

Re: disable reject_sender_login_mismatch for only one user

Thank you very much,

but I think I'll wait for the update instructions you're
hopefully going to relase with the upcoming iRedMail-0.8.4.

Best,
Achim

21

Re: disable reject_sender_login_mismatch for only one user

Hi Achim,

You can install iRedAPD-1.4.0 by following NEW installation guide:
https://bitbucket.org/zhb/iredapd/src/d … at=default

22

Re: disable reject_sender_login_mismatch for only one user

ZhangHuangbin wrote:

Hi Achim,

You can install iRedAPD-1.4.0 by following NEW installation guide:
https://bitbucket.org/zhb/iredapd/src/d … at=default

Sounds great.
I will try to update to 1.4.0 smile


Thanks!!

23

Re: disable reject_sender_login_mismatch for only one user

OK, now that 1.4.0 is up and running (thanks again), may we proceed here?

Best,
Achim

24

Re: disable reject_sender_login_mismatch for only one user

Hi Achim, could you please check my post here: http://www.iredmail.org/forum/post20704.html#p20704
I will post the plugin working with iRedAPD-1.4.0 later.

25

Re: disable reject_sender_login_mismatch for only one user

Here's plugin for iRedAPD-1.4.0, please save it as file /opt/iredapd/plugins/sender_login_mismatch.py, and enable this plugin in /opt/iredapd/settings.py (parameter "plugins =").

"""Reject sender login mismatch (sender in mail header and SASL username)."""

import logging
from libs import SMTP_ACTIONS

REQUIRE_LOCAL_SENDER = False
REQUIRE_LOCAL_RECIPIENT = False
SENDER_SEARCH_ATTRLIST = []
RECIPIENT_SEARCH_ATTRLIST = []

# Allow sender login mismatch for below senders.
ALLOWED_SENDERS = []

def restriction(**kwargs):
    # The sender appears in 'From:' header.
    sender = kwargs['sender']

    # Username used to perform SMTP auth
    sasl_username = kwargs['smtp_session_data'].get('sasl_username', '').lower()

    logging.debug('Sender: %s, SASL username: %s' % (sender, sasl_username))

    if sasl_username:    # Is a outgoing email
        # Compare them
        if sender != sasl_username:
            if sasl_username in ALLOWED_SENDERS:
                return SMTP_ACTIONS['default']
            else:
                # Reject without reason.
                #return SMTP_ACTIONS['reject']

                # Reject with reason.
                # There must be a space between smtp action and reason text.
                #return SMTP_ACTIONS['reject'] + ' ' + 'Sender login mismatch.'

                # Log message without reject.
                logging.info('Sender login mismatch.')

    return SMTP_ACTIONS['default']